From 56557cadc813f682dcaad8fe30cf345b71f951ee Mon Sep 17 00:00:00 2001 From: Sofia Boldyreva Date: Mon, 20 Jan 2025 21:45:29 +0100 Subject: [PATCH] Initial setup --- config.yaml | 20 ++ files/almalinux_bugtracker.patch | 23 ++ files/dnf-keyring-support-multiple-keys.patch | 228 ++++++++++++++++++ 3 files changed, 271 insertions(+) create mode 100644 config.yaml create mode 100644 files/almalinux_bugtracker.patch create mode 100644 files/dnf-keyring-support-multiple-keys.patch diff --git a/config.yaml b/config.yaml new file mode 100644 index 0000000..80b3132 --- /dev/null +++ b/config.yaml @@ -0,0 +1,20 @@ +actions: + + - modify_release: + - suffix: ".alma.1" + enabled: true + + - changelog_entry: + - name: "Eduard Abdullin" + email: "eabdullin@almalinux.org" + line: + - "Added patch for almalinux bugtracker" + - "Added patch to support multiple keys" + + - add_files: + - type: "patch" + name: "almalinux_bugtracker.patch" + number: 10001 + - type: "patch" + name: "dnf-keyring-support-multiple-keys.patch" + number: 10002 diff --git a/files/almalinux_bugtracker.patch b/files/almalinux_bugtracker.patch new file mode 100644 index 0000000..8ccc2c7 --- /dev/null +++ b/files/almalinux_bugtracker.patch @@ -0,0 +1,23 @@ +diff -aruN libdnf-0.63.0/docs/hawkey/conf.py libdnf-0.63.0_alma/docs/hawkey/conf.py +--- libdnf-0.63.0/docs/hawkey/conf.py 2021-05-18 17:07:23.000000000 +0300 ++++ libdnf-0.63.0_alma/docs/hawkey/conf.py 2021-12-30 11:03:39.179244600 +0300 +@@ -260,6 +260,6 @@ + rst_prolog = """ + .. default-domain:: py + .. _libsolv: https://github.com/openSUSE/libsolv +-.. _bugzilla: https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=hawkey ++.. _bugzilla: https://bugs.almalinux.org/ + + """ +diff -aruN libdnf-0.63.0/libdnf/conf/Const.hpp libdnf-0.63.0_alma/libdnf/conf/Const.hpp +--- libdnf-0.63.0/libdnf/conf/Const.hpp 2021-05-18 17:07:23.000000000 +0300 ++++ libdnf-0.63.0_alma/libdnf/conf/Const.hpp 2021-12-30 11:03:47.004789800 +0300 +@@ -41,7 +41,7 @@ + "installonlypkg(vm)", + "multiversion(kernel)"}; + +-constexpr const char * BUGTRACKER="https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=dnf"; ++constexpr const char * BUGTRACKER="https://bugs.almalinux.org/"; + + } + diff --git a/files/dnf-keyring-support-multiple-keys.patch b/files/dnf-keyring-support-multiple-keys.patch new file mode 100644 index 0000000..1c425df --- /dev/null +++ b/files/dnf-keyring-support-multiple-keys.patch @@ -0,0 +1,228 @@ +From 5b87a29c78fe7b3fce8ac167a1a650449d25f54c Mon Sep 17 00:00:00 2001 +From: Dmitriy Popov +Date: Wed, 1 May 2024 23:16:47 +0300 +Subject: [PATCH] dnf-keyring-support-multiple-keys + +Since it is known from the bug (and practically proven) that "rpm --import" +is capable of supporting multiple containers in one file, unlike the internal +implementation, due to the need to globally rewrite the structure of parameters. + +https://github.com/rpm-software-management/rpm/pull/2242 +"This does not affect rpmkeys --import because it explicitly checks +for multiple PGPTAG_PUBLIC_KEY packets and imports them separately" + +The patch implies the logic of the cli rpmcliImportPubkeys +in dnf_keyring_add_public_key, except that instead of direct import, +it continues to expand the keyring as before, and then imports it, +making this change atomic. + +Signed-off-by: Dmitriy Popov +--- + libdnf/dnf-keyring.cpp | 167 +++++++++++++++++++++++------------------ + 1 file changed, 96 insertions(+), 71 deletions(-) + +diff --git a/libdnf/dnf-keyring.cpp b/libdnf/dnf-keyring.cpp +index 62a6248..f4afd35 100644 +--- a/libdnf/dnf-keyring.cpp ++++ b/libdnf/dnf-keyring.cpp +@@ -62,13 +62,16 @@ dnf_keyring_add_public_key(rpmKeyring keyring, + gboolean ret = TRUE; + int rc; + gsize len; +- pgpArmor armor; + pgpDig dig = NULL; + rpmPubkey pubkey = NULL; + rpmPubkey *subkeys = NULL; + int nsubkeys = 0; + uint8_t *pkt = NULL; + g_autofree gchar *data = NULL; ++ char const * const pgpmark = "-----BEGIN PGP "; ++ size_t marklen = strlen(pgpmark); ++ int keyno = 1; ++ char *start = NULL; + + /* ignore symlinks and directories */ + if (!g_file_test(filename, G_FILE_TEST_IS_REGULAR)) +@@ -81,79 +84,99 @@ dnf_keyring_add_public_key(rpmKeyring keyring, + if (!ret) + goto out; + +- /* rip off the ASCII armor and parse it */ +- armor = pgpParsePkts(data, &pkt, &len); +- if (armor < 0) { +- ret = FALSE; +- g_set_error(error, +- DNF_ERROR, +- DNF_ERROR_GPG_SIGNATURE_INVALID, +- "failed to parse PKI file %s", +- filename); +- goto out; +- } +- +- /* make sure it's something we can add to rpm */ +- if (armor != PGPARMOR_PUBKEY) { +- ret = FALSE; +- g_set_error(error, +- DNF_ERROR, +- DNF_ERROR_GPG_SIGNATURE_INVALID, +- "PKI file %s is not a public key", +- filename); +- goto out; +- } ++ start = strstr(data, pgpmark); + +- /* test each one */ +- pubkey = rpmPubkeyNew(pkt, len); +- if (pubkey == NULL) { +- ret = FALSE; +- g_set_error(error, +- DNF_ERROR, +- DNF_ERROR_GPG_SIGNATURE_INVALID, +- "failed to parse public key for %s", +- filename); +- goto out; +- } +- +- /* does the key exist in the keyring */ +- dig = rpmPubkeyDig(pubkey); +- rc = rpmKeyringLookup(keyring, dig); +- if (rc == RPMRC_OK) { +- ret = TRUE; +- g_debug("%s is already present", filename); +- goto out; +- } ++ do { ++ uint8_t *pkt = NULL; ++ uint8_t *pkti = NULL; ++ size_t pktlen = 0; ++ size_t certlen; ++ ++ /* Read pgp packet. */ ++ if (pgpParsePkts(start, &pkt, &pktlen) == PGPARMOR_PUBKEY) { ++ pkti = pkt; ++ ++ /* Iterate over certificates in pkt */ ++ while (pktlen > 0) { ++ if (pgpPubKeyCertLen(pkti, pktlen, &certlen)) { ++ g_debug("%s: key %d import failed.\n", filename, keyno); ++ break; ++ } ++ ++ /* test each one */ ++ pubkey = rpmPubkeyNew(pkti, certlen); ++ if (pubkey == NULL) { ++ ret = FALSE; ++ g_set_error(error, ++ DNF_ERROR, ++ DNF_ERROR_GPG_SIGNATURE_INVALID, ++ "failed to parse public key for %s", ++ filename); ++ goto out; ++ } ++ ++ /* add to in-memory keyring */ ++ rc = rpmKeyringAddKey(keyring, pubkey); ++ if (rc == 1) { ++ ret = TRUE; ++ g_debug("%s is already added", filename); ++ goto out; ++ } else if (rc < 0) { ++ ret = FALSE; ++ g_set_error(error, ++ DNF_ERROR, ++ DNF_ERROR_GPG_SIGNATURE_INVALID, ++ "failed to add public key %s to rpmdb", ++ filename); ++ goto out; ++ } ++ ++ subkeys = rpmGetSubkeys(pubkey, &nsubkeys); ++ for (int i = 0; i < nsubkeys; i++) { ++ rpmPubkey subkey = subkeys[i]; ++ if (rpmKeyringAddKey(keyring, subkey) < 0) { ++ ret = FALSE; ++ g_set_error(error, ++ DNF_ERROR, ++ DNF_ERROR_GPG_SIGNATURE_INVALID, ++ "failed to add subkeys for %s to rpmdb", ++ filename); ++ goto out; ++ } ++ } ++ ++ pkti += certlen; ++ pktlen -= certlen; ++ } ++ } else { ++ g_debug("%s: key %d not an armored public key.\n", filename, keyno); ++ } + +- /* add to rpmdb automatically, without a prompt */ +- rc = rpmKeyringAddKey(keyring, pubkey); +- if (rc == 1) { +- ret = TRUE; +- g_debug("%s is already added", filename); +- goto out; +- } else if (rc < 0) { +- ret = FALSE; +- g_set_error(error, +- DNF_ERROR, +- DNF_ERROR_GPG_SIGNATURE_INVALID, +- "failed to add public key %s to rpmdb", +- filename); +- goto out; +- } ++ /* See if there are more keys in the buffer */ ++ if (start && start + marklen < data + len) { ++ start = strstr(start + marklen, pgpmark); ++ } else { ++ start = NULL; ++ } + +- subkeys = rpmGetSubkeys(pubkey, &nsubkeys); +- for (int i = 0; i < nsubkeys; i++) { +- rpmPubkey subkey = subkeys[i]; +- if (rpmKeyringAddKey(keyring, subkey) < 0) { +- ret = FALSE; +- g_set_error(error, +- DNF_ERROR, +- DNF_ERROR_GPG_SIGNATURE_INVALID, +- "failed to add subkeys for %s to rpmdb", +- filename); +- goto out; ++ keyno++; ++ if (pkt != NULL) ++ free(pkt); /* yes, free() */ ++ pkt = NULL; ++ if (pubkey != NULL) ++ rpmPubkeyFree(pubkey); ++ pubkey = NULL; ++ if (subkeys != NULL) { ++ for (int i = 0; i < nsubkeys; i++) { ++ if (subkeys[i] != NULL) { ++ rpmPubkeyFree (subkeys[i]); ++ subkeys[i] = NULL; ++ } ++ } ++ free (subkeys); ++ subkeys = NULL; + } +- } ++ } while (start != NULL); + + /* success */ + g_debug("added missing public key %s to rpmdb", filename); +@@ -165,7 +188,9 @@ out: + rpmPubkeyFree(pubkey); + if (subkeys != NULL) { + for (int i = 0; i < nsubkeys; i++) { +- rpmPubkeyFree(subkeys[i]); ++ if (subkeys[i] != NULL) { ++ rpmPubkeyFree (subkeys[i]); ++ } + } + free(subkeys); + } +-- +2.34.1 +