Disable debuginfod-urls

2025-09-15 11:55:39 +00:00 · 2025-09-15 11:55:39 +00:00 · 7509bca6f0
commit 7509bca6f0
parent deacb44555 6863c61e1f
4 changed files with 129 additions and 15 deletions
--- a/.elfutils.metadata
+++ b/.elfutils.metadata
@ -1 +1 @@
-651aa2b7390aeba178be2ceefd4c2eb42e783e97 SOURCES/elfutils-0.191.tar.bz2
+340db874ab6636128b86018bfcd7ce70036df4b7 SOURCES/elfutils-0.193.tar.bz2
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/elfutils-0.191.tar.bz2
+SOURCES/elfutils-0.193.tar.bz2
--- a/SOURCES/elfutils-0.192-skip-ima-test.patch
+++ b/SOURCES/elfutils-0.192-skip-ima-test.patch
@ -0,0 +1,48 @@
+From 36bd0ffe72f63a187902679823dfd50510bf7300 Mon Sep 17 00:00:00 2001
+From: Aaron Merey <amerey@redhat.com>
+Date: Fri, 13 Dec 2024 11:14:39 -0500
+Subject: [PATCH] run-debuginfod-ima-verification.sh: Skip test 4
+
+Test 4 requires `rpmsign --delfilesign` to remove IMA signatures.
+RHEL 9 rpmsign does not currently support delfilesign, so skip this
+test for now.
+---
+ tests/run-debuginfod-ima-verification.sh | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/tests/run-debuginfod-ima-verification.sh b/tests/run-debuginfod-ima-verification.sh
+index d582af5f..a5e6eeb2 100755
+--- a/tests/run-debuginfod-ima-verification.sh
+++ b/tests/run-debuginfod-ima-verification.sh
+@@ -127,17 +127,17 @@ RC=0
+ testrun ${abs_top_builddir}/debuginfod/debuginfod-find executable $RPM_BUILDID || RC=1
+ test $RC -ne 0
+ 
+-echo Test 4: A rpm without a signature will fail
+-cp signed.rpm R/signed.rpm
+-rpmsign --delfilesign R/signed.rpm
+-rm -rf $DEBUGINFOD_CACHE_PATH # clean it from previous tests
+-kill -USR1 $PID1
+-wait_ready $PORT1 'thread_work_total{role="traverse"}' 4
+-wait_ready $PORT1 'thread_work_pending{role="scan"}' 0
+-wait_ready $PORT1 'thread_busy{role="scan"}' 0
+-RC=0
+-testrun ${abs_top_builddir}/debuginfod/debuginfod-find executable $RPM_BUILDID || RC=1
+-test $RC -ne 0
+#echo Test 4: A rpm without a signature will fail
+#cp signed.rpm R/signed.rpm
+#rpmsign --delfilesign R/signed.rpm
+#rm -rf $DEBUGINFOD_CACHE_PATH # clean it from previous tests
+#kill -USR1 $PID1
+#wait_ready $PORT1 'thread_work_total{role="traverse"}' 4
+#wait_ready $PORT1 'thread_work_pending{role="scan"}' 0
+#wait_ready $PORT1 'thread_busy{role="scan"}' 0
+#RC=0
+#testrun ${abs_top_builddir}/debuginfod/debuginfod-find executable $RPM_BUILDID || RC=1
+#test $RC -ne 0
+ 
+ echo Test 5: Only tests 1,2 will result in extracted signature
+ [[ $(curl -s http://127.0.0.1:$PORT1/metrics | grep 'http_responses_total{extra="ima-sigs-extracted"}' | awk '{print $NF}') -eq 2 ]]
+-- 
+2.47.1
+
--- a/SPECS/elfutils.spec
+++ b/SPECS/elfutils.spec
@ -3,8 +3,8 @@
 %bcond_with static

 Name: elfutils
-Version: 0.191
-%global baserelease 4
+Version: 0.193
+%global baserelease 1
 Release: %{baserelease}%{?dist}.alma.1
 URL: http://elfutils.org/
 %global source_url ftp://sourceware.org/pub/elfutils/%{version}/
@ -16,6 +16,13 @@ Summary: A collection of utilities and DSOs to handle ELF files and DWARF data
 # Needed for isa specific Provides and Requires.
 %global depsuffix %{?_isa}%{!?_isa:-%{_arch}}

+# eu-stacktrace currently only supports x86_64
+%ifarch x86_64
+%global enable_stacktrace 1
+%else
+%global enable_stacktrace 0
+%endif
+
 Requires: elfutils-libelf%{depsuffix} = %{version}-%{release}
 Requires: elfutils-libs%{depsuffix} = %{version}-%{release}
 Requires: elfutils-debuginfod-client%{depsuffix} = %{version}-%{release}
@ -39,6 +46,8 @@ BuildRequires: pkgconfig(libmicrohttpd) >= 0.9.33
 BuildRequires: pkgconfig(libcurl) >= 7.29.0
 BuildRequires: pkgconfig(sqlite3) >= 3.7.17
 BuildRequires: pkgconfig(libarchive) >= 3.1.2
+# For debugindod metadata query
+BuildRequires: pkgconfig(json-c) >= 0.11

 # For tests need to bunzip2 test files.
 BuildRequires: bzip2
@ -51,6 +60,17 @@ BuildRequires: curl
 # For run-debuginfod-response-headers.sh test case
 BuildRequires: socat

+# For debuginfod rpm IMA verification
+BuildRequires: rpm-devel
+BuildRequires: ima-evm-utils-devel
+BuildRequires: openssl-devel
+BuildRequires: rpm-sign
+
+# For eu-stacktrace
+%if %{enable_stacktrace}
+BuildRequires: sysprof-capture-devel
+%endif
+
 BuildRequires: automake
 BuildRequires: autoconf
 BuildRequires: gettext-devel
@ -72,6 +92,9 @@ BuildRequires: gettext-devel

 # Patches

+# Skip IMA test not currently supported in RHEL 9.
+Patch1: elfutils-0.192-skip-ima-test.patch
+
 %description
 Elfutils is a collection of utilities, including stack (to show
 backtraces), nm (for listing symbols from object files), size
@ -298,15 +321,16 @@ RPM_OPT_FLAGS="${RPM_OPT_FLAGS} -Wformat"

 trap 'cat config.log' EXIT

-%if 0%{?centos} >= 8
-%if 0%{?almalinux}
-%configure CFLAGS="$RPM_OPT_FLAGS"
-%else
-%configure CFLAGS="$RPM_OPT_FLAGS" --enable-debuginfod-urls=https://debuginfod.centos.org/
+%configure CFLAGS="$RPM_OPT_FLAGS" \
+%if 0%{?centos} >= 8 && !0%{?almalinux}
+--enable-debuginfod-urls=%{dist_debuginfod_url} \
 %endif
-%else
-%configure CFLAGS="$RPM_OPT_FLAGS"
+%if %{enable_stacktrace}
+	--enable-stacktrace \
 %endif
+	--enable-debuginfod \
+	--enable-debuginfod-ima-verification \
+	--enable-debuginfod-ima-cert-path=%{_sysconfdir}/keys/ima
 trap '' EXIT
 %make_build

@ -389,6 +413,9 @@ fi
 %{_bindir}/eu-size
 %{_bindir}/eu-srcfiles
 %{_bindir}/eu-stack
+%if %{enable_stacktrace}
+%{_bindir}/eu-stacktrace
+%endif
 %{_bindir}/eu-strings
 %{_bindir}/eu-strip
 %{_bindir}/eu-unstrip
@ -409,6 +436,7 @@ fi
 %{_includedir}/elfutils/libasm.h
 %{_includedir}/elfutils/libdw.h
 %{_includedir}/elfutils/libdwfl.h
+%{_includedir}/elfutils/libdwfl_stacktrace.h
 %{_includedir}/elfutils/libdwelf.h
 %{_includedir}/elfutils/version.h
 %{_libdir}/libasm.so
@ -433,6 +461,9 @@ fi
 %{_libdir}/libelf.so
 %{_libdir}/pkgconfig/libelf.pc
 %{_mandir}/man3/elf_*.3*
+%{_mandir}/man3/elf32_*.3*
+%{_mandir}/man3/elf64_*.3*
+%{_mandir}/man3/libelf.3*

 %if %{with static}
 %files libelf-devel-static
@ -451,8 +482,10 @@ fi
 %{_mandir}/man1/debuginfod-find.1*
 %{_mandir}/man7/debuginfod*.7*
 %{_sysconfdir}/profile.d/debuginfod.*
-%if !%{?almalinux}
-%if %{?centos} >= 8
+%{_sysconfdir}/debuginfod/*.certpath
+%config(noreplace) %{_datadir}/fish/vendor_conf.d/*
+%if 0%{?centos} >= 8
+%if !0%{?almalinux}
 %{_sysconfdir}/debuginfod/*.urls
 %endif
 %endif
@ -494,8 +527,41 @@ exit 0
 %systemd_postun_with_restart debuginfod.service

 %changelog
-* Wed Oct 09 2024 Eduard Abdullin <eabdullin@almalinux.org> - 0.191-3.alma.1
- Disable url for debuginfod
+* Mon Sep 15 2025 Takuya Wakazono <pastalian@almalinux.org> - 0.193-1.alma.1
+- Disable debuginfod-urls
+
+* Wed Apr 30 2025 Aaron Merey <amerey@redhat.com> - 0.193-1
+- Upgrade to upstream elfutils 0.193
+- Drop upstreamed patches
+  elfutils-0.192-fix-free.patch
+  elfutils-0.192-libelf-static.patch
+  elfutils-0.192-stacktrace-lto.patch
+
+* Fri Mar 14 2025 Aaron Merey <amerey@redhat.com> - 0.192-6
+- Add elfutils-0.192-fix-free.patch
+
+* Jan 15 2025 Aaron Merey <amerey@redhat.com> - 0.192-5
+- Add debuginfod certpath to %files unconditionally
+
+* Jan 15 2025 Aaron Merey <amerey@redhat.com> - 0.192-4
+- NVR Bump.
+
+* Fri Dec 13 2024 Aaron Merey <amerey@redhat.com> - 0.192-3
+- Enable debuginfod IMA verification
+- Add elfutils-0.192-fix-configure-conditional.patch
+- Add elfutils-0.192-skip-ima-test.patch
+
+* Thu Oct 24 2024 Aaron Merey <amerey@redhat.com> - 0.192-2
+- Enable eu-stacktrace on x86_64
+- Add elfutils-0.192-stacktrace-lto.patch
+
+* Wed Oct 23 2024 Aaron Merey <amerey@redhat.com> - 0.192-1
+- Upgrade to upstream elfutils 0.192
+- Drop upstreamed patches
+  elfutils-0.190-riscv-flatten.patch
+  elfutils-0.191-riscv-flatten.patch
+  elfutils-0.191-profile-empty-urls.patch
+- Add elfutils-0.192-libelf-static.patch

 * Fri Apr 19 2024 Aaron Merey <amerey@redhat.com> - 0.191-3
 - eu-srcfiles directly links to libdebuginfod.so so explicitly