rpms/gnome-keyring
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:c10-beta
Branches Tags
rpms:c8
rpms:c10-beta
rpms:c10s
rpms:c9
rpms:c8s
rpms:c9s
rpms:c9-beta
rpms:c8-beta
rpms:imports/c10-beta/gnome-keyring-42.1-18.el10
rpms:imports/c10s/gnome-keyring-42.1-20.el10
rpms:imports/c8/gnome-keyring-3.28.2-2.el8_10
rpms:imports/c9/gnome-keyring-40.0-4.el9_4
rpms:imports/c10s/gnome-keyring-42.1-1.el10
rpms:imports/c10s/gnome-keyring-42.1-19.el10
rpms:imports/c9/gnome-keyring-40.0-3.el9
rpms:imports/c8s/gnome-keyring-3.28.2-1.el8
rpms:imports/c9-beta/gnome-keyring-40.0-3.el9
rpms:imports/c8-beta/gnome-keyring-3.28.2-1.el8
rpms:imports/c8/gnome-keyring-3.28.2-1.el8
..
compare: rpms:c8
Branches Tags
rpms:c10-beta
rpms:c10s
rpms:c8
rpms:c9
rpms:c8s
rpms:c9s
rpms:c9-beta
rpms:c8-beta
rpms:imports/c10-beta/gnome-keyring-42.1-18.el10
rpms:imports/c10s/gnome-keyring-42.1-20.el10
rpms:imports/c8/gnome-keyring-3.28.2-2.el8_10
rpms:imports/c9/gnome-keyring-40.0-4.el9_4
rpms:imports/c10s/gnome-keyring-42.1-1.el10
rpms:imports/c10s/gnome-keyring-42.1-19.el10
rpms:imports/c9/gnome-keyring-40.0-3.el9
rpms:imports/c8s/gnome-keyring-3.28.2-1.el8
rpms:imports/c9-beta/gnome-keyring-40.0-3.el9
rpms:imports/c8-beta/gnome-keyring-3.28.2-1.el8
rpms:imports/c8/gnome-keyring-3.28.2-1.el8

No commits in common. "c10-beta" and "c8" have entirely different histories.
c10-beta ... c8

7 changed files with 118 additions and 196 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
gnome-keyring-42.1.tar.xz
SOURCES/gnome-keyring-3.28.2.tar.xz

1
.gnome-keyring.metadata Normal file
View File

@ -0,0 +1 @@
a28f2e9ddee20c28922e7979cd3a4bb2b5c2e2ab SOURCES/gnome-keyring-3.28.2.tar.xz

82
SOURCES/gnome-keyring-40.0-ssh-agent-avoid-deadlock.patch Normal file
View File

@ -0,0 +1,82 @@
From dd92a85fb44ff68e075c348176d042448745fac8 Mon Sep 17 00:00:00 2001
From: Steven Luo <s_luo@berkeley.edu>
Date: Mon, 5 Feb 2024 10:22:02 -0800
Subject: [PATCH 1/2] ssh-agent: avoid deadlock when agent process dies before
we connect to it
gkd_ssh_agent_process_connect() waits for the ssh-agent process to
become ready to accept input by entering the main loop while holding
self->lock. However, if the ssh-agent process dies before becoming
ready, the main loop will call on_child_watch(), which needs to take
self->lock, causing a deadlock. Fix this by releasing the lock before
entering the main loop.
This should prevent a busyloop that's been reported multiple times [1]
[2] from lasting forever.
[1] https://bugzilla.gnome.org/show_bug.cgi?id=794848
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1841855 (migrated to
https://issues.redhat.com/browse/RHEL-9302)
---
daemon/ssh-agent/gkd-ssh-agent-process.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/daemon/ssh-agent/gkd-ssh-agent-process.c b/daemon/ssh-agent/gkd-ssh-agent-process.c
index d3bb3a7ed..cbf10ffb2 100644
--- a/daemon/ssh-agent/gkd-ssh-agent-process.c
+++ b/daemon/ssh-agent/gkd-ssh-agent-process.c
@@ -228,8 +228,11 @@ gkd_ssh_agent_process_connect (GkdSshAgentProcess *self,
if (started && !self->ready) {
source = g_timeout_add_seconds (5, on_timeout, &timedout);
- while (!self->ready && !timedout)
+ while (!self->ready && !timedout) {
+ g_mutex_unlock (&self->lock);
g_main_context_iteration (NULL, FALSE);
+ g_mutex_lock (&self->lock);
+ }
g_source_remove (source);
}
--
GitLab
From 03ca2228205bfaa7510116142f9beaaf2a682042 Mon Sep 17 00:00:00 2001
From: Steven Luo <s_luo@berkeley.edu>
Date: Mon, 5 Feb 2024 10:29:56 -0800
Subject: [PATCH 2/2] ssh-agent: stop waiting for agent to become ready if it's
dead
If the ssh-agent process we launch dies before it becomes ready to take
input, self->pid will be set to 0 by on_child_watch(). If that happens,
there's no point in continuing to wait for the process to become ready.
This should avoid an unnecessary five-second wait in cases like [1] or
[2].
[1] https://bugzilla.gnome.org/show_bug.cgi?id=794848
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1841855 (migrated to
https://issues.redhat.com/browse/RHEL-9302)
---
daemon/ssh-agent/gkd-ssh-agent-process.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/daemon/ssh-agent/gkd-ssh-agent-process.c b/daemon/ssh-agent/gkd-ssh-agent-process.c
index cbf10ffb2..82e5559fb 100644
--- a/daemon/ssh-agent/gkd-ssh-agent-process.c
+++ b/daemon/ssh-agent/gkd-ssh-agent-process.c
@@ -226,9 +226,9 @@ gkd_ssh_agent_process_connect (GkdSshAgentProcess *self,
started = TRUE;
}
- if (started && !self->ready) {
+ if (started && self->pid && !self->ready) {
source = g_timeout_add_seconds (5, on_timeout, &timedout);
- while (!self->ready && !timedout) {
+ while (self->pid && !self->ready && !timedout) {
g_mutex_unlock (&self->lock);
g_main_context_iteration (NULL, FALSE);
g_mutex_lock (&self->lock);
--
GitLab

6
gnome-keyring-42.0-fix-strncpy.patch → SOURCES/gnome-keyring-40.0-strncpy.patch
View File

@ -1,4 +1,4 @@
From f532e3de2bd77465c976abc913e3f0a5cd09a5d2 Mon Sep 17 00:00:00 2001
From 6c4ad4cff086ba7fd79ef406311a283c6a942baf Mon Sep 17 00:00:00 2001
From: Matt Turner <mattst88@gmail.com>
Date: Sun, 22 May 2022 13:00:46 -0400
Subject: [PATCH] pkcs11: Don't use strncpy when copying paths
@ -30,7 +30,7 @@ In function strncpy,
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/pkcs11/rpc-layer/gkm-rpc-dispatch.c b/pkcs11/rpc-layer/gkm-rpc-dispatch.c
index 72d2ced1..dbedb355 100644
index 72d2ced1f..dbedb355e 100644
--- a/pkcs11/rpc-layer/gkm-rpc-dispatch.c
+++ b/pkcs11/rpc-layer/gkm-rpc-dispatch.c
@@ -31,6 +31,8 @@
@ -52,7 +52,7 @@ index 72d2ced1..dbedb355 100644
gkm_rpc_warn ("couldn't bind to pkcs11 socket: %s: %s",
pkcs11_socket_path, strerror (errno));
diff --git a/pkcs11/rpc-layer/gkm-rpc-module.c b/pkcs11/rpc-layer/gkm-rpc-module.c
index 24457ce1..515b18a4 100644
index 24457ce18..515b18a4d 100644
--- a/pkcs11/rpc-layer/gkm-rpc-module.c
+++ b/pkcs11/rpc-layer/gkm-rpc-module.c
@@ -29,6 +29,8 @@

201
gnome-keyring.spec → SPECS/gnome-keyring.spec
View File

@ -1,60 +1,37 @@
## START: Set by rpmautospec
## (rpmautospec version 0.6.1)
## RPMAUTOSPEC: autorelease, autochangelog
%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
release_number = 18;
base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
print(release_number + base_release_number - 1);
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
## END: Set by rpmautospec
%global glib2_version 2.44.0
%global gcr_version 3.27.90
%global gcrypt_version 1.2.2
%bcond_without ssh_agent
Name: gnome-keyring
Version: 3.28.2
Release: 2%{?dist}
Summary: Framework for managing passwords and other secrets
Name: gnome-keyring
Version: 42.1
Release: %autorelease
Summary: Framework for managing passwords and other secrets
License: GPLv2+ and LGPLv2+
URL: https://wiki.gnome.org/Projects/GnomeKeyring
Source0: https://download.gnome.org/sources/%{name}/3.28/%{name}-%{version}.tar.xz
# https://issues.redhat.com/browse/RHEL-11916
Patch0: gnome-keyring-40.0-ssh-agent-avoid-deadlock.patch
Patch1: gnome-keyring-40.0-strncpy.patch
# egg/ is (GPL-2.0-or-later OR LGPL-3.0-or-later) OR BSD-3-Clause
# pkcs11/ is MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later
License: GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.1-or-later AND ((GPL-2.0-or-later OR LGPL-3.0-or-later) OR BSD-3-Clause) AND (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later)
URL: https://wiki.gnome.org/Projects/GnomeKeyring
Source0: https://download.gnome.org/sources/%{name}/42/%{name}-%{version}.tar.xz
# https://gitlab.gnome.org/GNOME/gnome-keyring/-/merge_requests/52
Patch0: gnome-keyring-42.0-fix-strncpy.patch
Patch1: gnome-keyring-c89.patch
BuildRequires: pkgconfig(gcr-3) >= %{gcr_version}
BuildRequires: pkgconfig(glib-2.0) >= %{glib2_version}
BuildRequires: pkgconfig(p11-kit-1)
BuildRequires: docbook-dtds
BuildRequires: docbook-style-xsl
BuildRequires: gettext
BuildRequires: intltool
BuildRequires: libcap-ng-devel
BuildRequires: libgcrypt-devel >= %{gcrypt_version}
BuildRequires: libselinux-devel
BuildRequires: pam-devel
BuildRequires: /usr/bin/ssh-add
BuildRequires: /usr/bin/ssh-agent
BuildRequires: /usr/bin/xsltproc
BuildRequires: pkgconfig(gcr-3) >= %{gcr_version}
BuildRequires: pkgconfig(glib-2.0) >= %{glib2_version}
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(p11-kit-1)
BuildRequires: docbook-dtds
BuildRequires: docbook-style-xsl
BuildRequires: gcc
BuildRequires: gettext
BuildRequires: intltool
BuildRequires: libgcrypt-devel >= %{gcrypt_version}
BuildRequires: libselinux-devel
BuildRequires: make
BuildRequires: pam-devel
BuildRequires: systemd-rpm-macros
%if %{with ssh_agent}
BuildRequires: /usr/bin/ssh-add
BuildRequires: /usr/bin/ssh-agent
%endif
BuildRequires: /usr/bin/xsltproc
%if %{with ssh_agent}
Requires: /usr/bin/ssh-add
Requires: /usr/bin/ssh-agent
%endif
# for /usr/libexec/gcr-ssh-askpass
Requires: gcr3
Requires: /usr/libexec/gcr-ssh-askpass
%description
The gnome-keyring session daemon manages passwords and other types of
@ -64,7 +41,7 @@ Applications can use the gnome-keyring library to integrate with the keyring.
%package pam
Summary: Pam module for unlocking keyrings
License: LGPL-2.1-or-later
License: LGPLv2+
Requires: %{name}%{?_isa} = %{version}-%{release}
# for /lib/security
Requires: pam%{?_isa}
@ -81,20 +58,12 @@ automatically unlock the "login" keyring when the user logs in.
%build
%configure \
--with-pam-dir=%{_libdir}/security \
--enable-pam \
--with-systemd \
--without-libcap-ng \
--with-pkcs11-config=%{_datadir}/p11-kit/modules \
%if %{with ssh_agent}
--enable-ssh-agent
%else
--disable-ssh-agent
%endif
--enable-pam
# avoid unneeded direct dependencies
sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0 /g' libtool
%make_build
make %{?_smp_mflags}
%install
@ -106,11 +75,6 @@ rm $RPM_BUILD_ROOT%{_libdir}/gnome-keyring/devel/*.la
%find_lang gnome-keyring
%post
%systemd_user_post gnome-keyring-daemon.service
%preun
%systemd_user_preun gnome-keyring-daemon.service
%files -f gnome-keyring.lang
%doc AUTHORS NEWS README
@ -122,125 +86,24 @@ rm $RPM_BUILD_ROOT%{_libdir}/gnome-keyring/devel/*.la
%dir %{_libdir}/pkcs11
%{_libdir}/pkcs11/*.so
# GPL
%{_bindir}/gnome-keyring-daemon
%attr(0755,root,root) %caps(cap_ipc_lock=ep) %{_bindir}/gnome-keyring-daemon
%{_bindir}/gnome-keyring
%{_bindir}/gnome-keyring-3
%{_datadir}/dbus-1/services/*.service
%{_sysconfdir}/xdg/autostart/*
%{_datadir}/GConf/gsettings/*.convert
%{_datadir}/glib-2.0/schemas/*.gschema.xml
%{_datadir}/p11-kit/modules/gnome-keyring.module
%dir %{_datadir}/xdg-desktop-portal
%dir %{_datadir}/xdg-desktop-portal/portals
%{_datadir}/xdg-desktop-portal/portals/gnome-keyring.portal
%{_mandir}/man1/gnome-keyring.1*
%{_mandir}/man1/gnome-keyring-3.1*
%{_mandir}/man1/gnome-keyring-daemon.1*
%{_userunitdir}/gnome-keyring-daemon.service
%{_userunitdir}/gnome-keyring-daemon.socket
%files pam
%{_libdir}/security/*.so
%changelog
## START: Generated by rpmautospec
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 42.1-18
- Bump release for June 2024 mass rebuild
* Fri Jan 26 2024 Florian Weimer <fweimer@redhat.com> - 42.1-10
- Fix C compatibility issue
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 42.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 42.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Nov 21 2023 Daiki Ueno <dueno@redhat.com> - 42.1-7
- Re-enable ssh-agent support (#2250704)
* Fri Oct 20 2023 Dhanuka Warusadura <dhanuka@gnome.org> - 42.1-6
- ssh-agent: update build instructions to disable ssh component
- Introduced conditional builds based on ssh component required or not
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 42.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Apr 20 2023 Carl George <carl@george.computer> - 42.1-4
- Switch dependency from /usr/libexec/gcr-ssh-askpass to gcr3
- Resolves: rhbz#2188431
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 42.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 42.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon May 23 2022 David King <amigadave@amigadave.com> - 42.1-1
- Update to 42.1
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 40.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
- Update the path of the PKCS#11 module
* Tue Sep 21 2021 Michael Catanzaro <mcatanzaro@redhat.com> - 40.0-3
- Drop dependency on libcapng
- Drop cap_ipc_lock to unbreak the D-Bus service
- Fixes #2005625
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 40.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Mar 26 2021 Kalev Lember <klember@redhat.com> - 40.0-1
- Update to 40.0
* Fri Mar 05 2021 David King <amigadave@amigadave.com> - 3.36.0-6
- Apply upstream patch to fix capng usage (#1888978)
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.36.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.36.0-4
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.36.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 3.36.0-2
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Wed Mar 11 2020 Kalev Lember <klember@redhat.com> - 3.36.0-1
- Update to 3.36.0
* Mon Feb 17 2020 Kalev Lember <klember@redhat.com> - 3.35.90-1
- Update to 3.35.90
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.35.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jan 16 2020 Kalev Lember <klember@redhat.com> - 3.35.1-1
- Update to 3.35.1
* Mon Sep 30 2019 Kalev Lember <klember@redhat.com> - 3.34.0-1
- Update to 3.34.0
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.31.91-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Mar 02 2019 Kalev Lember <klember@redhat.com> - 3.31.91-1
- Update to 3.31.91
* Sun Feb 10 2019 Kalev Lember <klember@redhat.com> - 3.31.90-1
- Update to 3.31.90
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.28.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.28.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Apr 12 2024 David King <dking@redhat.com> - 3.28.2-2
- Avoid SSH agent deadlocks (RHEL-11916)
* Tue May 08 2018 Kalev Lember <klember@redhat.com> - 3.28.2-1
- Update to 3.28.2
@ -967,5 +830,3 @@ rm $RPM_BUILD_ROOT%{_libdir}/gnome-keyring/devel/*.la
* Fri Jan 23 2004 Alexander Larsson <alexl@redhat.com> 0.1.2-1
- First version
## END: Generated by rpmautospec

21
gnome-keyring-c89.patch
View File

@ -1,21 +0,0 @@
S-expressions test: Call gkm_crypto_sign_xsa with correct size type
The underlying type for gsize can be unsigned int, which is a distinct
type from unsigned long (the type behind CK_ULONG). The mismatch
results in compilation failures with GCC 14.
Submitted upstream: <https://gitlab.gnome.org/GNOME/gnome-keyring/-/merge_requests/63>
diff --git a/pkcs11/gkm/test-sexp.c b/pkcs11/gkm/test-sexp.c
index ba104a0e5b776669..fccf672353ddf42f 100644
--- a/pkcs11/gkm/test-sexp.c
+++ b/pkcs11/gkm/test-sexp.c
@@ -224,7 +224,7 @@ test_sign_verify (Test *test, gconstpointer unused)
guchar data[] = TEST_DATA;
guchar data_size = TEST_DATA_SIZE;
guchar signature[128];
- gsize signature_size = 128;
+ CK_ULONG signature_size = 128;
/* RSA */
/* sign some data */

1
sources
View File

@ -1 +0,0 @@
SHA512 (gnome-keyring-42.1.tar.xz) = 560dc409c21768dcbdf42151986a5bbbfb9a092d2c36295cf76bd603cdf9650fa80670631c7fb8b3e1822bed6a1f55c34b2170a1419ce45fbe8ca08c7eaf3a57