import libdnf-0.67.0-2.el9
This commit is contained in:
parent
de193c30d7
commit
ad18ac59c0
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
SOURCES/libdnf-0.65.0.tar.gz
|
||||
SOURCES/libdnf-0.67.0.tar.gz
|
||||
|
@ -1 +1 @@
|
||||
95bd8ed682ca9c1b20913afba767c5e91fa3da13 SOURCES/libdnf-0.65.0.tar.gz
|
||||
2abb8e24d867da4433345678764163e703b7729f SOURCES/libdnf-0.67.0.tar.gz
|
||||
|
@ -1,383 +0,0 @@
|
||||
From 5fbecb9533a5584d20a2b76f5816e58c2ffbb6f6 Mon Sep 17 00:00:00 2001
|
||||
From: Jaroslav Rohel <jrohel@redhat.com>
|
||||
Date: Wed, 2 Feb 2022 08:45:36 +0100
|
||||
Subject: [PATCH 1/2] Use `rpmdbCookie` from librpm, remove
|
||||
`hawkey.Sack._rpmdb_version`
|
||||
|
||||
`dnf_sack_get_rpmdb_version` function that computed the hash of installed
|
||||
packages was removed. `rpmdbCookie` function from librpm is used in context
|
||||
part of libdnf instead.
|
||||
|
||||
The private Python function `hawkey.Sack._rpmdb_version()` was removed too.
|
||||
It was used by DNF. The new version of DNF uses
|
||||
`rpm.TransactionSet.dbCookie()` function from librpm, which wraps
|
||||
the `rpmdbCookie` function. So the same librpm function will be used
|
||||
in context part of libdnf (e.g. by microdnf) and in the DNF.
|
||||
|
||||
`rpmdbCookie` funkcion is safer. It also detect reinstalation of package
|
||||
as a change. That will be needed in the future to determining if the libsolv
|
||||
cache is still valid.
|
||||
It also solves the libdnf problem with SHA1 in FIPS mode.
|
||||
|
||||
= changelog =
|
||||
msg: Use `rpmdbCookie` from librpm, remove `hawkey.Sack._rpmdb_version`
|
||||
type: bugfix
|
||||
related: https://bugzilla.redhat.com/show_bug.cgi?id=2043476
|
||||
---
|
||||
libdnf/dnf-sack-private.hpp | 15 ------------
|
||||
libdnf/dnf-sack.cpp | 40 -------------------------------
|
||||
libdnf/dnf-transaction.cpp | 48 +++++++++++++++++++++----------------
|
||||
python/hawkey/sack-py.cpp | 8 -------
|
||||
4 files changed, 27 insertions(+), 84 deletions(-)
|
||||
|
||||
diff --git a/libdnf/dnf-sack-private.hpp b/libdnf/dnf-sack-private.hpp
|
||||
index 89873534..2db96320 100644
|
||||
--- a/libdnf/dnf-sack-private.hpp
|
||||
+++ b/libdnf/dnf-sack-private.hpp
|
||||
@@ -81,19 +81,4 @@ std::pair<std::vector<std::vector<std::string>>, libdnf::ModulePackageContainer:
|
||||
|
||||
std::vector<libdnf::ModulePackage *> requiresModuleEnablement(DnfSack * sack, const libdnf::PackageSet * installSet);
|
||||
|
||||
-/**
|
||||
- * @brief Return fingerprint of installed RPMs.
|
||||
- * The format is <count>:<hash>.
|
||||
- * <count> is a count of installed RPMs.
|
||||
- * <hash> is a sha1 hash of sorted sha1hdr hashes of installed RPMs.
|
||||
- *
|
||||
- * The count can be computed from the command line by running:
|
||||
- * rpm -qa --qf='%{name}\n' | grep -v '^gpg-pubkey$' | wc -l
|
||||
- *
|
||||
- * The hash can be computed from the command line by running:
|
||||
- * rpm -qa --qf='%{name} %{sha1header}\n' | grep -v '^gpg-pubkey ' \
|
||||
- * | cut -d ' ' -f 2 | LC_ALL=C sort | tr -d '\n' | sha1sum
|
||||
- */
|
||||
-std::string dnf_sack_get_rpmdb_version(DnfSack *sack);
|
||||
-
|
||||
#endif // HY_SACK_INTERNAL_H
|
||||
diff --git a/libdnf/dnf-sack.cpp b/libdnf/dnf-sack.cpp
|
||||
index a88e8a1c..13977730 100644
|
||||
--- a/libdnf/dnf-sack.cpp
|
||||
+++ b/libdnf/dnf-sack.cpp
|
||||
@@ -80,7 +80,6 @@ extern "C" {
|
||||
#include "module/ModulePackage.hpp"
|
||||
#include "repo/Repo-private.hpp"
|
||||
#include "repo/solvable/DependencyContainer.hpp"
|
||||
-#include "utils/crypto/sha1.hpp"
|
||||
#include "utils/File.hpp"
|
||||
#include "utils/utils.hpp"
|
||||
#include "log.hpp"
|
||||
@@ -2535,42 +2534,3 @@ std::pair<std::vector<std::vector<std::string>>, libdnf::ModulePackageContainer:
|
||||
setModuleExcludes(sack, hotfixRepos, *moduleContainer);
|
||||
return ret;
|
||||
}
|
||||
-
|
||||
-std::string dnf_sack_get_rpmdb_version(DnfSack *sack) {
|
||||
- // collect all sha1hdr checksums
|
||||
- // they are sufficiently unique IDs that represent installed RPMs
|
||||
- std::vector<std::string> checksums;
|
||||
-
|
||||
- // iterate all @System repo RPMs (rpmdb records)
|
||||
- libdnf::Query query{sack, libdnf::Query::ExcludeFlags::IGNORE_EXCLUDES};
|
||||
- query.installed();
|
||||
-
|
||||
- auto pset = query.getResultPset();
|
||||
- Id id = -1;
|
||||
- while(true) {
|
||||
- id = pset->next(id);
|
||||
- if (id == -1) {
|
||||
- break;
|
||||
- }
|
||||
- DnfPackage *pkg = dnf_package_new(sack, id);
|
||||
- // store pkgid (equals to sha1hdr)
|
||||
- checksums.push_back(libdnf::string::fromCstring(dnf_package_get_pkgid(pkg)));
|
||||
- g_object_unref(pkg);
|
||||
- }
|
||||
-
|
||||
- // sort checksums to compute the output checksum always the same
|
||||
- std::sort(checksums.begin(), checksums.end());
|
||||
-
|
||||
- SHA1Hash h;
|
||||
- for (auto & checksum : checksums) {
|
||||
- h.update(checksum.c_str());
|
||||
- }
|
||||
-
|
||||
- // build <count>:<hash> output
|
||||
- std::ostringstream result;
|
||||
- result << checksums.size();
|
||||
- result << ":";
|
||||
- result << h.hexdigest();
|
||||
-
|
||||
- return result.str();
|
||||
-}
|
||||
diff --git a/libdnf/dnf-transaction.cpp b/libdnf/dnf-transaction.cpp
|
||||
index e0966582..d93c5ec6 100644
|
||||
--- a/libdnf/dnf-transaction.cpp
|
||||
+++ b/libdnf/dnf-transaction.cpp
|
||||
@@ -28,6 +28,7 @@
|
||||
* This object represents an RPM transaction.
|
||||
*/
|
||||
|
||||
+#include <rpm/rpmdb.h>
|
||||
#include <rpm/rpmlib.h>
|
||||
#include <rpm/rpmlog.h>
|
||||
#include <rpm/rpmts.h>
|
||||
@@ -53,6 +54,7 @@
|
||||
#include "transaction/Swdb.hpp"
|
||||
#include "transaction/Transformer.hpp"
|
||||
#include "utils/bgettext/bgettext-lib.h"
|
||||
+#include "utils/utils.hpp"
|
||||
|
||||
typedef enum {
|
||||
DNF_TRANSACTION_STEP_STARTED,
|
||||
@@ -1136,9 +1138,8 @@ dnf_transaction_commit(DnfTransaction *transaction, HyGoal goal, DnfState *state
|
||||
libdnf::Swdb *swdb = priv->swdb;
|
||||
PluginHookContextTransactionData data{PLUGIN_HOOK_ID_CONTEXT_PRE_TRANSACTION, transaction, goal, state};
|
||||
DnfSack * sack = hy_goal_get_sack(goal);
|
||||
- DnfSack * rpmdb_version_sack = NULL;
|
||||
- std::string rpmdb_begin;
|
||||
- std::string rpmdb_end;
|
||||
+ std::unique_ptr<char, decltype(free)*> rpmdb_cookie_uptr{nullptr, free};
|
||||
+ std::string rpmdb_cookie;
|
||||
|
||||
/* take lock */
|
||||
ret = dnf_state_take_lock(state, DNF_LOCK_TYPE_RPMDB, DNF_LOCK_MODE_PROCESS, error);
|
||||
@@ -1431,17 +1432,24 @@ dnf_transaction_commit(DnfTransaction *transaction, HyGoal goal, DnfState *state
|
||||
if (!dnf_context_plugin_hook(priv->context, PLUGIN_HOOK_ID_CONTEXT_PRE_TRANSACTION, &data, nullptr))
|
||||
goto out;
|
||||
|
||||
- // FIXME get commandline
|
||||
- if (sack) {
|
||||
- rpmdb_begin = dnf_sack_get_rpmdb_version(sack);
|
||||
- } else {
|
||||
- // if sack is not available, create a custom instance
|
||||
- rpmdb_version_sack = dnf_sack_new();
|
||||
- dnf_sack_load_system_repo(rpmdb_version_sack, nullptr, DNF_SACK_LOAD_FLAG_NONE, nullptr);
|
||||
- rpmdb_begin = dnf_sack_get_rpmdb_version(rpmdb_version_sack);
|
||||
- g_object_unref(rpmdb_version_sack);
|
||||
+ // Open rpm database if it is not already open
|
||||
+ if (!rpmtsGetRdb(priv->ts)) {
|
||||
+ rc = rpmtsOpenDB(priv->ts, rpmtsGetDBMode(priv->ts));
|
||||
+ if (rc != 0) {
|
||||
+ ret = FALSE;
|
||||
+ g_set_error(
|
||||
+ error, DNF_ERROR, DNF_ERROR_INTERNAL_ERROR, _("Error %i opening rpm database"), rc);
|
||||
+ goto out;
|
||||
+ }
|
||||
}
|
||||
- swdb->beginTransaction(_get_current_time(), rpmdb_begin, "", priv->uid);
|
||||
+
|
||||
+ rpmdb_cookie_uptr.reset(rpmdbCookie(rpmtsGetRdb(priv->ts)));
|
||||
+ rpmdb_cookie = libdnf::string::fromCstring(rpmdb_cookie_uptr.get());
|
||||
+ if (rpmdb_cookie.empty()) {
|
||||
+ g_critical(_("The rpmdbCookie() function did not return cookie of rpm database."));
|
||||
+ }
|
||||
+ // FIXME get commandline
|
||||
+ swdb->beginTransaction(_get_current_time(), rpmdb_cookie, "", priv->uid);
|
||||
|
||||
/* run the transaction */
|
||||
priv->state = dnf_state_get_child(state);
|
||||
@@ -1481,14 +1489,12 @@ dnf_transaction_commit(DnfTransaction *transaction, HyGoal goal, DnfState *state
|
||||
if (!ret)
|
||||
goto out;
|
||||
|
||||
- // finalize swdb transaction
|
||||
- // always load a new sack with rpmdb state after the transaction
|
||||
- rpmdb_version_sack = dnf_sack_new();
|
||||
- dnf_sack_load_system_repo(rpmdb_version_sack, nullptr, DNF_SACK_LOAD_FLAG_NONE, nullptr);
|
||||
- rpmdb_end = dnf_sack_get_rpmdb_version(rpmdb_version_sack);
|
||||
- g_object_unref(rpmdb_version_sack);
|
||||
-
|
||||
- swdb->endTransaction(_get_current_time(), rpmdb_end.c_str(), libdnf::TransactionState::DONE);
|
||||
+ rpmdb_cookie_uptr.reset(rpmdbCookie(rpmtsGetRdb(priv->ts)));
|
||||
+ rpmdb_cookie = libdnf::string::fromCstring(rpmdb_cookie_uptr.get());
|
||||
+ if (rpmdb_cookie.empty()) {
|
||||
+ g_critical(_("The rpmdbCookie() function did not return cookie of rpm database."));
|
||||
+ }
|
||||
+ swdb->endTransaction(_get_current_time(), rpmdb_cookie, libdnf::TransactionState::DONE);
|
||||
swdb->closeTransaction();
|
||||
|
||||
data.hookId = PLUGIN_HOOK_ID_CONTEXT_TRANSACTION;
|
||||
diff --git a/python/hawkey/sack-py.cpp b/python/hawkey/sack-py.cpp
|
||||
index 4de499cb..fcb5cd61 100644
|
||||
--- a/python/hawkey/sack-py.cpp
|
||||
+++ b/python/hawkey/sack-py.cpp
|
||||
@@ -783,13 +783,6 @@ load_repo(_SackObject *self, PyObject *args, PyObject *kwds) try
|
||||
Py_RETURN_NONE;
|
||||
} CATCH_TO_PYTHON
|
||||
|
||||
-static PyObject *
|
||||
-rpmdb_version(_SackObject *self, PyObject *unused) try
|
||||
-{
|
||||
- auto result = dnf_sack_get_rpmdb_version(self->sack);
|
||||
- return PyString_FromString(result.c_str());
|
||||
-} CATCH_TO_PYTHON
|
||||
-
|
||||
static Py_ssize_t
|
||||
len(_SackObject *self) try
|
||||
{
|
||||
@@ -858,7 +851,6 @@ PyMethodDef sack_methods[] = {
|
||||
METH_VARARGS | METH_KEYWORDS, NULL},
|
||||
{"load_repo", (PyCFunction)load_repo, METH_VARARGS | METH_KEYWORDS,
|
||||
NULL},
|
||||
- {"_rpmdb_version", (PyCFunction)rpmdb_version, METH_VARARGS | METH_KEYWORDS, NULL},
|
||||
{NULL} /* sentinel */
|
||||
};
|
||||
|
||||
--
|
||||
2.34.1
|
||||
|
||||
|
||||
From 3dae1fd8754ec9521e16e2e11a7c4bf2c81bbb02 Mon Sep 17 00:00:00 2001
|
||||
From: Jaroslav Rohel <jrohel@redhat.com>
|
||||
Date: Wed, 2 Feb 2022 18:00:39 +0100
|
||||
Subject: [PATCH 2/2] Remove class `SHA1Hash`, which is no longer used, remove
|
||||
OpenSSL require
|
||||
|
||||
The class was used by the `dnf_sack_get_rpmdb_version` function, which was
|
||||
removed. The `rpmdbCookie` function from librpm is used instead.
|
||||
---
|
||||
CMakeLists.txt | 1 -
|
||||
libdnf.spec | 1 -
|
||||
libdnf/CMakeLists.txt | 1 -
|
||||
libdnf/utils/CMakeLists.txt | 1 -
|
||||
libdnf/utils/crypto/CMakeLists.txt | 5 -----
|
||||
libdnf/utils/crypto/sha1.cpp | 36 ------------------------------
|
||||
libdnf/utils/crypto/sha1.hpp | 25 ---------------------
|
||||
7 files changed, 70 deletions(-)
|
||||
delete mode 100644 libdnf/utils/crypto/CMakeLists.txt
|
||||
delete mode 100644 libdnf/utils/crypto/sha1.cpp
|
||||
delete mode 100644 libdnf/utils/crypto/sha1.hpp
|
||||
|
||||
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
||||
index 60cf1b8c..7149b9e6 100644
|
||||
--- a/CMakeLists.txt
|
||||
+++ b/CMakeLists.txt
|
||||
@@ -52,7 +52,6 @@ endif()
|
||||
# build dependencies
|
||||
find_package(Gpgme REQUIRED)
|
||||
find_package(LibSolv 0.6.30 REQUIRED COMPONENTS ext)
|
||||
-find_package(OpenSSL REQUIRED)
|
||||
|
||||
|
||||
# build dependencies via pkg-config
|
||||
diff --git a/libdnf.spec b/libdnf.spec
|
||||
index 697911f0..89d2fb40 100644
|
||||
--- a/libdnf.spec
|
||||
+++ b/libdnf.spec
|
||||
@@ -83,7 +83,6 @@ BuildRequires: pkgconfig(zck) >= 0.9.11
|
||||
BuildRequires: pkgconfig(sqlite3)
|
||||
BuildRequires: pkgconfig(json-c)
|
||||
BuildRequires: pkgconfig(cppunit)
|
||||
-BuildRequires: pkgconfig(libcrypto)
|
||||
BuildRequires: pkgconfig(modulemd-2.0) >= %{libmodulemd_version}
|
||||
BuildRequires: pkgconfig(smartcols)
|
||||
BuildRequires: gettext
|
||||
diff --git a/libdnf/CMakeLists.txt b/libdnf/CMakeLists.txt
|
||||
index 998a6f94..9e71d139 100644
|
||||
--- a/libdnf/CMakeLists.txt
|
||||
+++ b/libdnf/CMakeLists.txt
|
||||
@@ -75,7 +75,6 @@ target_link_libraries(libdnf
|
||||
${GLIB_GIO_UNIX_LIBRARIES}
|
||||
${LIBSOLV_LIBRARY}
|
||||
${LIBSOLV_EXT_LIBRARY}
|
||||
- ${OPENSSL_CRYPTO_LIBRARY}
|
||||
${RPM_LIBRARIES}
|
||||
${SCOLS_LIBRARIES}
|
||||
${SQLite3_LIBRARIES}
|
||||
diff --git a/libdnf/utils/CMakeLists.txt b/libdnf/utils/CMakeLists.txt
|
||||
index 71a1042c..4ec456ef 100644
|
||||
--- a/libdnf/utils/CMakeLists.txt
|
||||
+++ b/libdnf/utils/CMakeLists.txt
|
||||
@@ -1,5 +1,4 @@
|
||||
add_subdirectory(bgettext)
|
||||
-add_subdirectory(crypto)
|
||||
add_subdirectory(iniparser)
|
||||
add_subdirectory(regex)
|
||||
add_subdirectory(sqlite3)
|
||||
diff --git a/libdnf/utils/crypto/CMakeLists.txt b/libdnf/utils/crypto/CMakeLists.txt
|
||||
deleted file mode 100644
|
||||
index 149d100c..00000000
|
||||
--- a/libdnf/utils/crypto/CMakeLists.txt
|
||||
+++ /dev/null
|
||||
@@ -1,5 +0,0 @@
|
||||
-set(UTILS_SOURCES
|
||||
- ${UTILS_SOURCES}
|
||||
- ${CMAKE_CURRENT_SOURCE_DIR}/sha1.cpp
|
||||
- PARENT_SCOPE
|
||||
-)
|
||||
diff --git a/libdnf/utils/crypto/sha1.cpp b/libdnf/utils/crypto/sha1.cpp
|
||||
deleted file mode 100644
|
||||
index 1533ee6b..00000000
|
||||
--- a/libdnf/utils/crypto/sha1.cpp
|
||||
+++ /dev/null
|
||||
@@ -1,36 +0,0 @@
|
||||
-#include <cstring>
|
||||
-
|
||||
-#include <iomanip>
|
||||
-#include <sstream>
|
||||
-
|
||||
-#include "sha1.hpp"
|
||||
-
|
||||
-
|
||||
-SHA1Hash::SHA1Hash()
|
||||
-{
|
||||
- md_ctx = EVP_MD_CTX_new();
|
||||
- EVP_DigestInit_ex(md_ctx, EVP_sha1(), NULL);
|
||||
-}
|
||||
-
|
||||
-
|
||||
-void
|
||||
-SHA1Hash::update(const char * data)
|
||||
-{
|
||||
- EVP_DigestUpdate(md_ctx, data, strlen(data));
|
||||
-}
|
||||
-
|
||||
-
|
||||
-std::string
|
||||
-SHA1Hash::hexdigest()
|
||||
-{
|
||||
- unsigned char md[digestLength];
|
||||
- EVP_DigestFinal_ex(md_ctx, md, NULL);
|
||||
-
|
||||
- std::stringstream ss;
|
||||
- for(int i=0; i<digestLength; i++) {
|
||||
- ss << std::setfill('0') << std::setw(2) << std::hex << static_cast<int>(md[i]);
|
||||
- }
|
||||
-
|
||||
- EVP_MD_CTX_free(md_ctx);
|
||||
- return ss.str();
|
||||
-}
|
||||
diff --git a/libdnf/utils/crypto/sha1.hpp b/libdnf/utils/crypto/sha1.hpp
|
||||
deleted file mode 100644
|
||||
index 9f1dfdeb..00000000
|
||||
--- a/libdnf/utils/crypto/sha1.hpp
|
||||
+++ /dev/null
|
||||
@@ -1,25 +0,0 @@
|
||||
-#include <string>
|
||||
-#include <openssl/sha.h>
|
||||
-#include <openssl/evp.h>
|
||||
-
|
||||
-
|
||||
-/*
|
||||
-USAGE:
|
||||
-
|
||||
-SHA1Hash h;
|
||||
-h.update("foo");
|
||||
-h.update("bar");
|
||||
-std::cout << h.hexdigest() << std::endl;
|
||||
-*/
|
||||
-
|
||||
-
|
||||
-class SHA1Hash {
|
||||
-public:
|
||||
- SHA1Hash();
|
||||
- void update(const char *data);
|
||||
- std::string hexdigest();
|
||||
- static constexpr int digestLength = SHA_DIGEST_LENGTH;
|
||||
-
|
||||
-private:
|
||||
- EVP_MD_CTX *md_ctx;
|
||||
-};
|
||||
--
|
||||
2.34.1
|
||||
|
@ -0,0 +1,100 @@
|
||||
From c17e59faf6075e7ddb803f6393e86653afd6b16d Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
|
||||
Date: Mon, 30 May 2022 08:59:41 +0200
|
||||
Subject: [PATCH] advisory upgrade: filter out advPkgs with different arch
|
||||
|
||||
This prevents a situation in security upgrades where libsolv cannot
|
||||
upgrade dependent pkgs because we ask for an upgrade of different arch:
|
||||
|
||||
We can get the following testcase if libdnf has filtered out
|
||||
json-c-2-2.el8.x86_64@rhel-8-for-x86_64-baseos-rpms
|
||||
(because there is an advisory for already installed json-c-1-1.el8.x86_64) but
|
||||
json-c-2-2.el8.i686@rhel-8-for-x86_64-baseos-rpms is not filtered out because
|
||||
it has different architecture. The resulting transaction doesn't work.
|
||||
|
||||
```
|
||||
repo @System -99.-1000 testtags <inline>
|
||||
#>=Pkg: bind-libs-lite 1 1.el8 x86_64
|
||||
#>=Pkg: json-c 1 1.el8 x86_64
|
||||
|
||||
repo rhel-8-for-x86_64-baseos-rpms -99.-1000 testtags <inline>
|
||||
#>=Pkg: json-c 2 2.el8 x86_64
|
||||
#>=Prv: libjson-c.so.4()(64bit)
|
||||
#>
|
||||
#>=Pkg: json-c 2 2.el8 i686
|
||||
#>=Prv: libjson-c.so.4()
|
||||
#>
|
||||
#>=Pkg: bind-libs-lite 2 2.el8 x86_64
|
||||
#>=Req: libjson-c.so.4()(64bit)
|
||||
system x86_64 rpm @System
|
||||
job update oneof json-c-1-1.el8.x86_64@@System json-c-2-2.el8.i686@rhel-8-for-x86_64-baseos-rpms bind-libs-lite-2-2.el8.x86_64@rhel-8-for-x86_64-baseos-rpms [forcebest,targeted,setevr,setarch]
|
||||
result transaction,problems <inline>
|
||||
#>problem f06d81a4 info package bind-libs-lite-2-2.el8.x86_64 requires libjson-c.so.4()(64bit), but none of the providers can be installed
|
||||
#>problem f06d81a4 solution 96f9031b allow bind-libs-lite-1-1.el8.x86_64@@System
|
||||
#>problem f06d81a4 solution c8daf94f allow json-c-2-2.el8.x86_64@rhel-8-for-x86_64-baseos-rpms
|
||||
#>upgrade bind-libs-lite-1-1.el8.x86_64@@System bind-libs-lite-2-2.el8.x86_64@rhel-8-for-x86_64-baseos-rpms
|
||||
#>upgrade json-c-1-1.el8.x86_64@@System json-c-2-2.el8.x86_64@rhel-8-for-x86_64-baseos-rpms```
|
||||
```
|
||||
|
||||
= changelog =
|
||||
msg: Filter out advisory pkgs with different arch during advisory upgrade, fixes possible problems in dependency resulution.
|
||||
type: bugfix
|
||||
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2088149
|
||||
---
|
||||
libdnf/sack/query.cpp | 25 +++++++++++++++++++------
|
||||
1 file changed, 19 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/libdnf/sack/query.cpp b/libdnf/sack/query.cpp
|
||||
index ac2736b5..03d39659 100644
|
||||
--- a/libdnf/sack/query.cpp
|
||||
+++ b/libdnf/sack/query.cpp
|
||||
@@ -1877,12 +1877,6 @@ Query::Impl::filterAdvisory(const Filter & f, Map *m, int keyname)
|
||||
std::vector<Solvable *> candidates;
|
||||
std::vector<Solvable *> installed_solvables;
|
||||
|
||||
- Id id = -1;
|
||||
- while ((id = resultPset->next(id)) != -1) {
|
||||
- candidates.push_back(pool_id2solvable(pool, id));
|
||||
- }
|
||||
- NameArchEVRComparator cmp_key(pool);
|
||||
-
|
||||
if (cmp_type & HY_UPGRADE) {
|
||||
Query installed(sack, ExcludeFlags::IGNORE_EXCLUDES);
|
||||
installed.installed();
|
||||
@@ -1893,6 +1887,18 @@ Query::Impl::filterAdvisory(const Filter & f, Map *m, int keyname)
|
||||
installed_solvables.push_back(pool_id2solvable(pool, installed_id));
|
||||
}
|
||||
std::sort(installed_solvables.begin(), installed_solvables.end(), NameArchSolvableComparator);
|
||||
+ Id id = -1;
|
||||
+ while ((id = resultPset->next(id)) != -1) {
|
||||
+ Solvable * s = pool_id2solvable(pool, id);
|
||||
+ // When doing HY_UPGRADE consider only candidate pkgs that have matching Name and Arch
|
||||
+ // with some already installed pkg (in other words: some other version of the pkg is already installed).
|
||||
+ // Otherwise a pkg with different Arch than installed can end up in upgrade set which is wrong.
|
||||
+ // It can result in dependency issues, reported as: RhBug:2088149.
|
||||
+ auto low = std::lower_bound(installed_solvables.begin(), installed_solvables.end(), s, NameArchSolvableComparator);
|
||||
+ if (low != installed_solvables.end() && s->name == (*low)->name && s->arch == (*low)->arch) {
|
||||
+ candidates.push_back(s);
|
||||
+ }
|
||||
+ }
|
||||
|
||||
// Apply security filters only to packages with lower priority - to unify behaviour upgrade
|
||||
// and upgrade-minimal
|
||||
@@ -1915,7 +1921,14 @@ Query::Impl::filterAdvisory(const Filter & f, Map *m, int keyname)
|
||||
}
|
||||
}
|
||||
std::swap(candidates, priority_candidates);
|
||||
+ } else {
|
||||
+ Id id = -1;
|
||||
+ while ((id = resultPset->next(id)) != -1) {
|
||||
+ candidates.push_back(pool_id2solvable(pool, id));
|
||||
+ }
|
||||
}
|
||||
+
|
||||
+ NameArchEVRComparator cmp_key(pool);
|
||||
std::sort(candidates.begin(), candidates.end(), cmp_key);
|
||||
for (auto & advisoryPkg : pkgs) {
|
||||
if (cmp_type & HY_UPGRADE) {
|
||||
--
|
||||
2.36.1
|
||||
|
@ -0,0 +1,71 @@
|
||||
From 549d248c9b331d19a0fd355fc605ab8912ed50f6 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
|
||||
Date: Tue, 5 Jul 2022 09:02:22 +0200
|
||||
Subject: [PATCH] Add obsoletes to filtering for advisory candidates
|
||||
|
||||
Patch https://github.com/rpm-software-management/libdnf/pull/1526
|
||||
introduced a regression where we no longer do a security upgrade if a
|
||||
package A is installed and package B obsoletes A and B is available in two
|
||||
versions while there is an advisory for the second version.
|
||||
|
||||
Test: https://github.com/rpm-software-management/ci-dnf-stack/pull/1130
|
||||
---
|
||||
libdnf/sack/query.cpp | 32 ++++++++++++++++++++++++++++----
|
||||
1 file changed, 28 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/libdnf/sack/query.cpp b/libdnf/sack/query.cpp
|
||||
index 03d39659..5355f9f7 100644
|
||||
--- a/libdnf/sack/query.cpp
|
||||
+++ b/libdnf/sack/query.cpp
|
||||
@@ -1878,6 +1878,13 @@ Query::Impl::filterAdvisory(const Filter & f, Map *m, int keyname)
|
||||
std::vector<Solvable *> installed_solvables;
|
||||
|
||||
if (cmp_type & HY_UPGRADE) {
|
||||
+ // When doing HY_UPGRADE consider only candidate pkgs that have matching Name and Arch with:
|
||||
+ // * some already installed pkg (in other words: some other version of the pkg is already installed)
|
||||
+ // or
|
||||
+ // * with pkg that obsoletes some already installed (or to be installed in this transaction) pkg
|
||||
+ // Otherwise a pkg with different Arch than installed can end up in upgrade set which is wrong.
|
||||
+ // It can result in dependency issues, reported as: RhBug:2088149.
|
||||
+
|
||||
Query installed(sack, ExcludeFlags::IGNORE_EXCLUDES);
|
||||
installed.installed();
|
||||
installed.addFilter(HY_PKG_LATEST_PER_ARCH, HY_EQ, 1);
|
||||
@@ -1887,13 +1894,30 @@ Query::Impl::filterAdvisory(const Filter & f, Map *m, int keyname)
|
||||
installed_solvables.push_back(pool_id2solvable(pool, installed_id));
|
||||
}
|
||||
std::sort(installed_solvables.begin(), installed_solvables.end(), NameArchSolvableComparator);
|
||||
+
|
||||
+ Query obsoletes(sack, ExcludeFlags::IGNORE_EXCLUDES);
|
||||
+ obsoletes.addFilter(HY_PKG, HY_EQ, resultPset);
|
||||
+ obsoletes.available();
|
||||
+
|
||||
+ Query possibly_obsoleted(sack, ExcludeFlags::IGNORE_EXCLUDES);
|
||||
+ possibly_obsoleted.addFilter(HY_PKG, HY_EQ, resultPset);
|
||||
+ possibly_obsoleted.addFilter(HY_PKG_UPGRADES, HY_EQ, 1);
|
||||
+ possibly_obsoleted.queryUnion(installed);
|
||||
+ possibly_obsoleted.apply();
|
||||
+
|
||||
+ obsoletes.addFilter(HY_PKG_OBSOLETES, HY_EQ, possibly_obsoleted.runSet());
|
||||
+ obsoletes.apply();
|
||||
+ Id obsoleted_id = -1;
|
||||
+ // Add to candidates resultPset pkgs that obsolete some installed (or to be installed in this transaction) pkg
|
||||
+ while ((obsoleted_id = obsoletes.pImpl->result->next(obsoleted_id)) != -1) {
|
||||
+ Solvable * s = pool_id2solvable(pool, obsoleted_id);
|
||||
+ candidates.push_back(s);
|
||||
+ }
|
||||
+
|
||||
Id id = -1;
|
||||
+ // Add to candidates resultPset pkgs that match name and arch with some already installed pkg
|
||||
while ((id = resultPset->next(id)) != -1) {
|
||||
Solvable * s = pool_id2solvable(pool, id);
|
||||
- // When doing HY_UPGRADE consider only candidate pkgs that have matching Name and Arch
|
||||
- // with some already installed pkg (in other words: some other version of the pkg is already installed).
|
||||
- // Otherwise a pkg with different Arch than installed can end up in upgrade set which is wrong.
|
||||
- // It can result in dependency issues, reported as: RhBug:2088149.
|
||||
auto low = std::lower_bound(installed_solvables.begin(), installed_solvables.end(), s, NameArchSolvableComparator);
|
||||
if (low != installed_solvables.end() && s->name == (*low)->name && s->arch == (*low)->arch) {
|
||||
candidates.push_back(s);
|
||||
--
|
||||
2.36.1
|
||||
|
@ -1,70 +0,0 @@
|
||||
From 025d477f63baf3df2f6da3b10a21f00d4a339073 Mon Sep 17 00:00:00 2001
|
||||
From: Jaroslav Mracek <jmracek@redhat.com>
|
||||
Date: Tue, 8 Feb 2022 09:30:03 +0100
|
||||
Subject: [PATCH] Skip rich deps for autodetection of unmet dependencies (RhBug:2033130, 2048394)
|
||||
|
||||
Rich dependencies are difficult to properly evaluate because we do not
|
||||
have enough information about past and only libsolv is capable to
|
||||
evaluate it in comparison to present state of the system.
|
||||
|
||||
Additionally - rich deps are used for langpacks therefore disabling
|
||||
unmet rich deps will have a negative impact on UX.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=2048394
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=2033130
|
||||
---
|
||||
libdnf/goal/Goal.cpp | 22 +++++++++++++++++++---
|
||||
1 file changed, 19 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/libdnf/goal/Goal.cpp b/libdnf/goal/Goal.cpp
|
||||
index 2b698f7..ebe2fbd 100644
|
||||
--- a/libdnf/goal/Goal.cpp
|
||||
+++ b/libdnf/goal/Goal.cpp
|
||||
@@ -835,8 +835,12 @@ Goal::exclude_from_weak_autodetect()
|
||||
installed_names.push_back(dnf_package_get_name(pkg));
|
||||
std::unique_ptr<libdnf::DependencyContainer> recommends(dnf_package_get_recommends(pkg));
|
||||
for (int i = 0; i < recommends->count(); ++i) {
|
||||
- Query query(base_query);
|
||||
std::unique_ptr<libdnf::Dependency> dep(recommends->getPtr(i));
|
||||
+ const char * dep_string = dep->toString();
|
||||
+ if (dep_string[0] == '(') {
|
||||
+ continue;
|
||||
+ }
|
||||
+ Query query(base_query);
|
||||
const char * version = dep->getVersion();
|
||||
// There can be installed provider in different version or upgraded packed can recommend a different version
|
||||
// Ignore version and search only by reldep name
|
||||
@@ -858,7 +862,7 @@ Goal::exclude_from_weak_autodetect()
|
||||
}
|
||||
}
|
||||
|
||||
- // Invesigate supplements of only available packages with a different name to installed packages
|
||||
+ // Investigate supplements of only available packages with a different name to installed packages
|
||||
installed_names.push_back(nullptr);
|
||||
base_query.addFilter(HY_PKG_NAME, HY_NEQ, installed_names.data());
|
||||
auto * available_pset = base_query.getResultPset();
|
||||
@@ -870,8 +874,20 @@ Goal::exclude_from_weak_autodetect()
|
||||
if (supplements->count() == 0) {
|
||||
continue;
|
||||
}
|
||||
+ libdnf::DependencyContainer supplements_without_rich(getSack());
|
||||
+ for (int i = 0; i < supplements->count(); ++i) {
|
||||
+ std::unique_ptr<libdnf::Dependency> dep(supplements->getPtr(i));
|
||||
+ const char * dep_string = dep->toString();
|
||||
+ if (dep_string[0] == '(') {
|
||||
+ continue;
|
||||
+ }
|
||||
+ supplements_without_rich.add(dep.get());
|
||||
+ }
|
||||
+ if (supplements_without_rich.count() == 0) {
|
||||
+ continue;
|
||||
+ }
|
||||
Query query(installed_query);
|
||||
- query.addFilter(HY_PKG_PROVIDES, supplements.get());
|
||||
+ query.addFilter(HY_PKG_PROVIDES, &supplements_without_rich);
|
||||
// When supplemented package already installed, exclude_from_weak available package
|
||||
if (!query.empty()) {
|
||||
add_exclude_from_weak(pkg);
|
||||
--
|
||||
libgit2 1.1.0
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,10 +1,10 @@
|
||||
%global libsolv_version 0.7.20
|
||||
%global libsolv_version 0.7.21
|
||||
%global libmodulemd_version 2.13.0
|
||||
%global librepo_version 1.13.1
|
||||
%global dnf_conflict 4.10.0-4
|
||||
%global swig_version 3.0.12
|
||||
%global libdnf_major_version 0
|
||||
%global libdnf_minor_version 65
|
||||
%global libdnf_minor_version 67
|
||||
%global libdnf_micro_version 0
|
||||
|
||||
%define __cmake_in_source_build 1
|
||||
@ -56,14 +56,13 @@
|
||||
|
||||
Name: libdnf
|
||||
Version: %{libdnf_major_version}.%{libdnf_minor_version}.%{libdnf_micro_version}
|
||||
Release: 5%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: Library providing simplified C and Python API to libsolv
|
||||
License: LGPLv2+
|
||||
URL: https://github.com/rpm-software-management/libdnf
|
||||
Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
|
||||
Patch1: 0001-Use-rpmdbCookie-from-librpm-remove-hawkey.Sack._rpmd.patch
|
||||
Patch2: 0002-Skip-rich-deps-for-autodetection-of-unmet-dependencies-RhBug2033130-2048394.patch
|
||||
Patch3: 0003-Update-translations-RhBug-2017349.patch
|
||||
Patch1: 0001-advisory-upgrade-filter-out-advPkgs-with-different-a.patch
|
||||
Patch2: 0002-Add-obsoletes-to-filtering-for-advisory-candidates.patch
|
||||
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gcc
|
||||
@ -76,7 +75,7 @@ BuildRequires: valgrind
|
||||
%endif
|
||||
BuildRequires: pkgconfig(gio-unix-2.0) >= 2.46.0
|
||||
BuildRequires: pkgconfig(gtk-doc)
|
||||
BuildRequires: rpm-devel >= 4.11.0
|
||||
BuildRequires: rpm-devel >= 4.15.0
|
||||
%if %{with rhsm}
|
||||
BuildRequires: pkgconfig(librhsm) >= 0.0.3
|
||||
%endif
|
||||
@ -307,11 +306,18 @@ popd
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Mar 21 2022 Marek Blaha <mblaha@redhat.com> - 0.65.0-5
|
||||
- Update translations
|
||||
* Thu Jul 21 2022 Lukas Hrazky <lhrazky@redhat.com> - 0.67.0-2
|
||||
- Add obsoletes to filtering for advisory candidates
|
||||
- advisory upgrade: filter out advPkgs with different arch
|
||||
|
||||
* Fri Mar 11 2022 Pavla Kratochvilova <pkratoch@redhat.com> - 0.65.0-4
|
||||
- Skip rich deps for autodetection of unmet dependencies (RhBug:2048394)
|
||||
* Thu Apr 28 2022 Pavla Kratochvilova <pkratoch@redhat.com> - 0.67.0-1
|
||||
- Fix handling transaction id in resolveTransactionItemReason (RhBug:2010259,2053014)
|
||||
- Remove deprecated assertions (RhBug:2027383)
|
||||
- Skip rich deps for autodetection of unmet dependencies (RhBug:2033130, 2048394)
|
||||
- Increase required rpm version since we use `rpmdbCookie()`
|
||||
- Add 'loongarch' support
|
||||
- Use dnf solv userdata to check versions and checksum (RhBug:2027445)
|
||||
- context: Substitute all repository config options (RhBug:2076853)
|
||||
|
||||
* Mon Feb 07 2022 Pavla Kratochvilova <pkratoch@redhat.com> - 0.65.0-3
|
||||
- Use `rpmdbCookie` from librpm, remove `hawkey.Sack._rpmdb_version`
|
||||
|
Loading…
Reference in New Issue
Block a user