Compare commits
9 Commits
Author | SHA1 | Date |
---|---|---|
eabdullin | f400739692 | |
eabdullin | 49982321ba | |
eabdullin | 78cab04534 | |
eabdullin | 54866700d1 | |
eabdullin | 3e59f477ce | |
eabdullin | dd9fb484c0 | |
eabdullin | a16d9185bf | |
eabdullin | 62d20182f6 | |
Andrew Lukoshko | a58fa7d52a |
|
@ -0,0 +1,23 @@
|
||||||
|
diff -aruN libdnf-0.63.0/docs/hawkey/conf.py libdnf-0.63.0_alma/docs/hawkey/conf.py
|
||||||
|
--- libdnf-0.63.0/docs/hawkey/conf.py 2021-05-18 17:07:23.000000000 +0300
|
||||||
|
+++ libdnf-0.63.0_alma/docs/hawkey/conf.py 2021-12-30 11:03:39.179244600 +0300
|
||||||
|
@@ -260,6 +260,6 @@
|
||||||
|
rst_prolog = """
|
||||||
|
.. default-domain:: py
|
||||||
|
.. _libsolv: https://github.com/openSUSE/libsolv
|
||||||
|
-.. _bugzilla: https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=hawkey
|
||||||
|
+.. _bugzilla: https://bugs.almalinux.org/
|
||||||
|
|
||||||
|
"""
|
||||||
|
diff -aruN libdnf-0.63.0/libdnf/conf/Const.hpp libdnf-0.63.0_alma/libdnf/conf/Const.hpp
|
||||||
|
--- libdnf-0.63.0/libdnf/conf/Const.hpp 2021-05-18 17:07:23.000000000 +0300
|
||||||
|
+++ libdnf-0.63.0_alma/libdnf/conf/Const.hpp 2021-12-30 11:03:47.004789800 +0300
|
||||||
|
@@ -41,7 +41,7 @@
|
||||||
|
"installonlypkg(vm)",
|
||||||
|
"multiversion(kernel)"};
|
||||||
|
|
||||||
|
-constexpr const char * BUGTRACKER="https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=dnf";
|
||||||
|
+constexpr const char * BUGTRACKER="https://bugs.almalinux.org/";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,228 @@
|
||||||
|
From 5b87a29c78fe7b3fce8ac167a1a650449d25f54c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Dmitriy Popov <dpopov@cloudlinux.com>
|
||||||
|
Date: Wed, 1 May 2024 23:16:47 +0300
|
||||||
|
Subject: [PATCH] dnf-keyring-support-multiple-keys
|
||||||
|
|
||||||
|
Since it is known from the bug (and practically proven) that "rpm --import"
|
||||||
|
is capable of supporting multiple containers in one file, unlike the internal
|
||||||
|
implementation, due to the need to globally rewrite the structure of parameters.
|
||||||
|
|
||||||
|
https://github.com/rpm-software-management/rpm/pull/2242
|
||||||
|
"This does not affect rpmkeys --import because it explicitly checks
|
||||||
|
for multiple PGPTAG_PUBLIC_KEY packets and imports them separately"
|
||||||
|
|
||||||
|
The patch implies the logic of the cli rpmcliImportPubkeys
|
||||||
|
in dnf_keyring_add_public_key, except that instead of direct import,
|
||||||
|
it continues to expand the keyring as before, and then imports it,
|
||||||
|
making this change atomic.
|
||||||
|
|
||||||
|
Signed-off-by: Dmitriy Popov <dpopov@cloudlinux.com>
|
||||||
|
---
|
||||||
|
libdnf/dnf-keyring.cpp | 167 +++++++++++++++++++++++------------------
|
||||||
|
1 file changed, 96 insertions(+), 71 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libdnf/dnf-keyring.cpp b/libdnf/dnf-keyring.cpp
|
||||||
|
index 62a6248..f4afd35 100644
|
||||||
|
--- a/libdnf/dnf-keyring.cpp
|
||||||
|
+++ b/libdnf/dnf-keyring.cpp
|
||||||
|
@@ -62,13 +62,16 @@ dnf_keyring_add_public_key(rpmKeyring keyring,
|
||||||
|
gboolean ret = TRUE;
|
||||||
|
int rc;
|
||||||
|
gsize len;
|
||||||
|
- pgpArmor armor;
|
||||||
|
pgpDig dig = NULL;
|
||||||
|
rpmPubkey pubkey = NULL;
|
||||||
|
rpmPubkey *subkeys = NULL;
|
||||||
|
int nsubkeys = 0;
|
||||||
|
uint8_t *pkt = NULL;
|
||||||
|
g_autofree gchar *data = NULL;
|
||||||
|
+ char const * const pgpmark = "-----BEGIN PGP ";
|
||||||
|
+ size_t marklen = strlen(pgpmark);
|
||||||
|
+ int keyno = 1;
|
||||||
|
+ char *start = NULL;
|
||||||
|
|
||||||
|
/* ignore symlinks and directories */
|
||||||
|
if (!g_file_test(filename, G_FILE_TEST_IS_REGULAR))
|
||||||
|
@@ -81,79 +84,99 @@ dnf_keyring_add_public_key(rpmKeyring keyring,
|
||||||
|
if (!ret)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
- /* rip off the ASCII armor and parse it */
|
||||||
|
- armor = pgpParsePkts(data, &pkt, &len);
|
||||||
|
- if (armor < 0) {
|
||||||
|
- ret = FALSE;
|
||||||
|
- g_set_error(error,
|
||||||
|
- DNF_ERROR,
|
||||||
|
- DNF_ERROR_GPG_SIGNATURE_INVALID,
|
||||||
|
- "failed to parse PKI file %s",
|
||||||
|
- filename);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- /* make sure it's something we can add to rpm */
|
||||||
|
- if (armor != PGPARMOR_PUBKEY) {
|
||||||
|
- ret = FALSE;
|
||||||
|
- g_set_error(error,
|
||||||
|
- DNF_ERROR,
|
||||||
|
- DNF_ERROR_GPG_SIGNATURE_INVALID,
|
||||||
|
- "PKI file %s is not a public key",
|
||||||
|
- filename);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
+ start = strstr(data, pgpmark);
|
||||||
|
|
||||||
|
- /* test each one */
|
||||||
|
- pubkey = rpmPubkeyNew(pkt, len);
|
||||||
|
- if (pubkey == NULL) {
|
||||||
|
- ret = FALSE;
|
||||||
|
- g_set_error(error,
|
||||||
|
- DNF_ERROR,
|
||||||
|
- DNF_ERROR_GPG_SIGNATURE_INVALID,
|
||||||
|
- "failed to parse public key for %s",
|
||||||
|
- filename);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- /* does the key exist in the keyring */
|
||||||
|
- dig = rpmPubkeyDig(pubkey);
|
||||||
|
- rc = rpmKeyringLookup(keyring, dig);
|
||||||
|
- if (rc == RPMRC_OK) {
|
||||||
|
- ret = TRUE;
|
||||||
|
- g_debug("%s is already present", filename);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
+ do {
|
||||||
|
+ uint8_t *pkt = NULL;
|
||||||
|
+ uint8_t *pkti = NULL;
|
||||||
|
+ size_t pktlen = 0;
|
||||||
|
+ size_t certlen;
|
||||||
|
+
|
||||||
|
+ /* Read pgp packet. */
|
||||||
|
+ if (pgpParsePkts(start, &pkt, &pktlen) == PGPARMOR_PUBKEY) {
|
||||||
|
+ pkti = pkt;
|
||||||
|
+
|
||||||
|
+ /* Iterate over certificates in pkt */
|
||||||
|
+ while (pktlen > 0) {
|
||||||
|
+ if (pgpPubKeyCertLen(pkti, pktlen, &certlen)) {
|
||||||
|
+ g_debug("%s: key %d import failed.\n", filename, keyno);
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* test each one */
|
||||||
|
+ pubkey = rpmPubkeyNew(pkti, certlen);
|
||||||
|
+ if (pubkey == NULL) {
|
||||||
|
+ ret = FALSE;
|
||||||
|
+ g_set_error(error,
|
||||||
|
+ DNF_ERROR,
|
||||||
|
+ DNF_ERROR_GPG_SIGNATURE_INVALID,
|
||||||
|
+ "failed to parse public key for %s",
|
||||||
|
+ filename);
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* add to in-memory keyring */
|
||||||
|
+ rc = rpmKeyringAddKey(keyring, pubkey);
|
||||||
|
+ if (rc == 1) {
|
||||||
|
+ ret = TRUE;
|
||||||
|
+ g_debug("%s is already added", filename);
|
||||||
|
+ goto out;
|
||||||
|
+ } else if (rc < 0) {
|
||||||
|
+ ret = FALSE;
|
||||||
|
+ g_set_error(error,
|
||||||
|
+ DNF_ERROR,
|
||||||
|
+ DNF_ERROR_GPG_SIGNATURE_INVALID,
|
||||||
|
+ "failed to add public key %s to rpmdb",
|
||||||
|
+ filename);
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ subkeys = rpmGetSubkeys(pubkey, &nsubkeys);
|
||||||
|
+ for (int i = 0; i < nsubkeys; i++) {
|
||||||
|
+ rpmPubkey subkey = subkeys[i];
|
||||||
|
+ if (rpmKeyringAddKey(keyring, subkey) < 0) {
|
||||||
|
+ ret = FALSE;
|
||||||
|
+ g_set_error(error,
|
||||||
|
+ DNF_ERROR,
|
||||||
|
+ DNF_ERROR_GPG_SIGNATURE_INVALID,
|
||||||
|
+ "failed to add subkeys for %s to rpmdb",
|
||||||
|
+ filename);
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ pkti += certlen;
|
||||||
|
+ pktlen -= certlen;
|
||||||
|
+ }
|
||||||
|
+ } else {
|
||||||
|
+ g_debug("%s: key %d not an armored public key.\n", filename, keyno);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- /* add to rpmdb automatically, without a prompt */
|
||||||
|
- rc = rpmKeyringAddKey(keyring, pubkey);
|
||||||
|
- if (rc == 1) {
|
||||||
|
- ret = TRUE;
|
||||||
|
- g_debug("%s is already added", filename);
|
||||||
|
- goto out;
|
||||||
|
- } else if (rc < 0) {
|
||||||
|
- ret = FALSE;
|
||||||
|
- g_set_error(error,
|
||||||
|
- DNF_ERROR,
|
||||||
|
- DNF_ERROR_GPG_SIGNATURE_INVALID,
|
||||||
|
- "failed to add public key %s to rpmdb",
|
||||||
|
- filename);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
+ /* See if there are more keys in the buffer */
|
||||||
|
+ if (start && start + marklen < data + len) {
|
||||||
|
+ start = strstr(start + marklen, pgpmark);
|
||||||
|
+ } else {
|
||||||
|
+ start = NULL;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- subkeys = rpmGetSubkeys(pubkey, &nsubkeys);
|
||||||
|
- for (int i = 0; i < nsubkeys; i++) {
|
||||||
|
- rpmPubkey subkey = subkeys[i];
|
||||||
|
- if (rpmKeyringAddKey(keyring, subkey) < 0) {
|
||||||
|
- ret = FALSE;
|
||||||
|
- g_set_error(error,
|
||||||
|
- DNF_ERROR,
|
||||||
|
- DNF_ERROR_GPG_SIGNATURE_INVALID,
|
||||||
|
- "failed to add subkeys for %s to rpmdb",
|
||||||
|
- filename);
|
||||||
|
- goto out;
|
||||||
|
+ keyno++;
|
||||||
|
+ if (pkt != NULL)
|
||||||
|
+ free(pkt); /* yes, free() */
|
||||||
|
+ pkt = NULL;
|
||||||
|
+ if (pubkey != NULL)
|
||||||
|
+ rpmPubkeyFree(pubkey);
|
||||||
|
+ pubkey = NULL;
|
||||||
|
+ if (subkeys != NULL) {
|
||||||
|
+ for (int i = 0; i < nsubkeys; i++) {
|
||||||
|
+ if (subkeys[i] != NULL) {
|
||||||
|
+ rpmPubkeyFree (subkeys[i]);
|
||||||
|
+ subkeys[i] = NULL;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ free (subkeys);
|
||||||
|
+ subkeys = NULL;
|
||||||
|
}
|
||||||
|
- }
|
||||||
|
+ } while (start != NULL);
|
||||||
|
|
||||||
|
/* success */
|
||||||
|
g_debug("added missing public key %s to rpmdb", filename);
|
||||||
|
@@ -165,7 +188,9 @@ out:
|
||||||
|
rpmPubkeyFree(pubkey);
|
||||||
|
if (subkeys != NULL) {
|
||||||
|
for (int i = 0; i < nsubkeys; i++) {
|
||||||
|
- rpmPubkeyFree(subkeys[i]);
|
||||||
|
+ if (subkeys[i] != NULL) {
|
||||||
|
+ rpmPubkeyFree (subkeys[i]);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
free(subkeys);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
|
@ -58,7 +58,7 @@
|
||||||
|
|
||||||
Name: libdnf
|
Name: libdnf
|
||||||
Version: %{libdnf_major_version}.%{libdnf_minor_version}.%{libdnf_micro_version}
|
Version: %{libdnf_major_version}.%{libdnf_minor_version}.%{libdnf_micro_version}
|
||||||
Release: 19%{?dist}
|
Release: 19%{?dist}.alma.2
|
||||||
Summary: Library providing simplified C and Python API to libsolv
|
Summary: Library providing simplified C and Python API to libsolv
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: https://github.com/rpm-software-management/libdnf
|
URL: https://github.com/rpm-software-management/libdnf
|
||||||
|
@ -114,6 +114,11 @@ Patch48: 0048-Avoid-reinstal-installonly-packages-marked-for-ERASE.patch
|
||||||
Patch49: 0049-PGP-Set-a-default-creation-SELinux-labels-on-GnuPG-d.patch
|
Patch49: 0049-PGP-Set-a-default-creation-SELinux-labels-on-GnuPG-d.patch
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Almalinux patches
|
||||||
|
Patch10001: almalinux_bugtracker.patch
|
||||||
|
Patch10002: dnf-keyring-support-multiple-keys.patch
|
||||||
|
|
||||||
BuildRequires: cmake
|
BuildRequires: cmake
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
|
@ -362,6 +367,10 @@ popd
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri May 24 2024 Eduard Abdullin <eabdullin@almalinux.org> - 0.63.0-19.alma.2
|
||||||
|
- Added patch for almalinux bugtracker
|
||||||
|
- Added patch to support multiple keys
|
||||||
|
|
||||||
* Wed Oct 18 2023 Petr Pisar <ppisar@redhat.com> - 0.63.0-19
|
* Wed Oct 18 2023 Petr Pisar <ppisar@redhat.com> - 0.63.0-19
|
||||||
- Set default SELinux labels on GnuPG directories (RHEL-6421)
|
- Set default SELinux labels on GnuPG directories (RHEL-6421)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue