Merge branch 'c8' into a8

SOURCES/almalinux_bugtracker.patch

@@ -0,0 +1,23 @@
+diff -aruN libdnf-0.63.0/docs/hawkey/conf.py libdnf-0.63.0_alma/docs/hawkey/conf.py
+--- libdnf-0.63.0/docs/hawkey/conf.py	2021-05-18 17:07:23.000000000 +0300
++++ libdnf-0.63.0_alma/docs/hawkey/conf.py	2021-12-30 11:03:39.179244600 +0300
+@@ -260,6 +260,6 @@
+ rst_prolog = """
+ .. default-domain:: py
+ .. _libsolv: https://github.com/openSUSE/libsolv
+-.. _bugzilla: https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=hawkey
++.. _bugzilla: https://bugs.almalinux.org/
+ 
+ """
+diff -aruN libdnf-0.63.0/libdnf/conf/Const.hpp libdnf-0.63.0_alma/libdnf/conf/Const.hpp
+--- libdnf-0.63.0/libdnf/conf/Const.hpp	2021-05-18 17:07:23.000000000 +0300
++++ libdnf-0.63.0_alma/libdnf/conf/Const.hpp	2021-12-30 11:03:47.004789800 +0300
+@@ -41,7 +41,7 @@
+                  "installonlypkg(vm)",
+                  "multiversion(kernel)"};
+ 
+-constexpr const char * BUGTRACKER="https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=dnf";
++constexpr const char * BUGTRACKER="https://bugs.almalinux.org/";
+ 
+ }
+ 

SOURCES/dnf-keyring-support-multiple-keys.patch

@@ -0,0 +1,228 @@
+From 5b87a29c78fe7b3fce8ac167a1a650449d25f54c Mon Sep 17 00:00:00 2001
+From: Dmitriy Popov <dpopov@cloudlinux.com>
+Date: Wed, 1 May 2024 23:16:47 +0300
+Subject: [PATCH] dnf-keyring-support-multiple-keys
+
+Since it is known from the bug (and practically proven) that "rpm --import"
+is capable of supporting multiple containers in one file, unlike the internal
+implementation, due to the need to globally rewrite the structure of parameters.
+
+https://github.com/rpm-software-management/rpm/pull/2242
+"This does not affect rpmkeys --import because it explicitly checks
+for multiple PGPTAG_PUBLIC_KEY packets and imports them separately"
+
+The patch implies the logic of the cli rpmcliImportPubkeys
+in dnf_keyring_add_public_key, except that instead of direct import,
+it continues to expand the keyring as before, and then imports it,
+making this change atomic.
+
+Signed-off-by: Dmitriy Popov <dpopov@cloudlinux.com>
+---
+ libdnf/dnf-keyring.cpp | 167 +++++++++++++++++++++++------------------
+ 1 file changed, 96 insertions(+), 71 deletions(-)
+
+diff --git a/libdnf/dnf-keyring.cpp b/libdnf/dnf-keyring.cpp
+index 62a6248..f4afd35 100644
+--- a/libdnf/dnf-keyring.cpp
++++ b/libdnf/dnf-keyring.cpp
+@@ -62,13 +62,16 @@ dnf_keyring_add_public_key(rpmKeyring keyring,
+     gboolean ret = TRUE;
+     int rc;
+     gsize len;
+-    pgpArmor armor;
+     pgpDig dig = NULL;
+     rpmPubkey pubkey = NULL;
+     rpmPubkey *subkeys = NULL;
+     int nsubkeys = 0;
+     uint8_t *pkt = NULL;
+     g_autofree gchar *data = NULL;
++    char const * const pgpmark = "-----BEGIN PGP ";
++    size_t marklen = strlen(pgpmark);
++    int keyno = 1;
++    char *start = NULL;
+ 
+     /* ignore symlinks and directories */
+     if (!g_file_test(filename, G_FILE_TEST_IS_REGULAR))
+@@ -81,79 +84,99 @@ dnf_keyring_add_public_key(rpmKeyring keyring,
+     if (!ret)
+         goto out;
+ 
+-    /* rip off the ASCII armor and parse it */
+-    armor = pgpParsePkts(data, &pkt, &len);
+-    if (armor < 0) {
+-        ret = FALSE;
+-        g_set_error(error,
+-                    DNF_ERROR,
+-                    DNF_ERROR_GPG_SIGNATURE_INVALID,
+-                    "failed to parse PKI file %s",
+-                    filename);
+-        goto out;
+-    }
+-
+-    /* make sure it's something we can add to rpm */
+-    if (armor != PGPARMOR_PUBKEY) {
+-        ret = FALSE;
+-        g_set_error(error,
+-                    DNF_ERROR,
+-                    DNF_ERROR_GPG_SIGNATURE_INVALID,
+-                    "PKI file %s is not a public key",
+-                    filename);
+-        goto out;
+-    }
++    start = strstr(data, pgpmark);
+ 
+-    /* test each one */
+-    pubkey = rpmPubkeyNew(pkt, len);
+-    if (pubkey == NULL) {
+-        ret = FALSE;
+-        g_set_error(error,
+-                    DNF_ERROR,
+-                    DNF_ERROR_GPG_SIGNATURE_INVALID,
+-                    "failed to parse public key for %s",
+-                    filename);
+-        goto out;
+-    }
+-
+-    /* does the key exist in the keyring */
+-    dig = rpmPubkeyDig(pubkey);
+-    rc = rpmKeyringLookup(keyring, dig);
+-    if (rc == RPMRC_OK) {
+-        ret = TRUE;
+-        g_debug("%s is already present", filename);
+-        goto out;
+-    }
++    do {
++        uint8_t *pkt = NULL;
++        uint8_t *pkti = NULL;
++        size_t pktlen = 0;
++        size_t certlen;
++
++        /* Read pgp packet. */
++        if (pgpParsePkts(start, &pkt, &pktlen) == PGPARMOR_PUBKEY) {
++            pkti = pkt;
++
++            /* Iterate over certificates in pkt */
++            while (pktlen > 0) {
++                if (pgpPubKeyCertLen(pkti, pktlen, &certlen)) {
++                    g_debug("%s: key %d import failed.\n", filename, keyno);
++                    break;
++                }
++
++                /* test each one */
++                pubkey = rpmPubkeyNew(pkti, certlen);
++                if (pubkey == NULL) {
++                    ret = FALSE;
++                    g_set_error(error,
++                                 DNF_ERROR,
++                                 DNF_ERROR_GPG_SIGNATURE_INVALID,
++                                 "failed to parse public key for %s",
++                                 filename);
++                    goto out;
++                }
++
++                /* add to in-memory keyring */
++                rc = rpmKeyringAddKey(keyring, pubkey);
++                if (rc == 1) {
++                    ret = TRUE;
++                    g_debug("%s is already added", filename);
++                    goto out;
++                } else if (rc < 0) {
++                    ret = FALSE;
++                    g_set_error(error,
++                                 DNF_ERROR,
++                                 DNF_ERROR_GPG_SIGNATURE_INVALID,
++                                 "failed to add public key %s to rpmdb",
++                                 filename);
++                    goto out;
++                }
++
++                subkeys = rpmGetSubkeys(pubkey, &nsubkeys);
++                for (int i = 0; i < nsubkeys; i++) {
++                    rpmPubkey subkey = subkeys[i];
++                    if (rpmKeyringAddKey(keyring, subkey) < 0) {
++                        ret = FALSE;
++                        g_set_error(error,
++                                     DNF_ERROR,
++                                     DNF_ERROR_GPG_SIGNATURE_INVALID,
++                                     "failed to add subkeys for %s to rpmdb",
++                                     filename);
++                        goto out;
++                    }
++                }
++
++                pkti += certlen;
++                pktlen -= certlen;
++            }
++        } else {
++            g_debug("%s: key %d not an armored public key.\n", filename, keyno);
++        }
+ 
+-    /* add to rpmdb automatically, without a prompt */
+-    rc = rpmKeyringAddKey(keyring, pubkey);
+-    if (rc == 1) {
+-        ret = TRUE;
+-        g_debug("%s is already added", filename);
+-        goto out;
+-    } else if (rc < 0) {
+-        ret = FALSE;
+-        g_set_error(error,
+-                    DNF_ERROR,
+-                    DNF_ERROR_GPG_SIGNATURE_INVALID,
+-                    "failed to add public key %s to rpmdb",
+-                    filename);
+-        goto out;
+-    }
++        /* See if there are more keys in the buffer */
++        if (start && start + marklen < data + len) {
++            start = strstr(start + marklen, pgpmark);
++        } else {
++            start = NULL;
++        }
+ 
+-    subkeys = rpmGetSubkeys(pubkey, &nsubkeys);
+-    for (int i = 0; i < nsubkeys; i++) {
+-        rpmPubkey subkey = subkeys[i];
+-        if (rpmKeyringAddKey(keyring, subkey) < 0) {
+-            ret = FALSE;
+-            g_set_error(error,
+-                        DNF_ERROR,
+-                        DNF_ERROR_GPG_SIGNATURE_INVALID,
+-                        "failed to add subkeys for %s to rpmdb",
+-                        filename);
+-            goto out;
++        keyno++;
++        if (pkt != NULL)
++            free(pkt); /* yes, free() */
++            pkt = NULL;
++        if (pubkey != NULL)
++            rpmPubkeyFree(pubkey);
++            pubkey = NULL;
++        if (subkeys != NULL) {
++            for (int i = 0; i < nsubkeys; i++) {
++                if (subkeys[i] != NULL) {
++                    rpmPubkeyFree (subkeys[i]);
++                    subkeys[i] = NULL;
++                }
++            }
++            free (subkeys);
++            subkeys = NULL;
+         }
+-    }
++    } while (start != NULL);
+ 
+     /* success */
+     g_debug("added missing public key %s to rpmdb", filename);
+@@ -165,7 +188,9 @@ out:
+         rpmPubkeyFree(pubkey);
+     if (subkeys != NULL) {
+         for (int i = 0; i < nsubkeys; i++) {
+-          rpmPubkeyFree(subkeys[i]);
++            if (subkeys[i] != NULL) {
++                rpmPubkeyFree (subkeys[i]);
++            }
+         }
+         free(subkeys);
+     }
+-- 
+2.34.1
+

SPECS/libdnf.spec

@@ -58,7 +58,7 @@
 
 Name:           libdnf
 Version:        %{libdnf_major_version}.%{libdnf_minor_version}.%{libdnf_micro_version}
-Release:        19%{?dist}
+Release:        19%{?dist}.alma.2
 Summary:        Library providing simplified C and Python API to libsolv
 License:        LGPLv2+
 URL:            https://github.com/rpm-software-management/libdnf
@@ -114,6 +114,11 @@ Patch48:        0048-Avoid-reinstal-installonly-packages-marked-for-ERASE.patch
 Patch49:        0049-PGP-Set-a-default-creation-SELinux-labels-on-GnuPG-d.patch
 
 
+
+# Almalinux patches
+Patch10001:     almalinux_bugtracker.patch
+Patch10002:     dnf-keyring-support-multiple-keys.patch
+
 BuildRequires:  cmake
 BuildRequires:  gcc
 BuildRequires:  gcc-c++
@@ -362,6 +367,10 @@ popd
 %endif
 
 %changelog
+* Fri May 24 2024 Eduard Abdullin <eabdullin@almalinux.org> - 0.63.0-19.alma.2
+- Added patch for almalinux bugtracker
+- Added patch to support multiple keys
+
 * Wed Oct 18 2023 Petr Pisar <ppisar@redhat.com> - 0.63.0-19
 - Set default SELinux labels on GnuPG directories (RHEL-6421)