rpms/libguestfs
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Disable signature checking in librpm

Browse Source 
resolves: rhbz#2065172
This commit is contained in:
Richard W.M. Jones 2022-03-17 13:46:13 +00:00
parent dd23a60a71
commit ff591404d4
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
0004-daemon-rpm-c.c-Disable-signature-checking-in-librpm.patch Normal file
View File

@ -0,0 +1,47 @@
From 19f6758a9264318dcaf5c6658cbdab443fbb9ef7 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 15 Mar 2022 10:22:49 +0000
Subject: [PATCH] daemon/rpm-c.c: Disable signature checking in librpm
Older distros (eg CentOS 6) used SHA-1 RPM package signatures which
some newer distros (eg RHEL 9.0) prevent us from verifying.
This resulted in packages with SHA-1 signatures being skipped by
librpm (there is a warning in debug output, but if you're not looking
at that then the package is silently ignored). In some cases
essential packages like the kernel were skipped, which would be
visible as a failure of virt-v2v. In other cases (eg virt-inspector)
you'd just see fewer installed packages in the <applications> list.
Since verifying package signatures is not essential for inspection,
disable this feature in librpm.
Reported-by: Xiaodai Wang
Thanks: Panu Matilainen
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2064182
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit aa6f8038f826bfb37ddbbb575e6962e1e181c5e8)
---
daemon/rpm-c.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/daemon/rpm-c.c b/daemon/rpm-c.c
index be0e81e22..020fc588e 100644
--- a/daemon/rpm-c.c
+++ b/daemon/rpm-c.c
@@ -90,7 +90,12 @@ value
guestfs_int_daemon_rpm_start_iterator (value unitv)
{
CAMLparam1 (unitv);
+
ts = rpmtsCreate ();
+
+ /* Disable signature checking (RHBZ#2064182). */
+ rpmtsSetVSFlags (ts, rpmtsVSFlags (ts) | RPMVSF_MASK_NOSIGNATURES);
+
iter = rpmtsInitIterator (ts, RPMDBI_PACKAGES, NULL, 0);
CAMLreturn (Val_unit);
}
--
2.31.1

7
libguestfs.spec
View File

@ -48,7 +48,7 @@ Summary: Access and modify virtual machine disk images
Name: libguestfs Name: libguestfs
Epoch: 1 Epoch: 1
Version: 1.48.0 Version: 1.48.0
Release: 1%{?dist} Release: 2%{?dist}
License: LGPLv2+ License: LGPLv2+
# Build only for architectures that have a kernel # Build only for architectures that have a kernel
@ -89,6 +89,7 @@ Source8: copy-patches.sh
Patch0001: 0001-RHEL-Disable-unsupported-remote-drive-protocols-RHBZ.patch Patch0001: 0001-RHEL-Disable-unsupported-remote-drive-protocols-RHBZ.patch
Patch0002: 0002-RHEL-Reject-use-of-libguestfs-winsupport-features-ex.patch Patch0002: 0002-RHEL-Reject-use-of-libguestfs-winsupport-features-ex.patch
Patch0003: 0003-RHEL-Create-etc-crypto-policies-back-ends-opensslcnf.patch Patch0003: 0003-RHEL-Create-etc-crypto-policies-back-ends-opensslcnf.patch
Patch0004: 0004-daemon-rpm-c.c-Disable-signature-checking-in-librpm.patch
%if 0%{patches_touch_autotools} %if 0%{patches_touch_autotools}
BuildRequires: autoconf, automake, libtool, gettext-devel BuildRequires: autoconf, automake, libtool, gettext-devel
@ -1131,6 +1132,10 @@ rm ocaml/html/.gitignore
%changelog %changelog
* Thu Mar 17 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.48.0-2
- Disable signature checking in librpm
resolves: rhbz#2065172
* Mon Mar 14 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.48.0-1 * Mon Mar 14 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.48.0-1
- Rebase to new stable branch version 1.48.0 - Rebase to new stable branch version 1.48.0
resolves: rhbz#2059285 resolves: rhbz#2059285