rpms/librepo
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import librepo-1.14.0-2.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-11-09 05:06:56 -05:00 committed by Stepan Oksanichenko
parent 6072397a8c
commit e522ffdd63
6 changed files with 68 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/librepo-1.12.0.tar.gz
SOURCES/librepo-1.14.0.tar.gz

2
.librepo.metadata
View File

@ -1 +1 @@
1981d485743337c93d2b098920e5f738bd41fdc9 SOURCES/librepo-1.12.0.tar.gz
b09cf9ac3751e3c513e1c30a527d1a5e460853b7 SOURCES/librepo-1.14.0.tar.gz

44
SOURCES/0001-Recover-from-fsync-fail-on-read-only-filesystem-RhBu.patch Normal file
View File

@ -0,0 +1,44 @@
From 33be80700bc594f34818ce697493c17e70430390 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
Date: Mon, 17 May 2021 08:50:25 +0200
Subject: [PATCH] Recover from fsync fail on read-only filesystem
(RhBug:1956361)
When `fsync` fails due to the file not supporting synchronization just log
the problem instead of failing the whole dnf run. This happens for
example with filesystems mounted read-only in which case there is no
point to `fsync` anyway.
Currently we also ignore return values from `FSETXATTR` which also fails
on read-only filesystem (so no checksum cache is set). This is fine however
since the checksum is recomputed when needed, dnf is just a bit slower.
https://bugzilla.redhat.com/show_bug.cgi?id=1956361
---
librepo/checksum.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/librepo/checksum.c b/librepo/checksum.c
index db37040..6bba53c 100644
--- a/librepo/checksum.c
+++ b/librepo/checksum.c
@@ -266,9 +266,13 @@ lr_checksum_fd_compare(LrChecksumType type,
*matches = (strcmp(expected, checksum)) ? FALSE : TRUE;
if (fsync(fd) != 0) {
- g_set_error(err, LR_CHECKSUM_ERROR, LRE_FILE,
- "fsync failed: %s", strerror(errno));
- return FALSE;
+ if (errno == EROFS || errno == EINVAL) {
+ g_debug("fsync failed: %s", strerror(errno));
+ } else {
+ g_set_error(err, LR_CHECKSUM_ERROR, LRE_FILE,
+ "fsync failed: %s", strerror(errno));
+ return FALSE;
+ }
}
if (caching && *matches && timestamp != -1) {
--
2.31.1

47
SOURCES/0001-Validate-path-read-from-repomd.xml-RhBug-1866498.patch
View File

@ -1,47 +0,0 @@
From 699d3ee7b8968b5586ceb53e07d678e702735609 Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Wed, 12 Aug 2020 08:35:28 +0200
Subject: [PATCH] Validate path read from repomd.xml
---
librepo/yum.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/librepo/yum.c b/librepo/yum.c
index 3059188..529257b 100644
--- a/librepo/yum.c
+++ b/librepo/yum.c
@@ -23,6 +23,7 @@
#define BITS_IN_BYTE 8
#include <stdio.h>
+#include <libgen.h>
#include <assert.h>
#include <stdlib.h>
#include <errno.h>
@@ -770,6 +771,22 @@ prepare_repo_download_targets(LrHandle *handle,
continue;
char *location_href = record->location_href;
+
+ char *dest_dir = realpath(handle->destdir, NULL);
+ path = lr_pathconcat(handle->destdir, record->location_href, NULL);
+ char *requested_dir = realpath(dirname(path), NULL);
+ lr_free(path);
+ if (!g_str_has_prefix(requested_dir, dest_dir)) {
+ g_debug("%s: Invalid path: %s", __func__, location_href);
+ g_set_error(err, LR_YUM_ERROR, LRE_IO, "Invalid path: %s", location_href);
+ g_slist_free_full(*targets, (GDestroyNotify) lr_downloadtarget_free);
+ free(requested_dir);
+ free(dest_dir);
+ return FALSE;
+ }
+ free(requested_dir);
+ free(dest_dir);
+
gboolean is_zchunk = FALSE;
#ifdef WITH_ZCHUNK
if (handle->cachedir && record->header_checksum)
--
2.28.0

40
SOURCES/0002-Add-support-for-pkcs11-certificate-and-key-for-repos.patch
View File

@ -1,40 +0,0 @@
From 1e7673d07308081f13e7bb1829cfed2ccd865ea0 Mon Sep 17 00:00:00 2001
From: Masahiro Matsuya <mmatsuya@redhat.com>
Date: Fri, 13 Nov 2020 17:37:59 +0100
Subject: [PATCH] Add support for pkcs11 certificate and key for repository
authorization
msg: Add support for pkcs11 certificate and key for repository authorization
type: enhancement
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1859495
---
librepo/handle.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/librepo/handle.c b/librepo/handle.c
index d8728c4..33edf5d 100644
--- a/librepo/handle.c
+++ b/librepo/handle.c
@@ -649,6 +649,9 @@ lr_handle_setopt(LrHandle *handle,
lr_free(handle->sslclientcert);
handle->sslclientcert = g_strdup(va_arg(arg, char *));
c_rc = curl_easy_setopt(c_h, CURLOPT_SSLCERT, handle->sslclientcert);
+ if (c_rc == CURLE_OK && handle->sslclientcert && !strncasecmp(handle->sslclientcert, "pkcs11:", 7)) {
+ c_rc = curl_easy_setopt(c_h, CURLOPT_SSLCERTTYPE, "ENG");
+ }
break;
case LRO_SSLCLIENTKEY:
@@ -656,6 +659,9 @@ lr_handle_setopt(LrHandle *handle,
lr_free(handle->sslclientkey);
handle->sslclientkey = g_strdup(va_arg(arg, char *));
c_rc = curl_easy_setopt(c_h, CURLOPT_SSLKEY, handle->sslclientkey);
+ if (c_rc == CURLE_OK && handle->sslclientkey && !strncasecmp(handle->sslclientkey, "pkcs11:", 7)) {
+ c_rc = curl_easy_setopt(c_h, CURLOPT_SSLKEYTYPE, "ENG");
+ }
break;
case LRO_SSLCACERT:
--
2.26.2

125
SPECS/librepo.spec
View File

@ -1,21 +1,6 @@
%global libcurl_version 7.28.0
%global libcurl_version 7.52.0
%if 0%{?rhel} && 0%{?rhel} <= 7
# Do not build bindings for python3 for RHEL <= 7
%bcond_with python3
# python-flask is not in RHEL7
%bcond_with pythontests
%else
%bcond_without python3
%bcond_without pythontests
%endif
%if 0%{?rhel} > 7 || 0%{?fedora} > 29
# Do not build bindings for python2 for RHEL > 7 and Fedora > 29
%bcond_with python2
%else
%bcond_without python2
%endif
%undefine __cmake_in_source_build
%if 0%{?rhel}
%bcond_with zchunk
@ -26,16 +11,15 @@
%global dnf_conflict 2.8.8
Name: librepo
Version: 1.12.0
Release: 3%{?dist}
Version: 1.14.0
Release: 2%{?dist}
Summary: Repodata downloading library
License: LGPLv2+
URL: https://github.com/rpm-software-management/librepo
Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
Patch1: 0001-Validate-path-read-from-repomd.xml-RhBug-1866498.patch
Patch2: 0002-Add-support-for-pkcs11-certificate-and-key-for-repos.patch
Patch1: 0001-Recover-from-fsync-fail-on-read-only-filesystem-RhBu.patch
BuildRequires: cmake
BuildRequires: gcc
@ -64,48 +48,14 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
Development files for librepo.
%if %{with python2}
%package -n python2-%{name}
Summary: Python bindings for the librepo library
%{?python_provide:%python_provide python2-%{name}}
%if 0%{?rhel} && 0%{?rhel} <= 7
BuildRequires: python-sphinx
%else
BuildRequires: python2-sphinx
%endif
BuildRequires: python2-devel
%if %{with pythontests}
BuildRequires: python2-flask
BuildRequires: python2-nose
BuildRequires: python2-requests
%if (0%{?rhel} && 0%{?rhel} <= 7)
BuildRequires: pyxattr
BuildRequires: pygpgme
%else
BuildRequires: python2-pyxattr
BuildRequires: python2-gpg
%endif
%endif
# endif with pythontests
Requires: %{name}%{?_isa} = %{version}-%{release}
Conflicts: python2-dnf < %{dnf_conflict}
%description -n python2-%{name}
Python 2 bindings for the librepo library.
%endif
%if %{with python3}
%package -n python3-%{name}
Summary: Python 3 bindings for the librepo library
%{?python_provide:%python_provide python3-%{name}}
BuildRequires: python3-devel
%if %{with pythontests}
BuildRequires: python3-gpg
BuildRequires: python3-flask
BuildRequires: python3-nose
BuildRequires: python3-pyxattr
BuildRequires: python3-requests
%endif
BuildRequires: python3-sphinx
Requires: %{name}%{?_isa} = %{version}-%{release}
# Obsoletes Fedora 27 package
@ -114,56 +64,19 @@ Conflicts: python3-dnf < %{dnf_conflict}
%description -n python3-%{name}
Python 3 bindings for the librepo library.
%endif
%prep
%autosetup -p1
mkdir build-py2
mkdir build-py3
%build
%if %{with python2}
pushd build-py2
%cmake -DPYTHON_DESIRED:FILEPATH=%{__python2} %{!?with_zchunk:-DWITH_ZCHUNK=OFF} -DENABLE_PYTHON_TESTS=%{?with_pythontests:ON}%{!?with_pythontests:OFF} ..
%make_build
popd
%endif
%if %{with python3}
pushd build-py3
%cmake -DPYTHON_DESIRED:FILEPATH=%{__python3} %{!?with_zchunk:-DWITH_ZCHUNK=OFF} -DENABLE_PYTHON_TESTS=%{?with_pythontests:ON}%{!?with_pythontests:OFF} ..
%make_build
popd
%endif
%cmake %{!?with_zchunk:-DWITH_ZCHUNK=OFF}
%cmake_build
%check
%if %{with python2}
pushd build-py2
#ctest -VV
make ARGS="-V" test
popd
%endif
%if %{with python3}
pushd build-py3
#ctest -VV
make ARGS="-V" test
popd
%endif
%ctest
%install
%if %{with python2}
pushd build-py2
%make_install
popd
%endif
%if %{with python3}
pushd build-py3
%make_install
popd
%endif
%cmake_install
%if 0%{?rhel} && 0%{?rhel} <= 7
%post -p /sbin/ldconfig
@ -182,17 +95,23 @@ popd
%{_libdir}/pkgconfig/%{name}.pc
%{_includedir}/%{name}/
%if %{with python2}
%files -n python2-%{name}
%{python2_sitearch}/%{name}/
%endif
%if %{with python3}
%files -n python3-%{name}
%{python3_sitearch}/%{name}/
%endif
%changelog
* Fri Jun 25 2021 Marek Blaha <mblaha@redhat.com> - 1.14.0-2
- Recover from fsync fail on read-only filesystem (RhBug:1956361)
* Fri Apr 30 2021 Pavla Kratochvilova <pkratoch@redhat.com> - 1.14.0-1
- Update to 1.14.0
- Fix the key string parsing in url_substitution
- When zchunk enabled and not using HTTP/S protocol, download the whole file (RhBug:1886706)
- Add an option LRO_SSLVERIFYSTATUS to check TLS certificate revocation status (using OCSP stapling) (RhBug:1814383)
- Fix: lr_perform() - Avoid 100% CPU usage
- Add support for working with certificates used with proxy
- Reposync does not re-download unchanged packages (RhBug:1931904)
- Fix memory leaks
* Tue Dec 15 2020 Marek Blaha <mblaha@redhat.com> - 1.12.0-3
- Add support for pkcs11 certificate and key for repository authorization (RhBug:1859495)