import librepo-1.11.0-2.el8

2020-01-21 16:23:29 -05:00 · 2020-01-21 16:23:29 -05:00 · fe05f88e9e
commit fe05f88e9e
parent fc30507379
4 changed files with 139 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/librepo-1.10.3.tar.gz
+SOURCES/librepo-1.11.0.tar.gz
--- a/.librepo.metadata
+++ b/.librepo.metadata
@ -1 +1 @@
-0f55637ac71b2f72f9ecd243ee3c220f6402f4af SOURCES/librepo-1.10.3.tar.gz
+45b628df3c4a6b6a33674934db0c9b5219becb06 SOURCES/librepo-1.11.0.tar.gz
--- a/SOURCES/0001-Create-a-directory-for-gpg-sockets-in-run-user-RhBug.patch
+++ b/SOURCES/0001-Create-a-directory-for-gpg-sockets-in-run-user-RhBug.patch
@ -0,0 +1,109 @@
+From d474bcad3fdca0e009f24e11d927a3cdc7fd6a55 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Hr=C3=A1zk=C3=BD?= <lhrazky@redhat.com>
+Date: Wed, 27 Nov 2019 16:15:20 +0100
+Subject: [PATCH] Create a directory for gpg sockets in /run/user/
+ (RhBug:1769831,1771012)
+
+The solution of sending the "KILLAGENT" message to gpgagent to make it
+clean up its sockets in gpg home dir is causing a race condition with
+the gpgme_release() function.
+
+Instead of trying to make the agent clean up its sockets (which doesn't
+seem to be reliably possible), take advantage of its feature to create
+the sockets under '/run/user/$UID' if this directory is present. The
+sockets shouldn't be causing any trouble in this directory.
+
+The commit creates the '/run/user/$UID' directory if it's not present on
+the system. The sockets are then created there.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1769831
+https://bugzilla.redhat.com/show_bug.cgi?id=1771012
+---
+ librepo/gpg.c | 56 +++++++++++++++++++++++++--------------------------
+ 1 file changed, 28 insertions(+), 28 deletions(-)
+
+diff --git a/librepo/gpg.c b/librepo/gpg.c
+index a019015..a134d44 100644
+--- a/librepo/gpg.c
+++ b/librepo/gpg.c
+@@ -32,28 +32,33 @@
+ #include "util.h"
+ #include "gpg.h"
+ 
+-static void
+-kill_gpg_agent(gpgme_ctx_t context, const char *home_dir)
+-{
+-    gpgme_error_t gpgerr;
+-
+-    gpgerr = gpgme_set_protocol(context, GPGME_PROTOCOL_ASSUAN);
+-    if (gpgerr != GPG_ERR_NO_ERROR) {
+-        g_warning("%s: gpgme_set_protocol: %s", __func__, gpgme_strerror(gpgerr));
+-        return;
+-    }
+-    if (home_dir) {
+-        gchar * gpg_agent_sock = g_build_filename(home_dir, "S.gpg-agent", NULL);
+-        gpgerr = gpgme_ctx_set_engine_info(context, GPGME_PROTOCOL_ASSUAN, gpg_agent_sock, home_dir);
+-        g_free(gpg_agent_sock);
+-        if (gpgerr != GPG_ERR_NO_ERROR) {
+-            g_warning("%s: gpgme_ctx_set_engine_info: %s", __func__, gpgme_strerror(gpgerr));
+-            return;
+-        }
+/*
+ * Creates the '/run/user/$UID' directory if it doesn't exist. If this
+ * directory exists, gpgagent will create its sockets under
+ * '/run/user/$UID/gnupg'.
+ *
+ * If this directory doesn't exist, gpgagent will create its sockets in gpg
+ * home directory, which is under '/var/cache/yum/metadata/' and this was
+ * causing trouble with container images, see [1].
+ *
+ * Previous solution was to send the agent a "KILLAGENT" message, but that
+ * would cause a race condition with calling gpgme_release(), see [2], [3].
+ *
+ * Since the agent doesn't clean up its sockets properly, by creating this
+ * directory we make sure they are in a place that is not causing trouble with
+ * container images.
+ *
+ * [1] https://bugzilla.redhat.com/show_bug.cgi?id=1650266
+ * [2] https://bugzilla.redhat.com/show_bug.cgi?id=1769831
+ * [3] https://github.com/rpm-software-management/microdnf/issues/50
+ */
+void ensure_socket_dir_exists() {
+    char dirname[32];
+    snprintf(dirname, sizeof(dirname), "/run/user/%u", getuid());
+    int res = mkdir(dirname, 0700);
+    if (res != 0 && errno != EEXIST) {
+        g_debug("Failed to create \"%s\": %d - %s\n", dirname, errno, strerror(errno));
+     }
+-    gpgerr = gpgme_op_assuan_transact_ext(context, "KILLAGENT", NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+-    if (gpgerr != GPG_ERR_NO_ERROR)
+-        g_debug("%s: gpgme_op_assuan_transact_ext: %s", __func__, gpgme_strerror(gpgerr));
+ }
+ 
+ gboolean
+@@ -239,6 +244,8 @@ lr_gpg_import_key(const char *key_fn, const char *home_dir, GError **err)
+ 
+     assert(!err || *err == NULL);
+ 
+    ensure_socket_dir_exists();
+
+     // Initialization
+     gpgme_check_version(NULL);
+     gpgerr = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);
+@@ -320,13 +327,6 @@ lr_gpg_import_key(const char *key_fn, const char *home_dir, GError **err)
+ 
+     close(key_fd);
+ 
+-    // Running gpg-agent kept opened sockets on the system.
+-    // It tries to exit gpg-agent. Path to the communication socket is derived from homedir.
+-    // The gpg-agent automaticaly removes all its socket before exit.
+-    // Newer gpg-agent creates sockets under [/var]/run/user/{pid}/... if directory exists.
+-    // In this case gpg-agent will not be exited.
+-    kill_gpg_agent(context, home_dir);
+-
+     gpgme_release(context);
+ 
+     return TRUE;
+-- 
+2.24.0
+
--- a/SPECS/librepo.spec
+++ b/SPECS/librepo.spec
@ -26,13 +26,14 @@
 %global dnf_conflict 2.8.8

 Name:           librepo
-Version:        1.10.3
-Release:        1%{?dist}
+Version:        1.11.0
+Release:        2%{?dist}
 Summary:        Repodata downloading library

 License:        LGPLv2+
 URL:            https://github.com/rpm-software-management/librepo
 Source0:        %{url}/archive/%{version}/%{name}-%{version}.tar.gz
+Patch0:         0001-Create-a-directory-for-gpg-sockets-in-run-user-RhBug.patch

 BuildRequires:  cmake
 BuildRequires:  gcc
@ -189,6 +190,31 @@ popd
 %endif

 %changelog
+* Fri Dec 06 2019 Lukas Hrazky <lhrazky@redhat.com> - 1.11.0-2
+ - Create a directory for gpg sockets in /run/user/ (RhBug:1769831,1771012)
+
+* Tue Nov 12 2019 Ales Matej <amatej@redhat.com> - 1.11.0-1
+ - Update to 1.11.0
+ - Retry mirrorlist/metalink downloads several times (RhBug:1741931)
+ - Improve variable substitutions in URLs and add ${variable} support 
+
+* Tue Oct 22 2019 Ales Matej <amatej@redhat.com> - 1.10.6-1
+- Update to 1.10.6
+- Imporove handling of xattr to re-download damadged files (RhBug:1690894)
+- Rephrase repository GPG check error message (RhBug:1741442)
+- Add sleep before next try when all mirrors were tried (RhBug:1741931)
+- Raise logging level of error messages (RhBug:1737709)
+- Handle webservers that don't support ranges when downloading zck
+- Define LRO_SUPPORTS_CACHEDIR only with zchunk (RhBug:1726141)
+- Allow to use mirrors multiple times for a target (RhBug:1678588)
+- Allow to try baseurl multiple times (RhBug:1678588)
+
+* Fri Sep 06 2019 Marek Blaha <mblaha@redhat.com> - 1.10.3-3
+- Backport patch: Fix: Verification of checksum from file attr
+
+* Wed Jul 31 2019 Pavla Kratochvilova <pkratoch@redhat.com> - 1.10.3-2
+- Backport patch: Define LRO_SUPPORTS_CACHEDIR only with zchunk (RhBug:1726141,1719830)
+
 * Tue Jun 11 2019 Pavla Kratochvilova <pkratoch@redhat.com> - 1.10.3-1
 - Update to 1.10.3
 - Exit gpg-agent after repokey import (RhBug:1650266)