Apply fixes from an upstream up to commit 09f9b923f04a8276252fcfbc4f502be49df483c6 (2023-10-27)

Resolves: RHEL-38831 Resolves: RHEL-32365 Resolves: RHEL-37866
2024-05-30 16:13:24 +02:00 · 2024-05-30 16:13:24 +02:00 · 6db2d52b8a
commit 6db2d52b8a
parent a4498b2454
4 changed files with 213 additions and 1 deletions
--- a/0005-Added-some-instruction-for-building-librhsm.patch
+++ b/0005-Added-some-instruction-for-building-librhsm.patch
@ -0,0 +1,54 @@
+From fcd972cbe7c8a3907ba9f091cd082b1090231492 Mon Sep 17 00:00:00 2001
+From: Jiri Hnidek <jhnidek@redhat.com>
+Date: Thu, 1 Oct 2020 11:47:24 +0200
+Subject: [PATCH] Added some instruction for building librhsm.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ README.md | 29 +++++++++++++++++++++++++++++
+ 1 file changed, 29 insertions(+)
+
+diff --git a/README.md b/README.md
+index 74a2c45..9f185be 100644
+--- a/README.md
+++ b/README.md
+@@ -5,3 +5,32 @@ Known limitations:
+ 
+ * Entitlement certificates v1 are not supported
+ * Multiple products in one product certificate are not supported
+
+Requirements
+------------
+
+Following tools and libraries are required to be able to build librhsm library:
+
+* meson (at least 0.37.0)
+* ninja
+* gcc
+* pkg-config
+* glib-2.0 (at least 2.44)
+* gobject-2.0 (at least 2.44)
+* gio-2.0 (at least 2.44)
+* json-glib-1.0 (at least 1.2)
+* openssl
+
+Installation
+------------
+
+When required tools and libraries are installed, then it is possible to build
+librhsm using following steps:
+
+
+```
+$ mkdir ../librhsm_build
+$ meson ../librhsm_build
+$ cd ../librhsm_build
+$ ninja-build
+```
+\ No newline at end of file
+-- 
+2.45.1
+
--- a/0006-Refactor-parse_entitlement_data.patch
+++ b/0006-Refactor-parse_entitlement_data.patch
@ -0,0 +1,37 @@
+From 5e0674cf389f14174208641ec411ba7be448d5e3 Mon Sep 17 00:00:00 2001
+From: Marek Blaha <mblaha@redhat.com>
+Date: Fri, 18 Jun 2021 07:48:16 +0200
+Subject: [PATCH] Refactor parse_entitlement_data()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This change is meant to silence alerts from static code analysis. It
+also makes the *ent variable freeing slightly more clear.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ rhsm/rhsm-entitlement-certificate.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/rhsm/rhsm-entitlement-certificate.c b/rhsm/rhsm-entitlement-certificate.c
+index 5d37732..aa4dd7e 100644
+--- a/rhsm/rhsm-entitlement-certificate.c
+++ b/rhsm/rhsm-entitlement-certificate.c
+@@ -140,11 +140,11 @@ parse_entitlement_data (const gchar  *data,
+     }
+ 
+   gsize hlen = strlen (ENTITLEMENT_DATA_HEADER);
+-  gchar *ent = g_strndup (start + hlen, end - start - hlen);
+  g_autofree gchar *ent = g_strndup (start + hlen, end - start - hlen);
+ 
+   gsize zlen = 0;
+   guchar *zdata = g_base64_decode_inplace (ent, &zlen);
+-  g_autoptr(GInputStream) zstream = g_memory_input_stream_new_from_data (zdata, zlen, g_free);
+  g_autoptr(GInputStream) zstream = g_memory_input_stream_new_from_data (zdata, zlen, NULL);
+   g_autoptr(GZlibDecompressor) decompressor = g_zlib_decompressor_new (G_ZLIB_COMPRESSOR_FORMAT_ZLIB);
+   g_autoptr(GInputStream) cstream = g_converter_input_stream_new (zstream, G_CONVERTER (decompressor));
+   g_autoptr(JsonParser) parser = json_parser_new_immutable ();
+-- 
+2.45.1
+
--- a/0007-Fix-relocating-certificate-paths-to-etc-rhsm-host.patch
+++ b/0007-Fix-relocating-certificate-paths-to-etc-rhsm-host.patch
@ -0,0 +1,113 @@
+From 09f9b923f04a8276252fcfbc4f502be49df483c6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Fri, 27 Oct 2023 15:34:16 +0200
+Subject: [PATCH] Fix relocating certificate paths to /etc/rhsm-host
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If /etc/rhsm-host directory exists, librhsm corrects CA certificate
+location (rhsm_context_get_ca_cert_dir()) and YUM repository CA
+certificate location (rhsm_context_get_repo_ca_cert()) from /etc/rhsm
+to /etc/rhsm-host prefix.
+
+However, there was a bug in the path relocation and, as a result, the
+locations were mangled to a wrong /etc/rhsm-host-host prefix.
+
+This patch fixes the relocation algorithm to consider boundaries
+between the path components.
+
+Note that the relocation was and still is applied not only to default
+values, but also to values loaded from a configuration file. That's
+probably on purpose to ease sharing the configuration among a host and
+the containers.
+
+https://github.com/rpm-software-management/librhsm/issues/9
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ rhsm/rhsm-context.c | 61 ++++++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 58 insertions(+), 3 deletions(-)
+
+diff --git a/rhsm/rhsm-context.c b/rhsm/rhsm-context.c
+index 311dcdd..e0302fd 100644
+--- a/rhsm/rhsm-context.c
+++ b/rhsm/rhsm-context.c
+@@ -482,6 +482,61 @@ rhsm_context_set_property (GObject      *object,
+     }
+ }
+ 
+/*
+ * path_has_prefix:
+ * @path: pointer to a null-terminated path string.
+ * @prefix: pointer to a null-terminated path prefix without a trailing slash.
+ *
+ * Returns: TRUE if the @prefix is a base path of the @path. FALSE otherwise.
+ */
+
+static gboolean
+path_has_prefix (const gchar *path, const gchar *prefix)
+{
+  if (!path || !prefix)
+    {
+      return FALSE;
+    }
+    {
+      const size_t prefix_length = strlen (prefix);
+      return (!strncmp (path, prefix, prefix_length) &&
+              (G_IS_DIR_SEPARATOR (path [prefix_length]) || path [prefix_length] == '\0'));
+    }
+}
+
+/*
+ * relocate_path:
+ * @path: (inout): pointer to a null-terminated string.
+ * @old_prefix: null-terminated path prefix without a trailing slash to relocate from.
+ * @new_prefix: null-terminated path prefix without a trailing slash to relocate to.
+ *
+ * If @path starts with @old_prefix path components, the @old_prefix path
+ * components will be replaced with @new_prefix.
+ *
+ * Returns: (transfer none): null-terminated string with the relocated path.
+ */
+static gchar *
+relocate_path (gchar **path, const gchar *old_prefix, const gchar *new_prefix)
+{
+  if (!path || !*path || !old_prefix || !new_prefix)
+    {
+      return NULL;
+    }
+
+  if (path_has_prefix (*path, old_prefix))
+    {
+      const size_t old_prefix_length = strlen (old_prefix);
+      GString *tmp = g_string_sized_new (strlen (*path) - old_prefix_length + strlen (new_prefix));
+      g_string_append (tmp, new_prefix);
+      g_string_append (tmp, *path + old_prefix_length);
+
+      g_free (*path);
+      *path = g_string_free (tmp, FALSE);
+    }
+
+  return *path;
+}
+
+ static void
+ rhsm_context_constructed (GObject *object)
+ {
+@@ -539,10 +594,10 @@ rhsm_context_constructed (GObject *object)
+     }
+ 
+   /* If we have conf coming from /etc/rhsm-host, most probably we need to replace /etc/rhsm */
+-  if (g_str_has_prefix (ctx->conf_file, CONFIG_DIR_HOST))
+  if (path_has_prefix (ctx->conf_file, CONFIG_DIR_HOST))
+     {
+-     rhsm_utils_str_replace (&ctx->ca_cert_dir, CONFIG_DIR, CONFIG_DIR_HOST);
+-     rhsm_utils_str_replace (&ctx->repo_ca_cert, CONFIG_DIR, CONFIG_DIR_HOST);
+     relocate_path (&ctx->ca_cert_dir, CONFIG_DIR, CONFIG_DIR_HOST);
+     relocate_path (&ctx->repo_ca_cert, CONFIG_DIR, CONFIG_DIR_HOST);
+    }
+ }
+ 
+-- 
+2.45.1
+
--- a/librhsm.spec
+++ b/librhsm.spec
@ -1,6 +1,6 @@
 Name:           librhsm
 Version:        0.0.3
-Release:        13%{?dist}
+Release:        14%{?dist}
 Summary:        Red Hat Subscription Manager library

 License:        LGPL-2.1-or-later
@ -12,6 +12,9 @@ Patch0001:      0001-Replace-bool-option-with-int-to-generate-repo-files.patch
 Patch0002:      0002-Generate-repofile-for-any-architecture-if-ALL-is-spe.patch
 Patch0003:      0003-Enable-repos-when-generating-a-.repo-file-based-on-e.patch
 Patch0004:      0004-Append-ctx_baseurl-prefix-to-gpg_url-RhBug-1708628.patch
+Patch0005:      0005-Added-some-instruction-for-building-librhsm.patch
+Patch0006:      0006-Refactor-parse_entitlement_data.patch
+Patch0007:      0007-Fix-relocating-certificate-paths-to-etc-rhsm-host.patch

 BuildRequires:  meson >= 0.37.0
 BuildRequires:  gcc
@ -52,6 +55,11 @@ Requires:       %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
 %{_libdir}/pkgconfig/%{name}.pc

 %changelog
+* Thu May 30 2024 Petr Pisar <ppisar@redhat.com> - 0.0.3-14
+- Improve a documentation (RHEL-38831)
+- Refactor parse_entitlement_data() (RHEL-32365)
+- Fix relocating certificate paths to /etc/rhsm-host (RHEL-37866)
+
 * Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.0.3-13
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild