From 6db2d52b8ac503c93fddf8b3d801b4443bb007dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= Date: Thu, 30 May 2024 16:13:24 +0200 Subject: [PATCH] Apply fixes from an upstream up to commit 09f9b923f04a8276252fcfbc4f502be49df483c6 (2023-10-27) Resolves: RHEL-38831 Resolves: RHEL-32365 Resolves: RHEL-37866 --- ...ome-instruction-for-building-librhsm.patch | 54 +++++++++ 0006-Refactor-parse_entitlement_data.patch | 37 ++++++ ...g-certificate-paths-to-etc-rhsm-host.patch | 113 ++++++++++++++++++ librhsm.spec | 10 +- 4 files changed, 213 insertions(+), 1 deletion(-) create mode 100644 0005-Added-some-instruction-for-building-librhsm.patch create mode 100644 0006-Refactor-parse_entitlement_data.patch create mode 100644 0007-Fix-relocating-certificate-paths-to-etc-rhsm-host.patch diff --git a/0005-Added-some-instruction-for-building-librhsm.patch b/0005-Added-some-instruction-for-building-librhsm.patch new file mode 100644 index 0000000..e7c31bb --- /dev/null +++ b/0005-Added-some-instruction-for-building-librhsm.patch @@ -0,0 +1,54 @@ +From fcd972cbe7c8a3907ba9f091cd082b1090231492 Mon Sep 17 00:00:00 2001 +From: Jiri Hnidek +Date: Thu, 1 Oct 2020 11:47:24 +0200 +Subject: [PATCH] Added some instruction for building librhsm. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Petr Písař +--- + README.md | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +diff --git a/README.md b/README.md +index 74a2c45..9f185be 100644 +--- a/README.md ++++ b/README.md +@@ -5,3 +5,32 @@ Known limitations: + + * Entitlement certificates v1 are not supported + * Multiple products in one product certificate are not supported ++ ++Requirements ++------------ ++ ++Following tools and libraries are required to be able to build librhsm library: ++ ++* meson (at least 0.37.0) ++* ninja ++* gcc ++* pkg-config ++* glib-2.0 (at least 2.44) ++* gobject-2.0 (at least 2.44) ++* gio-2.0 (at least 2.44) ++* json-glib-1.0 (at least 1.2) ++* openssl ++ ++Installation ++------------ ++ ++When required tools and libraries are installed, then it is possible to build ++librhsm using following steps: ++ ++ ++``` ++$ mkdir ../librhsm_build ++$ meson ../librhsm_build ++$ cd ../librhsm_build ++$ ninja-build ++``` +\ No newline at end of file +-- +2.45.1 + diff --git a/0006-Refactor-parse_entitlement_data.patch b/0006-Refactor-parse_entitlement_data.patch new file mode 100644 index 0000000..a0924e8 --- /dev/null +++ b/0006-Refactor-parse_entitlement_data.patch @@ -0,0 +1,37 @@ +From 5e0674cf389f14174208641ec411ba7be448d5e3 Mon Sep 17 00:00:00 2001 +From: Marek Blaha +Date: Fri, 18 Jun 2021 07:48:16 +0200 +Subject: [PATCH] Refactor parse_entitlement_data() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This change is meant to silence alerts from static code analysis. It +also makes the *ent variable freeing slightly more clear. + +Signed-off-by: Petr Písař +--- + rhsm/rhsm-entitlement-certificate.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/rhsm/rhsm-entitlement-certificate.c b/rhsm/rhsm-entitlement-certificate.c +index 5d37732..aa4dd7e 100644 +--- a/rhsm/rhsm-entitlement-certificate.c ++++ b/rhsm/rhsm-entitlement-certificate.c +@@ -140,11 +140,11 @@ parse_entitlement_data (const gchar *data, + } + + gsize hlen = strlen (ENTITLEMENT_DATA_HEADER); +- gchar *ent = g_strndup (start + hlen, end - start - hlen); ++ g_autofree gchar *ent = g_strndup (start + hlen, end - start - hlen); + + gsize zlen = 0; + guchar *zdata = g_base64_decode_inplace (ent, &zlen); +- g_autoptr(GInputStream) zstream = g_memory_input_stream_new_from_data (zdata, zlen, g_free); ++ g_autoptr(GInputStream) zstream = g_memory_input_stream_new_from_data (zdata, zlen, NULL); + g_autoptr(GZlibDecompressor) decompressor = g_zlib_decompressor_new (G_ZLIB_COMPRESSOR_FORMAT_ZLIB); + g_autoptr(GInputStream) cstream = g_converter_input_stream_new (zstream, G_CONVERTER (decompressor)); + g_autoptr(JsonParser) parser = json_parser_new_immutable (); +-- +2.45.1 + diff --git a/0007-Fix-relocating-certificate-paths-to-etc-rhsm-host.patch b/0007-Fix-relocating-certificate-paths-to-etc-rhsm-host.patch new file mode 100644 index 0000000..0c2411d --- /dev/null +++ b/0007-Fix-relocating-certificate-paths-to-etc-rhsm-host.patch @@ -0,0 +1,113 @@ +From 09f9b923f04a8276252fcfbc4f502be49df483c6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= +Date: Fri, 27 Oct 2023 15:34:16 +0200 +Subject: [PATCH] Fix relocating certificate paths to /etc/rhsm-host +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If /etc/rhsm-host directory exists, librhsm corrects CA certificate +location (rhsm_context_get_ca_cert_dir()) and YUM repository CA +certificate location (rhsm_context_get_repo_ca_cert()) from /etc/rhsm +to /etc/rhsm-host prefix. + +However, there was a bug in the path relocation and, as a result, the +locations were mangled to a wrong /etc/rhsm-host-host prefix. + +This patch fixes the relocation algorithm to consider boundaries +between the path components. + +Note that the relocation was and still is applied not only to default +values, but also to values loaded from a configuration file. That's +probably on purpose to ease sharing the configuration among a host and +the containers. + +https://github.com/rpm-software-management/librhsm/issues/9 +Signed-off-by: Petr Písař +--- + rhsm/rhsm-context.c | 61 ++++++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 58 insertions(+), 3 deletions(-) + +diff --git a/rhsm/rhsm-context.c b/rhsm/rhsm-context.c +index 311dcdd..e0302fd 100644 +--- a/rhsm/rhsm-context.c ++++ b/rhsm/rhsm-context.c +@@ -482,6 +482,61 @@ rhsm_context_set_property (GObject *object, + } + } + ++/* ++ * path_has_prefix: ++ * @path: pointer to a null-terminated path string. ++ * @prefix: pointer to a null-terminated path prefix without a trailing slash. ++ * ++ * Returns: TRUE if the @prefix is a base path of the @path. FALSE otherwise. ++ */ ++ ++static gboolean ++path_has_prefix (const gchar *path, const gchar *prefix) ++{ ++ if (!path || !prefix) ++ { ++ return FALSE; ++ } ++ { ++ const size_t prefix_length = strlen (prefix); ++ return (!strncmp (path, prefix, prefix_length) && ++ (G_IS_DIR_SEPARATOR (path [prefix_length]) || path [prefix_length] == '\0')); ++ } ++} ++ ++/* ++ * relocate_path: ++ * @path: (inout): pointer to a null-terminated string. ++ * @old_prefix: null-terminated path prefix without a trailing slash to relocate from. ++ * @new_prefix: null-terminated path prefix without a trailing slash to relocate to. ++ * ++ * If @path starts with @old_prefix path components, the @old_prefix path ++ * components will be replaced with @new_prefix. ++ * ++ * Returns: (transfer none): null-terminated string with the relocated path. ++ */ ++static gchar * ++relocate_path (gchar **path, const gchar *old_prefix, const gchar *new_prefix) ++{ ++ if (!path || !*path || !old_prefix || !new_prefix) ++ { ++ return NULL; ++ } ++ ++ if (path_has_prefix (*path, old_prefix)) ++ { ++ const size_t old_prefix_length = strlen (old_prefix); ++ GString *tmp = g_string_sized_new (strlen (*path) - old_prefix_length + strlen (new_prefix)); ++ g_string_append (tmp, new_prefix); ++ g_string_append (tmp, *path + old_prefix_length); ++ ++ g_free (*path); ++ *path = g_string_free (tmp, FALSE); ++ } ++ ++ return *path; ++} ++ + static void + rhsm_context_constructed (GObject *object) + { +@@ -539,10 +594,10 @@ rhsm_context_constructed (GObject *object) + } + + /* If we have conf coming from /etc/rhsm-host, most probably we need to replace /etc/rhsm */ +- if (g_str_has_prefix (ctx->conf_file, CONFIG_DIR_HOST)) ++ if (path_has_prefix (ctx->conf_file, CONFIG_DIR_HOST)) + { +- rhsm_utils_str_replace (&ctx->ca_cert_dir, CONFIG_DIR, CONFIG_DIR_HOST); +- rhsm_utils_str_replace (&ctx->repo_ca_cert, CONFIG_DIR, CONFIG_DIR_HOST); ++ relocate_path (&ctx->ca_cert_dir, CONFIG_DIR, CONFIG_DIR_HOST); ++ relocate_path (&ctx->repo_ca_cert, CONFIG_DIR, CONFIG_DIR_HOST); + } + } + +-- +2.45.1 + diff --git a/librhsm.spec b/librhsm.spec index f7a891f..1282665 100644 --- a/librhsm.spec +++ b/librhsm.spec @@ -1,6 +1,6 @@ Name: librhsm Version: 0.0.3 -Release: 13%{?dist} +Release: 14%{?dist} Summary: Red Hat Subscription Manager library License: LGPL-2.1-or-later @@ -12,6 +12,9 @@ Patch0001: 0001-Replace-bool-option-with-int-to-generate-repo-files.patch Patch0002: 0002-Generate-repofile-for-any-architecture-if-ALL-is-spe.patch Patch0003: 0003-Enable-repos-when-generating-a-.repo-file-based-on-e.patch Patch0004: 0004-Append-ctx_baseurl-prefix-to-gpg_url-RhBug-1708628.patch +Patch0005: 0005-Added-some-instruction-for-building-librhsm.patch +Patch0006: 0006-Refactor-parse_entitlement_data.patch +Patch0007: 0007-Fix-relocating-certificate-paths-to-etc-rhsm-host.patch BuildRequires: meson >= 0.37.0 BuildRequires: gcc @@ -52,6 +55,11 @@ Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release} %{_libdir}/pkgconfig/%{name}.pc %changelog +* Thu May 30 2024 Petr Pisar - 0.0.3-14 +- Improve a documentation (RHEL-38831) +- Refactor parse_entitlement_data() (RHEL-32365) +- Fix relocating certificate paths to /etc/rhsm-host (RHEL-37866) + * Thu Jan 25 2024 Fedora Release Engineering - 0.0.3-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild