Backport libdnf patches to work with rpm-4.19
This commit is contained in:
parent
ab770d2e88
commit
0778c953d4
@ -0,0 +1,55 @@
|
|||||||
|
From 0d67f44198daa829d947436884e00f2030642136 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Panu Matilainen <pmatilai@redhat.com>
|
||||||
|
Date: Wed, 10 May 2023 10:29:58 +0300
|
||||||
|
Subject: [PATCH 1/3] Eliminate redundant and obsolete cruft from
|
||||||
|
dnf_keyring_add_public_key()
|
||||||
|
|
||||||
|
These APIs have been obsolete for years and now removed in rpm 4.19.
|
||||||
|
Luckily the usage here is entirely redundant, rpmKeyringAddKey() checks
|
||||||
|
for duplicates and that case is even handled in this code.
|
||||||
|
---
|
||||||
|
libdnf/dnf-keyring.cpp | 14 +-------------
|
||||||
|
1 file changed, 1 insertion(+), 13 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libdnf/dnf-keyring.cpp b/libdnf/dnf-keyring.cpp
|
||||||
|
index 550d5ce2..a8fdb993 100644
|
||||||
|
--- a/libdnf/libdnf/dnf-keyring.cpp
|
||||||
|
+++ b/libdnf/libdnf/dnf-keyring.cpp
|
||||||
|
@@ -63,7 +63,6 @@ dnf_keyring_add_public_key(rpmKeyring keyring,
|
||||||
|
int rc;
|
||||||
|
gsize len;
|
||||||
|
pgpArmor armor;
|
||||||
|
- pgpDig dig = NULL;
|
||||||
|
rpmPubkey pubkey = NULL;
|
||||||
|
rpmPubkey *subkeys = NULL;
|
||||||
|
int nsubkeys = 0;
|
||||||
|
@@ -116,16 +115,7 @@ dnf_keyring_add_public_key(rpmKeyring keyring,
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* does the key exist in the keyring */
|
||||||
|
- dig = rpmPubkeyDig(pubkey);
|
||||||
|
- rc = rpmKeyringLookup(keyring, dig);
|
||||||
|
- if (rc == RPMRC_OK) {
|
||||||
|
- ret = TRUE;
|
||||||
|
- g_debug("%s is already present", filename);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- /* add to rpmdb automatically, without a prompt */
|
||||||
|
+ /* add to in-memory keyring */
|
||||||
|
rc = rpmKeyringAddKey(keyring, pubkey);
|
||||||
|
if (rc == 1) {
|
||||||
|
ret = TRUE;
|
||||||
|
@@ -169,8 +159,6 @@ out:
|
||||||
|
}
|
||||||
|
free(subkeys);
|
||||||
|
}
|
||||||
|
- if (dig != NULL)
|
||||||
|
- pgpFreeDig(dig);
|
||||||
|
return ret;
|
||||||
|
} CATCH_TO_GERROR(FALSE)
|
||||||
|
|
||||||
|
--
|
||||||
|
2.41.0.rc1
|
||||||
|
|
@ -0,0 +1,96 @@
|
|||||||
|
From 4572ee7ff49d5ced4c53c5d789571adbdbd119bb Mon Sep 17 00:00:00 2001
|
||||||
|
From: Panu Matilainen <pmatilai@redhat.com>
|
||||||
|
Date: Wed, 10 May 2023 10:34:22 +0300
|
||||||
|
Subject: [PATCH 2/3] Remove redundant and obsolete cruft in
|
||||||
|
dnf_keyring_check_untrusted_file()
|
||||||
|
|
||||||
|
These APIs have been obsolete for years and now removed in rpm 4.19.
|
||||||
|
This was always a rather strange way to go at verifying a package,
|
||||||
|
but now also wholly redundant because the signature are already verified
|
||||||
|
by rpmcliVerifySignatures().
|
||||||
|
---
|
||||||
|
libdnf/dnf-keyring.cpp | 53 ------------------------------------------
|
||||||
|
1 file changed, 53 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libdnf/dnf-keyring.cpp b/libdnf/dnf-keyring.cpp
|
||||||
|
index a8fdb993..5f6c7d7f 100644
|
||||||
|
--- a/libdnf/libdnf/dnf-keyring.cpp
|
||||||
|
+++ b/libdnf/libdnf/dnf-keyring.cpp
|
||||||
|
@@ -238,9 +238,7 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring,
|
||||||
|
FD_t fd = NULL;
|
||||||
|
gboolean ret = FALSE;
|
||||||
|
Header hdr = NULL;
|
||||||
|
- pgpDig dig = NULL;
|
||||||
|
rpmRC rc;
|
||||||
|
- rpmtd td = NULL;
|
||||||
|
rpmts ts = NULL;
|
||||||
|
|
||||||
|
char *path = g_strdup(filename);
|
||||||
|
@@ -302,51 +300,6 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring,
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* convert and upscale */
|
||||||
|
- headerConvert(hdr, HEADERCONV_RETROFIT_V3);
|
||||||
|
-
|
||||||
|
- /* get RSA key */
|
||||||
|
- td = rpmtdNew();
|
||||||
|
- rc = static_cast<rpmRC>(headerGet(hdr, RPMTAG_RSAHEADER, td, HEADERGET_MINMEM));
|
||||||
|
- if (rc != RPMRC_NOTFOUND) {
|
||||||
|
- /* try to read DSA key as a fallback */
|
||||||
|
- rc = static_cast<rpmRC>(headerGet(hdr, RPMTAG_DSAHEADER, td, HEADERGET_MINMEM));
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- /* the package has no signing key */
|
||||||
|
- if (rc != RPMRC_NOTFOUND) {
|
||||||
|
- g_autofree char *package_filename = g_path_get_basename(filename);
|
||||||
|
- ret = FALSE;
|
||||||
|
- g_set_error(error,
|
||||||
|
- DNF_ERROR,
|
||||||
|
- DNF_ERROR_GPG_SIGNATURE_INVALID,
|
||||||
|
- "package not signed: %s", package_filename);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- /* make it into a digest */
|
||||||
|
- dig = pgpNewDig();
|
||||||
|
- rc = static_cast<rpmRC>(pgpPrtPkts(static_cast<const uint8_t *>(td->data), td->count, dig, 0));
|
||||||
|
- if (rc != RPMRC_OK) {
|
||||||
|
- g_set_error(error,
|
||||||
|
- DNF_ERROR,
|
||||||
|
- DNF_ERROR_FILE_INVALID,
|
||||||
|
- "failed to parse digest header for %s",
|
||||||
|
- filename);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- /* does the key exist in the keyring */
|
||||||
|
- rc = rpmKeyringLookup(keyring, dig);
|
||||||
|
- if (rc != RPMRC_OK) {
|
||||||
|
- g_set_error(error,
|
||||||
|
- DNF_ERROR,
|
||||||
|
- DNF_ERROR_GPG_SIGNATURE_INVALID,
|
||||||
|
- "failed to lookup digest in keyring for %s",
|
||||||
|
- filename);
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
/* the package is signed by a key we trust */
|
||||||
|
g_debug("%s has been verified as trusted", filename);
|
||||||
|
ret = TRUE;
|
||||||
|
@@ -355,12 +308,6 @@ out:
|
||||||
|
|
||||||
|
if (path != NULL)
|
||||||
|
g_free(path);
|
||||||
|
- if (dig != NULL)
|
||||||
|
- pgpFreeDig(dig);
|
||||||
|
- if (td != NULL) {
|
||||||
|
- rpmtdFreeData(td);
|
||||||
|
- rpmtdFree(td);
|
||||||
|
- }
|
||||||
|
if (ts != NULL)
|
||||||
|
rpmtsFree(ts);
|
||||||
|
if (hdr != NULL)
|
||||||
|
--
|
||||||
|
2.41.0.rc1
|
||||||
|
|
@ -4,12 +4,17 @@
|
|||||||
Summary: Hybrid image/package system
|
Summary: Hybrid image/package system
|
||||||
Name: rpm-ostree
|
Name: rpm-ostree
|
||||||
Version: 2023.4
|
Version: 2023.4
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: https://github.com/coreos/rpm-ostree
|
URL: https://github.com/coreos/rpm-ostree
|
||||||
# This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot"
|
# This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot"
|
||||||
# in the upstream git. It also contains vendored Rust sources.
|
# in the upstream git. It also contains vendored Rust sources.
|
||||||
Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz
|
Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz
|
||||||
|
# These patches are for the bundled libdnf to work with RPM 4.19:
|
||||||
|
# https://github.com/rpm-software-management/libdnf/commit/0d67f44198daa829d947436884e00f2030642136
|
||||||
|
# https://github.com/rpm-software-management/libdnf/commit/4572ee7ff49d5ced4c53c5d789571adbdbd119bb
|
||||||
|
Patch0: 0001-Eliminate-redundant-and-obsolete-cruft-from-dnf_keyr.patch
|
||||||
|
Patch1: 0002-Remove-redundant-and-obsolete-cruft-in-dnf_keyring_c.patch
|
||||||
|
|
||||||
ExclusiveArch: %{rust_arches}
|
ExclusiveArch: %{rust_arches}
|
||||||
|
|
||||||
@ -160,7 +165,7 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
|||||||
The %{name}-devel package includes the header files for %{name}-libs.
|
The %{name}-devel package includes the header files for %{name}-libs.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -Sgit -n %{name}-%{version}
|
%autosetup -Sgit -n %{name}-%{version} -p1
|
||||||
%if 0%{?__isa_bits} == 32
|
%if 0%{?__isa_bits} == 32
|
||||||
sed -ie 's,^lto = true,lto = false,' Cargo.toml
|
sed -ie 's,^lto = true,lto = false,' Cargo.toml
|
||||||
%endif
|
%endif
|
||||||
@ -241,6 +246,9 @@ $PYTHON autofiles.py > files.devel \
|
|||||||
%files devel -f files.devel
|
%files devel -f files.devel
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 25 2023 Adam Williamson <awilliam@redhat.com> - 2023.4-4
|
||||||
|
- Backport libdnf patches to work with rpm-4.19
|
||||||
|
|
||||||
* Fri May 19 2023 Petr Pisar <ppisar@redhat.com> - 2023.4-3
|
* Fri May 19 2023 Petr Pisar <ppisar@redhat.com> - 2023.4-3
|
||||||
- Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19)
|
- Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user