Backport libdnf patches to work with rpm-4.19

This commit is contained in:
Adam Williamson 2023-05-25 10:22:13 -07:00
parent ab770d2e88
commit 0778c953d4
3 changed files with 161 additions and 2 deletions

View File

@ -0,0 +1,55 @@
From 0d67f44198daa829d947436884e00f2030642136 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Wed, 10 May 2023 10:29:58 +0300
Subject: [PATCH 1/3] Eliminate redundant and obsolete cruft from
dnf_keyring_add_public_key()
These APIs have been obsolete for years and now removed in rpm 4.19.
Luckily the usage here is entirely redundant, rpmKeyringAddKey() checks
for duplicates and that case is even handled in this code.
---
libdnf/dnf-keyring.cpp | 14 +-------------
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/libdnf/dnf-keyring.cpp b/libdnf/dnf-keyring.cpp
index 550d5ce2..a8fdb993 100644
--- a/libdnf/libdnf/dnf-keyring.cpp
+++ b/libdnf/libdnf/dnf-keyring.cpp
@@ -63,7 +63,6 @@ dnf_keyring_add_public_key(rpmKeyring keyring,
int rc;
gsize len;
pgpArmor armor;
- pgpDig dig = NULL;
rpmPubkey pubkey = NULL;
rpmPubkey *subkeys = NULL;
int nsubkeys = 0;
@@ -116,16 +115,7 @@ dnf_keyring_add_public_key(rpmKeyring keyring,
goto out;
}
- /* does the key exist in the keyring */
- dig = rpmPubkeyDig(pubkey);
- rc = rpmKeyringLookup(keyring, dig);
- if (rc == RPMRC_OK) {
- ret = TRUE;
- g_debug("%s is already present", filename);
- goto out;
- }
-
- /* add to rpmdb automatically, without a prompt */
+ /* add to in-memory keyring */
rc = rpmKeyringAddKey(keyring, pubkey);
if (rc == 1) {
ret = TRUE;
@@ -169,8 +159,6 @@ out:
}
free(subkeys);
}
- if (dig != NULL)
- pgpFreeDig(dig);
return ret;
} CATCH_TO_GERROR(FALSE)
--
2.41.0.rc1

View File

@ -0,0 +1,96 @@
From 4572ee7ff49d5ced4c53c5d789571adbdbd119bb Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Wed, 10 May 2023 10:34:22 +0300
Subject: [PATCH 2/3] Remove redundant and obsolete cruft in
dnf_keyring_check_untrusted_file()
These APIs have been obsolete for years and now removed in rpm 4.19.
This was always a rather strange way to go at verifying a package,
but now also wholly redundant because the signature are already verified
by rpmcliVerifySignatures().
---
libdnf/dnf-keyring.cpp | 53 ------------------------------------------
1 file changed, 53 deletions(-)
diff --git a/libdnf/dnf-keyring.cpp b/libdnf/dnf-keyring.cpp
index a8fdb993..5f6c7d7f 100644
--- a/libdnf/libdnf/dnf-keyring.cpp
+++ b/libdnf/libdnf/dnf-keyring.cpp
@@ -238,9 +238,7 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring,
FD_t fd = NULL;
gboolean ret = FALSE;
Header hdr = NULL;
- pgpDig dig = NULL;
rpmRC rc;
- rpmtd td = NULL;
rpmts ts = NULL;
char *path = g_strdup(filename);
@@ -302,51 +300,6 @@ dnf_keyring_check_untrusted_file(rpmKeyring keyring,
goto out;
}
- /* convert and upscale */
- headerConvert(hdr, HEADERCONV_RETROFIT_V3);
-
- /* get RSA key */
- td = rpmtdNew();
- rc = static_cast<rpmRC>(headerGet(hdr, RPMTAG_RSAHEADER, td, HEADERGET_MINMEM));
- if (rc != RPMRC_NOTFOUND) {
- /* try to read DSA key as a fallback */
- rc = static_cast<rpmRC>(headerGet(hdr, RPMTAG_DSAHEADER, td, HEADERGET_MINMEM));
- }
-
- /* the package has no signing key */
- if (rc != RPMRC_NOTFOUND) {
- g_autofree char *package_filename = g_path_get_basename(filename);
- ret = FALSE;
- g_set_error(error,
- DNF_ERROR,
- DNF_ERROR_GPG_SIGNATURE_INVALID,
- "package not signed: %s", package_filename);
- goto out;
- }
-
- /* make it into a digest */
- dig = pgpNewDig();
- rc = static_cast<rpmRC>(pgpPrtPkts(static_cast<const uint8_t *>(td->data), td->count, dig, 0));
- if (rc != RPMRC_OK) {
- g_set_error(error,
- DNF_ERROR,
- DNF_ERROR_FILE_INVALID,
- "failed to parse digest header for %s",
- filename);
- goto out;
- }
-
- /* does the key exist in the keyring */
- rc = rpmKeyringLookup(keyring, dig);
- if (rc != RPMRC_OK) {
- g_set_error(error,
- DNF_ERROR,
- DNF_ERROR_GPG_SIGNATURE_INVALID,
- "failed to lookup digest in keyring for %s",
- filename);
- goto out;
- }
-
/* the package is signed by a key we trust */
g_debug("%s has been verified as trusted", filename);
ret = TRUE;
@@ -355,12 +308,6 @@ out:
if (path != NULL)
g_free(path);
- if (dig != NULL)
- pgpFreeDig(dig);
- if (td != NULL) {
- rpmtdFreeData(td);
- rpmtdFree(td);
- }
if (ts != NULL)
rpmtsFree(ts);
if (hdr != NULL)
--
2.41.0.rc1

View File

@ -4,12 +4,17 @@
Summary: Hybrid image/package system Summary: Hybrid image/package system
Name: rpm-ostree Name: rpm-ostree
Version: 2023.4 Version: 2023.4
Release: 3%{?dist} Release: 4%{?dist}
License: LGPLv2+ License: LGPLv2+
URL: https://github.com/coreos/rpm-ostree URL: https://github.com/coreos/rpm-ostree
# This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot" # This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot"
# in the upstream git. It also contains vendored Rust sources. # in the upstream git. It also contains vendored Rust sources.
Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz
# These patches are for the bundled libdnf to work with RPM 4.19:
# https://github.com/rpm-software-management/libdnf/commit/0d67f44198daa829d947436884e00f2030642136
# https://github.com/rpm-software-management/libdnf/commit/4572ee7ff49d5ced4c53c5d789571adbdbd119bb
Patch0: 0001-Eliminate-redundant-and-obsolete-cruft-from-dnf_keyr.patch
Patch1: 0002-Remove-redundant-and-obsolete-cruft-in-dnf_keyring_c.patch
ExclusiveArch: %{rust_arches} ExclusiveArch: %{rust_arches}
@ -160,7 +165,7 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
The %{name}-devel package includes the header files for %{name}-libs. The %{name}-devel package includes the header files for %{name}-libs.
%prep %prep
%autosetup -Sgit -n %{name}-%{version} %autosetup -Sgit -n %{name}-%{version} -p1
%if 0%{?__isa_bits} == 32 %if 0%{?__isa_bits} == 32
sed -ie 's,^lto = true,lto = false,' Cargo.toml sed -ie 's,^lto = true,lto = false,' Cargo.toml
%endif %endif
@ -241,6 +246,9 @@ $PYTHON autofiles.py > files.devel \
%files devel -f files.devel %files devel -f files.devel
%changelog %changelog
* Thu May 25 2023 Adam Williamson <awilliam@redhat.com> - 2023.4-4
- Backport libdnf patches to work with rpm-4.19
* Fri May 19 2023 Petr Pisar <ppisar@redhat.com> - 2023.4-3 * Fri May 19 2023 Petr Pisar <ppisar@redhat.com> - 2023.4-3
- Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19) - Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19)