Rebase to the 4.19 alpha release (4.18.90)
This uses the new cmake build scripts so several pieces of the package had to be adjusted.
This commit is contained in:
parent
7cdaeb70ca
commit
3913b45078
1
.gitignore
vendored
1
.gitignore
vendored
@ -56,3 +56,4 @@
|
|||||||
/rpm-4.18.0-rc1.tar.bz2
|
/rpm-4.18.0-rc1.tar.bz2
|
||||||
/rpm-4.18.0.tar.bz2
|
/rpm-4.18.0.tar.bz2
|
||||||
/rpm-4.18.1.tar.bz2
|
/rpm-4.18.1.tar.bz2
|
||||||
|
/rpm-4.18.90.tar.bz2
|
||||||
|
@ -1,5 +1,4 @@
|
|||||||
From e75ae70ef1a152dac9a066506cafd2bbf7b2565e Mon Sep 17 00:00:00 2001
|
From 87b9e0c28c3df3937f6676ee1b4164d6154dd9d3 Mon Sep 17 00:00:00 2001
|
||||||
Message-Id: <e75ae70ef1a152dac9a066506cafd2bbf7b2565e.1681989428.git.pmatilai@redhat.com>
|
|
||||||
From: "Neal H. Walfield" <neal@pep.foundation>
|
From: "Neal H. Walfield" <neal@pep.foundation>
|
||||||
Date: Wed, 12 Apr 2023 17:56:19 +0200
|
Date: Wed, 12 Apr 2023 17:56:19 +0200
|
||||||
Subject: [PATCH] Add pgpVerifySignature2() and pgpPrtParams2()
|
Subject: [PATCH] Add pgpVerifySignature2() and pgpPrtParams2()
|
||||||
@ -16,37 +15,36 @@ and
|
|||||||
https://github.com/rpm-software-management/rpm/issues/2127#issuecomment-1482646398
|
https://github.com/rpm-software-management/rpm/issues/2127#issuecomment-1482646398
|
||||||
|
|
||||||
Fixes #2483.
|
Fixes #2483.
|
||||||
|
|
||||||
This is a backport of commit 87b9e0c28c3df3937f6676ee1b4164d6154dd9d3
|
|
||||||
---
|
---
|
||||||
configure.ac | 2 +-
|
ci/Dockerfile | 2 ++
|
||||||
include/rpm/rpmpgp.h | 23 +++++++++++++++++++++++
|
include/rpm/rpmpgp.h | 23 +++++++++++++++++++
|
||||||
lib/rpmvs.c | 19 ++++++++++++++++---
|
lib/rpmvs.c | 19 +++++++++++++---
|
||||||
rpmio/rpmkeyring.c | 7 ++++++-
|
rpmio/CMakeLists.txt | 2 +-
|
||||||
rpmio/rpmpgp_internal.c | 15 +++++++++++++++
|
rpmio/rpmkeyring.c | 7 +++++-
|
||||||
rpmio/rpmpgp_sequoia.c | 7 +++++++
|
rpmio/rpmpgp_internal.c | 15 +++++++++++++
|
||||||
tests/rpmi.at | 10 ++++++++--
|
rpmio/rpmpgp_sequoia.c | 7 ++++++
|
||||||
tests/rpmsigdig.at | 20 +++++++++++++++++---
|
tests/rpmi.at | 10 +++++++--
|
||||||
9 files changed, 95 insertions(+), 10 deletions(-)
|
tests/rpmsigdig.at | 50 +++++++++++++++++++++++++++++++----------
|
||||||
|
9 files changed, 116 insertions(+), 19 deletions(-)
|
||||||
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
diff --git a/ci/Dockerfile b/ci/Dockerfile
|
||||||
index e6676c581..1d173e4e2 100644
|
index d8f808962..552934fcd 100644
|
||||||
--- a/configure.ac
|
--- a/ci/Dockerfile
|
||||||
+++ b/configure.ac
|
+++ b/ci/Dockerfile
|
||||||
@@ -384,7 +384,7 @@ AC_SUBST(WITH_LIBGCRYPT_LIB)
|
@@ -7,6 +7,8 @@ RUN sed -i -e "s:^enabled=.$:enabled=0:g" /etc/yum.repos.d/*openh264.repo
|
||||||
WITH_RPM_SEQUOIA_INCLUDE=
|
# dummy for controlling per-repo gpgcheck via Semaphore setup
|
||||||
WITH_RPM_SEQUOIA_LIB=
|
RUN sed -i -e "s:^gpgcheck=.$:gpgcheck=1:g" /etc/yum.repos.d/*.repo
|
||||||
if test "$with_crypto" = sequoia ; then
|
RUN dnf -y update
|
||||||
- PKG_CHECK_MODULES([RPM_SEQUOIA], [rpm-sequoia], [have_rpm_sequoia=yes], [have_rpm_sequoia=no])
|
+# until 1.4.0 lands in stable
|
||||||
+ PKG_CHECK_MODULES([RPM_SEQUOIA], [rpm-sequoia >= 1.4.0], [have_rpm_sequoia=yes], [have_rpm_sequoia=no])
|
+RUN dnf -y --enablerepo=updates-testing install "rpm-sequoia-devel >= 1.4.0"
|
||||||
if test "$have_rpm_sequoia" = "yes"; then
|
RUN dnf -y install \
|
||||||
WITH_RPM_SEQUOIA_INCLUDE="$RPM_SEQUOIA_CFLAGS"
|
autoconf \
|
||||||
WITH_RPM_SEQUOIA_LIB="$RPM_SEQUOIA_LIBS"
|
cmake \
|
||||||
diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h
|
diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h
|
||||||
index a3238a643..3352129b8 100644
|
index 87a2a5bd2..675cbad73 100644
|
||||||
--- a/include/rpm/rpmpgp.h
|
--- a/include/rpm/rpmpgp.h
|
||||||
+++ b/include/rpm/rpmpgp.h
|
+++ b/include/rpm/rpmpgp.h
|
||||||
@@ -1013,6 +1013,18 @@ int pgpPubkeyKeyID(const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid);
|
@@ -1009,6 +1009,18 @@ int pgpPubkeyKeyID(const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid);
|
||||||
int pgpPrtParams(const uint8_t *pkts, size_t pktlen, unsigned int pkttype,
|
int pgpPrtParams(const uint8_t *pkts, size_t pktlen, unsigned int pkttype,
|
||||||
pgpDigParams * ret);
|
pgpDigParams * ret);
|
||||||
|
|
||||||
@ -65,9 +63,9 @@ index a3238a643..3352129b8 100644
|
|||||||
/** \ingroup rpmpgp
|
/** \ingroup rpmpgp
|
||||||
* Parse subkey parameters from OpenPGP packet(s).
|
* Parse subkey parameters from OpenPGP packet(s).
|
||||||
* @param pkts OpenPGP packet(s)
|
* @param pkts OpenPGP packet(s)
|
||||||
@@ -1191,6 +1203,17 @@ const uint8_t *pgpDigParamsSignID(pgpDigParams digp);
|
@@ -1186,6 +1198,17 @@ pgpDigParams pgpDigParamsFree(pgpDigParams digp);
|
||||||
*/
|
*/
|
||||||
const char *pgpDigParamsUserID(pgpDigParams digp);
|
rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx);
|
||||||
|
|
||||||
+/** \ingroup rpmpgp
|
+/** \ingroup rpmpgp
|
||||||
+ * Verify a PGP signature and return a error message or lint.
|
+ * Verify a PGP signature and return a error message or lint.
|
||||||
@ -81,8 +79,8 @@ index a3238a643..3352129b8 100644
|
|||||||
+ char **lints);
|
+ char **lints);
|
||||||
+
|
+
|
||||||
/** \ingroup rpmpgp
|
/** \ingroup rpmpgp
|
||||||
* Retrieve the object's version.
|
* Return the type of a PGP signature. If `sig` is NULL, or is not a signature,
|
||||||
*
|
* returns -1.
|
||||||
diff --git a/lib/rpmvs.c b/lib/rpmvs.c
|
diff --git a/lib/rpmvs.c b/lib/rpmvs.c
|
||||||
index a1425ea17..9b2106927 100644
|
index a1425ea17..9b2106927 100644
|
||||||
--- a/lib/rpmvs.c
|
--- a/lib/rpmvs.c
|
||||||
@ -114,11 +112,24 @@ index a1425ea17..9b2106927 100644
|
|||||||
}
|
}
|
||||||
sinfo->hashalgo = pgpDigParamsAlgo(sinfo->sig, PGPVAL_HASHALGO);
|
sinfo->hashalgo = pgpDigParamsAlgo(sinfo->sig, PGPVAL_HASHALGO);
|
||||||
sinfo->keyid = pgpGrab(pgpDigParamsSignID(sinfo->sig)+4, 4);
|
sinfo->keyid = pgpGrab(pgpDigParamsSignID(sinfo->sig)+4, 4);
|
||||||
|
diff --git a/rpmio/CMakeLists.txt b/rpmio/CMakeLists.txt
|
||||||
|
index 2fb5794b0..6aa9ab1f1 100644
|
||||||
|
--- a/rpmio/CMakeLists.txt
|
||||||
|
+++ b/rpmio/CMakeLists.txt
|
||||||
|
@@ -21,7 +21,7 @@ if (WITH_INTERNAL_OPENPGP)
|
||||||
|
target_link_libraries(librpmio PRIVATE PkgConfig::LIBGCRYPT)
|
||||||
|
endif()
|
||||||
|
else()
|
||||||
|
- pkg_check_modules(RPMSEQUOIA REQUIRED IMPORTED_TARGET rpm-sequoia>=1.3.0)
|
||||||
|
+ pkg_check_modules(RPMSEQUOIA REQUIRED IMPORTED_TARGET rpm-sequoia>=1.4.0)
|
||||||
|
target_sources(librpmio PRIVATE rpmpgp_sequoia.c)
|
||||||
|
target_link_libraries(librpmio PRIVATE PkgConfig::RPMSEQUOIA)
|
||||||
|
endif()
|
||||||
diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c
|
diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c
|
||||||
index db72892d9..712004bc8 100644
|
index 166ee43a2..e3eb9e6ea 100644
|
||||||
--- a/rpmio/rpmkeyring.c
|
--- a/rpmio/rpmkeyring.c
|
||||||
+++ b/rpmio/rpmkeyring.c
|
+++ b/rpmio/rpmkeyring.c
|
||||||
@@ -328,7 +328,12 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
|
@@ -276,7 +276,12 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
|
||||||
pgpkey = key->pgpkey;
|
pgpkey = key->pgpkey;
|
||||||
|
|
||||||
/* We call verify even if key not found for a signature sanity check */
|
/* We call verify even if key not found for a signature sanity check */
|
||||||
@ -133,10 +144,10 @@ index db72892d9..712004bc8 100644
|
|||||||
|
|
||||||
if (keyring)
|
if (keyring)
|
||||||
diff --git a/rpmio/rpmpgp_internal.c b/rpmio/rpmpgp_internal.c
|
diff --git a/rpmio/rpmpgp_internal.c b/rpmio/rpmpgp_internal.c
|
||||||
index 0fcd220e4..a049c09b2 100644
|
index ce1d3c27d..82972bcc8 100644
|
||||||
--- a/rpmio/rpmpgp_internal.c
|
--- a/rpmio/rpmpgp_internal.c
|
||||||
+++ b/rpmio/rpmpgp_internal.c
|
+++ b/rpmio/rpmpgp_internal.c
|
||||||
@@ -1095,6 +1095,14 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
|
@@ -1043,6 +1043,14 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -151,8 +162,8 @@ index 0fcd220e4..a049c09b2 100644
|
|||||||
int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen,
|
int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen,
|
||||||
pgpDigParams mainkey, pgpDigParams **subkeys,
|
pgpDigParams mainkey, pgpDigParams **subkeys,
|
||||||
int *subkeysCount)
|
int *subkeysCount)
|
||||||
@@ -1264,6 +1272,13 @@ rpmRC pgpVerifySig(pgpDig dig, DIGEST_CTX hashctx)
|
@@ -1179,6 +1187,13 @@ exit:
|
||||||
pgpDigGetParams(dig, PGPTAG_SIGNATURE), hashctx);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
+rpmRC pgpVerifySignature2(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx, char **lints)
|
+rpmRC pgpVerifySignature2(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx, char **lints)
|
||||||
@ -166,7 +177,7 @@ index 0fcd220e4..a049c09b2 100644
|
|||||||
{
|
{
|
||||||
const char * enc = NULL;
|
const char * enc = NULL;
|
||||||
diff --git a/rpmio/rpmpgp_sequoia.c b/rpmio/rpmpgp_sequoia.c
|
diff --git a/rpmio/rpmpgp_sequoia.c b/rpmio/rpmpgp_sequoia.c
|
||||||
index e01acd0e9..2141bbf30 100644
|
index c6434270a..d0b673953 100644
|
||||||
--- a/rpmio/rpmpgp_sequoia.c
|
--- a/rpmio/rpmpgp_sequoia.c
|
||||||
+++ b/rpmio/rpmpgp_sequoia.c
|
+++ b/rpmio/rpmpgp_sequoia.c
|
||||||
@@ -36,6 +36,9 @@ W(uint32_t, pgpDigParamsCreationTime, (pgpDigParams digp), (digp))
|
@@ -36,6 +36,9 @@ W(uint32_t, pgpDigParamsCreationTime, (pgpDigParams digp), (digp))
|
||||||
@ -191,10 +202,10 @@ index e01acd0e9..2141bbf30 100644
|
|||||||
(const uint8_t *pkts, size_t pktlen,
|
(const uint8_t *pkts, size_t pktlen,
|
||||||
pgpDigParams mainkey, pgpDigParams **subkeys,
|
pgpDigParams mainkey, pgpDigParams **subkeys,
|
||||||
diff --git a/tests/rpmi.at b/tests/rpmi.at
|
diff --git a/tests/rpmi.at b/tests/rpmi.at
|
||||||
index 7c8f25eff..d67185d5b 100644
|
index 9d74cf689..423d97bca 100644
|
||||||
--- a/tests/rpmi.at
|
--- a/tests/rpmi.at
|
||||||
+++ b/tests/rpmi.at
|
+++ b/tests/rpmi.at
|
||||||
@@ -254,7 +254,7 @@ AT_CLEANUP
|
@@ -342,7 +342,7 @@ AT_CLEANUP
|
||||||
|
|
||||||
AT_SETUP([rpm -U <corrupted signed 1>])
|
AT_SETUP([rpm -U <corrupted signed 1>])
|
||||||
AT_KEYWORDS([install])
|
AT_KEYWORDS([install])
|
||||||
@ -203,7 +214,7 @@ index 7c8f25eff..d67185d5b 100644
|
|||||||
RPMDB_INIT
|
RPMDB_INIT
|
||||||
|
|
||||||
pkg="hello-2.0-1.x86_64-signed.rpm"
|
pkg="hello-2.0-1.x86_64-signed.rpm"
|
||||||
@@ -267,7 +267,13 @@ runroot rpm -U --ignorearch --ignoreos --nodeps \
|
@@ -355,7 +355,13 @@ runroot rpm -U --ignorearch --ignoreos --nodeps \
|
||||||
],
|
],
|
||||||
[1],
|
[1],
|
||||||
[],
|
[],
|
||||||
@ -219,10 +230,93 @@ index 7c8f25eff..d67185d5b 100644
|
|||||||
])
|
])
|
||||||
AT_CLEANUP
|
AT_CLEANUP
|
||||||
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
|
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
|
||||||
index 5b1c6c4a6..e5482735a 100644
|
index 9fb3febc9..df1f669e4 100644
|
||||||
--- a/tests/rpmsigdig.at
|
--- a/tests/rpmsigdig.at
|
||||||
+++ b/tests/rpmsigdig.at
|
+++ b/tests/rpmsigdig.at
|
||||||
@@ -539,7 +539,7 @@ AT_CLEANUP
|
@@ -386,17 +386,17 @@ AT_CHECK([
|
||||||
|
RPMDB_INIT
|
||||||
|
|
||||||
|
echo Checking package before importing key:
|
||||||
|
-runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
|
||||||
|
+runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
|
||||||
|
echo Importing key:
|
||||||
|
-runroot rpmkeys --quiet --import /data/keys/alice-expired-subkey.asc; echo $?
|
||||||
|
+runroot rpmkeys --quiet --import /data/keys/alice-expired-subkey.asc 2>&1; echo $?
|
||||||
|
echo Checking for key:
|
||||||
|
runroot rpm -qi gpg-pubkey-eb04e625-* | grep Version | head -n1
|
||||||
|
echo Checking package after importing key:
|
||||||
|
-runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
|
||||||
|
+runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
|
||||||
|
echo Checking package after importing key, no digest:
|
||||||
|
-runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
|
||||||
|
+runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
|
||||||
|
echo Checking package after importing key, no signature:
|
||||||
|
-runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
|
||||||
|
+runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
|
||||||
|
],
|
||||||
|
[0],
|
||||||
|
[[Checking package before importing key:
|
||||||
|
@@ -416,6 +416,10 @@ Checking for key:
|
||||||
|
Version : eb04e625
|
||||||
|
Checking package after importing key:
|
||||||
|
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
|
||||||
|
+error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
|
||||||
|
+ Key 1F71177215217EE0 invalid: key is not alive
|
||||||
|
+ because: The subkey is not live
|
||||||
|
+ because: Expired on 2022-04-12T00:00:15Z
|
||||||
|
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
|
||||||
|
Header DSA signature: NOTFOUND
|
||||||
|
Header SHA256 digest: OK
|
||||||
|
@@ -427,6 +431,10 @@ Checking package after importing key:
|
||||||
|
1
|
||||||
|
Checking package after importing key, no digest:
|
||||||
|
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
|
||||||
|
+error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
|
||||||
|
+ Key 1F71177215217EE0 invalid: key is not alive
|
||||||
|
+ because: The subkey is not live
|
||||||
|
+ because: Expired on 2022-04-12T00:00:15Z
|
||||||
|
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
|
||||||
|
Header DSA signature: NOTFOUND
|
||||||
|
RSA signature: NOTFOUND
|
||||||
|
@@ -455,15 +463,15 @@ RPMDB_INIT
|
||||||
|
echo Checking package before importing key:
|
||||||
|
runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
|
||||||
|
echo Importing key:
|
||||||
|
-runroot rpmkeys --quiet --import /data/keys/alice-revoked-subkey.asc; echo $?
|
||||||
|
+runroot rpmkeys --quiet --import /data/keys/alice-revoked-subkey.asc 2>&1; echo $?
|
||||||
|
echo Checking for key:
|
||||||
|
runroot rpm -qi gpg-pubkey-eb04e625-* | grep Version | head -n1
|
||||||
|
echo Checking package after importing key:
|
||||||
|
-runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
|
||||||
|
+runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
|
||||||
|
echo Checking package after importing key, no digest:
|
||||||
|
-runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
|
||||||
|
+runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
|
||||||
|
echo Checking package after importing key, no signature:
|
||||||
|
-runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
|
||||||
|
+runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
|
||||||
|
],
|
||||||
|
[0],
|
||||||
|
[[Checking package before importing key:
|
||||||
|
@@ -483,6 +491,8 @@ Checking for key:
|
||||||
|
Version : eb04e625
|
||||||
|
Checking package after importing key:
|
||||||
|
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
|
||||||
|
+error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
|
||||||
|
+ Key 1F71177215217EE0 is invalid: key is revoked
|
||||||
|
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
|
||||||
|
Header DSA signature: NOTFOUND
|
||||||
|
Header SHA256 digest: OK
|
||||||
|
@@ -494,6 +504,8 @@ Checking package after importing key:
|
||||||
|
1
|
||||||
|
Checking package after importing key, no digest:
|
||||||
|
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
|
||||||
|
+error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
|
||||||
|
+ Key 1F71177215217EE0 is invalid: key is revoked
|
||||||
|
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
|
||||||
|
Header DSA signature: NOTFOUND
|
||||||
|
RSA signature: NOTFOUND
|
||||||
|
@@ -740,7 +752,7 @@ AT_CLEANUP
|
||||||
# Test pre-built corrupted package verification (corrupted signature)
|
# Test pre-built corrupted package verification (corrupted signature)
|
||||||
AT_SETUP([rpmkeys -Kv <corrupted signed> 1])
|
AT_SETUP([rpmkeys -Kv <corrupted signed> 1])
|
||||||
AT_KEYWORDS([rpmkeys digest signature])
|
AT_KEYWORDS([rpmkeys digest signature])
|
||||||
@ -231,7 +325,7 @@ index 5b1c6c4a6..e5482735a 100644
|
|||||||
RPMDB_INIT
|
RPMDB_INIT
|
||||||
|
|
||||||
pkg="hello-2.0-1.x86_64-signed.rpm"
|
pkg="hello-2.0-1.x86_64-signed.rpm"
|
||||||
@@ -553,14 +553,28 @@ runroot rpmkeys -Kv /tmp/${pkg}
|
@@ -754,14 +766,28 @@ runroot rpmkeys -Kv /tmp/${pkg}
|
||||||
],
|
],
|
||||||
[1],
|
[1],
|
||||||
[/tmp/hello-2.0-1.x86_64-signed.rpm:
|
[/tmp/hello-2.0-1.x86_64-signed.rpm:
|
||||||
@ -263,5 +357,5 @@ index 5b1c6c4a6..e5482735a 100644
|
|||||||
Header SHA1 digest: OK
|
Header SHA1 digest: OK
|
||||||
Payload SHA256 digest: OK
|
Payload SHA256 digest: OK
|
||||||
--
|
--
|
||||||
2.40.0
|
2.40.1
|
||||||
|
|
||||||
|
139
0001-Forward-port-obsoleted-crypto-needed-by-current-libd.patch
Normal file
139
0001-Forward-port-obsoleted-crypto-needed-by-current-libd.patch
Normal file
@ -0,0 +1,139 @@
|
|||||||
|
From 9a9514e665c30554a4d72c7c79475af315b83dc3 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <9a9514e665c30554a4d72c7c79475af315b83dc3.1683531413.git.pmatilai@redhat.com>
|
||||||
|
From: Panu Matilainen <pmatilai@redhat.com>
|
||||||
|
Date: Mon, 8 May 2023 09:26:46 +0300
|
||||||
|
Subject: [PATCH] Forward-port obsoleted crypto needed by current libdnf
|
||||||
|
|
||||||
|
Provide the minimum required bits to allow the old PackageKit-inherited
|
||||||
|
signature in libdnf to work until the switch to dnf5 happens, allegedly
|
||||||
|
during this release cycle.
|
||||||
|
---
|
||||||
|
include/rpm/rpmkeyring.h | 4 ++++
|
||||||
|
include/rpm/rpmpgp.h | 15 ++++++++++++
|
||||||
|
rpmio/rpmkeyring.c | 52 ++++++++++++++++++++++++++++++++++++++++
|
||||||
|
rpmio/rpmpgp_sequoia.c | 11 +++++++++
|
||||||
|
4 files changed, 82 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/include/rpm/rpmkeyring.h b/include/rpm/rpmkeyring.h
|
||||||
|
index 3d8d55773..c84292ff8 100644
|
||||||
|
--- a/include/rpm/rpmkeyring.h
|
||||||
|
+++ b/include/rpm/rpmkeyring.h
|
||||||
|
@@ -101,6 +101,10 @@ char * rpmPubkeyBase64(rpmPubkey key);
|
||||||
|
*/
|
||||||
|
pgpDigParams rpmPubkeyPgpDigParams(rpmPubkey key);
|
||||||
|
|
||||||
|
+/* Obsolete APIs required by libdnf, do not use */
|
||||||
|
+rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig);
|
||||||
|
+pgpDig rpmPubkeyDig(rpmPubkey key);
|
||||||
|
+
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h
|
||||||
|
index 675cbad73..f83642c18 100644
|
||||||
|
--- a/include/rpm/rpmpgp.h
|
||||||
|
+++ b/include/rpm/rpmpgp.h
|
||||||
|
@@ -1225,6 +1225,21 @@ int pgpSignatureType(pgpDigParams sig);
|
||||||
|
*/
|
||||||
|
char *pgpIdentItem(pgpDigParams digp);
|
||||||
|
|
||||||
|
+/* Obsolete APIs required by libdnf, do not use */
|
||||||
|
+typedef struct pgpDig_s * pgpDig;
|
||||||
|
+
|
||||||
|
+RPM_GNUC_DEPRECATED
|
||||||
|
+pgpDig pgpNewDig(void);
|
||||||
|
+
|
||||||
|
+RPM_GNUC_DEPRECATED
|
||||||
|
+pgpDig pgpFreeDig(pgpDig dig);
|
||||||
|
+
|
||||||
|
+RPM_GNUC_DEPRECATED
|
||||||
|
+pgpDigParams pgpDigGetParams(pgpDig dig, unsigned int pkttype);
|
||||||
|
+
|
||||||
|
+RPM_GNUC_DEPRECATED
|
||||||
|
+int pgpPrtPkts(const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing);
|
||||||
|
+
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c
|
||||||
|
index e3eb9e6ea..464163895 100644
|
||||||
|
--- a/rpmio/rpmkeyring.c
|
||||||
|
+++ b/rpmio/rpmkeyring.c
|
||||||
|
@@ -289,3 +289,55 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
|
||||||
|
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig)
|
||||||
|
+{
|
||||||
|
+ pthread_rwlock_rdlock(&keyring->lock);
|
||||||
|
+
|
||||||
|
+ rpmRC res = RPMRC_NOKEY;
|
||||||
|
+ pgpDigParams sigp = pgpDigGetParams(sig, PGPTAG_SIGNATURE);
|
||||||
|
+ rpmPubkey key = findbySig(keyring, sigp);
|
||||||
|
+
|
||||||
|
+ if (key) {
|
||||||
|
+ /*
|
||||||
|
+ * Callers expect sig to have the key data parsed into pgpDig
|
||||||
|
+ * on (successful) return, sigh. No need to check for return
|
||||||
|
+ * here as this is validated at rpmPubkeyNew() already.
|
||||||
|
+ */
|
||||||
|
+ pgpPrtPkts(key->pkt, key->pktlen, sig, _print_pkts);
|
||||||
|
+ res = RPMRC_OK;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ pthread_rwlock_unlock(&keyring->lock);
|
||||||
|
+ return res;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+pgpDig rpmPubkeyDig(rpmPubkey key)
|
||||||
|
+{
|
||||||
|
+ pgpDig dig = NULL;
|
||||||
|
+ static unsigned char zeros[] =
|
||||||
|
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
|
||||||
|
+ int rc;
|
||||||
|
+ if (key == NULL)
|
||||||
|
+ return NULL;
|
||||||
|
+
|
||||||
|
+ dig = pgpNewDig();
|
||||||
|
+
|
||||||
|
+ pthread_rwlock_rdlock(&key->lock);
|
||||||
|
+ rc = pgpPrtPkts(key->pkt, key->pktlen, dig, _print_pkts);
|
||||||
|
+ pthread_rwlock_unlock(&key->lock);
|
||||||
|
+
|
||||||
|
+ if (rc == 0) {
|
||||||
|
+ pgpDigParams pubp = pgpDigGetParams(dig, PGPTAG_PUBLIC_KEY);
|
||||||
|
+ if (!pubp || !memcmp(pgpDigParamsSignID(pubp), zeros, sizeof(zeros)) ||
|
||||||
|
+ pgpDigParamsCreationTime(pubp) == 0 ||
|
||||||
|
+ pgpDigParamsUserID(pubp) == NULL) {
|
||||||
|
+ rc = -1;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (rc)
|
||||||
|
+ dig = pgpFreeDig(dig);
|
||||||
|
+
|
||||||
|
+ return dig;
|
||||||
|
+}
|
||||||
|
diff --git a/rpmio/rpmpgp_sequoia.c b/rpmio/rpmpgp_sequoia.c
|
||||||
|
index d0b673953..0c1c848dc 100644
|
||||||
|
--- a/rpmio/rpmpgp_sequoia.c
|
||||||
|
+++ b/rpmio/rpmpgp_sequoia.c
|
||||||
|
@@ -80,3 +80,14 @@ W(int, rpmDigestUpdate, (DIGEST_CTX ctx, const void * data, size_t len),
|
||||||
|
W(int, rpmDigestFinal,
|
||||||
|
(DIGEST_CTX ctx, void ** datap, size_t *lenp, int asAscii),
|
||||||
|
(ctx, datap, lenp, asAscii))
|
||||||
|
+
|
||||||
|
+// Minimal backport of APIs required by libdnf until dnf5 takes over
|
||||||
|
+W(int, pgpPrtPkts,
|
||||||
|
+ (const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing),
|
||||||
|
+ (pkts, pktlen, dig, printing))
|
||||||
|
+W(pgpDig, pgpNewDig, (void), ())
|
||||||
|
+W(pgpDig, pgpFreeDig, (pgpDig dig), (dig))
|
||||||
|
+W(pgpDigParams, pgpDigGetParams,
|
||||||
|
+ (pgpDig dig, unsigned int pkttype),
|
||||||
|
+ (dig, pkttype))
|
||||||
|
+
|
||||||
|
--
|
||||||
|
2.40.1
|
||||||
|
|
31
0001-Remove-second-share-dir-from-infodir-and-mandir.patch
Normal file
31
0001-Remove-second-share-dir-from-infodir-and-mandir.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
From 33702961f45567a599bc0f0dac055604dc204fb1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Florian Festi <ffesti@redhat.com>
|
||||||
|
Date: Tue, 2 May 2023 09:03:50 +0200
|
||||||
|
Subject: [PATCH] Remove second share/ dir from infodir and mandir
|
||||||
|
|
||||||
|
cmake variables and the derived macros.
|
||||||
|
|
||||||
|
CMAKE_INSTALL_INFODIR and CMAKE_INSTALL_MANDIR already include the
|
||||||
|
datarootdir. So just prepending the prefix is sufficient.
|
||||||
|
---
|
||||||
|
CMakeLists.txt | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
||||||
|
index 230d18d1f..9718505bf 100644
|
||||||
|
--- a/CMakeLists.txt
|
||||||
|
+++ b/CMakeLists.txt
|
||||||
|
@@ -67,8 +67,8 @@ function(makemacros)
|
||||||
|
set(libdir "\${prefix}/=LIB=")
|
||||||
|
set(includedir "\${prefix}/${CMAKE_INSTALL_INCLUDEDIR}")
|
||||||
|
set(oldincludedir "${CMAKE_INSTALL_FULL_OLDINCLUDEDIR}")
|
||||||
|
- set(infodir "\${datarootdir}/${CMAKE_INSTALL_INFODIR}")
|
||||||
|
- set(mandir "\${datarootdir}/${CMAKE_INSTALL_MANDIR}")
|
||||||
|
+ set(infodir "\${prefix}/${CMAKE_INSTALL_INFODIR}")
|
||||||
|
+ set(mandir "\${prefix}/${CMAKE_INSTALL_MANDIR}")
|
||||||
|
set(RUNDIR /run)
|
||||||
|
|
||||||
|
set(acutils
|
||||||
|
--
|
||||||
|
2.40.1
|
||||||
|
|
11
rpm-4.18.90-disable-sysusers.patch
Normal file
11
rpm-4.18.90-disable-sysusers.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
--- rpm-4.18.90/macros.in.orig 2023-04-17 14:44:14.186653076 +0200
|
||||||
|
+++ rpm-4.18.90/macros.in 2023-04-17 14:46:25.190322631 +0200
|
||||||
|
@@ -133,7 +133,7 @@
|
||||||
|
%_keyringpath %{_dbpath}/pubkeys/
|
||||||
|
|
||||||
|
# sysusers helper binary or script, uncomment to disable
|
||||||
|
-%__systemd_sysusers %{_bindir}/systemd-sysusers
|
||||||
|
+# %__systemd_sysusers %{_bindir}/systemd-sysusers
|
||||||
|
|
||||||
|
#
|
||||||
|
# Path to script that creates debug symbols in a /usr/lib/debug
|
11
rpm-4.18.90-weak-user-group.patch
Normal file
11
rpm-4.18.90-weak-user-group.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
--- rpm-4.18.90/macros.in.orig 2023-04-17 14:48:14.802719586 +0200
|
||||||
|
+++ rpm-4.18.90/macros.in 2023-04-17 14:48:25.268852972 +0200
|
||||||
|
@@ -236,7 +236,7 @@
|
||||||
|
%clamp_mtime_to_source_date_epoch 0
|
||||||
|
|
||||||
|
# If enabled, dilute user() and group() requires into recommends
|
||||||
|
-#%_use_weak_usergroup_deps 1
|
||||||
|
+%_use_weak_usergroup_deps 1
|
||||||
|
|
||||||
|
# The directory where newly built binary packages will be written.
|
||||||
|
%_rpmdir %{_topdir}/RPMS
|
@ -1,7 +1,7 @@
|
|||||||
diff -up rpm-4.18.1/macros.in.orig rpm-4.18.1/macros.in
|
diff -up rpm-4.18.1/macros.in.orig rpm-4.18.1/macros.in
|
||||||
--- rpm-4.18.1/macros.in.orig 2023-03-15 13:57:06.385361527 +0100
|
--- rpm-4.18.1/macros.in.orig 2023-03-15 13:57:06.385361527 +0100
|
||||||
+++ rpm-4.18.1/macros.in 2023-03-15 13:58:09.613971713 +0100
|
+++ rpm-4.18.1/macros.in 2023-03-15 13:58:09.613971713 +0100
|
||||||
@@ -727,10 +727,11 @@ package or when debugging this package.\
|
@@ -750,11 +750,12 @@ package or when debugging this package.\
|
||||||
RPM_SOURCE_DIR=\"%{_sourcedir}\"\
|
RPM_SOURCE_DIR=\"%{_sourcedir}\"\
|
||||||
RPM_BUILD_DIR=\"%{_builddir}\"\
|
RPM_BUILD_DIR=\"%{_builddir}\"\
|
||||||
RPM_OPT_FLAGS=\"%{optflags}\"\
|
RPM_OPT_FLAGS=\"%{optflags}\"\
|
||||||
@ -9,8 +9,9 @@ diff -up rpm-4.18.1/macros.in.orig rpm-4.18.1/macros.in
|
|||||||
RPM_ARCH=\"%{_arch}\"\
|
RPM_ARCH=\"%{_arch}\"\
|
||||||
RPM_OS=\"%{_os}\"\
|
RPM_OS=\"%{_os}\"\
|
||||||
RPM_BUILD_NCPUS=\"%{_smp_build_ncpus}\"\
|
RPM_BUILD_NCPUS=\"%{_smp_build_ncpus}\"\
|
||||||
- export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_BUILD_NCPUS\
|
RPM_SPECPARTS_DIR=\"%{specpartsdir}\"\
|
||||||
+ export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_BUILD_NCPUS RPM_LD_FLAGS\
|
- export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_BUILD_NCPUS RPM_SPECPARTS_DIR\
|
||||||
|
+ export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_BUILD_NCPUS RPM_SPECPARTS_DIR RPM_LD_FLAGS\
|
||||||
RPM_DOC_DIR=\"%{_docdir}\"\
|
RPM_DOC_DIR=\"%{_docdir}\"\
|
||||||
export RPM_DOC_DIR\
|
export RPM_DOC_DIR\
|
||||||
RPM_PACKAGE_NAME=\"%{NAME}\"\
|
RPM_PACKAGE_NAME=\"%{NAME}\"\
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
diff -up rpm-4.18.1/docs/Makefile.am.orig rpm-4.18.1/docs/Makefile.am
|
|
||||||
--- rpm-4.18.1/docs/Makefile.am.orig 2023-03-15 14:48:27.955720807 +0100
|
|
||||||
+++ rpm-4.18.1/docs/Makefile.am 2023-03-15 14:48:43.634626934 +0100
|
|
||||||
@@ -1,8 +1,6 @@
|
|
||||||
## Process this file with automake to produce Makefile.in
|
|
||||||
|
|
||||||
-if PANDOC
|
|
||||||
SUBDIRS = man
|
|
||||||
-endif
|
|
||||||
|
|
||||||
EXTRA_DIST =
|
|
||||||
|
|
113
rpm.spec
113
rpm.spec
@ -30,10 +30,10 @@
|
|||||||
|
|
||||||
%define rpmhome /usr/lib/rpm
|
%define rpmhome /usr/lib/rpm
|
||||||
|
|
||||||
%global rpmver 4.18.1
|
%global rpmver 4.18.90
|
||||||
#global snapver rc1
|
#global snapver rc1
|
||||||
%global baserelease 3
|
%global baserelease 1
|
||||||
%global sover 9
|
%global sover 10
|
||||||
|
|
||||||
%global srcver %{rpmver}%{?snapver:-%{snapver}}
|
%global srcver %{rpmver}%{?snapver:-%{snapver}}
|
||||||
%global srcdir %{?snapver:testing}%{!?snapver:rpm-%(echo %{rpmver} | cut -d'.' -f1-2).x}
|
%global srcdir %{?snapver:testing}%{!?snapver:rpm-%(echo %{rpmver} | cut -d'.' -f1-2).x}
|
||||||
@ -69,6 +69,7 @@ BuildRequires: debugedit >= 0.3
|
|||||||
BuildRequires: redhat-rpm-config >= 94
|
BuildRequires: redhat-rpm-config >= 94
|
||||||
BuildRequires: systemd-rpm-macros
|
BuildRequires: systemd-rpm-macros
|
||||||
BuildRequires: gcc make
|
BuildRequires: gcc make
|
||||||
|
BuildRequires: cmake >= 3.18
|
||||||
BuildRequires: gawk
|
BuildRequires: gawk
|
||||||
BuildRequires: elfutils-devel >= 0.112
|
BuildRequires: elfutils-devel >= 0.112
|
||||||
BuildRequires: elfutils-libelf-devel
|
BuildRequires: elfutils-libelf-devel
|
||||||
@ -95,6 +96,15 @@ BuildRequires: libzstd-devel
|
|||||||
BuildRequires: sqlite-devel
|
BuildRequires: sqlite-devel
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
# Needed for re-building the documentation and man pages
|
||||||
|
# normally those are shipped in the tarball pre-build
|
||||||
|
# but need re-building if sources are patched
|
||||||
|
%if 0
|
||||||
|
BuildRequires: pandoc
|
||||||
|
BuildRequires: doxygen
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
%if %{with sequoia}
|
%if %{with sequoia}
|
||||||
%global crypto sequoia
|
%global crypto sequoia
|
||||||
BuildRequires: rpm-sequoia-devel >= 1.4.0
|
BuildRequires: rpm-sequoia-devel >= 1.4.0
|
||||||
@ -132,17 +142,22 @@ rpm-4.17.x-rpm_dbpath.patch
|
|||||||
rpm-4.18.x-siteconfig.patch
|
rpm-4.18.x-siteconfig.patch
|
||||||
# In current Fedora, man-pages pkg owns all the localized man directories
|
# In current Fedora, man-pages pkg owns all the localized man directories
|
||||||
rpm-4.9.90-no-man-dirs.patch
|
rpm-4.9.90-no-man-dirs.patch
|
||||||
|
# Disable new user/group handling
|
||||||
|
|
||||||
|
rpm-4.18.90-disable-sysusers.patch
|
||||||
|
rpm-4.18.90-weak-user-group.patch
|
||||||
# Patches already upstream:
|
# Patches already upstream:
|
||||||
|
# ...
|
||||||
|
0001-Remove-second-share-dir-from-infodir-and-mandir.patch
|
||||||
0001-Add-pgpVerifySignature2-and-pgpPrtParams2.patch
|
0001-Add-pgpVerifySignature2-and-pgpPrtParams2.patch
|
||||||
|
|
||||||
# These are not yet upstream
|
# These are not yet upstream
|
||||||
rpm-4.7.1-geode-i686.patch
|
rpm-4.7.1-geode-i686.patch
|
||||||
# Probably to be upstreamed in slightly different form
|
# Probably to be upstreamed in slightly different form
|
||||||
rpm-4.18.x-ldflags.patch
|
rpm-4.18.x-ldflags.patch
|
||||||
# We either need pandoc in buildroot or this patch in order for man pages to
|
|
||||||
# actually be installed, choose the latter
|
# Needed until dnf catches up
|
||||||
rpm-4.18.x-revert-pandoc-cond.patch
|
0001-Forward-port-obsoleted-crypto-needed-by-current-libd.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The RPM Package Manager (RPM) is a powerful command line driven
|
The RPM Package Manager (RPM) is a powerful command line driven
|
||||||
@ -288,12 +303,14 @@ Requires: rpm-libs%{_isa} = %{version}-%{release}
|
|||||||
This plugin blocks systemd from entering idle, sleep or shutdown while an rpm
|
This plugin blocks systemd from entering idle, sleep or shutdown while an rpm
|
||||||
transaction is running using the systemd-inhibit mechanism.
|
transaction is running using the systemd-inhibit mechanism.
|
||||||
|
|
||||||
|
%if %{with libimaevm}
|
||||||
%package plugin-ima
|
%package plugin-ima
|
||||||
Summary: Rpm plugin ima file signatures
|
Summary: Rpm plugin ima file signatures
|
||||||
Requires: rpm-libs%{_isa} = %{version}-%{release}
|
Requires: rpm-libs%{_isa} = %{version}-%{release}
|
||||||
|
|
||||||
%description plugin-ima
|
%description plugin-ima
|
||||||
%{summary}.
|
%{summary}.
|
||||||
|
%endif
|
||||||
|
|
||||||
%package plugin-prioreset
|
%package plugin-prioreset
|
||||||
Summary: Rpm plugin for resetting scriptlet priorities for SysV init
|
Summary: Rpm plugin for resetting scriptlet priorities for SysV init
|
||||||
@ -351,44 +368,35 @@ change.
|
|||||||
%build
|
%build
|
||||||
%set_build_flags
|
%set_build_flags
|
||||||
|
|
||||||
autoreconf -i -f
|
mkdir _build
|
||||||
|
cd _build
|
||||||
# Hardening hack taken from macro %%configure defined in redhat-rpm-config
|
cmake \
|
||||||
for i in $(find . -name ltmain.sh) ; do
|
-DCMAKE_INSTALL_PREFIX=%{_usr} \
|
||||||
%{__sed} -i.backup -e 's~compiler_flags=$~compiler_flags="%{_hardened_ldflags}"~' $i
|
%{?with_bdb_ro:-DENABLE_BDB_RO=ON} \
|
||||||
done;
|
%{!?with_ndb:-DENABLE_NDB=OFF} \
|
||||||
|
%{!?with_sqlite:-DENABLE_SQLITE=OFF} \
|
||||||
# Using configure macro has some unwanted side-effects on rpm platform
|
%{!?with_plugins:-DENABLE_PLUGINS=OFF} \
|
||||||
# setup, use the old-fashioned way for now only defining minimal paths.
|
%{?with_fsverity:-DWITH_FSVERITY=ON} \
|
||||||
./configure \
|
%{?with_libimaevm:-DWITH_IMAEVM=ON} \
|
||||||
--prefix=%{_usr} \
|
%{!?with_libarchive:-DWITH_ARCHIVE=OFF} \
|
||||||
--sysconfdir=%{_sysconfdir} \
|
%{!?with_check:-DENABLE_TESTSUITE=OFF} \
|
||||||
--localstatedir=%{_var} \
|
%{!?with_sequoia:-DWITH_INTERNAL_OPENPGP=ON} \
|
||||||
--sharedstatedir=%{_var}/lib \
|
%{!?with_sequoia:-DWITH_OPENSSL=ON } \
|
||||||
--libdir=%{_libdir} \
|
-DRPM_VENDOR=redhat \
|
||||||
--build=%{_target_platform} \
|
..
|
||||||
--host=%{_target_platform} \
|
|
||||||
--with-vendor=redhat \
|
|
||||||
%{!?with_plugins: --disable-plugins} \
|
|
||||||
--with-lua \
|
|
||||||
--with-selinux \
|
|
||||||
--with-cap \
|
|
||||||
--with-acl \
|
|
||||||
--with-fapolicyd \
|
|
||||||
%{?with_ndb: --enable-ndb} \
|
|
||||||
%{?with_libimaevm: --with-imaevm} \
|
|
||||||
%{?with_fsverity: --with-fsverity} \
|
|
||||||
%{?with_zstd: --enable-zstd} \
|
|
||||||
%{?with_sqlite: --enable-sqlite} \
|
|
||||||
%{?with_bdb_ro: --enable-bdb-ro} \
|
|
||||||
--enable-python \
|
|
||||||
--with-crypto=%{crypto}
|
|
||||||
|
|
||||||
%make_build
|
%make_build
|
||||||
|
|
||||||
%install
|
%install
|
||||||
|
cd _build
|
||||||
%make_install
|
%make_install
|
||||||
|
|
||||||
|
# temporarily remove useser handling fileattr
|
||||||
|
# as it is currently in systemd-rpm-macros
|
||||||
|
rm $RPM_BUILD_ROOT%{_rpmconfigdir}/fileattrs/sysusers.attr
|
||||||
|
|
||||||
|
cd ..
|
||||||
|
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
|
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
|
||||||
install -m 644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}
|
install -m 644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}
|
||||||
install -m 644 %{SOURCE20} $RPM_BUILD_ROOT/%{_unitdir}
|
install -m 644 %{SOURCE20} $RPM_BUILD_ROOT/%{_unitdir}
|
||||||
@ -406,10 +414,12 @@ install -m 644 scripts/rpm.log ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/rpm
|
|||||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rpm
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rpm
|
||||||
mkdir -p $RPM_BUILD_ROOT%{rpmhome}/macros.d
|
mkdir -p $RPM_BUILD_ROOT%{rpmhome}/macros.d
|
||||||
mkdir -p $RPM_BUILD_ROOT/usr/lib/sysimage/rpm
|
mkdir -p $RPM_BUILD_ROOT/usr/lib/sysimage/rpm
|
||||||
|
cd _build
|
||||||
|
|
||||||
# init an empty database for %ghost'ing for all supported backends
|
# init an empty database for %ghost'ing for all supported backends
|
||||||
for be in %{?with_ndb:ndb} %{?with_sqlite:sqlite}; do
|
for be in %{?with_ndb:ndb} %{?with_sqlite:sqlite}; do
|
||||||
./rpmdb --define "_db_backend ${be}" --dbpath=${PWD}/${be} --initdb
|
mkdir ${be}
|
||||||
|
./rpmdb --rcfile rpmrc --define "_db_backend ${be}" --dbpath=${PWD}/${be} --initdb
|
||||||
cp -va ${be}/. $RPM_BUILD_ROOT/usr/lib/sysimage/rpm/
|
cp -va ${be}/. $RPM_BUILD_ROOT/usr/lib/sysimage/rpm/
|
||||||
done
|
done
|
||||||
|
|
||||||
@ -427,6 +437,7 @@ rm -rf $RPM_BUILD_ROOT/var/tmp
|
|||||||
|
|
||||||
%if %{with check}
|
%if %{with check}
|
||||||
%check
|
%check
|
||||||
|
cd _build
|
||||||
make check TESTSUITEFLAGS=-j%{_smp_build_ncpus} || (cat tests/rpmtests.log; exit 1)
|
make check TESTSUITEFLAGS=-j%{_smp_build_ncpus} || (cat tests/rpmtests.log; exit 1)
|
||||||
# rpm >= 4.16.0 testsuite leaves a read-only tree behind, clean it up
|
# rpm >= 4.16.0 testsuite leaves a read-only tree behind, clean it up
|
||||||
make clean
|
make clean
|
||||||
@ -457,9 +468,13 @@ if [ ! -d /var/lib/rpm ] && [ -d /usr/lib/sysimage/rpm ] && [ ! -f /usr/lib/sysi
|
|||||||
touch /usr/lib/sysimage/rpm/.rpmdbdirsymlink_created
|
touch /usr/lib/sysimage/rpm/.rpmdbdirsymlink_created
|
||||||
fi
|
fi
|
||||||
|
|
||||||
%files -f rpm.lang
|
%files -f _build/rpm.lang
|
||||||
%license COPYING
|
%license COPYING
|
||||||
%doc CREDITS docs/manual/[a-z]*
|
%doc CREDITS docs/manual/[a-z]*
|
||||||
|
%doc %{_defaultdocdir}/rpm/CONTRIBUTING.md
|
||||||
|
%doc %{_defaultdocdir}/rpm/COPYING
|
||||||
|
%doc %{_defaultdocdir}/rpm/INSTALL
|
||||||
|
%doc %{_defaultdocdir}/rpm/README
|
||||||
|
|
||||||
%{_unitdir}/rpmdb-rebuild.service
|
%{_unitdir}/rpmdb-rebuild.service
|
||||||
%{_unitdir}/rpmdb-migrate.service
|
%{_unitdir}/rpmdb-migrate.service
|
||||||
@ -477,6 +492,7 @@ fi
|
|||||||
%{_bindir}/rpmkeys
|
%{_bindir}/rpmkeys
|
||||||
%{_bindir}/rpmquery
|
%{_bindir}/rpmquery
|
||||||
%{_bindir}/rpmverify
|
%{_bindir}/rpmverify
|
||||||
|
%{_bindir}/rpmsort
|
||||||
|
|
||||||
%{_mandir}/man8/rpm.8*
|
%{_mandir}/man8/rpm.8*
|
||||||
%{_mandir}/man8/rpmdb.8*
|
%{_mandir}/man8/rpmdb.8*
|
||||||
@ -484,16 +500,9 @@ fi
|
|||||||
%{_mandir}/man8/rpm2archive.8*
|
%{_mandir}/man8/rpm2archive.8*
|
||||||
%{_mandir}/man8/rpm2cpio.8*
|
%{_mandir}/man8/rpm2cpio.8*
|
||||||
%{_mandir}/man8/rpm-misc.8*
|
%{_mandir}/man8/rpm-misc.8*
|
||||||
|
%{_mandir}/man8/rpmsort.8*
|
||||||
%{_mandir}/man8/rpm-plugins.8*
|
%{_mandir}/man8/rpm-plugins.8*
|
||||||
|
|
||||||
# XXX this places translated manuals to wrong package wrt eg rpmbuild
|
|
||||||
%lang(fr) %{_mandir}/fr/man[18]/*.[18]*
|
|
||||||
%lang(ko) %{_mandir}/ko/man[18]/*.[18]*
|
|
||||||
%lang(ja) %{_mandir}/ja/man[18]/*.[18]*
|
|
||||||
%lang(pl) %{_mandir}/pl/man[18]/*.[18]*
|
|
||||||
%lang(ru) %{_mandir}/ru/man[18]/*.[18]*
|
|
||||||
%lang(sk) %{_mandir}/sk/man[18]/*.[18]*
|
|
||||||
|
|
||||||
%attr(0755, root, root) %dir %{rpmhome}
|
%attr(0755, root, root) %dir %{rpmhome}
|
||||||
%{rpmhome}/macros
|
%{rpmhome}/macros
|
||||||
%{rpmhome}/macros.d
|
%{rpmhome}/macros.d
|
||||||
@ -532,9 +541,11 @@ fi
|
|||||||
%{_libdir}/rpm-plugins/systemd_inhibit.so
|
%{_libdir}/rpm-plugins/systemd_inhibit.so
|
||||||
%{_mandir}/man8/rpm-plugin-systemd-inhibit.8*
|
%{_mandir}/man8/rpm-plugin-systemd-inhibit.8*
|
||||||
|
|
||||||
|
%if %{with libimaevm}
|
||||||
%files plugin-ima
|
%files plugin-ima
|
||||||
%{_libdir}/rpm-plugins/ima.so
|
%{_libdir}/rpm-plugins/ima.so
|
||||||
%{_mandir}/man8/rpm-plugin-ima.8*
|
%{_mandir}/man8/rpm-plugin-ima.8*
|
||||||
|
%endif
|
||||||
|
|
||||||
%files plugin-fsverity
|
%files plugin-fsverity
|
||||||
%{_libdir}/rpm-plugins/fsverity.so
|
%{_libdir}/rpm-plugins/fsverity.so
|
||||||
@ -586,7 +597,6 @@ fi
|
|||||||
%{rpmhome}/*deps*
|
%{rpmhome}/*deps*
|
||||||
%{rpmhome}/*.prov
|
%{rpmhome}/*.prov
|
||||||
%{rpmhome}/*.req
|
%{rpmhome}/*.req
|
||||||
%{rpmhome}/mkinstalldirs
|
|
||||||
%{rpmhome}/fileattrs/*
|
%{rpmhome}/fileattrs/*
|
||||||
%{rpmhome}/find-debuginfo.sh
|
%{rpmhome}/find-debuginfo.sh
|
||||||
%{rpmhome}/rpmuncompress
|
%{rpmhome}/rpmuncompress
|
||||||
@ -615,9 +625,12 @@ fi
|
|||||||
|
|
||||||
%files apidocs
|
%files apidocs
|
||||||
%license COPYING
|
%license COPYING
|
||||||
%doc docs/librpm/html/*
|
%doc %{_defaultdocdir}/rpm/API/
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 04 2023 Florian Festi <ffesti@redhat.com> - 4.18.90-1
|
||||||
|
- Update to 4.19 alpha
|
||||||
|
|
||||||
* Tue Apr 25 2023 Miro Hrončok <mhroncok@redhat.com> - 4.18.1-3
|
* Tue Apr 25 2023 Miro Hrončok <mhroncok@redhat.com> - 4.18.1-3
|
||||||
- Explicitly require rpm-sequoia >= 1.4.0 on runtime to avoid
|
- Explicitly require rpm-sequoia >= 1.4.0 on runtime to avoid
|
||||||
rpm: symbol lookup error: /lib64/librpmio.so.9: undefined symbol: _pgpVerifySignature2
|
rpm: symbol lookup error: /lib64/librpmio.so.9: undefined symbol: _pgpVerifySignature2
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (rpm-4.18.1.tar.bz2) = 0ede2138b9b4c3b50d7e914cf82655507fcc207ba67804c749ea17560002976cb26b95801e9138a51589b60459494a991213a1131dbef5af2eca9b5050a4f29c
|
SHA512 (rpm-4.18.90.tar.bz2) = 2d1a499fe053c5f3497b0ae4c133ef3b05b4b87e12ee5d349ad8c34dbfaebc20c1b3e6727143c152040ed1e132047bcf95afcbbe4a8cb2c4f91900b536d7821c
|
||||||
|
Loading…
Reference in New Issue
Block a user