Rebase to the 4.19 alpha release (4.18.90)

This uses the new cmake build scripts so several pieces of the package
had to be adjusted.
This commit is contained in:
Florian Festi 2023-05-05 13:34:13 +02:00
parent 7cdaeb70ca
commit 3913b45078
10 changed files with 401 additions and 112 deletions

1
.gitignore vendored
View File

@ -56,3 +56,4 @@
/rpm-4.18.0-rc1.tar.bz2
/rpm-4.18.0.tar.bz2
/rpm-4.18.1.tar.bz2
/rpm-4.18.90.tar.bz2

View File

@ -1,5 +1,4 @@
From e75ae70ef1a152dac9a066506cafd2bbf7b2565e Mon Sep 17 00:00:00 2001
Message-Id: <e75ae70ef1a152dac9a066506cafd2bbf7b2565e.1681989428.git.pmatilai@redhat.com>
From 87b9e0c28c3df3937f6676ee1b4164d6154dd9d3 Mon Sep 17 00:00:00 2001
From: "Neal H. Walfield" <neal@pep.foundation>
Date: Wed, 12 Apr 2023 17:56:19 +0200
Subject: [PATCH] Add pgpVerifySignature2() and pgpPrtParams2()
@ -16,37 +15,36 @@ and
https://github.com/rpm-software-management/rpm/issues/2127#issuecomment-1482646398
Fixes #2483.
This is a backport of commit 87b9e0c28c3df3937f6676ee1b4164d6154dd9d3
---
configure.ac | 2 +-
include/rpm/rpmpgp.h | 23 +++++++++++++++++++++++
lib/rpmvs.c | 19 ++++++++++++++++---
rpmio/rpmkeyring.c | 7 ++++++-
rpmio/rpmpgp_internal.c | 15 +++++++++++++++
rpmio/rpmpgp_sequoia.c | 7 +++++++
tests/rpmi.at | 10 ++++++++--
tests/rpmsigdig.at | 20 +++++++++++++++++---
9 files changed, 95 insertions(+), 10 deletions(-)
ci/Dockerfile | 2 ++
include/rpm/rpmpgp.h | 23 +++++++++++++++++++
lib/rpmvs.c | 19 +++++++++++++---
rpmio/CMakeLists.txt | 2 +-
rpmio/rpmkeyring.c | 7 +++++-
rpmio/rpmpgp_internal.c | 15 +++++++++++++
rpmio/rpmpgp_sequoia.c | 7 ++++++
tests/rpmi.at | 10 +++++++--
tests/rpmsigdig.at | 50 +++++++++++++++++++++++++++++++----------
9 files changed, 116 insertions(+), 19 deletions(-)
diff --git a/configure.ac b/configure.ac
index e6676c581..1d173e4e2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -384,7 +384,7 @@ AC_SUBST(WITH_LIBGCRYPT_LIB)
WITH_RPM_SEQUOIA_INCLUDE=
WITH_RPM_SEQUOIA_LIB=
if test "$with_crypto" = sequoia ; then
- PKG_CHECK_MODULES([RPM_SEQUOIA], [rpm-sequoia], [have_rpm_sequoia=yes], [have_rpm_sequoia=no])
+ PKG_CHECK_MODULES([RPM_SEQUOIA], [rpm-sequoia >= 1.4.0], [have_rpm_sequoia=yes], [have_rpm_sequoia=no])
if test "$have_rpm_sequoia" = "yes"; then
WITH_RPM_SEQUOIA_INCLUDE="$RPM_SEQUOIA_CFLAGS"
WITH_RPM_SEQUOIA_LIB="$RPM_SEQUOIA_LIBS"
diff --git a/ci/Dockerfile b/ci/Dockerfile
index d8f808962..552934fcd 100644
--- a/ci/Dockerfile
+++ b/ci/Dockerfile
@@ -7,6 +7,8 @@ RUN sed -i -e "s:^enabled=.$:enabled=0:g" /etc/yum.repos.d/*openh264.repo
# dummy for controlling per-repo gpgcheck via Semaphore setup
RUN sed -i -e "s:^gpgcheck=.$:gpgcheck=1:g" /etc/yum.repos.d/*.repo
RUN dnf -y update
+# until 1.4.0 lands in stable
+RUN dnf -y --enablerepo=updates-testing install "rpm-sequoia-devel >= 1.4.0"
RUN dnf -y install \
autoconf \
cmake \
diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h
index a3238a643..3352129b8 100644
index 87a2a5bd2..675cbad73 100644
--- a/include/rpm/rpmpgp.h
+++ b/include/rpm/rpmpgp.h
@@ -1013,6 +1013,18 @@ int pgpPubkeyKeyID(const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid);
@@ -1009,6 +1009,18 @@ int pgpPubkeyKeyID(const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid);
int pgpPrtParams(const uint8_t *pkts, size_t pktlen, unsigned int pkttype,
pgpDigParams * ret);
@ -65,9 +63,9 @@ index a3238a643..3352129b8 100644
/** \ingroup rpmpgp
* Parse subkey parameters from OpenPGP packet(s).
* @param pkts OpenPGP packet(s)
@@ -1191,6 +1203,17 @@ const uint8_t *pgpDigParamsSignID(pgpDigParams digp);
@@ -1186,6 +1198,17 @@ pgpDigParams pgpDigParamsFree(pgpDigParams digp);
*/
const char *pgpDigParamsUserID(pgpDigParams digp);
rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx);
+/** \ingroup rpmpgp
+ * Verify a PGP signature and return a error message or lint.
@ -81,8 +79,8 @@ index a3238a643..3352129b8 100644
+ char **lints);
+
/** \ingroup rpmpgp
* Retrieve the object's version.
*
* Return the type of a PGP signature. If `sig` is NULL, or is not a signature,
* returns -1.
diff --git a/lib/rpmvs.c b/lib/rpmvs.c
index a1425ea17..9b2106927 100644
--- a/lib/rpmvs.c
@ -114,11 +112,24 @@ index a1425ea17..9b2106927 100644
}
sinfo->hashalgo = pgpDigParamsAlgo(sinfo->sig, PGPVAL_HASHALGO);
sinfo->keyid = pgpGrab(pgpDigParamsSignID(sinfo->sig)+4, 4);
diff --git a/rpmio/CMakeLists.txt b/rpmio/CMakeLists.txt
index 2fb5794b0..6aa9ab1f1 100644
--- a/rpmio/CMakeLists.txt
+++ b/rpmio/CMakeLists.txt
@@ -21,7 +21,7 @@ if (WITH_INTERNAL_OPENPGP)
target_link_libraries(librpmio PRIVATE PkgConfig::LIBGCRYPT)
endif()
else()
- pkg_check_modules(RPMSEQUOIA REQUIRED IMPORTED_TARGET rpm-sequoia>=1.3.0)
+ pkg_check_modules(RPMSEQUOIA REQUIRED IMPORTED_TARGET rpm-sequoia>=1.4.0)
target_sources(librpmio PRIVATE rpmpgp_sequoia.c)
target_link_libraries(librpmio PRIVATE PkgConfig::RPMSEQUOIA)
endif()
diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c
index db72892d9..712004bc8 100644
index 166ee43a2..e3eb9e6ea 100644
--- a/rpmio/rpmkeyring.c
+++ b/rpmio/rpmkeyring.c
@@ -328,7 +328,12 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
@@ -276,7 +276,12 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
pgpkey = key->pgpkey;
/* We call verify even if key not found for a signature sanity check */
@ -133,10 +144,10 @@ index db72892d9..712004bc8 100644
if (keyring)
diff --git a/rpmio/rpmpgp_internal.c b/rpmio/rpmpgp_internal.c
index 0fcd220e4..a049c09b2 100644
index ce1d3c27d..82972bcc8 100644
--- a/rpmio/rpmpgp_internal.c
+++ b/rpmio/rpmpgp_internal.c
@@ -1095,6 +1095,14 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
@@ -1043,6 +1043,14 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
return rc;
}
@ -151,8 +162,8 @@ index 0fcd220e4..a049c09b2 100644
int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen,
pgpDigParams mainkey, pgpDigParams **subkeys,
int *subkeysCount)
@@ -1264,6 +1272,13 @@ rpmRC pgpVerifySig(pgpDig dig, DIGEST_CTX hashctx)
pgpDigGetParams(dig, PGPTAG_SIGNATURE), hashctx);
@@ -1179,6 +1187,13 @@ exit:
}
+rpmRC pgpVerifySignature2(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx, char **lints)
@ -166,7 +177,7 @@ index 0fcd220e4..a049c09b2 100644
{
const char * enc = NULL;
diff --git a/rpmio/rpmpgp_sequoia.c b/rpmio/rpmpgp_sequoia.c
index e01acd0e9..2141bbf30 100644
index c6434270a..d0b673953 100644
--- a/rpmio/rpmpgp_sequoia.c
+++ b/rpmio/rpmpgp_sequoia.c
@@ -36,6 +36,9 @@ W(uint32_t, pgpDigParamsCreationTime, (pgpDigParams digp), (digp))
@ -191,10 +202,10 @@ index e01acd0e9..2141bbf30 100644
(const uint8_t *pkts, size_t pktlen,
pgpDigParams mainkey, pgpDigParams **subkeys,
diff --git a/tests/rpmi.at b/tests/rpmi.at
index 7c8f25eff..d67185d5b 100644
index 9d74cf689..423d97bca 100644
--- a/tests/rpmi.at
+++ b/tests/rpmi.at
@@ -254,7 +254,7 @@ AT_CLEANUP
@@ -342,7 +342,7 @@ AT_CLEANUP
AT_SETUP([rpm -U <corrupted signed 1>])
AT_KEYWORDS([install])
@ -203,7 +214,7 @@ index 7c8f25eff..d67185d5b 100644
RPMDB_INIT
pkg="hello-2.0-1.x86_64-signed.rpm"
@@ -267,7 +267,13 @@ runroot rpm -U --ignorearch --ignoreos --nodeps \
@@ -355,7 +355,13 @@ runroot rpm -U --ignorearch --ignoreos --nodeps \
],
[1],
[],
@ -219,10 +230,93 @@ index 7c8f25eff..d67185d5b 100644
])
AT_CLEANUP
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
index 5b1c6c4a6..e5482735a 100644
index 9fb3febc9..df1f669e4 100644
--- a/tests/rpmsigdig.at
+++ b/tests/rpmsigdig.at
@@ -539,7 +539,7 @@ AT_CLEANUP
@@ -386,17 +386,17 @@ AT_CHECK([
RPMDB_INIT
echo Checking package before importing key:
-runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
+runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
echo Importing key:
-runroot rpmkeys --quiet --import /data/keys/alice-expired-subkey.asc; echo $?
+runroot rpmkeys --quiet --import /data/keys/alice-expired-subkey.asc 2>&1; echo $?
echo Checking for key:
runroot rpm -qi gpg-pubkey-eb04e625-* | grep Version | head -n1
echo Checking package after importing key:
-runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
+runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
echo Checking package after importing key, no digest:
-runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
+runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
echo Checking package after importing key, no signature:
-runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
+runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
],
[0],
[[Checking package before importing key:
@@ -416,6 +416,10 @@ Checking for key:
Version : eb04e625
Checking package after importing key:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
+error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
+ Key 1F71177215217EE0 invalid: key is not alive
+ because: The subkey is not live
+ because: Expired on 2022-04-12T00:00:15Z
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
Header DSA signature: NOTFOUND
Header SHA256 digest: OK
@@ -427,6 +431,10 @@ Checking package after importing key:
1
Checking package after importing key, no digest:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
+error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
+ Key 1F71177215217EE0 invalid: key is not alive
+ because: The subkey is not live
+ because: Expired on 2022-04-12T00:00:15Z
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
Header DSA signature: NOTFOUND
RSA signature: NOTFOUND
@@ -455,15 +463,15 @@ RPMDB_INIT
echo Checking package before importing key:
runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
echo Importing key:
-runroot rpmkeys --quiet --import /data/keys/alice-revoked-subkey.asc; echo $?
+runroot rpmkeys --quiet --import /data/keys/alice-revoked-subkey.asc 2>&1; echo $?
echo Checking for key:
runroot rpm -qi gpg-pubkey-eb04e625-* | grep Version | head -n1
echo Checking package after importing key:
-runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
+runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
echo Checking package after importing key, no digest:
-runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
+runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
echo Checking package after importing key, no signature:
-runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
+runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
],
[0],
[[Checking package before importing key:
@@ -483,6 +491,8 @@ Checking for key:
Version : eb04e625
Checking package after importing key:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
+error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
+ Key 1F71177215217EE0 is invalid: key is revoked
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
Header DSA signature: NOTFOUND
Header SHA256 digest: OK
@@ -494,6 +504,8 @@ Checking package after importing key:
1
Checking package after importing key, no digest:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
+error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
+ Key 1F71177215217EE0 is invalid: key is revoked
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
Header DSA signature: NOTFOUND
RSA signature: NOTFOUND
@@ -740,7 +752,7 @@ AT_CLEANUP
# Test pre-built corrupted package verification (corrupted signature)
AT_SETUP([rpmkeys -Kv <corrupted signed> 1])
AT_KEYWORDS([rpmkeys digest signature])
@ -231,7 +325,7 @@ index 5b1c6c4a6..e5482735a 100644
RPMDB_INIT
pkg="hello-2.0-1.x86_64-signed.rpm"
@@ -553,14 +553,28 @@ runroot rpmkeys -Kv /tmp/${pkg}
@@ -754,14 +766,28 @@ runroot rpmkeys -Kv /tmp/${pkg}
],
[1],
[/tmp/hello-2.0-1.x86_64-signed.rpm:
@ -263,5 +357,5 @@ index 5b1c6c4a6..e5482735a 100644
Header SHA1 digest: OK
Payload SHA256 digest: OK
--
2.40.0
2.40.1

View File

@ -0,0 +1,139 @@
From 9a9514e665c30554a4d72c7c79475af315b83dc3 Mon Sep 17 00:00:00 2001
Message-Id: <9a9514e665c30554a4d72c7c79475af315b83dc3.1683531413.git.pmatilai@redhat.com>
From: Panu Matilainen <pmatilai@redhat.com>
Date: Mon, 8 May 2023 09:26:46 +0300
Subject: [PATCH] Forward-port obsoleted crypto needed by current libdnf
Provide the minimum required bits to allow the old PackageKit-inherited
signature in libdnf to work until the switch to dnf5 happens, allegedly
during this release cycle.
---
include/rpm/rpmkeyring.h | 4 ++++
include/rpm/rpmpgp.h | 15 ++++++++++++
rpmio/rpmkeyring.c | 52 ++++++++++++++++++++++++++++++++++++++++
rpmio/rpmpgp_sequoia.c | 11 +++++++++
4 files changed, 82 insertions(+)
diff --git a/include/rpm/rpmkeyring.h b/include/rpm/rpmkeyring.h
index 3d8d55773..c84292ff8 100644
--- a/include/rpm/rpmkeyring.h
+++ b/include/rpm/rpmkeyring.h
@@ -101,6 +101,10 @@ char * rpmPubkeyBase64(rpmPubkey key);
*/
pgpDigParams rpmPubkeyPgpDigParams(rpmPubkey key);
+/* Obsolete APIs required by libdnf, do not use */
+rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig);
+pgpDig rpmPubkeyDig(rpmPubkey key);
+
#ifdef __cplusplus
}
#endif
diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h
index 675cbad73..f83642c18 100644
--- a/include/rpm/rpmpgp.h
+++ b/include/rpm/rpmpgp.h
@@ -1225,6 +1225,21 @@ int pgpSignatureType(pgpDigParams sig);
*/
char *pgpIdentItem(pgpDigParams digp);
+/* Obsolete APIs required by libdnf, do not use */
+typedef struct pgpDig_s * pgpDig;
+
+RPM_GNUC_DEPRECATED
+pgpDig pgpNewDig(void);
+
+RPM_GNUC_DEPRECATED
+pgpDig pgpFreeDig(pgpDig dig);
+
+RPM_GNUC_DEPRECATED
+pgpDigParams pgpDigGetParams(pgpDig dig, unsigned int pkttype);
+
+RPM_GNUC_DEPRECATED
+int pgpPrtPkts(const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing);
+
#ifdef __cplusplus
}
#endif
diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c
index e3eb9e6ea..464163895 100644
--- a/rpmio/rpmkeyring.c
+++ b/rpmio/rpmkeyring.c
@@ -289,3 +289,55 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
return rc;
}
+
+rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig)
+{
+ pthread_rwlock_rdlock(&keyring->lock);
+
+ rpmRC res = RPMRC_NOKEY;
+ pgpDigParams sigp = pgpDigGetParams(sig, PGPTAG_SIGNATURE);
+ rpmPubkey key = findbySig(keyring, sigp);
+
+ if (key) {
+ /*
+ * Callers expect sig to have the key data parsed into pgpDig
+ * on (successful) return, sigh. No need to check for return
+ * here as this is validated at rpmPubkeyNew() already.
+ */
+ pgpPrtPkts(key->pkt, key->pktlen, sig, _print_pkts);
+ res = RPMRC_OK;
+ }
+
+ pthread_rwlock_unlock(&keyring->lock);
+ return res;
+}
+
+pgpDig rpmPubkeyDig(rpmPubkey key)
+{
+ pgpDig dig = NULL;
+ static unsigned char zeros[] =
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+ int rc;
+ if (key == NULL)
+ return NULL;
+
+ dig = pgpNewDig();
+
+ pthread_rwlock_rdlock(&key->lock);
+ rc = pgpPrtPkts(key->pkt, key->pktlen, dig, _print_pkts);
+ pthread_rwlock_unlock(&key->lock);
+
+ if (rc == 0) {
+ pgpDigParams pubp = pgpDigGetParams(dig, PGPTAG_PUBLIC_KEY);
+ if (!pubp || !memcmp(pgpDigParamsSignID(pubp), zeros, sizeof(zeros)) ||
+ pgpDigParamsCreationTime(pubp) == 0 ||
+ pgpDigParamsUserID(pubp) == NULL) {
+ rc = -1;
+ }
+ }
+
+ if (rc)
+ dig = pgpFreeDig(dig);
+
+ return dig;
+}
diff --git a/rpmio/rpmpgp_sequoia.c b/rpmio/rpmpgp_sequoia.c
index d0b673953..0c1c848dc 100644
--- a/rpmio/rpmpgp_sequoia.c
+++ b/rpmio/rpmpgp_sequoia.c
@@ -80,3 +80,14 @@ W(int, rpmDigestUpdate, (DIGEST_CTX ctx, const void * data, size_t len),
W(int, rpmDigestFinal,
(DIGEST_CTX ctx, void ** datap, size_t *lenp, int asAscii),
(ctx, datap, lenp, asAscii))
+
+// Minimal backport of APIs required by libdnf until dnf5 takes over
+W(int, pgpPrtPkts,
+ (const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing),
+ (pkts, pktlen, dig, printing))
+W(pgpDig, pgpNewDig, (void), ())
+W(pgpDig, pgpFreeDig, (pgpDig dig), (dig))
+W(pgpDigParams, pgpDigGetParams,
+ (pgpDig dig, unsigned int pkttype),
+ (dig, pkttype))
+
--
2.40.1

View File

@ -0,0 +1,31 @@
From 33702961f45567a599bc0f0dac055604dc204fb1 Mon Sep 17 00:00:00 2001
From: Florian Festi <ffesti@redhat.com>
Date: Tue, 2 May 2023 09:03:50 +0200
Subject: [PATCH] Remove second share/ dir from infodir and mandir
cmake variables and the derived macros.
CMAKE_INSTALL_INFODIR and CMAKE_INSTALL_MANDIR already include the
datarootdir. So just prepending the prefix is sufficient.
---
CMakeLists.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 230d18d1f..9718505bf 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -67,8 +67,8 @@ function(makemacros)
set(libdir "\${prefix}/=LIB=")
set(includedir "\${prefix}/${CMAKE_INSTALL_INCLUDEDIR}")
set(oldincludedir "${CMAKE_INSTALL_FULL_OLDINCLUDEDIR}")
- set(infodir "\${datarootdir}/${CMAKE_INSTALL_INFODIR}")
- set(mandir "\${datarootdir}/${CMAKE_INSTALL_MANDIR}")
+ set(infodir "\${prefix}/${CMAKE_INSTALL_INFODIR}")
+ set(mandir "\${prefix}/${CMAKE_INSTALL_MANDIR}")
set(RUNDIR /run)
set(acutils
--
2.40.1

View File

@ -0,0 +1,11 @@
--- rpm-4.18.90/macros.in.orig 2023-04-17 14:44:14.186653076 +0200
+++ rpm-4.18.90/macros.in 2023-04-17 14:46:25.190322631 +0200
@@ -133,7 +133,7 @@
%_keyringpath %{_dbpath}/pubkeys/
# sysusers helper binary or script, uncomment to disable
-%__systemd_sysusers %{_bindir}/systemd-sysusers
+# %__systemd_sysusers %{_bindir}/systemd-sysusers
#
# Path to script that creates debug symbols in a /usr/lib/debug

View File

@ -0,0 +1,11 @@
--- rpm-4.18.90/macros.in.orig 2023-04-17 14:48:14.802719586 +0200
+++ rpm-4.18.90/macros.in 2023-04-17 14:48:25.268852972 +0200
@@ -236,7 +236,7 @@
%clamp_mtime_to_source_date_epoch 0
# If enabled, dilute user() and group() requires into recommends
-#%_use_weak_usergroup_deps 1
+%_use_weak_usergroup_deps 1
# The directory where newly built binary packages will be written.
%_rpmdir %{_topdir}/RPMS

View File

@ -1,7 +1,7 @@
diff -up rpm-4.18.1/macros.in.orig rpm-4.18.1/macros.in
--- rpm-4.18.1/macros.in.orig 2023-03-15 13:57:06.385361527 +0100
+++ rpm-4.18.1/macros.in 2023-03-15 13:58:09.613971713 +0100
@@ -727,10 +727,11 @@ package or when debugging this package.\
@@ -750,11 +750,12 @@ package or when debugging this package.\
RPM_SOURCE_DIR=\"%{_sourcedir}\"\
RPM_BUILD_DIR=\"%{_builddir}\"\
RPM_OPT_FLAGS=\"%{optflags}\"\
@ -9,8 +9,9 @@ diff -up rpm-4.18.1/macros.in.orig rpm-4.18.1/macros.in
RPM_ARCH=\"%{_arch}\"\
RPM_OS=\"%{_os}\"\
RPM_BUILD_NCPUS=\"%{_smp_build_ncpus}\"\
- export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_BUILD_NCPUS\
+ export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_BUILD_NCPUS RPM_LD_FLAGS\
RPM_SPECPARTS_DIR=\"%{specpartsdir}\"\
- export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_BUILD_NCPUS RPM_SPECPARTS_DIR\
+ export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_BUILD_NCPUS RPM_SPECPARTS_DIR RPM_LD_FLAGS\
RPM_DOC_DIR=\"%{_docdir}\"\
export RPM_DOC_DIR\
RPM_PACKAGE_NAME=\"%{NAME}\"\

View File

@ -1,12 +0,0 @@
diff -up rpm-4.18.1/docs/Makefile.am.orig rpm-4.18.1/docs/Makefile.am
--- rpm-4.18.1/docs/Makefile.am.orig 2023-03-15 14:48:27.955720807 +0100
+++ rpm-4.18.1/docs/Makefile.am 2023-03-15 14:48:43.634626934 +0100
@@ -1,8 +1,6 @@
## Process this file with automake to produce Makefile.in
-if PANDOC
SUBDIRS = man
-endif
EXTRA_DIST =

113
rpm.spec
View File

@ -30,10 +30,10 @@
%define rpmhome /usr/lib/rpm
%global rpmver 4.18.1
%global rpmver 4.18.90
#global snapver rc1
%global baserelease 3
%global sover 9
%global baserelease 1
%global sover 10
%global srcver %{rpmver}%{?snapver:-%{snapver}}
%global srcdir %{?snapver:testing}%{!?snapver:rpm-%(echo %{rpmver} | cut -d'.' -f1-2).x}
@ -69,6 +69,7 @@ BuildRequires: debugedit >= 0.3
BuildRequires: redhat-rpm-config >= 94
BuildRequires: systemd-rpm-macros
BuildRequires: gcc make
BuildRequires: cmake >= 3.18
BuildRequires: gawk
BuildRequires: elfutils-devel >= 0.112
BuildRequires: elfutils-libelf-devel
@ -95,6 +96,15 @@ BuildRequires: libzstd-devel
BuildRequires: sqlite-devel
%endif
# Needed for re-building the documentation and man pages
# normally those are shipped in the tarball pre-build
# but need re-building if sources are patched
%if 0
BuildRequires: pandoc
BuildRequires: doxygen
%endif
%if %{with sequoia}
%global crypto sequoia
BuildRequires: rpm-sequoia-devel >= 1.4.0
@ -132,17 +142,22 @@ rpm-4.17.x-rpm_dbpath.patch
rpm-4.18.x-siteconfig.patch
# In current Fedora, man-pages pkg owns all the localized man directories
rpm-4.9.90-no-man-dirs.patch
# Disable new user/group handling
rpm-4.18.90-disable-sysusers.patch
rpm-4.18.90-weak-user-group.patch
# Patches already upstream:
# ...
0001-Remove-second-share-dir-from-infodir-and-mandir.patch
0001-Add-pgpVerifySignature2-and-pgpPrtParams2.patch
# These are not yet upstream
rpm-4.7.1-geode-i686.patch
# Probably to be upstreamed in slightly different form
rpm-4.18.x-ldflags.patch
# We either need pandoc in buildroot or this patch in order for man pages to
# actually be installed, choose the latter
rpm-4.18.x-revert-pandoc-cond.patch
# Needed until dnf catches up
0001-Forward-port-obsoleted-crypto-needed-by-current-libd.patch
%description
The RPM Package Manager (RPM) is a powerful command line driven
@ -288,12 +303,14 @@ Requires: rpm-libs%{_isa} = %{version}-%{release}
This plugin blocks systemd from entering idle, sleep or shutdown while an rpm
transaction is running using the systemd-inhibit mechanism.
%if %{with libimaevm}
%package plugin-ima
Summary: Rpm plugin ima file signatures
Requires: rpm-libs%{_isa} = %{version}-%{release}
%description plugin-ima
%{summary}.
%endif
%package plugin-prioreset
Summary: Rpm plugin for resetting scriptlet priorities for SysV init
@ -351,44 +368,35 @@ change.
%build
%set_build_flags
autoreconf -i -f
# Hardening hack taken from macro %%configure defined in redhat-rpm-config
for i in $(find . -name ltmain.sh) ; do
%{__sed} -i.backup -e 's~compiler_flags=$~compiler_flags="%{_hardened_ldflags}"~' $i
done;
# Using configure macro has some unwanted side-effects on rpm platform
# setup, use the old-fashioned way for now only defining minimal paths.
./configure \
--prefix=%{_usr} \
--sysconfdir=%{_sysconfdir} \
--localstatedir=%{_var} \
--sharedstatedir=%{_var}/lib \
--libdir=%{_libdir} \
--build=%{_target_platform} \
--host=%{_target_platform} \
--with-vendor=redhat \
%{!?with_plugins: --disable-plugins} \
--with-lua \
--with-selinux \
--with-cap \
--with-acl \
--with-fapolicyd \
%{?with_ndb: --enable-ndb} \
%{?with_libimaevm: --with-imaevm} \
%{?with_fsverity: --with-fsverity} \
%{?with_zstd: --enable-zstd} \
%{?with_sqlite: --enable-sqlite} \
%{?with_bdb_ro: --enable-bdb-ro} \
--enable-python \
--with-crypto=%{crypto}
mkdir _build
cd _build
cmake \
-DCMAKE_INSTALL_PREFIX=%{_usr} \
%{?with_bdb_ro:-DENABLE_BDB_RO=ON} \
%{!?with_ndb:-DENABLE_NDB=OFF} \
%{!?with_sqlite:-DENABLE_SQLITE=OFF} \
%{!?with_plugins:-DENABLE_PLUGINS=OFF} \
%{?with_fsverity:-DWITH_FSVERITY=ON} \
%{?with_libimaevm:-DWITH_IMAEVM=ON} \
%{!?with_libarchive:-DWITH_ARCHIVE=OFF} \
%{!?with_check:-DENABLE_TESTSUITE=OFF} \
%{!?with_sequoia:-DWITH_INTERNAL_OPENPGP=ON} \
%{!?with_sequoia:-DWITH_OPENSSL=ON } \
-DRPM_VENDOR=redhat \
..
%make_build
%install
cd _build
%make_install
# temporarily remove useser handling fileattr
# as it is currently in systemd-rpm-macros
rm $RPM_BUILD_ROOT%{_rpmconfigdir}/fileattrs/sysusers.attr
cd ..
mkdir -p $RPM_BUILD_ROOT%{_unitdir}
install -m 644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}
install -m 644 %{SOURCE20} $RPM_BUILD_ROOT/%{_unitdir}
@ -406,10 +414,12 @@ install -m 644 scripts/rpm.log ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/rpm
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rpm
mkdir -p $RPM_BUILD_ROOT%{rpmhome}/macros.d
mkdir -p $RPM_BUILD_ROOT/usr/lib/sysimage/rpm
cd _build
# init an empty database for %ghost'ing for all supported backends
for be in %{?with_ndb:ndb} %{?with_sqlite:sqlite}; do
./rpmdb --define "_db_backend ${be}" --dbpath=${PWD}/${be} --initdb
mkdir ${be}
./rpmdb --rcfile rpmrc --define "_db_backend ${be}" --dbpath=${PWD}/${be} --initdb
cp -va ${be}/. $RPM_BUILD_ROOT/usr/lib/sysimage/rpm/
done
@ -427,6 +437,7 @@ rm -rf $RPM_BUILD_ROOT/var/tmp
%if %{with check}
%check
cd _build
make check TESTSUITEFLAGS=-j%{_smp_build_ncpus} || (cat tests/rpmtests.log; exit 1)
# rpm >= 4.16.0 testsuite leaves a read-only tree behind, clean it up
make clean
@ -457,9 +468,13 @@ if [ ! -d /var/lib/rpm ] && [ -d /usr/lib/sysimage/rpm ] && [ ! -f /usr/lib/sysi
touch /usr/lib/sysimage/rpm/.rpmdbdirsymlink_created
fi
%files -f rpm.lang
%files -f _build/rpm.lang
%license COPYING
%doc CREDITS docs/manual/[a-z]*
%doc %{_defaultdocdir}/rpm/CONTRIBUTING.md
%doc %{_defaultdocdir}/rpm/COPYING
%doc %{_defaultdocdir}/rpm/INSTALL
%doc %{_defaultdocdir}/rpm/README
%{_unitdir}/rpmdb-rebuild.service
%{_unitdir}/rpmdb-migrate.service
@ -477,6 +492,7 @@ fi
%{_bindir}/rpmkeys
%{_bindir}/rpmquery
%{_bindir}/rpmverify
%{_bindir}/rpmsort
%{_mandir}/man8/rpm.8*
%{_mandir}/man8/rpmdb.8*
@ -484,16 +500,9 @@ fi
%{_mandir}/man8/rpm2archive.8*
%{_mandir}/man8/rpm2cpio.8*
%{_mandir}/man8/rpm-misc.8*
%{_mandir}/man8/rpmsort.8*
%{_mandir}/man8/rpm-plugins.8*
# XXX this places translated manuals to wrong package wrt eg rpmbuild
%lang(fr) %{_mandir}/fr/man[18]/*.[18]*
%lang(ko) %{_mandir}/ko/man[18]/*.[18]*
%lang(ja) %{_mandir}/ja/man[18]/*.[18]*
%lang(pl) %{_mandir}/pl/man[18]/*.[18]*
%lang(ru) %{_mandir}/ru/man[18]/*.[18]*
%lang(sk) %{_mandir}/sk/man[18]/*.[18]*
%attr(0755, root, root) %dir %{rpmhome}
%{rpmhome}/macros
%{rpmhome}/macros.d
@ -532,9 +541,11 @@ fi
%{_libdir}/rpm-plugins/systemd_inhibit.so
%{_mandir}/man8/rpm-plugin-systemd-inhibit.8*
%if %{with libimaevm}
%files plugin-ima
%{_libdir}/rpm-plugins/ima.so
%{_mandir}/man8/rpm-plugin-ima.8*
%endif
%files plugin-fsverity
%{_libdir}/rpm-plugins/fsverity.so
@ -586,7 +597,6 @@ fi
%{rpmhome}/*deps*
%{rpmhome}/*.prov
%{rpmhome}/*.req
%{rpmhome}/mkinstalldirs
%{rpmhome}/fileattrs/*
%{rpmhome}/find-debuginfo.sh
%{rpmhome}/rpmuncompress
@ -615,9 +625,12 @@ fi
%files apidocs
%license COPYING
%doc docs/librpm/html/*
%doc %{_defaultdocdir}/rpm/API/
%changelog
* Thu May 04 2023 Florian Festi <ffesti@redhat.com> - 4.18.90-1
- Update to 4.19 alpha
* Tue Apr 25 2023 Miro Hrončok <mhroncok@redhat.com> - 4.18.1-3
- Explicitly require rpm-sequoia >= 1.4.0 on runtime to avoid
rpm: symbol lookup error: /lib64/librpmio.so.9: undefined symbol: _pgpVerifySignature2

View File

@ -1 +1 @@
SHA512 (rpm-4.18.1.tar.bz2) = 0ede2138b9b4c3b50d7e914cf82655507fcc207ba67804c749ea17560002976cb26b95801e9138a51589b60459494a991213a1131dbef5af2eca9b5050a4f29c
SHA512 (rpm-4.18.90.tar.bz2) = 2d1a499fe053c5f3497b0ae4c133ef3b05b4b87e12ee5d349ad8c34dbfaebc20c1b3e6727143c152040ed1e132047bcf95afcbbe4a8cb2c4f91900b536d7821c