Update to 4.19 alpha2
This commit is contained in:
parent
096af0fd5f
commit
4c1728e423
1
.gitignore
vendored
1
.gitignore
vendored
@ -57,3 +57,4 @@
|
||||
/rpm-4.18.0.tar.bz2
|
||||
/rpm-4.18.1.tar.bz2
|
||||
/rpm-4.18.90.tar.bz2
|
||||
/rpm-4.18.91.tar.bz2
|
||||
|
@ -1,361 +0,0 @@
|
||||
From 87b9e0c28c3df3937f6676ee1b4164d6154dd9d3 Mon Sep 17 00:00:00 2001
|
||||
From: "Neal H. Walfield" <neal@pep.foundation>
|
||||
Date: Wed, 12 Apr 2023 17:56:19 +0200
|
||||
Subject: [PATCH] Add pgpVerifySignature2() and pgpPrtParams2()
|
||||
|
||||
Add new functions pgpVerifySignature2() and pgpPrtParams2(), which are
|
||||
like their earlier versions, but optionally return descriptive error
|
||||
messages (in the case of failure) or lints (in the case of success).
|
||||
Adjust tests accordingly.
|
||||
|
||||
This requires rpm-sequoia 1.4 or later.
|
||||
|
||||
See https://github.com/rpm-software-management/rpm-sequoia/issues/39
|
||||
and
|
||||
https://github.com/rpm-software-management/rpm/issues/2127#issuecomment-1482646398
|
||||
|
||||
Fixes #2483.
|
||||
---
|
||||
ci/Dockerfile | 2 ++
|
||||
include/rpm/rpmpgp.h | 23 +++++++++++++++++++
|
||||
lib/rpmvs.c | 19 +++++++++++++---
|
||||
rpmio/CMakeLists.txt | 2 +-
|
||||
rpmio/rpmkeyring.c | 7 +++++-
|
||||
rpmio/rpmpgp_internal.c | 15 +++++++++++++
|
||||
rpmio/rpmpgp_sequoia.c | 7 ++++++
|
||||
tests/rpmi.at | 10 +++++++--
|
||||
tests/rpmsigdig.at | 50 +++++++++++++++++++++++++++++++----------
|
||||
9 files changed, 116 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/ci/Dockerfile b/ci/Dockerfile
|
||||
index d8f808962..552934fcd 100644
|
||||
--- a/ci/Dockerfile
|
||||
+++ b/ci/Dockerfile
|
||||
@@ -7,6 +7,8 @@ RUN sed -i -e "s:^enabled=.$:enabled=0:g" /etc/yum.repos.d/*openh264.repo
|
||||
# dummy for controlling per-repo gpgcheck via Semaphore setup
|
||||
RUN sed -i -e "s:^gpgcheck=.$:gpgcheck=1:g" /etc/yum.repos.d/*.repo
|
||||
RUN dnf -y update
|
||||
+# until 1.4.0 lands in stable
|
||||
+RUN dnf -y --enablerepo=updates-testing install "rpm-sequoia-devel >= 1.4.0"
|
||||
RUN dnf -y install \
|
||||
autoconf \
|
||||
cmake \
|
||||
diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h
|
||||
index 87a2a5bd2..675cbad73 100644
|
||||
--- a/include/rpm/rpmpgp.h
|
||||
+++ b/include/rpm/rpmpgp.h
|
||||
@@ -1009,6 +1009,18 @@ int pgpPubkeyKeyID(const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid);
|
||||
int pgpPrtParams(const uint8_t *pkts, size_t pktlen, unsigned int pkttype,
|
||||
pgpDigParams * ret);
|
||||
|
||||
+/** \ingroup rpmpgp
|
||||
+ * Parse a OpenPGP packet(s).
|
||||
+ * @param pkts OpenPGP packet(s)
|
||||
+ * @param pktlen OpenPGP packet(s) length (no. of bytes)
|
||||
+ * @param pkttype Expected packet type (signature/key) or 0 for any
|
||||
+ * @param[out] ret signature/pubkey packet parameters on success (alloced)
|
||||
+ * @param[out] lints error messages and lints
|
||||
+ * @return -1 on error, 0 on success
|
||||
+ */
|
||||
+int pgpPrtParams2(const uint8_t *pkts, size_t pktlen, unsigned int pkttype,
|
||||
+ pgpDigParams * ret, char **lints);
|
||||
+
|
||||
/** \ingroup rpmpgp
|
||||
* Parse subkey parameters from OpenPGP packet(s).
|
||||
* @param pkts OpenPGP packet(s)
|
||||
@@ -1186,6 +1198,17 @@ pgpDigParams pgpDigParamsFree(pgpDigParams digp);
|
||||
*/
|
||||
rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx);
|
||||
|
||||
+/** \ingroup rpmpgp
|
||||
+ * Verify a PGP signature and return a error message or lint.
|
||||
+ * @param key public key
|
||||
+ * @param sig signature
|
||||
+ * @param hashctx digest context
|
||||
+ * @param lints error messages and lints
|
||||
+ * @return RPMRC_OK on success
|
||||
+ */
|
||||
+rpmRC pgpVerifySignature2(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx,
|
||||
+ char **lints);
|
||||
+
|
||||
/** \ingroup rpmpgp
|
||||
* Return the type of a PGP signature. If `sig` is NULL, or is not a signature,
|
||||
* returns -1.
|
||||
diff --git a/lib/rpmvs.c b/lib/rpmvs.c
|
||||
index a1425ea17..9b2106927 100644
|
||||
--- a/lib/rpmvs.c
|
||||
+++ b/lib/rpmvs.c
|
||||
@@ -193,10 +193,23 @@ static void rpmsinfoInit(const struct vfyinfo_s *vinfo,
|
||||
}
|
||||
|
||||
if (sinfo->type == RPMSIG_SIGNATURE_TYPE) {
|
||||
- if (pgpPrtParams(data, dlen, PGPTAG_SIGNATURE, &sinfo->sig)) {
|
||||
- rasprintf(&sinfo->msg, _("%s tag %u: invalid OpenPGP signature"),
|
||||
- origin, td->tag);
|
||||
+ char *lints = NULL;
|
||||
+ int ec = pgpPrtParams2(data, dlen, PGPTAG_SIGNATURE, &sinfo->sig, &lints);
|
||||
+ if (ec) {
|
||||
+ if (lints) {
|
||||
+ rasprintf(&sinfo->msg,
|
||||
+ ("%s tag %u: invalid OpenPGP signature: %s"),
|
||||
+ origin, td->tag, lints);
|
||||
+ free(lints);
|
||||
+ } else {
|
||||
+ rasprintf(&sinfo->msg,
|
||||
+ _("%s tag %u: invalid OpenPGP signature"),
|
||||
+ origin, td->tag);
|
||||
+ }
|
||||
goto exit;
|
||||
+ } else if (lints) {
|
||||
+ rpmlog(RPMLOG_WARNING, "%s\n", lints);
|
||||
+ free(lints);
|
||||
}
|
||||
sinfo->hashalgo = pgpDigParamsAlgo(sinfo->sig, PGPVAL_HASHALGO);
|
||||
sinfo->keyid = pgpGrab(pgpDigParamsSignID(sinfo->sig)+4, 4);
|
||||
diff --git a/rpmio/CMakeLists.txt b/rpmio/CMakeLists.txt
|
||||
index 2fb5794b0..6aa9ab1f1 100644
|
||||
--- a/rpmio/CMakeLists.txt
|
||||
+++ b/rpmio/CMakeLists.txt
|
||||
@@ -21,7 +21,7 @@ if (WITH_INTERNAL_OPENPGP)
|
||||
target_link_libraries(librpmio PRIVATE PkgConfig::LIBGCRYPT)
|
||||
endif()
|
||||
else()
|
||||
- pkg_check_modules(RPMSEQUOIA REQUIRED IMPORTED_TARGET rpm-sequoia>=1.3.0)
|
||||
+ pkg_check_modules(RPMSEQUOIA REQUIRED IMPORTED_TARGET rpm-sequoia>=1.4.0)
|
||||
target_sources(librpmio PRIVATE rpmpgp_sequoia.c)
|
||||
target_link_libraries(librpmio PRIVATE PkgConfig::RPMSEQUOIA)
|
||||
endif()
|
||||
diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c
|
||||
index 166ee43a2..e3eb9e6ea 100644
|
||||
--- a/rpmio/rpmkeyring.c
|
||||
+++ b/rpmio/rpmkeyring.c
|
||||
@@ -276,7 +276,12 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
|
||||
pgpkey = key->pgpkey;
|
||||
|
||||
/* We call verify even if key not found for a signature sanity check */
|
||||
- rc = pgpVerifySignature(pgpkey, sig, ctx);
|
||||
+ char *lints = NULL;
|
||||
+ rc = pgpVerifySignature2(pgpkey, sig, ctx, &lints);
|
||||
+ if (lints) {
|
||||
+ rpmlog(rc ? RPMLOG_ERR : RPMLOG_WARNING, "%s\n", lints);
|
||||
+ free(lints);
|
||||
+ }
|
||||
}
|
||||
|
||||
if (keyring)
|
||||
diff --git a/rpmio/rpmpgp_internal.c b/rpmio/rpmpgp_internal.c
|
||||
index ce1d3c27d..82972bcc8 100644
|
||||
--- a/rpmio/rpmpgp_internal.c
|
||||
+++ b/rpmio/rpmpgp_internal.c
|
||||
@@ -1043,6 +1043,14 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
|
||||
return rc;
|
||||
}
|
||||
|
||||
+int pgpPrtParams2(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
|
||||
+ pgpDigParams * ret, char **lints)
|
||||
+{
|
||||
+ if (lints)
|
||||
+ *lints = NULL;
|
||||
+ return pgpPrtParams(pkts, pktlen, pkttype, ret);
|
||||
+}
|
||||
+
|
||||
int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen,
|
||||
pgpDigParams mainkey, pgpDigParams **subkeys,
|
||||
int *subkeysCount)
|
||||
@@ -1179,6 +1187,13 @@ exit:
|
||||
|
||||
}
|
||||
|
||||
+rpmRC pgpVerifySignature2(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx, char **lints)
|
||||
+{
|
||||
+ if (lints)
|
||||
+ *lints = NULL;
|
||||
+ return pgpVerifySignature(key, sig, hashctx);
|
||||
+}
|
||||
+
|
||||
static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
|
||||
{
|
||||
const char * enc = NULL;
|
||||
diff --git a/rpmio/rpmpgp_sequoia.c b/rpmio/rpmpgp_sequoia.c
|
||||
index c6434270a..d0b673953 100644
|
||||
--- a/rpmio/rpmpgp_sequoia.c
|
||||
+++ b/rpmio/rpmpgp_sequoia.c
|
||||
@@ -36,6 +36,9 @@ W(uint32_t, pgpDigParamsCreationTime, (pgpDigParams digp), (digp))
|
||||
W(rpmRC, pgpVerifySignature,
|
||||
(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx),
|
||||
(key, sig, hashctx))
|
||||
+W(rpmRC, pgpVerifySignature2,
|
||||
+ (pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx, char **lints),
|
||||
+ (key, sig, hashctx, lints))
|
||||
W(int, pgpPubkeyKeyID,
|
||||
(const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid),
|
||||
(pkt, pktlen, keyid))
|
||||
@@ -51,6 +54,10 @@ W(int, pgpPubKeyCertLen,
|
||||
W(int, pgpPrtParams,
|
||||
(const uint8_t *pkts, size_t pktlen, unsigned int pkttype, pgpDigParams *ret),
|
||||
(pkts, pktlen, pkttype, ret))
|
||||
+W(int, pgpPrtParams2,
|
||||
+ (const uint8_t *pkts, size_t pktlen, unsigned int pkttype, pgpDigParams *ret,
|
||||
+ char **lints),
|
||||
+ (pkts, pktlen, pkttype, ret, lints))
|
||||
W(int, pgpPrtParamsSubkeys,
|
||||
(const uint8_t *pkts, size_t pktlen,
|
||||
pgpDigParams mainkey, pgpDigParams **subkeys,
|
||||
diff --git a/tests/rpmi.at b/tests/rpmi.at
|
||||
index 9d74cf689..423d97bca 100644
|
||||
--- a/tests/rpmi.at
|
||||
+++ b/tests/rpmi.at
|
||||
@@ -342,7 +342,7 @@ AT_CLEANUP
|
||||
|
||||
AT_SETUP([rpm -U <corrupted signed 1>])
|
||||
AT_KEYWORDS([install])
|
||||
-AT_CHECK([
|
||||
+AT_CHECK_UNQUOTED([
|
||||
RPMDB_INIT
|
||||
|
||||
pkg="hello-2.0-1.x86_64-signed.rpm"
|
||||
@@ -355,7 +355,13 @@ runroot rpm -U --ignorearch --ignoreos --nodeps \
|
||||
],
|
||||
[1],
|
||||
[],
|
||||
-[error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)
|
||||
+[`if test x$PGP = xinternal; then
|
||||
+ echo 'error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)'
|
||||
+else
|
||||
+ echo 'error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:'
|
||||
+ echo ' Failed to parse Signature Packet'
|
||||
+ echo ' because: Malformed packet: Subpacket extends beyond the end of the subpacket area)'
|
||||
+fi`
|
||||
error: /tmp/hello-2.0-1.x86_64-signed.rpm cannot be installed
|
||||
])
|
||||
AT_CLEANUP
|
||||
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
|
||||
index 9fb3febc9..df1f669e4 100644
|
||||
--- a/tests/rpmsigdig.at
|
||||
+++ b/tests/rpmsigdig.at
|
||||
@@ -386,17 +386,17 @@ AT_CHECK([
|
||||
RPMDB_INIT
|
||||
|
||||
echo Checking package before importing key:
|
||||
-runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
|
||||
+runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
|
||||
echo Importing key:
|
||||
-runroot rpmkeys --quiet --import /data/keys/alice-expired-subkey.asc; echo $?
|
||||
+runroot rpmkeys --quiet --import /data/keys/alice-expired-subkey.asc 2>&1; echo $?
|
||||
echo Checking for key:
|
||||
runroot rpm -qi gpg-pubkey-eb04e625-* | grep Version | head -n1
|
||||
echo Checking package after importing key:
|
||||
-runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
|
||||
+runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
|
||||
echo Checking package after importing key, no digest:
|
||||
-runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
|
||||
+runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
|
||||
echo Checking package after importing key, no signature:
|
||||
-runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
|
||||
+runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
|
||||
],
|
||||
[0],
|
||||
[[Checking package before importing key:
|
||||
@@ -416,6 +416,10 @@ Checking for key:
|
||||
Version : eb04e625
|
||||
Checking package after importing key:
|
||||
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
|
||||
+error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
|
||||
+ Key 1F71177215217EE0 invalid: key is not alive
|
||||
+ because: The subkey is not live
|
||||
+ because: Expired on 2022-04-12T00:00:15Z
|
||||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
|
||||
Header DSA signature: NOTFOUND
|
||||
Header SHA256 digest: OK
|
||||
@@ -427,6 +431,10 @@ Checking package after importing key:
|
||||
1
|
||||
Checking package after importing key, no digest:
|
||||
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
|
||||
+error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
|
||||
+ Key 1F71177215217EE0 invalid: key is not alive
|
||||
+ because: The subkey is not live
|
||||
+ because: Expired on 2022-04-12T00:00:15Z
|
||||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
|
||||
Header DSA signature: NOTFOUND
|
||||
RSA signature: NOTFOUND
|
||||
@@ -455,15 +463,15 @@ RPMDB_INIT
|
||||
echo Checking package before importing key:
|
||||
runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
|
||||
echo Importing key:
|
||||
-runroot rpmkeys --quiet --import /data/keys/alice-revoked-subkey.asc; echo $?
|
||||
+runroot rpmkeys --quiet --import /data/keys/alice-revoked-subkey.asc 2>&1; echo $?
|
||||
echo Checking for key:
|
||||
runroot rpm -qi gpg-pubkey-eb04e625-* | grep Version | head -n1
|
||||
echo Checking package after importing key:
|
||||
-runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
|
||||
+runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
|
||||
echo Checking package after importing key, no digest:
|
||||
-runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
|
||||
+runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
|
||||
echo Checking package after importing key, no signature:
|
||||
-runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
|
||||
+runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
|
||||
],
|
||||
[0],
|
||||
[[Checking package before importing key:
|
||||
@@ -483,6 +491,8 @@ Checking for key:
|
||||
Version : eb04e625
|
||||
Checking package after importing key:
|
||||
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
|
||||
+error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
|
||||
+ Key 1F71177215217EE0 is invalid: key is revoked
|
||||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
|
||||
Header DSA signature: NOTFOUND
|
||||
Header SHA256 digest: OK
|
||||
@@ -494,6 +504,8 @@ Checking package after importing key:
|
||||
1
|
||||
Checking package after importing key, no digest:
|
||||
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
|
||||
+error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
|
||||
+ Key 1F71177215217EE0 is invalid: key is revoked
|
||||
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
|
||||
Header DSA signature: NOTFOUND
|
||||
RSA signature: NOTFOUND
|
||||
@@ -740,7 +752,7 @@ AT_CLEANUP
|
||||
# Test pre-built corrupted package verification (corrupted signature)
|
||||
AT_SETUP([rpmkeys -Kv <corrupted signed> 1])
|
||||
AT_KEYWORDS([rpmkeys digest signature])
|
||||
-AT_CHECK([
|
||||
+AT_CHECK_UNQUOTED([
|
||||
RPMDB_INIT
|
||||
|
||||
pkg="hello-2.0-1.x86_64-signed.rpm"
|
||||
@@ -754,14 +766,28 @@ runroot rpmkeys -Kv /tmp/${pkg}
|
||||
],
|
||||
[1],
|
||||
[/tmp/hello-2.0-1.x86_64-signed.rpm:
|
||||
- Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)
|
||||
+`if test x$PGP = xinternal; then
|
||||
+ echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)'
|
||||
+else
|
||||
+ echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:'
|
||||
+ echo ' Failed to parse Signature Packet'
|
||||
+ echo ' because: Signature appears to be created by a non-conformant OpenPGP implementation, see <https://github.com/rpm-software-management/rpm/issues/2351>.'
|
||||
+ echo ' because: Malformed MPI: leading bit is not set: expected bit 1 to be set in 0 (0))'
|
||||
+fi`
|
||||
Header SHA256 digest: OK
|
||||
Header SHA1 digest: OK
|
||||
Payload SHA256 digest: OK
|
||||
V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
|
||||
MD5 digest: OK
|
||||
/tmp/hello-2.0-1.x86_64-signed.rpm:
|
||||
- Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)
|
||||
+`if test x$PGP = xinternal; then
|
||||
+ echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)'
|
||||
+else
|
||||
+ echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:'
|
||||
+ echo ' Failed to parse Signature Packet'
|
||||
+ echo ' because: Signature appears to be created by a non-conformant OpenPGP implementation, see <https://github.com/rpm-software-management/rpm/issues/2351>.'
|
||||
+ echo ' because: Malformed MPI: leading bit is not set: expected bit 1 to be set in 0 (0))'
|
||||
+fi`
|
||||
Header SHA256 digest: OK
|
||||
Header SHA1 digest: OK
|
||||
Payload SHA256 digest: OK
|
||||
--
|
||||
2.40.1
|
||||
|
@ -1,61 +0,0 @@
|
||||
From 2df8008d22b58f87fe665de0fa8c5bbeb4b4a3d8 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Domonkos <mdomonko@redhat.com>
|
||||
Date: Wed, 17 May 2023 12:39:47 +0200
|
||||
Subject: [PATCH] Enable large file support on 32-bit systems again
|
||||
|
||||
Replace 32-bit sizes in types like off_t with 64-bits when building on
|
||||
32-bit architectures, to enable large file support there.
|
||||
|
||||
This fixes a nasty regression introduced in the cmake transition. As
|
||||
autotools would set this flag to 64 automatically for us, applications
|
||||
linking against librpm (such as libdnf, librepo, libsolv or drpm) are
|
||||
already adapted to that and are also building with the value of 64
|
||||
(explicitly, we never exported this flag through pkg-config ourselves).
|
||||
However, us suddenly expecting 32-bits in those types on 32-bit systems
|
||||
can blow up badly e.g. in functions that take an off_t parameter, like
|
||||
Fseek().
|
||||
|
||||
There perhaps aren't that many low-level users of librpm but drpm is one
|
||||
such example where exactly this happens when built against our current
|
||||
master. It calls headerRead(), leading to Fseek() which receives a
|
||||
64-bit offset parameter where it expects a 32-bit one, thus silently
|
||||
overwriting the following parameter from 1 to 0 (SEEK_CUR to SEEK_SET)
|
||||
which messes up the whole reading sequence in drpm's rpm_read(),
|
||||
producing a failure in drpm's test suite that doesn't make any sense at
|
||||
first sight.
|
||||
|
||||
While at it, also export the flag through pkg-config so that anyone
|
||||
linking against librpm is now guaranteed to work correctly even if they
|
||||
don't set the flag themselves (kudos to Petr Pisar for suggesting this).
|
||||
---
|
||||
CMakeLists.txt | 1 +
|
||||
rpm.pc.in | 2 +-
|
||||
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
||||
index b006ed34e..dc28fd547 100644
|
||||
--- a/CMakeLists.txt
|
||||
+++ b/CMakeLists.txt
|
||||
@@ -52,6 +52,7 @@ set(CMAKE_SHARED_MODULE_PREFIX "")
|
||||
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
|
||||
include(GNUInstallDirs)
|
||||
add_compile_definitions(_GNU_SOURCE)
|
||||
+add_definitions(-D_FILE_OFFSET_BITS=64)
|
||||
|
||||
function(makemacros)
|
||||
set(prefix ${CMAKE_INSTALL_PREFIX})
|
||||
diff --git a/rpm.pc.in b/rpm.pc.in
|
||||
index 46d42e7a3..791303e17 100644
|
||||
--- a/rpm.pc.in
|
||||
+++ b/rpm.pc.in
|
||||
@@ -11,6 +11,6 @@ URL: @CMAKE_PROJECT_HOMEPAGE_URL@
|
||||
Requires: popt
|
||||
Requires.private: @ZSTD_REQUIRES@
|
||||
# Conflicts:
|
||||
-Cflags: -I${includedir}
|
||||
+Cflags: -I${includedir} -D_FILE_OFFSET_BITS=64
|
||||
Libs: -L${libdir} -lrpm -lrpmio
|
||||
Libs.private: -lpopt -lrt -lpthread @WITH_LZMA_LIB@ @WITH_BZ2_LIB@ @WITH_ZLIB_LIB@ @LUA_LIBS@
|
||||
--
|
||||
2.40.1
|
||||
|
@ -1,27 +0,0 @@
|
||||
From d18d6ce41df4a5887df47a69052a401808aef19f Mon Sep 17 00:00:00 2001
|
||||
From: Florian Festi <ffesti@redhat.com>
|
||||
Date: Mon, 8 May 2023 17:50:21 +0200
|
||||
Subject: [PATCH] Fix bzip2 detection
|
||||
|
||||
HAVE_BZLIB_H was not set due to a typo leading to the bz2 support not
|
||||
being compiled in although the library was detected correctly.
|
||||
---
|
||||
CMakeLists.txt | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
||||
index 9718505bf..4a5332f4b 100644
|
||||
--- a/CMakeLists.txt
|
||||
+++ b/CMakeLists.txt
|
||||
@@ -272,7 +272,7 @@ id0name(UID_0_USER /etc/passwd)
|
||||
id0name(GID_0_GROUP /etc/group)
|
||||
|
||||
# map module/package findings to config.h
|
||||
-if (${Bzip2_FOUND})
|
||||
+if (${BZIP2_FOUND})
|
||||
set(HAVE_BZLIB_H 1)
|
||||
endif()
|
||||
if (${LIBLZMA_FOUND})
|
||||
--
|
||||
2.40.1
|
||||
|
@ -1,28 +0,0 @@
|
||||
From acfe252822db37fc9f47c221c4e3ae79a5f0be27 Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Mon, 22 May 2023 18:19:24 +0300
|
||||
Subject: [PATCH] Fix undefined symbols from plugins in some circumstances
|
||||
|
||||
Another bit lost in the cmake transition: plugin linkage to librpm and
|
||||
librpmio. In rpm itself this doesn't really matter because the running
|
||||
process supplies the necessary symbols but it's a different story when eg
|
||||
a Python process uses dlopen()'ed bindings.
|
||||
---
|
||||
plugins/CMakeLists.txt | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/plugins/CMakeLists.txt b/plugins/CMakeLists.txt
|
||||
index 6768378f9..1ca025868 100644
|
||||
--- a/plugins/CMakeLists.txt
|
||||
+++ b/plugins/CMakeLists.txt
|
||||
@@ -40,6 +40,7 @@ set(plugindir ${CMAKE_INSTALL_FULL_LIBDIR}/rpm-plugins)
|
||||
|
||||
get_property(plugins DIRECTORY PROPERTY BUILDSYSTEM_TARGETS)
|
||||
foreach(plugin ${plugins})
|
||||
+ target_link_libraries(${plugin} PRIVATE librpmio librpm)
|
||||
install(TARGETS ${plugin} DESTINATION ${plugindir})
|
||||
endforeach()
|
||||
|
||||
--
|
||||
2.40.1
|
||||
|
@ -1,31 +0,0 @@
|
||||
From 33702961f45567a599bc0f0dac055604dc204fb1 Mon Sep 17 00:00:00 2001
|
||||
From: Florian Festi <ffesti@redhat.com>
|
||||
Date: Tue, 2 May 2023 09:03:50 +0200
|
||||
Subject: [PATCH] Remove second share/ dir from infodir and mandir
|
||||
|
||||
cmake variables and the derived macros.
|
||||
|
||||
CMAKE_INSTALL_INFODIR and CMAKE_INSTALL_MANDIR already include the
|
||||
datarootdir. So just prepending the prefix is sufficient.
|
||||
---
|
||||
CMakeLists.txt | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
||||
index 230d18d1f..9718505bf 100644
|
||||
--- a/CMakeLists.txt
|
||||
+++ b/CMakeLists.txt
|
||||
@@ -67,8 +67,8 @@ function(makemacros)
|
||||
set(libdir "\${prefix}/=LIB=")
|
||||
set(includedir "\${prefix}/${CMAKE_INSTALL_INCLUDEDIR}")
|
||||
set(oldincludedir "${CMAKE_INSTALL_FULL_OLDINCLUDEDIR}")
|
||||
- set(infodir "\${datarootdir}/${CMAKE_INSTALL_INFODIR}")
|
||||
- set(mandir "\${datarootdir}/${CMAKE_INSTALL_MANDIR}")
|
||||
+ set(infodir "\${prefix}/${CMAKE_INSTALL_INFODIR}")
|
||||
+ set(mandir "\${prefix}/${CMAKE_INSTALL_MANDIR}")
|
||||
set(RUNDIR /run)
|
||||
|
||||
set(acutils
|
||||
--
|
||||
2.40.1
|
||||
|
@ -1,58 +0,0 @@
|
||||
From 673bd62bd3035575f8fad501f1395b09a0f9f8fe Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <673bd62bd3035575f8fad501f1395b09a0f9f8fe.1685346662.git.pmatilai@redhat.com>
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Mon, 29 May 2023 10:34:57 +0300
|
||||
Subject: [PATCH] Revert %_smp_build_ncpus change to a parametric macro
|
||||
(RhBug:2210347)
|
||||
|
||||
Commit a213101bc3af65c860d045c65fb4e2ef7566a4c6 changed %_smp_build_ncpus
|
||||
into a parametric macro, but this breaks common usage via the Lua macros
|
||||
table as parametric macros are returned as closures rather than the
|
||||
expanded value.
|
||||
|
||||
This seems like a design flaw of the macros table, but as an immediate
|
||||
remedy for the breakage, add another layer of indirection to revert
|
||||
%_smp_build_ncpus back to a non-parametric macro.
|
||||
|
||||
Fixes %constrain_build macro in Fedora, which ironically is made obsolete by
|
||||
the change that (unintentionally) broke it.
|
||||
---
|
||||
macros.in | 12 +++++++-----
|
||||
1 file changed, 7 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/macros.in b/macros.in
|
||||
index 5521daba8..4dc6e3ca3 100644
|
||||
--- a/macros.in
|
||||
+++ b/macros.in
|
||||
@@ -717,21 +717,23 @@ Supplements: (%{name} = %{version}-%{release} and langpacks-%{1})\
|
||||
# Macro to fix broken permissions in sources
|
||||
%_fixperms %{__chmod} -Rf a+rX,u+w,g-w,o-w
|
||||
|
||||
-# Maximum number of CPU's to use when building, 0 for unlimited.
|
||||
-#%_smp_ncpus_max 0
|
||||
-
|
||||
-%_smp_build_ncpus() %([ -z "$RPM_BUILD_NCPUS" ] \\\
|
||||
+%__smp_use_ncpus() %([ -z "$RPM_BUILD_NCPUS" ] \\\
|
||||
&& RPM_BUILD_NCPUS="%{getncpus %{?1}}"; \\\
|
||||
ncpus_max=%{?_smp_ncpus_max}; \\\
|
||||
if [ -n "$ncpus_max" ] && [ "$ncpus_max" -gt 0 ] && [ "$RPM_BUILD_NCPUS" -gt "$ncpus_max" ]; then RPM_BUILD_NCPUS="$ncpus_max"; fi; \\\
|
||||
echo "$RPM_BUILD_NCPUS";)
|
||||
|
||||
+# Maximum number of CPU's to use when building, 0 for unlimited.
|
||||
+#%_smp_ncpus_max 0
|
||||
+
|
||||
+%_smp_build_ncpus %{__smp_use_ncpus:proc}
|
||||
+
|
||||
%_smp_mflags -j${RPM_BUILD_NCPUS}
|
||||
|
||||
# Maximum number of threads to use when building, 0 for unlimited
|
||||
#%_smp_nthreads_max 0
|
||||
|
||||
-%_smp_build_nthreads %{_smp_build_ncpus:thread}
|
||||
+%_smp_build_nthreads %{__smp_use_ncpus:thread}
|
||||
|
||||
# Assumed task size of processes and threads in megabytes.
|
||||
# Used to limit the amount of parallelism based on available memory.
|
||||
--
|
||||
2.40.1
|
||||
|
@ -1,41 +0,0 @@
|
||||
From 021a7d3aaa5458d8956babf0220a3e574a2b8e62 Mon Sep 17 00:00:00 2001
|
||||
From: Florian Festi <ffesti@redhat.com>
|
||||
Date: Wed, 17 May 2023 17:23:59 +0200
|
||||
Subject: [PATCH] Use mkdir -p for creating SPECPARTS dir
|
||||
|
||||
to not error out when invoking %setup more than once or shipping the
|
||||
directory in the sources.
|
||||
---
|
||||
build/parsePrep.c | 2 +-
|
||||
tests/rpmspec.at | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/build/parsePrep.c b/build/parsePrep.c
|
||||
index f8e09a8c7..ea8faa953 100644
|
||||
--- a/build/parsePrep.c
|
||||
+++ b/build/parsePrep.c
|
||||
@@ -274,7 +274,7 @@ static int doSetupMacro(rpmSpec spec, const char *line)
|
||||
}
|
||||
|
||||
/* mkdir for dynamic specparts */
|
||||
- buf = rpmExpand("%{__mkdir} SPECPARTS", NULL);
|
||||
+ buf = rpmExpand("%{__mkdir_p} SPECPARTS", NULL);
|
||||
appendBuf(spec, buf, 1);
|
||||
free(buf);
|
||||
|
||||
diff --git a/tests/rpmspec.at b/tests/rpmspec.at
|
||||
index 548b4b3cc..564479391 100644
|
||||
--- a/tests/rpmspec.at
|
||||
+++ b/tests/rpmspec.at
|
||||
@@ -333,7 +333,7 @@ if [ $STATUS -ne 0 ]; then
|
||||
exit $STATUS
|
||||
fi
|
||||
cd 'hello-1.0'
|
||||
-/usr/bin/mkdir SPECPARTS
|
||||
+/usr/bin/mkdir -p SPECPARTS
|
||||
/usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
|
||||
echo "Patch #0 (hello-1.0-modernize.patch):"
|
||||
/usr/bin/patch --no-backup-if-mismatch -f -p1 -b --suffix .modernize --fuzz=0 < /build/SOURCES/hello-1.0-modernize.patch
|
||||
--
|
||||
2.40.1
|
||||
|
16
rpm.spec
16
rpm.spec
@ -30,9 +30,9 @@
|
||||
|
||||
%define rpmhome /usr/lib/rpm
|
||||
|
||||
%global rpmver 4.18.90
|
||||
%global rpmver 4.18.91
|
||||
#global snapver rc1
|
||||
%global baserelease 10
|
||||
%global baserelease 1
|
||||
%global sover 10
|
||||
|
||||
%global srcver %{rpmver}%{?snapver:-%{snapver}}
|
||||
@ -148,13 +148,6 @@ rpm-4.18.90-disable-sysusers.patch
|
||||
rpm-4.18.90-weak-user-group.patch
|
||||
# Patches already upstream:
|
||||
# ...
|
||||
0001-Remove-second-share-dir-from-infodir-and-mandir.patch
|
||||
0001-Add-pgpVerifySignature2-and-pgpPrtParams2.patch
|
||||
0001-Fix-bzip2-detection.patch
|
||||
0001-Enable-large-file-support-on-32-bit-systems-again.patch
|
||||
0001-Use-mkdir-p-for-creating-SPECPARTS-dir.patch
|
||||
0001-Fix-undefined-symbols-from-plugins-in-some-circumsta.patch
|
||||
0001-Revert-_smp_build_ncpus-change-to-a-parametric-macro.patch
|
||||
|
||||
# These are not yet upstream
|
||||
rpm-4.7.1-geode-i686.patch
|
||||
@ -569,7 +562,7 @@ fi
|
||||
%files plugin-dbus-announce
|
||||
%{_libdir}/rpm-plugins/dbus_announce.so
|
||||
%{_mandir}/man8/rpm-plugin-dbus-announce.8*
|
||||
%{_sysconfdir}/dbus-1/system.d/org.rpm.conf
|
||||
%{_datadir}/dbus-1/system.d/org.rpm.conf
|
||||
%endif
|
||||
|
||||
%files build-libs
|
||||
@ -631,6 +624,9 @@ fi
|
||||
%doc %{_defaultdocdir}/rpm/API/
|
||||
|
||||
%changelog
|
||||
* Fri Jun 09 2023 Michal Domonkos <mdomonko@redhat.com> - 4.18.91-1
|
||||
- Update to 4.19 alpha2
|
||||
|
||||
* Thu Jun 08 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 4.18.90-10
|
||||
- Rebuild for ima-evm-utils 1.5 soname bump
|
||||
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (rpm-4.18.90.tar.bz2) = 2d1a499fe053c5f3497b0ae4c133ef3b05b4b87e12ee5d349ad8c34dbfaebc20c1b3e6727143c152040ed1e132047bcf95afcbbe4a8cb2c4f91900b536d7821c
|
||||
SHA512 (rpm-4.18.91.tar.bz2) = e3b3e9f195e16afc0596d31ad7614b8369e2b9c6835cc2739f166772d21ae71714ce99b29fded63843ab7216bb34f1c33bb69c0718383ed4bb3b9058639aa246
|
||||
|
Loading…
Reference in New Issue
Block a user