- Update to upstream alpha release
This commit is contained in:
parent
fcbbffb488
commit
632722fbed
1
.gitignore
vendored
1
.gitignore
vendored
@ -18,3 +18,4 @@
|
||||
/rpm-4.12.0-rc1.tar.bz2
|
||||
/rpm-4.12.0.tar.bz2
|
||||
/rpm-4.12.0.1.tar.bz2
|
||||
/rpm-4.12.90.tar.bz2
|
||||
|
@ -1,37 +0,0 @@
|
||||
From 4f58e5abcb336292f78bc6d54e1140b4fdded30b Mon Sep 17 00:00:00 2001
|
||||
From: Pascal Terjan <pterjan@mandriva.org>
|
||||
Date: Sat, 14 Feb 2015 21:58:19 +0000
|
||||
Subject: [PATCH] Fix find-debuginfo.sh for ELF with file warnings
|
||||
|
||||
Since the fix for CVE-2014-9620, file will print a "warning" that it
|
||||
only processed 256 notes:
|
||||
|
||||
$ file -N libjvm.so
|
||||
libjvm.so: ELF 64-bit LSB shared object, x86-64, version 1 (GNU/Linux), dynamically linked, BuildID[sha1]=63ece24db1a29f9df8231337f741664e0b10fc7f, not stripped, too many notes (256)
|
||||
|
||||
And this leads to those messages and a failure:
|
||||
stat: cannot stat 'libjvm.so,': No such file or directory
|
||||
stat: cannot stat 'too': No such file or directory
|
||||
stat: cannot stat 'many': No such file or directory
|
||||
stat: cannot stat 'notes': No such file or directory
|
||||
stat: cannot stat '(256)': No such file or directory
|
||||
---
|
||||
scripts/find-debuginfo.sh | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/scripts/find-debuginfo.sh b/scripts/find-debuginfo.sh
|
||||
index 57449f7..264fad5 100644
|
||||
--- a/scripts/find-debuginfo.sh
|
||||
+++ b/scripts/find-debuginfo.sh
|
||||
@@ -205,7 +205,7 @@ $strict || strict_error=WARNING
|
||||
find "$RPM_BUILD_ROOT" ! -path "${debugdir}/*.debug" -type f \
|
||||
\( -perm -0100 -or -perm -0010 -or -perm -0001 \) \
|
||||
-print |
|
||||
-file -N -f - | sed -n -e 's/^\(.*\):[ ]*.*ELF.*, not stripped/\1/p' |
|
||||
+file -N -f - | sed -n -e 's/^\(.*\):[ ]*.*ELF.*, not stripped.*/\1/p' |
|
||||
xargs --no-run-if-empty stat -c '%h %D_%i %n' |
|
||||
while read nlinks inum f; do
|
||||
get_debugfn "$f"
|
||||
--
|
||||
2.3.0
|
||||
|
@ -1,29 +0,0 @@
|
||||
From 97989236c0f39ccbc7f2c1d52cc30f167fd827fe Mon Sep 17 00:00:00 2001
|
||||
From: Florian Festi <ffesti@redhat.com>
|
||||
Date: Mon, 26 Jan 2015 14:22:34 +0100
|
||||
Subject: [PATCH] Fix Python import directive for more strict Python3 search
|
||||
rules
|
||||
|
||||
Fixes http://rpm.org/ticket/885
|
||||
---
|
||||
python/rpm/transaction.py | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/python/rpm/transaction.py b/python/rpm/transaction.py
|
||||
index db7ca67..91a6cc1 100644
|
||||
--- a/python/rpm/transaction.py
|
||||
+++ b/python/rpm/transaction.py
|
||||
@@ -37,8 +37,8 @@ class TransactionSet(TransactionSetCore):
|
||||
return self._wrapSetGet('_probFilter', ignoreSet)
|
||||
|
||||
def parseSpec(self, specfile):
|
||||
- import _rpmb
|
||||
- return _rpmb.spec(specfile)
|
||||
+ import rpm._rpmb
|
||||
+ return rpm._rpmb.spec(specfile)
|
||||
|
||||
def getKeys(self):
|
||||
keys = []
|
||||
--
|
||||
2.1.0
|
||||
|
@ -1,148 +0,0 @@
|
||||
diff -urp rpm-4.12.0.1/installplatform r/installplatform
|
||||
--- rpm-4.12.0.1/installplatform 2014-06-30 10:47:13.954503637 +0200
|
||||
+++ r/installplatform 2015-07-14 09:34:15.917109096 +0200
|
||||
@@ -114,6 +114,30 @@ for ARCH in noarch `grep ^arch_canon $RP
|
||||
CANONARCH=aarch64
|
||||
CANONCOLOR=3
|
||||
;;
|
||||
+ mips)
|
||||
+ ISANAME=mips
|
||||
+ ISABITS=32
|
||||
+ CANONARCH=mips
|
||||
+ CANONCOLOR=0
|
||||
+ ;;
|
||||
+ mipsel)
|
||||
+ ISANAME=mips
|
||||
+ ISABITS=32
|
||||
+ CANONARCH=mipsel
|
||||
+ CANONCOLOR=0
|
||||
+ ;;
|
||||
+ mips64)
|
||||
+ ISANAME=mips
|
||||
+ ISABITS=64
|
||||
+ CANONARCH=mips64
|
||||
+ CANONCOLOR=3
|
||||
+ ;;
|
||||
+ mips64el)
|
||||
+ ISANAME=mips
|
||||
+ ISABITS=64
|
||||
+ CANONARCH=mips64el
|
||||
+ CANONCOLOR=3
|
||||
+ ;;
|
||||
m68k)
|
||||
ISANAME=m68k
|
||||
ISABITS=32
|
||||
diff -urp rpm-4.12.0.1/lib/rpmrc.c r/lib/rpmrc.c
|
||||
--- rpm-4.12.0.1/lib/rpmrc.c 2014-07-03 17:11:48.572096075 +0200
|
||||
+++ r/lib/rpmrc.c 2015-07-14 09:34:15.918109105 +0200
|
||||
@@ -1053,10 +1053,22 @@ static void defaultMachine(rpmrcCtx ctx,
|
||||
|
||||
# if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL)
|
||||
/* little endian */
|
||||
- strcpy(un.machine, "mipsel");
|
||||
+# if defined(__LP64__) || defined(_LP64)
|
||||
+ /* 64-bit */
|
||||
+ strcpy(un.machine, "mips64el");
|
||||
+# else
|
||||
+ /* 32-bit */
|
||||
+ strcpy(un.machine, "mipsel");
|
||||
+# endif
|
||||
# elif defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB)
|
||||
/* big endian */
|
||||
- strcpy(un.machine, "mips");
|
||||
+# if defined(__LP64__) || defined(_LP64)
|
||||
+ /* 64-bit */
|
||||
+ strcpy(un.machine, "mips64");
|
||||
+# else
|
||||
+ /* 32-bit */
|
||||
+ strcpy(un.machine, "mips");
|
||||
+# endif
|
||||
# endif
|
||||
|
||||
# if defined(__hpux) && defined(_SC_CPU_VERSION)
|
||||
diff -urp rpm-4.12.0.1/macros.in r/macros.in
|
||||
--- rpm-4.12.0.1/macros.in 2015-07-14 09:33:34.422697268 +0200
|
||||
+++ r/macros.in 2015-07-14 09:34:15.918109105 +0200
|
||||
@@ -1011,6 +1011,10 @@ done \
|
||||
%arm armv3l armv4b armv4l armv4tl armv5tel armv5tejl armv6l armv6hl armv7l armv7hl armv7hnl
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
+# arch macro for all supported MIPS processors
|
||||
+%mips mips mipsel mips64 mips64el
|
||||
+
|
||||
+#------------------------------------------------------------------------------
|
||||
# arch macro for all supported Sparc processors
|
||||
%sparc sparc sparcv8 sparcv9 sparcv9v sparc64 sparc64v
|
||||
|
||||
diff -urp rpm-4.12.0.1/rpmrc.in r/rpmrc.in
|
||||
--- rpm-4.12.0.1/rpmrc.in 2015-07-14 09:33:34.413697179 +0200
|
||||
+++ r/rpmrc.in 2015-07-14 09:34:47.557423122 +0200
|
||||
@@ -59,6 +59,8 @@ optflags: hppa2.0 -O2 -g -mpa-risc-1-0
|
||||
|
||||
optflags: mips -O2 -g
|
||||
optflags: mipsel -O2 -g
|
||||
+optflags: mips64 -O2 -g
|
||||
+optflags: mips64el -O2 -g
|
||||
|
||||
optflags: armv3l -O2 -g -march=armv3
|
||||
optflags: armv4b -O2 -g -march=armv4
|
||||
@@ -114,6 +116,11 @@ archcolor: armv5tejl 1
|
||||
archcolor: armv6l 1
|
||||
archcolor: armv7l 1
|
||||
|
||||
+archcolor: mips 1
|
||||
+archcolor: mipsel 1
|
||||
+archcolor: mips64 2
|
||||
+archcolor: mips64el 2
|
||||
+
|
||||
archcolor: m68k 1
|
||||
|
||||
archcolor: m68kmint 1
|
||||
@@ -167,6 +174,7 @@ arch_canon: sparcv9: sparcv9 3
|
||||
arch_canon: sparcv9v: sparcv9v 3
|
||||
# This is really a place holder for MIPS.
|
||||
arch_canon: mips: mips 4
|
||||
+arch_canon: mipsel: mipsel 4
|
||||
|
||||
arch_canon: ppc: ppc 5
|
||||
arch_canon: ppc8260: ppc8260 5
|
||||
@@ -180,7 +188,8 @@ arch_canon: IP: sgi 7
|
||||
arch_canon: rs6000: rs6000 8
|
||||
arch_canon: ia64: ia64 9
|
||||
|
||||
-arch_canon: mipsel: mipsel 11
|
||||
+arch_canon: mips64: mips64 11
|
||||
+arch_canon: mips64el: mips64el 11
|
||||
|
||||
arch_canon: armv3l: armv3l 12
|
||||
arch_canon: armv4b: armv4b 12
|
||||
@@ -309,6 +318,11 @@ buildarchtranslate: armv7l: armv7l
|
||||
buildarchtranslate: armv7hl: armv7hl
|
||||
buildarchtranslate: armv7hnl: armv7hnl
|
||||
|
||||
+buildarchtranslate: mips: mips
|
||||
+buildarchtranslate: mipsel: mipsel
|
||||
+buildarchtranslate: mips64: mips64
|
||||
+buildarchtranslate: mips64el: mips64el
|
||||
+
|
||||
buildarchtranslate: m68k: m68k
|
||||
|
||||
buildarchtranslate: atarist: m68kmint
|
||||
@@ -387,6 +401,8 @@ arch_compat: sparc: noarch
|
||||
|
||||
arch_compat: mips: noarch
|
||||
arch_compat: mipsel: noarch
|
||||
+arch_compat: mips64: mips
|
||||
+arch_compat: mips64el: mipsel
|
||||
|
||||
arch_compat: hppa2.0: hppa1.2
|
||||
arch_compat: hppa1.2: hppa1.1
|
||||
@@ -508,6 +524,8 @@ buildarch_compat: ppc64p7: ppc64
|
||||
|
||||
buildarch_compat: mips: noarch
|
||||
buildarch_compat: mipsel: noarch
|
||||
+buildarch_compat: mips64: noarch
|
||||
+buildarch_compat: mips64el: noarch
|
||||
|
||||
buildarch_compat: armv4b: noarch
|
||||
buildarch_compat: armv7l: armv6l
|
@ -1,76 +0,0 @@
|
||||
commit 104856ea17161eb3a508913c2b7ed701f2e4f6aa
|
||||
Author: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Tue Oct 7 15:37:21 2014 +0300
|
||||
|
||||
Unbreak size and archive size generation on big-endian systems
|
||||
|
||||
- Fix regression from commit 68bddc353a7ea87ea00ad957858cd509e845e84c,
|
||||
accessing a 64bit int as if it were a 32bit one doesn't make it one.
|
||||
|
||||
diff --git a/build/pack.c b/build/pack.c
|
||||
index 28834dc..15f005a 100644
|
||||
--- a/build/pack.c
|
||||
+++ b/build/pack.c
|
||||
@@ -273,9 +273,6 @@ static rpmRC generateSignature(char *SHA1, uint8_t *MD5, rpm_loff_t size,
|
||||
{
|
||||
Header sig = NULL;
|
||||
struct rpmtd_s td;
|
||||
- rpmTagVal sizetag;
|
||||
- rpmTagVal payloadtag;
|
||||
- rpm_tagtype_t typetag;
|
||||
rpmRC rc = RPMRC_OK;
|
||||
char *reservedSpace;
|
||||
int spaceSize = 0;
|
||||
@@ -297,29 +294,33 @@ static rpmRC generateSignature(char *SHA1, uint8_t *MD5, rpm_loff_t size,
|
||||
td.data = MD5;
|
||||
headerPut(sig, &td, HEADERPUT_DEFAULT);
|
||||
|
||||
+ rpmtdReset(&td);
|
||||
+ td.count = 1;
|
||||
if (payloadSize < UINT32_MAX) {
|
||||
- sizetag = RPMSIGTAG_SIZE;
|
||||
- payloadtag = RPMSIGTAG_PAYLOADSIZE;
|
||||
- typetag = RPM_INT32_TYPE;
|
||||
+ rpm_off_t p = payloadSize;
|
||||
+ rpm_off_t s = size;
|
||||
+ td.type = RPM_INT32_TYPE;
|
||||
+
|
||||
+ td.tag = RPMSIGTAG_PAYLOADSIZE;
|
||||
+ td.data = &p;
|
||||
+ headerPut(sig, &td, HEADERPUT_DEFAULT);
|
||||
+
|
||||
+ td.tag = RPMSIGTAG_SIZE;
|
||||
+ td.data = &s;
|
||||
+ headerPut(sig, &td, HEADERPUT_DEFAULT);
|
||||
} else {
|
||||
- sizetag = RPMSIGTAG_LONGSIZE;
|
||||
- payloadtag = RPMSIGTAG_LONGARCHIVESIZE;
|
||||
- typetag = RPM_INT64_TYPE;
|
||||
- }
|
||||
+ rpm_loff_t p = payloadSize;
|
||||
+ rpm_loff_t s = size;
|
||||
+ td.type = RPM_INT64_TYPE;
|
||||
|
||||
- rpmtdReset(&td);
|
||||
- td.tag = payloadtag;
|
||||
- td.count = 1;
|
||||
- td.type = typetag;
|
||||
- td.data = &payloadSize;
|
||||
- headerPut(sig, &td, HEADERPUT_DEFAULT);
|
||||
+ td.tag = RPMSIGTAG_LONGARCHIVESIZE;
|
||||
+ td.data = &p;
|
||||
+ headerPut(sig, &td, HEADERPUT_DEFAULT);
|
||||
|
||||
- rpmtdReset(&td);
|
||||
- td.tag = sizetag;
|
||||
- td.count = 1;
|
||||
- td.type = typetag;
|
||||
- td.data = &size;
|
||||
- headerPut(sig, &td, HEADERPUT_DEFAULT);
|
||||
+ td.tag = RPMSIGTAG_LONGSIZE;
|
||||
+ td.data = &s;
|
||||
+ headerPut(sig, &td, HEADERPUT_DEFAULT);
|
||||
+ }
|
||||
|
||||
spaceSize = rpmExpandNumeric("%{__gpg_reserved_space}");
|
||||
if(spaceSize > 0) {
|
@ -1,43 +0,0 @@
|
||||
From 0f051ab3b5b7a5342029e49b9a72ec7499a3d6ad Mon Sep 17 00:00:00 2001
|
||||
From: Lubos Kardos <lkardos@redhat.com>
|
||||
Date: Fri, 27 Mar 2015 15:45:57 +0100
|
||||
Subject: [PATCH] Pass _find_debuginfo_opts -g to eu-strip for executables
|
||||
(rhbz:#1186563)
|
||||
|
||||
---
|
||||
scripts/find-debuginfo.sh | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/scripts/find-debuginfo.sh b/scripts/find-debuginfo.sh
|
||||
index 264fad5..17522e0 100644
|
||||
--- a/scripts/find-debuginfo.sh
|
||||
+++ b/scripts/find-debuginfo.sh
|
||||
@@ -7,7 +7,7 @@
|
||||
# [[-l filelist]... [-p 'pattern'] -o debuginfo.list]
|
||||
# [builddir]
|
||||
#
|
||||
-# The -g flag says to use strip -g instead of full strip on DSOs.
|
||||
+# The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
|
||||
# The --strict-build-id flag says to exit with failure status if
|
||||
# any ELF binary processed fails to contain a build-id note.
|
||||
# The -r flag says to use eu-strip --reloc-debug-sections.
|
||||
@@ -23,7 +23,7 @@
|
||||
# All file names in switches are relative to builddir (. if not given).
|
||||
#
|
||||
|
||||
-# With -g arg, pass it to strip on libraries.
|
||||
+# With -g arg, pass it to strip on libraries or executables.
|
||||
strip_g=false
|
||||
|
||||
# with -r arg, pass --reloc-debug-sections to eu-strip.
|
||||
@@ -100,6 +100,7 @@ strip_to_debug()
|
||||
$strip_r && r=--reloc-debug-sections
|
||||
$strip_g && case "$(file -bi "$2")" in
|
||||
application/x-sharedlib*) g=-g ;;
|
||||
+ application/x-executable*) g=-g ;;
|
||||
esac
|
||||
eu-strip --remove-comment $r $g -f "$1" "$2" || exit
|
||||
chmod 444 "$1" || exit
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,71 +0,0 @@
|
||||
From b598ce37d76bde5b8a6029008531aba6d2fbf594 Mon Sep 17 00:00:00 2001
|
||||
From: Lubos Kardos <lkardos@redhat.com>
|
||||
Date: Thu, 12 Mar 2015 15:34:39 +0100
|
||||
Subject: [PATCH] Skip directory if contains subdirectory that contains only
|
||||
skipped files.
|
||||
|
||||
Previously directory was skipped from installation if it contained only
|
||||
skipped files. But it wasn't skipped if it contained some subdirectory.
|
||||
Now if subdirectory contains also only skipped files then subdirectory
|
||||
and also parent directory are skipped. It is achieved by solving
|
||||
subdirectories at first and then solving parent directories.
|
||||
(rhbz#1192625)
|
||||
---
|
||||
lib/transaction.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/transaction.c b/lib/transaction.c
|
||||
index 0f39732..af1deb8 100644
|
||||
--- a/lib/transaction.c
|
||||
+++ b/lib/transaction.c
|
||||
@@ -851,7 +851,8 @@ static void skipInstallFiles(const rpmts ts, rpmfiles files, rpmfs fs)
|
||||
}
|
||||
|
||||
/* Skip (now empty) directories that had skipped files. */
|
||||
- for (j = 0; j < dc; j++) {
|
||||
+ /* Iterate over dirs in reversed order to solve subdirs at first */
|
||||
+ for (j = dc; j >= 0; j--) {
|
||||
const char * dn, * bn;
|
||||
size_t dnlen, bnlen;
|
||||
|
||||
@@ -892,6 +893,11 @@ static void skipInstallFiles(const rpmts ts, rpmfiles files, rpmfs fs)
|
||||
continue;
|
||||
rpmlog(RPMLOG_DEBUG, "excluding directory %s\n", dn);
|
||||
rpmfsSetAction(fs, i, FA_SKIPNSTATE);
|
||||
+ ix = rpmfiDX(fi);
|
||||
+ /* Decrease count of files for parent directory */
|
||||
+ drc[ix]--;
|
||||
+ /* Mark directory because something was removed from them */
|
||||
+ dff[ix] = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
--
|
||||
1.9.3
|
||||
|
||||
From ee72c41d8b9994e4b1086c116927e8541a6ba592 Mon Sep 17 00:00:00 2001
|
||||
From: Lubos Kardos <lkardos@redhat.com>
|
||||
Date: Mon, 30 Mar 2015 09:31:15 +0200
|
||||
Subject: [PATCH] Fix off-by-one error (rhbz:#1206750)
|
||||
|
||||
- Caused by commit b598ce37d76bde5b8a6029008531aba6d2fbf594
|
||||
---
|
||||
lib/transaction.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/transaction.c b/lib/transaction.c
|
||||
index af1deb8..f9ffd10 100644
|
||||
--- a/lib/transaction.c
|
||||
+++ b/lib/transaction.c
|
||||
@@ -852,7 +852,7 @@ static void skipInstallFiles(const rpmts ts, rpmfiles files, rpmfs fs)
|
||||
|
||||
/* Skip (now empty) directories that had skipped files. */
|
||||
/* Iterate over dirs in reversed order to solve subdirs at first */
|
||||
- for (j = dc; j >= 0; j--) {
|
||||
+ for (j = dc - 1; j >= 0; j--) {
|
||||
const char * dn, * bn;
|
||||
size_t dnlen, bnlen;
|
||||
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,36 +0,0 @@
|
||||
From 363c015da5cbf315df267dc53580290984039804 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Kratochvil <jan.kratochvil@redhat.com>
|
||||
Date: Wed, 15 Apr 2015 09:51:08 +0200
|
||||
Subject: [PATCH] Make sure references to go sources in debuginfo packages go
|
||||
to the installed path and not the source file in the build environment.
|
||||
|
||||
- Resolves: rhbz#1184221
|
||||
---
|
||||
tools/debugedit.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/tools/debugedit.c b/tools/debugedit.c
|
||||
index 0f85885..cf89312 100644
|
||||
--- a/tools/debugedit.c
|
||||
+++ b/tools/debugedit.c
|
||||
@@ -480,7 +480,7 @@ edit_dwarf2_line (DSO *dso, uint32_t off, char *comp_dir, int phase)
|
||||
unsigned char *endcu, *endprol;
|
||||
unsigned char opcode_base;
|
||||
uint32_t value, dirt_cnt;
|
||||
- size_t comp_dir_len = strlen (comp_dir);
|
||||
+ size_t comp_dir_len = !comp_dir ? 0 : strlen (comp_dir);
|
||||
size_t abs_file_cnt = 0, abs_dir_cnt = 0;
|
||||
|
||||
if (phase != 0)
|
||||
@@ -950,7 +950,7 @@ edit_attributes (DSO *dso, unsigned char *ptr, struct abbrev_tag *t, int phase)
|
||||
}
|
||||
}
|
||||
|
||||
- if (found_list_offs && comp_dir)
|
||||
+ if (found_list_offs)
|
||||
edit_dwarf2_line (dso, list_offs, comp_dir, phase);
|
||||
|
||||
free (comp_dir);
|
||||
--
|
||||
2.1.0
|
||||
|
@ -1,201 +0,0 @@
|
||||
From 6a8924b4c9df8e3597f7b4aa3de46498d390c5a8 Mon Sep 17 00:00:00 2001
|
||||
From: Lubos Kardos <lkardos@redhat.com>
|
||||
Date: Tue, 9 Jun 2015 14:19:59 +0200
|
||||
Subject: [PATCH 1/2] Use named pipe instead of stdin as input for gpg
|
||||
|
||||
This enables running gpg with access to the shell the rpmsign command
|
||||
is running in. This is needed to allow gpg to get passphrase by itself.
|
||||
---
|
||||
sign/rpmgensig.c | 105 ++++++++++++++++++++++++++++++++++++++++++-------------
|
||||
1 file changed, 80 insertions(+), 25 deletions(-)
|
||||
|
||||
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
|
||||
index 0bd14e3..9691f0d 100644
|
||||
--- a/sign/rpmgensig.c
|
||||
+++ b/sign/rpmgensig.c
|
||||
@@ -8,6 +8,7 @@
|
||||
#include <errno.h>
|
||||
#include <sys/wait.h>
|
||||
#include <popt.h>
|
||||
+#include <libgen.h>
|
||||
|
||||
#include <rpm/rpmlib.h> /* RPMSIGTAG & related */
|
||||
#include <rpm/rpmmacro.h>
|
||||
@@ -33,6 +34,68 @@ typedef struct sigTarget_s {
|
||||
rpm_loff_t size;
|
||||
} *sigTarget;
|
||||
|
||||
+/*
|
||||
+ * There is no function for creating unique temporary fifos so create
|
||||
+ * unique temporary directory and then create fifo in it.
|
||||
+ */
|
||||
+static char *mkTempFifo(void)
|
||||
+{
|
||||
+ char *tmppath = NULL, *tmpdir = NULL, *fifofn = NULL;
|
||||
+ mode_t mode;
|
||||
+
|
||||
+ tmppath = rpmExpand("%{_tmppath}", NULL);
|
||||
+ if (rpmioMkpath(tmppath, 0755, (uid_t) -1, (gid_t) -1))
|
||||
+ goto exit;
|
||||
+
|
||||
+
|
||||
+ tmpdir = rpmGetPath(tmppath, "/rpm-tmp.XXXXXX", NULL);
|
||||
+ mode = umask(0077);
|
||||
+ tmpdir = mkdtemp(tmpdir);
|
||||
+ umask(mode);
|
||||
+ if (tmpdir == NULL) {
|
||||
+ rpmlog(RPMLOG_ERR, _("error creating temp directory %s: %m\n"),
|
||||
+ tmpdir);
|
||||
+ tmpdir = _free(tmpdir);
|
||||
+ goto exit;
|
||||
+ }
|
||||
+
|
||||
+ fifofn = rpmGetPath(tmpdir, "/fifo", NULL);
|
||||
+ if (mkfifo(fifofn, 0600) == -1) {
|
||||
+ rpmlog(RPMLOG_ERR, _("error creating fifo %s: %m\n"), fifofn);
|
||||
+ fifofn = _free(fifofn);
|
||||
+ }
|
||||
+
|
||||
+exit:
|
||||
+ if (fifofn == NULL && tmpdir != NULL)
|
||||
+ unlink(tmpdir);
|
||||
+
|
||||
+ free(tmppath);
|
||||
+ free(tmpdir);
|
||||
+
|
||||
+ return fifofn;
|
||||
+}
|
||||
+
|
||||
+/* Delete fifo and then temporary directory in which it was located */
|
||||
+static int rpmRmTempFifo(const char *fn)
|
||||
+{
|
||||
+ int rc = 0;
|
||||
+ char *dfn = NULL, *dir = NULL;
|
||||
+
|
||||
+ if ((rc = unlink(fn)) != 0) {
|
||||
+ rpmlog(RPMLOG_ERR, _("error delete fifo %s: %m\n"), fn);
|
||||
+ return rc;
|
||||
+ }
|
||||
+
|
||||
+ dfn = xstrdup(fn);
|
||||
+ dir = dirname(dfn);
|
||||
+
|
||||
+ if ((rc = rmdir(dir)) != 0)
|
||||
+ rpmlog(RPMLOG_ERR, _("error delete directory %s: %m\n"), dir);
|
||||
+ free(dfn);
|
||||
+
|
||||
+ return rc;
|
||||
+}
|
||||
+
|
||||
static int closeFile(FD_t *fdp)
|
||||
{
|
||||
if (fdp == NULL || *fdp == NULL)
|
||||
@@ -186,8 +249,9 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
|
||||
{
|
||||
int pid = 0, status;
|
||||
int inpipe[2];
|
||||
- int inpipe2[2];
|
||||
FILE * fpipe = NULL;
|
||||
+ FD_t fnamedPipe = NULL;
|
||||
+ char *namedPipeName = NULL;
|
||||
unsigned char buf[BUFSIZ];
|
||||
ssize_t count;
|
||||
ssize_t wantCount;
|
||||
@@ -200,13 +264,9 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
|
||||
goto exit;
|
||||
}
|
||||
|
||||
- inpipe2[0] = inpipe2[1] = 0;
|
||||
- if (pipe(inpipe2) < 0) {
|
||||
- rpmlog(RPMLOG_ERR, _("Couldn't create pipe for signing: %m"));
|
||||
- goto exit;
|
||||
- }
|
||||
+ namedPipeName = mkTempFifo();
|
||||
|
||||
- addMacro(NULL, "__plaintext_filename", NULL, "-", -1);
|
||||
+ addMacro(NULL, "__plaintext_filename", NULL, namedPipeName, -1);
|
||||
addMacro(NULL, "__signature_filename", NULL, sigfile, -1);
|
||||
|
||||
if (!(pid = fork())) {
|
||||
@@ -217,9 +277,6 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
|
||||
(void) dup2(inpipe[0], 3);
|
||||
(void) close(inpipe[1]);
|
||||
|
||||
- (void) dup2(inpipe2[0], STDIN_FILENO);
|
||||
- (void) close(inpipe2[1]);
|
||||
-
|
||||
if (gpg_path && *gpg_path != '\0')
|
||||
(void) setenv("GNUPGHOME", gpg_path, 1);
|
||||
(void) setenv("LC_ALL", "C", 1);
|
||||
@@ -240,8 +297,6 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
|
||||
|
||||
(void) close(inpipe[0]);
|
||||
inpipe[0] = 0;
|
||||
- (void) close(inpipe2[0]);
|
||||
- inpipe2[0] = 0;
|
||||
|
||||
fpipe = fdopen(inpipe[1], "w");
|
||||
if (!fpipe) {
|
||||
@@ -257,12 +312,11 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
|
||||
(void) fclose(fpipe);
|
||||
fpipe = NULL;
|
||||
|
||||
- fpipe = fdopen(inpipe2[1], "w");
|
||||
- if (!fpipe) {
|
||||
- rpmlog(RPMLOG_ERR, _("fdopen failed\n"));
|
||||
+ fnamedPipe = Fopen(namedPipeName, "w");
|
||||
+ if (!fnamedPipe) {
|
||||
+ rpmlog(RPMLOG_ERR, _("Fopen failed\n"));
|
||||
goto exit;
|
||||
}
|
||||
- inpipe2[1] = 0;
|
||||
|
||||
if (Fseek(sigt->fd, sigt->start, SEEK_SET) < 0) {
|
||||
rpmlog(RPMLOG_ERR, _("Could not seek in file %s: %s\n"),
|
||||
@@ -273,8 +327,8 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
|
||||
size = sigt->size;
|
||||
wantCount = size < sizeof(buf) ? size : sizeof(buf);
|
||||
while ((count = Fread(buf, sizeof(buf[0]), wantCount, sigt->fd)) > 0) {
|
||||
- fwrite(buf, sizeof(buf[0]), count, fpipe);
|
||||
- if (ferror(fpipe)) {
|
||||
+ Fwrite(buf, sizeof(buf[0]), count, fnamedPipe);
|
||||
+ if (Ferror(fnamedPipe)) {
|
||||
rpmlog(RPMLOG_ERR, _("Could not write to pipe\n"));
|
||||
goto exit;
|
||||
}
|
||||
@@ -286,8 +340,8 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
|
||||
sigt->fileName, Fstrerror(sigt->fd));
|
||||
goto exit;
|
||||
}
|
||||
- fclose(fpipe);
|
||||
- fpipe = NULL;
|
||||
+ Fclose(fnamedPipe);
|
||||
+ fnamedPipe = NULL;
|
||||
|
||||
(void) waitpid(pid, &status, 0);
|
||||
pid = 0;
|
||||
@@ -307,15 +361,16 @@ exit:
|
||||
if (inpipe[1])
|
||||
close(inpipe[1]);
|
||||
|
||||
- if (inpipe2[0])
|
||||
- close(inpipe[0]);
|
||||
-
|
||||
- if (inpipe2[1])
|
||||
- close(inpipe[1]);
|
||||
+ if (fnamedPipe)
|
||||
+ Fclose(fnamedPipe);
|
||||
|
||||
if (pid)
|
||||
waitpid(pid, &status, 0);
|
||||
|
||||
+ if (namedPipeName) {
|
||||
+ rpmRmTempFifo(namedPipeName);
|
||||
+ free(namedPipeName);
|
||||
+ }
|
||||
|
||||
return rc;
|
||||
}
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,370 +0,0 @@
|
||||
From 0bce5fcf270711a2e077fba0fb7c5979ea007eb5 Mon Sep 17 00:00:00 2001
|
||||
From: Lubos Kardos <lkardos@redhat.com>
|
||||
Date: Tue, 9 Jun 2015 18:06:29 +0200
|
||||
Subject: [PATCH 2/2] Allow gpg to get passphrase by itself.
|
||||
|
||||
Remove rpm asking for passphrase and then passing this passphrase
|
||||
to gpg via file descriptor (--passphrase-fd) but provide gpg with
|
||||
access to unredirected stdin to get passphrase directly from user.
|
||||
|
||||
Remove also macro %__gpg_check_password_cmd because in this new signing
|
||||
scheme has no sense. rpm doesn't handle passphrase in any way,
|
||||
everything is done in gpg including checking of passphrase.
|
||||
|
||||
We did this modification because of changes in gpg behavior. Since
|
||||
gpg-2.1 option "--passphrase-fd" doesn't work by default, only when
|
||||
it is explicitly allowed in gpg.conf. (rhbz:#1228234)
|
||||
---
|
||||
macros.in | 4 +--
|
||||
python/rpmsmodule.c | 9 +++---
|
||||
rpmsign.c | 82 +++--------------------------------------------------
|
||||
sign/rpmgensig.c | 67 +++++++++----------------------------------
|
||||
sign/rpmsign.h | 3 +-
|
||||
5 files changed, 23 insertions(+), 142 deletions(-)
|
||||
|
||||
diff --git a/macros.in b/macros.in
|
||||
index 414c1be..de89420 100644
|
||||
--- a/macros.in
|
||||
+++ b/macros.in
|
||||
@@ -538,11 +538,9 @@ package or when debugging this package.\
|
||||
# Macro(s) to hold the arguments passed to GPG/PGP for package
|
||||
# signing and verification.
|
||||
#
|
||||
-%__gpg_check_password_cmd %{__gpg} \
|
||||
- gpg --batch --no-verbose --passphrase-fd 3 -u "%{_gpg_name}" -so -
|
||||
|
||||
%__gpg_sign_cmd %{__gpg} \
|
||||
- gpg --batch --no-verbose --no-armor --passphrase-fd 3 \
|
||||
+ gpg --no-verbose --no-armor \
|
||||
%{?_gpg_digest_algo:--digest-algo %{_gpg_digest_algo}} \
|
||||
--no-secmem-warning \
|
||||
-u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}
|
||||
diff --git a/python/rpmsmodule.c b/python/rpmsmodule.c
|
||||
index a8289b5..0601353 100644
|
||||
--- a/python/rpmsmodule.c
|
||||
+++ b/python/rpmsmodule.c
|
||||
@@ -8,19 +8,18 @@ static char rpms__doc__[] =
|
||||
static PyObject * addSign(PyObject * self, PyObject * args, PyObject *kwds)
|
||||
{
|
||||
const char *path = NULL;
|
||||
- const char *passPhrase = NULL;
|
||||
- char * kwlist[] = { "path", "passPhrase", "keyid", "hashalgo", NULL };
|
||||
+ char * kwlist[] = { "path", "keyid", "hashalgo", NULL };
|
||||
struct rpmSignArgs sig, *sigp = NULL;
|
||||
|
||||
memset(&sig, 0, sizeof(sig));
|
||||
- if (!PyArg_ParseTupleAndKeywords(args, kwds, "ss|si", kwlist,
|
||||
- &path, &passPhrase, &sig.keyid, &sig.hashalgo))
|
||||
+ if (!PyArg_ParseTupleAndKeywords(args, kwds, "s|si", kwlist,
|
||||
+ &path, &sig.keyid, &sig.hashalgo))
|
||||
return NULL;
|
||||
|
||||
if (sig.keyid || sig.hashalgo)
|
||||
sigp = &sig;
|
||||
|
||||
- return PyBool_FromLong(rpmPkgSign(path, sigp, passPhrase) == 0);
|
||||
+ return PyBool_FromLong(rpmPkgSign(path, sigp) == 0);
|
||||
}
|
||||
|
||||
static PyObject * delSign(PyObject * self, PyObject * args, PyObject *kwds)
|
||||
diff --git a/rpmsign.c b/rpmsign.c
|
||||
index b8e5598..9b93e39 100644
|
||||
--- a/rpmsign.c
|
||||
+++ b/rpmsign.c
|
||||
@@ -41,72 +41,6 @@ static struct poptOption optionsTable[] = {
|
||||
POPT_TABLEEND
|
||||
};
|
||||
|
||||
-static int checkPassPhrase(const char * passPhrase)
|
||||
-{
|
||||
- int passPhrasePipe[2];
|
||||
- int pid, status;
|
||||
- int rc = -1;
|
||||
- int xx;
|
||||
-
|
||||
- if (passPhrase == NULL)
|
||||
- return -1;
|
||||
-
|
||||
- passPhrasePipe[0] = passPhrasePipe[1] = 0;
|
||||
- if (pipe(passPhrasePipe))
|
||||
- return -1;
|
||||
-
|
||||
- pid = fork();
|
||||
- if (pid < 0) {
|
||||
- close(passPhrasePipe[0]);
|
||||
- close(passPhrasePipe[1]);
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- if (pid == 0) {
|
||||
- char * cmd, * gpg_path;
|
||||
- char *const *av;
|
||||
- int fdno;
|
||||
-
|
||||
- close(STDIN_FILENO);
|
||||
- close(STDOUT_FILENO);
|
||||
- close(passPhrasePipe[1]);
|
||||
- if ((fdno = open("/dev/null", O_RDONLY)) != STDIN_FILENO) {
|
||||
- xx = dup2(fdno, STDIN_FILENO);
|
||||
- close(fdno);
|
||||
- }
|
||||
- if ((fdno = open("/dev/null", O_WRONLY)) != STDOUT_FILENO) {
|
||||
- xx = dup2(fdno, STDOUT_FILENO);
|
||||
- close(fdno);
|
||||
- }
|
||||
- xx = dup2(passPhrasePipe[0], 3);
|
||||
-
|
||||
- unsetenv("MALLOC_CHECK_");
|
||||
- gpg_path = rpmExpand("%{?_gpg_path}", NULL);
|
||||
-
|
||||
- if (!rstreq(gpg_path, ""))
|
||||
- setenv("GNUPGHOME", gpg_path, 1);
|
||||
-
|
||||
- cmd = rpmExpand("%{?__gpg_check_password_cmd}", NULL);
|
||||
- rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
|
||||
- if (xx >= 0 && rc == 0) {
|
||||
- rc = execve(av[0], av+1, environ);
|
||||
- fprintf(stderr, _("Could not exec %s: %s\n"), "gpg",
|
||||
- strerror(errno));
|
||||
- }
|
||||
- _exit(EXIT_FAILURE);
|
||||
- }
|
||||
-
|
||||
- close(passPhrasePipe[0]);
|
||||
- xx = write(passPhrasePipe[1], passPhrase, strlen(passPhrase));
|
||||
- xx = write(passPhrasePipe[1], "\n", 1);
|
||||
- close(passPhrasePipe[1]);
|
||||
-
|
||||
- if (xx >= 0 && waitpid(pid, &status, 0) >= 0)
|
||||
- rc = (WIFEXITED(status) && WEXITSTATUS(status) == 0) ? 0 : 1;
|
||||
-
|
||||
- return rc;
|
||||
-}
|
||||
-
|
||||
/* TODO: permit overriding macro setup on the command line */
|
||||
static int doSign(poptContext optCon)
|
||||
{
|
||||
@@ -119,18 +53,10 @@ static int doSign(poptContext optCon)
|
||||
goto exit;
|
||||
}
|
||||
|
||||
- /* XXX FIXME: eliminate obsolete getpass() usage */
|
||||
- passPhrase = getpass(_("Enter pass phrase: "));
|
||||
- passPhrase = (passPhrase != NULL) ? rstrdup(passPhrase) : NULL;
|
||||
- if (checkPassPhrase(passPhrase) == 0) {
|
||||
- const char *arg;
|
||||
- fprintf(stderr, _("Pass phrase is good.\n"));
|
||||
- rc = 0;
|
||||
- while ((arg = poptGetArg(optCon)) != NULL) {
|
||||
- rc += rpmPkgSign(arg, NULL, passPhrase);
|
||||
- }
|
||||
- } else {
|
||||
- fprintf(stderr, _("Pass phrase check failed or gpg key expired\n"));
|
||||
+ const char *arg;
|
||||
+ rc = 0;
|
||||
+ while ((arg = poptGetArg(optCon)) != NULL) {
|
||||
+ rc += rpmPkgSign(arg, NULL);
|
||||
}
|
||||
|
||||
exit:
|
||||
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
|
||||
index 9691f0d..24bf39e 100644
|
||||
--- a/sign/rpmgensig.c
|
||||
+++ b/sign/rpmgensig.c
|
||||
@@ -245,11 +245,9 @@ exit:
|
||||
return rc;
|
||||
}
|
||||
|
||||
-static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
|
||||
+static int runGPG(sigTarget sigt, const char *sigfile)
|
||||
{
|
||||
int pid = 0, status;
|
||||
- int inpipe[2];
|
||||
- FILE * fpipe = NULL;
|
||||
FD_t fnamedPipe = NULL;
|
||||
char *namedPipeName = NULL;
|
||||
unsigned char buf[BUFSIZ];
|
||||
@@ -258,12 +256,6 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
|
||||
rpm_loff_t size;
|
||||
int rc = 1; /* assume failure */
|
||||
|
||||
- inpipe[0] = inpipe[1] = 0;
|
||||
- if (pipe(inpipe) < 0) {
|
||||
- rpmlog(RPMLOG_ERR, _("Couldn't create pipe for signing: %m"));
|
||||
- goto exit;
|
||||
- }
|
||||
-
|
||||
namedPipeName = mkTempFifo();
|
||||
|
||||
addMacro(NULL, "__plaintext_filename", NULL, namedPipeName, -1);
|
||||
@@ -274,9 +266,6 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
|
||||
char *cmd = NULL;
|
||||
const char *gpg_path = rpmExpand("%{?_gpg_path}", NULL);
|
||||
|
||||
- (void) dup2(inpipe[0], 3);
|
||||
- (void) close(inpipe[1]);
|
||||
-
|
||||
if (gpg_path && *gpg_path != '\0')
|
||||
(void) setenv("GNUPGHOME", gpg_path, 1);
|
||||
(void) setenv("LC_ALL", "C", 1);
|
||||
@@ -295,23 +284,6 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
|
||||
delMacro(NULL, "__plaintext_filename");
|
||||
delMacro(NULL, "__signature_filename");
|
||||
|
||||
- (void) close(inpipe[0]);
|
||||
- inpipe[0] = 0;
|
||||
-
|
||||
- fpipe = fdopen(inpipe[1], "w");
|
||||
- if (!fpipe) {
|
||||
- rpmlog(RPMLOG_ERR, _("fdopen failed\n"));
|
||||
- goto exit;
|
||||
- }
|
||||
- inpipe[1] = 0;
|
||||
-
|
||||
- if (fprintf(fpipe, "%s\n", (passPhrase ? passPhrase : "")) < 0) {
|
||||
- rpmlog(RPMLOG_ERR, _("Could not write to pipe\n"));
|
||||
- goto exit;
|
||||
- }
|
||||
- (void) fclose(fpipe);
|
||||
- fpipe = NULL;
|
||||
-
|
||||
fnamedPipe = Fopen(namedPipeName, "w");
|
||||
if (!fnamedPipe) {
|
||||
rpmlog(RPMLOG_ERR, _("Fopen failed\n"));
|
||||
@@ -352,14 +324,6 @@ static int runGPG(sigTarget sigt, const char *sigfile, const char * passPhrase)
|
||||
}
|
||||
|
||||
exit:
|
||||
- if (fpipe)
|
||||
- fclose(fpipe);
|
||||
-
|
||||
- if (inpipe[0])
|
||||
- close(inpipe[0]);
|
||||
-
|
||||
- if (inpipe[1])
|
||||
- close(inpipe[1]);
|
||||
|
||||
if (fnamedPipe)
|
||||
Fclose(fnamedPipe);
|
||||
@@ -383,8 +347,7 @@ exit:
|
||||
* @param passPhrase private key pass phrase
|
||||
* @return 0 on success, 1 on failure
|
||||
*/
|
||||
-static int makeGPGSignature(Header sigh, int ishdr, sigTarget sigt,
|
||||
- const char * passPhrase)
|
||||
+static int makeGPGSignature(Header sigh, int ishdr, sigTarget sigt)
|
||||
{
|
||||
char * sigfile = rstrscat(NULL, sigt->fileName, ".sig", NULL);
|
||||
struct stat st;
|
||||
@@ -392,7 +355,7 @@ static int makeGPGSignature(Header sigh, int ishdr, sigTarget sigt,
|
||||
size_t pktlen = 0;
|
||||
int rc = 1; /* assume failure */
|
||||
|
||||
- if (runGPG(sigt, sigfile, passPhrase))
|
||||
+ if (runGPG(sigt, sigfile))
|
||||
goto exit;
|
||||
|
||||
if (stat(sigfile, &st)) {
|
||||
@@ -431,16 +394,15 @@ exit:
|
||||
return rc;
|
||||
}
|
||||
|
||||
-static int rpmGenSignature(Header sigh, sigTarget sigt1, sigTarget sigt2,
|
||||
- const char * passPhrase)
|
||||
+static int rpmGenSignature(Header sigh, sigTarget sigt1, sigTarget sigt2)
|
||||
{
|
||||
int ret;
|
||||
|
||||
- ret = makeGPGSignature(sigh, 0, sigt1, passPhrase);
|
||||
+ ret = makeGPGSignature(sigh, 0, sigt1);
|
||||
if (ret)
|
||||
goto exit;
|
||||
|
||||
- ret = makeGPGSignature(sigh, 1, sigt2, passPhrase);
|
||||
+ ret = makeGPGSignature(sigh, 1, sigt2);
|
||||
if (ret)
|
||||
goto exit;
|
||||
exit:
|
||||
@@ -486,8 +448,7 @@ static int sameSignature(rpmTagVal sigtag, Header h1, Header h2)
|
||||
return (rc == 0);
|
||||
}
|
||||
|
||||
-static int replaceSignature(Header sigh, sigTarget sigt1, sigTarget sigt2,
|
||||
- const char *passPhrase)
|
||||
+static int replaceSignature(Header sigh, sigTarget sigt1, sigTarget sigt2)
|
||||
{
|
||||
/* Grab a copy of the header so we can compare the result */
|
||||
Header oldsigh = headerCopy(sigh);
|
||||
@@ -500,7 +461,7 @@ static int replaceSignature(Header sigh, sigTarget sigt1, sigTarget sigt2,
|
||||
* rpmGenSignature() internals parse the actual signing result and
|
||||
* adds appropriate tags for DSA/RSA.
|
||||
*/
|
||||
- if (rpmGenSignature(sigh, sigt1, sigt2, passPhrase) == 0) {
|
||||
+ if (rpmGenSignature(sigh, sigt1, sigt2) == 0) {
|
||||
/* Lets see what we got and whether its the same signature as before */
|
||||
rpmTagVal sigtag = headerIsEntry(sigh, RPMSIGTAG_DSA) ?
|
||||
RPMSIGTAG_DSA : RPMSIGTAG_RSA;
|
||||
@@ -517,10 +478,9 @@ static int replaceSignature(Header sigh, sigTarget sigt1, sigTarget sigt2,
|
||||
* Create/modify elements in signature header.
|
||||
* @param rpm path to package
|
||||
* @param deleting adding or deleting signature?
|
||||
- * @param passPhrase passPhrase (ignored when deleting)
|
||||
* @return 0 on success, -1 on error
|
||||
*/
|
||||
-static int rpmSign(const char *rpm, int deleting, const char *passPhrase)
|
||||
+static int rpmSign(const char *rpm, int deleting)
|
||||
{
|
||||
FD_t fd = NULL;
|
||||
FD_t ofd = NULL;
|
||||
@@ -605,7 +565,7 @@ static int rpmSign(const char *rpm, int deleting, const char *passPhrase)
|
||||
sigt2 = sigt1;
|
||||
sigt2.size = headerSizeof(h, HEADER_MAGIC_YES);
|
||||
|
||||
- res = replaceSignature(sigh, &sigt1, &sigt2, passPhrase);
|
||||
+ res = replaceSignature(sigh, &sigt1, &sigt2);
|
||||
if (res != 0) {
|
||||
if (res == 1) {
|
||||
rpmlog(RPMLOG_WARNING,
|
||||
@@ -722,8 +682,7 @@ exit:
|
||||
return res;
|
||||
}
|
||||
|
||||
-int rpmPkgSign(const char *path,
|
||||
- const struct rpmSignArgs * args, const char *passPhrase)
|
||||
+int rpmPkgSign(const char *path, const struct rpmSignArgs * args)
|
||||
{
|
||||
int rc;
|
||||
|
||||
@@ -739,7 +698,7 @@ int rpmPkgSign(const char *path,
|
||||
}
|
||||
}
|
||||
|
||||
- rc = rpmSign(path, 0, passPhrase);
|
||||
+ rc = rpmSign(path, 0);
|
||||
|
||||
if (args) {
|
||||
if (args->hashalgo) {
|
||||
@@ -755,5 +714,5 @@ int rpmPkgSign(const char *path,
|
||||
|
||||
int rpmPkgDelSign(const char *path)
|
||||
{
|
||||
- return rpmSign(path, 1, NULL);
|
||||
+ return rpmSign(path, 1);
|
||||
}
|
||||
diff --git a/sign/rpmsign.h b/sign/rpmsign.h
|
||||
index 15b3e0f..e161aff 100644
|
||||
--- a/sign/rpmsign.h
|
||||
+++ b/sign/rpmsign.h
|
||||
@@ -21,8 +21,7 @@ struct rpmSignArgs {
|
||||
* @param passPhrase passphrase for the signing key
|
||||
* @return 0 on success
|
||||
*/
|
||||
-int rpmPkgSign(const char *path,
|
||||
- const struct rpmSignArgs * args, const char *passPhrase);
|
||||
+int rpmPkgSign(const char *path, const struct rpmSignArgs * args);
|
||||
|
||||
/** \ingroup rpmsign
|
||||
* Delete signature(s) from a package
|
||||
--
|
||||
1.9.3
|
||||
|
@ -1,39 +0,0 @@
|
||||
diff --git a/lib/rpmarchive.h b/lib/rpmarchive.h
|
||||
index fab2d58..85079ca 100644
|
||||
--- a/lib/rpmarchive.h
|
||||
+++ b/lib/rpmarchive.h
|
||||
@@ -23,6 +23,7 @@ enum rpmfilesErrorCodes {
|
||||
RPMERR_ENOENT = -10,
|
||||
RPMERR_ENOTEMPTY = -11,
|
||||
RPMERR_FILE_SIZE = -12,
|
||||
+ RPMERR_ITER_SKIP = -13,
|
||||
|
||||
RPMERR_OPEN_FAILED = -32768,
|
||||
RPMERR_CHMOD_FAILED = -32769,
|
||||
diff --git a/lib/rpmfi.c b/lib/rpmfi.c
|
||||
index 384a6c9..2fba707 100644
|
||||
--- a/lib/rpmfi.c
|
||||
+++ b/lib/rpmfi.c
|
||||
@@ -821,7 +821,10 @@ int rpmfiNext(rpmfi fi)
|
||||
{
|
||||
int next = -1;
|
||||
if (fi != NULL) {
|
||||
- next = fi->next(fi);
|
||||
+ do {
|
||||
+ next = fi->next(fi);
|
||||
+ } while (next == RPMERR_ITER_SKIP);
|
||||
+
|
||||
if (next >= 0 && next < rpmfilesFC(fi->files)) {
|
||||
fi->i = next;
|
||||
fi->j = rpmfilesDI(fi->files, fi->i);
|
||||
@@ -1942,6 +1945,10 @@ static int iterReadArchiveNext(rpmfi fi)
|
||||
rpm_loff_t fsize = 0;
|
||||
rpm_mode_t mode = rpmfilesFMode(fi->files, fx);
|
||||
|
||||
+ /* %ghost in payload, should not be there but rpm < 4.11 sometimes did this */
|
||||
+ if (rpmfilesFFlags(fi->files, fx) & RPMFILE_GHOST)
|
||||
+ return RPMERR_ITER_SKIP;
|
||||
+
|
||||
if (S_ISREG(mode)) {
|
||||
const int * links;
|
||||
uint32_t numlinks = rpmfilesFLinks(fi->files, fx, &links);
|
@ -1,32 +0,0 @@
|
||||
commit 6ce2d43e2533505aa252159bfa8cc799965655bb
|
||||
Author: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Wed Oct 1 09:59:21 2014 +0300
|
||||
|
||||
Dont wait for transaction lock within scriptlets (RhBug:1135596)
|
||||
|
||||
- Packages doing stupid things like rpm -U/-i/-e from their scriptlets
|
||||
can and will get hung waiting on the transaction lock, which can
|
||||
prompt users to kill the entire transaction, possibly with severe
|
||||
consequences. Starting with rpm >= 4.12 we also take the transaction
|
||||
lock for importing public keys, which seems to have caught one of
|
||||
the bigger fishes in the pond (Google Chrome packages).
|
||||
- Only wait when stdin is a tty, this affects more than scriptlets but
|
||||
most likely we dont want to wait for locks in those situations either.
|
||||
|
||||
diff --git a/lib/rpmlock.c b/lib/rpmlock.c
|
||||
index 7696cbe..9c07654 100644
|
||||
--- a/lib/rpmlock.c
|
||||
+++ b/lib/rpmlock.c
|
||||
@@ -124,10 +124,11 @@ rpmlock rpmlockNew(const char *lock_path, const char *descr)
|
||||
int rpmlockAcquire(rpmlock lock)
|
||||
{
|
||||
int locked = 0; /* assume failure */
|
||||
+ int maywait = isatty(STDIN_FILENO); /* dont wait within scriptlets */
|
||||
|
||||
if (lock) {
|
||||
locked = rpmlock_acquire(lock, RPMLOCK_WRITE);
|
||||
- if (!locked && (lock->openmode & RPMLOCK_WRITE)) {
|
||||
+ if (!locked && (lock->openmode & RPMLOCK_WRITE) && maywait) {
|
||||
rpmlog(RPMLOG_WARNING, _("waiting for %s lock on %s\n"),
|
||||
lock->descr, lock->path);
|
||||
locked = rpmlock_acquire(lock, (RPMLOCK_WRITE|RPMLOCK_WAIT));
|
@ -1,157 +0,0 @@
|
||||
diff --git a/doc/rpm.8 b/doc/rpm.8
|
||||
index e583009..283e8ac 100644
|
||||
--- a/doc/rpm.8
|
||||
+++ b/doc/rpm.8
|
||||
@@ -58,6 +58,8 @@ rpm \- RPM Package Manager
|
||||
[\fB--hdrid \fISHA1\fB\fR] [\fB--pkgid \fIMD5\fB\fR] [\fB--tid \fITID\fB\fR]
|
||||
[\fB--querybynumber \fIHDRNUM\fB\fR] [\fB--triggeredby \fIPACKAGE_NAME\fB\fR]
|
||||
[\fB--whatprovides \fICAPABILITY\fB\fR] [\fB--whatrequires \fICAPABILITY\fB\fR]
|
||||
+ [\fB--whatrecommends \fICAPABILITY\fB\fR] [\fB--whatsuggests \fICAPABILITY\fB\fR]
|
||||
+ [\fB--whatsupplements \fICAPABILITY\fB\fR] [\fB--whatenhances \fICAPABILITY\fB\fR]
|
||||
|
||||
.SS "query-options"
|
||||
.PP
|
||||
@@ -588,6 +590,18 @@ Query all packages that provide the \fICAPABILITY\fR capability.
|
||||
.TP
|
||||
\fB--whatrequires \fICAPABILITY\fB\fR
|
||||
Query all packages that require \fICAPABILITY\fR for proper functioning.
|
||||
+.TP
|
||||
+\fB--whatrecommends \fICAPABILITY\fB\fR
|
||||
+Query all packages that recommend \fICAPABILITY\fR.
|
||||
+.TP
|
||||
+\fB--whatsuggests \fICAPABILITY\fB\fR
|
||||
+Query all packages that suggest \fICAPABILITY\fR.
|
||||
+.TP
|
||||
+\fB--whatsupplements \fICAPABILITY\fB\fR
|
||||
+Query all packages that supplement \fICAPABILITY\fR.
|
||||
+.TP
|
||||
+\fB--whatenhances \fICAPABILITY\fB\fR
|
||||
+Query all packages that enhance \fICAPABILITY\fR.
|
||||
.SS "PACKAGE QUERY OPTIONS:"
|
||||
.PP
|
||||
.TP
|
||||
diff --git a/lib/poptQV.c b/lib/poptQV.c
|
||||
index 3db17b0..80edce7 100644
|
||||
--- a/lib/poptQV.c
|
||||
+++ b/lib/poptQV.c
|
||||
@@ -21,6 +21,10 @@ struct rpmQVKArguments_s rpmQVKArgs;
|
||||
#define POPT_QUERYBYPKGID -1007
|
||||
#define POPT_QUERYBYHDRID -1008
|
||||
#define POPT_QUERYBYTID -1010
|
||||
+#define POPT_WHATRECOMMENDS -1011
|
||||
+#define POPT_WHATSUGGESTS -1012
|
||||
+#define POPT_WHATSUPPLEMENTS -1013
|
||||
+#define POPT_WHATENHANCES -1014
|
||||
|
||||
/* ========== Query/Verify/Signature source args */
|
||||
static void rpmQVSourceArgCallback( poptContext con,
|
||||
@@ -45,6 +49,10 @@ static void rpmQVSourceArgCallback( poptContext con,
|
||||
case 'p': qva->qva_source |= RPMQV_RPM; break;
|
||||
case POPT_WHATPROVIDES: qva->qva_source |= RPMQV_WHATPROVIDES; break;
|
||||
case POPT_WHATREQUIRES: qva->qva_source |= RPMQV_WHATREQUIRES; break;
|
||||
+ case POPT_WHATRECOMMENDS: qva->qva_source |= RPMQV_WHATRECOMMENDS; break;
|
||||
+ case POPT_WHATSUGGESTS: qva->qva_source |= RPMQV_WHATSUGGESTS; break;
|
||||
+ case POPT_WHATSUPPLEMENTS: qva->qva_source |= RPMQV_WHATSUPPLEMENTS; break;
|
||||
+ case POPT_WHATENHANCES: qva->qva_source |= RPMQV_WHATENHANCES; break;
|
||||
case POPT_TRIGGEREDBY: qva->qva_source |= RPMQV_TRIGGEREDBY; break;
|
||||
case POPT_QUERYBYPKGID: qva->qva_source |= RPMQV_PKGID; break;
|
||||
case POPT_QUERYBYHDRID: qva->qva_source |= RPMQV_HDRID; break;
|
||||
@@ -93,6 +101,14 @@ struct poptOption rpmQVSourcePoptTable[] = {
|
||||
N_("query/verify the package(s) which require a dependency"), "CAPABILITY" },
|
||||
{ "whatprovides", '\0', 0, 0, POPT_WHATPROVIDES,
|
||||
N_("query/verify the package(s) which provide a dependency"), "CAPABILITY" },
|
||||
+ { "whatrecommends", '\0', 0, 0, POPT_WHATRECOMMENDS,
|
||||
+ N_("query/verify the package(s) which recommends a dependency"), "CAPABILITY" },
|
||||
+ { "whatsuggests", '\0', 0, 0, POPT_WHATSUGGESTS,
|
||||
+ N_("query/verify the package(s) which suggests a dependency"), "CAPABILITY" },
|
||||
+ { "whatsupplements", '\0', 0, 0, POPT_WHATSUPPLEMENTS,
|
||||
+ N_("query/verify the package(s) which supplements a dependency"), "CAPABILITY" },
|
||||
+ { "whatenhances", '\0', 0, 0, POPT_WHATENHANCES,
|
||||
+ N_("query/verify the package(s) which enhances a dependency"), "CAPABILITY" },
|
||||
|
||||
{ "noglob", '\0', POPT_BIT_SET|POPT_ARGFLAG_DOC_HIDDEN, &giFlags, RPMGI_NOGLOB,
|
||||
N_("do not glob arguments"), NULL},
|
||||
diff --git a/lib/query.c b/lib/query.c
|
||||
index 896ebe3..b15b99b 100644
|
||||
--- a/lib/query.c
|
||||
+++ b/lib/query.c
|
||||
@@ -384,6 +384,34 @@ static rpmdbMatchIterator initQueryIterator(QVA_t qva, rpmts ts, const char * ar
|
||||
}
|
||||
break;
|
||||
|
||||
+ case RPMQV_WHATRECOMMENDS:
|
||||
+ mi = rpmtsInitIterator(ts, RPMDBI_RECOMMENDNAME, arg, 0);
|
||||
+ if (mi == NULL) {
|
||||
+ rpmlog(RPMLOG_NOTICE, _("no package recommends %s\n"), arg);
|
||||
+ }
|
||||
+ break;
|
||||
+
|
||||
+ case RPMQV_WHATSUGGESTS:
|
||||
+ mi = rpmtsInitIterator(ts, RPMDBI_SUGGESTNAME, arg, 0);
|
||||
+ if (mi == NULL) {
|
||||
+ rpmlog(RPMLOG_NOTICE, _("no package suggests %s\n"), arg);
|
||||
+ }
|
||||
+ break;
|
||||
+
|
||||
+ case RPMQV_WHATSUPPLEMENTS:
|
||||
+ mi = rpmtsInitIterator(ts, RPMDBI_SUPPLEMENTNAME, arg, 0);
|
||||
+ if (mi == NULL) {
|
||||
+ rpmlog(RPMLOG_NOTICE, _("no package supplements %s\n"), arg);
|
||||
+ }
|
||||
+ break;
|
||||
+
|
||||
+ case RPMQV_WHATENHANCES:
|
||||
+ mi = rpmtsInitIterator(ts, RPMDBI_ENHANCENAME, arg, 0);
|
||||
+ if (mi == NULL) {
|
||||
+ rpmlog(RPMLOG_NOTICE, _("no package enhances %s\n"), arg);
|
||||
+ }
|
||||
+ break;
|
||||
+
|
||||
case RPMQV_WHATPROVIDES:
|
||||
if (arg[0] != '/' && arg[0] != '.') {
|
||||
mi = rpmtsInitIterator(ts, RPMDBI_PROVIDENAME, arg, 0);
|
||||
diff --git a/lib/rpmcli.h b/lib/rpmcli.h
|
||||
index 48e8250..4adb3d1 100644
|
||||
--- a/lib/rpmcli.h
|
||||
+++ b/lib/rpmcli.h
|
||||
@@ -91,6 +91,10 @@ enum rpmQVSources_e {
|
||||
RPMQV_HDRID, /*!< ... from header id (immutable header SHA1). */
|
||||
RPMQV_TID, /*!< ... from install transaction id (time stamp). */
|
||||
RPMQV_SPECSRPM, /*!< ... from spec file source (query only). */
|
||||
+ RPMQV_WHATRECOMMENDS, /*!< ... from recommends db search. */
|
||||
+ RPMQV_WHATSUGGESTS, /*!< ... from suggests db search. */
|
||||
+ RPMQV_WHATSUPPLEMENTS, /*!< ... from supplements db search. */
|
||||
+ RPMQV_WHATENHANCES, /*!< ... from enhances db search. */
|
||||
};
|
||||
|
||||
typedef rpmFlags rpmQVSources;
|
||||
diff --git a/lib/rpmdb.c b/lib/rpmdb.c
|
||||
index b6d3247..baa1974 100644
|
||||
--- a/lib/rpmdb.c
|
||||
+++ b/lib/rpmdb.c
|
||||
@@ -493,6 +493,10 @@ static rpmdb newRpmdb(const char * root, const char * home,
|
||||
RPMDBI_INSTALLTID,
|
||||
RPMDBI_SIGMD5,
|
||||
RPMDBI_SHA1HEADER,
|
||||
+ RPMDBI_RECOMMENDNAME,
|
||||
+ RPMDBI_SUGGESTNAME,
|
||||
+ RPMDBI_SUPPLEMENTNAME,
|
||||
+ RPMDBI_ENHANCENAME,
|
||||
};
|
||||
|
||||
if (!(db_home && db_home[0] != '%')) {
|
||||
diff --git a/lib/rpmtag.h b/lib/rpmtag.h
|
||||
index 12a2a50..1dc1c2b 100644
|
||||
--- a/lib/rpmtag.h
|
||||
+++ b/lib/rpmtag.h
|
||||
@@ -353,6 +353,10 @@ typedef enum rpmDbiTag_e {
|
||||
RPMDBI_SIGMD5 = RPMTAG_SIGMD5,
|
||||
RPMDBI_SHA1HEADER = RPMTAG_SHA1HEADER,
|
||||
RPMDBI_INSTFILENAMES = RPMTAG_INSTFILENAMES,
|
||||
+ RPMDBI_RECOMMENDNAME = RPMTAG_RECOMMENDNAME,
|
||||
+ RPMDBI_SUGGESTNAME = RPMTAG_SUGGESTNAME,
|
||||
+ RPMDBI_SUPPLEMENTNAME = RPMTAG_SUPPLEMENTNAME,
|
||||
+ RPMDBI_ENHANCENAME = RPMTAG_ENHANCENAME,
|
||||
} rpmDbiTag;
|
||||
|
||||
/** \ingroup signature
|
28
rpm.spec
28
rpm.spec
@ -15,7 +15,7 @@
|
||||
|
||||
%define rpmhome /usr/lib/rpm
|
||||
|
||||
%define rpmver 4.12.0.1
|
||||
%define rpmver 4.12.90
|
||||
#define snapver rc1
|
||||
%define srcver %{rpmver}%{?snapver:-%{snapver}}
|
||||
%define eggver %{rpmver}%{?snapver:_%{snapver}}
|
||||
@ -27,7 +27,7 @@
|
||||
Summary: The RPM package management system
|
||||
Name: rpm
|
||||
Version: %{rpmver}
|
||||
Release: %{?snapver:0.%{snapver}.}18%{?dist}
|
||||
Release: %{?snapver:0.%{snapver}.}1%{?dist}
|
||||
Group: System Environment/Base
|
||||
Url: http://www.rpm.org/
|
||||
Source0: http://rpm.org/releases/rpm-4.12.x/%{name}-%{srcver}.tar.bz2
|
||||
@ -50,25 +50,6 @@ Patch4: rpm-4.8.1-use-gpg2.patch
|
||||
Patch5: rpm-4.12.0-rpm2cpio-hack.patch
|
||||
|
||||
# Patches already upstream:
|
||||
# Dont wait for transaction lock inside scriptlets (#1135596)
|
||||
Patch100: rpm-4.12.0-tslock-nowait.patch
|
||||
# Skip ghosts in payload (#1156497)
|
||||
Patch101: rpm-4.12.0-payload-ghost.patch
|
||||
# Unbreak size tag generation on big-endian systems
|
||||
Patch102: rpm-4.12.0-archive-endian.patch
|
||||
# find-debuginfo.sh fails on ELF with more than 256 notes
|
||||
# http://www.rpm.org/ticket/887
|
||||
Patch103: 0001-Fix-find-debuginfo.sh-for-ELF-with-file-warnings.patch
|
||||
# Fix --excludedocs option (#1192625)
|
||||
Patch104: rpm-4.12.0-exclude-doc.patch
|
||||
# Pass _find_debuginfo_opts -g to eu-strip for executables (#1186563)
|
||||
Patch105: rpm-4.12.0-eu-strip-g-option.patch
|
||||
# Fix golang debuginfo packages
|
||||
Patch106: rpm-4.12.0-golang-debuginfo.patch
|
||||
Patch107: rpm-4.12.0-whatrecommends.patch
|
||||
Patch108: rpm-4.12.0-gpg-passphrase1.patch
|
||||
Patch109: rpm-4.12.0-gpg-passphrase2.patch
|
||||
Patch110: rpm-4.12.0-Fix-Python3-import.patch
|
||||
|
||||
# These are not yet upstream
|
||||
Patch302: rpm-4.7.1-geode-i686.patch
|
||||
@ -84,8 +65,6 @@ Patch307: rpm-4.11.1-sepdebugcrcfix.patch
|
||||
Patch308: rpm-4.12.0.x-CVE-2013-6435.patch
|
||||
# Add check against malicious CPIO file name size
|
||||
Patch309: rpm-4.12.0.x-CVE-2014-8118.patch
|
||||
# Add support for MIPS platform
|
||||
Patch310: rpm-4.12.0-add-mips.patch
|
||||
|
||||
# Partially GPL/LGPL dual-licensed and some bits with BSD
|
||||
# SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD
|
||||
@ -555,6 +534,9 @@ exit 0
|
||||
%doc doc/librpm/html/*
|
||||
|
||||
%changelog
|
||||
* Fri Jul 24 2015 Florian Festi <ffesti@rpm.org> - 4.12.90-1
|
||||
- Update to upstream alpha release
|
||||
|
||||
* Tue Jul 14 2015 Michal Toman <mtoman@fedoraproject.org> - 4.12.0.1-18
|
||||
- Add support for MIPS platform
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user