Merge branch 'c10s' into a10s

This commit is contained in:
eabdullin 2024-12-10 12:27:59 +03:00
commit ec30123a8f
6 changed files with 430 additions and 8 deletions

View File

@ -0,0 +1,143 @@
From 3b0a150af79668052bf5842b68341adbde016005 Mon Sep 17 00:00:00 2001
Message-ID: <3b0a150af79668052bf5842b68341adbde016005.1728896192.git.pmatilai@redhat.com>
From: Panu Matilainen <pmatilai@redhat.com>
Date: Thu, 5 Sep 2024 09:07:26 +0300
Subject: [PATCH 1/3] Refactor sign command expand and parse out of runGPG()
We'll need the wider visibility of the executing command for the next
steps. While at it, ensure the parsed signing command is minimally
sufficient for what the code expects, ie has at least two items in
the array.
We now need two exit points, one for the case where we forked and one
where we didn't. Also the case where waitpid() failed entirely must
not return directly to avoid leaking, so merge it with the rest of
the error handling if instead.
(cherry picked from commit 2c9ad2bbc1d00010880076cd5c73e97ffcb946ed)
---
sign/rpmgensig.c | 51 ++++++++++++++++++++++++++++++----------------
tests/rpmsigdig.at | 8 ++++++++
2 files changed, 42 insertions(+), 17 deletions(-)
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
index a9c3c3e06..7bbd63216 100644
--- a/sign/rpmgensig.c
+++ b/sign/rpmgensig.c
@@ -188,6 +188,29 @@ exit:
return sigtd;
}
+char ** signCmd(const char *sigfile)
+{
+ int argc = 0;
+ char **argv = NULL;
+
+ rpmPushMacro(NULL, "__plaintext_filename", NULL, "-", -1);
+ rpmPushMacro(NULL, "__signature_filename", NULL, sigfile, -1);
+
+ char *cmd = rpmExpand("%{?__gpg_sign_cmd}", NULL);
+
+ rpmPopMacro(NULL, "__plaintext_filename");
+ rpmPopMacro(NULL, "__signature_filename");
+
+ if (poptParseArgvString(cmd, &argc, (const char ***)&argv) < 0 || argc < 2) {
+ rpmlog(RPMLOG_ERR, _("Invalid sign command: %s\n"), cmd);
+ argv = _free(argv);
+ }
+
+ free(cmd);
+
+ return argv;
+}
+
static int runGPG(sigTarget sigt, const char *sigfile)
{
int pid = 0, status;
@@ -198,18 +221,17 @@ static int runGPG(sigTarget sigt, const char *sigfile)
ssize_t wantCount;
rpm_loff_t size;
int rc = 1; /* assume failure */
+ char **argv = NULL;
+
+ if ((argv = signCmd(sigfile)) == NULL)
+ goto exit_nowait;
if (pipe(pipefd) < 0) {
rpmlog(RPMLOG_ERR, _("Could not create pipe for signing: %m\n"));
- goto exit;
+ goto exit_nowait;
}
- rpmPushMacro(NULL, "__plaintext_filename", NULL, "-", -1);
- rpmPushMacro(NULL, "__signature_filename", NULL, sigfile, -1);
-
if (!(pid = fork())) {
- char *const *av;
- char *cmd = NULL;
const char *tty = ttyname(STDIN_FILENO);
const char *gpg_path = NULL;
@@ -223,19 +245,13 @@ static int runGPG(sigTarget sigt, const char *sigfile)
dup2(pipefd[0], STDIN_FILENO);
close(pipefd[1]);
- cmd = rpmExpand("%{?__gpg_sign_cmd}", NULL);
- rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
- if (!rc)
- rc = execve(av[0], av+1, environ);
+ rc = execve(argv[0], argv+1, environ);
rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), "gpg",
strerror(errno));
_exit(EXIT_FAILURE);
}
- rpmPopMacro(NULL, "__plaintext_filename");
- rpmPopMacro(NULL, "__signature_filename");
-
close(pipefd[0]);
fpipe = fdopen(pipefd[1], "w");
if (!fpipe) {
@@ -280,14 +296,15 @@ exit:
if (reaped == -1) {
rpmlog(RPMLOG_ERR, _("gpg waitpid failed (%s)\n"), strerror(errno));
- return rc;
- }
-
- if (!WIFEXITED(status) || WEXITSTATUS(status)) {
+ } else if (!WIFEXITED(status) || WEXITSTATUS(status)) {
rpmlog(RPMLOG_ERR, _("gpg exec failed (%d)\n"), WEXITSTATUS(status));
} else {
rc = 0;
}
+
+exit_nowait:
+ free(argv);
+
return rc;
}
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
index b726e79ef..14dffc27a 100644
--- a/tests/rpmsigdig.at
+++ b/tests/rpmsigdig.at
@@ -1028,6 +1028,14 @@ cmp -s ${ORIG} ${NEW}; echo $?
],
[])
+RPMTEST_CHECK([
+run rpmsign --define "__gpg_sign_cmd mumble" --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
+],
+[1],
+[],
+[error: Invalid sign command: mumble
+])
+
# rpmsign --addsign <signed>
RPMTEST_CHECK([
RPMDB_INIT
--
2.47.0

View File

@ -0,0 +1,129 @@
From 3c1055628380d66934578060a4a6c678f1261456 Mon Sep 17 00:00:00 2001
Message-ID: <3c1055628380d66934578060a4a6c678f1261456.1728896192.git.pmatilai@redhat.com>
In-Reply-To: <3b0a150af79668052bf5842b68341adbde016005.1728896192.git.pmatilai@redhat.com>
References: <3b0a150af79668052bf5842b68341adbde016005.1728896192.git.pmatilai@redhat.com>
From: Panu Matilainen <pmatilai@redhat.com>
Date: Thu, 5 Sep 2024 09:44:40 +0300
Subject: [PATCH 2/3] Eliminate hardcoded GPG references from user visible
messages
Use the OpenPGP standard name or the configured+parsed signing command
in messages as appropriate. Also detect if we're specifically using
gpg and only set up its environment in that case to avoid bleeding
those messages to innocent bypassers.
Fixes: #3274
(backported from commit a3cf4f674dd59c1c80f97780643c184e705518ce)
---
sign/rpmgensig.c | 42 +++++++++++++++++++++++++-----------------
tests/rpmsigdig.at | 9 +++++++++
2 files changed, 34 insertions(+), 17 deletions(-)
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
index 7bbd63216..fb7368e14 100644
--- a/sign/rpmgensig.c
+++ b/sign/rpmgensig.c
@@ -232,23 +232,29 @@ static int runGPG(sigTarget sigt, const char *sigfile)
}
if (!(pid = fork())) {
- const char *tty = ttyname(STDIN_FILENO);
- const char *gpg_path = NULL;
-
- if (!getenv("GPG_TTY") && (!tty || setenv("GPG_TTY", tty, 0)))
- rpmlog(RPMLOG_WARNING, _("Could not set GPG_TTY to stdin: %m\n"));
-
- gpg_path = rpmExpand("%{?_gpg_path}", NULL);
- if (gpg_path && *gpg_path != '\0')
- (void) setenv("GNUPGHOME", gpg_path, 1);
+ /* GnuPG needs extra setup, try to see if that's what we're running */
+ char *out = rpmExpand("%(", argv[0], " --version 2> /dev/null)", NULL);
+ int using_gpg = (strstr(out, "GnuPG") != NULL);
+ if (using_gpg) {
+ const char *tty = ttyname(STDIN_FILENO);
+ const char *gpg_path = NULL;
+
+ if (!getenv("GPG_TTY") && (!tty || setenv("GPG_TTY", tty, 0)))
+ rpmlog(RPMLOG_WARNING, _("Could not set GPG_TTY to stdin: %m\n"));
+
+ gpg_path = rpmExpand("%{?_gpg_path}", NULL);
+ if (gpg_path && *gpg_path != '\0')
+ (void) setenv("GNUPGHOME", gpg_path, 1);
+ }
+ free(out);
dup2(pipefd[0], STDIN_FILENO);
close(pipefd[1]);
rc = execve(argv[0], argv+1, environ);
- rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), "gpg",
- strerror(errno));
+ rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), argv[0],
+ strerror(errno));
_exit(EXIT_FAILURE);
}
@@ -295,9 +301,11 @@ exit:
} while (reaped == -1 && errno == EINTR);
if (reaped == -1) {
- rpmlog(RPMLOG_ERR, _("gpg waitpid failed (%s)\n"), strerror(errno));
+ rpmlog(RPMLOG_ERR, _("%s waitpid failed (%s)\n"), argv[0],
+ strerror(errno));
} else if (!WIFEXITED(status) || WEXITSTATUS(status)) {
- rpmlog(RPMLOG_ERR, _("gpg exec failed (%d)\n"), WEXITSTATUS(status));
+ rpmlog(RPMLOG_ERR, _("%s exec failed (%d)\n"), argv[0],
+ WEXITSTATUS(status));
} else {
rc = 0;
}
@@ -328,13 +336,13 @@ static rpmtd makeGPGSignature(Header sigh, int ishdr, sigTarget sigt)
goto exit;
if (stat(sigfile, &st)) {
- /* GPG failed to write signature */
- rpmlog(RPMLOG_ERR, _("gpg failed to write signature\n"));
+ /* External command failed to write signature */
+ rpmlog(RPMLOG_ERR, _("failed to write signature\n"));
goto exit;
}
pktlen = st.st_size;
- rpmlog(RPMLOG_DEBUG, "GPG sig size: %zd\n", pktlen);
+ rpmlog(RPMLOG_DEBUG, "OpenPGP sig size: %zd\n", pktlen);
pkt = xmalloc(pktlen);
{ FD_t fd;
@@ -351,7 +359,7 @@ static rpmtd makeGPGSignature(Header sigh, int ishdr, sigTarget sigt)
}
}
- rpmlog(RPMLOG_DEBUG, "Got %zd bytes of GPG sig\n", pktlen);
+ rpmlog(RPMLOG_DEBUG, "Got %zd bytes of OpenPGP sig\n", pktlen);
/* Parse the signature, change signature tag as appropriate. */
sigtd = makeSigTag(sigh, ishdr, pkt, pktlen);
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
index 14dffc27a..d19f85d04 100644
--- a/tests/rpmsigdig.at
+++ b/tests/rpmsigdig.at
@@ -1036,6 +1036,15 @@ run rpmsign --define "__gpg_sign_cmd mumble" --key-id 1964C5FC --addsign "${RPMT
[error: Invalid sign command: mumble
])
+RPMTEST_CHECK([
+run rpmsign --define "__gpg /gnus/not/here" --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
+],
+[1],
+[],
+[error: Could not exec /gnus/not/here: No such file or directory
+error: /gnus/not/here exec failed (1)
+])
+
# rpmsign --addsign <signed>
RPMTEST_CHECK([
RPMDB_INIT
--
2.47.0

View File

@ -0,0 +1,35 @@
From 2029533d7878a58874cda061d13c6188f4b3aed1 Mon Sep 17 00:00:00 2001
Message-ID: <2029533d7878a58874cda061d13c6188f4b3aed1.1728896192.git.pmatilai@redhat.com>
In-Reply-To: <3b0a150af79668052bf5842b68341adbde016005.1728896192.git.pmatilai@redhat.com>
References: <3b0a150af79668052bf5842b68341adbde016005.1728896192.git.pmatilai@redhat.com>
From: Michal Domonkos <mdomonko@redhat.com>
Date: Mon, 9 Sep 2024 15:19:52 +0200
Subject: [PATCH 3/3] Declare signCmd() static
Commit 2c9ad2bbc1d00010880076cd5c73e97ffcb946ed added this new helper
function for internal use and depite a missing declaration, the compiler
defaulting to WITH_CXX=ON on master chugged along just fine... only
until porting the same commit to a C-only branch (hello rpm-4.20.x)
where it now produces a warning, oops.
(cherry picked from commit a7784eccd9de674e97fc9577434334060b3abd23)
---
sign/rpmgensig.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
index fb7368e14..d7d58fd4f 100644
--- a/sign/rpmgensig.c
+++ b/sign/rpmgensig.c
@@ -188,7 +188,7 @@ exit:
return sigtd;
}
-char ** signCmd(const char *sigfile)
+static char ** signCmd(const char *sigfile)
{
int argc = 0;
char **argv = NULL;
--
2.47.0

22
macros.rpmsign-gnupg Normal file
View File

@ -0,0 +1,22 @@
#==============================================================================
# ---- GPG signature macros.
# The signature to use and the location of configuration files for
# signing packages with GNU gpg.
#
#%_gpg_name
#%_gpg_path
%__gpg /usr/bin/gpg2
# Macro(s) to hold the arguments passed to GPG/PGP for package
# signing. Expansion result is parsed by popt, so be sure to use
# %{shescape} where needed.
#
%__gpg_sign_cmd %{shescape:%{__gpg}} \
gpg --no-verbose --no-armor --no-secmem-warning \
%{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \
%{?_gpg_sign_cmd_extra_args} \
%{?_gpg_name:-u %{shescape:%{_gpg_name}}} \
-sbo %{shescape:%{?__signature_filename}} \
%{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}

59
rpm-4.19.1.1-nogpg.patch Normal file
View File

@ -0,0 +1,59 @@
diff -up rpm-4.19.1.1/macros.in.nogpg rpm-4.19.1.1/macros.in
--- rpm-4.19.1.1/macros.in.nogpg 2024-10-14 10:01:22.265773552 +0300
+++ rpm-4.19.1.1/macros.in 2024-10-14 10:02:32.245317535 +0300
@@ -30,7 +30,6 @@
%__chown @__CHOWN@
%__cp @__CP@
%__file @__FILE@
-%__gpg @__GPG@
%__grep @__GREP@
%__gzip @__GZIP@
%__id @__ID@
@@ -321,12 +320,6 @@ Supplements: (%{name} = %{version}-%{r
# marked as %doc should be installed.
#%_excludedocs
-# The signature to use and the location of configuration files for
-# signing packages with GNU gpg.
-#
-#%_gpg_name
-#%_gpg_path
-
# The port and machine name of an HTTP proxy host (used for FTP/HTTP).
#
#%_httpport
@@ -595,10 +588,10 @@ Supplements: (%{name} = %{version}-%{r
%_fileattrsdir %{_rpmconfigdir}/fileattrs
# This macro defines how much space (in bytes) in package should be
-# reserved for gpg signatures during building of a package. If this space is
-# big enough for gpg signatures to fit into it then signing of the packages is
+# reserved for OpenPGP signatures during building of a package. If this space
+# big enough for the signature to fit into it then signing of the packages is
# very quick because it is not necessary to rewrite the whole package to make
-# some space for gpg signatures.
+# some space for the signature.
%__gpg_reserved_space 4096
#==============================================================================
@@ -613,20 +606,6 @@ Supplements: (%{name} = %{version}-%{r
%_db_backend @DB_BACKEND@
#==============================================================================
-# ---- GPG/PGP/PGP5 signature macros.
-# Macro(s) to hold the arguments passed to GPG/PGP for package
-# signing. Expansion result is parsed by popt, so be sure to use
-# %{shescape} where needed.
-#
-%__gpg_sign_cmd %{shescape:%{__gpg}} \
- gpg --no-verbose --no-armor --no-secmem-warning \
- %{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \
- %{?_gpg_sign_cmd_extra_args} \
- %{?_gpg_name:-u %{shescape:%{_gpg_name}}} \
- -sbo %{shescape:%{?__signature_filename}} \
- %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}
-
-#==============================================================================
# ---- Transaction macros.
# Macro(s) used to parameterize transactions.
#

View File

@ -27,7 +27,7 @@
%global rpmver 4.19.1.1 %global rpmver 4.19.1.1
#global snapver rc1 #global snapver rc1
%global baserelease 3 %global baserelease 7
%global sover 10 %global sover 10
%global srcver %{rpmver}%{?snapver:-%{snapver}} %global srcver %{rpmver}%{?snapver:-%{snapver}}
@ -36,7 +36,7 @@
Summary: The RPM package management system Summary: The RPM package management system
Name: rpm Name: rpm
Version: %{rpmver} Version: %{rpmver}
Release: %{?snapver:0.%{snapver}.}%{baserelease}%{?dist}.alma.2 Release: %{?snapver:0.%{snapver}.}%{baserelease}%{?dist}.alma.1
Url: http://www.rpm.org/ Url: http://www.rpm.org/
License: GPL-2.0-or-later License: GPL-2.0-or-later
Source0: http://ftp.rpm.org/releases/%{srcdir}/rpm-%{srcver}.tar.bz2 Source0: http://ftp.rpm.org/releases/%{srcdir}/rpm-%{srcver}.tar.bz2
@ -46,6 +46,8 @@ Source10: rpmdb-rebuild.service
Source20: rpmdb-migrate.service Source20: rpmdb-migrate.service
Source21: rpmdb_migrate Source21: rpmdb_migrate
Source31: macros.rpmsign-gnupg
Requires: coreutils Requires: coreutils
Requires: popt%{_isa} >= 1.10.2.1 Requires: popt%{_isa} >= 1.10.2.1
Requires: curl Requires: curl
@ -138,11 +140,18 @@ rpm-4.9.90-no-man-dirs.patch
rpm-4.18.92-disable-sysusers.patch rpm-4.18.92-disable-sysusers.patch
rpm-4.18.90-weak-user-group.patch rpm-4.18.90-weak-user-group.patch
# We supply gpg config separately, remove gpg stuff from main macros
rpm-4.19.1.1-nogpg.patch
# Patches already upstream: # Patches already upstream:
0001-Fix-potential-use-of-uninitialized-pipe-array.patch 0001-Fix-potential-use-of-uninitialized-pipe-array.patch
0001-Fix-potential-use-of-uninitialized-pgp-struct.patch 0001-Fix-potential-use-of-uninitialized-pgp-struct.patch
0001-Fix-memory-leak-in-rpmsign.patch 0001-Fix-memory-leak-in-rpmsign.patch
0001-Refactor-sign-command-expand-and-parse-out-of-runGPG.patch
0002-Eliminate-hardcoded-GPG-references-from-user-visible.patch
0003-Declare-signCmd-static.patch
# These are not yet upstream # These are not yet upstream
rpm-4.7.1-geode-i686.patch rpm-4.7.1-geode-i686.patch
@ -177,11 +186,19 @@ This package contains the RPM shared libraries for building packages.
%package sign-libs %package sign-libs
Summary: Libraries for signing RPM packages Summary: Libraries for signing RPM packages
Requires: rpm-libs%{_isa} = %{version}-%{release} Requires: rpm-libs%{_isa} = %{version}-%{release}
Requires: %{_bindir}/gpg2 Requires(meta): rpm-sign-gnupg
%description sign-libs %description sign-libs
This package contains the RPM shared libraries for signing packages. This package contains the RPM shared libraries for signing packages.
%package sign-gnupg
Summary: Support for signing RPM packages using GnuPG
Requires: gnupg2
Requires(meta): rpm-sign-libs%{_isa} >= %{version}-%{release}
%description sign-gnupg
This package provides configuration for signing RPM packages using GnuPG.
%package devel %package devel
Summary: Development files for manipulating RPM packages Summary: Development files for manipulating RPM packages
License: GPL-2.0-or-later OR LGPL-2.1-or-later License: GPL-2.0-or-later OR LGPL-2.1-or-later
@ -426,6 +443,9 @@ rm -rf $RPM_BUILD_ROOT/var/tmp
# workaround for https://github.com/rpm-software-management/rpm/issues/2811 # workaround for https://github.com/rpm-software-management/rpm/issues/2811
rm $RPM_BUILD_ROOT/%{_defaultdocdir}/rpm/README.md rm $RPM_BUILD_ROOT/%{_defaultdocdir}/rpm/README.md
# Signing macros for GnuPG
install -m 644 %{SOURCE31} $RPM_BUILD_ROOT/%{rpmhome}/macros.d
%pre %pre
# Symlink all rpmdb files to the new location if we're still using /var/lib/rpm # Symlink all rpmdb files to the new location if we're still using /var/lib/rpm
if [ -d /var/lib/rpm ]; then if [ -d /var/lib/rpm ]; then
@ -488,7 +508,7 @@ fi
%attr(0755, root, root) %dir %{rpmhome} %attr(0755, root, root) %dir %{rpmhome}
%{rpmhome}/macros %{rpmhome}/macros
%{rpmhome}/macros.d %dir %{rpmhome}/macros.d
%{rpmhome}/lua %{rpmhome}/lua
%{rpmhome}/rpmpopt* %{rpmhome}/rpmpopt*
%{rpmhome}/rpmrc %{rpmhome}/rpmrc
@ -563,6 +583,9 @@ fi
%{_libdir}/librpmsign.so.%{sover} %{_libdir}/librpmsign.so.%{sover}
%{_libdir}/librpmsign.so.%{sover}.* %{_libdir}/librpmsign.so.%{sover}.*
%files sign-gnupg
%{rpmhome}/macros.d/macros.rpmsign-gnupg
%files build %files build
%{_bindir}/rpmbuild %{_bindir}/rpmbuild
%{_bindir}/gendiff %{_bindir}/gendiff
@ -619,12 +642,23 @@ fi
%doc %{_defaultdocdir}/rpm/API/ %doc %{_defaultdocdir}/rpm/API/
%changelog %changelog
* Wed Oct 16 2024 Eduard Abdullin <eabdullin@almalinux.org> - 4.19.1.1-3.alma.2 * Tue Dec 10 2024 Eduard Abdullin <eabdullin@almalinux.org> - 4.19.1.1-7.alma.1
- Update patch: Fix: Treat x86_64_v2 as x86_64 in architecture checks
* Thu Aug 01 2024 Eduard Abdullin <eabdullin@almalinux.org> - 4.19.1.1-3.alma.1
- Fix: Treat x86_64_v2 as x86_64 in architecture checks - Fix: Treat x86_64_v2 as x86_64 in architecture checks
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 4.19.1.1-7
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Fri Oct 25 2024 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-6
- Revert Sequoia signing support for now, breaks CI
* Fri Oct 25 2024 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-5
- Fix Conflicts in new rpm-sign backends
* Mon Oct 14 2024 Panu Matilainen <pmatilai@redhat.com> - 4.19.1.1-4
- Remove hardcoded GPG references from signing error messages
- Support switching between GnuPG and Sequoia for package signing (RHEL-56363)
* Tue Aug 13 2024 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-3 * Tue Aug 13 2024 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-3
- Fix potential use of uninitialized pipe array (RHEL-54012) - Fix potential use of uninitialized pipe array (RHEL-54012)
- Fix potential use of uninitialized pgp struct (RHEL-54013) - Fix potential use of uninitialized pgp struct (RHEL-54013)