Merge branch 'c10s' into a10s
This commit is contained in:
commit
ec30123a8f
143
0001-Refactor-sign-command-expand-and-parse-out-of-runGPG.patch
Normal file
143
0001-Refactor-sign-command-expand-and-parse-out-of-runGPG.patch
Normal file
@ -0,0 +1,143 @@
|
|||||||
|
From 3b0a150af79668052bf5842b68341adbde016005 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-ID: <3b0a150af79668052bf5842b68341adbde016005.1728896192.git.pmatilai@redhat.com>
|
||||||
|
From: Panu Matilainen <pmatilai@redhat.com>
|
||||||
|
Date: Thu, 5 Sep 2024 09:07:26 +0300
|
||||||
|
Subject: [PATCH 1/3] Refactor sign command expand and parse out of runGPG()
|
||||||
|
|
||||||
|
We'll need the wider visibility of the executing command for the next
|
||||||
|
steps. While at it, ensure the parsed signing command is minimally
|
||||||
|
sufficient for what the code expects, ie has at least two items in
|
||||||
|
the array.
|
||||||
|
|
||||||
|
We now need two exit points, one for the case where we forked and one
|
||||||
|
where we didn't. Also the case where waitpid() failed entirely must
|
||||||
|
not return directly to avoid leaking, so merge it with the rest of
|
||||||
|
the error handling if instead.
|
||||||
|
|
||||||
|
(cherry picked from commit 2c9ad2bbc1d00010880076cd5c73e97ffcb946ed)
|
||||||
|
---
|
||||||
|
sign/rpmgensig.c | 51 ++++++++++++++++++++++++++++++----------------
|
||||||
|
tests/rpmsigdig.at | 8 ++++++++
|
||||||
|
2 files changed, 42 insertions(+), 17 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
|
||||||
|
index a9c3c3e06..7bbd63216 100644
|
||||||
|
--- a/sign/rpmgensig.c
|
||||||
|
+++ b/sign/rpmgensig.c
|
||||||
|
@@ -188,6 +188,29 @@ exit:
|
||||||
|
return sigtd;
|
||||||
|
}
|
||||||
|
|
||||||
|
+char ** signCmd(const char *sigfile)
|
||||||
|
+{
|
||||||
|
+ int argc = 0;
|
||||||
|
+ char **argv = NULL;
|
||||||
|
+
|
||||||
|
+ rpmPushMacro(NULL, "__plaintext_filename", NULL, "-", -1);
|
||||||
|
+ rpmPushMacro(NULL, "__signature_filename", NULL, sigfile, -1);
|
||||||
|
+
|
||||||
|
+ char *cmd = rpmExpand("%{?__gpg_sign_cmd}", NULL);
|
||||||
|
+
|
||||||
|
+ rpmPopMacro(NULL, "__plaintext_filename");
|
||||||
|
+ rpmPopMacro(NULL, "__signature_filename");
|
||||||
|
+
|
||||||
|
+ if (poptParseArgvString(cmd, &argc, (const char ***)&argv) < 0 || argc < 2) {
|
||||||
|
+ rpmlog(RPMLOG_ERR, _("Invalid sign command: %s\n"), cmd);
|
||||||
|
+ argv = _free(argv);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ free(cmd);
|
||||||
|
+
|
||||||
|
+ return argv;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static int runGPG(sigTarget sigt, const char *sigfile)
|
||||||
|
{
|
||||||
|
int pid = 0, status;
|
||||||
|
@@ -198,18 +221,17 @@ static int runGPG(sigTarget sigt, const char *sigfile)
|
||||||
|
ssize_t wantCount;
|
||||||
|
rpm_loff_t size;
|
||||||
|
int rc = 1; /* assume failure */
|
||||||
|
+ char **argv = NULL;
|
||||||
|
+
|
||||||
|
+ if ((argv = signCmd(sigfile)) == NULL)
|
||||||
|
+ goto exit_nowait;
|
||||||
|
|
||||||
|
if (pipe(pipefd) < 0) {
|
||||||
|
rpmlog(RPMLOG_ERR, _("Could not create pipe for signing: %m\n"));
|
||||||
|
- goto exit;
|
||||||
|
+ goto exit_nowait;
|
||||||
|
}
|
||||||
|
|
||||||
|
- rpmPushMacro(NULL, "__plaintext_filename", NULL, "-", -1);
|
||||||
|
- rpmPushMacro(NULL, "__signature_filename", NULL, sigfile, -1);
|
||||||
|
-
|
||||||
|
if (!(pid = fork())) {
|
||||||
|
- char *const *av;
|
||||||
|
- char *cmd = NULL;
|
||||||
|
const char *tty = ttyname(STDIN_FILENO);
|
||||||
|
const char *gpg_path = NULL;
|
||||||
|
|
||||||
|
@@ -223,19 +245,13 @@ static int runGPG(sigTarget sigt, const char *sigfile)
|
||||||
|
dup2(pipefd[0], STDIN_FILENO);
|
||||||
|
close(pipefd[1]);
|
||||||
|
|
||||||
|
- cmd = rpmExpand("%{?__gpg_sign_cmd}", NULL);
|
||||||
|
- rc = poptParseArgvString(cmd, NULL, (const char ***)&av);
|
||||||
|
- if (!rc)
|
||||||
|
- rc = execve(av[0], av+1, environ);
|
||||||
|
+ rc = execve(argv[0], argv+1, environ);
|
||||||
|
|
||||||
|
rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), "gpg",
|
||||||
|
strerror(errno));
|
||||||
|
_exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
|
- rpmPopMacro(NULL, "__plaintext_filename");
|
||||||
|
- rpmPopMacro(NULL, "__signature_filename");
|
||||||
|
-
|
||||||
|
close(pipefd[0]);
|
||||||
|
fpipe = fdopen(pipefd[1], "w");
|
||||||
|
if (!fpipe) {
|
||||||
|
@@ -280,14 +296,15 @@ exit:
|
||||||
|
|
||||||
|
if (reaped == -1) {
|
||||||
|
rpmlog(RPMLOG_ERR, _("gpg waitpid failed (%s)\n"), strerror(errno));
|
||||||
|
- return rc;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (!WIFEXITED(status) || WEXITSTATUS(status)) {
|
||||||
|
+ } else if (!WIFEXITED(status) || WEXITSTATUS(status)) {
|
||||||
|
rpmlog(RPMLOG_ERR, _("gpg exec failed (%d)\n"), WEXITSTATUS(status));
|
||||||
|
} else {
|
||||||
|
rc = 0;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+exit_nowait:
|
||||||
|
+ free(argv);
|
||||||
|
+
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
|
||||||
|
index b726e79ef..14dffc27a 100644
|
||||||
|
--- a/tests/rpmsigdig.at
|
||||||
|
+++ b/tests/rpmsigdig.at
|
||||||
|
@@ -1028,6 +1028,14 @@ cmp -s ${ORIG} ${NEW}; echo $?
|
||||||
|
],
|
||||||
|
[])
|
||||||
|
|
||||||
|
+RPMTEST_CHECK([
|
||||||
|
+run rpmsign --define "__gpg_sign_cmd mumble" --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
|
||||||
|
+],
|
||||||
|
+[1],
|
||||||
|
+[],
|
||||||
|
+[error: Invalid sign command: mumble
|
||||||
|
+])
|
||||||
|
+
|
||||||
|
# rpmsign --addsign <signed>
|
||||||
|
RPMTEST_CHECK([
|
||||||
|
RPMDB_INIT
|
||||||
|
--
|
||||||
|
2.47.0
|
||||||
|
|
129
0002-Eliminate-hardcoded-GPG-references-from-user-visible.patch
Normal file
129
0002-Eliminate-hardcoded-GPG-references-from-user-visible.patch
Normal file
@ -0,0 +1,129 @@
|
|||||||
|
From 3c1055628380d66934578060a4a6c678f1261456 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-ID: <3c1055628380d66934578060a4a6c678f1261456.1728896192.git.pmatilai@redhat.com>
|
||||||
|
In-Reply-To: <3b0a150af79668052bf5842b68341adbde016005.1728896192.git.pmatilai@redhat.com>
|
||||||
|
References: <3b0a150af79668052bf5842b68341adbde016005.1728896192.git.pmatilai@redhat.com>
|
||||||
|
From: Panu Matilainen <pmatilai@redhat.com>
|
||||||
|
Date: Thu, 5 Sep 2024 09:44:40 +0300
|
||||||
|
Subject: [PATCH 2/3] Eliminate hardcoded GPG references from user visible
|
||||||
|
messages
|
||||||
|
|
||||||
|
Use the OpenPGP standard name or the configured+parsed signing command
|
||||||
|
in messages as appropriate. Also detect if we're specifically using
|
||||||
|
gpg and only set up its environment in that case to avoid bleeding
|
||||||
|
those messages to innocent bypassers.
|
||||||
|
|
||||||
|
Fixes: #3274
|
||||||
|
(backported from commit a3cf4f674dd59c1c80f97780643c184e705518ce)
|
||||||
|
---
|
||||||
|
sign/rpmgensig.c | 42 +++++++++++++++++++++++++-----------------
|
||||||
|
tests/rpmsigdig.at | 9 +++++++++
|
||||||
|
2 files changed, 34 insertions(+), 17 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
|
||||||
|
index 7bbd63216..fb7368e14 100644
|
||||||
|
--- a/sign/rpmgensig.c
|
||||||
|
+++ b/sign/rpmgensig.c
|
||||||
|
@@ -232,23 +232,29 @@ static int runGPG(sigTarget sigt, const char *sigfile)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!(pid = fork())) {
|
||||||
|
- const char *tty = ttyname(STDIN_FILENO);
|
||||||
|
- const char *gpg_path = NULL;
|
||||||
|
-
|
||||||
|
- if (!getenv("GPG_TTY") && (!tty || setenv("GPG_TTY", tty, 0)))
|
||||||
|
- rpmlog(RPMLOG_WARNING, _("Could not set GPG_TTY to stdin: %m\n"));
|
||||||
|
-
|
||||||
|
- gpg_path = rpmExpand("%{?_gpg_path}", NULL);
|
||||||
|
- if (gpg_path && *gpg_path != '\0')
|
||||||
|
- (void) setenv("GNUPGHOME", gpg_path, 1);
|
||||||
|
+ /* GnuPG needs extra setup, try to see if that's what we're running */
|
||||||
|
+ char *out = rpmExpand("%(", argv[0], " --version 2> /dev/null)", NULL);
|
||||||
|
+ int using_gpg = (strstr(out, "GnuPG") != NULL);
|
||||||
|
+ if (using_gpg) {
|
||||||
|
+ const char *tty = ttyname(STDIN_FILENO);
|
||||||
|
+ const char *gpg_path = NULL;
|
||||||
|
+
|
||||||
|
+ if (!getenv("GPG_TTY") && (!tty || setenv("GPG_TTY", tty, 0)))
|
||||||
|
+ rpmlog(RPMLOG_WARNING, _("Could not set GPG_TTY to stdin: %m\n"));
|
||||||
|
+
|
||||||
|
+ gpg_path = rpmExpand("%{?_gpg_path}", NULL);
|
||||||
|
+ if (gpg_path && *gpg_path != '\0')
|
||||||
|
+ (void) setenv("GNUPGHOME", gpg_path, 1);
|
||||||
|
+ }
|
||||||
|
+ free(out);
|
||||||
|
|
||||||
|
dup2(pipefd[0], STDIN_FILENO);
|
||||||
|
close(pipefd[1]);
|
||||||
|
|
||||||
|
rc = execve(argv[0], argv+1, environ);
|
||||||
|
|
||||||
|
- rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), "gpg",
|
||||||
|
- strerror(errno));
|
||||||
|
+ rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), argv[0],
|
||||||
|
+ strerror(errno));
|
||||||
|
_exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -295,9 +301,11 @@ exit:
|
||||||
|
} while (reaped == -1 && errno == EINTR);
|
||||||
|
|
||||||
|
if (reaped == -1) {
|
||||||
|
- rpmlog(RPMLOG_ERR, _("gpg waitpid failed (%s)\n"), strerror(errno));
|
||||||
|
+ rpmlog(RPMLOG_ERR, _("%s waitpid failed (%s)\n"), argv[0],
|
||||||
|
+ strerror(errno));
|
||||||
|
} else if (!WIFEXITED(status) || WEXITSTATUS(status)) {
|
||||||
|
- rpmlog(RPMLOG_ERR, _("gpg exec failed (%d)\n"), WEXITSTATUS(status));
|
||||||
|
+ rpmlog(RPMLOG_ERR, _("%s exec failed (%d)\n"), argv[0],
|
||||||
|
+ WEXITSTATUS(status));
|
||||||
|
} else {
|
||||||
|
rc = 0;
|
||||||
|
}
|
||||||
|
@@ -328,13 +336,13 @@ static rpmtd makeGPGSignature(Header sigh, int ishdr, sigTarget sigt)
|
||||||
|
goto exit;
|
||||||
|
|
||||||
|
if (stat(sigfile, &st)) {
|
||||||
|
- /* GPG failed to write signature */
|
||||||
|
- rpmlog(RPMLOG_ERR, _("gpg failed to write signature\n"));
|
||||||
|
+ /* External command failed to write signature */
|
||||||
|
+ rpmlog(RPMLOG_ERR, _("failed to write signature\n"));
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
pktlen = st.st_size;
|
||||||
|
- rpmlog(RPMLOG_DEBUG, "GPG sig size: %zd\n", pktlen);
|
||||||
|
+ rpmlog(RPMLOG_DEBUG, "OpenPGP sig size: %zd\n", pktlen);
|
||||||
|
pkt = xmalloc(pktlen);
|
||||||
|
|
||||||
|
{ FD_t fd;
|
||||||
|
@@ -351,7 +359,7 @@ static rpmtd makeGPGSignature(Header sigh, int ishdr, sigTarget sigt)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- rpmlog(RPMLOG_DEBUG, "Got %zd bytes of GPG sig\n", pktlen);
|
||||||
|
+ rpmlog(RPMLOG_DEBUG, "Got %zd bytes of OpenPGP sig\n", pktlen);
|
||||||
|
|
||||||
|
/* Parse the signature, change signature tag as appropriate. */
|
||||||
|
sigtd = makeSigTag(sigh, ishdr, pkt, pktlen);
|
||||||
|
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
|
||||||
|
index 14dffc27a..d19f85d04 100644
|
||||||
|
--- a/tests/rpmsigdig.at
|
||||||
|
+++ b/tests/rpmsigdig.at
|
||||||
|
@@ -1036,6 +1036,15 @@ run rpmsign --define "__gpg_sign_cmd mumble" --key-id 1964C5FC --addsign "${RPMT
|
||||||
|
[error: Invalid sign command: mumble
|
||||||
|
])
|
||||||
|
|
||||||
|
+RPMTEST_CHECK([
|
||||||
|
+run rpmsign --define "__gpg /gnus/not/here" --key-id 1964C5FC --addsign "${RPMTEST}"/tmp/hello-2.0-1.x86_64.rpm > /dev/null
|
||||||
|
+],
|
||||||
|
+[1],
|
||||||
|
+[],
|
||||||
|
+[error: Could not exec /gnus/not/here: No such file or directory
|
||||||
|
+error: /gnus/not/here exec failed (1)
|
||||||
|
+])
|
||||||
|
+
|
||||||
|
# rpmsign --addsign <signed>
|
||||||
|
RPMTEST_CHECK([
|
||||||
|
RPMDB_INIT
|
||||||
|
--
|
||||||
|
2.47.0
|
||||||
|
|
35
0003-Declare-signCmd-static.patch
Normal file
35
0003-Declare-signCmd-static.patch
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
From 2029533d7878a58874cda061d13c6188f4b3aed1 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-ID: <2029533d7878a58874cda061d13c6188f4b3aed1.1728896192.git.pmatilai@redhat.com>
|
||||||
|
In-Reply-To: <3b0a150af79668052bf5842b68341adbde016005.1728896192.git.pmatilai@redhat.com>
|
||||||
|
References: <3b0a150af79668052bf5842b68341adbde016005.1728896192.git.pmatilai@redhat.com>
|
||||||
|
From: Michal Domonkos <mdomonko@redhat.com>
|
||||||
|
Date: Mon, 9 Sep 2024 15:19:52 +0200
|
||||||
|
Subject: [PATCH 3/3] Declare signCmd() static
|
||||||
|
|
||||||
|
Commit 2c9ad2bbc1d00010880076cd5c73e97ffcb946ed added this new helper
|
||||||
|
function for internal use and depite a missing declaration, the compiler
|
||||||
|
defaulting to WITH_CXX=ON on master chugged along just fine... only
|
||||||
|
until porting the same commit to a C-only branch (hello rpm-4.20.x)
|
||||||
|
where it now produces a warning, oops.
|
||||||
|
|
||||||
|
(cherry picked from commit a7784eccd9de674e97fc9577434334060b3abd23)
|
||||||
|
---
|
||||||
|
sign/rpmgensig.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/sign/rpmgensig.c b/sign/rpmgensig.c
|
||||||
|
index fb7368e14..d7d58fd4f 100644
|
||||||
|
--- a/sign/rpmgensig.c
|
||||||
|
+++ b/sign/rpmgensig.c
|
||||||
|
@@ -188,7 +188,7 @@ exit:
|
||||||
|
return sigtd;
|
||||||
|
}
|
||||||
|
|
||||||
|
-char ** signCmd(const char *sigfile)
|
||||||
|
+static char ** signCmd(const char *sigfile)
|
||||||
|
{
|
||||||
|
int argc = 0;
|
||||||
|
char **argv = NULL;
|
||||||
|
--
|
||||||
|
2.47.0
|
||||||
|
|
22
macros.rpmsign-gnupg
Normal file
22
macros.rpmsign-gnupg
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
#==============================================================================
|
||||||
|
# ---- GPG signature macros.
|
||||||
|
# The signature to use and the location of configuration files for
|
||||||
|
# signing packages with GNU gpg.
|
||||||
|
#
|
||||||
|
#%_gpg_name
|
||||||
|
#%_gpg_path
|
||||||
|
|
||||||
|
%__gpg /usr/bin/gpg2
|
||||||
|
|
||||||
|
# Macro(s) to hold the arguments passed to GPG/PGP for package
|
||||||
|
# signing. Expansion result is parsed by popt, so be sure to use
|
||||||
|
# %{shescape} where needed.
|
||||||
|
#
|
||||||
|
%__gpg_sign_cmd %{shescape:%{__gpg}} \
|
||||||
|
gpg --no-verbose --no-armor --no-secmem-warning \
|
||||||
|
%{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \
|
||||||
|
%{?_gpg_sign_cmd_extra_args} \
|
||||||
|
%{?_gpg_name:-u %{shescape:%{_gpg_name}}} \
|
||||||
|
-sbo %{shescape:%{?__signature_filename}} \
|
||||||
|
%{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}
|
||||||
|
|
59
rpm-4.19.1.1-nogpg.patch
Normal file
59
rpm-4.19.1.1-nogpg.patch
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
diff -up rpm-4.19.1.1/macros.in.nogpg rpm-4.19.1.1/macros.in
|
||||||
|
--- rpm-4.19.1.1/macros.in.nogpg 2024-10-14 10:01:22.265773552 +0300
|
||||||
|
+++ rpm-4.19.1.1/macros.in 2024-10-14 10:02:32.245317535 +0300
|
||||||
|
@@ -30,7 +30,6 @@
|
||||||
|
%__chown @__CHOWN@
|
||||||
|
%__cp @__CP@
|
||||||
|
%__file @__FILE@
|
||||||
|
-%__gpg @__GPG@
|
||||||
|
%__grep @__GREP@
|
||||||
|
%__gzip @__GZIP@
|
||||||
|
%__id @__ID@
|
||||||
|
@@ -321,12 +320,6 @@ Supplements: (%{name} = %{version}-%{r
|
||||||
|
# marked as %doc should be installed.
|
||||||
|
#%_excludedocs
|
||||||
|
|
||||||
|
-# The signature to use and the location of configuration files for
|
||||||
|
-# signing packages with GNU gpg.
|
||||||
|
-#
|
||||||
|
-#%_gpg_name
|
||||||
|
-#%_gpg_path
|
||||||
|
-
|
||||||
|
# The port and machine name of an HTTP proxy host (used for FTP/HTTP).
|
||||||
|
#
|
||||||
|
#%_httpport
|
||||||
|
@@ -595,10 +588,10 @@ Supplements: (%{name} = %{version}-%{r
|
||||||
|
%_fileattrsdir %{_rpmconfigdir}/fileattrs
|
||||||
|
|
||||||
|
# This macro defines how much space (in bytes) in package should be
|
||||||
|
-# reserved for gpg signatures during building of a package. If this space is
|
||||||
|
-# big enough for gpg signatures to fit into it then signing of the packages is
|
||||||
|
+# reserved for OpenPGP signatures during building of a package. If this space
|
||||||
|
+# big enough for the signature to fit into it then signing of the packages is
|
||||||
|
# very quick because it is not necessary to rewrite the whole package to make
|
||||||
|
-# some space for gpg signatures.
|
||||||
|
+# some space for the signature.
|
||||||
|
%__gpg_reserved_space 4096
|
||||||
|
|
||||||
|
#==============================================================================
|
||||||
|
@@ -613,20 +606,6 @@ Supplements: (%{name} = %{version}-%{r
|
||||||
|
%_db_backend @DB_BACKEND@
|
||||||
|
|
||||||
|
#==============================================================================
|
||||||
|
-# ---- GPG/PGP/PGP5 signature macros.
|
||||||
|
-# Macro(s) to hold the arguments passed to GPG/PGP for package
|
||||||
|
-# signing. Expansion result is parsed by popt, so be sure to use
|
||||||
|
-# %{shescape} where needed.
|
||||||
|
-#
|
||||||
|
-%__gpg_sign_cmd %{shescape:%{__gpg}} \
|
||||||
|
- gpg --no-verbose --no-armor --no-secmem-warning \
|
||||||
|
- %{?_gpg_digest_algo:--digest-algo=%{_gpg_digest_algo}} \
|
||||||
|
- %{?_gpg_sign_cmd_extra_args} \
|
||||||
|
- %{?_gpg_name:-u %{shescape:%{_gpg_name}}} \
|
||||||
|
- -sbo %{shescape:%{?__signature_filename}} \
|
||||||
|
- %{?__plaintext_filename:-- %{shescape:%{__plaintext_filename}}}
|
||||||
|
-
|
||||||
|
-#==============================================================================
|
||||||
|
# ---- Transaction macros.
|
||||||
|
# Macro(s) used to parameterize transactions.
|
||||||
|
#
|
50
rpm.spec
50
rpm.spec
@ -27,7 +27,7 @@
|
|||||||
|
|
||||||
%global rpmver 4.19.1.1
|
%global rpmver 4.19.1.1
|
||||||
#global snapver rc1
|
#global snapver rc1
|
||||||
%global baserelease 3
|
%global baserelease 7
|
||||||
%global sover 10
|
%global sover 10
|
||||||
|
|
||||||
%global srcver %{rpmver}%{?snapver:-%{snapver}}
|
%global srcver %{rpmver}%{?snapver:-%{snapver}}
|
||||||
@ -36,7 +36,7 @@
|
|||||||
Summary: The RPM package management system
|
Summary: The RPM package management system
|
||||||
Name: rpm
|
Name: rpm
|
||||||
Version: %{rpmver}
|
Version: %{rpmver}
|
||||||
Release: %{?snapver:0.%{snapver}.}%{baserelease}%{?dist}.alma.2
|
Release: %{?snapver:0.%{snapver}.}%{baserelease}%{?dist}.alma.1
|
||||||
Url: http://www.rpm.org/
|
Url: http://www.rpm.org/
|
||||||
License: GPL-2.0-or-later
|
License: GPL-2.0-or-later
|
||||||
Source0: http://ftp.rpm.org/releases/%{srcdir}/rpm-%{srcver}.tar.bz2
|
Source0: http://ftp.rpm.org/releases/%{srcdir}/rpm-%{srcver}.tar.bz2
|
||||||
@ -46,6 +46,8 @@ Source10: rpmdb-rebuild.service
|
|||||||
Source20: rpmdb-migrate.service
|
Source20: rpmdb-migrate.service
|
||||||
Source21: rpmdb_migrate
|
Source21: rpmdb_migrate
|
||||||
|
|
||||||
|
Source31: macros.rpmsign-gnupg
|
||||||
|
|
||||||
Requires: coreutils
|
Requires: coreutils
|
||||||
Requires: popt%{_isa} >= 1.10.2.1
|
Requires: popt%{_isa} >= 1.10.2.1
|
||||||
Requires: curl
|
Requires: curl
|
||||||
@ -138,11 +140,18 @@ rpm-4.9.90-no-man-dirs.patch
|
|||||||
rpm-4.18.92-disable-sysusers.patch
|
rpm-4.18.92-disable-sysusers.patch
|
||||||
rpm-4.18.90-weak-user-group.patch
|
rpm-4.18.90-weak-user-group.patch
|
||||||
|
|
||||||
|
# We supply gpg config separately, remove gpg stuff from main macros
|
||||||
|
rpm-4.19.1.1-nogpg.patch
|
||||||
|
|
||||||
# Patches already upstream:
|
# Patches already upstream:
|
||||||
0001-Fix-potential-use-of-uninitialized-pipe-array.patch
|
0001-Fix-potential-use-of-uninitialized-pipe-array.patch
|
||||||
0001-Fix-potential-use-of-uninitialized-pgp-struct.patch
|
0001-Fix-potential-use-of-uninitialized-pgp-struct.patch
|
||||||
0001-Fix-memory-leak-in-rpmsign.patch
|
0001-Fix-memory-leak-in-rpmsign.patch
|
||||||
|
|
||||||
|
0001-Refactor-sign-command-expand-and-parse-out-of-runGPG.patch
|
||||||
|
0002-Eliminate-hardcoded-GPG-references-from-user-visible.patch
|
||||||
|
0003-Declare-signCmd-static.patch
|
||||||
|
|
||||||
# These are not yet upstream
|
# These are not yet upstream
|
||||||
rpm-4.7.1-geode-i686.patch
|
rpm-4.7.1-geode-i686.patch
|
||||||
|
|
||||||
@ -177,11 +186,19 @@ This package contains the RPM shared libraries for building packages.
|
|||||||
%package sign-libs
|
%package sign-libs
|
||||||
Summary: Libraries for signing RPM packages
|
Summary: Libraries for signing RPM packages
|
||||||
Requires: rpm-libs%{_isa} = %{version}-%{release}
|
Requires: rpm-libs%{_isa} = %{version}-%{release}
|
||||||
Requires: %{_bindir}/gpg2
|
Requires(meta): rpm-sign-gnupg
|
||||||
|
|
||||||
%description sign-libs
|
%description sign-libs
|
||||||
This package contains the RPM shared libraries for signing packages.
|
This package contains the RPM shared libraries for signing packages.
|
||||||
|
|
||||||
|
%package sign-gnupg
|
||||||
|
Summary: Support for signing RPM packages using GnuPG
|
||||||
|
Requires: gnupg2
|
||||||
|
Requires(meta): rpm-sign-libs%{_isa} >= %{version}-%{release}
|
||||||
|
|
||||||
|
%description sign-gnupg
|
||||||
|
This package provides configuration for signing RPM packages using GnuPG.
|
||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Development files for manipulating RPM packages
|
Summary: Development files for manipulating RPM packages
|
||||||
License: GPL-2.0-or-later OR LGPL-2.1-or-later
|
License: GPL-2.0-or-later OR LGPL-2.1-or-later
|
||||||
@ -426,6 +443,9 @@ rm -rf $RPM_BUILD_ROOT/var/tmp
|
|||||||
# workaround for https://github.com/rpm-software-management/rpm/issues/2811
|
# workaround for https://github.com/rpm-software-management/rpm/issues/2811
|
||||||
rm $RPM_BUILD_ROOT/%{_defaultdocdir}/rpm/README.md
|
rm $RPM_BUILD_ROOT/%{_defaultdocdir}/rpm/README.md
|
||||||
|
|
||||||
|
# Signing macros for GnuPG
|
||||||
|
install -m 644 %{SOURCE31} $RPM_BUILD_ROOT/%{rpmhome}/macros.d
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
# Symlink all rpmdb files to the new location if we're still using /var/lib/rpm
|
# Symlink all rpmdb files to the new location if we're still using /var/lib/rpm
|
||||||
if [ -d /var/lib/rpm ]; then
|
if [ -d /var/lib/rpm ]; then
|
||||||
@ -488,7 +508,7 @@ fi
|
|||||||
|
|
||||||
%attr(0755, root, root) %dir %{rpmhome}
|
%attr(0755, root, root) %dir %{rpmhome}
|
||||||
%{rpmhome}/macros
|
%{rpmhome}/macros
|
||||||
%{rpmhome}/macros.d
|
%dir %{rpmhome}/macros.d
|
||||||
%{rpmhome}/lua
|
%{rpmhome}/lua
|
||||||
%{rpmhome}/rpmpopt*
|
%{rpmhome}/rpmpopt*
|
||||||
%{rpmhome}/rpmrc
|
%{rpmhome}/rpmrc
|
||||||
@ -563,6 +583,9 @@ fi
|
|||||||
%{_libdir}/librpmsign.so.%{sover}
|
%{_libdir}/librpmsign.so.%{sover}
|
||||||
%{_libdir}/librpmsign.so.%{sover}.*
|
%{_libdir}/librpmsign.so.%{sover}.*
|
||||||
|
|
||||||
|
%files sign-gnupg
|
||||||
|
%{rpmhome}/macros.d/macros.rpmsign-gnupg
|
||||||
|
|
||||||
%files build
|
%files build
|
||||||
%{_bindir}/rpmbuild
|
%{_bindir}/rpmbuild
|
||||||
%{_bindir}/gendiff
|
%{_bindir}/gendiff
|
||||||
@ -619,12 +642,23 @@ fi
|
|||||||
%doc %{_defaultdocdir}/rpm/API/
|
%doc %{_defaultdocdir}/rpm/API/
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Oct 16 2024 Eduard Abdullin <eabdullin@almalinux.org> - 4.19.1.1-3.alma.2
|
* Tue Dec 10 2024 Eduard Abdullin <eabdullin@almalinux.org> - 4.19.1.1-7.alma.1
|
||||||
- Update patch: Fix: Treat x86_64_v2 as x86_64 in architecture checks
|
|
||||||
|
|
||||||
* Thu Aug 01 2024 Eduard Abdullin <eabdullin@almalinux.org> - 4.19.1.1-3.alma.1
|
|
||||||
- Fix: Treat x86_64_v2 as x86_64 in architecture checks
|
- Fix: Treat x86_64_v2 as x86_64 in architecture checks
|
||||||
|
|
||||||
|
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 4.19.1.1-7
|
||||||
|
- Bump release for October 2024 mass rebuild:
|
||||||
|
Resolves: RHEL-64018
|
||||||
|
|
||||||
|
* Fri Oct 25 2024 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-6
|
||||||
|
- Revert Sequoia signing support for now, breaks CI
|
||||||
|
|
||||||
|
* Fri Oct 25 2024 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-5
|
||||||
|
- Fix Conflicts in new rpm-sign backends
|
||||||
|
|
||||||
|
* Mon Oct 14 2024 Panu Matilainen <pmatilai@redhat.com> - 4.19.1.1-4
|
||||||
|
- Remove hardcoded GPG references from signing error messages
|
||||||
|
- Support switching between GnuPG and Sequoia for package signing (RHEL-56363)
|
||||||
|
|
||||||
* Tue Aug 13 2024 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-3
|
* Tue Aug 13 2024 Michal Domonkos <mdomonko@redhat.com> - 4.19.1.1-3
|
||||||
- Fix potential use of uninitialized pipe array (RHEL-54012)
|
- Fix potential use of uninitialized pipe array (RHEL-54012)
|
||||||
- Fix potential use of uninitialized pgp struct (RHEL-54013)
|
- Fix potential use of uninitialized pgp struct (RHEL-54013)
|
||||||
|
Loading…
Reference in New Issue
Block a user