Much like we now require the syslog plugin, do the same with audit. This
aligns with the RHEL content guidelines as well, which is the what the
referenced ticket is about.
Resolves: RHEL-139071
Install the plugin when the syslog provide is installed. Systemd
provides that name since journald handles the syslog facilities.
Resolves: RHEL-155272
We turn the old path (/var/lib/rpm) into a symlink when the migration is
done but then keep retriggering the migration service whenever rpm is
upgraded since the -d conditional is still true.
This has no actual effect since the rpmdb_migrate script does check
whether it's a symlink and bails out if so, but it causes unnecessary
noise in the journal, so fix that by checking for the symlink in the
%posttrans scriptlet right away.
Do the same in %pre, even though there the find command doesn't follow
symlinks by default so it won't produce any files to iterate over.
Still, fix that as well, if just for the sake of consistency.
Resolves: RHEL-96510
We decided to revert the downstream-only --addsign patch in the previous
commit but forgot to include a patch for rpmsign(8). (This has to be
done locally since Pandoc isn't available in RHEL.)
Related: RHEL-109221
Amend the original patch file for RHEL-87383, it missed a later fixup
commit, causing rpmbuild failures in the centos stream pipeline, uff.
Also backport a newly added test that covers this use case.
Related: RHEL-87383
The original 4.19.x tarball ships prebuilt man pages so just updating
the source .md file won't suffice, we need to either activate a rebuild
(by enabling BuildRequires: pandoc) or just patch the resulting file.
The latter seems easier and cleaner (Pandoc may not even be available on
the build hosts) so do just that.
Kudos to Jan Blazek for spotting!
Related: RHEL-73173
We need to rebuild once again since the new libimaevm.so.5 hadn't yet
passed the gating at the time of building the previous release 11 and so
it was still linked against libimaevm.so.4.
Related: RHEL-65378
Fix an oversight when introducing this: Sequoia defaults to ASCII armor
signatures whereas GnuPG defaults to binary signatures. We should create
binary signatures with sq too for consistency.
Related: RHEL-56363
Ship the Sequoia signing macros as a %doc you can easily just copy
to /etc/rpm to enable, this is much less hassle for what is more
of a tech-preview feature at this time.
Obsolete rpm-sign-gnupg and -sequoia in case somebody had these
installed on the stream, but these haven't been part of any official
(pre)release so we can drop them before GA.
Related: RHEL-56363
It turns out the subpackage itself is fine, we just need to adjust the
affected Beaker tests and make them cover the Sequoia backend as well.
This reverts commit 40c682ecfc.
Related: RHEL-56363
Running a build through the RHEL OSCI reveals some possible shortcomings
of the original design:
- Custom macros using %__gpg may now easily break if the Sequoia backend
is installed, such as those overriding %__gpg_sign_cmd where %__gpg is
typically the first argument, followed by CLI options only known to
GnuPG. This is exactly the case with some of our Beaker tests.
- Some tests attempt to install both subpackages directly with dnf which
obviously fails as they conflict with each other. This is just a test
issue, though.
Therefore, the boolean dependency in rpm-sign-libs declaring that both
implementations are equally compatible is just wrong, until we can prove
otherwise, by making the CI tests pass, for starters.
Drop the Sequoia subpackage for now. This is less drastic than a full
revert since the actual GnuPG split-off is still reasonable on its own.
We can always add Sequoia support back later, once we figure out the
above issues.
Related: RHEL-56363
Add new rpmsign-sequoia and rpmsign-gnupg subpackages which can be
used to switch between the two OpenPGP implementations for signing,
rpm-sign-libs just requires one of them to be present.
It's worth noting that unlike GnuPG, Sequoia doesn't accept names or
email addresses as the signer identifier, one needs to supply the actual key
fingerprint.
Resolves: RHEL-56363
This follows https://github.com/rpm-software-management/rpm/issues/2511
and moves the license string to only one place. No need to repeat it
in subpackages.
I did not include a changelog entry as there are five other PR waiting in a
queue, and that would conflict with them.
Tools have been moved into the tools/ directory in the tarball so update
the ./rpmdb path accordingly.
Also remove the README.md file that is installed from the docs/
directory and ends up alongside the project's README file for no good
reason. This is tracked upstream as:
https://github.com/rpm-software-management/rpm/issues/2811
