rpms
/
rpm
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to 4.19 alpha2

This commit is contained in:
Michal Domonkos 2023-06-09 15:59:13 +02:00
parent 096af0fd5f
commit 4c1728e423
10 changed files with 8 additions and 618 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -57,3 +57,4 @@
/rpm-4.18.0.tar.bz2
/rpm-4.18.1.tar.bz2
/rpm-4.18.90.tar.bz2
/rpm-4.18.91.tar.bz2

361
0001-Add-pgpVerifySignature2-and-pgpPrtParams2.patch
View File

@ -1,361 +0,0 @@
From 87b9e0c28c3df3937f6676ee1b4164d6154dd9d3 Mon Sep 17 00:00:00 2001
From: "Neal H. Walfield" <neal@pep.foundation>
Date: Wed, 12 Apr 2023 17:56:19 +0200
Subject: [PATCH] Add pgpVerifySignature2() and pgpPrtParams2()
Add new functions pgpVerifySignature2() and pgpPrtParams2(), which are
like their earlier versions, but optionally return descriptive error
messages (in the case of failure) or lints (in the case of success).
Adjust tests accordingly.
This requires rpm-sequoia 1.4 or later.
See https://github.com/rpm-software-management/rpm-sequoia/issues/39
and
https://github.com/rpm-software-management/rpm/issues/2127#issuecomment-1482646398
Fixes #2483.
---
ci/Dockerfile | 2 ++
include/rpm/rpmpgp.h | 23 +++++++++++++++++++
lib/rpmvs.c | 19 +++++++++++++---
rpmio/CMakeLists.txt | 2 +-
rpmio/rpmkeyring.c | 7 +++++-
rpmio/rpmpgp_internal.c | 15 +++++++++++++
rpmio/rpmpgp_sequoia.c | 7 ++++++
tests/rpmi.at | 10 +++++++--
tests/rpmsigdig.at | 50 +++++++++++++++++++++++++++++++----------
9 files changed, 116 insertions(+), 19 deletions(-)
diff --git a/ci/Dockerfile b/ci/Dockerfile
index d8f808962..552934fcd 100644
--- a/ci/Dockerfile
+++ b/ci/Dockerfile
@@ -7,6 +7,8 @@ RUN sed -i -e "s:^enabled=.$:enabled=0:g" /etc/yum.repos.d/*openh264.repo
# dummy for controlling per-repo gpgcheck via Semaphore setup
RUN sed -i -e "s:^gpgcheck=.$:gpgcheck=1:g" /etc/yum.repos.d/*.repo
RUN dnf -y update
+# until 1.4.0 lands in stable
+RUN dnf -y --enablerepo=updates-testing install "rpm-sequoia-devel >= 1.4.0"
RUN dnf -y install \
autoconf \
cmake \
diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h
index 87a2a5bd2..675cbad73 100644
--- a/include/rpm/rpmpgp.h
+++ b/include/rpm/rpmpgp.h
@@ -1009,6 +1009,18 @@ int pgpPubkeyKeyID(const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid);
int pgpPrtParams(const uint8_t *pkts, size_t pktlen, unsigned int pkttype,
pgpDigParams * ret);
+/** \ingroup rpmpgp
+ * Parse a OpenPGP packet(s).
+ * @param pkts OpenPGP packet(s)
+ * @param pktlen OpenPGP packet(s) length (no. of bytes)
+ * @param pkttype Expected packet type (signature/key) or 0 for any
+ * @param[out] ret signature/pubkey packet parameters on success (alloced)
+ * @param[out] lints error messages and lints
+ * @return -1 on error, 0 on success
+ */
+int pgpPrtParams2(const uint8_t *pkts, size_t pktlen, unsigned int pkttype,
+ pgpDigParams * ret, char **lints);
+
/** \ingroup rpmpgp
* Parse subkey parameters from OpenPGP packet(s).
* @param pkts OpenPGP packet(s)
@@ -1186,6 +1198,17 @@ pgpDigParams pgpDigParamsFree(pgpDigParams digp);
*/
rpmRC pgpVerifySignature(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx);
+/** \ingroup rpmpgp
+ * Verify a PGP signature and return a error message or lint.
+ * @param key public key
+ * @param sig signature
+ * @param hashctx digest context
+ * @param lints error messages and lints
+ * @return RPMRC_OK on success
+ */
+rpmRC pgpVerifySignature2(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx,
+ char **lints);
+
/** \ingroup rpmpgp
* Return the type of a PGP signature. If `sig` is NULL, or is not a signature,
* returns -1.
diff --git a/lib/rpmvs.c b/lib/rpmvs.c
index a1425ea17..9b2106927 100644
--- a/lib/rpmvs.c
+++ b/lib/rpmvs.c
@@ -193,10 +193,23 @@ static void rpmsinfoInit(const struct vfyinfo_s *vinfo,
}
if (sinfo->type == RPMSIG_SIGNATURE_TYPE) {
- if (pgpPrtParams(data, dlen, PGPTAG_SIGNATURE, &sinfo->sig)) {
- rasprintf(&sinfo->msg, _("%s tag %u: invalid OpenPGP signature"),
- origin, td->tag);
+ char *lints = NULL;
+ int ec = pgpPrtParams2(data, dlen, PGPTAG_SIGNATURE, &sinfo->sig, &lints);
+ if (ec) {
+ if (lints) {
+ rasprintf(&sinfo->msg,
+ ("%s tag %u: invalid OpenPGP signature: %s"),
+ origin, td->tag, lints);
+ free(lints);
+ } else {
+ rasprintf(&sinfo->msg,
+ _("%s tag %u: invalid OpenPGP signature"),
+ origin, td->tag);
+ }
goto exit;
+ } else if (lints) {
+ rpmlog(RPMLOG_WARNING, "%s\n", lints);
+ free(lints);
}
sinfo->hashalgo = pgpDigParamsAlgo(sinfo->sig, PGPVAL_HASHALGO);
sinfo->keyid = pgpGrab(pgpDigParamsSignID(sinfo->sig)+4, 4);
diff --git a/rpmio/CMakeLists.txt b/rpmio/CMakeLists.txt
index 2fb5794b0..6aa9ab1f1 100644
--- a/rpmio/CMakeLists.txt
+++ b/rpmio/CMakeLists.txt
@@ -21,7 +21,7 @@ if (WITH_INTERNAL_OPENPGP)
target_link_libraries(librpmio PRIVATE PkgConfig::LIBGCRYPT)
endif()
else()
- pkg_check_modules(RPMSEQUOIA REQUIRED IMPORTED_TARGET rpm-sequoia>=1.3.0)
+ pkg_check_modules(RPMSEQUOIA REQUIRED IMPORTED_TARGET rpm-sequoia>=1.4.0)
target_sources(librpmio PRIVATE rpmpgp_sequoia.c)
target_link_libraries(librpmio PRIVATE PkgConfig::RPMSEQUOIA)
endif()
diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c
index 166ee43a2..e3eb9e6ea 100644
--- a/rpmio/rpmkeyring.c
+++ b/rpmio/rpmkeyring.c
@@ -276,7 +276,12 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
pgpkey = key->pgpkey;
/* We call verify even if key not found for a signature sanity check */
- rc = pgpVerifySignature(pgpkey, sig, ctx);
+ char *lints = NULL;
+ rc = pgpVerifySignature2(pgpkey, sig, ctx, &lints);
+ if (lints) {
+ rpmlog(rc ? RPMLOG_ERR : RPMLOG_WARNING, "%s\n", lints);
+ free(lints);
+ }
}
if (keyring)
diff --git a/rpmio/rpmpgp_internal.c b/rpmio/rpmpgp_internal.c
index ce1d3c27d..82972bcc8 100644
--- a/rpmio/rpmpgp_internal.c
+++ b/rpmio/rpmpgp_internal.c
@@ -1043,6 +1043,14 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
return rc;
}
+int pgpPrtParams2(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
+ pgpDigParams * ret, char **lints)
+{
+ if (lints)
+ *lints = NULL;
+ return pgpPrtParams(pkts, pktlen, pkttype, ret);
+}
+
int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen,
pgpDigParams mainkey, pgpDigParams **subkeys,
int *subkeysCount)
@@ -1179,6 +1187,13 @@ exit:
}
+rpmRC pgpVerifySignature2(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx, char **lints)
+{
+ if (lints)
+ *lints = NULL;
+ return pgpVerifySignature(key, sig, hashctx);
+}
+
static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
{
const char * enc = NULL;
diff --git a/rpmio/rpmpgp_sequoia.c b/rpmio/rpmpgp_sequoia.c
index c6434270a..d0b673953 100644
--- a/rpmio/rpmpgp_sequoia.c
+++ b/rpmio/rpmpgp_sequoia.c
@@ -36,6 +36,9 @@ W(uint32_t, pgpDigParamsCreationTime, (pgpDigParams digp), (digp))
W(rpmRC, pgpVerifySignature,
(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx),
(key, sig, hashctx))
+W(rpmRC, pgpVerifySignature2,
+ (pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx, char **lints),
+ (key, sig, hashctx, lints))
W(int, pgpPubkeyKeyID,
(const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid),
(pkt, pktlen, keyid))
@@ -51,6 +54,10 @@ W(int, pgpPubKeyCertLen,
W(int, pgpPrtParams,
(const uint8_t *pkts, size_t pktlen, unsigned int pkttype, pgpDigParams *ret),
(pkts, pktlen, pkttype, ret))
+W(int, pgpPrtParams2,
+ (const uint8_t *pkts, size_t pktlen, unsigned int pkttype, pgpDigParams *ret,
+ char **lints),
+ (pkts, pktlen, pkttype, ret, lints))
W(int, pgpPrtParamsSubkeys,
(const uint8_t *pkts, size_t pktlen,
pgpDigParams mainkey, pgpDigParams **subkeys,
diff --git a/tests/rpmi.at b/tests/rpmi.at
index 9d74cf689..423d97bca 100644
--- a/tests/rpmi.at
+++ b/tests/rpmi.at
@@ -342,7 +342,7 @@ AT_CLEANUP
AT_SETUP([rpm -U <corrupted signed 1>])
AT_KEYWORDS([install])
-AT_CHECK([
+AT_CHECK_UNQUOTED([
RPMDB_INIT
pkg="hello-2.0-1.x86_64-signed.rpm"
@@ -355,7 +355,13 @@ runroot rpm -U --ignorearch --ignoreos --nodeps \
],
[1],
[],
-[error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)
+[`if test x$PGP = xinternal; then
+ echo 'error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)'
+else
+ echo 'error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:'
+ echo ' Failed to parse Signature Packet'
+ echo ' because: Malformed packet: Subpacket extends beyond the end of the subpacket area)'
+fi`
error: /tmp/hello-2.0-1.x86_64-signed.rpm cannot be installed
])
AT_CLEANUP
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
index 9fb3febc9..df1f669e4 100644
--- a/tests/rpmsigdig.at
+++ b/tests/rpmsigdig.at
@@ -386,17 +386,17 @@ AT_CHECK([
RPMDB_INIT
echo Checking package before importing key:
-runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
+runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
echo Importing key:
-runroot rpmkeys --quiet --import /data/keys/alice-expired-subkey.asc; echo $?
+runroot rpmkeys --quiet --import /data/keys/alice-expired-subkey.asc 2>&1; echo $?
echo Checking for key:
runroot rpm -qi gpg-pubkey-eb04e625-* | grep Version | head -n1
echo Checking package after importing key:
-runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
+runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
echo Checking package after importing key, no digest:
-runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
+runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
echo Checking package after importing key, no signature:
-runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
+runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
],
[0],
[[Checking package before importing key:
@@ -416,6 +416,10 @@ Checking for key:
Version : eb04e625
Checking package after importing key:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
+error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
+ Key 1F71177215217EE0 invalid: key is not alive
+ because: The subkey is not live
+ because: Expired on 2022-04-12T00:00:15Z
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
Header DSA signature: NOTFOUND
Header SHA256 digest: OK
@@ -427,6 +431,10 @@ Checking package after importing key:
1
Checking package after importing key, no digest:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
+error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
+ Key 1F71177215217EE0 invalid: key is not alive
+ because: The subkey is not live
+ because: Expired on 2022-04-12T00:00:15Z
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
Header DSA signature: NOTFOUND
RSA signature: NOTFOUND
@@ -455,15 +463,15 @@ RPMDB_INIT
echo Checking package before importing key:
runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
echo Importing key:
-runroot rpmkeys --quiet --import /data/keys/alice-revoked-subkey.asc; echo $?
+runroot rpmkeys --quiet --import /data/keys/alice-revoked-subkey.asc 2>&1; echo $?
echo Checking for key:
runroot rpm -qi gpg-pubkey-eb04e625-* | grep Version | head -n1
echo Checking package after importing key:
-runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
+runroot rpmkeys --define '_pkgverify_level all' -Kv /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
echo Checking package after importing key, no digest:
-runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
+runroot rpmkeys --define '_pkgverify_level all' -Kv --nodigest /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
echo Checking package after importing key, no signature:
-runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm; echo $?
+runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm 2>&1; echo $?
],
[0],
[[Checking package before importing key:
@@ -483,6 +491,8 @@ Checking for key:
Version : eb04e625
Checking package after importing key:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
+error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
+ Key 1F71177215217EE0 is invalid: key is revoked
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
Header DSA signature: NOTFOUND
Header SHA256 digest: OK
@@ -494,6 +504,8 @@ Checking package after importing key:
1
Checking package after importing key, no digest:
/data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
+error: Verifying a signature using certificate B6542F92F30650C36B6F41BCB3A771BFEB04E625 (Alice <alice@example.org>):
+ Key 1F71177215217EE0 is invalid: key is revoked
Header V4 RSA/SHA512 Signature, key ID 15217ee0: NOTTRUSTED
Header DSA signature: NOTFOUND
RSA signature: NOTFOUND
@@ -740,7 +752,7 @@ AT_CLEANUP
# Test pre-built corrupted package verification (corrupted signature)
AT_SETUP([rpmkeys -Kv <corrupted signed> 1])
AT_KEYWORDS([rpmkeys digest signature])
-AT_CHECK([
+AT_CHECK_UNQUOTED([
RPMDB_INIT
pkg="hello-2.0-1.x86_64-signed.rpm"
@@ -754,14 +766,28 @@ runroot rpmkeys -Kv /tmp/${pkg}
],
[1],
[/tmp/hello-2.0-1.x86_64-signed.rpm:
- Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)
+`if test x$PGP = xinternal; then
+ echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)'
+else
+ echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:'
+ echo ' Failed to parse Signature Packet'
+ echo ' because: Signature appears to be created by a non-conformant OpenPGP implementation, see <https://github.com/rpm-software-management/rpm/issues/2351>.'
+ echo ' because: Malformed MPI: leading bit is not set: expected bit 1 to be set in 0 (0))'
+fi`
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
MD5 digest: OK
/tmp/hello-2.0-1.x86_64-signed.rpm:
- Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)
+`if test x$PGP = xinternal; then
+ echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)'
+else
+ echo ' Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:'
+ echo ' Failed to parse Signature Packet'
+ echo ' because: Signature appears to be created by a non-conformant OpenPGP implementation, see <https://github.com/rpm-software-management/rpm/issues/2351>.'
+ echo ' because: Malformed MPI: leading bit is not set: expected bit 1 to be set in 0 (0))'
+fi`
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
--
2.40.1

61
0001-Enable-large-file-support-on-32-bit-systems-again.patch
View File

@ -1,61 +0,0 @@
From 2df8008d22b58f87fe665de0fa8c5bbeb4b4a3d8 Mon Sep 17 00:00:00 2001
From: Michal Domonkos <mdomonko@redhat.com>
Date: Wed, 17 May 2023 12:39:47 +0200
Subject: [PATCH] Enable large file support on 32-bit systems again
Replace 32-bit sizes in types like off_t with 64-bits when building on
32-bit architectures, to enable large file support there.
This fixes a nasty regression introduced in the cmake transition. As
autotools would set this flag to 64 automatically for us, applications
linking against librpm (such as libdnf, librepo, libsolv or drpm) are
already adapted to that and are also building with the value of 64
(explicitly, we never exported this flag through pkg-config ourselves).
However, us suddenly expecting 32-bits in those types on 32-bit systems
can blow up badly e.g. in functions that take an off_t parameter, like
Fseek().
There perhaps aren't that many low-level users of librpm but drpm is one
such example where exactly this happens when built against our current
master. It calls headerRead(), leading to Fseek() which receives a
64-bit offset parameter where it expects a 32-bit one, thus silently
overwriting the following parameter from 1 to 0 (SEEK_CUR to SEEK_SET)
which messes up the whole reading sequence in drpm's rpm_read(),
producing a failure in drpm's test suite that doesn't make any sense at
first sight.
While at it, also export the flag through pkg-config so that anyone
linking against librpm is now guaranteed to work correctly even if they
don't set the flag themselves (kudos to Petr Pisar for suggesting this).
---
CMakeLists.txt | 1 +
rpm.pc.in | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index b006ed34e..dc28fd547 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -52,6 +52,7 @@ set(CMAKE_SHARED_MODULE_PREFIX "")
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
include(GNUInstallDirs)
add_compile_definitions(_GNU_SOURCE)
+add_definitions(-D_FILE_OFFSET_BITS=64)
function(makemacros)
set(prefix ${CMAKE_INSTALL_PREFIX})
diff --git a/rpm.pc.in b/rpm.pc.in
index 46d42e7a3..791303e17 100644
--- a/rpm.pc.in
+++ b/rpm.pc.in
@@ -11,6 +11,6 @@ URL: @CMAKE_PROJECT_HOMEPAGE_URL@
Requires: popt
Requires.private: @ZSTD_REQUIRES@
# Conflicts:
-Cflags: -I${includedir}
+Cflags: -I${includedir} -D_FILE_OFFSET_BITS=64
Libs: -L${libdir} -lrpm -lrpmio
Libs.private: -lpopt -lrt -lpthread @WITH_LZMA_LIB@ @WITH_BZ2_LIB@ @WITH_ZLIB_LIB@ @LUA_LIBS@
--
2.40.1

27
0001-Fix-bzip2-detection.patch
View File

@ -1,27 +0,0 @@
From d18d6ce41df4a5887df47a69052a401808aef19f Mon Sep 17 00:00:00 2001
From: Florian Festi <ffesti@redhat.com>
Date: Mon, 8 May 2023 17:50:21 +0200
Subject: [PATCH] Fix bzip2 detection
HAVE_BZLIB_H was not set due to a typo leading to the bz2 support not
being compiled in although the library was detected correctly.
---
CMakeLists.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9718505bf..4a5332f4b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -272,7 +272,7 @@ id0name(UID_0_USER /etc/passwd)
id0name(GID_0_GROUP /etc/group)
# map module/package findings to config.h
-if (${Bzip2_FOUND})
+if (${BZIP2_FOUND})
set(HAVE_BZLIB_H 1)
endif()
if (${LIBLZMA_FOUND})
--
2.40.1

28
0001-Fix-undefined-symbols-from-plugins-in-some-circumsta.patch
View File

@ -1,28 +0,0 @@
From acfe252822db37fc9f47c221c4e3ae79a5f0be27 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Mon, 22 May 2023 18:19:24 +0300
Subject: [PATCH] Fix undefined symbols from plugins in some circumstances
Another bit lost in the cmake transition: plugin linkage to librpm and
librpmio. In rpm itself this doesn't really matter because the running
process supplies the necessary symbols but it's a different story when eg
a Python process uses dlopen()'ed bindings.
---
plugins/CMakeLists.txt | 1 +
1 file changed, 1 insertion(+)
diff --git a/plugins/CMakeLists.txt b/plugins/CMakeLists.txt
index 6768378f9..1ca025868 100644
--- a/plugins/CMakeLists.txt
+++ b/plugins/CMakeLists.txt
@@ -40,6 +40,7 @@ set(plugindir ${CMAKE_INSTALL_FULL_LIBDIR}/rpm-plugins)
get_property(plugins DIRECTORY PROPERTY BUILDSYSTEM_TARGETS)
foreach(plugin ${plugins})
+ target_link_libraries(${plugin} PRIVATE librpmio librpm)
install(TARGETS ${plugin} DESTINATION ${plugindir})
endforeach()
--
2.40.1

31
0001-Remove-second-share-dir-from-infodir-and-mandir.patch
View File

@ -1,31 +0,0 @@
From 33702961f45567a599bc0f0dac055604dc204fb1 Mon Sep 17 00:00:00 2001
From: Florian Festi <ffesti@redhat.com>
Date: Tue, 2 May 2023 09:03:50 +0200
Subject: [PATCH] Remove second share/ dir from infodir and mandir
cmake variables and the derived macros.
CMAKE_INSTALL_INFODIR and CMAKE_INSTALL_MANDIR already include the
datarootdir. So just prepending the prefix is sufficient.
---
CMakeLists.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 230d18d1f..9718505bf 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -67,8 +67,8 @@ function(makemacros)
set(libdir "\${prefix}/=LIB=")
set(includedir "\${prefix}/${CMAKE_INSTALL_INCLUDEDIR}")
set(oldincludedir "${CMAKE_INSTALL_FULL_OLDINCLUDEDIR}")
- set(infodir "\${datarootdir}/${CMAKE_INSTALL_INFODIR}")
- set(mandir "\${datarootdir}/${CMAKE_INSTALL_MANDIR}")
+ set(infodir "\${prefix}/${CMAKE_INSTALL_INFODIR}")
+ set(mandir "\${prefix}/${CMAKE_INSTALL_MANDIR}")
set(RUNDIR /run)
set(acutils
--
2.40.1

58
0001-Revert-_smp_build_ncpus-change-to-a-parametric-macro.patch
View File

@ -1,58 +0,0 @@
From 673bd62bd3035575f8fad501f1395b09a0f9f8fe Mon Sep 17 00:00:00 2001
Message-Id: <673bd62bd3035575f8fad501f1395b09a0f9f8fe.1685346662.git.pmatilai@redhat.com>
From: Panu Matilainen <pmatilai@redhat.com>
Date: Mon, 29 May 2023 10:34:57 +0300
Subject: [PATCH] Revert %_smp_build_ncpus change to a parametric macro
(RhBug:2210347)
Commit a213101bc3af65c860d045c65fb4e2ef7566a4c6 changed %_smp_build_ncpus
into a parametric macro, but this breaks common usage via the Lua macros
table as parametric macros are returned as closures rather than the
expanded value.
This seems like a design flaw of the macros table, but as an immediate
remedy for the breakage, add another layer of indirection to revert
%_smp_build_ncpus back to a non-parametric macro.
Fixes %constrain_build macro in Fedora, which ironically is made obsolete by
the change that (unintentionally) broke it.
---
macros.in | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/macros.in b/macros.in
index 5521daba8..4dc6e3ca3 100644
--- a/macros.in
+++ b/macros.in
@@ -717,21 +717,23 @@ Supplements: (%{name} = %{version}-%{release} and langpacks-%{1})\
# Macro to fix broken permissions in sources
%_fixperms %{__chmod} -Rf a+rX,u+w,g-w,o-w
-# Maximum number of CPU's to use when building, 0 for unlimited.
-#%_smp_ncpus_max 0
-
-%_smp_build_ncpus() %([ -z "$RPM_BUILD_NCPUS" ] \\\
+%__smp_use_ncpus() %([ -z "$RPM_BUILD_NCPUS" ] \\\
&& RPM_BUILD_NCPUS="%{getncpus %{?1}}"; \\\
ncpus_max=%{?_smp_ncpus_max}; \\\
if [ -n "$ncpus_max" ] && [ "$ncpus_max" -gt 0 ] && [ "$RPM_BUILD_NCPUS" -gt "$ncpus_max" ]; then RPM_BUILD_NCPUS="$ncpus_max"; fi; \\\
echo "$RPM_BUILD_NCPUS";)
+# Maximum number of CPU's to use when building, 0 for unlimited.
+#%_smp_ncpus_max 0
+
+%_smp_build_ncpus %{__smp_use_ncpus:proc}
+
%_smp_mflags -j${RPM_BUILD_NCPUS}
# Maximum number of threads to use when building, 0 for unlimited
#%_smp_nthreads_max 0
-%_smp_build_nthreads %{_smp_build_ncpus:thread}
+%_smp_build_nthreads %{__smp_use_ncpus:thread}
# Assumed task size of processes and threads in megabytes.
# Used to limit the amount of parallelism based on available memory.
--
2.40.1

41
0001-Use-mkdir-p-for-creating-SPECPARTS-dir.patch
View File

@ -1,41 +0,0 @@
From 021a7d3aaa5458d8956babf0220a3e574a2b8e62 Mon Sep 17 00:00:00 2001
From: Florian Festi <ffesti@redhat.com>
Date: Wed, 17 May 2023 17:23:59 +0200
Subject: [PATCH] Use mkdir -p for creating SPECPARTS dir
to not error out when invoking %setup more than once or shipping the
directory in the sources.
---
build/parsePrep.c | 2 +-
tests/rpmspec.at | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/build/parsePrep.c b/build/parsePrep.c
index f8e09a8c7..ea8faa953 100644
--- a/build/parsePrep.c
+++ b/build/parsePrep.c
@@ -274,7 +274,7 @@ static int doSetupMacro(rpmSpec spec, const char *line)
}
/* mkdir for dynamic specparts */
- buf = rpmExpand("%{__mkdir} SPECPARTS", NULL);
+ buf = rpmExpand("%{__mkdir_p} SPECPARTS", NULL);
appendBuf(spec, buf, 1);
free(buf);
diff --git a/tests/rpmspec.at b/tests/rpmspec.at
index 548b4b3cc..564479391 100644
--- a/tests/rpmspec.at
+++ b/tests/rpmspec.at
@@ -333,7 +333,7 @@ if [ $STATUS -ne 0 ]; then
exit $STATUS
fi
cd 'hello-1.0'
-/usr/bin/mkdir SPECPARTS
+/usr/bin/mkdir -p SPECPARTS
/usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
echo "Patch #0 (hello-1.0-modernize.patch):"
/usr/bin/patch --no-backup-if-mismatch -f -p1 -b --suffix .modernize --fuzz=0 < /build/SOURCES/hello-1.0-modernize.patch
--
2.40.1

16
rpm.spec
View File

@ -30,9 +30,9 @@
%define rpmhome /usr/lib/rpm
%global rpmver 4.18.90
%global rpmver 4.18.91
#global snapver rc1
%global baserelease 10
%global baserelease 1
%global sover 10
%global srcver %{rpmver}%{?snapver:-%{snapver}}
@ -148,13 +148,6 @@ rpm-4.18.90-disable-sysusers.patch
rpm-4.18.90-weak-user-group.patch
# Patches already upstream:
# ...
0001-Remove-second-share-dir-from-infodir-and-mandir.patch
0001-Add-pgpVerifySignature2-and-pgpPrtParams2.patch
0001-Fix-bzip2-detection.patch
0001-Enable-large-file-support-on-32-bit-systems-again.patch
0001-Use-mkdir-p-for-creating-SPECPARTS-dir.patch
0001-Fix-undefined-symbols-from-plugins-in-some-circumsta.patch
0001-Revert-_smp_build_ncpus-change-to-a-parametric-macro.patch
# These are not yet upstream
rpm-4.7.1-geode-i686.patch
@ -569,7 +562,7 @@ fi
%files plugin-dbus-announce
%{_libdir}/rpm-plugins/dbus_announce.so
%{_mandir}/man8/rpm-plugin-dbus-announce.8*
%{_sysconfdir}/dbus-1/system.d/org.rpm.conf
%{_datadir}/dbus-1/system.d/org.rpm.conf
%endif
%files build-libs
@ -631,6 +624,9 @@ fi
%doc %{_defaultdocdir}/rpm/API/
%changelog
* Fri Jun 09 2023 Michal Domonkos <mdomonko@redhat.com> - 4.18.91-1
- Update to 4.19 alpha2
* Thu Jun 08 2023 Peter Robinson <pbrobinson@fedoraproject.org> - 4.18.90-10
- Rebuild for ima-evm-utils 1.5 soname bump

2
sources
View File

@ -1 +1 @@
SHA512 (rpm-4.18.90.tar.bz2) = 2d1a499fe053c5f3497b0ae4c133ef3b05b4b87e12ee5d349ad8c34dbfaebc20c1b3e6727143c152040ed1e132047bcf95afcbbe4a8cb2c4f91900b536d7821c
SHA512 (rpm-4.18.91.tar.bz2) = e3b3e9f195e16afc0596d31ad7614b8369e2b9c6835cc2739f166772d21ae71714ce99b29fded63843ab7216bb34f1c33bb69c0718383ed4bb3b9058639aa246