Rebase to rpm 4.18.2 (https://rpm.org/wiki/Releases/4.18.2)

2023-11-13 16:17:20 +01:00 · 2023-11-13 16:17:20 +01:00 · f42b172033
parent c608d7cdd7
commit f42b172033
4 changed files with 53 additions and 91 deletions
--- a/.gitignore
+++ b/.gitignore
@ -56,3 +56,4 @@
 /rpm-4.18.0-rc1.tar.bz2
 /rpm-4.18.0.tar.bz2
 /rpm-4.18.1.tar.bz2
 /rpm-4.18.2.tar.bz2
--- a/rpm-4.18.x-add-pgpVerifySignature2-and-pgpPrtParams2.patch
+++ b/rpm-4.18.x-add-pgpVerifySignature2-and-pgpPrtParams2.patch
@ -1,38 +1,6 @@
-From e75ae70ef1a152dac9a066506cafd2bbf7b2565e Mon Sep 17 00:00:00 2001
+diff -up rpm-4.18.2/configure.ac.orig rpm-4.18.2/configure.ac
-Message-Id: <e75ae70ef1a152dac9a066506cafd2bbf7b2565e.1681989428.git.pmatilai@redhat.com>
+--- rpm-4.18.2/configure.ac.orig	2023-11-13 13:18:27.694107699 +0100
-From: "Neal H. Walfield" <neal@pep.foundation>
+++ rpm-4.18.2/configure.ac	2023-11-13 16:18:59.917784964 +0100
 Date: Wed, 12 Apr 2023 17:56:19 +0200
 Subject: [PATCH] Add pgpVerifySignature2() and pgpPrtParams2()
 Add new functions pgpVerifySignature2() and pgpPrtParams2(), which are
 like their earlier versions, but optionally return descriptive error
 messages (in the case of failure) or lints (in the case of success).
 Adjust tests accordingly.
 This requires rpm-sequoia 1.4 or later.
 See https://github.com/rpm-software-management/rpm-sequoia/issues/39
 and
 https://github.com/rpm-software-management/rpm/issues/2127#issuecomment-1482646398
 Fixes #2483.
 This is a backport of commit 87b9e0c28c3df3937f6676ee1b4164d6154dd9d3
 ---
 configure.ac            |  2 +-
 include/rpm/rpmpgp.h    | 23 +++++++++++++++++++++++
 lib/rpmvs.c             | 19 ++++++++++++++++---
 rpmio/rpmkeyring.c      |  7 ++++++-
 rpmio/rpmpgp_internal.c | 15 +++++++++++++++
 rpmio/rpmpgp_sequoia.c  |  7 +++++++
 tests/rpmi.at           | 10 ++++++++--
 tests/rpmsigdig.at      | 20 +++++++++++++++++---
 9 files changed, 95 insertions(+), 10 deletions(-)
 diff --git a/configure.ac b/configure.ac
 index e6676c581..1d173e4e2 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -384,7 +384,7 @@ AC_SUBST(WITH_LIBGCRYPT_LIB)
 WITH_RPM_SEQUOIA_INCLUDE=
 WITH_RPM_SEQUOIA_LIB=
@ -42,15 +10,13 @@ index e6676c581..1d173e4e2 100644
   if test "$have_rpm_sequoia" = "yes"; then
      WITH_RPM_SEQUOIA_INCLUDE="$RPM_SEQUOIA_CFLAGS"
      WITH_RPM_SEQUOIA_LIB="$RPM_SEQUOIA_LIBS"
-diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h
+diff -up rpm-4.18.2/include/rpm/rpmpgp.h.orig rpm-4.18.2/include/rpm/rpmpgp.h
-index a3238a643..3352129b8 100644
+--- rpm-4.18.2/include/rpm/rpmpgp.h.orig	2023-11-13 13:18:27.697107681 +0100
--- a/include/rpm/rpmpgp.h
+++ rpm-4.18.2/include/rpm/rpmpgp.h	2023-11-13 16:18:59.918784958 +0100
-+++ b/include/rpm/rpmpgp.h
+@@ -1014,6 +1014,18 @@ int pgpPrtParams(const uint8_t *pkts, si
@@ -1013,6 +1013,18 @@ int pgpPubkeyKeyID(const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid);
 int pgpPrtParams(const uint8_t *pkts, size_t pktlen, unsigned int pkttype,
 		 pgpDigParams * ret);
-+/** \ingroup rpmpgp
+ /** \ingroup rpmpgp
 + * Parse a OpenPGP packet(s).
 + * @param pkts		OpenPGP packet(s)
 + * @param pktlen	OpenPGP packet(s) length (no. of bytes)
@ -62,14 +28,14 @@ index a3238a643..3352129b8 100644
 +int pgpPrtParams2(const uint8_t *pkts, size_t pktlen, unsigned int pkttype,
 +		 pgpDigParams * ret, char **lints);
 +
- /** \ingroup rpmpgp
+/** \ingroup rpmpgp
  * Parse subkey parameters from OpenPGP packet(s).
  * @param pkts		OpenPGP packet(s)
-@@ -1191,6 +1203,17 @@ const uint8_t *pgpDigParamsSignID(pgpDigParams digp);
+  * @param pktlen	OpenPGP packet(s) length (no. of bytes)
-  */
+@@ -1192,6 +1204,17 @@ const uint8_t *pgpDigParamsSignID(pgpDig
 const char *pgpDigParamsUserID(pgpDigParams digp);
-+/** \ingroup rpmpgp
+ /** \ingroup rpmpgp
 + * Verify a PGP signature and return a error message or lint.
 + * @param key		public key
 + * @param sig		signature
@ -80,14 +46,14 @@ index a3238a643..3352129b8 100644
 +rpmRC pgpVerifySignature2(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx,
 +                          char **lints);
 +
- /** \ingroup rpmpgp
+/** \ingroup rpmpgp
  * Retrieve the object's version.
  *
-diff --git a/lib/rpmvs.c b/lib/rpmvs.c
+  * Returns the object's version.
-index a1425ea17..9b2106927 100644
+diff -up rpm-4.18.2/lib/rpmvs.c.orig rpm-4.18.2/lib/rpmvs.c
--- a/lib/rpmvs.c
+--- rpm-4.18.2/lib/rpmvs.c.orig	2023-11-13 13:18:27.703107645 +0100
-+++ b/lib/rpmvs.c
+++ rpm-4.18.2/lib/rpmvs.c	2023-11-13 16:18:59.918784958 +0100
-@@ -193,10 +193,23 @@ static void rpmsinfoInit(const struct vfyinfo_s *vinfo,
+@@ -193,10 +193,23 @@ static void rpmsinfoInit(const struct vf
     }
     if (sinfo->type == RPMSIG_SIGNATURE_TYPE) {
@ -114,11 +80,10 @@ index a1425ea17..9b2106927 100644
 	}
 	sinfo->hashalgo = pgpDigParamsAlgo(sinfo->sig, PGPVAL_HASHALGO);
 	sinfo->keyid = pgpGrab(pgpDigParamsSignID(sinfo->sig)+4, 4);
-diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c
+diff -up rpm-4.18.2/rpmio/rpmkeyring.c.orig rpm-4.18.2/rpmio/rpmkeyring.c
-index db72892d9..712004bc8 100644
+--- rpm-4.18.2/rpmio/rpmkeyring.c.orig	2023-11-13 13:18:27.719107550 +0100
--- a/rpmio/rpmkeyring.c
+++ rpm-4.18.2/rpmio/rpmkeyring.c	2023-11-13 16:18:59.919784952 +0100
-+++ b/rpmio/rpmkeyring.c
+@@ -328,7 +328,12 @@ rpmRC rpmKeyringVerifySig(rpmKeyring key
@@ -328,7 +328,12 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
 	    pgpkey = key->pgpkey;
 	/* We call verify even if key not found for a signature sanity check */
@ -132,11 +97,10 @@ index db72892d9..712004bc8 100644
     }
     if (keyring)
-diff --git a/rpmio/rpmpgp_internal.c b/rpmio/rpmpgp_internal.c
+diff -up rpm-4.18.2/rpmio/rpmpgp_internal.c.orig rpm-4.18.2/rpmio/rpmpgp_internal.c
-index 0fcd220e4..a049c09b2 100644
+--- rpm-4.18.2/rpmio/rpmpgp_internal.c.orig	2023-11-13 13:18:27.719107550 +0100
--- a/rpmio/rpmpgp_internal.c
+++ rpm-4.18.2/rpmio/rpmpgp_internal.c	2023-11-13 16:18:59.919784952 +0100
-+++ b/rpmio/rpmpgp_internal.c
+@@ -1095,6 +1095,14 @@ int pgpPrtParams(const uint8_t * pkts, s
@@ -1095,6 +1095,14 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
     return rc;
 }
@ -151,7 +115,7 @@ index 0fcd220e4..a049c09b2 100644
 int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen,
 			pgpDigParams mainkey, pgpDigParams **subkeys,
 			int *subkeysCount)
-@@ -1264,6 +1272,13 @@ rpmRC pgpVerifySig(pgpDig dig, DIGEST_CTX hashctx)
+@@ -1264,6 +1272,13 @@ rpmRC pgpVerifySig(pgpDig dig, DIGEST_CT
 			      pgpDigGetParams(dig, PGPTAG_SIGNATURE), hashctx);
 }
@ -165,11 +129,10 @@ index 0fcd220e4..a049c09b2 100644
 static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
 {
     const char * enc = NULL;
-diff --git a/rpmio/rpmpgp_sequoia.c b/rpmio/rpmpgp_sequoia.c
+diff -up rpm-4.18.2/rpmio/rpmpgp_sequoia.c.orig rpm-4.18.2/rpmio/rpmpgp_sequoia.c
-index e01acd0e9..2141bbf30 100644
+--- rpm-4.18.2/rpmio/rpmpgp_sequoia.c.orig	2023-11-13 13:18:27.719107550 +0100
--- a/rpmio/rpmpgp_sequoia.c
+++ rpm-4.18.2/rpmio/rpmpgp_sequoia.c	2023-11-13 16:18:59.919784952 +0100
-+++ b/rpmio/rpmpgp_sequoia.c
+@@ -36,6 +36,9 @@ W(uint32_t, pgpDigParamsCreationTime, (p
@@ -36,6 +36,9 @@ W(uint32_t, pgpDigParamsCreationTime, (pgpDigParams digp), (digp))
 W(rpmRC, pgpVerifySignature,
   (pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx),
   (key, sig, hashctx))
@ -190,20 +153,19 @@ index e01acd0e9..2141bbf30 100644
 W(int, pgpPrtParamsSubkeys,
   (const uint8_t *pkts, size_t pktlen,
    pgpDigParams mainkey, pgpDigParams **subkeys,
-diff --git a/tests/rpmi.at b/tests/rpmi.at
+diff -up rpm-4.18.2/tests/rpmi.at.orig rpm-4.18.2/tests/rpmi.at
-index 7c8f25eff..d67185d5b 100644
+--- rpm-4.18.2/tests/rpmi.at.orig	2023-11-13 13:18:27.721107538 +0100
--- a/tests/rpmi.at
+++ rpm-4.18.2/tests/rpmi.at	2023-11-13 16:21:40.657790792 +0100
-+++ b/tests/rpmi.at
+@@ -254,7 +254,7 @@ RPMTEST_CLEANUP
@@ -254,7 +254,7 @@ AT_CLEANUP
 AT_SETUP([rpm -U <corrupted signed 1>])
 AT_KEYWORDS([install])
-AT_CHECK([
+-RPMTEST_CHECK([
-+AT_CHECK_UNQUOTED([
+RPMTEST_CHECK_UNQUOTED([
 RPMDB_INIT
 pkg="hello-2.0-1.x86_64-signed.rpm"
-@@ -267,7 +267,13 @@ runroot rpm -U --ignorearch --ignoreos --nodeps \
+@@ -267,7 +267,13 @@ runroot rpm -U --ignorearch --ignoreos -
 ],
 [1],
 [],
@ -217,17 +179,16 @@ index 7c8f25eff..d67185d5b 100644
 +fi`
 error: /tmp/hello-2.0-1.x86_64-signed.rpm cannot be installed
 ])
- AT_CLEANUP
+ RPMTEST_CLEANUP
-diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
+diff -up rpm-4.18.2/tests/rpmsigdig.at.orig rpm-4.18.2/tests/rpmsigdig.at
-index 5b1c6c4a6..e5482735a 100644
+--- rpm-4.18.2/tests/rpmsigdig.at.orig	2023-11-13 13:18:27.722107532 +0100
--- a/tests/rpmsigdig.at
+++ rpm-4.18.2/tests/rpmsigdig.at	2023-11-13 16:21:03.842018500 +0100
-+++ b/tests/rpmsigdig.at
+@@ -539,7 +539,7 @@ RPMTEST_CLEANUP
@@ -539,7 +539,7 @@ AT_CLEANUP
 # Test pre-built corrupted package verification (corrupted signature)
 AT_SETUP([rpmkeys -Kv <corrupted signed> 1])
 AT_KEYWORDS([rpmkeys digest signature])
-AT_CHECK([
+-RPMTEST_CHECK([
-+AT_CHECK_UNQUOTED([
+RPMTEST_CHECK_UNQUOTED([
 RPMDB_INIT
 pkg="hello-2.0-1.x86_64-signed.rpm"
@ -262,6 +223,3 @@ index 5b1c6c4a6..e5482735a 100644
     Header SHA256 digest: OK
     Header SHA1 digest: OK
     Payload SHA256 digest: OK
 -- 
 2.40.0
--- a/rpm.spec
+++ b/rpm.spec
@ -30,9 +30,9 @@
 %define rpmhome /usr/lib/rpm
-%global rpmver 4.18.1
+%global rpmver 4.18.2
 #global snapver rc1
-%global baserelease 3
+%global baserelease 1
 %global sover 9
 %global srcver %{rpmver}%{?snapver:-%{snapver}}
@ -134,7 +134,7 @@ rpm-4.18.x-siteconfig.patch
 rpm-4.9.90-no-man-dirs.patch
 # Patches already upstream:
-0001-Add-pgpVerifySignature2-and-pgpPrtParams2.patch
+rpm-4.18.x-add-pgpVerifySignature2-and-pgpPrtParams2.patch
 # These are not yet upstream
 rpm-4.7.1-geode-i686.patch
@ -618,6 +618,9 @@ fi
 %doc docs/librpm/html/*
 %changelog
 * Mon Nov 13 2023 Michal Domonkos <mdomonko@redhat.com> - 4.18.2-1
 - Rebase to rpm 4.18.2 (https://rpm.org/wiki/Releases/4.18.2)
 * Tue Apr 25 2023 Miro Hrončok <mhroncok@redhat.com> - 4.18.1-3
 - Explicitly require rpm-sequoia >= 1.4.0 on runtime to avoid
  rpm: symbol lookup error: /lib64/librpmio.so.9: undefined symbol: _pgpVerifySignature2
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (rpm-4.18.1.tar.bz2) = 0ede2138b9b4c3b50d7e914cf82655507fcc207ba67804c749ea17560002976cb26b95801e9138a51589b60459494a991213a1131dbef5af2eca9b5050a4f29c
+SHA512 (rpm-4.18.2.tar.bz2) = 1544efef04190299ac988f52c4f6e58ba9ff8943fe1f3e1353fb2bf4d73248935dac65a8a73b32c5d2d96f6875ce25c5196a78ed645d9504465cf1e89e0a268a
`@ -1 +1 @@`
	`SHA512 (rpm-4.18.1.tar.bz2) = 0ede2138b9b4c3b50d7e914cf82655507fcc207ba67804c749ea17560002976cb26b95801e9138a51589b60459494a991213a1131dbef5af2eca9b5050a4f29c`	`SHA512 (rpm-4.18.2.tar.bz2) = 1544efef04190299ac988f52c4f6e58ba9ff8943fe1f3e1353fb2bf4d73248935dac65a8a73b32c5d2d96f6875ce25c5196a78ed645d9504465cf1e89e0a268a`