Require rpm-sequoia >= 1.4.0 to avoid undefined symbol: _pgpVerifySignature2

With rpm-4.18.1-2.fc39.x86_64 and rpm-sequoia-1.3.0-1.fc39.x86_64: $ rpm -q rpm rpm: symbol lookup error: /lib64/librpmio.so.9: undefined symbol: _pgpVerifySignature2
Backport improved crypto error messages from upstream
2023-04-25 16:15:49 +02:00 · 2023-04-25 11:53:59 +03:00 · 2023-04-24 10:07:45 +02:00 · 2023-03-15 14:58:17 +01:00 · 2023-02-16 13:38:34 +02:00 · 2023-01-20 19:56:42 +00:00
9 changed files with 350 additions and 48 deletions
--- a/.gitignore
+++ b/.gitignore
@ -55,3 +55,4 @@
 /rpm-4.18.0-beta1.tar.bz2
 /rpm-4.18.0-rc1.tar.bz2
 /rpm-4.18.0.tar.bz2
+/rpm-4.18.1.tar.bz2
--- a/0001-Add-pgpVerifySignature2-and-pgpPrtParams2.patch
+++ b/0001-Add-pgpVerifySignature2-and-pgpPrtParams2.patch
@ -0,0 +1,267 @@
+From e75ae70ef1a152dac9a066506cafd2bbf7b2565e Mon Sep 17 00:00:00 2001
+Message-Id: <e75ae70ef1a152dac9a066506cafd2bbf7b2565e.1681989428.git.pmatilai@redhat.com>
+From: "Neal H. Walfield" <neal@pep.foundation>
+Date: Wed, 12 Apr 2023 17:56:19 +0200
+Subject: [PATCH] Add pgpVerifySignature2() and pgpPrtParams2()
+
+Add new functions pgpVerifySignature2() and pgpPrtParams2(), which are
+like their earlier versions, but optionally return descriptive error
+messages (in the case of failure) or lints (in the case of success).
+Adjust tests accordingly.
+
+This requires rpm-sequoia 1.4 or later.
+
+See https://github.com/rpm-software-management/rpm-sequoia/issues/39
+and
+https://github.com/rpm-software-management/rpm/issues/2127#issuecomment-1482646398
+
+Fixes #2483.
+
+This is a backport of commit 87b9e0c28c3df3937f6676ee1b4164d6154dd9d3
+---
+ configure.ac            |  2 +-
+ include/rpm/rpmpgp.h    | 23 +++++++++++++++++++++++
+ lib/rpmvs.c             | 19 ++++++++++++++++---
+ rpmio/rpmkeyring.c      |  7 ++++++-
+ rpmio/rpmpgp_internal.c | 15 +++++++++++++++
+ rpmio/rpmpgp_sequoia.c  |  7 +++++++
+ tests/rpmi.at           | 10 ++++++++--
+ tests/rpmsigdig.at      | 20 +++++++++++++++++---
+ 9 files changed, 95 insertions(+), 10 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index e6676c581..1d173e4e2 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -384,7 +384,7 @@ AC_SUBST(WITH_LIBGCRYPT_LIB)
+ WITH_RPM_SEQUOIA_INCLUDE=
+ WITH_RPM_SEQUOIA_LIB=
+ if test "$with_crypto" = sequoia ; then
+-  PKG_CHECK_MODULES([RPM_SEQUOIA], [rpm-sequoia], [have_rpm_sequoia=yes], [have_rpm_sequoia=no])
+  PKG_CHECK_MODULES([RPM_SEQUOIA], [rpm-sequoia >= 1.4.0], [have_rpm_sequoia=yes], [have_rpm_sequoia=no])
+   if test "$have_rpm_sequoia" = "yes"; then
+      WITH_RPM_SEQUOIA_INCLUDE="$RPM_SEQUOIA_CFLAGS"
+      WITH_RPM_SEQUOIA_LIB="$RPM_SEQUOIA_LIBS"
+diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h
+index a3238a643..3352129b8 100644
+--- a/include/rpm/rpmpgp.h
+++ b/include/rpm/rpmpgp.h
+@@ -1013,6 +1013,18 @@ int pgpPubkeyKeyID(const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid);
+ int pgpPrtParams(const uint8_t *pkts, size_t pktlen, unsigned int pkttype,
+ 		 pgpDigParams * ret);
+ 
+/** \ingroup rpmpgp
+ * Parse a OpenPGP packet(s).
+ * @param pkts		OpenPGP packet(s)
+ * @param pktlen	OpenPGP packet(s) length (no. of bytes)
+ * @param pkttype	Expected packet type (signature/key) or 0 for any
+ * @param[out] ret	signature/pubkey packet parameters on success (alloced)
+ * @param[out] lints	error messages and lints
+ * @return		-1 on error, 0 on success
+ */
+int pgpPrtParams2(const uint8_t *pkts, size_t pktlen, unsigned int pkttype,
+		 pgpDigParams * ret, char **lints);
+
+ /** \ingroup rpmpgp
+  * Parse subkey parameters from OpenPGP packet(s).
+  * @param pkts		OpenPGP packet(s)
+@@ -1191,6 +1203,17 @@ const uint8_t *pgpDigParamsSignID(pgpDigParams digp);
+  */
+ const char *pgpDigParamsUserID(pgpDigParams digp);
+ 
+/** \ingroup rpmpgp
+ * Verify a PGP signature and return a error message or lint.
+ * @param key		public key
+ * @param sig		signature
+ * @param hashctx	digest context
+ * @param lints	error messages and lints
+ * @return 		RPMRC_OK on success
+ */
+rpmRC pgpVerifySignature2(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx,
+                          char **lints);
+
+ /** \ingroup rpmpgp
+  * Retrieve the object's version.
+  *
+diff --git a/lib/rpmvs.c b/lib/rpmvs.c
+index a1425ea17..9b2106927 100644
+--- a/lib/rpmvs.c
+++ b/lib/rpmvs.c
+@@ -193,10 +193,23 @@ static void rpmsinfoInit(const struct vfyinfo_s *vinfo,
+     }
+ 
+     if (sinfo->type == RPMSIG_SIGNATURE_TYPE) {
+-	if (pgpPrtParams(data, dlen, PGPTAG_SIGNATURE, &sinfo->sig)) {
+-	    rasprintf(&sinfo->msg, _("%s tag %u: invalid OpenPGP signature"),
+-		    origin, td->tag);
+	char *lints = NULL;
+        int ec = pgpPrtParams2(data, dlen, PGPTAG_SIGNATURE, &sinfo->sig, &lints);
+	if (ec) {
+	    if (lints) {
+		rasprintf(&sinfo->msg,
+			("%s tag %u: invalid OpenPGP signature: %s"),
+			origin, td->tag, lints);
+		free(lints);
+	    } else {
+		rasprintf(&sinfo->msg,
+			_("%s tag %u: invalid OpenPGP signature"),
+			origin, td->tag);
+	    }
+ 	    goto exit;
+	} else if (lints) {
+	    rpmlog(RPMLOG_WARNING, "%s\n", lints);
+	    free(lints);
+ 	}
+ 	sinfo->hashalgo = pgpDigParamsAlgo(sinfo->sig, PGPVAL_HASHALGO);
+ 	sinfo->keyid = pgpGrab(pgpDigParamsSignID(sinfo->sig)+4, 4);
+diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c
+index db72892d9..712004bc8 100644
+--- a/rpmio/rpmkeyring.c
+++ b/rpmio/rpmkeyring.c
+@@ -328,7 +328,12 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
+ 	    pgpkey = key->pgpkey;
+ 
+ 	/* We call verify even if key not found for a signature sanity check */
+-	rc = pgpVerifySignature(pgpkey, sig, ctx);
+	char *lints = NULL;
+	rc = pgpVerifySignature2(pgpkey, sig, ctx, &lints);
+	if (lints) {
+	    rpmlog(rc ? RPMLOG_ERR : RPMLOG_WARNING, "%s\n", lints);
+	    free(lints);
+	}
+     }
+ 
+     if (keyring)
+diff --git a/rpmio/rpmpgp_internal.c b/rpmio/rpmpgp_internal.c
+index 0fcd220e4..a049c09b2 100644
+--- a/rpmio/rpmpgp_internal.c
+++ b/rpmio/rpmpgp_internal.c
+@@ -1095,6 +1095,14 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
+     return rc;
+ }
+ 
+int pgpPrtParams2(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
+                  pgpDigParams * ret, char **lints)
+{
+    if (lints)
+        *lints = NULL;
+    return pgpPrtParams(pkts, pktlen, pkttype, ret);
+}
+
+ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen,
+ 			pgpDigParams mainkey, pgpDigParams **subkeys,
+ 			int *subkeysCount)
+@@ -1264,6 +1272,13 @@ rpmRC pgpVerifySig(pgpDig dig, DIGEST_CTX hashctx)
+ 			      pgpDigGetParams(dig, PGPTAG_SIGNATURE), hashctx);
+ }
+ 
+rpmRC pgpVerifySignature2(pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx, char **lints)
+{
+    if (lints)
+        *lints = NULL;
+    return pgpVerifySignature(key, sig, hashctx);
+}
+
+ static pgpArmor decodePkts(uint8_t *b, uint8_t **pkt, size_t *pktlen)
+ {
+     const char * enc = NULL;
+diff --git a/rpmio/rpmpgp_sequoia.c b/rpmio/rpmpgp_sequoia.c
+index e01acd0e9..2141bbf30 100644
+--- a/rpmio/rpmpgp_sequoia.c
+++ b/rpmio/rpmpgp_sequoia.c
+@@ -36,6 +36,9 @@ W(uint32_t, pgpDigParamsCreationTime, (pgpDigParams digp), (digp))
+ W(rpmRC, pgpVerifySignature,
+   (pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx),
+   (key, sig, hashctx))
+W(rpmRC, pgpVerifySignature2,
+  (pgpDigParams key, pgpDigParams sig, DIGEST_CTX hashctx, char **lints),
+  (key, sig, hashctx, lints))
+ W(int, pgpPubkeyKeyID,
+   (const uint8_t * pkt, size_t pktlen, pgpKeyID_t keyid),
+   (pkt, pktlen, keyid))
+@@ -51,6 +54,10 @@ W(int, pgpPubKeyCertLen,
+ W(int, pgpPrtParams,
+   (const uint8_t *pkts, size_t pktlen, unsigned int pkttype, pgpDigParams *ret),
+   (pkts, pktlen, pkttype, ret))
+W(int, pgpPrtParams2,
+  (const uint8_t *pkts, size_t pktlen, unsigned int pkttype, pgpDigParams *ret,
+   char **lints),
+  (pkts, pktlen, pkttype, ret, lints))
+ W(int, pgpPrtParamsSubkeys,
+   (const uint8_t *pkts, size_t pktlen,
+    pgpDigParams mainkey, pgpDigParams **subkeys,
+diff --git a/tests/rpmi.at b/tests/rpmi.at
+index 7c8f25eff..d67185d5b 100644
+--- a/tests/rpmi.at
+++ b/tests/rpmi.at
+@@ -254,7 +254,7 @@ AT_CLEANUP
+ 
+ AT_SETUP([rpm -U <corrupted signed 1>])
+ AT_KEYWORDS([install])
+-AT_CHECK([
+AT_CHECK_UNQUOTED([
+ RPMDB_INIT
+ 
+ pkg="hello-2.0-1.x86_64-signed.rpm"
+@@ -267,7 +267,13 @@ runroot rpm -U --ignorearch --ignoreos --nodeps \
+ ],
+ [1],
+ [],
+-[error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)
+[`if test x$PGP = xinternal; then
+    echo 'error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)'
+else
+    echo 'error: /tmp/hello-2.0-1.x86_64-signed.rpm: Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:'
+    echo '  Failed to parse Signature Packet'
+    echo '      because: Malformed packet: Subpacket extends beyond the end of the subpacket area)'
+fi`
+ error: /tmp/hello-2.0-1.x86_64-signed.rpm cannot be installed
+ ])
+ AT_CLEANUP
+diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
+index 5b1c6c4a6..e5482735a 100644
+--- a/tests/rpmsigdig.at
+++ b/tests/rpmsigdig.at
+@@ -539,7 +539,7 @@ AT_CLEANUP
+ # Test pre-built corrupted package verification (corrupted signature)
+ AT_SETUP([rpmkeys -Kv <corrupted signed> 1])
+ AT_KEYWORDS([rpmkeys digest signature])
+-AT_CHECK([
+AT_CHECK_UNQUOTED([
+ RPMDB_INIT
+ 
+ pkg="hello-2.0-1.x86_64-signed.rpm"
+@@ -553,14 +553,28 @@ runroot rpmkeys -Kv /tmp/${pkg}
+ ],
+ [1],
+ [/tmp/hello-2.0-1.x86_64-signed.rpm:
+-    Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)
+`if test x$PGP = xinternal; then
+    echo '    Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)'
+else
+    echo '    Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:'
+    echo '  Failed to parse Signature Packet'
+    echo '      because: Signature appears to be created by a non-conformant OpenPGP implementation, see <https://github.com/rpm-software-management/rpm/issues/2351>.'
+    echo '      because: Malformed MPI: leading bit is not set: expected bit 1 to be set in        0 (0))'
+fi`
+     Header SHA256 digest: OK
+     Header SHA1 digest: OK
+     Payload SHA256 digest: OK
+     V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
+     MD5 digest: OK
+ /tmp/hello-2.0-1.x86_64-signed.rpm:
+-    Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)
+`if test x$PGP = xinternal; then
+    echo '    Header RSA signature: BAD (package tag 268: invalid OpenPGP signature)'
+else
+    echo '    Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:'
+    echo '  Failed to parse Signature Packet'
+    echo '      because: Signature appears to be created by a non-conformant OpenPGP implementation, see <https://github.com/rpm-software-management/rpm/issues/2351>.'
+    echo '      because: Malformed MPI: leading bit is not set: expected bit 1 to be set in        0 (0))'
+fi`
+     Header SHA256 digest: OK
+     Header SHA1 digest: OK
+     Payload SHA256 digest: OK
+-- 
+2.40.0
+
--- a/rpm-4.15.x-ldflags.patch
+++ b/rpm-4.15.x-ldflags.patch
@ -1,15 +0,0 @@
-diff -up rpm-4.9.1.1/macros.in.jx rpm-4.9.1.1/macros.in
--- rpm-4.9.1.1/macros.in.jx	2011-08-03 16:19:05.000000000 -0400
-+++ rpm-4.9.1.1/macros.in	2011-08-08 09:41:52.981064316 -0400
-@@ -674,9 +674,10 @@ print (t)\
-   RPM_BUILD_DIR=\"%{u2p:%{_builddir}}\"\
-   RPM_OPT_FLAGS=\"%{optflags}\"\
-+  RPM_LD_FLAGS=\"%{?build_ldflags}\"\
-   RPM_ARCH=\"%{_arch}\"\
-   RPM_OS=\"%{_os}\"\
-   RPM_BUILD_NCPUS=\"%{_smp_build_ncpus}\"\
-  export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_BUILD_NCPUS\
-+  export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_LD_FLAGS RPM_ARCH RPM_OS RPM_BUILD_NCPUS RPM_LD_FLAGS\
-   RPM_DOC_DIR=\"%{_docdir}\"\
-   export RPM_DOC_DIR\
-   RPM_PACKAGE_NAME=\"%{NAME}\"\
--- a/rpm-4.17.x-siteconfig.patch
+++ b/rpm-4.17.x-siteconfig.patch
@ -1,12 +0,0 @@
-diff -up rpm-4.11.1-rc1/macros.in.siteconfig rpm-4.11.1-rc1/macros.in
--- rpm-4.11.1-rc1/macros.in.siteconfig	2013-06-07 13:19:21.000000000 +0300
-+++ rpm-4.11.1-rc1/macros.in	2013-06-11 15:06:59.525747503 +0300
-@@ -647,6 +647,8 @@ package or when debugging this package.\
-   export CLASSPATH}\
-   PKG_CONFIG_PATH=\"${PKG_CONFIG_PATH}:%{_libdir}/pkgconfig:%{_datadir}/pkgconfig\"\
-   export PKG_CONFIG_PATH\
-+  CONFIG_SITE=${CONFIG_SITE:-NONE}\
-+  export CONFIG_SITE\
-   \
-   %[%{verbose}?"set -x":""]\
-   umask 022\
--- a/rpm-4.18.x-ldflags.patch
+++ b/rpm-4.18.x-ldflags.patch
@ -0,0 +1,16 @@
+diff -up rpm-4.18.1/macros.in.orig rpm-4.18.1/macros.in
+--- rpm-4.18.1/macros.in.orig	2023-03-15 13:57:06.385361527 +0100
+++ rpm-4.18.1/macros.in	2023-03-15 13:58:09.613971713 +0100
+@@ -727,10 +727,11 @@ package or when debugging this package.\
+   RPM_SOURCE_DIR=\"%{_sourcedir}\"\
+   RPM_BUILD_DIR=\"%{_builddir}\"\
+   RPM_OPT_FLAGS=\"%{optflags}\"\
+  RPM_LD_FLAGS=\"%{?build_ldflags}\"\
+   RPM_ARCH=\"%{_arch}\"\
+   RPM_OS=\"%{_os}\"\
+   RPM_BUILD_NCPUS=\"%{_smp_build_ncpus}\"\
+-  export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_BUILD_NCPUS\
+  export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_BUILD_NCPUS RPM_LD_FLAGS\
+   RPM_DOC_DIR=\"%{_docdir}\"\
+   export RPM_DOC_DIR\
+   RPM_PACKAGE_NAME=\"%{NAME}\"\
--- a/rpm-4.18.x-revert-pandoc-cond.patch
+++ b/rpm-4.18.x-revert-pandoc-cond.patch
@ -0,0 +1,12 @@
+diff -up rpm-4.18.1/docs/Makefile.am.orig rpm-4.18.1/docs/Makefile.am
+--- rpm-4.18.1/docs/Makefile.am.orig	2023-03-15 14:48:27.955720807 +0100
+++ rpm-4.18.1/docs/Makefile.am	2023-03-15 14:48:43.634626934 +0100
+@@ -1,8 +1,6 @@
+ ## Process this file with automake to produce Makefile.in
+ 
+-if PANDOC
+ SUBDIRS = man
+-endif
+ 
+ EXTRA_DIST =
+ 
--- a/rpm-4.18.x-siteconfig.patch
+++ b/rpm-4.18.x-siteconfig.patch
@ -0,0 +1,14 @@
+diff -up rpm-4.18.1/macros.in.orig rpm-4.18.1/macros.in
+--- rpm-4.18.1/macros.in.orig	2023-03-15 13:52:55.211928040 +0100
+++ rpm-4.18.1/macros.in	2023-03-15 13:55:04.113129930 +0100
+@@ -746,7 +746,9 @@ package or when debugging this package.\
+   %{?_javaclasspath:CLASSPATH=\"%{_javaclasspath}\"\
+   export CLASSPATH}\
+   PKG_CONFIG_PATH=\"${PKG_CONFIG_PATH}:%{_libdir}/pkgconfig:%{_datadir}/pkgconfig\"\
+-  export PKG_CONFIG_PATH
+  export PKG_CONFIG_PATH\
+  CONFIG_SITE=${CONFIG_SITE:-NONE}\
+  export CONFIG_SITE
+ 
+ %___build_pre	\
+   %{___build_pre_env} \
--- a/rpm.spec
+++ b/rpm.spec
@ -30,9 +30,9 @@

 %define rpmhome /usr/lib/rpm

-%global rpmver 4.18.0
+%global rpmver 4.18.1
 #global snapver rc1
-%global baserelease 7
+%global baserelease 3
 %global sover 9

 %global srcver %{rpmver}%{?snapver:-%{snapver}}
@ -97,7 +97,7 @@ BuildRequires: sqlite-devel

 %if %{with sequoia}
 %global crypto sequoia
-BuildRequires: rpm-sequoia-devel >= 1.0.0
+BuildRequires: rpm-sequoia-devel >= 1.4.0
 %else
 %global crypto openssl
 BuildRequires: openssl-devel
@ -129,17 +129,20 @@ Requires(pre): sed
 # Set rpmdb path to /usr/lib/sysimage/rpm
 rpm-4.17.x-rpm_dbpath.patch
 # Disable autoconf config.site processing (#962837)
-rpm-4.17.x-siteconfig.patch
+rpm-4.18.x-siteconfig.patch
 # In current Fedora, man-pages pkg owns all the localized man directories
 rpm-4.9.90-no-man-dirs.patch

 # Patches already upstream:
-# ...
+0001-Add-pgpVerifySignature2-and-pgpPrtParams2.patch

 # These are not yet upstream
 rpm-4.7.1-geode-i686.patch
 # Probably to be upstreamed in slightly different form
-rpm-4.15.x-ldflags.patch
+rpm-4.18.x-ldflags.patch
+# We either need pandoc in buildroot or this patch in order for man pages to
+# actually be installed, choose the latter
+rpm-4.18.x-revert-pandoc-cond.patch

 %description
 The RPM Package Manager (RPM) is a powerful command line driven
@ -153,8 +156,8 @@ Summary:  Libraries for manipulating RPM packages
 License: GPLv2+ and LGPLv2+ with exceptions
 Requires(meta): %{name} = %{version}-%{release}
 %if %{with sequoia}
-# >= 1.2.0 required for v3 signature support
-Requires: rpm-sequoia%{_isa} >= 1.2.0
+# >= 1.4.0 required for pgpVerifySignature2() and pgpPrtParams2()
+Requires: rpm-sequoia%{_isa} >= 1.4.0
 %endif

 %description libs
@ -235,7 +238,6 @@ BuildRequires: python3-devel
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Provides: %{name}-python3 = %{version}-%{release}
 Obsoletes: %{name}-python3 < %{version}-%{release}
-Obsoletes: platform-python-%{name} < %{version}-%{release}

 %description -n python3-%{name}
 The python3-rpm package contains a module that permits applications
@ -384,19 +386,9 @@ done;

 %make_build

-pushd python
-%py3_build
-popd
-
 %install
 %make_install

-# We need to build with --enable-python for the self-test suite, but we
-# actually package the bindings built with setup.py (#531543#c26)
-pushd python
-%py3_install
-popd
-
 mkdir -p $RPM_BUILD_ROOT%{_unitdir}
 install -m 644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}
 install -m 644 %{SOURCE20} $RPM_BUILD_ROOT/%{_unitdir}
@ -604,8 +596,11 @@ fi
 %{_mandir}/man8/rpmsign.8*

 %files -n python3-%{name}
-%{python3_sitearch}/rpm/
 %{python3_sitearch}/rpm-%{rpmver}*.egg-info
+%{python3_sitearch}/rpm/__init__.py
+%{python3_sitearch}/rpm/transaction.py
+%{python3_sitearch}/rpm/_rpm.so
+%artifact %{python3_sitearch}/rpm/__pycache__/

 %files devel
 %{_mandir}/man8/rpmgraph.8*
@ -623,6 +618,30 @@ fi
 %doc docs/librpm/html/*

 %changelog
+* Tue Apr 25 2023 Miro Hrončok <mhroncok@redhat.com> - 4.18.1-3
+- Explicitly require rpm-sequoia >= 1.4.0 on runtime to avoid
+  rpm: symbol lookup error: /lib64/librpmio.so.9: undefined symbol: _pgpVerifySignature2
+
+* Thu Apr 20 2023 Panu Matilainen <pmatilai@redhat.com> - 4.18.1-2
+- Backport improved crypto error messages from upstream
+
+* Wed Mar 15 2023 Michal Domonkos <mdomonko@redhat.com> - 4.18.1-1
+- Rebase to rpm 4.18.1 (https://rpm.org/wiki/Releases/4.18.1)
+
+* Thu Feb 16 2023 Panu Matilainen <pmatilai@redhat.com> - 4.18.0-11
+- Disable debuginfod lookups in rpmbuild scripts
+- Exclude kernel modules from ELF dependency generation
+
+* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 4.18.0-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Mon Jan 09 2023 Panu Matilainen <pmatilai@redhat.com> - 4.18.0-9
+- Generate Python egg-info from automake (#2135561)
+- Drop setup.py-based Python build (#2135719)
+
+* Wed Dec 07 2022 Panu Matilainen <pmatilai@redhat.com> - 4.18.0-8
+- Fix hang-up on failed key import (related to #2149762)
+
 * Thu Nov 24 2022 Panu Matilainen <pmatilai@redhat.com> - 4.18.0-7
 - Require rpm-sequoia >= 1.2.0 for V3 signature support, re-enable (#2141686)

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (rpm-4.18.0.tar.bz2) = c218b811c0c2db368a2919f60742904a4a5abf09dc20804d649eb42f1853d1c21d121086d6014cd210b2040643c37b5d86b53052958cf702ae2e54fe65f1c0ec
+SHA512 (rpm-4.18.1.tar.bz2) = 0ede2138b9b4c3b50d7e914cf82655507fcc207ba67804c749ea17560002976cb26b95801e9138a51589b60459494a991213a1131dbef5af2eca9b5050a4f29c
Author	SHA1	Message	Date
Miro Hrončok	c608d7cdd7	Require rpm-sequoia >= 1.4.0 to avoid undefined symbol: _pgpVerifySignature2 With rpm-4.18.1-2.fc39.x86_64 and rpm-sequoia-1.3.0-1.fc39.x86_64: $ rpm -q rpm rpm: symbol lookup error: /lib64/librpmio.so.9: undefined symbol: _pgpVerifySignature2	2023-04-25 16:15:49 +02:00
Panu Matilainen	201a02bcd5	Backport improved crypto error messages from upstream	2023-04-25 11:53:59 +03:00
Michal Domonkos	5ca1cfeb91	Drop patches already in 4.18.1 tarball These were forgotten in the previous commit...	2023-04-24 10:07:45 +02:00
Michal Domonkos	7bfe20af40	Rebase to rpm 4.18.1 (https://rpm.org/wiki/Releases/4.18.1 )	2023-03-15 14:58:17 +01:00
Panu Matilainen	1cb2cea4c3	Dependency generation sanity Disable debuginfod lookups in rpmbuild scripts, there's no circumstance where rpmbuild should look up symbols from the internet. Exclude kernel modules from ELF dependency generation, kernel modules do not have DT_NEEDED style dependencies.	2023-02-16 13:38:34 +02:00
Fedora Release Engineering	fa9a65dc3b	Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2023-01-20 19:56:42 +00:00
Panu Matilainen	6c1efa07cc	Remember to bump release, doh (maybe this suggests it's time to look into rpmautospec...)	2023-01-10 11:38:04 +02:00
Panu Matilainen	56868f0f9b	Drop setup.py based Python build (#2135561 , #2149762 ) The setup.py build was only really added for dealing with parallel installable Python 2 and 3 builds, and has been quite a PITA otherwise because it's not what the upstream builds and tests use. Now that the 2to3 transition is thankfully over, we can go back to building the extension by ourselves. Only, in the meanwhile people have come to depend on the egg-info data so create that from automake, that format is not exactly rocket science. This fixes us accidentally shipping two slightly different Python modules for years (#2135719) and building with Python >= 3.12 where distutils has been dropped, and does so in upstream compatible manner (where a similar approach was taken when transitioning to cmake based build system)	2023-01-09 14:02:40 +02:00
Miro Hrončok	51caa93346	Remove 5 years old Obsoletes for platform-python-rpm	2022-12-19 22:43:30 +01:00
Panu Matilainen	6c83a290e3	Fix hang-up on failed key import (related to #2149762 )	2022-12-07 13:52:01 +02:00