| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
| |
No need to query all commits and count lines of output, we can just ask git to provide information directly.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current version of gpg2 asks for password using a curses dialogue
or a GTK dialogue. Both methods breaks automation of package signing.
If we want to be asked the old way on terminal, we must run gpg2 with
additional arguments '--pinentry-mode loopback' (and gpg-agent must be
allow looping back (--allow-loopback) - allowed by default since 2.1.13).
Currently there is no other way how to tweak gpg command line than
creating a wrapper script and redefining %__gpg macro.
The wrapper script method can lead to use of wrong version of gpg
binary, hence, this patch adds possibility to specify additional command
lines argument passed on gpg's command line.
Signed-off-by: Jakub Filak <jfilak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise on old platforms which have GNU Make < 4.0 it will fail with:
/usr/bin/make: invalid option -- 'O'
We could check version of GNU Make, but we want to rely on feature, and
not on the version. Features can be backported.
Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
Acked-by: Alexey Gladkov <agladkov@redhat.com>
|
|
|
|
|
|
| |
This could lead to a stack-based overflow, while parsing a crafted CPIO header in the payload section of an RPM file.
Fixes: rhbz#1168715, CVE-2014-8118
|
|
|
|
|
|
| |
for the remaining tests.
Also add a Provides: /bin/sh to one of the specs as the test does no longer
works without for some unknown reason.
|
|
|
|
|
|
|
|
|
|
|
| |
Fakechroot returns -ENOENT for such paths:
$ FAKECHROOT_BASE=$PWD/tests/testing fakechroot ls /not_an.rpm
/not_an.rpm
$ FAKECHROOT_BASE=$PWD/tests/testing fakechroot ls $PWD/not_an.rpm
ls: cannot access /home/mmarek/GIT/rpm/not_an.rpm: No such file or directory
Signed-off-by: Michal Marek <mmarek@suse.com>
|
|
|
|
|
|
|
| |
Tomas Orsava from the Fedora Python SIG requested that
the dependency generator support only using pythonXdist(M)
format for both Provides and Requires, so now this capability
exists.
|
|
|
|
|
|
|
|
|
| |
Use the default hash algorithm md5 on RPMs that do not contain the
RPMTAG_FILEDIGESTALGO. This may be the case if the default hash
algorithm used on files is md5 and thus no RPMTAG_FILEDIGESTALGO is
being written (see build/files.c:genCpioListAndHeader()).
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
| |
commit a82119 "configure.ac: use LIBDW always conditionally" contained
a typo that caused WITH_LIBDW_LIB never to be set when you were using
libelf. Fixed by reverting the "!=" to "=" again.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
|
|
|
| |
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
|
|
|
|
|
|
| |
References: https://bugzilla.redhat.com/show_bug.cgi?id=1365278
Reported-and-tested-by: Neal Gompa <ngompa13@gmail.com>
Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Returning the value into a char is a mistake on all platforms, but is
particularly bad on RISC-V. On that platform (like ARM) char is
unsigned. Therefore EOF (-1) is returned as 255, and the subsequent
test 'c == EOF' ('255 == -1') fails causing an infinite loop.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On RISC-V, the kernel can return uname.machine == "riscv" (for all bit
sizes). I say "can" return, because that is the default, but it is
also possible to compile the kernel specially so it returns "riscv64"
etc.
GNU is using "riscv64".
This commit converts the kernel uname machine type "riscv" to a more
suitable value.
This conversion is supposed to be done by the arch_canon table.
However the arch_canon table is not populated until after the
defaultMachine function is called for the first time, making it a bit
useless. In any case, arch_canon cannot take into account the bit
size of the architecture, but the C code here can.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
|
|
|
|
|
| |
Based on Mark Salter's aarch64 support patch (commit 8e1ca16c58).
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From setuptools's documentation:
These files are not eggs, strictly speaking. They simply provide a way
to reference an egg that is not physically installed in the desired
location. They exist primarily as a cross-platform alternative to
symbolic links, to support "installing" code that is being developed in
a different location than the desired installation location.
If we read .egg-link using pkg_resources.Distribution it will
never have version as it is just list of directories which should be
taken into account.
We could change into that directories and add eggs from those locations
for parsing, but RPM's dependency generator already passing all files
from built RPM so it just does not make any sense to traverse those
directories.
After all written above, let's just ignore .egg-link files.
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
|
|
|
|
|
|
|
| |
In 49197c930bb6090d0fca4089ea75ec9d10e62f99 we introduced skipping
metadata which has no version, but it's better to show some warning.
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For example, reading .egg-link using pkg_resources.Distribution returns
actual metadata, but it does not contain version. It returns traceback like:
File "/usr/lib/rpm/pythondistdeps.py", line 113, in <module>
pyver_major = dist.py_version.split('.')[0]
AttributeError: 'NoneType' object has no attribute 'split'
Traceback (most recent call last):
File "/usr/lib/rpm/pythondistdeps.py", line 113, in <module>
pyver_major = dist.py_version.split('.')[0]
AttributeError: 'NoneType' object has no attribute 'split'
Let's just skip such errors as we can't do much about that.
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1368673
Reported-and-tested-by: Igor Gnatenko <ignatenko@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This patch lets debuginfo packages provide build-id like follows:
debuginfo(build-id) = c63cb23876c5fa85f36beaff58f8557e1bf22517
Originally this patch was written by Jan Blunck <jblunck@suse.de>.
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Introduce a new macro _unique_debug_names that when set will pass
--unique-debug-arch "%{_arch}" to find-debuginfo.sh to create debuginfo
files which end in "-<ver>-<rel>.<arch>.debug" instead of simply ".debug".
Adds testcases for dwz and buildid with and without unique debug file names.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Introduces _include_gdb_index macro and -i flag to find-debuginfo.sh to
enable or disable adding a .gdb_index section to debug files. Adds tests
to make sure the .gdb_index is really added (or not) when requested.
Checks that gdb-add-index is actually installed instead of silently
failing if not. Similar for dwz.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce a new macro _unique_build_ids that when set will pass the
version and release to find-debuginfo.sh and debugedit to recalculate
the build-id of ELF files.
Includes two new testcases to make sure the new setting works as expected
both when set and unset.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch moves the main ELF file build-id symlinks from the
debuginfo package into the main package. And uses different
base directories for the main ELF file build-id symlink.
For the main build-id use /usr/lib/.build-id and for the debug
build-id use /usr/lib/debug/.build-id.
There are two reasons for doing this. The main package and the
debuginfo package might get out of sync, or the debuginfo package
might not be installed at all. In which case finding the main ELF
file through the build-id symlink becomes impossible. Secondly by
moving the main ELF build-id symlink in its own directory the
/usr/lib/debug directory gets populated with only debuginfo files
which is convenient if the user might want to have that directory
populated through a network mountpoint.
To support the new logic the symlink code has been moved from
find-debuginfo.sh to build/files.c.
This also includes support for a new config %_build_id_links that
defaults to compat. The other settings are none, alldebug (the old
style) and separate. compat is like separate, but adds a compatibility
link under /usr/lib/debug/.build-id for the main build-id symlink.
There are several new testcases added to test the various settings
using the new keyword "buildid".
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some old tools might still use the .gnu_debuglink section to find
separate debuginfo files instead of build-id style lookups. When
dwz has compresses the .debug files the original CRC in the main
ELF file will no longer match. Make sure to run sepdebugcrcfix
after dwz to recalculate the CRC.
The original fix was created by Jan Kratochvil based on code
from GNU binutils BFD. https://bugzilla.redhat.com/show_bug.cgi?id=971119
I added a testcase to make sure the CRCs were all correctly
updated after dwz has run to compress a debuginfo package.
And a change (plus testcase) to make sure implicit suid binaries
didn't accidentially got their suid flag bit.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
|
|
|
|
|
|
| |
This prevents installation and testing in any other location than
/usr/lib/rpm.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Support for dwz compression has been in Fedora since a couple of years.
https://fedoraproject.org/wiki/Features/DwarfCompressor
The original find-debuginfo.sh patch was written by Jakub Jelinek.
https://bugzilla.redhat.com/show_bug.cgi?id=833311
The new testcase using the macros.debug was added by me.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support for minisymtab (a minimal function symbol table in a compressed
section in the main binary) has been in gdb and elfutils based tools
since some years. Fedora has had this as rpm-4.10.0-minidebuginfo.patch
since 2012.
The patch adjusts macros to pass -m to find-debuginfo.sh when
_include_minidebuginfo has been set. find-debuginfo.sh now takes -m
as argument to generate the .gnu_debugdata ELF section to be added
to the main executable.
To support the testcases a new macros.debug is added that is used to
generate debuginfo packages in the rpmbuild.at testsuite.
The original support was added to Fedora rpm by Alexander Larsson.
Lubos Kardos fixed a bug in it when strip -g was used. I added some
configuration macros and two testcases to check the basic support works
and for the strip -g bug.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
|
| |
|
|
|
|
|
|
| |
Since commit f4a49c3d446bb180ca6b30a4337065fb6511e641 ( Unceremoniously
eliminate rpmpsmNext() ), when a preun scriptlet is failing, rpm continues to
be erased. Handling return code of runInstScript.
|
|
|
|
|
|
|
|
|
|
|
| |
For example, in simple docer container there is no systemd, so
systemd_inhibit plugin returns RPMRC_NOTFOUND in _init() which
automatically disables plugin (!= RPMRC_OK).
So let's say that if plugin returns RPMRC_NOTFOUND during init()
it's just signal to disable plugin and not show error.
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
|
|
|
|
| |
See Rhbz#1275551
|
|
|
|
|
|
|
|
| |
*** Error compiling '/builddir/build/BUILDROOT/rpm-4.13.0_alpha-239g190fa42.fc24.x86_64/usr/lib64/python3.5/site-packages/rpm/transaction.py'...
File "/usr/lib64/python3.5/transaction.py", line 9
SyntaxError: from __future__ imports must occur at the beginning of the file
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
This is useful for reproducible builds. See rhbz#1309367.
|
|
|
|
| |
rhbz:919801
|
| |
|
|
|
|
| |
Needed for next commit
|
|
|
|
|
|
|
|
|
| |
the doc explicitely describe "args" as "signing parameters (or NULL for
defaults)"
This no more true since commit 6e9eab345a18d01f0c2c35fa8bb842744093364c
As such, with rpm-4.13, some callers will segfault (eg: perl-RPM4's
testsuite)
|
|
|
|
|
|
|
| |
There's an off-by-one error in base64_decode_value which results in undefined behaviour:
void* out;
size_t len;
rpmBase64Decode("\x7b", &out, &len);
|
|
|
|
|
|
|
|
|
|
| |
Removed setting LC_ALL to "C" because since commit [1] the gpg program
gets password by yourself from terminal so there is no sense in
setting LC_ALL to "C" if the terminal settings is e. g. UTF-8. That was
only confusing gpg program and it was not able to properly get and
display non-ASCII characters.
[1] 0bce5fcf270711a2e077fba0fb7c5979ea007eb5
|
|
|
|
| |
Patch from Dennis Gilmore <dennis@ausil.us>
|
|
|
|
|
|
| |
After automatic dependencies are generated filter out from them
unversioned dependencies if versioned dependencies with the same name,
type and color already exist.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not try to convert a zero-length file digest to a binary representation.
Zero-length file digests may stem from directory entries and symbolic links.
Return an empty signature in this case.
Returning an empty signature results in the ima.so plugin getting a sequence
of zeroes that it would write into security.ima xattr. Check for a signature
header consisting of only zeroes and do not write it into the filesystem.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Extend the header size to 256MB in case an RPM has a lot of files
and the file signatures do not fit within the current limit of 16MB.
An example for an RPM with many files is kcbench-data-4.0. It contains
more than 52000 files. With each signature with a 2048 bit key requiring
256 bytes plus a preamble, its representation in text from, and other
overhead, the size of the header (index length and data length) exceeds
32Mb.
If this particular RPM's files have been signed using this patch, older
versions of the rpm tool will report the header being too large. So this
failure is expected then.
By setting the limit to 256MB we create a lot of room for the future.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
|
|
|
|
|
|
| |
Check the range of the algo index parameter before using it for
accessing an array.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
|
| |
|