summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Bump version to 4.14.3 finalrpm-4.14.3-releaserpm-4.14.xFlorian Festi2020-04-211-1/+1
|
* Silence spurious error message from lsetfilecon() on -EOPNOTSUPPPanu Matilainen2020-04-211-5/+5
| | | | | | | | We already filter out -EOPNOTSUPP and return OK, but the message was getting logged before the filtering so we'd spit out spurious error messages on filesystems that don't support SELinux (RhBug:1777502) (cherry picked from commit 4a71a3eccd7e9e14ee0e83b1cb300386a93622cd)
* Use common error logic regardless of setexecfilecon() availabilityPanu Matilainen2020-04-211-27/+21
| | | | | | | | | | | | | | | Refactor the custom exec context setting code to look like setexecfilecon() in case the real one is not available to eliminate pesky behavioral differences between the two cases. This fixes a concrete bug of libselinux setexecfilecon() returning with an error when security_getenforce() returns with -1 (such as a bare chroot with no /sys mounts etc), causing us to spit out useless error messages in that case ever since fixing the bogus if-logic in commit ab601b882b9d9d8248250111317615db1aa7b7c6. Fixes: #1077 (cherry picked from commit 153c5c219844f0f294862c9043b20f4d24f7fa69)
* Run full distcheck as the CI test for wider coveragePanu Matilainen2020-03-261-3/+5
| | | | | | | | | | | | | | | | | | | | Unlike plain "check", this will catch regressions to out-of-tree builds, source files present in git but missing in tarballs, etc so they are found when introduced instead of pre-release heat. To make this work we need to move the working dir inside docker away from /opt, the combination of root user and distcheck blows the our whole directory away at some point and things dont work so well after that. In addition, rpmtests.log is no more in a nice and easy location because it's failing somewhere inside the nested build thingie, so try to find it... We also need a few more packages installed now: git for the changelog and doxygen for api docs. And ima-evm-utils-devel to build the plugin, not the utils. (cherry picked from commit 595c4f274084e1afff74c3211b0bee3bf6a9b3cd)
* Fix defunct gpg-agents lingering around after test-suitePanu Matilainen2020-03-261-1/+5
| | | | | | | | | | | | | | | | | | There appears to be a some sort of race inside make distcheck where the second run of the test-suite gets stuck trying to kill the gpg-agent of previous run, it seems to close the connection but then gets "connection reset by peer" error, drops into the gpg-connect-agent prompt and refuses to die. My theory is that this has to do with distcheck nuking the directory in between but that's just a theory, I can't reproduce this locally to debug properly. The simpler approach of "gpgconf --kill gpg-agent" appears to help it not getting tangled up in its own feet, but lets not leave those agents spying around after the test-suite completes to begin with. Leaving the initial gpg-agent shutdown in place to cope with situations where the test-suite is aborted (ctrl-c or such). (cherry picked from commit 7e4472159b173e09c7e6758eac61036d12dddbf7)
* Don't allow test-suite failures inside distcheck eitherPanu Matilainen2020-03-261-2/+1
| | | | (cherry picked from commit 390befdae26a495696c5064fc76710c66a0acac9)
* Enable all our configure options during distcheck for maximum coveragePanu Matilainen2020-03-261-1/+15
| | | | | | | Additionally run distcheck with --disable-dependency-tracking to speed it up a little. (cherry picked from commit a03350c8f72b3c39aac14e1c98f039ef2032efb8)
* Add a "ci" make target for easy local runningPanu Matilainen2020-03-261-0/+5
|
* Run CI as parallel build to maximum available CPUsPanu Matilainen2020-03-261-2/+4
| | | | | | (cherry picked from commit a08ce7be1365f85577437242d91ec42c348c4f1f) But still use make check instead of make distcheck
* Hardwire the Fedora version used for CIPanu Matilainen2020-03-261-1/+1
| | | | | | | | | | | | | | | CI has been running on latest stable Fedora and rawhide, both of which can and do change outside our control and cause previously working code to stop building overnight due to new compiler versions etc being introduced. This is not a sane situation for mandatory CI, we need to be able to validate the codebase on a given version *before* moving to it. Setting the version in the Dockerfile instead of external scripts ties the codebase and validated versions together as they should. This still leaves us subject to updates breaking stuff, but that's a lesser evil, updates are generally welcome. (cherry picked from commit 9a7e8e15705e81661f58374fdd83ac5ce425d99b)
* Set rpm-maint list as the CI Dockerfile maintainerPanu Matilainen2020-03-261-1/+1
| | | | | | | Thanks to Igor for originally setting this up, but the project and its contents are maintained by a team, not individuals. (cherry picked from commit 2e33c79b13ff7cb983f7d72f6f202f4fc9aa6a22)
* CI: enbale Python bindingsFlorian Festi2020-03-261-1/+2
| | | | Python tests fail otherwise
* CI Dockerfile: Move copy command to a later timeFlorian Festi2020-03-261-1/+1
| | | | This allows to reuse more of the container build
* Add python2-devel to CI rootFlorian Festi2020-03-261-0/+1
|
* Prepare for version 4.14.3-rc1Florian Festi2020-03-2638-6590/+7581
|
* Unbreak testsuite from unversioned obsoletes warningsPanu Matilainen2020-03-268-35/+2
| | | | | | | Commit 0bd50344ba8c3dc13fe847048ba97c1490e321a9 broke the testsuite due to us having all sorts of hysterical "for example" gunk in our specs. Axe the cruft and adjust the one actually used obsolete to have a version.
* Use python2 as the python binary nameFlorian Festi2020-03-263-3/+4
| | | | | Modern distributions have switch /usr/bin/python to be Python 3 This rpm version still needs to use Python 2 especially for the test suite.
* Ensure /usr/bin/python2 is present in the CI environmentPanu Matilainen2020-03-261-0/+1
| | | | Oh the joys of Python 3 transition :(
* Fix excessive use of thread local storage (RhBug:1722181), part IIPanu Matilainen2020-03-261-5/+5
| | | | | | | | | | | | This essentially reverts commit ff43d03d1f9686c9ffa9232a64e253783309feb5 which made these all thread local. It might not be quite right, but then using TLS is not sensible either - threads have their own signal *mask*, but disposition is global, and most of what we do here is global anyway. In addition, the signal queue is only enabled in places where threads are not used (or would not be safe anyhow) so reverting for now seems the lesser evil. (cherry picked from commit 453e7afa406168b83b1f3244db4a096f247a76b9)
* Fix excessive use of thread local storage (RhBug:1722181)Panu Matilainen2020-03-261-4/+4
| | | | | | | | | | | Commit 6487e873f3169c2bffbd52808b6c749e6c104ff5 introduced a thread local BUFSIZ static buffer for header format error reporting but thread local storage is apparently a rather scarce resource (on some architectures more so than others) and a static buffer is highly excessive use of that resource. Use a thread local pointer to dynamically (re)allocated buffer instead. (cherry picked from commit 0fd720b1f0d3ec733dc1592bb3a7131e899c246b)
* Add a local vasprintf() clone rvasprintf() to match rasprintf()Panu Matilainen2020-03-262-12/+26
| | | | | | | Every now and then you need the v-version instead, and now rasprintf() implementation comes practically free on top. (cherry picked from commit d9dbd6ece3ba94d41c1b720565a26e50ac6757e8)
* Honor RPMSENSE_MISSINGOK on src.rpm rpmlib() dependencies tooPanu Matilainen2020-03-261-0/+2
| | | | (cherry picked from commit b9ee269fba54a4a7c91e594f907eef3c8c6c76c0)
* Fix regression reading some old v4.0 era packages (#610)Panu Matilainen2020-03-261-0/+3
| | | | | | | | | | | | | Some old v4.0 era packages have RPMTAG_HEADERIMAGE in the signature header region trailer, instead of the expected RPMTAG_HEADERSIGNATURES. This was fixed in 4.4.x in commit 21818c6c8f3d4fe7836326d27f38421c29c22db7 but regressed in the commit 85a5b004306fe8486424142cdc98575c25142776 refactoring / cleanup. Reported at https://bugzilla.altlinux.org/show_bug.cgi?id=33710, original patch by Vladimir D. Seleznev. (cherry picked from commit 7a2f891d25d78cf797c789ac6859b5f2c589d296)
* Fix rpmVerifySignatures() passing garbage as verify flags in rpm >= 4.14Panu Matilainen2020-03-262-2/+3
| | | | | | | | | | | | | | | | | | Commit a239ddefa90575ce80ed4436beb4005a97e32644 changed rpmpkgVerifySigs() to accept fine-grained vsflags instead of query/verify style nosignature/nodigest hammers, but rpmVerifySignatures() didn't get updated accordingly. This will cause most unexpect behavior (in particular in 4.14.x), for example QUERY_DIGEST which was used for disabling all digest verification was defined as (1 << 19), which happens to be the same as RPMVSF_NORSA which is how it would now be treated. Similarly confusion with VERIFY_SCRIPT becoming RPMVSF_NODSA etc. Just use the transaction verify flags instead, and mark the qva argument as unused. It's an API change but that's okay in 4.15, and it's also an explicit breakage at compile time (due to those DIGEST/SIGNATURE symbols removal). In 4.14.x this is a regression but can be fixed within the API. (cherry picked from commit 929c61e7507d2132c5263f567ccce89f2090f8a3)
* Don't require signature header to be in single contiguous region part IIPanu Matilainen2020-03-261-1/+1
| | | | | | | | | The generic case was reported in #270 and fixed quite a while ago in commit 34c2ba3c6a80a778cdf2e42a9193b3264e08e1b3, but signing uses a different code path and require the same treatment. Fixes: #1002 (cherry picked from commit bb30f997c4b22c0d5cf6752f15d2af17538f91f0)
* Fix regression on v3 package handling on database rebuildPanu Matilainen2020-03-261-1/+1
| | | | | | | | Introduced in commit 27ea3f8624560bd158fc7bc801639310a0ffab10, the wrong header is being added in case of v3 packages. Fixes: #1017 (cherry picked from commit 85e5a70368854da0537099128530b0df69ca2216)
* Document popt build-requirement and point a download locationPanu Matilainen2020-03-261-0/+4
| | | | | | | | | | Oops, all this time our most important build-dependency had been missing. Add a version recommendation too - while rpm almost certainly works with 1.12 and 1.11 too, those are getting *really* long in the tooth, and 1.13 has an important type fix in poptGetOptArg() return value so might as well use that as the base. (cherry picked from commit 2c5794469188ab7a6e7e930ff167bfa0e08f2415)
* Explicitly mention that the rpmio/ sub dir is under LGPLFlorian Festi2020-03-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | As the code in the rpmio sub directory was split out of the lib sub dir it is already under LGPL as "code derived from" "the source code in the lib subdirectory" according to the license. But not having the sub directory mentioned in the license confuses users and contributers. The original release tarballs in http://ftp.rpm.org/releases/historical/ show the license was changed into the existing dual one between rpm 2.4.3 and 2.4.4, and that no rpmio/ directory exists at that time. Our git repo disagrees with the time of rpmio/ split due to some conversion artifacts (cvs to mercury to git), as it shows rpmio/ directory existing from the first commit, but this was not actually the case. The license stating that the dual license is there to allow linking with librpm from non-GPL code supports this interpretation as librpmio is required in order to use librpm even if it is a separate library nowadays. So this change does not change the license of any code but only clearifies the current situation. Resolves: #516 (cherry picked from commit d5c69756cf6cd16e7c2e8b81fba19bf81f3dd1ba)
* Fix ancient memleak on %setup argumentsPanu Matilainen2020-03-261-2/+2
| | | | | | | | poptGetOptArg() returns malloced strings and caller needs to free. This will still leak on error paths but at least normal use is covered. (cherry picked from commit af73aba20f856de3ebc9751166a2364e795b199d) (cherry picked from commit 3a65abde579abc8331de59e5c99e5acc0cf96427)
* Fix ancient memleak on %patch -P from unused popt arg pointerPanu Matilainen2020-03-261-2/+2
| | | | | | | | | | | | -P can appear multiple times so a string arg pointer is not the right thing here in any case. There are other similar and related leaks all over the codebase but this is especially insulting as the leaked pointer was never used for anything at all. Thanks for Peter Jones for pointing this out. (cherry picked from commit 29d70efb1d9b2161f3fcdbdf71945d6c7308432d) (cherry picked from commit c0fbb408068b5e2757971f32338690365eb0933f)
* Handle incomplete escape seq in queryformat (RhBug:1755230)Michal Domonkos2020-03-262-0/+19
| | | | | | | | | | | | | | | Previously, we assumed a backslash character would always be followed by a character to be escaped, and advanced our "start" pointer by two places before the next iteration. However, this assumption breaks if the lonely backslash happens to be the last character in the query string, in which case we would end up pointing beyond the \0 and let the parser wander into the unknown, possibly crashing later. This commit ensures we detect this corner case and error out gracefully with a message. (cherry picked from commit 1cb3be0009fbfd5549844ec361cc1ae5efa9c153) (cherry picked from commit c634836db4dcbbf31cdc6b55224b3a95245ad744)
* Fix suspicious condition in selinux pluginPanu Matilainen2020-03-261-1/+1
| | | | | | | | | Misplaced parenthesis introduced in commit 148e82833a. Fixes #872 (cherry picked from commit ab601b882b9d9d8248250111317615db1aa7b7c6) (cherry picked from commit 1c9b0fcda92dad419fb340c0dc2a840cb017f6a5)
* Fix a minor memory leak on suppressed inhibition lock warning messagePanu Matilainen2020-03-261-4/+6
| | | | | | | | Commit 708e61307bc3fd027b016fdf5a1d1a5274c1843c introduced a memory leak on the error object: if the message is suppressed then the error object is never freed. Test for the suppression conditions separately to fix. (cherry picked from commit 4ddab4fb7e1ccc7dc466534250177b7d2682a9e2)
* Suppress inhibition lock warning message when DBus service is not availableShogo Matsumoto2020-03-261-1/+3
| | | | | | | | | | | | | The message may just confuse users if DBus is not running as default, e.g. single-user mode. We suppress it when DBus is not available, which is done by checking two cases: socket does not exist (DBUS_ERROR_FILE_NOT_FOUND), or unable to connect to server (DBUS_ERROR_NO_SERVER). Note that this is an approximate but not an exact way to detect whether DBus service should be running in the environment or not. (cherry picked from commit 708e61307bc3fd027b016fdf5a1d1a5274c1843c) (cherry picked from commit b1e85a9172b8f17fece8cb3882ae95a8937a9f13)
* rpmpgp: Handle EOF without EOL better at END PGPStepan Broz2020-03-261-2/+3
| | | | | (cherry picked from commit 655c4c72a3467037abd51aab29f0300e97caf54c) (cherry picked from commit 8ac9af9d0a63c935e7eb7436f6d69fded7f7eb2b)
* Fix memleak during transaction verify step in the NOKEY case.Panu Matilainen2020-03-261-1/+3
| | | | | | | | Found during RhBug:1714657 QA testing. In addition, add a comment to clarify the fallthrough as intentional. (cherry picked from commit 5188a7b35eb3672c9b15e96433e033ee36f8e6a8) (cherry picked from commit 307d608e98f78bfe17e79c53fcde56ba8917728f)
* Fix off-by-one in hdrblobGet() making last entry unreachable (RhBug:1722921)Panu Matilainen2020-03-261-1/+1
| | | | | | | | | | | | | | | | | hdrblobGet() introduced in commits acfde0d0e812e9f8e153ab6be8c9f2682bdd4763 and 9821de18811db97238c34a564221e315f5f35b44 has an off-by-one thinko (perhaps the idea was to skip the first, region tag) which causes the last entry to be unreachable. In typical packages, that is RPMSIG_PAYLOADSIZE which is not used at all in this context so it doesn't matter, but in large packages use RPMSIG_LONGARCHIVESIZE which has a lower tag number and leaves either RPMSIGTAG_MD5 or RPMSIGTAG_GPG last, unreachable and thus unverifiable. Oops. This fixes the regression introduced in rpm 4.14, affecting verification of large packages (ie having RPMSIG_LONGARCHIVESIZE) (cherry picked from commit e219c9548d16a3c18dd261f7043bb8d221b87c77) (cherry picked from commit 0b0f4a1a3c3eca8801e624e68d025afbb6b6e86d)
* rpmsign man page: Add line about rpmsign requiring a valid checksumFlorian Festi2020-03-261-0/+3
| | | | | | | and the limitations in FIPS mode (cherry picked from commit be3347b5bff6142e86e533174fe0ec352405d159) (cherry picked from commit d615098e4ea8937dd63291f6b2008253733632b7)
* Raise an error if reading a file during rpmbuild fails (#776)Pavlina Moravcova Varekova2020-03-261-0/+2
| | | | | (cherry picked from commit 7a227533d1342dccc5b3717554a35dbe2baa9832) (cherry picked from commit 07f565a13665347a7bb6dba3726c4a9248bc7bb1)
* Canonicalize Python versions and properly handle != specMiro Hrončok2020-03-261-7/+14
| | | | | | Fixes https://github.com/rpm-software-management/rpm/issues/639 (cherry picked from commit 4c8b584074061c606883ce3f18c8c9024d8610f5)
* Add step to find-debuginfo.sh script to compress annobin notes.nickclifton2020-03-261-0/+4
| | | | | | | | | | | With the introduction of the annobin gcc plugin to the build process, built binary files have become larger. Sometimes significantly so. This is a patch that adds a new step to the post-link process performed by rpmbuild, to run the objcopy program with the --merge-notes option specified. This will reduce the size of the annobin notes in binary files, thus alleviating the size growth. (cherry picked from commit cc1965ce3acaa7d9356b7671050a15e2cda2f424)
* Fix rpmfiles memory leak on %postuntrans file trigger preparationPanu Matilainen2020-03-261-0/+1
| | | | (cherry picked from commit 475af64f64cbc210c87588d425fa9a14cd9760b6)
* Fix packages getting erased on failed update with dnf (RhBug:1620275)Panu Matilainen2020-03-261-1/+2
| | | | | | | | | | | | | | | | When adding update elements, we set the erase element to depend on the install element, but if an API user adds the same erasure manually after adding the update, we know its a duplicate erasure and filter it out, BUT we zero out the dependent element in the process. And if installing the update now fails, we end up removing the whole package due to that missing dependent element. This never happens with rpm itself so we can't easily test it, but is 100% reproducable with dnf (at least dnf 3-4). Apparently it adds all erasures by itself (which is kind of understandable I guess, perhaps we should better allow this in the API) (cherry picked from commit a144c29831a39ed303d6ea8d2ae91e1c36d64c84)
* Fix memleak in rpmfcApplyInternal() in standalone operation (eg rpmdeps)Panu Matilainen2020-03-263-3/+9
| | | | | | | | | | | When called in spec context, the package structs are properly freed but in rpmdeps context, commit 49f2bb7d8fd91f2d8b22bf7128fd3defe4ed5434 only added a "dirty kludgery" to make it not blow up. This causes the rpmds structures created in rpmfcApplyInternal() to leak memory. Make freePackage() internally available and use it for freeing the dummy struct too to fix. (cherry picked from commit df4f6a20c3bbf0d319643c17fb16364f64a1b10a)
* Fix recently introduced uninitialized variable warning in rpm2archivePanu Matilainen2020-03-261-1/+1
| | | | | | | Fixes "warning: ‘rc’ may be used uninitialized in this function" introduced in commit c73b0f34e32c299c87b7163352808d1071a05d2b. (cherry picked from commit 57899bd3bfd8f310bde823df81db556b6fd606dc)
* Fix rpm2archive behavior with multiple argumentsRobbie Harwood2020-03-261-14/+15
| | | | | | | | | | If multiple arguments are passed to rpm2archive, convert them all to tgz. (Previous behavior was to convert only the first one and silently ignore the rest.) Signed-off-by: Robbie Harwood <rharwood@redhat.com> Co-authored-by: Florian Festi <ffesti@redhat.com> (cherry picked from commit c73b0f34e32c299c87b7163352808d1071a05d2b)
* Use --dpbath only with full path (RhBug:1696408)Pavlina Moravcova Varekova2020-03-261-0/+4
| | | | | | | Before the patch rpm treats the relative path as a full path. The new behavior is similar to the "--root" option. (cherry picked from commit d313baf1d3a4756447e398ee55f8c6760f942d50)
* Python generators: console_scripts entry points require setuptoolsMiro Hrončok2020-03-261-1/+6
| | | | | | Fixes https://github.com/rpm-software-management/rpm/issues/664 (cherry picked from commit 98d6b7bce028a7d6615a7c81c5a63d2b72825847)
* Support build-id generation from compressed ELF files (elfutils >= 0.175)Panu Matilainen2020-03-262-0/+8
| | | | | | | | | Use dwelf_elf_begin() for reading ELF files for build-id generation on versions that have it to support compressed ELF files such as kernel modules (RhBug:1650072,1650074). Note that debugedit still cannot handle compressed files, this is only for build-id generation. (cherry picked from commit d48981ad7e36abb3500161d823acf92345c94f5d)
* Detect kernel modules by .modinfo section presence for build-id generationPanu Matilainen2020-03-261-3/+24
| | | | | | | | | File extension based heuristics only work so far at best, and break completely on compressed files with arbitrary .gz/.xz etc extension. This isn't supposed to change any behavior as such, only provide more reliable detection of kernel modules. (cherry picked from commit 68d383c39cef8d58b80940b13dd132d3f41a03f0)
View Lorry Controller Status