summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Preparing for 4.18.0-alpha2rpm-4.18.0-alpha2Panu Matilainen2022-05-0543-46/+46
|
* Fix regressions on dynamic buildrequires cli switches (RhBug:2078744)Panu Matilainen2022-05-042-7/+47
| | | | | | | | | | | This effectively reverts commits b8935fb23518e26aa7b9316d27f2565813d20291 and ad8b9bd2ca93cf4319680f056bb40bfc24661991 and separating -br and -bd from the normal build flow: these are so different from regular builds and in particular, have special semantics wrt --nodeps that trying to cram them into the normal flow only makes it far harder to read and understand. (cherry picked from commit a68a2e50578347384bb2f1b08314d8bf7026b9bc)
* Fix regression in rubygem unpacking (#2040)Panu Matilainen2022-04-291-2/+3
| | | | | | | | | | Externalizing the source unpack in commit cd5d667e99f931504a512b591fcde7ed92cee344 required changing the way rubygems are unpacked, and now the .gemspec file gets unpacked into different place. Oops. Reported and initial patch by Vit Ondruch. Fixes: #2040 (cherry picked from commit cbcd9dd38dd1d0379e5d25ed3c1b1e96353e4014)
* Fix a typo in doUntar that breaks verbose uncompressionMikolaj Izdebski2022-04-291-1/+1
| | | | | | See https://bugzilla.redhat.com/show_bug.cgi?id=2079127 (cherry picked from commit bb36aac905cf8eb470f085574641d92c8d8ca20f)
* Add test for colored file upgrade/reinstallPanu Matilainen2022-04-291-0/+43
| | | | | One of the situations which commit a7ceb572cfe1066a6dc425a272ed6b99747eaccc did not cover proved out to be lethal...
* Revert "Fix shared colored files not removed on erasure regression in >= 4.14.0"Panu Matilainen2022-04-292-31/+5
| | | | | | | This causes a worse regression by removing files on update, revert for further investigation. This reverts commit 9e4caf0fc536d1244b298abd9dc4c535b6560d69.
* Fix OpenPGP key ID parsing regressionDemi Marie Obenour2022-04-251-0/+1
| | | | | | | | | This fixes a regression in 598a771d8b4f4f480d4990ccf59b978d537201dd, which caused RPM to parse key flags from a hashed key ID subpacket. As a result, RPM would wrongly reject a signature that had both key ID and key usage flags subpackets in the hashed section. (backported from commit 7f830132fe717d4b31c035bb3d08379451e3cd81)
* Preparing for 4.18.0-alpha1rpm-4.18.0-alpha1Panu Matilainen2022-04-1343-8531/+10722
|
* Properly escape %__gpg_sign_cmdDemi Marie Obenour2022-04-131-9/+10
| | | | | | | | %__gpg_sign_cmd needs to be able to cope with strange characters in e.g. %_gpg_name. Use the builtin shescape macro to make this straightforward. (cherry picked from commit 714422a9b0bc9af63f5c0c7a45776087920a66f5)
* Rip out %__gpg_verify_cmdDemi Marie Obenour2022-04-131-6/+0
| | | | | | It hasn't been used since before RPM 4.1. (cherry picked from commit 8098776540e8ccaa8995cbb3d858e29cdcc3e2e1)
* Remove superflous include of non-standard <error.h>Ismael Luceno2022-04-131-1/+0
| | | | | Signed-off-by: Ismael Luceno <ismael@iodev.co.uk> (cherry picked from commit d8eee23e1f2d944a9bcef5044d43808ba21bb83a)
* Add a test case to check that the key creation time is correctNeal H. Walfield2022-04-134-0/+139
| | | | | | | | | | When getting a certificate's creation time, assert that the certificate's creation time (the Primary Key's creation time field) is used, not the active binding signature's creation time. See #2004. (cherry picked from commit ee2f59cc1770f6eb4493a59710e9ef749725da46)
* Avoid clobbering existing saved timeDemi Marie Obenour2022-04-131-1/+3
| | | | | | | | | The public key parser needs to set PGPDIG_SAVED_TIME, so that future iterations in pgpDigParams() do not clobber the key’s creation time. Fixes #2004. (backported from commit 2b48aa7c69e530a70fc1a2620375c23b8eef1f4c)
* Force gpg to use SHA256 when generating signatures.Neal H. Walfield2022-04-131-3/+3
| | | | | | | | | | Some versions of gpg appear to default to using SHA512. This breaks several tests' assumption that gpg generates a SHA256 hash. Force gpg to use SHA256 by passing `--digest-algo sha256` to rpmsign. Fixes #2002. (cherry picked from commit 4814bc84c5948d52998f6e33869d53ace9a0e753)
* Merge Lua posix extension into librpmioPanu Matilainen2022-04-138-19/+8
| | | | | | | | | Once upon a time there may have been a point to having the extension in a separate convenience library, but nowdays with Lua being mandatory there's not a whole lot of point in complicating the build with all this fubar. As a nice little bonus, we can now hide luaopen_posix() symbol. (cherry picked from commit eaf359f35c6433cfe80fc8814795081b92171be8)
* Fix missing preformat marker in %conf docsPanu Matilainen2022-04-131-0/+2
| | | | (cherry picked from commit 44a2201dac198868a3ca3c948f8069177364b305)
* Add python rpm.ds constructor docsPanu Matilainen2022-04-081-0/+7
|
* Add proper deprecation warnings to deprecated rpmsq functionsPanu Matilainen2022-04-082-1/+16
|
* Disarm python binding signal handling methodsPanu Matilainen2022-04-081-7/+2
| | | | | | For all practical purposes these are no-ops already, making it explicit by not calling the underlying functions allows us to add compile-time deprecation warnings to rpmsq.h.
* Add bunch of deprecation/obsoletion warnings to python bindingsPanu Matilainen2022-04-085-7/+19
| | | | | This stuff has been deprecated, obsolete or unused for more than a decade, time to make it known so it can be purged some day...
* Update library version info before releasePanu Matilainen2022-04-072-5/+5
| | | | There are added interfaces but none removed, so no soname bump needed.
* Update translation master for a change, oopsPanu Matilainen2022-04-071-1008/+187
| | | | | | Quite a few strings have been changed since the last update in commit 164747026b4d7b4dce7d44f951887ba1803f0a7d. Also gets rid of the location markers to make it less painful in the future.
* Tone down the gettext churn a bitPanu Matilainen2022-04-071-1/+13
| | | | | | | | | | Limit the amount of (irrelevant) changes in the po/ department: skip location information in both the .pot and .po files. Optimally we wouldn't touch the .po files at all, because this is Weblate territory. However there doesn't seem to be any way to achieve that without modifying po/Makefile.in* which are generated files and so not really modifiable without creating other headaches.
* Only print rpmio descriptor statistics when io debugging is enabledPanu Matilainen2022-04-061-1/+1
| | | | | | | | | The stats aren't particularly interesting except for development and debugging purposes. Rather than change all the debug fprintf()'s in rpmio to rpmlog(), just change the stats to only get printed when --rpmiodebug is active like the rest of the io debug code. Fixes: #1987
* Fix minor ABI regression wrt RPMQV_* enumPanu Matilainen2022-04-051-1/+1
| | | | | | | Commit 949dc7c31ad26cb489e54386d289b73f40a54b80 introduced a new value into middle of a public enum, which we can't do since we're not bumping soname here. Not that anybody would've noticed, nothing outside rpm itself uses this rpmcli stuff really.
* Don't override LD_LIBRARY_PATH, prepend to it.Neal H. Walfield2022-04-051-1/+1
| | | | | | When running the tests, the test suite overrides LD_LIBRARY_PATH. This means that any user setting is lost. Instead, add to LD_LIBRARY_PATH.
* Add compiler deprecation warnings to obsolete rpmfi APIsPanu Matilainen2022-04-051-0/+4
| | | | | Should've been in commit 53b408c18ee9738c3b461c3c43acc40a0fd72f3f already.
* Kick out --nopromote remnants, add compiler deprecation warningsPanu Matilainen2022-04-053-4/+5
| | | | | | Bury the two remaining callers that somehow avoided the massacre in commit 6800e0a4df14e03157a463b55cbe6adfa0ce0c3d, add compiler deprecation warnings.
* Mark deprecated PGP/keyring APIs as suchPanu Matilainen2022-04-052-0/+14
| | | | | | Add RPM_GNUC_DEPRECATED markers where we can, unfortunately these APIs are used to implement each others so adding more would cause unwanted warnings to build of rpm itself.
* Don't assert the version of rpm used to create the dataNeal H. Walfield2022-04-051-2/+1
| | | | - Fixes #1985.
* Use rpmuncompress to handle %{uncompress:...}Panu Matilainen2022-04-042-60/+26
| | | | | | | | | This means that finally there's just one place that when adding support for new compress formats, there's in theory there's just one place to update. Reality is a little more complicated, but hey... Adjust tests a bit, and rather test functionality than command output because those reflect command paths which we can't easily adjust now.
* Refactor uncompress/untar command info into a structPanu Matilainen2022-04-041-51/+53
| | | | | Allegedly no functional changes, only we no longer need to go roundabout through %{uncompress:...} macro in the uncompress command.
* Add dry-run option to rpmuncompress to make testing nicerPanu Matilainen2022-04-041-1/+9
|
* Move %patch uncompress logic from spec parse to build time, sort ofPanu Matilainen2022-04-042-19/+11
| | | | | | | | | | | | The rationale is the same as with %setup, see previous commit. However as commit 6845efae0dcc005f3bbb4cd4179a3ccce9d9638c pointed out, most patches are not compressed and invoking an extra helper just in case gets expensive for no good reason when you have zillions of patches. Preserve the optimization from that commit by silently looking up the file IFF it's there, and omitting the uncompressor if we can determine it uncompressed. Otherwise we'll just postpone the uncompress decision to build-time, where rpmuncompress will do the right thing regardless of whether it's compressed or not.
* Move source uncompress logic from spec parse to build timePanu Matilainen2022-04-046-86/+189
| | | | | | | | | | | | | | | | | | | Traditionally, %setup processing has figured out the commands needed to extract the source in question. The problem with this is that it happens at spec parse time, requiring access to sources that may not even be there in plain spec queries. Move the unpack logic from %setup internals to an `rpmuncompress` helper executable which is now the only command %setup needs to know. This way, spec parsing never needs to look at the actual source files, their presence is only required for an actual build. Another advantage is that the extraction machinery is now available to packagers without having to call %setup with its side-effects on %buildsubdir and such. Split the rpmbuild -ba test on missing sources into separate -bb and -bs tests as these are now rather different: binary build only tests for source presence if %prep is actually executed, and missing files at source build stage are discovered at a later stage as well.
* Fix check-buildroot missing matches with grep >= 3.5Panu Matilainen2022-04-041-1/+1
| | | | | | | | | | | Since 3.5, grep emits the diagnostic "binary file matches" message to stderr which causes the result file to be empty and build continuing despite an obvious error being present. We're not interested in the match itself, only whether there are files with matches. Grep has a standard option for this (-l), use it. Fixes: #1968
* Translated using Weblate (Spanish)Emilio Herrera2022-04-011-7/+11
| | | | | | | Currently translated at 71.5% (634 of 886 strings) Translation: rpm/master Translate-URL: https://translate.fedoraproject.org/projects/rpm/master/es/
* Translated using Weblate (Georgian)Temuri Doghonadze2022-04-012-1/+4068
| | | | | | | | | Currently translated at 6.5% (58 of 886 strings) Translation: rpm/master Translate-URL: https://translate.fedoraproject.org/projects/rpm/master/ka/ Added translation using Weblate (Georgian)
* Translated using Weblate (Chinese (Simplified) (zh_CN))Charles Lee2022-04-011-8/+8
| | | | | | | Currently translated at 84.4% (748 of 886 strings) Translation: rpm/master Translate-URL: https://translate.fedoraproject.org/projects/rpm/master/zh_CN/
* Issue warning on implicit "%patch zero" variants, sanitize semanticsPanu Matilainen2022-04-011-11/+8
| | | | | | | | | | | | | | | | Supporting `%patch` with no number specified, in particular combinations like `%patch 1` meaning patches 0 and 1 (!), prevents further progress in this area. Dropping support for these is a case of sawing off a limb to save the patient, but there's enough history to numberless `%patch` that we need to take the long route of deprecating it first. To be exact: - we now issue a warning on `%patch` where no patch numbers have been specified, but assume it to mean Patch0 for now - `%patch N' applies patch N and nothing else While at it, avoid an unnecessary strdup() and a dangling buf after free.
* Make pgpDigParams opaqueNeal H. Walfield2022-03-317-50/+148
| | | | | | | | | | | | - Add accessor functions pgpDigParamsSignID, pgpDigParamsUserID, pgpDigParamsVersion, and pgpDigParamsTime. - Move the definition of `pgpDigParams_s` from `rpmio/digest.h` to `rpmio/rpmpgp.c`. - Change code to use the accessor functions. - Fixes #1979.
* Fix inverted logic in base2bin()Demi Marie Obenour2022-03-311-1/+1
| | | | headerGet() returning 0 is an error condition.
* Avoid calling memcpy() on NULLDemi Marie Obenour2022-03-311-2/+4
| | | | | base2bin() would call memcpy() on NULL for empty fsverity signatures. This is undefined behavior, even if the length is 0.
* Make "%autosetup -S git" and "%autosetup -S git_am" work on a branch.Peter Jones2022-03-311-1/+4
| | | | | | | | | | | This changes the git autosetup handlers so that they do the initial commit of the expanded tarball on "master", then switch to a branch "rpm-build" before applying patches. Additionally it sets the "rpm-build" branch's upstream to "master", so that in the active work tree where the "rpm-build" is checked out, commands such as "git rebase -i" automatically have a default behavior that makes sense. Signed-off-by: Peter Jones <pjones@redhat.com>
* Support imports to fs keyring tooPanu Matilainen2022-03-312-2/+79
| | | | | | | | The fs keyring doesn't of course need the header to be created, but going through the same motions ensures consistent results, ie the key goes throught the same validation steps and we also get a "descriptive" file name for free (descriptive in that it matches the rpmdb NVR)
* Remember used keyring type in the transaction setPanu Matilainen2022-03-312-7/+27
| | | | | | The keyring a transaction uses shouldn't change by somebody defining macro in the meanwhile. Add an enum for known types and a helper to lazily determine it on the first keyring load.
* Avoid unneded MPI reparsingDemi Marie Obenour2022-03-311-2/+2
| | | | | | | | Modify pgpPrtSig() to ignore the MPIs of a signature if its `tag` parameter is 0. The only caller that sets `tag` to 0 is pgpPrtParamSubkeys() (via parseSubkeySig()), which does not actually check any cryptographic signatures. The subkey binding signature has been checked earlier in pgpPrtParams().
* Ignore subkeys that cannot be used for signingDemi Marie Obenour2022-03-312-3/+47
| | | | | | | | | | | | | | | This ensures that a signature is only accepted if the subkey that made it is actually allowed to sign. Test 265 verifies that RPM ignores subkeys that cannot sign. A subkey is considered to be capable of signing if, and only if, its subkey binding signature has a hashed key flags subpacket that contains the flag 0x02. RFC4880 requires that the subkey binding signature be v4, which this requirement enforces implicitly. RFC4880 also requires that primary key binding signatures be present and checked. This is not yet implemented, but may be implemented later. Fixes #1911.
* Parse key usage flagsDemi Marie Obenour2022-03-312-1/+14
| | | | | | | | | | RPM needs to know if a subkey can be used for signing. Signatures made by a subkey that cannot be used for signing are invalid. Add a key_flags member to pgpDigParams_s to store this information, and a PGPDIG_SIG_HAS_KEY_FLAGS flag to indicate that it is valid. The key usage flags are reset for every signature. Key usage flags in the unhashed section are ignored. If there is more than one key usage flags subpacket in the hashed section, the signature is rejected.
* Add a hashed flag to pgpPrtSubtype()Demi Marie Obenour2022-03-311-3/+5
| | | | | | This is needed for key usage flags parsing, as key usage flags outside of the hashed region must be ignored. For now, just use it to unconditionally ignore unhashed creation time subpackets.
View Lorry Controller Status