| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It appears that some container deity somewhere has fixed the Docker
issue [1] that prevented us from upgrading beyond F34, but there was
another gotcha introduced in the meanwhile on Fedora side:
glibc-gconv-extras is now needed for our UTF-8 encoding check to work.
While at it, optimize the dnf side a bit: get rid of modularity repos
entirely so they don't come back via updates, and disable the H.264
repo too, we don't need *that* for building or testing rpm...
[1] https://github.com/moby/moby/pull/42681
(cherry picked from commit 6761c39063c88a79124e22e7484f9c70cefa3811)
|
|
|
|
|
|
| |
Avoid unecessary clutter in the test failure reports...
(cherry picked from commit 56d469e0c0c254ab5d26e160ab0a869d068b3e76)
|
|
|
|
| |
(cherry picked from commit 7c170513f534ce3e23a9d73d3225eebab1e59fb8)
|
|
|
|
|
|
|
| |
This would leak the path whenever we already had the directory open.
Which happens a lot. Oops.
(cherry picked from commit f78be76a00878183da86d5e37ddbe421c5fe028c)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Packages need to be able to differentiate between install and upgrade
scenarios, seems commit ab069ec876639d46d12dd76dad54fd8fb762e43d with
half the lights out...
As %posttrans happens after all the excitement, with the erasure elements
already executed, so the installed package count cannot be used to
differentiate between install and upgrade. So we need to find it out the
hard way: see if there's an erasure element that depends on this
package.
(cherry picked from commit 3848c97cb227e7c018781aa7d5e1e46990ce1ffb)
|
|
|
|
|
|
|
|
|
|
| |
For the very unlikely case when openat() succeeded but fstatat()
doesn't, the directory descriptor may be leaved opened. Rearrange
the code a bit to ensure it'll always get closed when appropriate.
Suggested-by: Pavel Kopylov <pkopylov@cloudlinux.com>
Suggested-by: Dmitry Antipov <dantipov@cloudlinux.com>
(cherry picked from commit af08077fb4c60dee516948ce7bf9bed91de62119)
|
|
|
|
|
|
| |
Should've been in commit 2bc745f2fde028e09f663c7967353e8b6aacdbf1
(cherry picked from commit 2c63113c8e9a1991386605c36dc1fdfea390b575)
|
|
|
|
|
|
| |
Also add a unit test to exercise pgpPubkeyFingerprint.
Backported from commit 2bc745f2fde028e09f663c7967353e8b6aacdbf1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 4bbeec134aab33e24f960be28a7b2198359c1f67 "fixed" an old
terminology confusion about keyid vs fingerprint, but in the process
broke pgpPubkeyFingerprint() for any external callers, as it now only
feeds on decoded packets whereas before it did the decoding by itself.
Add the decoding step back to the public function to make it usable outside
rpmpgp_internal.c again, retrieving a fingerprint seems like an useful
(public) API to have.
This is kind of a regression fix in that prior to commit
4bbeec134aab33e24f960be28a7b2198359c1f67 pgpPubkeyFingerprint() returned
meaningful data to the outside caller and afterwards it didn't, however
that commit broke the API anyhow so it's kinda complicated.
Maybe we should just call it a bugfix and be done with it.
Related to #1549
(cherry picked from commit dc9e8169790eba18130fb96c13f56ecba6c9b346)
|
|
|
|
|
|
|
| |
The newly handled ^ needs to be accounted for when allocating memory.
Found when testing #1936, goes to show what a useful thing that is.
(cherry picked from commit 19d73f67883c011cc74326a5dc34f7009efa60e1)
|
| |
|
|
|
|
| |
(cherry picked from commit 0f0fa49170a62b8e6a3383acff4b6f292b79a57c)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://github.com/rpm-software-management/rpm/commit/1cdb72ae48b7ba689c5c79118f4f0c1b4ffe6b7c
introduced a change where triplets that rpm doesn't know about
are rejected, which in turn causes a regression for users like
Yocto that explicitly use them.
In particular, x32 is a 64 bit x86 ABI with 32 bit pointers and
is supported via settings in custom /etc/rpmrc:
arch_compat: qemux86_64: all any noarch x86_64_x32 qemux86_64
(cherry picked from commit 73847f81794f5ec442ef56dc417aa069c23738a9)
|
|
|
|
| |
(cherry picked from commit cf3150509ed7eb2407bdf1f5572cd613a30c2b86)
|
|
|
|
|
|
| |
Should've been in bbfe1f86b2e4b5c0bd499d9f3dd9de9c9c20fff2
(cherry picked from commit 21c34bdd61c14f8044fcc5c0be90b1ec55eef2df)
|
|
|
|
|
|
|
|
|
|
|
| |
The key to understanding `%bcond_with` and `%bcond_without` is that these
options *create command line switches* and unless the user thinks in those
exact terms, there's little hope of understanding them. Further, take
care to differentiate between option creation, enablement and defaults
in terminology and document `%bcond` version availability.
Fixes: #2150
(cherry picked from commit 8ee98091b7f50cfeab61e069c1cad0c74fa567a8)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the repo is already initialized when calling this macro and it's
using a different branch name than "master" (see #2121) or the global
git option init.defaultBranch is set differently (see #2120), the macro
will fail at:
%{__git} branch --set-upstream-to=master
Instead of being overly clever, just track the original (start-point)
branch by using --track when branching (see git-branch(1) for details).
For brevity, combine this and branch creation into a single checkout
command.
This fixes commit 3a6b1d8fbf846d3f1b139d343fdfddebe99ae42b.
Thanks Panu for the clarification and suggestion in #854!
(cherry picked from commit 1f5ae2a6dd710de4a278087471bf0909ff9f6739)
|
|
|
|
|
|
|
| |
As we look at the first 4 bytes anyway there is no reason to read more.
Reading more also hits a bug in bash on aarch64 (rhbz#2115206).
(cherry picked from commit 8f922eb38a096640e586ba0eda96adc093b74fc4)
|
|
|
|
|
|
|
| |
Add testcase with special characters
Resolves: #1445
(cherry picked from commit 951f25bc8419e79593ae4fdfa3ee062dc58c60b2)
|
|
|
|
|
| |
Related: #2070
(cherry picked from commit a3eac98460958a421d31fe00323939b5501dfcf9)
|
|
|
|
|
|
|
|
|
|
| |
This allows to downgrade packages just as with --upgrade but limited to
already installed packages.
Also add basic tests for --freshen
Resolves: #652
(cherry picked from commit 2b5b271b0e013c1b023df7f5775a59cb4078d5f5)
|
|
|
|
|
|
|
|
|
| |
to set a separate license to the source RPM. This can be useful if the
sources have code under additional licenses that do not end up in the
binary packeges.
Resolves: #2079
(cherry picked from commit 9ed9d3fce34bc3c8121989e0cf263528e7e68756)
|
|
|
|
|
|
|
|
| |
for unknown payload compression format. At this point it is unlikely
this isn't an RPM file as we detected the headers but much more likely
the package is using a newer compression format.
(cherry picked from commit 85d92cab05501e78d0e66afa65de4e656281bc59)
|
|
|
|
|
|
|
|
|
|
|
| |
As the shell can't deal with null bytes only read two bytes and check
for proper match. This way we can match for the null byte even if it is
not part of the string.
This also silents the warning from the shell that there is a null byte
being ignored in the magic string for lzma.
(cherry picked from commit f3b263610b2bac53c48b960490eaa6575215aafe)
|
|
|
|
|
|
| |
to avoid warnings
(cherry picked from commit d499887c9261fdab4d03ea29316ea5e8fc646bd3)
|
|
|
|
|
|
|
|
|
|
| |
This script converts binary header sizes to decimal numbers. Shell is
not that well suited for this task as it drops newlines at the end of
command substitutions. Add a . character at the end and strip it right
after that to avoid this problem.
Resolves: rhbz#1983015
(cherry picked from commit a18a11924a715ace4b2d8e101688d164390cb188)
|
|
|
|
|
|
|
| |
This make is much less likely to mistake a file as an RPM and will catch
errors in header size calculation.
(cherry picked from commit ba31a14191e09226edc34df1b2076105a59fef18)
|
|
|
|
|
|
|
| |
when querying packages in the RPM database.
Rersolves: #2104
(cherry picked from commit 4420c78beb86cc67392274bf351478a3375626a2)
|
|
|
|
|
|
|
|
|
| |
With the SRPMs now containing the expanded spec file they are bound to
have the build root included in the header. Turns out some people
package SRPMs to rebuild them locally e.g. against the local kernel.
Resolves: rhbz#2104150
(cherry picked from commit aa701a8f483e2b1f57764c5d9129e27271d96b38)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When `rpmkey --import` is given a partially valid key, it may emit
warnings, which are backend dependent. This is currently the case
with the Sequoia, but not the internal OpenPGP parser.
The lints make the tests more fragile. Moreover, the tests aren't
checking the warnings, but other behavior. Suppress the warnings by
passing `--quiet` to `rpmkeys`.
Fixes #2071.
(backport of f439f246b5c8ac016753f80a4c305245d376ebd7)
|
|
|
|
|
|
|
|
|
|
|
| |
Hack to allow suppressing key import lint warning messages. Emitting
warning messages depending on verbosity level is ugly but for the case
at hand (different output between PGP backends on CI) it's probably the
lesser evil here.
Initial patch by Neal H. Walfield.
(cherry pick of 866a23544114112eaee70ea3fed8d7dbb3e65059.)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An OpenPGP subkey shouldn't be checked for validity when imported, but
when it is used, e.g., when checking a signature's validity. This is
because a key's validity partially depends on the current time.
The internal OpenPGP implementation checks for validity when the key
is imported; other implementations should not do this. This means
that the output of two tests (268, 'rpmkeys --import rsa (rpmdb)' and
273, 'rpmkeys --import invalid keys') have different output depending
on whether the internal OpenPGP implementation is used or the Sequoia
backend is used.
Use AT_CHECK_UNQUOTED instead of AT_CHECK, and the selected backend to
customize the expected output.
Fixes #2062.
(cherry pick of commit afe10be2d48a3c356a6ac3af040d907b9793dacd)
|
|
|
|
|
|
|
|
|
|
|
| |
The Sequoia backend and the internal OpenPGP backend sometimes exhibit
different behavior. As the internal backend is frozen, it can't be
brought inline with the Sequoia backend's functionality.
To handle this, export the CRYPTO variable in configure.ac so that the
relevant tests can be customized accordingly.
(back port of part of 6f209745305d45eac3b3708372d83c08a689d189)
|
|
|
|
|
|
|
|
|
|
|
| |
If the Sequoia OpenPGP backend is to be released with 4.18, then it
needs to implement the full ABI, even deprecated functions. As such,
provide wrappers for pgpPrtPkts, pgpNewDig, pgpCleanDig, pgpFreeDig,
pgpDigGetParams, and pgpVerifySig.
Fixes #2142.
(cherry pick of a7eb3b5f7e068749495fa0b38a896e959e33b5bb)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pgpPrtPkts and pgpVerifySig are not currently covered by the unit
tests. Add tests to check these functions behave as expected.
Note: these functions are deprecated, and are scheduled for removal in
rpm 4.19, however, because the Sequoia backend will be added 4.18 it
is necessary for the Sequoia backend to implement these functions.
See #2141, #2142, #1935.
(backport of 077fde4f2b5e4463bcc093267b2173599c091ff2)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When importing an OpenPGP certificate, lint the certificate to show
the user possible issues. Fail if the certificate is completely
unusable. Using the Sequoia backend, this yields, for instance:
$ ./rpmkeys --import tests/data/keys/alice-revoked-subkey.asc
Certificate B3A771BFEB04E625:
Subkey 1F71177215217EE0 was revoked: Key material has been compromised, it was the maid
Certificate does not have any usable signing keys
Fixes #1974.
(cherry pick d703160334ff545ce8bf7475da5689422f43dacc)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When rpm is configured to use Sequoia for the OpenPGP implementation
('configure --crypto=sequoia'), librpmio is linked against
librpm_sequoia.
librpm_sequoia can't directly implement the OpenPGP API, because
librpmio won't reexport librpm_sequoia's symbols, and we don't want
a program linking against librpmio to explicitly link against
(i.e., need a DT_NEEDED entry for) librpm_sequoia.
We can circumvent this problem by having librpm_sequoia provide
identical functions under different names, and then having librpmio
provide forwarders. That's what this commit does: a Sequoia-specific
file forwards pgpFoo to _pgpFoo. It's a bit ugly, but it is better
than a brittle, non-portable hack.
Fixes #2051.
(cherry pick b76f433842c7d7f8f18f8ff05c788a08bb91ffb3)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds support for using Sequoia as an alternative to the
internal OpenPGP backend. To use this backend, it is necessary to
have the rpm-sequoia library installed.
https://gitlab.com/sequoia-pgp/rpm-sequoia
Fixes #1978.
(Backport db36ea85aac23620d71ed38cc9a263b6bab3af98.)
|
|
|
|
|
|
|
|
|
|
| |
rpmio/digest.h contains definitions that are only used by the interal
OpenPGP parser, and are not required by the future Sequoia backend.
Move those definitions into rpmio/rpmpgp_internal.h.
Fixes #2006.
(cherry picked c3e988287d2d1fbc4e83eca349e80e0c2d781a23)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit d8bb57eeabe249c2c85bf46b1162d7e57a310e37 reintroduced
rpmio/rpmpgp.h which is quite confusing when we have a public header by
the same name elsewhere, and doubly more confusing to those of use who
are used to having the public header by the same name in this very
location prior to commit 650ba79f2253656f9ec8e06f399fafe40e556ed3.
No functional changes.
(cherry picked from commit 547acb66961e912a4be05bdbd32ab7f3aeac7357)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Split the internal OpenPGP implementation into the bits that are
needed by a new OpenPGP backend like Sequoia, and the bits that are
not needed by another OpenPGP backend.
Move most of the functionality in rpmio/rpmpgp.c into
rpmio/rpmpgp_internal.c.
Leave pgpValStr, and pgpIdentItem, which are used for printing and
needn't be reimplemented by other backends, and pgpReadPkts, which is
just a thin wrapper around pgpParsePkts, and which uses an internal
rpm function that a new backend shouldn't have to worry about
emulating or even calling.
Move the symbol tables, which are used by pgpValStr, pgpIdentItem, and
the internal OpenPGP implementation to rpmio/rpmpgp.h. These are
common to all implementations.
Fixes #2000.
(backported from d8bb57eeabe249c2c85bf46b1162d7e57a310e37 with
87c4eee816a4ddd4291cf1211c0290f3a731be73 reverted)
|
| |
|
|
|
|
|
|
|
| |
Fix unterminated macros being called when rpmuncompress
tries to expand an lrzip, 7zip or zstd compressed file
(cherry picked from commit 5f8ac6d1ad060955b5370a2ea5e12d88e3f4174d)
|
|
|
|
|
|
|
|
| |
We use an empty string when discarding a value due to short circuiting, but
an empty string is not allowed for versions. So use "0" in that case.
Fixes: #1883
(cherry picked from commit 321933f060896f721e361a1c8a8d3731bdcee827)
|
|
|
|
|
|
|
|
|
| |
Recent binutils can do debug section lookups over the internet, but this
is something we never want during rpmbuild (everything else aside, we're
just building the thing so there wont be anything on the net anyhow).
Disable the lookups by setting DEBUGINFOD_URLS to empty rather than
using the specific option as this is compatible with any old version of
readelf.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fedora >= 36 carries a downstream patch which causes distutils.sysconfig
and sysconfig to disagree on the prefix, and with autoconf up to 2.69
using distutils, 2.70 preferring sysconfig and other tools still using
distutils it gets a bit much to guess. So don't.
It's a much nicer solution to the mess that commit
4a0071c339083866dd8901e3ef449908488a9420 tried to address as it takes us
out of the equation entirely.
(cherry picked from commit fdcd486b43652bb32dd40ef84f40b11dc6d9dda5)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create a new optional UpstreamReleases tag that allows to specify an URL
of the location, where the source code could be downloaded. In
contrast to the URL part of the Source tag, this is intended for
the referrer of the sorce code, e. g. download top dir or the
sub-page of the web that contains references to the source files.
Third party tools or the package maintainer can use this tag and
find the latest version of the source code.
Co-authoredby: Florian Festi <ffesti@redhat.com>
(cherry picked from commit c0b417f572d2450f060f8cde901a8edb4f9a3b33)
|
|
|
|
|
|
|
|
| |
Create a new optional TranslationURL tag that allows to specify URL
for translators. Third party tools can visualize it and motivate
people to translate.
(cherry picked from commit c10073d1932a536c9f2db59b8426d4e630b21216)
|