diff options
Diffstat (limited to 'meta/recipes-devtools/rpm')
21 files changed, 192 insertions, 798 deletions
diff --git a/meta/recipes-devtools/rpm/files/0001-Add-a-color-setting-for-mips64_n32-binaries.patch b/meta/recipes-devtools/rpm/files/0001-Add-a-color-setting-for-mips64_n32-binaries.patch index 331ea849e6..25aa69d7da 100644 --- a/meta/recipes-devtools/rpm/files/0001-Add-a-color-setting-for-mips64_n32-binaries.patch +++ b/meta/recipes-devtools/rpm/files/0001-Add-a-color-setting-for-mips64_n32-binaries.patch @@ -1,21 +1,20 @@ -From 5492ac3c716020a27a25253bbffe810db43202bf Mon Sep 17 00:00:00 2001 +From f4cf90b5a298d6a3199e8b4c07f520aaf593ce2b Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Thu, 9 Mar 2017 18:54:02 +0200 Subject: [PATCH] Add a color setting for mips64_n32 binaries Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> - --- build/rpmfc.c | 4 ++++ rpmrc.in | 2 ++ 2 files changed, 6 insertions(+) diff --git a/build/rpmfc.c b/build/rpmfc.c -index 10c380ee9..b7655aa93 100644 +index 4b67a9bae..ed7e4e623 100644 --- a/build/rpmfc.c +++ b/build/rpmfc.c -@@ -639,6 +639,7 @@ exit: +@@ -660,6 +660,7 @@ exit: static const struct rpmfcTokens_s rpmfcTokens[] = { { "directory", RPMFC_INCLUDE }, @@ -23,21 +22,21 @@ index 10c380ee9..b7655aa93 100644 { "ELF 32-bit", RPMFC_ELF32|RPMFC_INCLUDE }, { "ELF 64-bit", RPMFC_ELF64|RPMFC_INCLUDE }, -@@ -1149,6 +1150,9 @@ static uint32_t getElfColor(const char *fn) +@@ -1158,6 +1159,9 @@ static uint32_t getElfColor(const char *fn) color = RPMFC_ELF32; break; } + if (ehdr.e_machine == EM_MIPS || ehdr.e_machine == EM_MIPS_RS3_LE) + if (ehdr.e_flags & EF_MIPS_ABI2) + color = RPMFC_ELFMIPSN32; - elf_end(elf); } - close(fd); + if (elf) + elf_end(elf); diff --git a/rpmrc.in b/rpmrc.in -index 5bd9ba3e5..f15bb8dad 100644 +index 8646a966b..7349fdfd3 100644 --- a/rpmrc.in +++ b/rpmrc.in -@@ -137,6 +137,8 @@ archcolor: mipsr6el 1 +@@ -142,6 +142,8 @@ archcolor: mipsr6el 1 archcolor: mips64r6 2 archcolor: mips64r6el 2 diff --git a/meta/recipes-devtools/rpm/files/0001-CMakeLists.txt-look-for-lua-with-pkg-config-rather-t.patch b/meta/recipes-devtools/rpm/files/0001-CMakeLists.txt-look-for-lua-with-pkg-config-rather-t.patch new file mode 100644 index 0000000000..e4edc884b1 --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0001-CMakeLists.txt-look-for-lua-with-pkg-config-rather-t.patch @@ -0,0 +1,27 @@ +From c39a074ff3c4d21c100d387661c7d725b5eae7b0 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Wed, 29 Nov 2023 14:06:15 +0100 +Subject: [PATCH] CMakeLists.txt: look for lua with pkg-config rather than + cmake modules + +Otherwise cmake will try to find libm, badly, and fail. + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + CMakeLists.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 4a383ceba..ed847c09a 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -190,7 +190,7 @@ set(REQFUNCS + ) + + find_package(PkgConfig REQUIRED) +-find_package(Lua 5.2 REQUIRED) ++pkg_check_modules(LUA REQUIRED IMPORTED_TARGET lua>=5.2) + find_package(ZLIB REQUIRED) + find_package(BZip2) + find_package(Iconv) diff --git a/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch deleted file mode 100644 index 044b4dd2a0..0000000000 --- a/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 9a6871126f472feea057d5f803505ec8cc78f083 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen <pmatilai@redhat.com> -Date: Thu, 30 Sep 2021 09:56:20 +0300 -Subject: [PATCH 1/3] Refactor pgpDigParams construction to helper function - -No functional changes, just to reduce code duplication and needed by -the following commits. - -CVE: CVE-2021-3521 -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/9f03f42e2] - -Signed-off-by: Changqing Li <changqing.li@windriver.com> ---- - rpmio/rpmpgp.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index d0688ebe9a..e472b5320f 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -1041,6 +1041,13 @@ unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype) - return algo; - } - -+static pgpDigParams pgpDigParamsNew(uint8_t tag) -+{ -+ pgpDigParams digp = xcalloc(1, sizeof(*digp)); -+ digp->tag = tag; -+ return digp; -+} -+ - int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - pgpDigParams * ret) - { -@@ -1058,8 +1065,7 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - if (pkttype && pkt.tag != pkttype) { - break; - } else { -- digp = xcalloc(1, sizeof(*digp)); -- digp->tag = pkt.tag; -+ digp = pgpDigParamsNew(pkt.tag); - } - } - -@@ -1105,8 +1111,7 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen, - digps = xrealloc(digps, alloced * sizeof(*digps)); - } - -- digps[count] = xcalloc(1, sizeof(**digps)); -- digps[count]->tag = PGPTAG_PUBLIC_SUBKEY; -+ digps[count] = pgpDigParamsNew(PGPTAG_PUBLIC_SUBKEY); - /* Copy UID from main key to subkey */ - digps[count]->userid = xstrdup(mainkey->userid); - --- -2.17.1 - diff --git a/meta/recipes-devtools/rpm/files/0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch b/meta/recipes-devtools/rpm/files/0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch index 4029233fb7..d0ed711086 100644 --- a/meta/recipes-devtools/rpm/files/0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch +++ b/meta/recipes-devtools/rpm/files/0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch @@ -1,4 +1,4 @@ -From f39c28eb52f12ae6e82db360ffd5a903ac8faca5 Mon Sep 17 00:00:00 2001 +From 86e585cc0dd06dfa20f584af8b59d52a59accb45 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Mon, 9 Jan 2017 18:52:11 +0200 Subject: [PATCH] Do not add an unsatisfiable dependency when building rpms in @@ -9,16 +9,15 @@ hand produces rpms that way by design. Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> - --- build/pack.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/build/pack.c b/build/pack.c -index e6cec1816..810cd7351 100644 +index f7dac6d9a..f382c7da0 100644 --- a/build/pack.c +++ b/build/pack.c -@@ -724,10 +724,6 @@ static rpmRC packageBinary(rpmSpec spec, Package pkg, const char *cookie, int ch +@@ -711,10 +711,6 @@ static rpmRC packageBinary(rpmSpec spec, Package pkg, const char *cookie, int ch headerPutBin(pkg->header, RPMTAG_SOURCEPKGID, spec->sourcePkgId,16); } diff --git a/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch b/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch index 6d236ac400..b571a0ae8c 100644 --- a/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch +++ b/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch @@ -1,4 +1,4 @@ -From 8d013fe154a162305f76141151baf767dd04b598 Mon Sep 17 00:00:00 2001 +From 73d6841d9ef2a8ac7bd63f9645a3efe8038dfdd4 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Mon, 27 Feb 2017 09:43:30 +0200 Subject: [PATCH] Do not hardcode "lib/rpm" as the installation path for @@ -6,31 +6,29 @@ Subject: [PATCH] Do not hardcode "lib/rpm" as the installation path for Upstream-Status: Denied [https://github.com/rpm-software-management/rpm/pull/263] Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> - --- - configure.ac | 2 +- - macros.in | 2 +- - rpm.am | 4 ++-- - 3 files changed, 4 insertions(+), 4 deletions(-) + CMakeLists.txt | 2 +- + macros.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) -diff --git a/configure.ac b/configure.ac -index eb7d6941b..10a889b5d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -871,7 +871,7 @@ else - usrprefix=$prefix - fi +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 7808115c1..4a383ceba 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -33,7 +33,7 @@ option(WITH_IMAEVM "Build with IMA support" OFF) + option(WITH_FAPOLICYD "Build with fapolicyd support" ON) + option(WITH_READLINE "Build with readline support" ON) --RPMCONFIGDIR="`echo ${usrprefix}/lib/rpm`" -+RPMCONFIGDIR="`echo ${libdir}/rpm`" - AC_SUBST(RPMCONFIGDIR) +-set(RPM_CONFIGDIR "${CMAKE_INSTALL_PREFIX}/lib/rpm" CACHE PATH "rpm home") ++set(RPM_CONFIGDIR "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_LIBDIR}/rpm" CACHE PATH "rpm home") + set(RPM_VENDOR "vendor" CACHE STRING "rpm vendor string") - AC_SUBST(OBJDUMP) + # Emulate libtool versioning. Before a public release: diff --git a/macros.in b/macros.in -index a1f795e5f..689e784ef 100644 +index b49ffaad4..3acbe78f6 100644 --- a/macros.in +++ b/macros.in -@@ -933,7 +933,7 @@ package or when debugging this package.\ +@@ -969,7 +969,7 @@ Supplements: (%{name} = %{version}-%{release} and langpacks-%{1})\ %_sharedstatedir %{_prefix}/com %_localstatedir %{_prefix}/var %_lib lib @@ -39,20 +37,3 @@ index a1f795e5f..689e784ef 100644 %_includedir %{_prefix}/include %_infodir %{_datadir}/info %_mandir %{_datadir}/man -diff --git a/rpm.am b/rpm.am -index 7b57f433b..9bbb9ee96 100644 ---- a/rpm.am -+++ b/rpm.am -@@ -1,10 +1,10 @@ - # Internal binaries - ## HACK: It probably should be $(libexecdir)/rpm or $(libdir)/rpm --rpmlibexecdir = $(prefix)/lib/rpm -+rpmlibexecdir = $(libdir)/rpm - - # Host independent config files - ## HACK: it probably should be $(datadir)/rpm --rpmconfigdir = $(prefix)/lib/rpm -+rpmconfigdir = $(libdir)/rpm - - # Libtool version (current-revision-age) for all our libraries - rpm_version_info = 11:0:2 diff --git a/meta/recipes-devtools/rpm/files/0001-Do-not-read-config-files-from-HOME.patch b/meta/recipes-devtools/rpm/files/0001-Do-not-read-config-files-from-HOME.patch index 96eb418952..796088df53 100644 --- a/meta/recipes-devtools/rpm/files/0001-Do-not-read-config-files-from-HOME.patch +++ b/meta/recipes-devtools/rpm/files/0001-Do-not-read-config-files-from-HOME.patch @@ -1,4 +1,4 @@ -From 35381b6cd6c1b571bf7e6b0640de0f54dbf94386 Mon Sep 17 00:00:00 2001 +From e210458d125793915abce30420d866a30305c37a Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Tue, 10 Jan 2017 14:11:30 +0200 Subject: [PATCH] Do not read config files from $HOME @@ -10,29 +10,26 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lib/rpmrc.c b/lib/rpmrc.c -index 4ed991321..19fe80f98 100644 +index 9437a0ff1..483585ae4 100644 --- a/lib/rpmrc.c +++ b/lib/rpmrc.c -@@ -458,8 +458,7 @@ static void setDefaults(void) +@@ -459,8 +459,7 @@ static void setDefaults(void) if (!defrcfiles) { defrcfiles = rstrscat(NULL, confdir, "/rpmrc", ":", - confdir, "/" RPMCANONVENDOR "/rpmrc", ":", + confdir, "/" RPM_VENDOR "/rpmrc", ":", - SYSCONFDIR "/rpmrc", ":", - "~/.rpmrc", NULL); -+ SYSCONFDIR "/rpmrc", ":"); ++ SYSCONFDIR "/rpmrc", NULL); } #ifndef MACROFILES -@@ -471,8 +470,7 @@ static void setDefaults(void) - confdir, "/" RPMCANONVENDOR "/macros", ":", +@@ -472,8 +471,7 @@ static void setDefaults(void) + confdir, "/" RPM_VENDOR "/macros", ":", SYSCONFDIR "/rpm/macros.*", ":", SYSCONFDIR "/rpm/macros", ":", - SYSCONFDIR "/rpm/%{_target}/macros", ":", - "~/.rpmmacros", NULL); -+ SYSCONFDIR "/rpm/%{_target}/macros", ":"); ++ SYSCONFDIR "/rpm/%{_target}/macros", NULL); } #else macrofiles = MACROFILES; --- -2.11.0 - diff --git a/meta/recipes-devtools/rpm/files/0001-Do-not-reset-the-PATH-environment-variable-before-ru.patch b/meta/recipes-devtools/rpm/files/0001-Do-not-reset-the-PATH-environment-variable-before-ru.patch index 41cdf6ed77..328fbf86ac 100644 --- a/meta/recipes-devtools/rpm/files/0001-Do-not-reset-the-PATH-environment-variable-before-ru.patch +++ b/meta/recipes-devtools/rpm/files/0001-Do-not-reset-the-PATH-environment-variable-before-ru.patch @@ -1,4 +1,4 @@ -From a674b9cc7af448d7c6748bc163bf37dc14a57f09 Mon Sep 17 00:00:00 2001 +From a8fe7a7a2e41c9f127ed26407d57076babcb89e8 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Fri, 20 Jan 2017 13:32:06 +0200 Subject: [PATCH] Do not reset the PATH environment variable before running @@ -8,16 +8,15 @@ We add lots of native stuff into it and scriptlets rely on that. Upstream-Status: Inappropriate [oe-core specific] Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> - --- lib/rpmscript.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/rpmscript.c b/lib/rpmscript.c -index 6a31e0d..2b0e438 100644 +index 57689bb68..7b7e26606 100644 --- a/lib/rpmscript.c +++ b/lib/rpmscript.c -@@ -184,7 +184,7 @@ static void doScriptExec(ARGV_const_t argv, ARGV_const_t prefixes, +@@ -252,7 +252,7 @@ static void doScriptExec(ARGV_const_t argv, ARGV_const_t prefixes, if (ipath && ipath[5] != '%') path = ipath; diff --git a/meta/recipes-devtools/rpm/files/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch b/meta/recipes-devtools/rpm/files/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch deleted file mode 100644 index 734e38bb39..0000000000 --- a/meta/recipes-devtools/rpm/files/0001-Rip-out-partial-support-for-unused-MD2-and-RIPEMD160.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 2d53d1e308a5bd15a16cc289fa7e1f264ea706be Mon Sep 17 00:00:00 2001 -From: Panu Matilainen <pmatilai@redhat.com> -Date: Tue, 26 Jun 2018 10:46:14 +0300 -Subject: [PATCH] Rip out partial support for unused MD2 and RIPEMD160 digests - -Inspired by #453, adding configure-checks for unused digests algorithms -seems nonsensical, at no point in rpm history have these algorithms been -used for anything in rpm so there's not even backward compatibility to -care about. So the question becomes why do we appear to have (some) -support for those unused algorithms? So lets don't, problem solved... - -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/ff4b9111aeba01dd025dd133ce617fb80f7398a0] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - rpmio/digest_beecrypt.c | 7 ------- - rpmio/digest_nss.c | 2 -- - rpmio/digest_openssl.c | 6 ------ - 3 files changed, 15 deletions(-) - -diff --git a/rpmio/digest_beecrypt.c b/rpmio/digest_beecrypt.c -index 597027e25..653a39491 100644 ---- a/rpmio/digest_beecrypt.c -+++ b/rpmio/digest_beecrypt.c -@@ -132,10 +132,6 @@ DIGEST_CTX rpmDigestInit(int hashalgo, rpmDigestFlags flags) - ctx->Digest = (void *) sha512Digest; - break; - #endif -- case PGPHASHALGO_RIPEMD160: -- case PGPHASHALGO_MD2: -- case PGPHASHALGO_TIGER192: -- case PGPHASHALGO_HAVAL_5_160: - default: - free(ctx); - return NULL; -@@ -292,9 +288,6 @@ static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig, uint8_t *hash, si - case PGPHASHALGO_SHA1: - prefix = "3021300906052b0e03021a05000414"; - break; -- case PGPHASHALGO_MD2: -- prefix = "3020300c06082a864886f70d020205000410"; -- break; - case PGPHASHALGO_SHA256: - prefix = "3031300d060960864801650304020105000420"; - break; -diff --git a/rpmio/digest_nss.c b/rpmio/digest_nss.c -index e11920e3e..b3d2b5595 100644 ---- a/rpmio/digest_nss.c -+++ b/rpmio/digest_nss.c -@@ -117,7 +117,6 @@ static HASH_HashType getHashType(int hashalgo) - { - switch (hashalgo) { - case PGPHASHALGO_MD5: return HASH_AlgMD5; -- case PGPHASHALGO_MD2: return HASH_AlgMD2; - case PGPHASHALGO_SHA1: return HASH_AlgSHA1; - #ifdef SHA224_LENGTH - case PGPHASHALGO_SHA224: return HASH_AlgSHA224; -@@ -217,7 +216,6 @@ static SECOidTag getHashAlg(unsigned int hashalgo) - { - switch (hashalgo) { - case PGPHASHALGO_MD5: return SEC_OID_MD5; -- case PGPHASHALGO_MD2: return SEC_OID_MD2; - case PGPHASHALGO_SHA1: return SEC_OID_SHA1; - #ifdef SHA224_LENGTH - case PGPHASHALGO_SHA224: return SEC_OID_SHA224; -diff --git a/rpmio/digest_openssl.c b/rpmio/digest_openssl.c -index 18e52a724..0ae48dd1d 100644 ---- a/rpmio/digest_openssl.c -+++ b/rpmio/digest_openssl.c -@@ -172,12 +172,6 @@ static const EVP_MD *getEVPMD(int hashalgo) - case PGPHASHALGO_SHA1: - return EVP_sha1(); - -- case PGPHASHALGO_RIPEMD160: -- return EVP_ripemd160(); -- -- case PGPHASHALGO_MD2: -- return EVP_md2(); -- - case PGPHASHALGO_SHA256: - return EVP_sha256(); - diff --git a/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch b/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch index 4020a31092..e4251a1a73 100644 --- a/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch +++ b/meta/recipes-devtools/rpm/files/0001-When-cross-installing-execute-package-scriptlets-wit.patch @@ -1,4 +1,4 @@ -From a89daa75ac970d8e247edc762d1181e9a5b0c5d0 Mon Sep 17 00:00:00 2001 +From 34c0d3263f3e0b366a2320e0823f46673f7ba928 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Tue, 17 Jan 2017 14:07:17 +0200 Subject: [PATCH] When cross-installing, execute package scriptlets without @@ -29,10 +29,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/rpmscript.c b/lib/rpmscript.c -index cc98c4885..f8bd3df04 100644 +index 3f6313278..57689bb68 100644 --- a/lib/rpmscript.c +++ b/lib/rpmscript.c -@@ -394,8 +394,7 @@ exit: +@@ -448,8 +448,7 @@ exit: Fclose(out); /* XXX dup'd STDOUT_FILENO */ if (fn) { @@ -42,21 +42,18 @@ index cc98c4885..f8bd3df04 100644 free(fn); } free(mline); -@@ -428,7 +427,13 @@ rpmRC rpmScriptRun(rpmScript script, int arg1, int arg2, FD_t scriptFd, +@@ -483,7 +482,13 @@ rpmRC rpmScriptRun(rpmScript script, int arg1, int arg2, FD_t scriptFd, if (rc != RPMRC_FAIL) { if (script_type & RPMSCRIPTLET_EXEC) { -- rc = runExtScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, &script->nextFileFunc); +- rc = runExtScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, script->nextFileFunc); + if (getenv("RPM_NO_CHROOT_FOR_SCRIPTS") != NULL) { + rpmChrootOut(); -+ rc = runExtScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, &script->nextFileFunc); ++ rc = runExtScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, script->nextFileFunc); + rpmChrootIn(); + } else { -+ rc = runExtScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, &script->nextFileFunc); ++ rc = runExtScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, script->nextFileFunc); + } } else { - rc = runLuaScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, &script->nextFileFunc); + rc = runLuaScript(plugins, prefixes, script->descr, lvl, scriptFd, &args, script->body, arg1, arg2, script->nextFileFunc); } --- -2.11.0 - diff --git a/meta/recipes-devtools/rpm/files/0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch b/meta/recipes-devtools/rpm/files/0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch index 79b168257e..2f6397aa8a 100644 --- a/meta/recipes-devtools/rpm/files/0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch +++ b/meta/recipes-devtools/rpm/files/0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch @@ -1,4 +1,4 @@ -From 2d351c666f09cc1b9e368422653fb42ac8b86249 Mon Sep 17 00:00:00 2001 +From ae4fdd8e8d052835973e6ff4b7550f93bde30a98 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex@linutronix.de> Date: Tue, 31 Aug 2021 10:37:05 +0200 Subject: [PATCH] build/pack.c: do not insert payloadflags into .rpm metadata @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex@linutronix.de> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/pack.c b/build/pack.c -index 932cb213e..b45d0726f 100644 +index f382c7da0..0889dd993 100644 --- a/build/pack.c +++ b/build/pack.c -@@ -328,7 +328,7 @@ static char *getIOFlags(Package pkg) +@@ -330,7 +330,7 @@ static char *getIOFlags(Package pkg) headerPutString(pkg->header, RPMTAG_PAYLOADCOMPRESSOR, compr); buf = xstrdup(rpmio_flags); buf[s - rpmio_flags] = '\0'; diff --git a/meta/recipes-devtools/rpm/files/0001-docs-do-not-build-manpages-requires-pandoc.patch b/meta/recipes-devtools/rpm/files/0001-docs-do-not-build-manpages-requires-pandoc.patch deleted file mode 100644 index ced52d1007..0000000000 --- a/meta/recipes-devtools/rpm/files/0001-docs-do-not-build-manpages-requires-pandoc.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 9bf1693092385eba9841614613313010221ca01f Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Tue, 29 Jun 2021 20:11:26 +0200 -Subject: [PATCH] docs: do not build manpages (requires pandoc) - -Upstream-Status: Inappropriate [oe-core specific] -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> ---- - docs/Makefile.am | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/docs/Makefile.am b/docs/Makefile.am -index 5a6bd203a..6257767fd 100644 ---- a/docs/Makefile.am -+++ b/docs/Makefile.am -@@ -1,7 +1,5 @@ - ## Process this file with automake to produce Makefile.in - --SUBDIRS = man -- - EXTRA_DIST = - - EXTRA_DIST += \ --- -2.32.0 - diff --git a/meta/recipes-devtools/rpm/files/0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch b/meta/recipes-devtools/rpm/files/0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch index 6678c105cd..98e52da3a8 100644 --- a/meta/recipes-devtools/rpm/files/0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch +++ b/meta/recipes-devtools/rpm/files/0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch @@ -1,4 +1,4 @@ -From 1ed066fc6fa7d7afffe3545c4e3ea937529e6c49 Mon Sep 17 00:00:00 2001 +From b04ecb793a3c859985eead5e261785b27a4c4a20 Mon Sep 17 00:00:00 2001 From: Changqing Li <changqing.li@windriver.com> Date: Thu, 7 May 2020 17:40:58 +0800 Subject: [PATCH] lib/transaction.c: fix file conflicts for MIPS64 N32 @@ -32,10 +32,10 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com> 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/lib/transaction.c b/lib/transaction.c -index 67b9db5..82386b8 100644 +index 70d2587ac..b89b30060 100644 --- a/lib/transaction.c +++ b/lib/transaction.c -@@ -391,7 +391,18 @@ static int handleColorConflict(rpmts ts, +@@ -400,7 +400,18 @@ static int handleColorConflict(rpmts ts, rpmfsSetAction(ofs, ofx, FA_CREATE); rpmfsSetAction(fs, fx, FA_SKIPCOLOR); rConflicts = 0; @@ -55,6 +55,3 @@ index 67b9db5..82386b8 100644 } } --- -2.7.4 - diff --git a/meta/recipes-devtools/rpm/files/0001-perl-disable-auto-reqs.patch b/meta/recipes-devtools/rpm/files/0001-perl-disable-auto-reqs.patch index a6c58699d3..55108e7f1c 100644 --- a/meta/recipes-devtools/rpm/files/0001-perl-disable-auto-reqs.patch +++ b/meta/recipes-devtools/rpm/files/0001-perl-disable-auto-reqs.patch @@ -1,4 +1,7 @@ -perl: disable auto requires +From 58bf006646a063837c46b695f7e7ebb69bee7238 Mon Sep 17 00:00:00 2001 +From: Mark Hatle <mark.hatle@windriver.com> +Date: Tue, 15 Aug 2017 16:41:57 -0500 +Subject: [PATCH] perl: disable auto requires When generating automatic requirements, it's possible for perl scripts to declare 'optional' dependencies. These seem to often be incorrect and will @@ -9,20 +12,24 @@ generation. This matches the behavior from the previous RPM5 implementation. Upstream-Status: Inappropriate [OE specific configuration] Signed-off-by: Mark Hatle <mark.hatle@windriver.com> +--- + fileattrs/perl.attr | 2 +- + fileattrs/perllib.attr | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) -Index: git/fileattrs/perl.attr -=================================================================== ---- git.orig/fileattrs/perl.attr -+++ git/fileattrs/perl.attr +diff --git a/fileattrs/perl.attr b/fileattrs/perl.attr +index 0daef58d5..81ddf5305 100644 +--- a/fileattrs/perl.attr ++++ b/fileattrs/perl.attr @@ -1,3 +1,3 @@ -%__perl_requires %{_rpmconfigdir}/perl.req +#__perl_requires %{_rpmconfigdir}/perl.req %__perl_magic ^.*[Pp]erl .*$ %__perl_flags exeonly -Index: git/fileattrs/perllib.attr -=================================================================== ---- git.orig/fileattrs/perllib.attr -+++ git/fileattrs/perllib.attr +diff --git a/fileattrs/perllib.attr b/fileattrs/perllib.attr +index fcad48099..495a28927 100644 +--- a/fileattrs/perllib.attr ++++ b/fileattrs/perllib.attr @@ -1,5 +1,5 @@ %__perllib_provides %{_rpmconfigdir}/perl.prov -%__perllib_requires %{_rpmconfigdir}/perl.req diff --git a/meta/recipes-devtools/rpm/files/0001-tools-Add-error.h-for-non-glibc-case.patch b/meta/recipes-devtools/rpm/files/0001-tools-Add-error.h-for-non-glibc-case.patch deleted file mode 100644 index 9783396639..0000000000 --- a/meta/recipes-devtools/rpm/files/0001-tools-Add-error.h-for-non-glibc-case.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 9b9d717f484ec913cdd3804e43489b3dc18bd77c Mon Sep 17 00:00:00 2001 -From: Khem Raj <raj.khem@gmail.com> -Date: Sat, 31 Oct 2020 22:14:05 -0700 -Subject: [PATCH] tools: Add error.h for non-glibc case - -error is glibc specific API, so this patch will mostly not accepted -upstream given that elfutils has been closely tied to glibc - -Upstream-Status: Inappropriate [workaround for musl] - -Signed-off-by: Khem Raj <raj.khem@gmail.com> - ---- - tools/elfdeps.c | 6 +++++- - tools/error.h | 27 +++++++++++++++++++++++++++ - 2 files changed, 32 insertions(+), 1 deletion(-) - create mode 100644 tools/error.h - -diff --git a/tools/elfdeps.c b/tools/elfdeps.c -index d205935bb..3a8945b33 100644 ---- a/tools/elfdeps.c -+++ b/tools/elfdeps.c -@@ -5,10 +5,14 @@ - #include <unistd.h> - #include <stdlib.h> - #include <fcntl.h> --#include <error.h> - #include <errno.h> - #include <popt.h> - #include <gelf.h> -+#ifdef __GLIBC__ -+#include <error.h> -+#else -+#include "error.h" -+#endif - - #include <rpm/rpmstring.h> - #include <rpm/argv.h> -diff --git a/tools/error.h b/tools/error.h -new file mode 100644 -index 000000000..ef06827a0 ---- /dev/null -+++ b/tools/error.h -@@ -0,0 +1,27 @@ -+#ifndef _ERROR_H_ -+#define _ERROR_H_ -+ -+#include <stdarg.h> -+#include <stdio.h> -+#include <stdlib.h> -+#include <string.h> -+#include <errno.h> -+ -+static unsigned int error_message_count = 0; -+ -+static inline void error(int status, int errnum, const char* format, ...) -+{ -+ va_list ap; -+ fprintf(stderr, "%s: ", program_invocation_name); -+ va_start(ap, format); -+ vfprintf(stderr, format, ap); -+ va_end(ap); -+ if (errnum) -+ fprintf(stderr, ": %s", strerror(errnum)); -+ fprintf(stderr, "\n"); -+ error_message_count++; -+ if (status) -+ exit(status); -+} -+ -+#endif /* _ERROR_H_ */ diff --git a/meta/recipes-devtools/rpm/files/0002-Add-support-for-prefixing-etc-from-RPM_ETCCONFIGDIR-.patch b/meta/recipes-devtools/rpm/files/0002-Add-support-for-prefixing-etc-from-RPM_ETCCONFIGDIR-.patch index b3dbc319b6..c5caa7dc5e 100644 --- a/meta/recipes-devtools/rpm/files/0002-Add-support-for-prefixing-etc-from-RPM_ETCCONFIGDIR-.patch +++ b/meta/recipes-devtools/rpm/files/0002-Add-support-for-prefixing-etc-from-RPM_ETCCONFIGDIR-.patch @@ -1,7 +1,7 @@ -From 383c0b097b7eba16801a9e3c4b8e36a4b6de74ab Mon Sep 17 00:00:00 2001 +From d7143dc4e75c8bcc5cc4c852a4b972942b7e4d07 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Fri, 20 Jan 2017 13:33:05 +0200 -Subject: [PATCH 2/2] Add support for prefixing /etc from RPM_ETCCONFIGDIR +Subject: [PATCH] Add support for prefixing /etc from RPM_ETCCONFIGDIR environment variable This is needed so that rpm can pick up target-specific configuration @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/lib/rpmrc.c b/lib/rpmrc.c -index 19fe80f98..6b27b3941 100644 +index 483585ae4..ea858c290 100644 --- a/lib/rpmrc.c +++ b/lib/rpmrc.c -@@ -455,10 +455,14 @@ const char * lookupInDefaultTable(const char * name, +@@ -456,10 +456,14 @@ const char * lookupInDefaultTable(const char * name, static void setDefaults(void) { const char *confdir = rpmConfigDir(); @@ -27,26 +27,26 @@ index 19fe80f98..6b27b3941 100644 + if (!defrcfiles) { defrcfiles = rstrscat(NULL, confdir, "/rpmrc", ":", - confdir, "/" RPMCANONVENDOR "/rpmrc", ":", -- SYSCONFDIR "/rpmrc", ":"); -+ etcconfdir, SYSCONFDIR "/rpmrc", ":", NULL); + confdir, "/" RPM_VENDOR "/rpmrc", ":", +- SYSCONFDIR "/rpmrc", NULL); ++ etcconfdir, SYSCONFDIR "/rpmrc", NULL); } #ifndef MACROFILES -@@ -468,9 +472,9 @@ static void setDefaults(void) +@@ -469,9 +473,9 @@ static void setDefaults(void) confdir, "/platform/%{_target}/macros", ":", confdir, "/fileattrs/*.attr", ":", - confdir, "/" RPMCANONVENDOR "/macros", ":", + confdir, "/" RPM_VENDOR "/macros", ":", - SYSCONFDIR "/rpm/macros.*", ":", - SYSCONFDIR "/rpm/macros", ":", -- SYSCONFDIR "/rpm/%{_target}/macros", ":"); +- SYSCONFDIR "/rpm/%{_target}/macros", NULL); + etcconfdir, SYSCONFDIR "/rpm/macros.*", ":", + etcconfdir, SYSCONFDIR "/rpm/macros", ":", -+ etcconfdir, SYSCONFDIR "/rpm/%{_target}/macros", ":", NULL); ++ etcconfdir, SYSCONFDIR "/rpm/%{_target}/macros", NULL); } #else macrofiles = MACROFILES; -@@ -989,7 +993,11 @@ static void read_auxv(void) +@@ -1115,7 +1119,11 @@ static void read_auxv(void) */ static void defaultMachine(rpmrcCtx ctx, const char ** arch, const char ** os) { @@ -59,7 +59,7 @@ index 19fe80f98..6b27b3941 100644 static struct utsname un; char * chptr; canonEntry canon; -@@ -1286,6 +1294,7 @@ static void defaultMachine(rpmrcCtx ctx, const char ** arch, const char ** os) +@@ -1435,6 +1443,7 @@ static void defaultMachine(rpmrcCtx ctx, const char ** arch, const char ** os) if (arch) *arch = un.machine; if (os) *os = un.sysname; @@ -67,6 +67,3 @@ index 19fe80f98..6b27b3941 100644 } static --- -2.11.0 - diff --git a/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch deleted file mode 100644 index 683b57d455..0000000000 --- a/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch +++ /dev/null @@ -1,64 +0,0 @@ -From c4b1bee51bbdd732b94b431a951481af99117703 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen <pmatilai@redhat.com> -Date: Thu, 30 Sep 2021 09:51:10 +0300 -Subject: [PATCH 2/3] Process MPI's from all kinds of signatures - -No immediate effect but needed by the following commits. - -CVE: CVE-2021-3521 -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/b5e8bc74b] - -Signed-off-by: Changqing Li <changqing.li@windriver.com> - ---- - rpmio/rpmpgp.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index 25f67048fd..509e777e6d 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -543,7 +543,7 @@ pgpDigAlg pgpDigAlgFree(pgpDigAlg alg) - return NULL; - } - --static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, -+static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, - const uint8_t *p, const uint8_t *h, size_t hlen, - pgpDigParams sigp) - { -@@ -556,10 +556,8 @@ static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, - int mpil = pgpMpiLen(p); - if (pend - p < mpil) - break; -- if (sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT) { -- if (sigalg->setmpi(sigalg, i, p)) -- break; -- } -+ if (sigalg->setmpi(sigalg, i, p)) -+ break; - p += mpil; - } - -@@ -619,7 +617,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, - } - - p = ((uint8_t *)v) + sizeof(*v); -- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp); -+ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); - } break; - case 4: - { pgpPktSigV4 v = (pgpPktSigV4)h; -@@ -677,8 +675,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, - p += 2; - if (p > hend) - return 1; -- -- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp); -+ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); - } break; - default: - rpmlog(RPMLOG_WARNING, _("Unsupported version of signature: V%d\n"), version); --- -2.17.1 - diff --git a/meta/recipes-devtools/rpm/files/0002-rpmio-rpmglob.c-avoid-using-GLOB_BRACE-if-undefined-.patch b/meta/recipes-devtools/rpm/files/0002-rpmio-rpmglob.c-avoid-using-GLOB_BRACE-if-undefined-.patch new file mode 100644 index 0000000000..23dce30086 --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0002-rpmio-rpmglob.c-avoid-using-GLOB_BRACE-if-undefined-.patch @@ -0,0 +1,34 @@ +From 29c2a0c18b0c773128bf62c611b4c53fe4471105 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex@linutronix.de> +Date: Tue, 16 Jan 2024 09:59:26 +0100 +Subject: [PATCH] rpmio/rpmglob.c: avoid using GLOB_BRACE if undefined by C + library + +This addresses musl failures; if there is code out there relying on +those braces, it needs to be fixed when used on musl. + +This is unlikely to be trivially fixable upstream. + +Upstream-Status: Inappropriate [reported at https://github.com/rpm-software-management/rpm/issues/2844] +Signed-off-by: Alexander Kanavin <alex@linutronix.de> +--- + rpmio/rpmglob.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/rpmio/rpmglob.c b/rpmio/rpmglob.c +index 243568766..43c27074a 100644 +--- a/rpmio/rpmglob.c ++++ b/rpmio/rpmglob.c +@@ -33,6 +33,12 @@ + + #include "debug.h" + ++/* Don't fail if the standard C library +++ * doesn't provide brace expansion */ ++#ifndef GLOB_BRACE ++#define GLOB_BRACE 0 ++#endif ++ + /* Return 1 if pattern contains a magic char, see glob(7) for a list */ + static int ismagic(const char *pattern) + { diff --git a/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch deleted file mode 100644 index a5ec802501..0000000000 --- a/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch +++ /dev/null @@ -1,329 +0,0 @@ -From 07676ca03ad8afcf1ca95a2353c83fbb1d970b9b Mon Sep 17 00:00:00 2001 -From: Panu Matilainen <pmatilai@redhat.com> -Date: Thu, 30 Sep 2021 09:59:30 +0300 -Subject: [PATCH 3/3] Validate and require subkey binding signatures on PGP - public keys - -All subkeys must be followed by a binding signature by the primary key -as per the OpenPGP RFC, enforce the presence and validity in the parser. - -The implementation is as kludgey as they come to work around our -simple-minded parser structure without touching API, to maximise -backportability. Store all the raw packets internally as we decode them -to be able to access previous elements at will, needed to validate ordering -and access the actual data. Add testcases for manipulated keys whose -import previously would succeed. - -Depends on the two previous commits: -7b399fcb8f52566e6f3b4327197a85facd08db91 and -236b802a4aa48711823a191d1b7f753c82a89ec5 - -Fixes CVE-2021-3521. - -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/bd36c5dc9] -CVE:CVE-2021-3521 - -Signed-off-by: Changqing Li <changqing.li@windriver.com> - ---- - rpmio/rpmpgp.c | 99 +++++++++++++++++-- - tests/Makefile.am | 3 + - tests/data/keys/CVE-2021-3521-badbind.asc | 25 +++++ - .../data/keys/CVE-2021-3521-nosubsig-last.asc | 25 +++++ - tests/data/keys/CVE-2021-3521-nosubsig.asc | 37 +++++++ - tests/rpmsigdig.at | 28 ++++++ - 6 files changed, 209 insertions(+), 8 deletions(-) - create mode 100644 tests/data/keys/CVE-2021-3521-badbind.asc - create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig-last.asc - create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig.asc - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index 509e777e6d..371ad4d9b6 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -1061,33 +1061,116 @@ static pgpDigParams pgpDigParamsNew(uint8_t tag) - return digp; - } - -+static int hashKey(DIGEST_CTX hash, const struct pgpPkt *pkt, int exptag) -+{ -+ int rc = -1; -+ if (pkt->tag == exptag) { -+ uint8_t head[] = { -+ 0x99, -+ (pkt->blen >> 8), -+ (pkt->blen ), -+ }; -+ -+ rpmDigestUpdate(hash, head, 3); -+ rpmDigestUpdate(hash, pkt->body, pkt->blen); -+ rc = 0; -+ } -+ return rc; -+} -+ -+static int pgpVerifySelf(pgpDigParams key, pgpDigParams selfsig, -+ const struct pgpPkt *all, int i) -+{ -+ int rc = -1; -+ DIGEST_CTX hash = NULL; -+ -+ switch (selfsig->sigtype) { -+ case PGPSIGTYPE_SUBKEY_BINDING: -+ hash = rpmDigestInit(selfsig->hash_algo, 0); -+ if (hash) { -+ rc = hashKey(hash, &all[0], PGPTAG_PUBLIC_KEY); -+ if (!rc) -+ rc = hashKey(hash, &all[i-1], PGPTAG_PUBLIC_SUBKEY); -+ } -+ break; -+ default: -+ /* ignore types we can't handle */ -+ rc = 0; -+ break; -+ } -+ -+ if (hash && rc == 0) -+ rc = pgpVerifySignature(key, selfsig, hash); -+ -+ rpmDigestFinal(hash, NULL, NULL, 0); -+ -+ return rc; -+} -+ - int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - pgpDigParams * ret) - { - const uint8_t *p = pkts; - const uint8_t *pend = pkts + pktlen; - pgpDigParams digp = NULL; -- struct pgpPkt pkt; -+ pgpDigParams selfsig = NULL; -+ int i = 0; -+ int alloced = 16; /* plenty for normal cases */ -+ struct pgpPkt *all = xmalloc(alloced * sizeof(*all)); - int rc = -1; /* assume failure */ -+ int expect = 0; -+ int prevtag = 0; - - while (p < pend) { -- if (decodePkt(p, (pend - p), &pkt)) -+ struct pgpPkt *pkt = &all[i]; -+ if (decodePkt(p, (pend - p), pkt)) - break; - - if (digp == NULL) { -- if (pkttype && pkt.tag != pkttype) { -+ if (pkttype && pkt->tag != pkttype) { - break; - } else { -- digp = pgpDigParamsNew(pkt.tag); -+ digp = pgpDigParamsNew(pkt->tag); - } - } - -- if (pgpPrtPkt(&pkt, digp)) -+ if (expect) { -+ if (pkt->tag != expect) -+ break; -+ selfsig = pgpDigParamsNew(pkt->tag); -+ } -+ if (pgpPrtPkt(pkt, selfsig ? selfsig : digp)) - break; - -- p += (pkt.body - pkt.head) + pkt.blen; -- if (pkttype == PGPTAG_SIGNATURE) -- break; -+ if (selfsig) { -+ /* subkeys must be followed by binding signature */ -+ if (prevtag == PGPTAG_PUBLIC_SUBKEY) { -+ if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING) -+ break; -+ } -+ -+ int xx = pgpVerifySelf(digp, selfsig, all, i); -+ -+ selfsig = pgpDigParamsFree(selfsig); -+ if (xx) -+ break; -+ expect = 0; -+ } -+ -+ if (pkt->tag == PGPTAG_PUBLIC_SUBKEY) -+ expect = PGPTAG_SIGNATURE; -+ prevtag = pkt->tag; -+ -+ i++; -+ p += (pkt->body - pkt->head) + pkt->blen; -+ if (pkttype == PGPTAG_SIGNATURE) -+ break; -+ -+ if (alloced <= i) { -+ alloced *= 2; -+ all = xrealloc(all, alloced * sizeof(*all)); -+ } -+ - } - - rc = (digp && (p == pend)) ? 0 : -1; -diff --git a/tests/Makefile.am b/tests/Makefile.am -index a41ce10de8..7bb23247f1 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -107,6 +107,9 @@ EXTRA_DIST += data/SPECS/hello-config-buildid.spec - EXTRA_DIST += data/SPECS/hello-cd.spec - EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.pub - EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.secret -+EXTRA_DIST += data/keys/CVE-2021-3521-badbind.asc -+EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig.asc -+EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig-last.asc - EXTRA_DIST += data/macros.testfile - EXTRA_DIST += data/macros.debug - EXTRA_DIST += data/SOURCES/foo.c -diff --git a/tests/data/keys/CVE-2021-3521-badbind.asc b/tests/data/keys/CVE-2021-3521-badbind.asc -new file mode 100644 -index 0000000000..aea00f9d7a ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-badbind.asc -@@ -0,0 +1,25 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE= -+=WCfs -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/data/keys/CVE-2021-3521-nosubsig-last.asc b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc -new file mode 100644 -index 0000000000..aea00f9d7a ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc -@@ -0,0 +1,25 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE= -+=WCfs -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/data/keys/CVE-2021-3521-nosubsig.asc b/tests/data/keys/CVE-2021-3521-nosubsig.asc -new file mode 100644 -index 0000000000..3a2e7417f8 ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-nosubsig.asc -@@ -0,0 +1,37 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAG5AQ0EWOY5GAEIAKT68NmshdC4 -+VcRhOhlXBvZq23NtskkKoPvW+ZlMuxbRDG48pGBtxhjOngriVUGceEWsXww5Q7En -+uRBYglkxkW34ENym0Ji6tsPYfhbbG+dZWKIL4vMIzPOIwlPrXrm558vgkdMM/ELZ -+8WIz3KtzvYubKUk2Qz+96lPXbwnlC/SBFRpBseJC5LoOb/5ZGdR/HeLz1JXiacHF -+v9Nr3cZWqg5yJbDNZKfASdZgC85v3kkvhTtzknl//5wqdAMexbuwiIh2xyxbO+B/ -+qqzZFrVmu3sV2Tj5lLZ/9p1qAuEM7ULbixd/ld8yTmYvQ4bBlKv2bmzXtVfF+ymB -+Tm6BzyQEl/MAEQEAAYkBHwQYAQgACQUCWOY5GAIbDAAKCRBDRFkeGWTF/PANB/9j -+mifmj6z/EPe0PJFhrpISt9PjiUQCt0IPtiL5zKAkWjHePIzyi+0kCTBF6DDLFxos -+3vN4bWnVKT1kBhZAQlPqpJTg+m74JUYeDGCdNx9SK7oRllATqyu+5rncgxjWVPnQ -+zu/HRPlWJwcVFYEVXYL8xzfantwQTqefjmcRmBRdA2XJITK+hGWwAmrqAWx+q5xX -+Pa8wkNMxVzNS2rUKO9SoVuJ/wlUvfoShkJ/VJ5HDp3qzUqncADfdGN35TDzscngQ -+gHvnMwVBfYfSCABV1hNByoZcc/kxkrWMmsd/EnIyLd1Q1baKqc3cEDuC6E6/o4yJ -+E4XX4jtDmdZPreZALsiB -+=rRop -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at -index 8e7c759b8f..e2d30a7f1b 100644 ---- a/tests/rpmsigdig.at -+++ b/tests/rpmsigdig.at -@@ -2,6 +2,34 @@ - - AT_BANNER([RPM signatures and digests]) - -+AT_SETUP([rpmkeys --import invalid keys]) -+AT_KEYWORDS([rpmkeys import]) -+RPMDB_INIT -+ -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-badbind.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-badbind.asc: key 1 import failed.] -+) -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-nosubsig.asc: key 1 import failed.] -+) -+ -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig-last.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-nosubsig-last.asc: key 1 import failed.] -+) -+AT_CLEANUP -+ - # ------------------------------ - # Test pre-built package verification - AT_SETUP([rpmkeys -Kv <unsigned> 1]) --- -2.17.1 - diff --git a/meta/recipes-devtools/rpm/files/0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch b/meta/recipes-devtools/rpm/files/0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch index 43e9859ef3..732202c46f 100644 --- a/meta/recipes-devtools/rpm/files/0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch +++ b/meta/recipes-devtools/rpm/files/0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch @@ -1,4 +1,4 @@ -From 989e425d416474c191b020d0825895e3df4bd033 Mon Sep 17 00:00:00 2001 +From f01d9c24bb86bc47ad2453483518dbb25953cac7 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin <alex.kanavin@gmail.com> Date: Thu, 10 Jan 2019 18:14:18 +0100 Subject: [PATCH] rpmscript.c: change logging level around scriptlets to INFO @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/rpmscript.c b/lib/rpmscript.c -index 2b0e43862..e319673f1 100644 +index 7b7e26606..1dcd23be5 100644 --- a/lib/rpmscript.c +++ b/lib/rpmscript.c -@@ -226,7 +226,7 @@ static char * writeScript(const char *cmd, const char *script) +@@ -291,7 +291,7 @@ static char * writeScript(const char *cmd, const char *script) if (Ferror(fd)) goto exit; @@ -26,7 +26,7 @@ index 2b0e43862..e319673f1 100644 static const char set_x[] = "set -x\n"; /* Assume failures will be caught by the write below */ Fwrite(set_x, sizeof(set_x[0]), sizeof(set_x)-1, fd); -@@ -258,7 +258,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes, +@@ -323,7 +323,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes, char *mline = NULL; rpmRC rc = RPMRC_FAIL; @@ -35,7 +35,7 @@ index 2b0e43862..e319673f1 100644 if (script) { fn = writeScript(*argvp[0], script); -@@ -310,7 +310,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes, +@@ -375,7 +375,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes, sname, strerror(errno)); goto exit; } else if (pid == 0) {/* Child */ @@ -44,7 +44,7 @@ index 2b0e43862..e319673f1 100644 sname, *argvp[0], (unsigned)getpid()); fclose(in); -@@ -353,7 +353,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes, +@@ -418,7 +418,7 @@ static rpmRC runExtScript(rpmPlugins plugins, ARGV_const_t prefixes, reaped = waitpid(pid, &status, 0); } while (reaped == -1 && errno == EINTR); diff --git a/meta/recipes-devtools/rpm/files/environment.d-rpm.sh b/meta/recipes-devtools/rpm/files/environment.d-rpm.sh deleted file mode 100644 index 9b669a18d1..0000000000 --- a/meta/recipes-devtools/rpm/files/environment.d-rpm.sh +++ /dev/null @@ -1 +0,0 @@ -export RPM_CONFIGDIR="$OECORE_NATIVE_SYSROOT/usr/lib/rpm" diff --git a/meta/recipes-devtools/rpm/rpm_4.17.0.bb b/meta/recipes-devtools/rpm/rpm_4.19.1.1.bb index c392ac0db4..0802f26295 100644 --- a/meta/recipes-devtools/rpm/rpm_4.17.0.bb +++ b/meta/recipes-devtools/rpm/rpm_4.19.1.1.bb @@ -24,8 +24,7 @@ HOMEPAGE = "http://www.rpm.org" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=c4eec0c20c6034b9407a09945b48a43f" -SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.17.x;protocol=https \ - file://environment.d-rpm.sh \ +SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.19.x;protocol=https \ file://0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch \ file://0001-Do-not-read-config-files-from-HOME.patch \ file://0001-When-cross-installing-execute-package-scriptlets-wit.patch \ @@ -36,57 +35,50 @@ SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.17.x;protoc file://0001-perl-disable-auto-reqs.patch \ file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \ file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \ - file://0001-tools-Add-error.h-for-non-glibc-case.patch \ - file://0001-docs-do-not-build-manpages-requires-pandoc.patch \ file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \ - file://0001-CVE-2021-3521.patch \ - file://0002-CVE-2021-3521.patch \ - file://0003-CVE-2021-3521.patch \ + file://0001-CMakeLists.txt-look-for-lua-with-pkg-config-rather-t.patch \ + file://0002-rpmio-rpmglob.c-avoid-using-GLOB_BRACE-if-undefined-.patch \ " PE = "1" -SRCREV = "3e74e8ba2dd5e76a5353d238dc7fc38651ce27b3" +SRCREV = "13b4521341781293c41ac898aa9c2d2f6bc1f21d" S = "${WORKDIR}/git" -DEPENDS = "lua libgcrypt file popt xz bzip2 elfutils python3" +DEPENDS = "lua libgcrypt file popt xz bzip2 elfutils python3 sqlite3 zstd" DEPENDS:append:class-native = " file-replacement-native bzip2-replacement-native" -inherit autotools gettext pkgconfig python3native -export PYTHON_ABI - -AUTOTOOLS_AUXDIR = "${S}/build-aux" - -# OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe -EXTRA_AUTORECONF:append = " --exclude=gnu-configize" - -# Vendor is detected differently on x86 and aarch64 hosts and can feed into target packages -EXTRA_OECONF:append = " --enable-python --with-crypto=libgcrypt --with-vendor=pc" -EXTRA_OECONF:append:libc-musl = " --disable-nls --disable-openmp" +EXTRA_OECMAKE:append = " -D__CURL:FILEPATH=curl" +EXTRA_OECMAKE:append:libc-musl = " -DENABLE_NLS=OFF -DENABLE_OPENMP=OFF" # --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs # --localstatedir prevents rpm from writing its database to native sysroot when building images -# Forcibly disable plugins for native/nativesdk, as the inhibit and prioreset -# plugins both behave badly inside builds. -EXTRA_OECONF:append:class-native = " --sysconfdir=/etc --localstatedir=/var --disable-plugins" -EXTRA_OECONF:append:class-nativesdk = " --sysconfdir=/etc --disable-plugins" +EXTRA_OECMAKE:append:class-native = " -DCMAKE_INSTALL_SYSCONFDIR:PATH=/etc -DCMAKE_INSTALL_LOCALSTATEDIR:PATH=/var" +EXTRA_OECMAKE:append:class-nativesdk = " -DCMAKE_INSTALL_SYSCONFDIR:PATH=/etc -DCMAKE_INSTALL_FULL_SYSCONFDIR=/etc" + +inherit cmake gettext pkgconfig python3targetconfig +OECMAKE_GENERATOR = "Unix Makefiles" BBCLASSEXTEND = "native nativesdk" -PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'inhibit', '', d)} sqlite zstd" -# The inhibit plugin serves no purpose outside of the target -PACKAGECONFIG:remove:class-native = "inhibit" -PACKAGECONFIG:remove:class-nativesdk = "inhibit" +PACKAGECONFIG ??= "internal-openpgp" + +PACKAGECONFIG[plugins] = "-DENABLE_PLUGINS=ON,-DENABLE_PLUGINS=OFF" +PACKAGECONFIG[testsuite] = "-DENABLE_TESTSUITE=ON,-DENABLE_TESTSUITE=OFF" -PACKAGECONFIG[imaevm] = "--with-imaevm,,ima-evm-utils" -PACKAGECONFIG[inhibit] = "--enable-inhibit-plugin,--disable-inhibit-plugin,dbus" -PACKAGECONFIG[rpm2archive] = "--with-archive,--without-archive,libarchive" -PACKAGECONFIG[sqlite] = "--enable-sqlite=yes,--enable-sqlite=no,sqlite3" -PACKAGECONFIG[ndb] = "--enable-ndb,--disable-ndb" -PACKAGECONFIG[bdb-ro] = "--enable-bdb-ro,--disable-bdb-ro" -PACKAGECONFIG[zstd] = "--enable-zstd=yes,--enable-zstd=no,zstd" +# Deprecated! https://fedoraproject.org/wiki/Changes/RpmSequoia +PACKAGECONFIG[internal-openpgp] = "-DWITH_INTERNAL_OPENPGP=ON,-DWITH_INTERNAL_OPENPGP=OFF" -ASNEEDED = "" +PACKAGECONFIG[cap] = "-DWITH_CAP=ON,-DWITH_CAP=OFF" +PACKAGECONFIG[acl] = "-DWITH_ACL=ON,-DWITH_ACL=OFF" +PACKAGECONFIG[archive] = "-DWITH_ARCHIVE=ON,-DWITH_ARCHIVE=OFF,libarchive" +PACKAGECONFIG[selinux] = "-DWITH_SELINUX=ON,-DWITH_SELINUX=OFF,libselinux" +PACKAGECONFIG[dbus] = "-DWITH_DBUS=ON,-DWITH_DBUS=OFF" +PACKAGECONFIG[audit] = "-DWITH_AUDIT=ON,-DWITH_AUDIT=OFF,audit" +PACKAGECONFIG[fsverity] = "-DWITH_FSVERITY=ON,-DWITH_FSVERITY=OFF" +PACKAGECONFIG[imaevm] = "-DWITH_IMAEVM=ON,-DWITH_IMAEVM=OFF,ima-evm-utils" +PACKAGECONFIG[fapolicyd] = "-DWITH_FAPOLICYD=ON,-DWITH_FAPOLICYD=OFF" +PACKAGECONFIG[readline] = "-DWITH_READLINE=ON,-DWITH_READLINE=OFF,readline" # Direct rpm-native to read configuration from our sysroot, not the one it was compiled in # libmagic also has sysroot path contamination, so override it @@ -104,10 +96,6 @@ WRAPPER_TOOLS = " \ ${libdir}/rpm/rpmdeps \ " -do_configure:prepend() { - mkdir -p ${S}/build-aux -} - do_install:append:class-native() { for tool in ${WRAPPER_TOOLS}; do test -x ${D}$tool && create_wrapper ${D}$tool \ @@ -119,18 +107,14 @@ do_install:append:class-native() { } do_install:append:class-nativesdk() { - for tool in ${WRAPPER_TOOLS}; do - test -x ${D}$tool && create_wrapper ${D}$tool \ - RPM_CONFIGDIR='`dirname $''realpath`'/${@os.path.relpath(d.getVar('libdir'), d.getVar('bindir'))}/rpm \ - RPM_ETCCONFIGDIR='$'{RPM_ETCCONFIGDIR-'`dirname $''realpath`'/${@os.path.relpath(d.getVar('sysconfdir'), d.getVar('bindir'))}/..} \ - MAGIC='`dirname $''realpath`'/${@os.path.relpath(d.getVar('datadir'), d.getVar('bindir'))}/misc/magic.mgc \ - RPM_NO_CHROOT_FOR_SCRIPTS=1 - done - rm -rf ${D}/var - mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d - install -m 644 ${WORKDIR}/environment.d-rpm.sh ${D}${SDKPATHNATIVE}/environment-setup.d/rpm.sh + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + cat <<- EOF > ${D}${SDKPATHNATIVE}/environment-setup.d/rpm.sh + export RPM_CONFIGDIR="${libdir}/rpm" + export RPM_ETCCONFIGDIR="${SDKPATHNATIVE}" + export RPM_NO_CHROOT_FOR_SCRIPTS=1 + EOF } # Rpm's make install creates var/tmp which clashes with base-files packaging @@ -139,11 +123,17 @@ do_install:append:class-target() { } do_install:append:class-nativesdk() { rm -rf ${D}${SDKPATHNATIVE}/var + # Ensure find-debuginfo is located correctly inside SDK + mkdir -p ${D}${libdir}/rpm + echo "%__find_debuginfo ${SDKPATHNATIVE}/usr/bin/find-debuginfo" >> ${D}${libdir}/rpm/macros } do_install:append () { sed -i -e 's:${HOSTTOOLS_DIR}/::g' \ + -e 's:${STAGING_DIR_NATIVE}/::g' \ ${D}/${libdir}/rpm/macros + sed -i -e 's:${RECIPE_SYSROOT}/::g' \ + ${D}/${libdir}/cmake/rpm/rpm-targets.cmake } @@ -164,10 +154,9 @@ FILES:${PN}-build = "\ ${libdir}/librpmbuild.so.* \ ${libdir}/rpm/brp-* \ ${libdir}/rpm/check-* \ - ${libdir}/rpm/debugedit \ ${libdir}/rpm/sepdebugcrcfix \ - ${libdir}/rpm/find-debuginfo.sh \ ${libdir}/rpm/find-lang.sh \ + ${libdir}/rpm/sysusers.sh \ ${libdir}/rpm/*provides* \ ${libdir}/rpm/*requires* \ ${libdir}/rpm/*deps* \ @@ -190,9 +179,9 @@ FILES:${PN}-archive = "\ PACKAGES += "python3-rpm" PROVIDES += "python3-rpm" -FILES:python3-rpm = "${PYTHON_SITEPACKAGES_DIR}/rpm/*" +FILES:python3-rpm = "${PYTHON_SITEPACKAGES_DIR}/rpm/* ${PYTHON_SITEPACKAGES_DIR}/rpm-*.egg-info" -RDEPENDS:${PN}-build = "bash perl python3-core" +RDEPENDS:${PN}-build = "bash perl python3-core debugedit" PACKAGE_PREPROCESS_FUNCS += "rpm_package_preprocess" |