Hello all, I'm working on a rpm 4.20 version update, and I thought I'd give everyone an update on the situation:
1. deprecated internal openpgp parser has been removed, as previously announced. 2. its replacement is rpm-sequoia, written in rust, and needing libclang as well. There is now a configure switch in rpm to disable rpm-sequioa, which disables all rpm signing support. 3. sequia requirements mean rpm signing support has to be disabled by default in oe-core, as we do not have clang in core, and can't force both rust and clang into the default build dependency chain (rpm-native is also used in do_package regardless of packaging format). 4. selftest for rpm signing has to be disabled for the time being as well, for the same reason. This is what I am going to send as patches; if you think there must be ongoing support in core for signed rpms, speak up right this moment, and propose a realistic plan for making it happen, and pledge developer resources for it. I also need to remind you that rpm has no maintainer. Thanks, Alex On Sat, 25 Nov 2023 at 12:54, Alexander Kanavin via lists.openembedded.org <[email protected]> wrote: > > On Sat, 25 Nov 2023 at 12:50, Sudip Mukherjee > <[email protected]> wrote: > > - consider that we may need a divorce from the rpm ecosystem. We don't > > have a particularly well-established relationship with them, and have > > no influence on their roadmap and goals. So maybe we should mark rpm > > package format as deprecated, do what we can to ship it in the next > > LTS release, and then just remove all of it, and default to ipk. Any > > interested party can set up meta-rpm then and maintain it. > > > > +1 for this. For the next release you can use the "deprecated internal > > parser". > > I've started a conversation with upstream here as others have asked for that: > https://github.com/rpm-software-management/rpm/issues/2414#issuecomment-1825991703 > > If any interested party doesn't want the above scenario to become > reality, you really do need to go there, and do your best to convince > upstream to find alternatives (such as disabling the crypto bits in > rpm with a build time switch). > > Alex > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#2077): https://lists.openembedded.org/g/openembedded-architecture/message/2077 Mute This Topic: https://lists.openembedded.org/mt/102780086/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-architecture/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
