Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[John Dennis]

On 01/11/2016 01:50 AM, Alexander Bokovoy wrote:

On Mon, 11 Jan 2016, Jan Cholasta wrote:

On 8.1.2016 14:28, Alexander Bokovoy wrote:

On Fri, 08 Jan 2016, Jan Cholasta wrote:

I would be surprised if NSS was used in this particular function.


I will try it


No NSS here:




Anyway, the function looks simple, so it might be safer to just
rewrite it to Python, with no new dependencies.

Still, we need to be careful in a case where RPM team would decide to
upgrade rpm version comparison algorithm. It has been fixed for quite
some years (the core wasn't changed since 2008) but occasionally there
are additions that expand supported formats like addition of dpkg-style
versions in 2012.


I don't think we need to care about that, as we use versioning scheme
compatible with the original comparison algorithm on "our" platforms.

In that case I'd prefer John's code as it is pure Python and doesn't
have any other dependencies.


If you do use it I just noticed a couple of places which do not use good 
Python style and isn't Py2/Py3 safe (I wrote this shortly after having 
learned Python many years ago). The following lines


if type(component1) in (int, long):
if type(component2) in (int, long):
if type(component2) is str:

should be changed to

import six

if isinstance(component1, six.integer_types)
if isinstance(component2, six.integer_types)
if isinstance(component2, six.string_types)
--
John

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Alexander Bokovoy]

On Mon, 11 Jan 2016, Jan Cholasta wrote:

On 8.1.2016 14:28, Alexander Bokovoy wrote:

On Fri, 08 Jan 2016, Jan Cholasta wrote:

I would be surprised if NSS was used in this particular function.


I will try it


No NSS here:



Anyway, the function looks simple, so it might be safer to just
rewrite it to Python, with no new dependencies.

Still, we need to be careful in a case where RPM team would decide to
upgrade rpm version comparison algorithm. It has been fixed for quite
some years (the core wasn't changed since 2008) but occasionally there
are additions that expand supported formats like addition of dpkg-style
versions in 2012.


I don't think we need to care about that, as we use versioning scheme 
compatible with the original comparison algorithm on "our" platforms.

In that case I'd prefer John's code as it is pure Python and doesn't
have any other dependencies.
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Jan Cholasta]

On 8.1.2016 15:44, Tomas Babej wrote:



On 01/08/2016 03:31 PM, Lukas Slebodnik wrote:

On (08/01/16 14:14), Jan Cholasta wrote:

On 8.1.2016 14:09, Martin Basti wrote:



On 08.01.2016 14:00, Martin Kosek wrote:

On 01/08/2016 01:45 PM, Martin Basti wrote:

Hello all,

fix for ticket https://fedorahosted.org/freeipa/ticket/5535
requires to import rpm module

This import somehow breaks nsslib in IPA
https://fedorahosted.org/freeipa/ticket/5572


We have 2 ways how to fix it:

1) move import rpm to body of methods (attached patch)
We are not sure how stable is this solution.

2) use solution with rpmdevtools proposed here:
https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html
This should be rock stable but it needs many dependencies (rpm-python
too, perl)

The second way looks safer, so I would like to reimplement it, do you
all agree
or do you have better idea?
Feedback welcome, please ASAP.

Martin^2

Since it's Friday, I invested 15 minutes to practice my C skills and
use the
python-cffi library to call rpm rpmvercmp library call directly
(attached):

$ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
4.2.0-15.el7 < 4.2.0-15.el7_2.3

This would not introduce any additional dependency besides rpm-devel,
right? :-)


Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").


CentOS 7 has librpm.so.3
but fedora 23+ has librpm.so.7

So if it is possible it will be good to avoid using specific vertsion.

LS



Yes.

I think it should be quite possible to not use specific version, the
interface signature itself is not likely to change.

Even if it did, the problem would be detected immediately with the most
basic of tests ()installation&run).


If by "detect" you mean "SEGFAULT", then yes. But I don't think this is 
very nice way of detecting an issue.


--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Jan Cholasta]

On 8.1.2016 14:28, Alexander Bokovoy wrote:

On Fri, 08 Jan 2016, Jan Cholasta wrote:

I would be surprised if NSS was used in this particular function.


I will try it


No NSS here:



Anyway, the function looks simple, so it might be safer to just
rewrite it to Python, with no new dependencies.

Still, we need to be careful in a case where RPM team would decide to
upgrade rpm version comparison algorithm. It has been fixed for quite
some years (the core wasn't changed since 2008) but occasionally there
are additions that expand supported formats like addition of dpkg-style
versions in 2012.


I don't think we need to care about that, as we use versioning scheme 
compatible with the original comparison algorithm on "our" platforms.


--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[John Dennis]

On 01/08/2016 08:22 AM, Jan Cholasta wrote:

On 8.1.2016 14:13, Martin Basti wrote:



On 08.01.2016 14:14, Jan Cholasta wrote:

On 8.1.2016 14:09, Martin Basti wrote:



On 08.01.2016 14:00, Martin Kosek wrote:

On 01/08/2016 01:45 PM, Martin Basti wrote:

Hello all,

fix for ticket https://fedorahosted.org/freeipa/ticket/5535
requires to import rpm module

This import somehow breaks nsslib in IPA
https://fedorahosted.org/freeipa/ticket/5572


We have 2 ways how to fix it:

1) move import rpm to body of methods (attached patch)
We are not sure how stable is this solution.

2) use solution with rpmdevtools proposed here:
https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html


This should be rock stable but it needs many dependencies (rpm-python
too, perl)

The second way looks safer, so I would like to reimplement it, do you
all agree
or do you have better idea?
Feedback welcome, please ASAP.

Martin^2

Since it's Friday, I invested 15 minutes to practice my C skills and
use the
python-cffi library to call rpm rpmvercmp library call directly
(attached):

$ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
4.2.0-15.el7 < 4.2.0-15.el7_2.3

This would not introduce any additional dependency besides rpm-devel,
right? :-)


Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").


I'm afraid that this can cause the same issue as import rpm, because
the
nsslib is used from C library


I would be surprised if NSS was used in this particular function.


I will try it


No NSS here:



Anyway, the function looks simple, so it might be safer to just rewrite
it to Python, with no new dependencies.



Leaving aside the whole question of whether re-implementing rpmvercmp in 
Python is a good idea or not because of possible divergence from RPM I 
offer to you an implementation of rpmvercmp written in Python I did 
years ago. It was written based on the published documentation of how 
RPM version comparison is implemented (as close to a spec as I was able 
to find). I believe I also used the C implementation as a guide but my 
memory is fuzzy on that point. I've used it a lot and I've also cross 
checked it's results with librpm and I've never seen a differing result.


Use at your pleasure or displeasure :-)

HTH,

John


--
John
#!/usr/bin/python

import re
rpm_name_re = re.compile(r'^(.+)-([^-]+)-([^-]+)$')

def split_rpm_name(rpm_name):
'''
Split an RPM's NVR returning 
[name, version, release]
'''
match = rpm_name_re.match(rpm_name)
if match:
name= match.group(1)
version = match.group(2)
release = match.group(3)
return name, version, release
else:
raise ValueError("cannot split rpm NVR for '%s'" % rpm_name)

def split_rpm_label(label):
'''
Each label is separated into a list of maximal alphabetic or numeric
components, with separators (non-alphanumeric characters) ignored. 
Alphbetic components are inserted into the list as a Python str object.
Numeric components are inserted into the list as either Python int
or long objects depending on the numeric magnitude of the component.

For example:
'2.0.1' => [2, 0, 1]
'2xFg33.+f.5' => [2, 'xFg', 33, 'f', 5]
'''
components = []
component = None
for c in label:
if c.isalpha():
if component is None:
component = c
else:
if component.isalpha():
component += c
else:
components.append(int(component))
component = c
elif c.isdigit():
if component is None:
component = c
else:
if component.isdigit():
component += c
else:
components.append(component)
component = c
else:
if component is not None:
if component.isdigit():
component = int(component)
components.append(component)
component = None

if component is not None:
if component.isdigit():
component = int(component)
components.append(component)
component = None

return components

def rpm_label_cmp(label1, label2):
'''
The version and release components of a rpm NVR are considered labels.
To compare a label we split the label into components, see split_rpm_label()
for an explanation of how the components are split.

The components in the list are compared one by one using the following
algorithm. If two components are considered to be different, the label with
the newer component wins as the newer label. If the components are
considered to be equal, the next components are compared until we either
reach different components or one of the lists runs out. In case one of 

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Martin Babinsky]

On 01/08/2016 04:10 PM, Lukas Slebodnik wrote:

On (08/01/16 14:18), Martin Babinsky wrote:

On 01/08/2016 02:14 PM, Jan Cholasta wrote:

On 8.1.2016 14:09, Martin Basti wrote:



On 08.01.2016 14:00, Martin Kosek wrote:

On 01/08/2016 01:45 PM, Martin Basti wrote:

Hello all,

fix for ticket https://fedorahosted.org/freeipa/ticket/5535
requires to import rpm module

This import somehow breaks nsslib in IPA
https://fedorahosted.org/freeipa/ticket/5572


We have 2 ways how to fix it:

1) move import rpm to body of methods (attached patch)
We are not sure how stable is this solution.

2) use solution with rpmdevtools proposed here:
https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html

This should be rock stable but it needs many dependencies (rpm-python
too, perl)

The second way looks safer, so I would like to reimplement it, do you
all agree
or do you have better idea?
Feedback welcome, please ASAP.

Martin^2

Since it's Friday, I invested 15 minutes to practice my C skills and
use the
python-cffi library to call rpm rpmvercmp library call directly
(attached):

$ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
4.2.0-15.el7 < 4.2.0-15.el7_2.3

This would not introduce any additional dependency besides rpm-devel,
right? :-)


Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").


I'm afraid that this can cause the same issue as import rpm, because the
nsslib is used from C library


I would be surprised if NSS was used in this particular function.



If it would work then we could compare version like in this quickly hacked
and untested patch.

--
Martin^3 Babinsky



From 32ebf02d38b7174816f81579aab6ebbe26e80f64 Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Fri, 8 Jan 2016 14:17:14 +0100
Subject: [PATCH] use rpmvercmp via python-cffi for version comparison

---
ipaplatform/redhat/tasks.py | 45 ++---
1 file changed, 14 insertions(+), 31 deletions(-)

diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index a0b4060..66ca3ad 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -36,7 +36,7 @@ from subprocess import CalledProcessError
from nss.error import NSPRError
from pyasn1.error import PyAsn1Error
from six.moves import urllib
-import rpm
+from cffi import FFI

from ipapython.ipa_log_manager import root_logger, log_mgr
from ipapython import ipautil
@@ -49,33 +49,16 @@ from ipaplatform.redhat.authconfig import RedHatAuthConfig
from ipaplatform.base.tasks import BaseTaskNamespace


-# copied from rpmUtils/miscutils.py
-def stringToVersion(verstring):
-if verstring in [None, '']:
-return (None, None, None)
-i = verstring.find(':')
-if i != -1:
-try:
-epoch = str(long(verstring[:i]))
-except ValueError:
-# look, garbage in the epoch field, how fun, kill it
-epoch = '0' # this is our fallback, deal
-else:
-epoch = '0'
-j = verstring.find('-')
-if j != -1:
-if verstring[i + 1:j] == '':
-version = None
-else:
-version = verstring[i + 1:j]
-release = verstring[j + 1:]
-else:
-if verstring[i + 1:] == '':
-version = None
-else:
-version = verstring[i + 1:]
-release = None
-return (epoch, version, release)
+def compare_rpm_versions(ver1, ver2):
+ffi = FFI()
+ffi.cdef("""
+int rpmvercmp (const char *a, const char *b);
+""")
+C = ffi.dlopen("rpmlib.so.3")

rpmlib.so.3 does not exist.

It is is librpm.so.3
But as I mentioned in different mail. The soname was bumped in fedora 23.

So please use only 'ffi.dlopen("rpm")'

It would be also good to write unit test for this function.
So you can detect issues with cffi is any.


a = '4.2.0-15.el7'
b = '4.2.0-15.el7_2.3'
c = '4.2.0-16.el7'
compare_rpm_versions(a, b)
compare_rpm_versions(b, b)
compare_rpm_versions(c, b)

LS



Thank you for suggestions Lukas, I have patch and unit tests ready. They 
will land on the list shortly.


--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Lukas Slebodnik]

On (08/01/16 14:18), Martin Babinsky wrote:
>On 01/08/2016 02:14 PM, Jan Cholasta wrote:
>>On 8.1.2016 14:09, Martin Basti wrote:
>>>
>>>
>>>On 08.01.2016 14:00, Martin Kosek wrote:
On 01/08/2016 01:45 PM, Martin Basti wrote:
>Hello all,
>
>fix for ticket https://fedorahosted.org/freeipa/ticket/5535
>requires to import rpm module
>
>This import somehow breaks nsslib in IPA
>https://fedorahosted.org/freeipa/ticket/5572
>
>
>We have 2 ways how to fix it:
>
>1) move import rpm to body of methods (attached patch)
>We are not sure how stable is this solution.
>
>2) use solution with rpmdevtools proposed here:
>https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html
>
>This should be rock stable but it needs many dependencies (rpm-python
>too, perl)
>
>The second way looks safer, so I would like to reimplement it, do you
>all agree
>or do you have better idea?
>Feedback welcome, please ASAP.
>
>Martin^2
Since it's Friday, I invested 15 minutes to practice my C skills and
use the
python-cffi library to call rpm rpmvercmp library call directly
(attached):

$ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
4.2.0-15.el7 < 4.2.0-15.el7_2.3

This would not introduce any additional dependency besides rpm-devel,
right? :-)
>>
>>Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").
>>
>>>I'm afraid that this can cause the same issue as import rpm, because the
>>>nsslib is used from C library
>>
>>I would be surprised if NSS was used in this particular function.
>>
>
>If it would work then we could compare version like in this quickly hacked
>and untested patch.
>
>-- 
>Martin^3 Babinsky

>From 32ebf02d38b7174816f81579aab6ebbe26e80f64 Mon Sep 17 00:00:00 2001
>From: Martin Babinsky 
>Date: Fri, 8 Jan 2016 14:17:14 +0100
>Subject: [PATCH] use rpmvercmp via python-cffi for version comparison
>
>---
> ipaplatform/redhat/tasks.py | 45 ++---
> 1 file changed, 14 insertions(+), 31 deletions(-)
>
>diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
>index a0b4060..66ca3ad 100644
>--- a/ipaplatform/redhat/tasks.py
>+++ b/ipaplatform/redhat/tasks.py
>@@ -36,7 +36,7 @@ from subprocess import CalledProcessError
> from nss.error import NSPRError
> from pyasn1.error import PyAsn1Error
> from six.moves import urllib
>-import rpm
>+from cffi import FFI
> 
> from ipapython.ipa_log_manager import root_logger, log_mgr
> from ipapython import ipautil
>@@ -49,33 +49,16 @@ from ipaplatform.redhat.authconfig import RedHatAuthConfig
> from ipaplatform.base.tasks import BaseTaskNamespace
> 
> 
>-# copied from rpmUtils/miscutils.py
>-def stringToVersion(verstring):
>-if verstring in [None, '']:
>-return (None, None, None)
>-i = verstring.find(':')
>-if i != -1:
>-try:
>-epoch = str(long(verstring[:i]))
>-except ValueError:
>-# look, garbage in the epoch field, how fun, kill it
>-epoch = '0' # this is our fallback, deal
>-else:
>-epoch = '0'
>-j = verstring.find('-')
>-if j != -1:
>-if verstring[i + 1:j] == '':
>-version = None
>-else:
>-version = verstring[i + 1:j]
>-release = verstring[j + 1:]
>-else:
>-if verstring[i + 1:] == '':
>-version = None
>-else:
>-version = verstring[i + 1:]
>-release = None
>-return (epoch, version, release)
>+def compare_rpm_versions(ver1, ver2):
>+ffi = FFI()
>+ffi.cdef("""
>+int rpmvercmp (const char *a, const char *b);
>+""")
>+C = ffi.dlopen("rpmlib.so.3")
rpmlib.so.3 does not exist.

It is is librpm.so.3
But as I mentioned in different mail. The soname was bumped in fedora 23.

So please use only 'ffi.dlopen("rpm")'

It would be also good to write unit test for this function.
So you can detect issues with cffi is any.


a = '4.2.0-15.el7'
b = '4.2.0-15.el7_2.3'
c = '4.2.0-16.el7'
compare_rpm_versions(a, b)
compare_rpm_versions(b, b)
compare_rpm_versions(c, b)

LS

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Tomas Babej]

On 01/08/2016 03:31 PM, Lukas Slebodnik wrote:
> On (08/01/16 14:14), Jan Cholasta wrote:
>> On 8.1.2016 14:09, Martin Basti wrote:
>>>
>>>
>>> On 08.01.2016 14:00, Martin Kosek wrote:
 On 01/08/2016 01:45 PM, Martin Basti wrote:
> Hello all,
>
> fix for ticket https://fedorahosted.org/freeipa/ticket/5535
> requires to import rpm module
>
> This import somehow breaks nsslib in IPA
> https://fedorahosted.org/freeipa/ticket/5572
>
>
> We have 2 ways how to fix it:
>
> 1) move import rpm to body of methods (attached patch)
> We are not sure how stable is this solution.
>
> 2) use solution with rpmdevtools proposed here:
> https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html
> This should be rock stable but it needs many dependencies (rpm-python
> too, perl)
>
> The second way looks safer, so I would like to reimplement it, do you
> all agree
> or do you have better idea?
> Feedback welcome, please ASAP.
>
> Martin^2
 Since it's Friday, I invested 15 minutes to practice my C skills and
 use the
 python-cffi library to call rpm rpmvercmp library call directly
 (attached):

 $ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
 4.2.0-15.el7 < 4.2.0-15.el7_2.3

 This would not introduce any additional dependency besides rpm-devel,
 right? :-)
>>
>> Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").
>>
> CentOS 7 has librpm.so.3
> but fedora 23+ has librpm.so.7
> 
> So if it is possible it will be good to avoid using specific vertsion.
> 
> LS
> 

Yes.

I think it should be quite possible to not use specific version, the
interface signature itself is not likely to change.

Even if it did, the problem would be detected immediately with the most
basic of tests ()installation&run).

Tomas

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Lukas Slebodnik]

On (08/01/16 14:14), Jan Cholasta wrote:
>On 8.1.2016 14:09, Martin Basti wrote:
>>
>>
>>On 08.01.2016 14:00, Martin Kosek wrote:
>>>On 01/08/2016 01:45 PM, Martin Basti wrote:
Hello all,

fix for ticket https://fedorahosted.org/freeipa/ticket/5535
requires to import rpm module

This import somehow breaks nsslib in IPA
https://fedorahosted.org/freeipa/ticket/5572


We have 2 ways how to fix it:

1) move import rpm to body of methods (attached patch)
We are not sure how stable is this solution.

2) use solution with rpmdevtools proposed here:
https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html
This should be rock stable but it needs many dependencies (rpm-python
too, perl)

The second way looks safer, so I would like to reimplement it, do you
all agree
or do you have better idea?
Feedback welcome, please ASAP.

Martin^2
>>>Since it's Friday, I invested 15 minutes to practice my C skills and
>>>use the
>>>python-cffi library to call rpm rpmvercmp library call directly
>>>(attached):
>>>
>>>$ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
>>>4.2.0-15.el7 < 4.2.0-15.el7_2.3
>>>
>>>This would not introduce any additional dependency besides rpm-devel,
>>>right? :-)
>
>Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").
>
CentOS 7 has librpm.so.3
but fedora 23+ has librpm.so.7

So if it is possible it will be good to avoid using specific vertsion.

LS

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Martin Babinsky]

On 01/08/2016 02:40 PM, Martin Kosek wrote:

On 01/08/2016 02:18 PM, Martin Babinsky wrote:

On 01/08/2016 02:14 PM, Jan Cholasta wrote:

On 8.1.2016 14:09, Martin Basti wrote:



On 08.01.2016 14:00, Martin Kosek wrote:

On 01/08/2016 01:45 PM, Martin Basti wrote:

Hello all,

fix for ticket https://fedorahosted.org/freeipa/ticket/5535
requires to import rpm module

This import somehow breaks nsslib in IPA
https://fedorahosted.org/freeipa/ticket/5572


We have 2 ways how to fix it:

1) move import rpm to body of methods (attached patch)
We are not sure how stable is this solution.

2) use solution with rpmdevtools proposed here:
https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html

This should be rock stable but it needs many dependencies (rpm-python
too, perl)

The second way looks safer, so I would like to reimplement it, do you
all agree
or do you have better idea?
Feedback welcome, please ASAP.

Martin^2

Since it's Friday, I invested 15 minutes to practice my C skills and
use the
python-cffi library to call rpm rpmvercmp library call directly
(attached):

$ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
4.2.0-15.el7 < 4.2.0-15.el7_2.3

This would not introduce any additional dependency besides rpm-devel,
right? :-)


Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").


I'm afraid that this can cause the same issue as import rpm, because the
nsslib is used from C library


I would be surprised if NSS was used in this particular function.



If it would work then we could compare version like in this quickly hacked and
untested patch.


BTW, I demand Acknowledgment statement for my Friday Idea in the patch
description, if this approach is used ;-)



No problem, we can even send it as two authors 
(http://stackoverflow.com/questions/7442112/attributing-a-single-commit-to-multiple-developers). 
You would be the second one, as ideamakers usually are in academic 
papers :).


--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Jan Cholasta]

On 8.1.2016 14:34, Martin Kosek wrote:

On 01/08/2016 02:32 PM, Martin Kosek wrote:

On 01/08/2016 02:22 PM, Jan Cholasta wrote:

On 8.1.2016 14:13, Martin Basti wrote:



On 08.01.2016 14:14, Jan Cholasta wrote:

On 8.1.2016 14:09, Martin Basti wrote:



On 08.01.2016 14:00, Martin Kosek wrote:

On 01/08/2016 01:45 PM, Martin Basti wrote:

Hello all,

fix for ticket https://fedorahosted.org/freeipa/ticket/5535
requires to import rpm module

This import somehow breaks nsslib in IPA
https://fedorahosted.org/freeipa/ticket/5572


We have 2 ways how to fix it:

1) move import rpm to body of methods (attached patch)
We are not sure how stable is this solution.

2) use solution with rpmdevtools proposed here:
https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html

This should be rock stable but it needs many dependencies (rpm-python
too, perl)

The second way looks safer, so I would like to reimplement it, do you
all agree
or do you have better idea?
Feedback welcome, please ASAP.

Martin^2

Since it's Friday, I invested 15 minutes to practice my C skills and
use the
python-cffi library to call rpm rpmvercmp library call directly
(attached):

$ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
4.2.0-15.el7 < 4.2.0-15.el7_2.3

This would not introduce any additional dependency besides rpm-devel,
right? :-)


Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").


I'm afraid that this can cause the same issue as import rpm, because the
nsslib is used from C library


I would be surprised if NSS was used in this particular function.


I will try it


No NSS here:



What line? I must miss something...


Please ignore the above, I somehow read it as "No, NSS here" :-)




Anyway, the function looks simple, so it might be safer to just rewrite it to
Python, with no new dependencies.


I would personally rather use the first proposal of rpmdevtools, rather than
rewriting it ourselves. IMO, rewriting the function is the worst option 
actually.


Still, how is reimplementing NSS function safer than calling their library
function? I checked that rpm-devel is not required, BTW.


Loading a library and going through cffi just to call ~20 lines of code 
seems like an overkill to me.


(TBH I don't care how this is implemented, relying on linear versioning 
is broken by design, one way or another.)


--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Martin Kosek]

On 01/08/2016 02:18 PM, Martin Babinsky wrote:
> On 01/08/2016 02:14 PM, Jan Cholasta wrote:
>> On 8.1.2016 14:09, Martin Basti wrote:
>>>
>>>
>>> On 08.01.2016 14:00, Martin Kosek wrote:
 On 01/08/2016 01:45 PM, Martin Basti wrote:
> Hello all,
>
> fix for ticket https://fedorahosted.org/freeipa/ticket/5535
> requires to import rpm module
>
> This import somehow breaks nsslib in IPA
> https://fedorahosted.org/freeipa/ticket/5572
>
>
> We have 2 ways how to fix it:
>
> 1) move import rpm to body of methods (attached patch)
> We are not sure how stable is this solution.
>
> 2) use solution with rpmdevtools proposed here:
> https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html
>
> This should be rock stable but it needs many dependencies (rpm-python
> too, perl)
>
> The second way looks safer, so I would like to reimplement it, do you
> all agree
> or do you have better idea?
> Feedback welcome, please ASAP.
>
> Martin^2
 Since it's Friday, I invested 15 minutes to practice my C skills and
 use the
 python-cffi library to call rpm rpmvercmp library call directly
 (attached):

 $ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
 4.2.0-15.el7 < 4.2.0-15.el7_2.3

 This would not introduce any additional dependency besides rpm-devel,
 right? :-)
>>
>> Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").
>>
>>> I'm afraid that this can cause the same issue as import rpm, because the
>>> nsslib is used from C library
>>
>> I would be surprised if NSS was used in this particular function.
>>
> 
> If it would work then we could compare version like in this quickly hacked and
> untested patch.

BTW, I demand Acknowledgment statement for my Friday Idea in the patch
description, if this approach is used ;-)

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Martin Babinsky]

On 01/08/2016 02:14 PM, Jan Cholasta wrote:

On 8.1.2016 14:09, Martin Basti wrote:



On 08.01.2016 14:00, Martin Kosek wrote:

On 01/08/2016 01:45 PM, Martin Basti wrote:

Hello all,

fix for ticket https://fedorahosted.org/freeipa/ticket/5535
requires to import rpm module

This import somehow breaks nsslib in IPA
https://fedorahosted.org/freeipa/ticket/5572


We have 2 ways how to fix it:

1) move import rpm to body of methods (attached patch)
We are not sure how stable is this solution.

2) use solution with rpmdevtools proposed here:
https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html

This should be rock stable but it needs many dependencies (rpm-python
too, perl)

The second way looks safer, so I would like to reimplement it, do you
all agree
or do you have better idea?
Feedback welcome, please ASAP.

Martin^2

Since it's Friday, I invested 15 minutes to practice my C skills and
use the
python-cffi library to call rpm rpmvercmp library call directly
(attached):

$ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
4.2.0-15.el7 < 4.2.0-15.el7_2.3

This would not introduce any additional dependency besides rpm-devel,
right? :-)


Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").


I'm afraid that this can cause the same issue as import rpm, because the
nsslib is used from C library


I would be surprised if NSS was used in this particular function.



It is not and the version comparison using rpmvercmp call through CFFI 
makes CA-less install and replica prepare work again.


--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Martin Kosek]

On 01/08/2016 02:32 PM, Martin Kosek wrote:
> On 01/08/2016 02:22 PM, Jan Cholasta wrote:
>> On 8.1.2016 14:13, Martin Basti wrote:
>>>
>>>
>>> On 08.01.2016 14:14, Jan Cholasta wrote:
 On 8.1.2016 14:09, Martin Basti wrote:
>
>
> On 08.01.2016 14:00, Martin Kosek wrote:
>> On 01/08/2016 01:45 PM, Martin Basti wrote:
>>> Hello all,
>>>
>>> fix for ticket https://fedorahosted.org/freeipa/ticket/5535
>>> requires to import rpm module
>>>
>>> This import somehow breaks nsslib in IPA
>>> https://fedorahosted.org/freeipa/ticket/5572
>>>
>>>
>>> We have 2 ways how to fix it:
>>>
>>> 1) move import rpm to body of methods (attached patch)
>>> We are not sure how stable is this solution.
>>>
>>> 2) use solution with rpmdevtools proposed here:
>>> https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html
>>>
>>> This should be rock stable but it needs many dependencies (rpm-python
>>> too, perl)
>>>
>>> The second way looks safer, so I would like to reimplement it, do you
>>> all agree
>>> or do you have better idea?
>>> Feedback welcome, please ASAP.
>>>
>>> Martin^2
>> Since it's Friday, I invested 15 minutes to practice my C skills and
>> use the
>> python-cffi library to call rpm rpmvercmp library call directly
>> (attached):
>>
>> $ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
>> 4.2.0-15.el7 < 4.2.0-15.el7_2.3
>>
>> This would not introduce any additional dependency besides rpm-devel,
>> right? :-)

 Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").

> I'm afraid that this can cause the same issue as import rpm, because the
> nsslib is used from C library

 I would be surprised if NSS was used in this particular function.

>>> I will try it
>>
>> No NSS here:
>> 
> 
> What line? I must miss something...

Please ignore the above, I somehow read it as "No, NSS here" :-)

> 
>> Anyway, the function looks simple, so it might be safer to just rewrite it to
>> Python, with no new dependencies.
> 
> I would personally rather use the first proposal of rpmdevtools, rather than
> rewriting it ourselves. IMO, rewriting the function is the worst option 
> actually.

Still, how is reimplementing NSS function safer than calling their library
function? I checked that rpm-devel is not required, BTW.

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Martin Kosek]

On 01/08/2016 02:22 PM, Jan Cholasta wrote:
> On 8.1.2016 14:13, Martin Basti wrote:
>>
>>
>> On 08.01.2016 14:14, Jan Cholasta wrote:
>>> On 8.1.2016 14:09, Martin Basti wrote:


 On 08.01.2016 14:00, Martin Kosek wrote:
> On 01/08/2016 01:45 PM, Martin Basti wrote:
>> Hello all,
>>
>> fix for ticket https://fedorahosted.org/freeipa/ticket/5535
>> requires to import rpm module
>>
>> This import somehow breaks nsslib in IPA
>> https://fedorahosted.org/freeipa/ticket/5572
>>
>>
>> We have 2 ways how to fix it:
>>
>> 1) move import rpm to body of methods (attached patch)
>> We are not sure how stable is this solution.
>>
>> 2) use solution with rpmdevtools proposed here:
>> https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html
>>
>> This should be rock stable but it needs many dependencies (rpm-python
>> too, perl)
>>
>> The second way looks safer, so I would like to reimplement it, do you
>> all agree
>> or do you have better idea?
>> Feedback welcome, please ASAP.
>>
>> Martin^2
> Since it's Friday, I invested 15 minutes to practice my C skills and
> use the
> python-cffi library to call rpm rpmvercmp library call directly
> (attached):
>
> $ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
> 4.2.0-15.el7 < 4.2.0-15.el7_2.3
>
> This would not introduce any additional dependency besides rpm-devel,
> right? :-)
>>>
>>> Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").
>>>
 I'm afraid that this can cause the same issue as import rpm, because the
 nsslib is used from C library
>>>
>>> I would be surprised if NSS was used in this particular function.
>>>
>> I will try it
> 
> No NSS here:
> 

What line? I must miss something...

> Anyway, the function looks simple, so it might be safer to just rewrite it to
> Python, with no new dependencies.

I would personally rather use the first proposal of rpmdevtools, rather than
rewriting it ourselves. IMO, rewriting the function is the worst option 
actually.

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Alexander Bokovoy]

On Fri, 08 Jan 2016, Jan Cholasta wrote:

I would be surprised if NSS was used in this particular function.


I will try it


No NSS here: 


Anyway, the function looks simple, so it might be safer to just 
rewrite it to Python, with no new dependencies.

Still, we need to be careful in a case where RPM team would decide to
upgrade rpm version comparison algorithm. It has been fixed for quite
some years (the core wasn't changed since 2008) but occasionally there
are additions that expand supported formats like addition of dpkg-style
versions in 2012.
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Alexander Bokovoy]

On Fri, 08 Jan 2016, Jan Cholasta wrote:

On 8.1.2016 14:09, Martin Basti wrote:



On 08.01.2016 14:00, Martin Kosek wrote:

On 01/08/2016 01:45 PM, Martin Basti wrote:

Hello all,

fix for ticket https://fedorahosted.org/freeipa/ticket/5535
requires to import rpm module

This import somehow breaks nsslib in IPA
https://fedorahosted.org/freeipa/ticket/5572


We have 2 ways how to fix it:

1) move import rpm to body of methods (attached patch)
We are not sure how stable is this solution.

2) use solution with rpmdevtools proposed here:
https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html
This should be rock stable but it needs many dependencies (rpm-python
too, perl)

The second way looks safer, so I would like to reimplement it, do you
all agree
or do you have better idea?
Feedback welcome, please ASAP.

Martin^2

Since it's Friday, I invested 15 minutes to practice my C skills and
use the
python-cffi library to call rpm rpmvercmp library call directly
(attached):

$ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
4.2.0-15.el7 < 4.2.0-15.el7_2.3

This would not introduce any additional dependency besides rpm-devel,
right? :-)


Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").


I'm afraid that this can cause the same issue as import rpm, because the
nsslib is used from C library


I would be surprised if NSS was used in this particular function.

This function does not use NSS so it should be fine. python-rpm, on
other side, initializes itself with access to NSS database on mere
import of 'rpm' module.
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Jan Cholasta]

On 8.1.2016 14:13, Martin Basti wrote:



On 08.01.2016 14:14, Jan Cholasta wrote:

On 8.1.2016 14:09, Martin Basti wrote:



On 08.01.2016 14:00, Martin Kosek wrote:

On 01/08/2016 01:45 PM, Martin Basti wrote:

Hello all,

fix for ticket https://fedorahosted.org/freeipa/ticket/5535
requires to import rpm module

This import somehow breaks nsslib in IPA
https://fedorahosted.org/freeipa/ticket/5572


We have 2 ways how to fix it:

1) move import rpm to body of methods (attached patch)
We are not sure how stable is this solution.

2) use solution with rpmdevtools proposed here:
https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html

This should be rock stable but it needs many dependencies (rpm-python
too, perl)

The second way looks safer, so I would like to reimplement it, do you
all agree
or do you have better idea?
Feedback welcome, please ASAP.

Martin^2

Since it's Friday, I invested 15 minutes to practice my C skills and
use the
python-cffi library to call rpm rpmvercmp library call directly
(attached):

$ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
4.2.0-15.el7 < 4.2.0-15.el7_2.3

This would not introduce any additional dependency besides rpm-devel,
right? :-)


Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").


I'm afraid that this can cause the same issue as import rpm, because the
nsslib is used from C library


I would be surprised if NSS was used in this particular function.


I will try it


No NSS here: 



Anyway, the function looks simple, so it might be safer to just rewrite 
it to Python, with no new dependencies.


--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Martin Babinsky]

On 01/08/2016 02:14 PM, Jan Cholasta wrote:

On 8.1.2016 14:09, Martin Basti wrote:



On 08.01.2016 14:00, Martin Kosek wrote:

On 01/08/2016 01:45 PM, Martin Basti wrote:

Hello all,

fix for ticket https://fedorahosted.org/freeipa/ticket/5535
requires to import rpm module

This import somehow breaks nsslib in IPA
https://fedorahosted.org/freeipa/ticket/5572


We have 2 ways how to fix it:

1) move import rpm to body of methods (attached patch)
We are not sure how stable is this solution.

2) use solution with rpmdevtools proposed here:
https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html

This should be rock stable but it needs many dependencies (rpm-python
too, perl)

The second way looks safer, so I would like to reimplement it, do you
all agree
or do you have better idea?
Feedback welcome, please ASAP.

Martin^2

Since it's Friday, I invested 15 minutes to practice my C skills and
use the
python-cffi library to call rpm rpmvercmp library call directly
(attached):

$ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
4.2.0-15.el7 < 4.2.0-15.el7_2.3

This would not introduce any additional dependency besides rpm-devel,
right? :-)


Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").


I'm afraid that this can cause the same issue as import rpm, because the
nsslib is used from C library


I would be surprised if NSS was used in this particular function.



If it would work then we could compare version like in this quickly 
hacked and untested patch.


--
Martin^3 Babinsky
From 32ebf02d38b7174816f81579aab6ebbe26e80f64 Mon Sep 17 00:00:00 2001
From: Martin Babinsky 
Date: Fri, 8 Jan 2016 14:17:14 +0100
Subject: [PATCH] use rpmvercmp via python-cffi for version comparison

---
 ipaplatform/redhat/tasks.py | 45 ++---
 1 file changed, 14 insertions(+), 31 deletions(-)

diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index a0b4060..66ca3ad 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -36,7 +36,7 @@ from subprocess import CalledProcessError
 from nss.error import NSPRError
 from pyasn1.error import PyAsn1Error
 from six.moves import urllib
-import rpm
+from cffi import FFI
 
 from ipapython.ipa_log_manager import root_logger, log_mgr
 from ipapython import ipautil
@@ -49,33 +49,16 @@ from ipaplatform.redhat.authconfig import RedHatAuthConfig
 from ipaplatform.base.tasks import BaseTaskNamespace
 
 
-# copied from rpmUtils/miscutils.py
-def stringToVersion(verstring):
-if verstring in [None, '']:
-return (None, None, None)
-i = verstring.find(':')
-if i != -1:
-try:
-epoch = str(long(verstring[:i]))
-except ValueError:
-# look, garbage in the epoch field, how fun, kill it
-epoch = '0' # this is our fallback, deal
-else:
-epoch = '0'
-j = verstring.find('-')
-if j != -1:
-if verstring[i + 1:j] == '':
-version = None
-else:
-version = verstring[i + 1:j]
-release = verstring[j + 1:]
-else:
-if verstring[i + 1:] == '':
-version = None
-else:
-version = verstring[i + 1:]
-release = None
-return (epoch, version, release)
+def compare_rpm_versions(ver1, ver2):
+ffi = FFI()
+ffi.cdef("""
+int rpmvercmp (const char *a, const char *b);
+""")
+C = ffi.dlopen("rpmlib.so.3")
+arg1 = ffi.new("char[]", ver1)
+arg2 = ffi.new("char[]", ver2)
+
+return C.rpmvercmp(arg1, arg2)
 
 
 log = log_mgr.get_logger(__name__)
@@ -101,15 +84,15 @@ def selinux_enabled():
 class IPAVersion(object):
 
 def __init__(self, version):
-self.version_tuple = stringToVersion(version)
+self.version = version
 
 def __eq__(self, other):
 assert isinstance(other, IPAVersion)
-return rpm.labelCompare(self.version_tuple, other.version_tuple) == 0
+return compare_rpm_versions(self.version, other.version) == 0
 
 def __lt__(self, other):
 assert isinstance(other, IPAVersion)
-return rpm.labelCompare(self.version_tuple, other.version_tuple) == -1
+return compare_rpm_versions(self.version, other.version) == -1
 
 
 class RedHatTaskNamespace(BaseTaskNamespace):
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Martin Basti]

On 08.01.2016 14:14, Jan Cholasta wrote:

On 8.1.2016 14:09, Martin Basti wrote:



On 08.01.2016 14:00, Martin Kosek wrote:

On 01/08/2016 01:45 PM, Martin Basti wrote:

Hello all,

fix for ticket https://fedorahosted.org/freeipa/ticket/5535
requires to import rpm module

This import somehow breaks nsslib in IPA
https://fedorahosted.org/freeipa/ticket/5572


We have 2 ways how to fix it:

1) move import rpm to body of methods (attached patch)
We are not sure how stable is this solution.

2) use solution with rpmdevtools proposed here:
https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html 


This should be rock stable but it needs many dependencies (rpm-python
too, perl)

The second way looks safer, so I would like to reimplement it, do you
all agree
or do you have better idea?
Feedback welcome, please ASAP.

Martin^2

Since it's Friday, I invested 15 minutes to practice my C skills and
use the
python-cffi library to call rpm rpmvercmp library call directly
(attached):

$ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
4.2.0-15.el7 < 4.2.0-15.el7_2.3

This would not introduce any additional dependency besides rpm-devel,
right? :-)


Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").


I'm afraid that this can cause the same issue as import rpm, because the
nsslib is used from C library


I would be surprised if NSS was used in this particular function.


I will try it

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Jan Cholasta]

On 8.1.2016 14:09, Martin Basti wrote:



On 08.01.2016 14:00, Martin Kosek wrote:

On 01/08/2016 01:45 PM, Martin Basti wrote:

Hello all,

fix for ticket https://fedorahosted.org/freeipa/ticket/5535
requires to import rpm module

This import somehow breaks nsslib in IPA
https://fedorahosted.org/freeipa/ticket/5572


We have 2 ways how to fix it:

1) move import rpm to body of methods (attached patch)
We are not sure how stable is this solution.

2) use solution with rpmdevtools proposed here:
https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html
This should be rock stable but it needs many dependencies (rpm-python
too, perl)

The second way looks safer, so I would like to reimplement it, do you
all agree
or do you have better idea?
Feedback welcome, please ASAP.

Martin^2

Since it's Friday, I invested 15 minutes to practice my C skills and
use the
python-cffi library to call rpm rpmvercmp library call directly
(attached):

$ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
4.2.0-15.el7 < 4.2.0-15.el7_2.3

This would not introduce any additional dependency besides rpm-devel,
right? :-)


Not rpm-devel, but rpm-libs (you should dlopen "librpm.so.3").


I'm afraid that this can cause the same issue as import rpm, because the
nsslib is used from C library


I would be surprised if NSS was used in this particular function.

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Martin Kosek]

On 01/08/2016 02:09 PM, Martin Basti wrote:
> 
> 
> On 08.01.2016 14:00, Martin Kosek wrote:
>> On 01/08/2016 01:45 PM, Martin Basti wrote:
>>> Hello all,
>>>
>>> fix for ticket https://fedorahosted.org/freeipa/ticket/5535
>>> requires to import rpm module
>>>
>>> This import somehow breaks nsslib in IPA
>>> https://fedorahosted.org/freeipa/ticket/5572
>>>
>>>
>>> We have 2 ways how to fix it:
>>>
>>> 1) move import rpm to body of methods (attached patch)
>>> We are not sure how stable is this solution.
>>>
>>> 2) use solution with rpmdevtools proposed here:
>>> https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html
>>> This should be rock stable but it needs many dependencies (rpm-python too,
>>> perl)
>>>
>>> The second way looks safer, so I would like to reimplement it, do you all 
>>> agree
>>> or do you have better idea?
>>> Feedback welcome, please ASAP.
>>>
>>> Martin^2
>> Since it's Friday, I invested 15 minutes to practice my C skills and use the
>> python-cffi library to call rpm rpmvercmp library call directly (attached):
>>
>> $ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
>> 4.2.0-15.el7 < 4.2.0-15.el7_2.3
>>
>> This would not introduce any additional dependency besides rpm-devel, right? 
>> :-)
> I'm afraid that this can cause the same issue as import rpm, because the 
> nsslib
> is used from C library

This would need to be tested/figured out, I do not know the exact details of
how the NSS issue is triggered.

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Martin Basti]

On 08.01.2016 14:00, Martin Kosek wrote:

On 01/08/2016 01:45 PM, Martin Basti wrote:

Hello all,

fix for ticket https://fedorahosted.org/freeipa/ticket/5535
requires to import rpm module

This import somehow breaks nsslib in IPA
https://fedorahosted.org/freeipa/ticket/5572


We have 2 ways how to fix it:

1) move import rpm to body of methods (attached patch)
We are not sure how stable is this solution.

2) use solution with rpmdevtools proposed here:
https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html
This should be rock stable but it needs many dependencies (rpm-python too, perl)

The second way looks safer, so I would like to reimplement it, do you all agree
or do you have better idea?
Feedback welcome, please ASAP.

Martin^2

Since it's Friday, I invested 15 minutes to practice my C skills and use the
python-cffi library to call rpm rpmvercmp library call directly (attached):

$ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
4.2.0-15.el7 < 4.2.0-15.el7_2.3

This would not introduce any additional dependency besides rpm-devel, right? :-)
I'm afraid that this can cause the same issue as import rpm, because the 
nsslib is used from C library


--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Alexander Bokovoy]

On Fri, 08 Jan 2016, Tomas Babej wrote:



On 01/08/2016 01:45 PM, Martin Basti wrote:

Hello all,

fix for ticket https://fedorahosted.org/freeipa/ticket/5535
requires to import rpm module

This import somehow breaks nsslib in IPA
https://fedorahosted.org/freeipa/ticket/5572


We have 2 ways how to fix it:

1) move import rpm to body of methods (attached patch)
We are not sure how stable is this solution.

2) use solution with rpmdevtools proposed here:
https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html
This should be rock stable but it needs many dependencies (rpm-python
too, perl)

The second way looks safer, so I would like to reimplement it, do you
all agree or do you have better idea?
Feedback welcome, please ASAP.

Martin^2




I guess this needs to be fixed on the RPM side, so we should file a
ticket there, referencing ours. As we discussed, this is most likely
insufficient cleanup performed on their side.

It will not be fixed on RPM side because they need access to
certificate's store and NSS library is just not designed to be a library
with multiple uncoordinated users inside the same application.


As far as the fix goes, I'd leverage the external tool in this situation.

Yes, go with external tool, really.
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Martin Kosek]

On 01/08/2016 01:45 PM, Martin Basti wrote:
> Hello all,
> 
> fix for ticket https://fedorahosted.org/freeipa/ticket/5535
> requires to import rpm module
> 
> This import somehow breaks nsslib in IPA
> https://fedorahosted.org/freeipa/ticket/5572
> 
> 
> We have 2 ways how to fix it:
> 
> 1) move import rpm to body of methods (attached patch)
> We are not sure how stable is this solution.
> 
> 2) use solution with rpmdevtools proposed here:
> https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html
> This should be rock stable but it needs many dependencies (rpm-python too, 
> perl)
> 
> The second way looks safer, so I would like to reimplement it, do you all 
> agree
> or do you have better idea?
> Feedback welcome, please ASAP.
> 
> Martin^2

Since it's Friday, I invested 15 minutes to practice my C skills and use the
python-cffi library to call rpm rpmvercmp library call directly (attached):

$ python rpm.py 4.2.0-15.el7 4.2.0-15.el7_2.3
4.2.0-15.el7 < 4.2.0-15.el7_2.3

This would not introduce any additional dependency besides rpm-devel, right? :-)
from cffi import FFI
import sys

ver1 = sys.argv[1]
ver2 = sys.argv[2]

ffi = FFI()
ffi.cdef("""
int rpmvercmp (const char *a, const char *b);
""")
C = ffi.dlopen("rpm")
arg1 = ffi.new("char[]", ver1)
arg2 = ffi.new("char[]", ver2)

x = C.rpmvercmp(arg1, arg2)

if x == 0:
print "%s = %s" % (ver1, ver2)
elif x == 1:
print "%s > %s" % (ver1, ver2)
elif x == -1:
print "%s < %s" % (ver1, ver2)
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

[Tomas Babej]

On 01/08/2016 01:45 PM, Martin Basti wrote:
> Hello all,
> 
> fix for ticket https://fedorahosted.org/freeipa/ticket/5535
> requires to import rpm module
> 
> This import somehow breaks nsslib in IPA
> https://fedorahosted.org/freeipa/ticket/5572
> 
> 
> We have 2 ways how to fix it:
> 
> 1) move import rpm to body of methods (attached patch)
> We are not sure how stable is this solution.
> 
> 2) use solution with rpmdevtools proposed here:
> https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html
> This should be rock stable but it needs many dependencies (rpm-python
> too, perl)
> 
> The second way looks safer, so I would like to reimplement it, do you
> all agree or do you have better idea?
> Feedback welcome, please ASAP.
> 
> Martin^2
> 
> 

I guess this needs to be fixed on the RPM side, so we should file a
ticket there, referencing ours. As we discussed, this is most likely
insufficient cleanup performed on their side.

As far as the fix goes, I'd leverage the external tool in this situation.

Tomas

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] import rpm causes failure during IPA caless install

[Martin Basti]

Hello all,

fix for ticket https://fedorahosted.org/freeipa/ticket/5535
requires to import rpm module

This import somehow breaks nsslib in IPA 
https://fedorahosted.org/freeipa/ticket/5572



We have 2 ways how to fix it:

1) move import rpm to body of methods (attached patch)
We are not sure how stable is this solution.

2) use solution with rpmdevtools proposed here: 
https://www.redhat.com/archives/freeipa-devel/2016-January/msg00092.html
This should be rock stable but it needs many dependencies (rpm-python 
too, perl)


The second way looks safer, so I would like to reimplement it, do you 
all agree or do you have better idea?

Feedback welcome, please ASAP.

Martin^2
From bc665a86825c6fb5654eb3446a85ecc08ef7eefd Mon Sep 17 00:00:00 2001
From: Martin Basti 
Date: Fri, 8 Jan 2016 13:24:20 +0100
Subject: [PATCH] fix rpm import

---
 ipaplatform/redhat/tasks.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index a0b4060cb26bab66248c4397c24b4d58bf1bf8d6..e5cce42af286826ec8cb7e4266eef7cd691fce23 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -36,7 +36,6 @@ from subprocess import CalledProcessError
 from nss.error import NSPRError
 from pyasn1.error import PyAsn1Error
 from six.moves import urllib
-import rpm
 
 from ipapython.ipa_log_manager import root_logger, log_mgr
 from ipapython import ipautil
@@ -105,10 +104,12 @@ class IPAVersion(object):
 
 def __eq__(self, other):
 assert isinstance(other, IPAVersion)
+import rpm
 return rpm.labelCompare(self.version_tuple, other.version_tuple) == 0
 
 def __lt__(self, other):
 assert isinstance(other, IPAVersion)
+import rpm
 return rpm.labelCompare(self.version_tuple, other.version_tuple) == -1
 
 
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code