Merged #1245 into master.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1245#event-3385730799___
Rpm-maint mailing list
Anyway, the DB discussion is a separate topic. Thanks for the doc review guys,
fixed in the last push.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
There's at least one thing that needs to be dealt with one way or the other
before dropping BDB can be seriously considered:
```
[pmatilai︎lumikko rpm]$ grep %_db_backend macros.in
%_db_backend bdb
```
--
You are receiving this because you are subscribed to this thread.
Reply to this
@pmatilai pushed 1 commit.
294692aadac5c9723b022f6f3169d16139dc1a74 Remove support for NSS
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
@pmatilai commented on this pull request.
> @@ -14,24 +14,13 @@ The source for the file utility + library is available
> from
ftp://ftp.astron.com/pub/file/
You will need a cryptographic library to support digests and signatures.
-This library may be libgcrypt, Mozilla NSS, OpenSSL or
@Conan-Kudo requested changes on this pull request.
> @@ -14,24 +14,13 @@ The source for the file utility + library is available
> from
ftp://ftp.astron.com/pub/file/
You will need a cryptographic library to support digests and signatures.
-This library may be libgcrypt, Mozilla NSS,
@Conan-Kudo approved this pull request.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1245#pullrequestreview-420462821___
@pmatilai Come on, drop BDB! Go for the gold! 磊
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1245#issuecomment-635586247___
@jessorensen commented on this pull request.
> @@ -3,7 +3,8 @@
include $(top_srcdir)/rpm.am
AM_CFLAGS = @RPMCFLAGS@
-AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/
+AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/ \
+
@jessorensen commented on this pull request.
> + rpmlog(RPMLOG_DEBUG, "fsverity not supported by file system for
> %s\n",
+ path);
+ break;
+ case EOPNOTSUPP:
+ rpmlog(RPMLOG_DEBUG, "fsverity not enabled on file system for %s\n",
+
@jessorensen commented on this pull request.
> if (deleting) { /* Nuke all the signature tags. */
deleteSigs(sigh);
+ deleteFileSigs(sigh);
> The IMA signatures originally were covered by package signature, but that
> breaks some fundamental rpm rules so it was changed in
@jessorensen commented on this pull request.
> +}
+
+rpmlog(RPMLOG_DEBUG, _("key: %s\n"), key);
+rpmlog(RPMLOG_DEBUG, _("cert: %s\n"), cert);
+
+compr = headerGetString(h, RPMTAG_PAYLOADCOMPRESSOR);
+rpmio_flags = rstrscat(NULL, "r.", compr ? compr : "gzip", NULL);
+
+
@jessorensen commented on this pull request.
> @@ -430,6 +438,10 @@ typedef enum rpmSigTag_e {
RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER,
RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18,
RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE + 19,
+
@jessorensen commented on this pull request.
> @@ -430,6 +438,10 @@ typedef enum rpmSigTag_e {
RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER,
RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18,
RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE + 19,
+
@pmatilai commented on this pull request.
> Which library to use can be specified with the
---with-crypto=[libgcrypt|beecrypt|nss|openssl] argument to configure,
+--with-crypto=[libgcrypt|nss|openssl] argument to configure,
Oh, of course. Thanks for spotting!
--
You are receiving this
@voxik commented on this pull request.
> Which library to use can be specified with the
---with-crypto=[libgcrypt|beecrypt|nss|openssl] argument to configure,
+--with-crypto=[libgcrypt|nss|openssl] argument to configure,
Shouldn't be the NSS references removed similarly to beecrypt?
--
You
@pmatilai oh, in that case - I would ditch bdb backend and possibly enable
bdb_ro by default for 4.17 and then in 4.18 disable it by default.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Closed #1231.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1231#event-3382419186___
Rpm-maint mailing list
We will solve this differently, in redhat-rpm-config. Thanks.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Actually BDB too is already marked deprecated in 4.16 (commit
fc0169eb03c893d63dc44f2ada954d42e0e759ed)
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
@pmatilai I think we need to deprecate it in 4.17 and ditch it in 4.18 while
keeping bdb_ro only.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Merged #1244 into rpm-4.16.x.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1244#event-3382355093___
Rpm-maint mailing list
Flushing BDB down the same drain is really, really, really tempting :innocent:
but maybe not *just* yet...
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
:rocket: :+1:
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1245#issuecomment-635278798___
Rpm-maint mailing list
With 4.16 branched off now... thanks for the patch!
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Merged #1212 into master.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1212#event-3382243657___
Rpm-maint mailing list
Shedding some weight to celebrate the beginning of a new cycle :fireworks:
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1245
-- Commit Summary --
* Bump version to mark beginning of a new development cycle
* Remove
Bump version number and adjust reproducable hash test accordingly.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1244
-- Commit Summary --
* Preparing for rpm 4.16.0-beta1
-- File Changes --
M configure.ac (2)
M
```
RPM build errors:
line 223: %package -n rust-libc-devel: package rust-libc-devel already
exists
fish: Job 2, “~/Projects/upstream/rpm/rpmbuil…” terminated by signal SIGSEGV
(Address boundary error)
```
Segfault if the package redefinition happens is not expected.
---
```
error: line
@pmatilai commented on this pull request.
> + rpmlog(RPMLOG_DEBUG, "fsverity not supported by file system for
> %s\n",
+ path);
+ break;
+ case EOPNOTSUPP:
+ rpmlog(RPMLOG_DEBUG, "fsverity not enabled on file system for %s\n",
+
Merged #1243 into master.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1243#event-3381787330___
Rpm-maint mailing list
@pmatilai commented on this pull request.
> +}
+
+static char *rpmVeritySignFile(rpmfi fi, size_t *sig_size, char *key,
+ char *keypass, char *cert, uint16_t algo,
+ uint32_t block_size)
+{
+struct libfsverity_merkle_tree_params
@pmatilai commented on this pull request.
> @@ -430,6 +438,10 @@ typedef enum rpmSigTag_e {
RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER,
RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18,
RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE + 19,
+
@pmatilai commented on this pull request.
> @@ -430,6 +438,10 @@ typedef enum rpmSigTag_e {
RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER,
RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18,
RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE + 19,
+
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1243
-- Commit Summary --
* Bump CI Fedora version from 31 to 32 aka latest stable
-- File Changes --
M ci/Dockerfile (2)
-- Patch Links --
@pmatilai commented on this pull request.
> +}
+
+rpmlog(RPMLOG_DEBUG, _("key: %s\n"), key);
+rpmlog(RPMLOG_DEBUG, _("cert: %s\n"), cert);
+
+compr = headerGetString(h, RPMTAG_PAYLOADCOMPRESSOR);
+rpmio_flags = rstrscat(NULL, "r.", compr ? compr : "gzip", NULL);
+
+gzdi
@pmatilai commented on this pull request.
> if (deleting) { /* Nuke all the signature tags. */
deleteSigs(sigh);
+ deleteFileSigs(sigh);
The IMA signatures originally were covered by package signature, but that
breaks some fundamental rpm rules so it was changed in a
@ffesti pushed 1 commit.
9b1a24a921f281747eb475276a3693471ee2b0b1 Add suppport for %postbuild spec
section
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
@pmatilai commented on this pull request.
> @@ -3,7 +3,8 @@
include $(top_srcdir)/rpm.am
AM_CFLAGS = @RPMCFLAGS@
-AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/
+AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/ \
+ -I$(includedir)
@pmatilai commented on this pull request.
> @@ -494,6 +505,36 @@ static rpmRC includeFileSignatures(Header *sigp, Header
> *hdrp)
#endif
}
+static rpmRC includeVeritySignatures(FD_t fd, Header *sigp, Header *hdrp)
+{
+#ifdef WITH_FSVERITY
+rpmRC rc;
+char *key =
40 matches
Mail list logo