[Rpm-maint] [rpm-software-management/rpm] Fix: bump up the limit of signature header to 64MB (#1252)
Since commits [Place file signatures into the signature header where they belong][1] applied, run `rpm -Kv **.rpm failed if signature header is larger than 64KB. Here are steps: 1) A unsigned rpm package, the size is 227560 bytes $ ls -al xz-src-5.2.5-r0.corei7_64.rpm -rw---. 1 mockbuild 1000 227560 Jun 3 09:59 2) Sign the rpm package $ rpmsign --addsign ... xz-src-5.2.5-r0.corei7_64.rpm 3) The size of signed rpm is 312208 bytes $ ls -al xz-src-5.2.5-r0.corei7_64.rpm -rw---. 1 mockbuild 1000 312208 Jun 3 09:48 4) Run `rpm -Kv failed with signature hdr data out of range $ rpm -Kv xz-src-5.2.5-r0.corei7_64.rpm xz-src-5.2.5-r0.corei7_64.rpm: error: xz-src-5.2.5-r0.corei7_64.rpm: signature hdr data: BAD, no. of bytes(88864) out of range >From 1) and 3), the size of signed rpm package increased 312208 - 227560 = 84648, so the check of dl_max (64KB,65536) is not enough. As [1] said: This also means the signature header can be MUCH bigger than ever before,so bump up the limit (to 64MB, arbitrary something for now) So [1] missed to multiply by 1024. [1] https://github.com/rpm-software-management/rpm/commit/f558e886050c4e98f6cdde391df679a411b3f62c Signed-off-by: Hongxu Jia hongxu@windriver.com You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1252 -- Commit Summary -- * Fix: bump up the limit of signature header to 64MB -- File Changes -- M lib/header.c (2) -- Patch Links -- https://github.com/rpm-software-management/rpm/pull/1252.patch https://github.com/rpm-software-management/rpm/pull/1252.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1252 ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)
> I have been thinking a fair bit about this and I see a couple of options: > > 1. We could in principle generate signatures for every supported page size. > This would require adding more tags, ie. one for each page size. > 2. Do not install signatures if the page size doesn't match the expected page > size of the signature. > 3. Work with the kernel to support 4K Merkle tree block size independent of > the page size. > > Right now fsverity is only supported on ext4 and f2fs, both of these > currently only work with block size == PAGE__SIZE, which is suboptimal. I > raised this issue on the linux-fscrypt list already. > > We are actively working on adding fsverity support to btrfs, and the design > here is to support 4K Merkle tree blocks independently of the page size. > > I think 2) and 3) are the most reasonable approach. The changes to support 4K > blocks in btrfs should handle the generic kernel code that assumes block size > == page size, so it should be doable to fix the other file systems to support > this too. Having discussed this further with Chris Mason who is working on the btrfs support. It seems that rather than mandating 4K Merkle tree, it really is the job of the kernel to support whatever Merkle tree block size it is being presented, not the job of RPM to cater for it. So the other way of looking at it is to carry the Merkle tree block size in a tag, and expect the kernel to support that. It won't work everywhere right now, but that is where it should go. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1203#issuecomment-637700416___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RPM generators errors are ignored (#1183)
> There are 3 things I'd like to see fixed: > > * the traceback should say: `Cannot process Python package version: 0+unknown` > * the build should abort on errors > * the version is [actually > valid](https://www.python.org/dev/peps/pep-0440/#local-version-identifiers) First and last issue have been fixed in https://github.com/rpm-software-management/rpm/pull/1242. What remains is that the build should abort on errors. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1183#issuecomment-637692530___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)
> Ok, good. For now I think we need to concentrate on the fundamental problem > of architecture dependency. While most architectures today use 4K pages, > being common doesn't make it arch independent, and then there even are > architectures where this is configurable (eg aarch64). A noarch package > cannot have content that is only valid on some architectures. > > How are we supposed to deal with this? I have been thinking a fair bit about this and I see a couple of options: 1) We could in principle generate signatures for every supported page size. This would require adding more tags, ie. one for each page size. 2) Do not install signatures if the page size doesn't match the expected page size of the signature. 3) Work with the kernel to support 4K Merkle tree block size independent of the page size. Right now fsverity is only supported on ext4 and f2fs, both of these currently only work with block size == PAGE__SIZE, which is suboptimal. I raised this issue on the linux-fscrypt list already. We are actively working on adding fsverity support to btrfs, and the design here is to support 4K Merkle tree blocks independently of the page size. I think 2) and 3) are the most reasonable approach. The changes to support 4K blocks in btrfs should handle the generic kernel code that assumes block size == page size, so it should be doable to fix the other file systems to support this too. Thoughts ? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1203#issuecomment-637633413___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] WIP: RFC: Buildsystem overhaul (meson) (#1209)
Closed #1209. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1209#event-3397804242___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] WIP: RFC: Buildsystem overhaul (meson) (#1209)
Lest anybody think this is still open for debate, I'm closing this now. The landscape is slowly, slowly changing of course and at the time we're about to become the last autotools dinosaur on the boostrap field then we can look at the situation again. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1209#issuecomment-637561164___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
[Rpm-maint] [rpm-software-management/rpm] Fix python ts.addErase() not raising exception on not-found packages (#1251)
The code would only raise an exception if TransactionSetCore.addErase() returned an error, but the catch is that with many kinds of argument types wed silently skip the whole addition because no headers were found. This looks to be a regression introduced some eleven years ago in commit 9b20c706a4f93266450fae2f94007343b2e8fd9e. Fixes: #1214 You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1251 -- Commit Summary -- * Fix python ts.addErase() not raising exception on not-found packages -- File Changes -- M python/rpm/transaction.py (8) M tests/rpmpython.at (15) -- Patch Links -- https://github.com/rpm-software-management/rpm/pull/1251.patch https://github.com/rpm-software-management/rpm/pull/1251.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1251 ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Add pre-flight check for erased packages too (#1250)
Merged #1250 into master. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1250#event-3397654265___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] WIP: RFC: Buildsystem overhaul (meson) (#1209)
CMake is not required to bootstrap _openSUSE_. It is required for all other ones using a libsolv-based package manager. RHEL/Fedora, OpenMandriva, Photon, etc. require the package manager in the bootstrap cycle, so libsolv is part of the bootstrap, which means CMake is already there. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1209#issuecomment-637533869___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
[Rpm-maint] [rpm-software-management/rpm] Add pre-flight check for erased packages too (#1250)
This essentially adds a check ensuring removed packages still exist when were about to commit to the transaction, ie that nobody removed the package while we were enjoying the view. RPMPROB_PKG_INSTALLED is (ab)used for the purpose here - its related to the package install status anyhow and adding a separate value would be just a whole bunch of boilerplate code, but I suppose I could be conviced otherwise too. You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1250 -- Commit Summary -- * Refactor pre-flight checks for added packages to helper function * Add a pre-flight check for removed packages too -- File Changes -- M lib/rpmprob.c (5) M lib/transaction.c (116) -- Patch Links -- https://github.com/rpm-software-management/rpm/pull/1250.patch https://github.com/rpm-software-management/rpm/pull/1250.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1250 ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] WIP: RFC: Buildsystem overhaul (meson) (#1209)
> That said, if people _really_ think Python is a problem, I'm all in favor of > CMake here. The rest of the package manager stack maintained in this > organization uses it. Heck, openSUSE's Zypper uses it! Weak argument: libzypp/zypper are not needed to bootstrap a distro (but we already have to build cmake twice anway to get out of a cycle due to cmake linking libcurl - but cmake further requries libuv and rhash) if I could choose, I'd prefer meson of cmake -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1209#issuecomment-637522500___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
[Rpm-maint] [rpm-software-management/rpm] Notify other programs when the rpmdb is changed via DBus (#1249)
See https://bugzilla.redhat.com/show_bug.cgi?id=1816123 for initial request. Using DBus would allow pushing even more information like what packages got installed/removed etc. This will be based on DBus signals as we (obviously) won't turn RPM into a daemon. During the transaction signals are going out onto the system bus but there will be no way to call into the RPM process or to query the rpmdb via DBus. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1249___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] ts.addErase(tsi.pkg.idx) skips already erased items (#1214)
As the change here is between the libsolv transaction and the creation of the rpm transaction checking for changes in the database can't really solve the problems if done within rpm only. DNF could check the database after obtaining the ts lock, but that's something we allow already - it's just not done. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1214#issuecomment-637416621___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] ts.addErase(tsi.pkg.idx) skips already erased items (#1214)
Yes, there may be more holes. But here all these additional checks won't catch anything unless DNF checks the return value of addErase. As RPM just doesn't add the transaction element at all there is nothing to check later. One could argue that rpm should just destroy the transaction but I'd argue an API use may actually want to ignore the error message and be content with the package no longer being there. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1214#issuecomment-637415093___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] GPG: Switch back to pipe(7) for signing (#938)
@dmnks pushed 2 commits. 9d638d25afc3f211671ce93192cf99af8a679948 GPG: Switch back to pipe(7) for signing c471ad104992c950e42afd12079c67c43642841e GPG: refactor: clean up exit label -- You are receiving this because you are subscribed to this thread. View it on GitHub: https://github.com/rpm-software-management/rpm/pull/938/files/14593f9924be7fbe6a4ba9849b0fd833b8fc83a5..c471ad104992c950e42afd12079c67c43642841e ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] only install rpm-plugin-selinux.8 if enabled (#1248)
Backports to other branches are considered by the team centrally when preparing releases, we don't generally take PR's on non-master branches. Thanks. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1248#issuecomment-637402198___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] only install rpm-plugin-selinux.8 if enabled (#1248)
Closed #1248. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1248#event-3396645707___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] only install rpm-plugin-selinux.8 if enabled (#1247)
If we went this way then we'd need to add similar conditions for most of the plugin manuals. I'm not sure it's worth it. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1247#issuecomment-637399820___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] GPG: Switch back to pipe(7) for signing (#938)
@pmatilai I've taken a different approach (by re-introducing the pipe), details in the commit message. Please review when you get a chance. Thanks! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/938#issuecomment-637398084___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] ts.addErase(tsi.pkg.idx) skips already erased items (#1214)
So... rpmtsCheck() should be performed once with the transaction lock held, and additionally we should check that conditions haven't otherwise changed in the meanwhile. Including but not limited to packages that are to be erased didn't go away. Getting it all done and right is a non-trivial thing, but we could start with a large hammer that flags the transaction invalid if *anything* in the rpmdb changes between creation and running the set. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1214#issuecomment-637394018___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] ts.addErase(tsi.pkg.idx) skips already erased items (#1214)
The behavior depends on *when* that somebody else does stuff behind your back though - it can easily happen *after* you added stuff to the transaction, in which case you indeed don't receive any errors. This goes to all sorts of other things too: if you assume lockless operation between calculating the transaction and executing it, we'd need to verify *everything* inside rpmtsRun() because there could be conflicts installed, dependencies gone missing and whatever. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1214#issuecomment-637388382___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
[Rpm-maint] [rpm-software-management/rpm] only install rpm-plugin-selinux.8 if enabled (#1248)
This fixes installing rpm-plugin-selinux.8 even when using configure --disable-selinux (cherry picked from commit 35c7190a78488a84155d21bb4e7335ced98bba26) Basically a backport of pull #1247 … You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1248 -- Commit Summary -- * only install rpm-plugin-selinux.8 if enabled -- File Changes -- M doc/Makefile.am (5) -- Patch Links -- https://github.com/rpm-software-management/rpm/pull/1248.patch https://github.com/rpm-software-management/rpm/pull/1248.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1248 ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
[Rpm-maint] [rpm-software-management/rpm] only install rpm-plugin-selinux.8 if enabled (#1247)
This fixes installing rpm-plugin-selinux.8 even when using configure --disable-selinux You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1247 -- Commit Summary -- * only install rpm-plugin-selinux.8 if enabled -- File Changes -- M doc/Makefile.am (5) -- Patch Links -- https://github.com/rpm-software-management/rpm/pull/1247.patch https://github.com/rpm-software-management/rpm/pull/1247.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1247 ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] ts.addErase(tsi.pkg.idx) skips already erased items (#1214)
Closed #1214. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1214#event-3396480725___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] ts.addErase(tsi.pkg.idx) skips already erased items (#1214)
Just to add this here, too: ts.addErase returns an error code. False aka 0 is the erase element could be added and True aka 1 of it can't. DNF is ignoring this. So the transaction element is not disappearing - it is not created in the first place. I can't really see where RPM is at fault here. Closing. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1214#issuecomment-637379312___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] macros: force add files to git index (#1246)
@ignatenkobrain approved this pull request. LGTM -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1246#pullrequestreview-422424536___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
