Re: [Rpm-maint] [rpm-software-management/rpm] Add %bcond macro for defining build conditionals (#1520)

2021-03-15 Thread Miro Hrončok
I'd *really* like to see this happen. How can I move it forward?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1520#issuecomment-799870515___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Failure to read rpmdb from CentOS 7.5.1804 with the bdb_ro backend (#1576)

2021-03-15 Thread Philippe Ombredanne
@pmatilai Thank you ++ for these commits!
Let me test that.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1576#issuecomment-799836920___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Fall back to /tmp if TMPDIR is bogus (#1567)

2021-03-15 Thread Demi Marie Obenour
> I routinely do a `make check` in Podman containers and never encountered this 
> issue. Is there some specific set-up (of the testsuite) that you're referring 
> to?

The container image itself is practically empty ― everything is bind-mounted 
from the host.  To be fair, it is possible that the container image that I am 
using is buggy, or that I am misusing podman.  Additionally, I have my source 
directory bind-mounted at `/source` and my build directory bind-mounted at 
`/build`.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1567#issuecomment-799703639___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Better detection of I/O errors (#1566)

2021-03-15 Thread Michal Domonkos
Merged #1566 into master.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1566#event-4460234433___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Better detection of I/O errors (#1566)

2021-03-15 Thread Michal Domonkos
Thanks!

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1566#issuecomment-799620888___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Better detection of I/O errors (#1566)

2021-03-15 Thread Demi Marie Obenour
@DemiMarie pushed 1 commit.

ecb2a94bc31ca18722f0331c92933af81df59f30  Better detection of I/O errors


-- 
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1566/files/d1d2dde4aa58ba64a9429b4be8e57d03839ca901..ecb2a94bc31ca18722f0331c92933af81df59f30
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Better detection of I/O errors (#1566)

2021-03-15 Thread Demi Marie Obenour
Done

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1566#issuecomment-799612887___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Fall back to /tmp if TMPDIR is bogus (#1567)

2021-03-15 Thread Michal Domonkos
I routinely do a `make check` in Podman containers and never encountered this 
issue. Is there some specific set-up (of the testsuite) that you're referring 
to?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1567#issuecomment-799609306___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Better detection of I/O errors (#1566)

2021-03-15 Thread Michal Domonkos
Oh, indeed. Thanks for spotting this!

Also kudos for checking for the `fprintf()` return value - although it still 
returns a positive value in case of an `ENOSPC`, there could be other errors, 
so why not check for them right away.

That said, I realized I should've moved the `free(val)` statement above the new 
conditional in my original patch. So while at it, could you please incorporate 
that, too? Either storing the return value of `fprintf()` in a variable and 
then doing the `free(val)`, or just putting another `free(val)` call just 
before the `exit(EXIT_FAILURE)` statement should be fine.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1566#issuecomment-799603408___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


[Rpm-maint] [rpm-software-management/rpm] Add --dwz-single-file-mode argument for find-debuginfo.sh. (#1579)

2021-03-15 Thread marxin
Sometimes its handy to disable multi-file mode and the patch
adds option for that: `--dwz-single-file-mode`.

It will be used in openSUSE for packages that use baselibs.conf
mechanism.
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/1579

-- Commit Summary --

  * Add --dwz-single-file-mode argument for find-debuginfo.sh.

-- File Changes --

M scripts/find-debuginfo.sh (9)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/1579.patch
https://github.com/rpm-software-management/rpm/pull/1579.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1579
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Enforce GPG signatures by default (#1573)

2021-03-15 Thread Demi Marie Obenour
> > Personally, I would consider being able to disable this on a per-package 
> > basis a good idea, but it isn’t a blocker.
> 
> How is `--nosignature` failing to achieve that as it is?

It does for `rpm(8)`, but not for `dnf(8)`.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1573#issuecomment-799505225___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Avoid undefined shifts (#1547)

2021-03-15 Thread Demi Marie Obenour
I wholeheartedly agree, which is why I would be perfectly with you requiring 
that a compiler support `-fwrapv -fwrapv-pointer -fno-strict-aliasing 
-fno-delete-null-pointer-checks` :smile:.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1547#issuecomment-799504660___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] rpmsign cannot use Ed25519 keys (#1565)

2021-03-15 Thread Panu Matilainen
Fixed by #1571 / commit 23770e1a4f28c56a31fe600cae332c77333b60b6

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1565#issuecomment-799410047___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] rpmsign cannot use Ed25519 keys (#1565)

2021-03-15 Thread Panu Matilainen
Closed #1565.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1565#event-4458634442___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Permit secondary index open to fail for bdb_ro (#1578)

2021-03-15 Thread Panu Matilainen
@pmatilai pushed 1 commit.

88b47ae2a1471d0ce11b034bf9529f8a89a29754  Permit secondary index open to fail 
for bdb_ro


-- 
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1578/files/d0a579f3b6c6d1e93d9ff87ad06c59b0fe3e16f5..88b47ae2a1471d0ce11b034bf9529f8a89a29754
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Avoid undefined shifts (#1547)

2021-03-15 Thread Panu Matilainen
Yeah, I've ran into this as well, on more than one occasion. Rant alert... 
:warning: 

Here's what C99 standard says of it:

> The  result  of E1 << E2 is E1 left-shifted E2 bit  positions;  vacated  bits 
>  are  filled  with zeros.  If E1 has  an  unsigned  type,  the  value  of  
> the  result  is E1×2^E2, reduced  modulo one  more  than  the  maximum  value 
>  representable  in  the  result  type.If E1 has  a  signed type  and  
> nonnegative  value,  and E1×2^E2 is  representable  in  the  result  type,  
> then  that  is the resulting value; otherwise, the behavior is undefined.

...and...

> Each  enumerated  type  shall  be  compatible  with char, a signed  integer  
> type,  or  an unsigned  integer  type. The  choice  of  type  is  
> implementation-defined, but shall  be capable   of   representing   the   
> values   of   all   the   members   of   the   enumeration. The enumerated  
> type  is  incomplete  until  after  the that  terminates  the  list  of  
> enumerator declarations.

To me that reads the compiler is responsible for figuring out the proper type 
for the enum, and meanwhile *we* don't actually care whether it thinks its 
signed or not because it's just an effing bitfield. However I'm quite positive 
any old number of compiler authors will disagree with my assessment. I deeply 
hate this language-lawyering - this is C, your friendly high-level assembler, 
and a bit-shift is a bit-shift regardless of the compiler vintage, damnit 
:unamused: 

I remember trying this very thing at some point, only to find that our Python 
(2.x) bindings blew up on 32bit systems because it couldn't represent the 
*unsigned* values. That's not an issue in Python 3 anymore, just noting that 
these kind of changes are not without risk.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1547#issuecomment-799401476___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Enforce GPG signatures by default (#1573)

2021-03-15 Thread Panu Matilainen
>  Personally, I would consider being able to disable this on a per-package 
> basis a good idea, but it isn’t a blocker.

How is `--nosignature` failing to achieve that as it is?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1573#issuecomment-799364236___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] rpmsign: support EdDSA signatures (#1571)

2021-03-15 Thread Panu Matilainen
Merged #1571 into master.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1571#event-4458259053___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] rpmsign: support EdDSA signatures (#1571)

2021-03-15 Thread Panu Matilainen
Seems like a revised version of #1500 accidentally ended up in this PR. No 
matter, I far prefer this version and splitting this to yet more PR's wouldn't 
actually help anything. Also, @mlschroe seems to be busy but he did indicate 
the preference for existing tags in #1202 so...

Thanks for the patches!

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1571#issuecomment-799362147___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Reconsider GPG key loading from %_keyringpath (#1543)

2021-03-15 Thread Panu Matilainen
Closed #1543 via #1575.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1543#event-4458209775___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)

2021-03-15 Thread Panu Matilainen
Merged #1575 into master.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1575#event-4458209751___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Add query formats for displaying tag numbers and names (#1551)

2021-03-15 Thread Panu Matilainen
Merged #1551 into master.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1551#event-4458208132___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] scripts/pythondistdeps: Fix for Python 3.10 (#1558)

2021-03-15 Thread Panu Matilainen
Merged #1558 into master.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1558#event-4458208697___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Permit secondary index open to fail for bdb_ro (#1578)

2021-03-15 Thread Panu Matilainen
Hmm, while this does cover the case is #1576 it'll segfault if there are no 
secondary indexes at all. So this isn't a proper solution, just first-aid.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1578#issuecomment-799353571___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


[Rpm-maint] [rpm-software-management/rpm] Permit secondary index open to fail for bdb_ro (#1578)

2021-03-15 Thread Panu Matilainen
The other backends would want to create the missing index, but as bdb_ro is 
read-only it cant do that. As the main purpose of bdb_ro is to support 
migrating away from BDB for which only the primary database is needed, it 
doesnt make sense to fail it for non-essential data. Let it fail for 
secondary indexes - this might affect our ability to query but thats 
secondary, literally, and we also do emit a warning here.

Fixes: #1576

You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/1578

-- Commit Summary --

  * Fix bdb_ro index open error handling
  * Permit secondary index open to fail for bdb_ro

-- File Changes --

M lib/backend/bdb_ro.c (14)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/1578.patch
https://github.com/rpm-software-management/rpm/pull/1578.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1578
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


Re: [Rpm-maint] [rpm-software-management/rpm] Be much more careful about copying data from the signature header (#1577)

2021-03-15 Thread Panu Matilainen
(reporter credits added to commit message)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1577#issuecomment-799312095___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint


[Rpm-maint] [rpm-software-management/rpm] Be much more careful about copying data from the signature header (#1577)

2021-03-15 Thread Panu Matilainen
Only look for known tags, and ensure correct type and size where known
before copying over. Bump the old arbitrary 16k count limit to 16M limit
though, its not inconceivable that a package could have that many files.
While at it, ensure none of these tags exist in the main header,
which would confuse us greatly.

This is optimized for backporting ease, upstream can remove redundancies
and further improve checking later.

Fixes: RhBug:1935049, RhBug:1933867, RhBug:1935035, RhBug:1934125, ...

Fixes: CVE-2021-3421, CVE-2021-20271
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/1577

-- Commit Summary --

  * Be much more careful about copying data from the signature header

-- File Changes --

M lib/package.c (114)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/1577.patch
https://github.com/rpm-software-management/rpm/pull/1577.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1577
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint