Re: [Rpm-maint] [rpm-software-management/rpm] rpm --import does not replace old keys with new keys (Issue #2577)
> @andrewclausen The Sequoia backend should process revocation certificates > correctly. The internal backend does not, which is one of multiple reasons it > is deprecated. It's not just a question of the backend. For example, how would the revocation certificates be distributed? My main point here is: security is hard, and users (like me) definitely appreciate seeing that everything has been thought through. If so, I think @nwalfield's proposal should work well. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2577#issuecomment-1652685398 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Allow setting platform macro settings externally (PR #2585)
@Conan-Kudo approved this pull request. This is weird, but I can't find anything overwhelmingly wrong with it -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2585#pullrequestreview-1548364281 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] rpm --import does not replace old keys with new keys (Issue #2577)
@andrewclausen The Sequoia backend should process revocation certificates correctly. The internal backend does not, which is one of multiple reasons it is deprecated. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2577#issuecomment-1652024246 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] fix "no compatible architectures" in riscv32 (PR #2540)
OK, still someone needs to squash this and provide a proper commit message. I'll close this soonish otherwise. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2540#issuecomment-1651883205 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Allow setting platform macro settings externally (PR #2585)
@zboszor commented on this pull request. > +This is enough for regular Linux distributions, except Yocto. Yocto has +so called Board Support Packages (BSPs) that cover more than the CPU +architectures. These BSPs cover specific single board computer systems. +Examples of such BSP names: I refreshed the commit message and INSTALL. Please re-read it. Thanks. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2585#discussion_r1274992860 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Allow setting platform macro settings externally (PR #2585)
@zboszor pushed 1 commit. 98a7615d9db2d43126c453b9bd0f4cc5006c18b7 Allow setting platform macro settings externally -- View it on GitHub: https://github.com/rpm-software-management/rpm/pull/2585/files/14840d08d172c2798e47c39f1c5e597ad7659781..98a7615d9db2d43126c453b9bd0f4cc5006c18b7 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
[Rpm-maint] [rpm-software-management/rpm] Add a new perl.prov script to generate normalized module versions (PR #2586)
## Background Im the current maintainer of https://github.com/openSUSE/cpanspec and I do automatic updates to devel:languages:perl with it. Perl module versions are decimal versions, and semantically split in triplets. CPAN -- Normalized, semantical meaning from perls point of view 0.7-- 0.700.0 0.71 -- 0.71.0 0.70 -- 0.70.0 0.07 -- 0.70.0 0.007 -- 0.7.0 1.20230726 -- 1.202.307.260 Currently, perl.prov takes the module versions literally, which can lead to false / broken dependencies if the number of decimals for a module version changes. E.g. a very common thing is a module with the current version 1.29 (which is semantically 1.290.0) that releases 1.3 (1.300.0) as the next version. Taking the 1.29 and 1.3 literally in the rpm, 1.3 would be lower than 1.29. We usually fix that manually, but we have 3200 perl modules in devel:languages:perl and 1400 in Factory. The correct way would be to use version-parse($cpan_version)-normal However, we cant just fix the existing perl.prov because we cannot guarantee that all packages will be rebuilt at once across all repositories. There needs to be a transition period also. Also other users of rpm maybe dont want that new behaviour. ## Proposal So I created a new script besides `perl.prov`, `perl.prov.normalize`. It would be good if I could actually reuse most of its code, maybe even simply call `perl.prov` and then manipulate the output. But for this frst draft I wanted to get your feedback if such a PR is welcome or if it should be done in a new package outside of rpm. I could then use this script in the spec files of new perl module releases. Until then there will be a transition period where I might generate Provides lines in the spec file additionally to the current perl.prov, which would guarantee that we dont get unresolvables. For the detailed background see: https://github.com/openSUSE/cpanspec/issues/47 cpanspec is the script which we use to generate the spec files. You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/2586 -- Commit Summary -- * Add a new perl.prov script to generate normalized module versions -- File Changes -- A scripts/perl.prov.normalize (224) -- Patch Links -- https://github.com/rpm-software-management/rpm/pull/2586.patch https://github.com/rpm-software-management/rpm/pull/2586.diff -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2586 You are receiving this because you are subscribed to this thread. Message ID: rpm-software-management/rpm/pull/2...@github.com ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] rpm -qf --root: wrong error (Issue #2576)
Closed #2576 as completed via #2582. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2576#event-9924391910 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Check inside --root when querying for files (PR #2582)
Merged #2582 into master. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2582#event-9924391650 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Check inside --root when querying for files (PR #2582)
@ffesti pushed 1 commit. 834f337d997b19a484bc80fa02c5af6ede875097 Check inside --root when querying for files -- View it on GitHub: https://github.com/rpm-software-management/rpm/pull/2582/files/82dd665bbde453a805a6e536b7d327fdd7a3a52e..834f337d997b19a484bc80fa02c5af6ede875097 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Fix missing includes on macOS (PR #2571)
Merged #2571 into master. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2571#event-9924253332 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Add sysusers.sh script to replace systemd-sysusers (PR #2573)
There's also the missing case for the `root` user, as the default shell for UID 0 is defined to be `/bin/sh`. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2573#issuecomment-1651811249 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Add sysusers.sh script to replace systemd-sysusers (PR #2573)
@Conan-Kudo commented on this pull request. > + +hasgroup() { + grep "^${1}:" "$ROOT"/etc/group >/dev/null +} + +user() { + local user="$1" + local uid="$2" + local desc="$3" + local group="$4" + local home="$5" + local shell="$6" + + [ "$desc" = '-' ] && desc= + { [ "$home" = '-' ] || [ "$home" = '' ]; } && home=/ + { [ "$shell" = '-' ] || [ "$shell" = '' ]; } && shell=/usr/sbin/nologin This needs to be `/sbin/login`. We cannot assume it's in `/usr`. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2573#pullrequestreview-1547737657 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Allow setting platform macro settings externally (PR #2585)
@Conan-Kudo requested changes on this pull request. > +This is enough for regular Linux distributions, except Yocto. Yocto has +so called Board Support Packages (BSPs) that cover more than the CPU +architectures. These BSPs cover specific single board computer systems. +Examples of such BSP names: Can you reword this to not require knowing what Yocto is? That is, if Yocto disappeared tomorrow, we wouldn't have a good reference for the need for this feature. While we want to serve and support distributions, we try to ensure our features aren't "distro-dependant", so if the documentation on this can be made compelling without singling out or requiring to know Yocto, that would significantly help. > +This is enough for regular Linux distributions, except Yocto. Yocto has +so called Board Support Packages (BSPs) that cover more than the CPU +architectures. These BSPs cover specific single board computer systems. +Examples of such BSP names: Can you reword this to not require knowing what Yocto is? That is, if Yocto disappeared tomorrow, we wouldn't have a good reference for the need for this feature. While we want to serve and support distributions, we try to ensure our features aren't "distro-dependant", so if the documentation on this can be made compelling without singling out or requiring to know Yocto, that would significantly help. > +To allow creating the macros file for such a custom platform (only one +needed for a specific BSP build in Yocto), the shell variables listed below +must be set. If RPM_CUSTOM_ARCH is not set, the rest is ignored. Ditto here. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2585#pullrequestreview-1547729808 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Fix missing includes on macOS (PR #2571)
@Conan-Kudo approved this pull request. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2571#pullrequestreview-1547721323 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Fix missing includes on macOS (PR #2571)
Sorry, this cast to (char*) makes me feel uneasy even if it is save here. Will merge after the test suite passes. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2571#issuecomment-1651780526 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Fix missing includes on macOS (PR #2571)
@ffesti pushed 3 commits. a1ead60c4e936fc154df917b54027a2e008b12b3 Fix missing signal.h include c3db93214ec4f373be2d76c732efd7f7fc7dcdc7 Fix missing basename include on macOS 39f007b68e6f7d99d223a0e06076d88a8e4355bb Duplicate filename before passing it to basename -- View it on GitHub: https://github.com/rpm-software-management/rpm/pull/2571/files/cd8878d51fc1d8dc177bed2a4e622eb07570a91c..39f007b68e6f7d99d223a0e06076d88a8e4355bb You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] rpm/rpmbuild vs Yocto BSP platform names (Issue #2578)
@ffesti Brought the discussion from #2580 to here. > This PR needs to be against master. Also a feature like this needs at least > some documentation. installplatform is a script no one ever should need to > look into. So hiding features in there is not acceptable. May be adding a > section to INSTALL is a good first step. We can move that to the docs/manual > later on if we feel it take up too much space there. I added the documentation text in INSTALL after the default make install line. > I am also wonder if we should allow passing the directory name. I don't know. At this point it's still RFC both for rpm and the Yocto community. But it allows me to run rpmbuild straight on the target system. > I might have missed something but it looks like there can only be a "custom" > platform. One is enough. There is only a single target platform you can build for at a time. See the complete patch at https://lists.openembedded.org/g/openembedded-core/message/184844 > So please re-open this against master. See #2585 -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2578#issuecomment-1651772114 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Check inside --root when querying for files (PR #2582)
@dmnks commented on this pull request. > @@ -470,11 +470,13 @@ static rpmdbMatchIterator initQueryIterator(QVA_t qva, > rpmts ts, const char * ar if (mi == NULL) { struct stat sb; - if (lstat(fn, ) != 0) + char * full_fn = rpmGenPath(rpmtsRootDir(ts), fn, NULL); How about using the simpler `rpmGetPath()` instead? The Gen variant only differs in that it also accepts URLs which I don't think we need here :smile: -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2582#pullrequestreview-1547683591 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Allow setting plaform macro settings externally (PR #2580)
> This PR needs to be against master. Also a feature like this needs at least > some documentation. `installplatform` is a script no one ever should need to > look into. So hiding features in there is not acceptable. May be adding a > section to INSTALL is a good first step. We can move that to the docs/manual > later on if we feel it take up too much space there. I added the documentation text in INSTALL after the default `make install` line. > I am also wonder if we should allow passing the directory name. I don't know. At this point it's still RFC both for `rpm` and the Yocto community. But it allows me to run `rpmbuild` straight on the target system. > I might have missed something but it looks like there can only be a "custom" > platform. One is enough. There is only a single target platform you can build for at a time. See the complete patch at https://lists.openembedded.org/g/openembedded-core/message/184844 > So please re-open this against master. See #2585 -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2580#issuecomment-1651743762 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
[Rpm-maint] [rpm-software-management/rpm] Allow setting platform macro settings externally (PR #2585)
Yocto has their own way to set the platform names via BSPs (Board Support Packages). These names are more specific than basic CPU architectures, and such a platform name ends up in /etc/rpm/platform but the corresponding subdirectory under /usr/lib/rpm/platform does not exist. Allow creating such custom platform subdirectory with feeding the necessary data using external variables: RPM_CUSTOM_ARCH, RPM_CUSTOM_ISANAME, RPM_CUSTOM_ISABITS, RPM_CUSTOM_CANONARCH and RPM_CUSTOM_CANONCOLOR You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/2585 -- Commit Summary -- * Allow setting platform macro settings externally -- File Changes -- M INSTALL (39) M installplatform (9) -- Patch Links -- https://github.com/rpm-software-management/rpm/pull/2585.patch https://github.com/rpm-software-management/rpm/pull/2585.diff -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2585 You are receiving this because you are subscribed to this thread. Message ID: rpm-software-management/rpm/pull/2...@github.com ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Nix packaging (PR #2499)
We have finally been able to get the new test suite back end merged into master. With that this PR is now obsolete. We won't patch up the old test suite to run on Nix. Please checkout the new test suite with the 4.19-beta that we are going to release the next few days. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2499#issuecomment-1651675116 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Nix packaging (PR #2499)
Closed #2499. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2499#event-9923279896 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Allow setting plaform macro settings externally (PR #2580)
Closed #2580. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2580#event-9923080277 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Allow setting plaform macro settings externally (PR #2580)
This PR needs to be against master. Also a feature like this needs at least some documentation. `installplatform` is a script no one ever should need to look into. So hiding features in there is not acceptable. May be adding a section to INSTALL is a good first step. We can move that to the docs/manual later on if we feel it take up too much space there. I am also wonder if we should allow passing the directory name. I might have missed something but it looks like there can only be a "custom" platform. So please re-open this against master. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2580#issuecomment-1651647277 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Allow setting plaform macro settings externally (PR #2579)
We don't allow PRs for release branches as patches in there are supposed to be cherry-picked from master. We now have a rpm-4.18.2 milestone that the original issue can be attached to as a reminder that this should be backported. Closing. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2579#issuecomment-1651567059 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Allow setting plaform macro settings externally (PR #2579)
Closed #2579. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2579#event-9922708151 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] rpm --import does not replace old keys with new keys (Issue #2577)
> > ``` > > * Another example is the [Google's Linux signing > > key](https://dl.google.com/linux/linux_signing_key.pub), which is actually > > a collection of public keys bundled inside a single certificate. For the > > record, its contents are: > > ``` > > $ cat linux_signing_key.pub | gpg --show-keys --with-subkey-fingerprint > > pub dsa1024 2007-03-08 [SC] > > 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 > > uid Google, Inc. Linux Package Signing Key > > > > sub elg2048 2007-03-08 [E] > > 9534C9C4130B4DC9927992BF4F30B6B4C07CB649 > > > > pub rsa4096 2016-04-12 [SC] > > EB4C1BFD4F042F6DDDCCEC917721F63BD38B4796 > > uid Google Inc. (Linux Packages Signing Authority) > > > > sub rsa4096 2016-04-12 [S] [expired: 2019-04-12] > > 3B068FB4789ABE4AEFA3BB491397BC53640DB551 > > sub rsa4096 2017-01-24 [S] [expired: 2020-01-24] > > 3E50F6D3EC278FDEB655C8CA6494C6D6997C215E > > sub rsa4096 2019-07-22 [S] [expired: 2022-07-21] > > 2F528D36D67B69EDF998D85778BD65473CB3BD13 > > sub rsa4096 2021-10-26 [S] [expires: 2024-10-25] > > 8461EFA0E74ABAE010DE66994EB27DB2A3B88B8B > > sub rsa4096 2023-02-15 [S] [expires: 2026-02-14] > > A5F483CD733A4EBAEA378B2AE88979FB9B30ACF2 > > ``` > > ``` > > This is not how the term certificate is commonly used in the OpenPGP > ecosystem. This file includes two certificates: > 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 and > EB4C1BFD4F042F6DDDCCEC917721F63BD38B4796. Thank you for your patience! They are bundled together into a single file, and into a single (virtual?) RPM package gpg-pubkey-38ab71f4-60242b08. Is there standard terminology for this situation? > > > Can you explain what it means for "a key master" to "publish keys with > > > separate certificates"? > > > > My first example above -- the Fedora 36 signing key -- is distributed in > > its own certificate. Fedora 37 has a separate key and a separate > > certificate. This separation means that the user can install any > > combination of them at their leisure. If for some reason they want to check > > old signatures, they can do so by installing old certificates containing > > old keys. Since Fedora publishes keys in separate certificates, there is no > > need to merge Fedora's certificates. > > You've unfortunately lost me again. In OpenPGP, a key is not separate from a > certificate. A key is a component. What I mean is that the Fedora 36 signing key can be installed separately from the Fedora 37 signing key. They are in separate virtual RPM packages, and they have separate keys and certificates. This contrasts with the Google situation where it's different versions of the same certificate. > > On the other hand, Google publishes many keys within a single certificate > > (the second example). If a new version of the certificate removes some old > > keys, this would prevent the user from verifying old signatures. For > > example, the key that was issued on 2016-04-12 (and expired in 2019) might > > get removed from future versions of this certificate. If this happens, then > > the user would have no obvious way of verifying packages signed by this > > key. Your proposal of merging the new certificate with previously installed > > ones is one way of addressing this problem. But I think it comes with a > > serious downside that the user has no way removing revoked keys. If the > > 2016-04-12 key gets compromised, your proposal might leave the user > > vulnerable to attacker-signed packages. (The fact that they key has expired > > might help, but it's not the end of the story; e.g. what if a more recent > > key gets compromised?) > > I don't understand why a user would want to remove a revoked key. If it is > revoked, the user should just import the revocation certificate and then it > can't be used to verify packages any more. Good point. I guess I was worried that the key master might not distribute a revocation certificate, or that DNF / RPM might not acquire and process the revocation certificate correctly. Has this been tested? -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2577#issuecomment-1651519766 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Add sysusers.sh script to replace systemd-sysusers (PR #2573)
Merged #2573 into master. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2573#event-9922341090 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Add sysusers.sh script to replace systemd-sysusers (PR #2573)
@ffesti pushed 1 commit. cd750adc7f7d4be4e1ac173631c07fdb2e5f9757 Replace systemd-sysusers by new sysusers.sh script -- View it on GitHub: https://github.com/rpm-software-management/rpm/pull/2573/files/47a20f64e82eacdf91679a356de038208d487b86..cd750adc7f7d4be4e1ac173631c07fdb2e5f9757 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Add sysusers.sh script to replace systemd-sysusers (PR #2573)
@dmnks approved this pull request. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2573#pullrequestreview-1547356492 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Add sysusers.sh script to replace systemd-sysusers (PR #2573)
Other than the above, the PR looks sane, nice work! -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2573#issuecomment-1651444355 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Add sysusers.sh script to replace systemd-sysusers (PR #2573)
Now that the script has the `bash` shebang, shouldn't we make use of `local` and declare the function-local variables as such? Currently, they are all redefined on entry and not used outside of the functions, but if we change something in the script in the future and forget about it... -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2573#issuecomment-1651392225 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Add sysusers.sh script to replace systemd-sysusers (PR #2573)
@ffesti pushed 1 commit. 36cbc08980d643614e646eb39542aeacf1afdb5e Add --help and description -- View it on GitHub: https://github.com/rpm-software-management/rpm/pull/2573/files/c69b996901e5d62f8d49d72b46dc651115c581a8..36cbc08980d643614e646eb39542aeacf1afdb5e You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Add sysusers.sh script to replace systemd-sysusers (PR #2573)
Ok, all shellcheck warnings gone and test suite is passing. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2573#issuecomment-1651159358 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Add sysusers.sh script to replace systemd-sysusers (PR #2573)
@ffesti pushed 1 commit. c69b996901e5d62f8d49d72b46dc651115c581a8 Replace eval with mapfile and xargs -- View it on GitHub: https://github.com/rpm-software-management/rpm/pull/2573/files/df7df2c046d6a26c2494b12bea89bb9b5d7916b3..c69b996901e5d62f8d49d72b46dc651115c581a8 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Add sysusers.sh script to replace systemd-sysusers (PR #2573)
OK, there is only one warning left caused by the `eval` line. Let me see if we can get rid of that, too. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2573#issuecomment-1651069702 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Add sysusers.sh script to replace systemd-sysusers (PR #2573)
@ffesti pushed 6 commits. d99cfdbc10ed5b56eaac54704a3b91631086061d Add sysusers.sh script 05328c5d35b79f24016fd945e4b264badc16caf4 Replace getent with grep d020c8b082b29d02d9abd4e9fdd1176ed9e8c700 Implement --replace 16690d145b086e197c44d2c95c3b3d3c295d9527 Add test case for skipping user creation 85d90c9de078fcaa115275e1b3882507fea6069f Fix shellcheck warnings df7df2c046d6a26c2494b12bea89bb9b5d7916b3 Fix indentation -- View it on GitHub: https://github.com/rpm-software-management/rpm/pull/2573/files/7b1600e2449421bbce1f1fdb76857c5d5d2d7dd9..df7df2c046d6a26c2494b12bea89bb9b5d7916b3 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint