Re: [Rpm-maint] [rpm-software-management/rpm] RFE: split language specifics out of rpm core (#1199)

2020-05-28 Thread Panu Matilainen
We've yet to figure out the actual logistics of this stuff, but I'd say quite unlikely as it would lead to people reporting issues and rfe's on them back to rpm, which is contrary to the purpose. More likely we'd release tarballs of the different repos on ftp.rpm.org together or closely linked

Re: [Rpm-maint] [rpm-software-management/rpm] Add %postbuild section / Allow dynamic sub packages (#1239)

2020-05-28 Thread Igor Raits
``` RPM build errors: line 223: %package -n rust-libc-devel: package rust-libc-devel already exists fish: Job 2, “~/Projects/upstream/rpm/rpmbuil…” terminated by signal SIGSEGV (Address boundary error) ``` Segfault if the package redefinition happens is not expected. --- ``` error: line

Re: [Rpm-maint] [rpm-software-management/rpm] Add %postbuild section / Allow dynamic sub packages (#1239)

2020-05-28 Thread Florian Festi
@ffesti pushed 1 commit. 9b1a24a921f281747eb475276a3693471ee2b0b1 Add suppport for %postbuild spec section -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)

2020-05-28 Thread Panu Matilainen
@pmatilai commented on this pull request. > +} + +rpmlog(RPMLOG_DEBUG, _("key: %s\n"), key); +rpmlog(RPMLOG_DEBUG, _("cert: %s\n"), cert); + +compr = headerGetString(h, RPMTAG_PAYLOADCOMPRESSOR); +rpmio_flags = rstrscat(NULL, "r.", compr ? compr : "gzip", NULL); + +gzdi

Re: [Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)

2020-05-28 Thread Panu Matilainen
@pmatilai commented on this pull request. > @@ -430,6 +438,10 @@ typedef enum rpmSigTag_e { RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER, RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18, RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE + 19, +

Re: [Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)

2020-05-28 Thread Panu Matilainen
@pmatilai commented on this pull request. > @@ -3,7 +3,8 @@ include $(top_srcdir)/rpm.am AM_CFLAGS = @RPMCFLAGS@ -AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/ +AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/ \ + -I$(includedir)

Re: [Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)

2020-05-28 Thread Panu Matilainen
@pmatilai commented on this pull request. > @@ -494,6 +505,36 @@ static rpmRC includeFileSignatures(Header *sigp, Header > *hdrp) #endif } +static rpmRC includeVeritySignatures(FD_t fd, Header *sigp, Header *hdrp) +{ +#ifdef WITH_FSVERITY +rpmRC rc; +char *key =

Re: [Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)

2020-05-28 Thread Panu Matilainen
@pmatilai commented on this pull request. > if (deleting) { /* Nuke all the signature tags. */ deleteSigs(sigh); + deleteFileSigs(sigh); The IMA signatures originally were covered by package signature, but that breaks some fundamental rpm rules so it was changed in a

[Rpm-maint] [rpm-software-management/rpm] Bump CI Fedora version from 31 to 32 aka latest stable (#1243)

2020-05-28 Thread Panu Matilainen
You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1243 -- Commit Summary -- * Bump CI Fedora version from 31 to 32 aka latest stable -- File Changes -- M ci/Dockerfile (2) -- Patch Links --

Re: [Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)

2020-05-28 Thread Panu Matilainen
@pmatilai commented on this pull request. > +} + +static char *rpmVeritySignFile(rpmfi fi, size_t *sig_size, char *key, + char *keypass, char *cert, uint16_t algo, + uint32_t block_size) +{ +struct libfsverity_merkle_tree_params

Re: [Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)

2020-05-28 Thread Panu Matilainen
@pmatilai commented on this pull request. > @@ -430,6 +438,10 @@ typedef enum rpmSigTag_e { RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER, RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18, RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE + 19, +

Re: [Rpm-maint] [rpm-software-management/rpm] Bump CI Fedora version from 31 to 32 aka latest stable (#1243)

2020-05-28 Thread Florian Festi
Merged #1243 into master. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1243#event-3381787330___ Rpm-maint mailing list

Re: [Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)

2020-05-28 Thread Panu Matilainen
@pmatilai commented on this pull request. > + rpmlog(RPMLOG_DEBUG, "fsverity not supported by file system for > %s\n", + path); + break; + case EOPNOTSUPP: + rpmlog(RPMLOG_DEBUG, "fsverity not enabled on file system for %s\n", +

Re: [Rpm-maint] [rpm-software-management/rpm] macros: Drop internal macros which are not used in RPM and Fedora (#1212)

2020-05-28 Thread Panu Matilainen
With 4.16 branched off now... thanks for the patch! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] macros: Drop internal macros which are not used in RPM and Fedora (#1212)

2020-05-28 Thread Panu Matilainen
Merged #1212 into master. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1212#event-3382243657___ Rpm-maint mailing list

Re: [Rpm-maint] [rpm-software-management/rpm] Remove deprecated beecrypt and NSS crypto backends (#1245)

2020-05-28 Thread Igor Raits
@pmatilai I think we need to deprecate it in 4.17 and ditch it in 4.18 while keeping bdb_ro only. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

[Rpm-maint] [rpm-software-management/rpm] Preparing for rpm 4.16.0-beta1 (#1244)

2020-05-28 Thread Panu Matilainen
Bump version number and adjust reproducable hash test accordingly. You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1244 -- Commit Summary -- * Preparing for rpm 4.16.0-beta1 -- File Changes -- M configure.ac (2) M

[Rpm-maint] [rpm-software-management/rpm] Remove deprecated beecrypt and NSS crypto backends (#1245)

2020-05-28 Thread Panu Matilainen
Shedding some weight to celebrate the beginning of a new cycle :fireworks: You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1245 -- Commit Summary -- * Bump version to mark beginning of a new development cycle * Remove

Re: [Rpm-maint] [rpm-software-management/rpm] Remove deprecated beecrypt and NSS crypto backends (#1245)

2020-05-28 Thread Igor Raits
:rocket: :+1: -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1245#issuecomment-635278798___ Rpm-maint mailing list

Re: [Rpm-maint] [rpm-software-management/rpm] Remove deprecated beecrypt and NSS crypto backends (#1245)

2020-05-28 Thread Panu Matilainen
Flushing BDB down the same drain is really, really, really tempting :innocent: but maybe not *just* yet... -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Add %toolchain macro to differentiate C/C++ toolchains (#1231)

2020-05-28 Thread tbaederr
We will solve this differently, in redhat-rpm-config. Thanks. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Add %toolchain macro to differentiate C/C++ toolchains (#1231)

2020-05-28 Thread tbaederr
Closed #1231. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1231#event-3382419186___ Rpm-maint mailing list

Re: [Rpm-maint] [rpm-software-management/rpm] Preparing for rpm 4.16.0-beta1 (#1244)

2020-05-28 Thread Florian Festi
Merged #1244 into rpm-4.16.x. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1244#event-3382355093___ Rpm-maint mailing list

Re: [Rpm-maint] [rpm-software-management/rpm] Remove deprecated beecrypt and NSS crypto backends (#1245)

2020-05-28 Thread Panu Matilainen
Actually BDB too is already marked deprecated in 4.16 (commit fc0169eb03c893d63dc44f2ada954d42e0e759ed) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Remove deprecated beecrypt and NSS crypto backends (#1245)

2020-05-28 Thread Igor Raits
@pmatilai oh, in that case - I would ditch bdb backend and possibly enable bdb_ro by default for 4.17 and then in 4.18 disable it by default. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)

2020-05-28 Thread jessorensen
@jessorensen commented on this pull request. > if (deleting) { /* Nuke all the signature tags. */ deleteSigs(sigh); + deleteFileSigs(sigh); > The IMA signatures originally were covered by package signature, but that > breaks some fundamental rpm rules so it was changed in

Re: [Rpm-maint] [rpm-software-management/rpm] Remove deprecated beecrypt and NSS crypto backends (#1245)

2020-05-28 Thread Panu Matilainen
@pmatilai commented on this pull request. > Which library to use can be specified with the ---with-crypto=[libgcrypt|beecrypt|nss|openssl] argument to configure, +--with-crypto=[libgcrypt|nss|openssl] argument to configure, Oh, of course. Thanks for spotting! -- You are receiving this

Re: [Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)

2020-05-28 Thread jessorensen
@jessorensen commented on this pull request. > @@ -430,6 +438,10 @@ typedef enum rpmSigTag_e { RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER, RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18, RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE + 19, +

Re: [Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)

2020-05-28 Thread jessorensen
@jessorensen commented on this pull request. > @@ -3,7 +3,8 @@ include $(top_srcdir)/rpm.am AM_CFLAGS = @RPMCFLAGS@ -AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/ +AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/ \ +

Re: [Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)

2020-05-28 Thread jessorensen
@jessorensen commented on this pull request. > @@ -430,6 +438,10 @@ typedef enum rpmSigTag_e { RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER, RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18, RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE + 19, +

Re: [Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)

2020-05-28 Thread jessorensen
@jessorensen commented on this pull request. > + rpmlog(RPMLOG_DEBUG, "fsverity not supported by file system for > %s\n", + path); + break; + case EOPNOTSUPP: + rpmlog(RPMLOG_DEBUG, "fsverity not enabled on file system for %s\n", +

Re: [Rpm-maint] [rpm-software-management/rpm] Remove deprecated beecrypt and NSS crypto backends (#1245)

2020-05-28 Thread Vít Ondruch
@voxik commented on this pull request. > Which library to use can be specified with the ---with-crypto=[libgcrypt|beecrypt|nss|openssl] argument to configure, +--with-crypto=[libgcrypt|nss|openssl] argument to configure, Shouldn't be the NSS references removed similarly to beecrypt? -- You

Re: [Rpm-maint] [rpm-software-management/rpm] RPM fsverity support (#1203)

2020-05-28 Thread jessorensen
@jessorensen commented on this pull request. > +} + +rpmlog(RPMLOG_DEBUG, _("key: %s\n"), key); +rpmlog(RPMLOG_DEBUG, _("cert: %s\n"), cert); + +compr = headerGetString(h, RPMTAG_PAYLOADCOMPRESSOR); +rpmio_flags = rstrscat(NULL, "r.", compr ? compr : "gzip", NULL); + +

Re: [Rpm-maint] [rpm-software-management/rpm] Remove deprecated beecrypt and NSS crypto backends (#1245)

2020-05-28 Thread ニール・ゴンパ
@Conan-Kudo approved this pull request. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1245#pullrequestreview-420462821___

Re: [Rpm-maint] [rpm-software-management/rpm] Remove deprecated beecrypt and NSS crypto backends (#1245)

2020-05-28 Thread ニール・ゴンパ
@pmatilai Come on, drop BDB! Go for the gold! 磊 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1245#issuecomment-635586247___

Re: [Rpm-maint] [rpm-software-management/rpm] Remove deprecated beecrypt and NSS crypto backends (#1245)

2020-05-28 Thread ニール・ゴンパ
@Conan-Kudo requested changes on this pull request. > @@ -14,24 +14,13 @@ The source for the file utility + library is available > from ftp://ftp.astron.com/pub/file/ You will need a cryptographic library to support digests and signatures. -This library may be libgcrypt, Mozilla NSS,

Re: [Rpm-maint] [rpm-software-management/rpm] Remove deprecated beecrypt and NSS crypto backends (#1245)

2020-05-28 Thread Panu Matilainen
@pmatilai pushed 1 commit. 294692aadac5c9723b022f6f3169d16139dc1a74 Remove support for NSS -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Remove deprecated beecrypt and NSS crypto backends (#1245)

2020-05-28 Thread Panu Matilainen
There's at least one thing that needs to be dealt with one way or the other before dropping BDB can be seriously considered: ``` [pmatilai︎lumikko rpm]$ grep %_db_backend macros.in %_db_backend bdb ``` -- You are receiving this because you are subscribed to this thread. Reply to this

Re: [Rpm-maint] [rpm-software-management/rpm] Remove deprecated beecrypt and NSS crypto backends (#1245)

2020-05-28 Thread Panu Matilainen
@pmatilai commented on this pull request. > @@ -14,24 +14,13 @@ The source for the file utility + library is available > from ftp://ftp.astron.com/pub/file/ You will need a cryptographic library to support digests and signatures. -This library may be libgcrypt, Mozilla NSS, OpenSSL or

Re: [Rpm-maint] [rpm-software-management/rpm] Remove deprecated beecrypt and NSS crypto backends (#1245)

2020-05-28 Thread Panu Matilainen
Merged #1245 into master. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1245#event-3385730799___ Rpm-maint mailing list

Re: [Rpm-maint] [rpm-software-management/rpm] Remove deprecated beecrypt and NSS crypto backends (#1245)

2020-05-28 Thread Panu Matilainen
Anyway, the DB discussion is a separate topic. Thanks for the doc review guys, fixed in the last push. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: