We've yet to figure out the actual logistics of this stuff, but I'd say quite
unlikely as it would lead to people reporting issues and rfe's on them back to
rpm, which is contrary to the purpose. More likely we'd release tarballs of the
different repos on ftp.rpm.org together or closely linked
```
RPM build errors:
line 223: %package -n rust-libc-devel: package rust-libc-devel already
exists
fish: Job 2, “~/Projects/upstream/rpm/rpmbuil…” terminated by signal SIGSEGV
(Address boundary error)
```
Segfault if the package redefinition happens is not expected.
---
```
error: line
@ffesti pushed 1 commit.
9b1a24a921f281747eb475276a3693471ee2b0b1 Add suppport for %postbuild spec
section
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
@pmatilai commented on this pull request.
> +}
+
+rpmlog(RPMLOG_DEBUG, _("key: %s\n"), key);
+rpmlog(RPMLOG_DEBUG, _("cert: %s\n"), cert);
+
+compr = headerGetString(h, RPMTAG_PAYLOADCOMPRESSOR);
+rpmio_flags = rstrscat(NULL, "r.", compr ? compr : "gzip", NULL);
+
+gzdi
@pmatilai commented on this pull request.
> @@ -430,6 +438,10 @@ typedef enum rpmSigTag_e {
RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER,
RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18,
RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE + 19,
+
@pmatilai commented on this pull request.
> @@ -3,7 +3,8 @@
include $(top_srcdir)/rpm.am
AM_CFLAGS = @RPMCFLAGS@
-AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/
+AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/ \
+ -I$(includedir)
@pmatilai commented on this pull request.
> @@ -494,6 +505,36 @@ static rpmRC includeFileSignatures(Header *sigp, Header
> *hdrp)
#endif
}
+static rpmRC includeVeritySignatures(FD_t fd, Header *sigp, Header *hdrp)
+{
+#ifdef WITH_FSVERITY
+rpmRC rc;
+char *key =
@pmatilai commented on this pull request.
> if (deleting) { /* Nuke all the signature tags. */
deleteSigs(sigh);
+ deleteFileSigs(sigh);
The IMA signatures originally were covered by package signature, but that
breaks some fundamental rpm rules so it was changed in a
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1243
-- Commit Summary --
* Bump CI Fedora version from 31 to 32 aka latest stable
-- File Changes --
M ci/Dockerfile (2)
-- Patch Links --
@pmatilai commented on this pull request.
> +}
+
+static char *rpmVeritySignFile(rpmfi fi, size_t *sig_size, char *key,
+ char *keypass, char *cert, uint16_t algo,
+ uint32_t block_size)
+{
+struct libfsverity_merkle_tree_params
@pmatilai commented on this pull request.
> @@ -430,6 +438,10 @@ typedef enum rpmSigTag_e {
RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER,
RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18,
RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE + 19,
+
Merged #1243 into master.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1243#event-3381787330___
Rpm-maint mailing list
@pmatilai commented on this pull request.
> + rpmlog(RPMLOG_DEBUG, "fsverity not supported by file system for
> %s\n",
+ path);
+ break;
+ case EOPNOTSUPP:
+ rpmlog(RPMLOG_DEBUG, "fsverity not enabled on file system for %s\n",
+
With 4.16 branched off now... thanks for the patch!
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Merged #1212 into master.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1212#event-3382243657___
Rpm-maint mailing list
@pmatilai I think we need to deprecate it in 4.17 and ditch it in 4.18 while
keeping bdb_ro only.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Bump version number and adjust reproducable hash test accordingly.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1244
-- Commit Summary --
* Preparing for rpm 4.16.0-beta1
-- File Changes --
M configure.ac (2)
M
Shedding some weight to celebrate the beginning of a new cycle :fireworks:
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1245
-- Commit Summary --
* Bump version to mark beginning of a new development cycle
* Remove
:rocket: :+1:
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1245#issuecomment-635278798___
Rpm-maint mailing list
Flushing BDB down the same drain is really, really, really tempting :innocent:
but maybe not *just* yet...
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
We will solve this differently, in redhat-rpm-config. Thanks.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Closed #1231.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1231#event-3382419186___
Rpm-maint mailing list
Merged #1244 into rpm-4.16.x.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1244#event-3382355093___
Rpm-maint mailing list
Actually BDB too is already marked deprecated in 4.16 (commit
fc0169eb03c893d63dc44f2ada954d42e0e759ed)
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
@pmatilai oh, in that case - I would ditch bdb backend and possibly enable
bdb_ro by default for 4.17 and then in 4.18 disable it by default.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
@jessorensen commented on this pull request.
> if (deleting) { /* Nuke all the signature tags. */
deleteSigs(sigh);
+ deleteFileSigs(sigh);
> The IMA signatures originally were covered by package signature, but that
> breaks some fundamental rpm rules so it was changed in
@pmatilai commented on this pull request.
> Which library to use can be specified with the
---with-crypto=[libgcrypt|beecrypt|nss|openssl] argument to configure,
+--with-crypto=[libgcrypt|nss|openssl] argument to configure,
Oh, of course. Thanks for spotting!
--
You are receiving this
@jessorensen commented on this pull request.
> @@ -430,6 +438,10 @@ typedef enum rpmSigTag_e {
RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER,
RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18,
RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE + 19,
+
@jessorensen commented on this pull request.
> @@ -3,7 +3,8 @@
include $(top_srcdir)/rpm.am
AM_CFLAGS = @RPMCFLAGS@
-AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/
+AM_CPPFLAGS = -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include/ \
+
@jessorensen commented on this pull request.
> @@ -430,6 +438,10 @@ typedef enum rpmSigTag_e {
RPMSIGTAG_SHA256 = RPMTAG_SHA256HEADER,
RPMSIGTAG_FILESIGNATURES = RPMTAG_SIG_BASE + 18,
RPMSIGTAG_FILESIGNATURELENGTH = RPMTAG_SIG_BASE + 19,
+
@jessorensen commented on this pull request.
> + rpmlog(RPMLOG_DEBUG, "fsverity not supported by file system for
> %s\n",
+ path);
+ break;
+ case EOPNOTSUPP:
+ rpmlog(RPMLOG_DEBUG, "fsverity not enabled on file system for %s\n",
+
@voxik commented on this pull request.
> Which library to use can be specified with the
---with-crypto=[libgcrypt|beecrypt|nss|openssl] argument to configure,
+--with-crypto=[libgcrypt|nss|openssl] argument to configure,
Shouldn't be the NSS references removed similarly to beecrypt?
--
You
@jessorensen commented on this pull request.
> +}
+
+rpmlog(RPMLOG_DEBUG, _("key: %s\n"), key);
+rpmlog(RPMLOG_DEBUG, _("cert: %s\n"), cert);
+
+compr = headerGetString(h, RPMTAG_PAYLOADCOMPRESSOR);
+rpmio_flags = rstrscat(NULL, "r.", compr ? compr : "gzip", NULL);
+
+
@Conan-Kudo approved this pull request.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1245#pullrequestreview-420462821___
@pmatilai Come on, drop BDB! Go for the gold! 磊
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1245#issuecomment-635586247___
@Conan-Kudo requested changes on this pull request.
> @@ -14,24 +14,13 @@ The source for the file utility + library is available
> from
ftp://ftp.astron.com/pub/file/
You will need a cryptographic library to support digests and signatures.
-This library may be libgcrypt, Mozilla NSS,
@pmatilai pushed 1 commit.
294692aadac5c9723b022f6f3169d16139dc1a74 Remove support for NSS
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
There's at least one thing that needs to be dealt with one way or the other
before dropping BDB can be seriously considered:
```
[pmatilai︎lumikko rpm]$ grep %_db_backend macros.in
%_db_backend bdb
```
--
You are receiving this because you are subscribed to this thread.
Reply to this
@pmatilai commented on this pull request.
> @@ -14,24 +14,13 @@ The source for the file utility + library is available
> from
ftp://ftp.astron.com/pub/file/
You will need a cryptographic library to support digests and signatures.
-This library may be libgcrypt, Mozilla NSS, OpenSSL or
Merged #1245 into master.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1245#event-3385730799___
Rpm-maint mailing list
Anyway, the DB discussion is a separate topic. Thanks for the doc review guys,
fixed in the last push.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
41 matches
Mail list logo
