Those ancient hashes, SIGMD5 in particular, are a mandatory part of the rpm
package format as documented in LSB. Rpm >= 4.14.2 has the necessary technology
to finally make the MD5 header+payload hash properly obsolete, but that's a
very, very new development in terms of rpm time.
A thing like
Yes, that's what I meant. Some implicit hook in %prep implementation, or
before.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Uhh, what? That not true. Nobody in Fedora deprecated RPM. Where did you get
this information?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Lemme know if you think that some PoC macro in /usr/lib/rpm/macros.d doing
exactly
this would be useful (as first %prep instruction).
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Implementing it that way would require making changes to `%prep` initialization
in RPM, so that it would run before anything is executed...
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
:popcorn:
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1474#issuecomment-754660817___
Rpm-maint mailing list
Ahh. It is simple output of `rpm` without any param. And yes, it is not there.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
@lnussel , @malmond77 - if you want to talk about CoW on rpm outside the
context of this PR, please just open a ticket here instead of going private
email.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Could RPM hook in a check right before executing `%prep` section if e.g. macro
like
`%global source_1_sha256 ` is defined? Older RPM implementations
would
just ignore such macro.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on
DNF _can't_ replace RPM, it's built on top of it.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
How you get this output? I see `-q` in both `man rpm` and `rpm -h` - but output
of both differs from what you posted.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
The plugin notifies fapolicyd daemon about ongoing rpm transaction via linux
pipe.
It sends files info in %s %lu %64s\n format.
The daemon adds these records dynamically to the DB and they are considered as
trusted.
Related PRs:
Oh and yet another related remark: nothing against having rpm support reflink
where possible, it's actually something I've wanted to do for a long time. Rpm
would need to track per-filesystem capabilities somehow (there are several
other use-cases for that). Related to that, something
> Uhh, what? That not true. Nobody in Fedora deprecated RPM. Where did you get
> this information?
They say DNL is chad now.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
> DNF _can't_ replace RPM, it's built on top of it.
That means RPM is needed only for DNF and DNF developers, so no RPM HOWTO is
needed.
> Use DNF Instead of RPM Whenever Possible
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on
> They say DNL is chad now.
Any link to source? I am not aware of any such statement.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
I wrote a requires generator for `.qml` files, which converts import statements
to RPM capabilities in the format
```
qt5qmlimport(QtQuick.Controls.2) >= 3
qt5qmlimport(QtQuick.Controls.Layouts.2) >= 3
```
This works as expected, but the dependency generator is called for each file,
so they
> Where? DNF is certainly far from dead...
By no means, and DNF replaces RPM.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Where? DNF is certainly far from dead...
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1474#issuecomment-754653435___
[RPM](https://docs.fedoraproject.org/en-US/fedora/f33/system-administrators-guide/RPM/)
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Do you have actual reproducers for these cases or is this just by code-analysis
/ compiler warnings?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
@pmatilai commented on this pull request.
> @@ -106,7 +106,8 @@ typedef enum rpmRC_e {
RPMRC_NOTFOUND = 1,/*!< Generic not found code. */
RPMRC_FAIL = 2,/*!< Generic failure code. */
RPMRC_NOTTRUSTED = 3,/*!< Signature is OK, but key is not trusted. */
I concur with @DemiMarie 's security concerns: we only just got the full
payload pre-transaction verification in place *finally* in 4.14.2, but this
effectively disables not just that but *all* digest and signature verification
for the incoming package (in rpm2extent), which is nothing but an
> It is important to recognize that security enhancements need to be balanced
> with usability and accessibility, otherwise nobody will use either for long.
> RPM has also been around for 25 years, and until _very_ recently, all RPMs
> produced in that timeframe were still accessible by the
> I don't remember anything in this regard in recent times. @Conan-Kudo , what
> are you referring to here?
Ah, I was mistaken, we haven't ripped out RPM v3 format support just yet, we
only deprecated it in ba385ec5b7f4340a4f9b6815efd0f1a9521a0b15. But removal of
LSB/v3 support is coming...
Would be wonderful if things were that simple.
But there's no such thing as "the signature", there are multiple digests and
signatures ranging over various parts of the package, mostly contained in the
signature header (so you need to parse an unprotected header anyhow) but the
payload digests
@pmatilai commented on this pull request.
> @@ -169,8 +169,8 @@ rpmRC rpmpkgRead(struct rpmvs_s *vs, FD_t fd,
goto exit;
}
-/* Read the signature header. Might not be in a contiguous region. */
-if (hdrblobRead(fd, 1, 0, RPMTAG_HEADERSIGNATURES, sigblob, ))
+/* Read
Haven't had a chance to properly look review and think through the concept etc
yet, but a few preliminary review remarks to follow...
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
@pmatilai commented on this pull request.
> @@ -850,10 +852,21 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles
> files,
char *tid = NULL;
const char *suffix;
char *fpath = NULL;
+Header h = rpmteHeader(te);
+const char *payloadfmt = headerGetString(h,
RedHat, or rather Fedora, has deprecated RPM and does not offer any support for
it. Please remove links to RedHat and mentions thereof from the HOWTO document.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Um? --macros= exists since beginning of times, any 4.x version certainly.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
臘
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1469#issuecomment-754574381___
Rpm-maint mailing list
Closed #1469.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1469#event-4169253497___
Rpm-maint mailing list
Okay, in that case we agree :smile:
I think the "nice" way of killing v3 support is letting the obsolete crypto
those packages use make it effectively uninstallable due to being unverifiable.
That would actually already be the case, if it wasn't for the MD5
header+payload digest being the
@pmatilai commented on this pull request.
>
for (i = 0; i < plugins->count; i++) {
rpmPlugin plugin = plugins->plugins[i];
RPMPLUGINS_SET_HOOK_FUNC(fsm_file_pre);
- if (hookFunc && hookFunc(plugin, fi, path, file_mode, op) ==
RPMRC_FAIL) {
-
@pmatilai commented on this pull request.
> +#define NOT_FOUND 0
+
+#define BUFFER_SIZE (1024 * 128)
+
+/* magic value at end of file (64 bits) that indicates this is a transcoded
rpm */
+#define MAGIC 3472329499408095051
+
+struct reflink_state_s {
+ /* Stuff that's used across rpms */
+
{ rpm; }
> Składnia: rpm [-afgplsiv?] [-a|--all] [-f|--file] [-g|--group] [-p|--package]
>[--pkgid] [--hdrid] [--triggeredby] [--whatconflicts] [--whatrequires]
>[--whatobsoletes] [--whatprovides] [--whatrecommends] [--whatsuggests]
>[--whatsupplements]
Another broader thought is that perhaps it might be better to add a new plugin
slot for this kind of purpose, which gets the fd as an argument and so doesn't
need rpmteFd() which is something I'm not really comfortable in exposing in the
external API. That would probably eliminate the need for
(At least I thought it does that. Maybe that just was wishful thinking...)
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
rpm needs to assign dependencies to files so that 'rpm -q --filerequire' works.
So it can't simply drop dependencies.
In case you're wondering: rpm does this to ignore dependencies for files that
are not installed, e.g. because they have the wrong file color.
--
You are receiving this because
@DemiMarie commented on this pull request.
> @@ -169,8 +169,8 @@ rpmRC rpmpkgRead(struct rpmvs_s *vs, FD_t fd,
goto exit;
}
-/* Read the signature header. Might not be in a contiguous region. */
-if (hdrblobRead(fd, 1, 0, RPMTAG_HEADERSIGNATURES, sigblob, ))
+/* Read
41 matches
Mail list logo
