[gnome-continuous-yocto/gnomeostree-3.28-rocko: 1558/8267] python-smartpm: add support to check signatures

From: Emmanuele Bassi <ebassi src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-continuous-yocto/gnomeostree-3.28-rocko: 1558/8267] python-smartpm: add support to check signatures
Date: Sat, 16 Dec 2017 21:59:45 +0000 (UTC)
commit f02f0edeaabb7b5c437dfb7a4bf174fe29ab5a87
Author: mingli yu windriver com <mingli yu windriver com>
Date:   Wed Jul 20 16:51:34 2016 +0800

    python-smartpm: add support to check signatures
    
    RPMv5 has removed support for _RPMVSF_NOSIGNATURES,
    the flag can be replaced with a flags set:
    "RPMVSF_NODSAHEADER|RPMVSF_NORSAHEADER|RPMVSF_NODSA
    RPMVSF_NORSA"
    
    (From OE-Core rev: 5c0c1b8a64643ad7130b17b5dfce9cecffa6d962)
    
    Signed-off-by: Haiqing Bai <Haiqing Bai windriver com>
    Signed-off-by: Mingli Yu <mingli yu windriver com>
    Signed-off-by: Ross Burton <ross burton intel com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 .../python/python-smartpm/smartpm-rpm5-nodig.patch |   59 ----------
 .../smartpm-rpm5-support-check-signatures.patch    |  112 ++++++++++++++++++++
 meta/recipes-devtools/python/python-smartpm_git.bb |    2 +-
 3 files changed, 113 insertions(+), 60 deletions(-)
---
diff --git a/meta/recipes-devtools/python/python-smartpm/smartpm-rpm5-support-check-signatures.patch 
b/meta/recipes-devtools/python/python-smartpm/smartpm-rpm5-support-check-signatures.patch
new file mode 100644
index 0000000..4067a90
--- /dev/null
+++ b/meta/recipes-devtools/python/python-smartpm/smartpm-rpm5-support-check-signatures.patch
@@ -0,0 +1,112 @@
+From 5b79e28bd70a0ec5b34c5ff19b66cbbdd1e48835 Mon Sep 17 00:00:00 2001
+From: Haiqing Bai <Haiqing Bai windriver com>
+Date: Fri, 18 Mar 2016 13:34:07 +0800
+Subject: [PATCH] Make smartpm to support check signatures of rpmv5.
+
+The original support for 'rpm-check-signatures' has been
+disabled for the RPMv5 does not support '_RPMVSF_NOSIGNATURES'
+now. This fix replaces the '_RPMVSF_NOSIGNATURES' with
+rpm VS flags set:RPMVSF_NODSAHEADER|RPMVSF_NORSAHEADER|
+RPMVSF_NODSA|RPMVSF_NORSA.
+
+Upstream-Status: Pending
+Signed-off-by: Haiqing Bai <Haiqing Bai windriver com>
+---
+ smart/backends/rpm/base.py      | 43 +++++++++++++++++++++++++++++++----------
+ smart/backends/rpm/pm.py        |  2 +-
+ smart/plugins/yumchannelsync.py |  5 +++--
+ 3 files changed, 37 insertions(+), 13 deletions(-)
+
+diff --git a/smart/backends/rpm/base.py b/smart/backends/rpm/base.py
+index 85f4d49..dbd6165 100644
+--- a/smart/backends/rpm/base.py
++++ b/smart/backends/rpm/base.py
+@@ -63,11 +63,23 @@ def getTS(new=False):
+         if sysconf.get("rpm-dbpath"):
+             rpm.addMacro('_dbpath', "/" + sysconf.get("rpm-dbpath"))
+         getTS.ts = rpm.ts(getTS.root)
+-        if not sysconf.get("rpm-check-signatures", False):
+-            if hasattr(rpm, '_RPMVSF_NOSIGNATURES'):
+-                getTS.ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
+-            else:
+-                raise Error, _("rpm requires checking signatures")
++
++        # _RPMVSF_NOSIGNATURES is not supported in RPMv5, so here uses
++        # RPMVSF_NODSAHEADER|RPMVSF_NORSAHEADER|RPMVSF_NODSA|RPMVSF_NORSA
++        # to replace '_RPMVSF_NOSIGNATURES' to continue to support check
++        # rpm signatures
++
++        #if not sysconf.get("rpm-check-signatures", False):
++        #    if hasattr(rpm, '_RPMVSF_NOSIGNATURES'):
++        #        getTS.ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
++        #    else:
++        #        raise Error, _("rpm requires checking signatures")
++        if sysconf.get("rpm-check-signatures") == False:
++            getTS.ts.setVSFlags(rpm.RPMVSF_NODSAHEADER|rpm.RPMVSF_NORSAHEADER|\
++                                rpm.RPMVSF_NODSA|rpm.RPMVSF_NORSA)
++        else:
++            getTS.ts.setVSFlags(0)
++
+         rpm_dbpath = sysconf.get("rpm-dbpath", "var/lib/rpm")
+         dbdir = rpm_join_dbpath(getTS.root, rpm_dbpath)
+         if not os.path.isdir(dbdir):
+@@ -89,11 +101,22 @@ def getTS(new=False):
+         if sysconf.get("rpm-dbpath"):
+             rpm.addMacro('_dbpath', "/" + sysconf.get("rpm-dbpath"))
+         ts = rpm.ts(getTS.root)
+-        if not sysconf.get("rpm-check-signatures", False):
+-            if hasattr(rpm, '_RPMVSF_NOSIGNATURES'):
+-                ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
+-            else:
+-                raise Error, _("rpm requires checking signatures")
++
++        # _RPMVSF_NOSIGNATURES is not supported in RPMv5, so here uses
++        # RPMVSF_NODSAHEADER|RPMVSF_NORSAHEADER|RPMVSF_NODSA|RPMVSF_NORSA
++        # to replace '_RPMVSF_NOSIGNATURES' to continue to support check
++        # rpm signatures
++
++        #if not sysconf.get("rpm-check-signatures", False):
++        #    if hasattr(rpm, '_RPMVSF_NOSIGNATURES'):
++        #        ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
++        #    else:
++        #        raise Error, _("rpm requires checking signatures")
++        if sysconf.get("rpm-check-signatures") == False:
++            ts.setVSFlags(rpm.RPMVSF_NODSAHEADER|rpm.RPMVSF_NORSAHEADER|\
++                                rpm.RPMVSF_NODSA|rpm.RPMVSF_NORSA)
++        else:
++            ts.setVSFlags(0)
+         return ts
+     else:
+         return getTS.ts
+diff --git a/smart/backends/rpm/pm.py b/smart/backends/rpm/pm.py
+index b57a844..7b651b5 100644
+--- a/smart/backends/rpm/pm.py
++++ b/smart/backends/rpm/pm.py
+@@ -180,7 +180,7 @@ class RPMPackageManager(PackageManager):
+                 fd = os.open(path, os.O_RDONLY)
+                 try:
+                     h = ts.hdrFromFdno(fd)
+-                    if sysconf.get("rpm-check-signatures", False):
++                    if sysconf.get("rpm-check-signatures", True):
+                          if get_public_key(h) == '(none)':
+                              raise rpm.error('package is not signed')
+                 except rpm.error, e:
+diff --git a/smart/plugins/yumchannelsync.py b/smart/plugins/yumchannelsync.py
+index f8107e6..2dc5482 100644
+--- a/smart/plugins/yumchannelsync.py
++++ b/smart/plugins/yumchannelsync.py
+@@ -56,8 +56,9 @@ def _getreleasever():
+ 
+     rpmroot = sysconf.get("rpm-root", "/")
+     ts = rpmUtils.transaction.initReadOnlyTransaction(root=rpmroot)
+-    if hasattr(rpm, '_RPMVSF_NOSIGNATURES') and hasattr(rpm, '_RPMVSF_NODIGESTS'):
+-        ts.pushVSFlags(~(rpm._RPMVSF_NOSIGNATURES|rpm._RPMVSF_NODIGESTS))
++    #_RPMVSF_NOSIGNATURES is not supported in RPMv5
++    #if hasattr(rpm, '_RPMVSF_NOSIGNATURES') and hasattr(rpm, '_RPMVSF_NODIGESTS'):
++    #    ts.pushVSFlags(~(rpm._RPMVSF_NOSIGNATURES|rpm._RPMVSF_NODIGESTS))
+     releasever = None
+     # HACK: we're hard-coding the most used distros, will add more if needed
+     idx = ts.dbMatch('provides', 'fedora-release')
+-- 
+1.9.1
+
diff --git a/meta/recipes-devtools/python/python-smartpm_git.bb 
b/meta/recipes-devtools/python/python-smartpm_git.bb
index d9fb271..81e45b7 100644
--- a/meta/recipes-devtools/python/python-smartpm_git.bb
+++ b/meta/recipes-devtools/python/python-smartpm_git.bb
@@ -13,7 +13,6 @@ SRCNAME = "smart"
 
 SRC_URI = "\
           git://github.com/smartpm/smart.git \
-          file://smartpm-rpm5-nodig.patch \
           file://smart-recommends.patch \
           file://smart-channelsdir.patch \
           file://smart-rpm-transaction-failure-check.patch \
@@ -25,6 +24,7 @@ SRC_URI = "\
           file://smart-cache.py-getPackages-matches-name-version.patch \
           file://smart-channel-remove-all.patch \
           file://smart-locale.patch \
+          file://smartpm-rpm5-support-check-signatures.patch \
          "
 
 SRCREV = "407a7eca766431257dcd1da15175cc36a1bb22d0"
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]