diff options
author | mingli.yu@windriver.com <mingli.yu@windriver.com> | 2016-07-20 16:51:34 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-07-26 08:56:29 +0100 |
commit | f02f0edeaabb7b5c437dfb7a4bf174fe29ab5a87 (patch) | |
tree | ffd6f59769984c4c4afb4f566a5a975359a58d88 /meta | |
parent | 2f6bbc7006f2b34ab533d3582f28323330c7195d (diff) | |
download | poky-f02f0edeaabb7b5c437dfb7a4bf174fe29ab5a87.tar.gz |
python-smartpm: add support to check signatures
RPMv5 has removed support for _RPMVSF_NOSIGNATURES,
the flag can be replaced with a flags set:
"RPMVSF_NODSAHEADER|RPMVSF_NORSAHEADER|RPMVSF_NODSA
RPMVSF_NORSA"
(From OE-Core rev: 5c0c1b8a64643ad7130b17b5dfce9cecffa6d962)
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
3 files changed, 113 insertions, 60 deletions
diff --git a/meta/recipes-devtools/python/python-smartpm/smartpm-rpm5-nodig.patch b/meta/recipes-devtools/python/python-smartpm/smartpm-rpm5-nodig.patch deleted file mode 100644 index fefb29a666..0000000000 --- a/meta/recipes-devtools/python/python-smartpm/smartpm-rpm5-nodig.patch +++ /dev/null | |||
@@ -1,59 +0,0 @@ | |||
1 | RPM5 has removed support for RPMVSF_NOSIGNATURES | ||
2 | |||
3 | Patch smart to no longer use this flag | ||
4 | |||
5 | Upstream-Status: Pending | ||
6 | |||
7 | Signed-off-by: Mark Hatle <mark.hatle@windriver.com> | ||
8 | |||
9 | diff --git a/smart/backends/rpm/base.py b/smart/backends/rpm/base.py | ||
10 | --- a/smart/backends/rpm/base.py | ||
11 | +++ b/smart/backends/rpm/base.py | ||
12 | @@ -63,11 +63,11 @@ def getTS(new=False): | ||
13 | if sysconf.get("rpm-dbpath"): | ||
14 | rpm.addMacro('_dbpath', "/" + sysconf.get("rpm-dbpath")) | ||
15 | getTS.ts = rpm.ts(getTS.root) | ||
16 | - if not sysconf.get("rpm-check-signatures", False): | ||
17 | - if hasattr(rpm, '_RPMVSF_NOSIGNATURES'): | ||
18 | - getTS.ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES) | ||
19 | - else: | ||
20 | - raise Error, _("rpm requires checking signatures") | ||
21 | + #if not sysconf.get("rpm-check-signatures", False): | ||
22 | + # if hasattr(rpm, '_RPMVSF_NOSIGNATURES'): | ||
23 | + # getTS.ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES) | ||
24 | + # else: | ||
25 | + # raise Error, _("rpm requires checking signatures") | ||
26 | rpm_dbpath = sysconf.get("rpm-dbpath", "var/lib/rpm") | ||
27 | dbdir = rpm_join_dbpath(getTS.root, rpm_dbpath) | ||
28 | if not os.path.isdir(dbdir): | ||
29 | @@ -89,11 +89,11 @@ def getTS(new=False): | ||
30 | if sysconf.get("rpm-dbpath"): | ||
31 | rpm.addMacro('_dbpath', "/" + sysconf.get("rpm-dbpath")) | ||
32 | ts = rpm.ts(getTS.root) | ||
33 | - if not sysconf.get("rpm-check-signatures", False): | ||
34 | - if hasattr(rpm, '_RPMVSF_NOSIGNATURES'): | ||
35 | - ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES) | ||
36 | - else: | ||
37 | - raise Error, _("rpm requires checking signatures") | ||
38 | + #if not sysconf.get("rpm-check-signatures", False): | ||
39 | + # if hasattr(rpm, '_RPMVSF_NOSIGNATURES'): | ||
40 | + # ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES) | ||
41 | + # else: | ||
42 | + # raise Error, _("rpm requires checking signatures") | ||
43 | return ts | ||
44 | else: | ||
45 | return getTS.ts | ||
46 | diff --git a/smart/plugins/yumchannelsync.py b/smart/plugins/yumchannelsync.py | ||
47 | --- a/smart/plugins/yumchannelsync.py | ||
48 | +++ b/smart/plugins/yumchannelsync.py | ||
49 | @@ -56,8 +56,8 @@ def _getreleasever(): | ||
50 | |||
51 | rpmroot = sysconf.get("rpm-root", "/") | ||
52 | ts = rpmUtils.transaction.initReadOnlyTransaction(root=rpmroot) | ||
53 | - if hasattr(rpm, '_RPMVSF_NOSIGNATURES') and hasattr(rpm, '_RPMVSF_NODIGESTS'): | ||
54 | - ts.pushVSFlags(~(rpm._RPMVSF_NOSIGNATURES|rpm._RPMVSF_NODIGESTS)) | ||
55 | + #if hasattr(rpm, '_RPMVSF_NOSIGNATURES') and hasattr(rpm, '_RPMVSF_NODIGESTS'): | ||
56 | + # ts.pushVSFlags(~(rpm._RPMVSF_NOSIGNATURES|rpm._RPMVSF_NODIGESTS)) | ||
57 | releasever = None | ||
58 | # HACK: we're hard-coding the most used distros, will add more if needed | ||
59 | idx = ts.dbMatch('provides', 'fedora-release') | ||
diff --git a/meta/recipes-devtools/python/python-smartpm/smartpm-rpm5-support-check-signatures.patch b/meta/recipes-devtools/python/python-smartpm/smartpm-rpm5-support-check-signatures.patch new file mode 100644 index 0000000000..4067a90a08 --- /dev/null +++ b/meta/recipes-devtools/python/python-smartpm/smartpm-rpm5-support-check-signatures.patch | |||
@@ -0,0 +1,112 @@ | |||
1 | From 5b79e28bd70a0ec5b34c5ff19b66cbbdd1e48835 Mon Sep 17 00:00:00 2001 | ||
2 | From: Haiqing Bai <Haiqing.Bai@windriver.com> | ||
3 | Date: Fri, 18 Mar 2016 13:34:07 +0800 | ||
4 | Subject: [PATCH] Make smartpm to support check signatures of rpmv5. | ||
5 | |||
6 | The original support for 'rpm-check-signatures' has been | ||
7 | disabled for the RPMv5 does not support '_RPMVSF_NOSIGNATURES' | ||
8 | now. This fix replaces the '_RPMVSF_NOSIGNATURES' with | ||
9 | rpm VS flags set:RPMVSF_NODSAHEADER|RPMVSF_NORSAHEADER| | ||
10 | RPMVSF_NODSA|RPMVSF_NORSA. | ||
11 | |||
12 | Upstream-Status: Pending | ||
13 | Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> | ||
14 | --- | ||
15 | smart/backends/rpm/base.py | 43 +++++++++++++++++++++++++++++++---------- | ||
16 | smart/backends/rpm/pm.py | 2 +- | ||
17 | smart/plugins/yumchannelsync.py | 5 +++-- | ||
18 | 3 files changed, 37 insertions(+), 13 deletions(-) | ||
19 | |||
20 | diff --git a/smart/backends/rpm/base.py b/smart/backends/rpm/base.py | ||
21 | index 85f4d49..dbd6165 100644 | ||
22 | --- a/smart/backends/rpm/base.py | ||
23 | +++ b/smart/backends/rpm/base.py | ||
24 | @@ -63,11 +63,23 @@ def getTS(new=False): | ||
25 | if sysconf.get("rpm-dbpath"): | ||
26 | rpm.addMacro('_dbpath', "/" + sysconf.get("rpm-dbpath")) | ||
27 | getTS.ts = rpm.ts(getTS.root) | ||
28 | - if not sysconf.get("rpm-check-signatures", False): | ||
29 | - if hasattr(rpm, '_RPMVSF_NOSIGNATURES'): | ||
30 | - getTS.ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES) | ||
31 | - else: | ||
32 | - raise Error, _("rpm requires checking signatures") | ||
33 | + | ||
34 | + # _RPMVSF_NOSIGNATURES is not supported in RPMv5, so here uses | ||
35 | + # RPMVSF_NODSAHEADER|RPMVSF_NORSAHEADER|RPMVSF_NODSA|RPMVSF_NORSA | ||
36 | + # to replace '_RPMVSF_NOSIGNATURES' to continue to support check | ||
37 | + # rpm signatures | ||
38 | + | ||
39 | + #if not sysconf.get("rpm-check-signatures", False): | ||
40 | + # if hasattr(rpm, '_RPMVSF_NOSIGNATURES'): | ||
41 | + # getTS.ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES) | ||
42 | + # else: | ||
43 | + # raise Error, _("rpm requires checking signatures") | ||
44 | + if sysconf.get("rpm-check-signatures") == False: | ||
45 | + getTS.ts.setVSFlags(rpm.RPMVSF_NODSAHEADER|rpm.RPMVSF_NORSAHEADER|\ | ||
46 | + rpm.RPMVSF_NODSA|rpm.RPMVSF_NORSA) | ||
47 | + else: | ||
48 | + getTS.ts.setVSFlags(0) | ||
49 | + | ||
50 | rpm_dbpath = sysconf.get("rpm-dbpath", "var/lib/rpm") | ||
51 | dbdir = rpm_join_dbpath(getTS.root, rpm_dbpath) | ||
52 | if not os.path.isdir(dbdir): | ||
53 | @@ -89,11 +101,22 @@ def getTS(new=False): | ||
54 | if sysconf.get("rpm-dbpath"): | ||
55 | rpm.addMacro('_dbpath', "/" + sysconf.get("rpm-dbpath")) | ||
56 | ts = rpm.ts(getTS.root) | ||
57 | - if not sysconf.get("rpm-check-signatures", False): | ||
58 | - if hasattr(rpm, '_RPMVSF_NOSIGNATURES'): | ||
59 | - ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES) | ||
60 | - else: | ||
61 | - raise Error, _("rpm requires checking signatures") | ||
62 | + | ||
63 | + # _RPMVSF_NOSIGNATURES is not supported in RPMv5, so here uses | ||
64 | + # RPMVSF_NODSAHEADER|RPMVSF_NORSAHEADER|RPMVSF_NODSA|RPMVSF_NORSA | ||
65 | + # to replace '_RPMVSF_NOSIGNATURES' to continue to support check | ||
66 | + # rpm signatures | ||
67 | + | ||
68 | + #if not sysconf.get("rpm-check-signatures", False): | ||
69 | + # if hasattr(rpm, '_RPMVSF_NOSIGNATURES'): | ||
70 | + # ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES) | ||
71 | + # else: | ||
72 | + # raise Error, _("rpm requires checking signatures") | ||
73 | + if sysconf.get("rpm-check-signatures") == False: | ||
74 | + ts.setVSFlags(rpm.RPMVSF_NODSAHEADER|rpm.RPMVSF_NORSAHEADER|\ | ||
75 | + rpm.RPMVSF_NODSA|rpm.RPMVSF_NORSA) | ||
76 | + else: | ||
77 | + ts.setVSFlags(0) | ||
78 | return ts | ||
79 | else: | ||
80 | return getTS.ts | ||
81 | diff --git a/smart/backends/rpm/pm.py b/smart/backends/rpm/pm.py | ||
82 | index b57a844..7b651b5 100644 | ||
83 | --- a/smart/backends/rpm/pm.py | ||
84 | +++ b/smart/backends/rpm/pm.py | ||
85 | @@ -180,7 +180,7 @@ class RPMPackageManager(PackageManager): | ||
86 | fd = os.open(path, os.O_RDONLY) | ||
87 | try: | ||
88 | h = ts.hdrFromFdno(fd) | ||
89 | - if sysconf.get("rpm-check-signatures", False): | ||
90 | + if sysconf.get("rpm-check-signatures", True): | ||
91 | if get_public_key(h) == '(none)': | ||
92 | raise rpm.error('package is not signed') | ||
93 | except rpm.error, e: | ||
94 | diff --git a/smart/plugins/yumchannelsync.py b/smart/plugins/yumchannelsync.py | ||
95 | index f8107e6..2dc5482 100644 | ||
96 | --- a/smart/plugins/yumchannelsync.py | ||
97 | +++ b/smart/plugins/yumchannelsync.py | ||
98 | @@ -56,8 +56,9 @@ def _getreleasever(): | ||
99 | |||
100 | rpmroot = sysconf.get("rpm-root", "/") | ||
101 | ts = rpmUtils.transaction.initReadOnlyTransaction(root=rpmroot) | ||
102 | - if hasattr(rpm, '_RPMVSF_NOSIGNATURES') and hasattr(rpm, '_RPMVSF_NODIGESTS'): | ||
103 | - ts.pushVSFlags(~(rpm._RPMVSF_NOSIGNATURES|rpm._RPMVSF_NODIGESTS)) | ||
104 | + #_RPMVSF_NOSIGNATURES is not supported in RPMv5 | ||
105 | + #if hasattr(rpm, '_RPMVSF_NOSIGNATURES') and hasattr(rpm, '_RPMVSF_NODIGESTS'): | ||
106 | + # ts.pushVSFlags(~(rpm._RPMVSF_NOSIGNATURES|rpm._RPMVSF_NODIGESTS)) | ||
107 | releasever = None | ||
108 | # HACK: we're hard-coding the most used distros, will add more if needed | ||
109 | idx = ts.dbMatch('provides', 'fedora-release') | ||
110 | -- | ||
111 | 1.9.1 | ||
112 | |||
diff --git a/meta/recipes-devtools/python/python-smartpm_git.bb b/meta/recipes-devtools/python/python-smartpm_git.bb index d9fb271228..81e45b7aff 100644 --- a/meta/recipes-devtools/python/python-smartpm_git.bb +++ b/meta/recipes-devtools/python/python-smartpm_git.bb | |||
@@ -13,7 +13,6 @@ SRCNAME = "smart" | |||
13 | 13 | ||
14 | SRC_URI = "\ | 14 | SRC_URI = "\ |
15 | git://github.com/smartpm/smart.git \ | 15 | git://github.com/smartpm/smart.git \ |
16 | file://smartpm-rpm5-nodig.patch \ | ||
17 | file://smart-recommends.patch \ | 16 | file://smart-recommends.patch \ |
18 | file://smart-channelsdir.patch \ | 17 | file://smart-channelsdir.patch \ |
19 | file://smart-rpm-transaction-failure-check.patch \ | 18 | file://smart-rpm-transaction-failure-check.patch \ |
@@ -25,6 +24,7 @@ SRC_URI = "\ | |||
25 | file://smart-cache.py-getPackages-matches-name-version.patch \ | 24 | file://smart-cache.py-getPackages-matches-name-version.patch \ |
26 | file://smart-channel-remove-all.patch \ | 25 | file://smart-channel-remove-all.patch \ |
27 | file://smart-locale.patch \ | 26 | file://smart-locale.patch \ |
27 | file://smartpm-rpm5-support-check-signatures.patch \ | ||
28 | " | 28 | " |
29 | 29 | ||
30 | SRCREV = "407a7eca766431257dcd1da15175cc36a1bb22d0" | 30 | SRCREV = "407a7eca766431257dcd1da15175cc36a1bb22d0" |