From 2c28c2bd4f967d66e9055471c538466e8687e207 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Fri, 30 Sep 2022 13:47:00 +0800 Subject: rpm: update 4.17.0 -> 4.17.1 (From OE-Core rev: 826eb17fe741d38be24d31f3bba35074e404a414) (From OE-Core rev: 49a875322110e5c9d90d99473a0e3f874e42739c) Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie --- .../rpm/files/0001-CVE-2021-3521.patch | 57 ---- ...code-lib-rpm-as-the-installation-path-for.patch | 14 +- ...c-add-linux-gnux32-variant-to-triplet-han.patch | 31 ++ .../rpm/files/0002-CVE-2021-3521.patch | 64 ---- .../rpm/files/0003-CVE-2021-3521.patch | 329 --------------------- meta/recipes-devtools/rpm/rpm_4.17.0.bb | 208 ------------- meta/recipes-devtools/rpm/rpm_4.17.1.bb | 206 +++++++++++++ 7 files changed, 244 insertions(+), 665 deletions(-) delete mode 100644 meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch create mode 100644 meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch delete mode 100644 meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch delete mode 100644 meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch delete mode 100644 meta/recipes-devtools/rpm/rpm_4.17.0.bb create mode 100644 meta/recipes-devtools/rpm/rpm_4.17.1.bb diff --git a/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch deleted file mode 100644 index 044b4dd2a0..0000000000 --- a/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 9a6871126f472feea057d5f803505ec8cc78f083 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Thu, 30 Sep 2021 09:56:20 +0300 -Subject: [PATCH 1/3] Refactor pgpDigParams construction to helper function - -No functional changes, just to reduce code duplication and needed by -the following commits. - -CVE: CVE-2021-3521 -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/9f03f42e2] - -Signed-off-by: Changqing Li ---- - rpmio/rpmpgp.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index d0688ebe9a..e472b5320f 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -1041,6 +1041,13 @@ unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype) - return algo; - } - -+static pgpDigParams pgpDigParamsNew(uint8_t tag) -+{ -+ pgpDigParams digp = xcalloc(1, sizeof(*digp)); -+ digp->tag = tag; -+ return digp; -+} -+ - int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - pgpDigParams * ret) - { -@@ -1058,8 +1065,7 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - if (pkttype && pkt.tag != pkttype) { - break; - } else { -- digp = xcalloc(1, sizeof(*digp)); -- digp->tag = pkt.tag; -+ digp = pgpDigParamsNew(pkt.tag); - } - } - -@@ -1105,8 +1111,7 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen, - digps = xrealloc(digps, alloced * sizeof(*digps)); - } - -- digps[count] = xcalloc(1, sizeof(**digps)); -- digps[count]->tag = PGPTAG_PUBLIC_SUBKEY; -+ digps[count] = pgpDigParamsNew(PGPTAG_PUBLIC_SUBKEY); - /* Copy UID from main key to subkey */ - digps[count]->userid = xstrdup(mainkey->userid); - --- -2.17.1 - diff --git a/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch b/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch index 6d236ac400..c6cf9d4c88 100644 --- a/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch +++ b/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch @@ -1,4 +1,4 @@ -From 8d013fe154a162305f76141151baf767dd04b598 Mon Sep 17 00:00:00 2001 +From 4ab6a4c5bbad65c3401016bb26b87214cdd0c59b Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Mon, 27 Feb 2017 09:43:30 +0200 Subject: [PATCH] Do not hardcode "lib/rpm" as the installation path for @@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac -index eb7d6941b..10a889b5d 100644 +index 372875fc4..1b7add9ee 100644 --- a/configure.ac +++ b/configure.ac -@@ -871,7 +871,7 @@ else +@@ -884,7 +884,7 @@ else usrprefix=$prefix fi @@ -27,10 +27,10 @@ index eb7d6941b..10a889b5d 100644 AC_SUBST(OBJDUMP) diff --git a/macros.in b/macros.in -index a1f795e5f..689e784ef 100644 +index d53ab5ed5..9d10441c8 100644 --- a/macros.in +++ b/macros.in -@@ -933,7 +933,7 @@ package or when debugging this package.\ +@@ -911,7 +911,7 @@ package or when debugging this package.\ %_sharedstatedir %{_prefix}/com %_localstatedir %{_prefix}/var %_lib lib @@ -40,7 +40,7 @@ index a1f795e5f..689e784ef 100644 %_infodir %{_datadir}/info %_mandir %{_datadir}/man diff --git a/rpm.am b/rpm.am -index 7b57f433b..9bbb9ee96 100644 +index ebe4e40d1..e6920e258 100644 --- a/rpm.am +++ b/rpm.am @@ -1,10 +1,10 @@ @@ -55,4 +55,4 @@ index 7b57f433b..9bbb9ee96 100644 +rpmconfigdir = $(libdir)/rpm # Libtool version (current-revision-age) for all our libraries - rpm_version_info = 11:0:2 + rpm_version_info = 12:0:3 diff --git a/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch b/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch new file mode 100644 index 0000000000..2174a79e75 --- /dev/null +++ b/meta/recipes-devtools/rpm/files/0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch @@ -0,0 +1,31 @@ +From 8f51462d41d8fe942d5d0a06f08d47f625141995 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin +Date: Thu, 4 Aug 2022 12:15:08 +0200 +Subject: [PATCH] configure.ac: add linux-gnux32 variant to triplet handling + +x32 is a 64 bit x86 ABI with 32 bit pointers. + +Upstream-Status: Submitted [https://github.com/rpm-software-management/rpm/pull/2143] +Signed-off-by: Alexander Kanavin +--- + configure.ac | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 372875fc49..7d6a3d274e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -845,6 +845,10 @@ if echo "$host_os" | grep '.*-gnuabi64$' > /dev/null ; then + host_os=`echo "${host_os}" | sed 's/-gnuabi64$//'` + host_os_gnu=-gnuabi64 + fi ++if echo "$host_os" | grep '.*-gnux32$' > /dev/null ; then ++ host_os=`echo "${host_os}" | sed 's/-gnux32$//'` ++ host_os_gnu=-gnux32 ++fi + if echo "$host_os" | grep '.*-gnu$' > /dev/null ; then + host_os=`echo "${host_os}" | sed 's/-gnu$//'` + fi +-- +2.30.2 + diff --git a/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch deleted file mode 100644 index 683b57d455..0000000000 --- a/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch +++ /dev/null @@ -1,64 +0,0 @@ -From c4b1bee51bbdd732b94b431a951481af99117703 Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Thu, 30 Sep 2021 09:51:10 +0300 -Subject: [PATCH 2/3] Process MPI's from all kinds of signatures - -No immediate effect but needed by the following commits. - -CVE: CVE-2021-3521 -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/b5e8bc74b] - -Signed-off-by: Changqing Li - ---- - rpmio/rpmpgp.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index 25f67048fd..509e777e6d 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -543,7 +543,7 @@ pgpDigAlg pgpDigAlgFree(pgpDigAlg alg) - return NULL; - } - --static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, -+static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, - const uint8_t *p, const uint8_t *h, size_t hlen, - pgpDigParams sigp) - { -@@ -556,10 +556,8 @@ static int pgpPrtSigParams(pgpTag tag, uint8_t pubkey_algo, uint8_t sigtype, - int mpil = pgpMpiLen(p); - if (pend - p < mpil) - break; -- if (sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT) { -- if (sigalg->setmpi(sigalg, i, p)) -- break; -- } -+ if (sigalg->setmpi(sigalg, i, p)) -+ break; - p += mpil; - } - -@@ -619,7 +617,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, - } - - p = ((uint8_t *)v) + sizeof(*v); -- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp); -+ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); - } break; - case 4: - { pgpPktSigV4 v = (pgpPktSigV4)h; -@@ -677,8 +675,7 @@ static int pgpPrtSig(pgpTag tag, const uint8_t *h, size_t hlen, - p += 2; - if (p > hend) - return 1; -- -- rc = pgpPrtSigParams(tag, v->pubkey_algo, v->sigtype, p, h, hlen, _digp); -+ rc = pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp); - } break; - default: - rpmlog(RPMLOG_WARNING, _("Unsupported version of signature: V%d\n"), version); --- -2.17.1 - diff --git a/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch deleted file mode 100644 index a5ec802501..0000000000 --- a/meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch +++ /dev/null @@ -1,329 +0,0 @@ -From 07676ca03ad8afcf1ca95a2353c83fbb1d970b9b Mon Sep 17 00:00:00 2001 -From: Panu Matilainen -Date: Thu, 30 Sep 2021 09:59:30 +0300 -Subject: [PATCH 3/3] Validate and require subkey binding signatures on PGP - public keys - -All subkeys must be followed by a binding signature by the primary key -as per the OpenPGP RFC, enforce the presence and validity in the parser. - -The implementation is as kludgey as they come to work around our -simple-minded parser structure without touching API, to maximise -backportability. Store all the raw packets internally as we decode them -to be able to access previous elements at will, needed to validate ordering -and access the actual data. Add testcases for manipulated keys whose -import previously would succeed. - -Depends on the two previous commits: -7b399fcb8f52566e6f3b4327197a85facd08db91 and -236b802a4aa48711823a191d1b7f753c82a89ec5 - -Fixes CVE-2021-3521. - -Upstream-Status: Backport [https://github.com/rpm-software-management/rpm/commit/bd36c5dc9] -CVE:CVE-2021-3521 - -Signed-off-by: Changqing Li - ---- - rpmio/rpmpgp.c | 99 +++++++++++++++++-- - tests/Makefile.am | 3 + - tests/data/keys/CVE-2021-3521-badbind.asc | 25 +++++ - .../data/keys/CVE-2021-3521-nosubsig-last.asc | 25 +++++ - tests/data/keys/CVE-2021-3521-nosubsig.asc | 37 +++++++ - tests/rpmsigdig.at | 28 ++++++ - 6 files changed, 209 insertions(+), 8 deletions(-) - create mode 100644 tests/data/keys/CVE-2021-3521-badbind.asc - create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig-last.asc - create mode 100644 tests/data/keys/CVE-2021-3521-nosubsig.asc - -diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c -index 509e777e6d..371ad4d9b6 100644 ---- a/rpmio/rpmpgp.c -+++ b/rpmio/rpmpgp.c -@@ -1061,33 +1061,116 @@ static pgpDigParams pgpDigParamsNew(uint8_t tag) - return digp; - } - -+static int hashKey(DIGEST_CTX hash, const struct pgpPkt *pkt, int exptag) -+{ -+ int rc = -1; -+ if (pkt->tag == exptag) { -+ uint8_t head[] = { -+ 0x99, -+ (pkt->blen >> 8), -+ (pkt->blen ), -+ }; -+ -+ rpmDigestUpdate(hash, head, 3); -+ rpmDigestUpdate(hash, pkt->body, pkt->blen); -+ rc = 0; -+ } -+ return rc; -+} -+ -+static int pgpVerifySelf(pgpDigParams key, pgpDigParams selfsig, -+ const struct pgpPkt *all, int i) -+{ -+ int rc = -1; -+ DIGEST_CTX hash = NULL; -+ -+ switch (selfsig->sigtype) { -+ case PGPSIGTYPE_SUBKEY_BINDING: -+ hash = rpmDigestInit(selfsig->hash_algo, 0); -+ if (hash) { -+ rc = hashKey(hash, &all[0], PGPTAG_PUBLIC_KEY); -+ if (!rc) -+ rc = hashKey(hash, &all[i-1], PGPTAG_PUBLIC_SUBKEY); -+ } -+ break; -+ default: -+ /* ignore types we can't handle */ -+ rc = 0; -+ break; -+ } -+ -+ if (hash && rc == 0) -+ rc = pgpVerifySignature(key, selfsig, hash); -+ -+ rpmDigestFinal(hash, NULL, NULL, 0); -+ -+ return rc; -+} -+ - int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype, - pgpDigParams * ret) - { - const uint8_t *p = pkts; - const uint8_t *pend = pkts + pktlen; - pgpDigParams digp = NULL; -- struct pgpPkt pkt; -+ pgpDigParams selfsig = NULL; -+ int i = 0; -+ int alloced = 16; /* plenty for normal cases */ -+ struct pgpPkt *all = xmalloc(alloced * sizeof(*all)); - int rc = -1; /* assume failure */ -+ int expect = 0; -+ int prevtag = 0; - - while (p < pend) { -- if (decodePkt(p, (pend - p), &pkt)) -+ struct pgpPkt *pkt = &all[i]; -+ if (decodePkt(p, (pend - p), pkt)) - break; - - if (digp == NULL) { -- if (pkttype && pkt.tag != pkttype) { -+ if (pkttype && pkt->tag != pkttype) { - break; - } else { -- digp = pgpDigParamsNew(pkt.tag); -+ digp = pgpDigParamsNew(pkt->tag); - } - } - -- if (pgpPrtPkt(&pkt, digp)) -+ if (expect) { -+ if (pkt->tag != expect) -+ break; -+ selfsig = pgpDigParamsNew(pkt->tag); -+ } -+ if (pgpPrtPkt(pkt, selfsig ? selfsig : digp)) - break; - -- p += (pkt.body - pkt.head) + pkt.blen; -- if (pkttype == PGPTAG_SIGNATURE) -- break; -+ if (selfsig) { -+ /* subkeys must be followed by binding signature */ -+ if (prevtag == PGPTAG_PUBLIC_SUBKEY) { -+ if (selfsig->sigtype != PGPSIGTYPE_SUBKEY_BINDING) -+ break; -+ } -+ -+ int xx = pgpVerifySelf(digp, selfsig, all, i); -+ -+ selfsig = pgpDigParamsFree(selfsig); -+ if (xx) -+ break; -+ expect = 0; -+ } -+ -+ if (pkt->tag == PGPTAG_PUBLIC_SUBKEY) -+ expect = PGPTAG_SIGNATURE; -+ prevtag = pkt->tag; -+ -+ i++; -+ p += (pkt->body - pkt->head) + pkt->blen; -+ if (pkttype == PGPTAG_SIGNATURE) -+ break; -+ -+ if (alloced <= i) { -+ alloced *= 2; -+ all = xrealloc(all, alloced * sizeof(*all)); -+ } -+ - } - - rc = (digp && (p == pend)) ? 0 : -1; -diff --git a/tests/Makefile.am b/tests/Makefile.am -index a41ce10de8..7bb23247f1 100644 ---- a/tests/Makefile.am -+++ b/tests/Makefile.am -@@ -107,6 +107,9 @@ EXTRA_DIST += data/SPECS/hello-config-buildid.spec - EXTRA_DIST += data/SPECS/hello-cd.spec - EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.pub - EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.secret -+EXTRA_DIST += data/keys/CVE-2021-3521-badbind.asc -+EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig.asc -+EXTRA_DIST += data/keys/CVE-2022-3521-nosubsig-last.asc - EXTRA_DIST += data/macros.testfile - EXTRA_DIST += data/macros.debug - EXTRA_DIST += data/SOURCES/foo.c -diff --git a/tests/data/keys/CVE-2021-3521-badbind.asc b/tests/data/keys/CVE-2021-3521-badbind.asc -new file mode 100644 -index 0000000000..aea00f9d7a ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-badbind.asc -@@ -0,0 +1,25 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE= -+=WCfs -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/data/keys/CVE-2021-3521-nosubsig-last.asc b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc -new file mode 100644 -index 0000000000..aea00f9d7a ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-nosubsig-last.asc -@@ -0,0 +1,25 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAE= -+=WCfs -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/data/keys/CVE-2021-3521-nosubsig.asc b/tests/data/keys/CVE-2021-3521-nosubsig.asc -new file mode 100644 -index 0000000000..3a2e7417f8 ---- /dev/null -+++ b/tests/data/keys/CVE-2021-3521-nosubsig.asc -@@ -0,0 +1,37 @@ -+-----BEGIN PGP PUBLIC KEY BLOCK----- -+Version: rpm-4.17.90 (NSS-3) -+ -+mQENBFjmORgBCAC7TMEk6wnjSs8Dr4yqSScWdU2pjcqrkTxuzdWvowcIUPZI0w/g -+HkRqGd4apjvY2V15kjL10gk3QhFP3pZ/9p7zh8o8NHX7aGdSGDK7NOq1eFaErPRY -+91LW9RiZ0lbOjXEzIL0KHxUiTQEmdXJT43DJMFPyW9fkCWg0OltiX618FUdWWfI8 -+eySdLur1utnqBvdEbCUvWK2RX3vQZQdvEBODnNk2pxqTyV0w6VPQ96W++lF/5Aas -+7rUv3HIyIXxIggc8FRrnH+y9XvvHDonhTIlGnYZN4ubm9i4y3gOkrZlGTrEw7elQ -+1QeMyG2QQEbze8YjpTm4iLABCBrRfPRaQpwrABEBAAG0IXJwbS5vcmcgUlNBIHRl -+c3RrZXkgPHJzYUBycG0ub3JnPokBNwQTAQgAIQUCWOY5GAIbAwULCQgHAgYVCAkK -+CwIEFgIDAQIeAQIXgAAKCRBDRFkeGWTF/MxxCACnjqFL+MmPh9W9JQKT2DcLbBzf -+Cqo6wcEBoCOcwgRSk8dSikhARoteoa55JRJhuMyeKhhEAogE9HRmCPFdjezFTwgB -+BDVBpO2dZ023mLXDVCYX3S8pShOgCP6Tn4wqCnYeAdLcGg106N4xcmgtcssJE+Pr -+XzTZksbZsrTVEmL/Ym+R5w5jBfFnGk7Yw7ndwfQsfNXQb5AZynClFxnX546lcyZX -+fEx3/e6ezw57WNOUK6WT+8b+EGovPkbetK/rGxNXuWaP6X4A/QUm8O98nCuHYFQq -++mvNdsCBqGf7mhaRGtpHk/JgCn5rFvArMDqLVrR9hX0LdCSsH7EGE+bR3r7wuQEN -+BFjmORgBCACk+vDZrIXQuFXEYToZVwb2attzbbJJCqD71vmZTLsW0QxuPKRgbcYY -+zp4K4lVBnHhFrF8MOUOxJ7kQWIJZMZFt+BDcptCYurbD2H4W2xvnWViiC+LzCMzz -+iMJT6165uefL4JHTDPxC2fFiM9yrc72LmylJNkM/vepT128J5Qv0gRUaQbHiQuS6 -+Dm/+WRnUfx3i89SV4mnBxb/Ta93GVqoOciWwzWSnwEnWYAvOb95JL4U7c5J5f/+c -+KnQDHsW7sIiIdscsWzvgf6qs2Ra1Zrt7Fdk4+ZS2f/adagLhDO1C24sXf5XfMk5m -+L0OGwZSr9m5s17VXxfspgU5ugc8kBJfzABEBAAG5AQ0EWOY5GAEIAKT68NmshdC4 -+VcRhOhlXBvZq23NtskkKoPvW+ZlMuxbRDG48pGBtxhjOngriVUGceEWsXww5Q7En -+uRBYglkxkW34ENym0Ji6tsPYfhbbG+dZWKIL4vMIzPOIwlPrXrm558vgkdMM/ELZ -+8WIz3KtzvYubKUk2Qz+96lPXbwnlC/SBFRpBseJC5LoOb/5ZGdR/HeLz1JXiacHF -+v9Nr3cZWqg5yJbDNZKfASdZgC85v3kkvhTtzknl//5wqdAMexbuwiIh2xyxbO+B/ -+qqzZFrVmu3sV2Tj5lLZ/9p1qAuEM7ULbixd/ld8yTmYvQ4bBlKv2bmzXtVfF+ymB -+Tm6BzyQEl/MAEQEAAYkBHwQYAQgACQUCWOY5GAIbDAAKCRBDRFkeGWTF/PANB/9j -+mifmj6z/EPe0PJFhrpISt9PjiUQCt0IPtiL5zKAkWjHePIzyi+0kCTBF6DDLFxos -+3vN4bWnVKT1kBhZAQlPqpJTg+m74JUYeDGCdNx9SK7oRllATqyu+5rncgxjWVPnQ -+zu/HRPlWJwcVFYEVXYL8xzfantwQTqefjmcRmBRdA2XJITK+hGWwAmrqAWx+q5xX -+Pa8wkNMxVzNS2rUKO9SoVuJ/wlUvfoShkJ/VJ5HDp3qzUqncADfdGN35TDzscngQ -+gHvnMwVBfYfSCABV1hNByoZcc/kxkrWMmsd/EnIyLd1Q1baKqc3cEDuC6E6/o4yJ -+E4XX4jtDmdZPreZALsiB -+=rRop -+-----END PGP PUBLIC KEY BLOCK----- -+ -diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at -index 8e7c759b8f..e2d30a7f1b 100644 ---- a/tests/rpmsigdig.at -+++ b/tests/rpmsigdig.at -@@ -2,6 +2,34 @@ - - AT_BANNER([RPM signatures and digests]) - -+AT_SETUP([rpmkeys --import invalid keys]) -+AT_KEYWORDS([rpmkeys import]) -+RPMDB_INIT -+ -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-badbind.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-badbind.asc: key 1 import failed.] -+) -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-nosubsig.asc: key 1 import failed.] -+) -+ -+AT_CHECK([ -+runroot rpmkeys --import /data/keys/CVE-2021-3521-nosubsig-last.asc -+], -+[1], -+[], -+[error: /data/keys/CVE-2021-3521-nosubsig-last.asc: key 1 import failed.] -+) -+AT_CLEANUP -+ - # ------------------------------ - # Test pre-built package verification - AT_SETUP([rpmkeys -Kv 1]) --- -2.17.1 - diff --git a/meta/recipes-devtools/rpm/rpm_4.17.0.bb b/meta/recipes-devtools/rpm/rpm_4.17.0.bb deleted file mode 100644 index c392ac0db4..0000000000 --- a/meta/recipes-devtools/rpm/rpm_4.17.0.bb +++ /dev/null @@ -1,208 +0,0 @@ -SUMMARY = "The RPM package management system" -DESCRIPTION = "The RPM Package Manager (RPM) is a powerful command line driven \ -package management system capable of installing, uninstalling, \ -verifying, querying, and updating software packages. Each software \ -package consists of an archive of files along with information about \ -the package like its version, a description, etc." - -SUMMARY:${PN}-dev = "Development files for manipulating RPM packages" -DESCRIPTION:${PN}-dev = "This package contains the RPM C library and header files. These \ -development files will simplify the process of writing programs that \ -manipulate RPM packages and databases. These files are intended to \ -simplify the process of creating graphical package managers or any \ -other tools that need an intimate knowledge of RPM packages in order \ -to function." - -SUMMARY:python3-rpm = "Python bindings for apps which will manupulate RPM packages" -DESCRIPTION:python3-rpm = "The python3-rpm package contains a module that permits applications \ -written in the Python programming language to use the interface \ -supplied by the RPM Package Manager libraries." - -HOMEPAGE = "http://www.rpm.org" - -# libraries are also LGPL - how to express this? -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=c4eec0c20c6034b9407a09945b48a43f" - -SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.17.x;protocol=https \ - file://environment.d-rpm.sh \ - file://0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch \ - file://0001-Do-not-read-config-files-from-HOME.patch \ - file://0001-When-cross-installing-execute-package-scriptlets-wit.patch \ - file://0001-Do-not-reset-the-PATH-environment-variable-before-ru.patch \ - file://0002-Add-support-for-prefixing-etc-from-RPM_ETCCONFIGDIR-.patch \ - file://0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch \ - file://0001-Add-a-color-setting-for-mips64_n32-binaries.patch \ - file://0001-perl-disable-auto-reqs.patch \ - file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \ - file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \ - file://0001-tools-Add-error.h-for-non-glibc-case.patch \ - file://0001-docs-do-not-build-manpages-requires-pandoc.patch \ - file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \ - file://0001-CVE-2021-3521.patch \ - file://0002-CVE-2021-3521.patch \ - file://0003-CVE-2021-3521.patch \ - " - -PE = "1" -SRCREV = "3e74e8ba2dd5e76a5353d238dc7fc38651ce27b3" - -S = "${WORKDIR}/git" - -DEPENDS = "lua libgcrypt file popt xz bzip2 elfutils python3" -DEPENDS:append:class-native = " file-replacement-native bzip2-replacement-native" - -inherit autotools gettext pkgconfig python3native -export PYTHON_ABI - -AUTOTOOLS_AUXDIR = "${S}/build-aux" - -# OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe -EXTRA_AUTORECONF:append = " --exclude=gnu-configize" - -# Vendor is detected differently on x86 and aarch64 hosts and can feed into target packages -EXTRA_OECONF:append = " --enable-python --with-crypto=libgcrypt --with-vendor=pc" -EXTRA_OECONF:append:libc-musl = " --disable-nls --disable-openmp" - -# --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs -# --localstatedir prevents rpm from writing its database to native sysroot when building images -# Forcibly disable plugins for native/nativesdk, as the inhibit and prioreset -# plugins both behave badly inside builds. -EXTRA_OECONF:append:class-native = " --sysconfdir=/etc --localstatedir=/var --disable-plugins" -EXTRA_OECONF:append:class-nativesdk = " --sysconfdir=/etc --disable-plugins" - -BBCLASSEXTEND = "native nativesdk" - -PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'inhibit', '', d)} sqlite zstd" -# The inhibit plugin serves no purpose outside of the target -PACKAGECONFIG:remove:class-native = "inhibit" -PACKAGECONFIG:remove:class-nativesdk = "inhibit" - -PACKAGECONFIG[imaevm] = "--with-imaevm,,ima-evm-utils" -PACKAGECONFIG[inhibit] = "--enable-inhibit-plugin,--disable-inhibit-plugin,dbus" -PACKAGECONFIG[rpm2archive] = "--with-archive,--without-archive,libarchive" -PACKAGECONFIG[sqlite] = "--enable-sqlite=yes,--enable-sqlite=no,sqlite3" -PACKAGECONFIG[ndb] = "--enable-ndb,--disable-ndb" -PACKAGECONFIG[bdb-ro] = "--enable-bdb-ro,--disable-bdb-ro" -PACKAGECONFIG[zstd] = "--enable-zstd=yes,--enable-zstd=no,zstd" - -ASNEEDED = "" - -# Direct rpm-native to read configuration from our sysroot, not the one it was compiled in -# libmagic also has sysroot path contamination, so override it - -WRAPPER_TOOLS = " \ - ${bindir}/rpm \ - ${bindir}/rpm2archive \ - ${bindir}/rpm2cpio \ - ${bindir}/rpmbuild \ - ${bindir}/rpmdb \ - ${bindir}/rpmgraph \ - ${bindir}/rpmkeys \ - ${bindir}/rpmsign \ - ${bindir}/rpmspec \ - ${libdir}/rpm/rpmdeps \ -" - -do_configure:prepend() { - mkdir -p ${S}/build-aux -} - -do_install:append:class-native() { - for tool in ${WRAPPER_TOOLS}; do - test -x ${D}$tool && create_wrapper ${D}$tool \ - RPM_CONFIGDIR=${STAGING_LIBDIR_NATIVE}/rpm \ - RPM_ETCCONFIGDIR=${STAGING_DIR_NATIVE} \ - MAGIC=${STAGING_DIR_NATIVE}${datadir_native}/misc/magic.mgc \ - RPM_NO_CHROOT_FOR_SCRIPTS=1 - done -} - -do_install:append:class-nativesdk() { - for tool in ${WRAPPER_TOOLS}; do - test -x ${D}$tool && create_wrapper ${D}$tool \ - RPM_CONFIGDIR='`dirname $''realpath`'/${@os.path.relpath(d.getVar('libdir'), d.getVar('bindir'))}/rpm \ - RPM_ETCCONFIGDIR='$'{RPM_ETCCONFIGDIR-'`dirname $''realpath`'/${@os.path.relpath(d.getVar('sysconfdir'), d.getVar('bindir'))}/..} \ - MAGIC='`dirname $''realpath`'/${@os.path.relpath(d.getVar('datadir'), d.getVar('bindir'))}/misc/magic.mgc \ - RPM_NO_CHROOT_FOR_SCRIPTS=1 - done - - rm -rf ${D}/var - - mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d - install -m 644 ${WORKDIR}/environment.d-rpm.sh ${D}${SDKPATHNATIVE}/environment-setup.d/rpm.sh -} - -# Rpm's make install creates var/tmp which clashes with base-files packaging -do_install:append:class-target() { - rm -rf ${D}/var -} -do_install:append:class-nativesdk() { - rm -rf ${D}${SDKPATHNATIVE}/var -} - -do_install:append () { - sed -i -e 's:${HOSTTOOLS_DIR}/::g' \ - ${D}/${libdir}/rpm/macros - -} - -FILES:${PN} += "${libdir}/rpm-plugins/*.so \ - " -FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/rpm.sh" - -FILES:${PN}-dev += "${libdir}/rpm-plugins/*.la \ - " -PACKAGE_BEFORE_PN += "${PN}-build ${PN}-sign ${PN}-archive" - -RRECOMMENDS:${PN} += "rpm-sign rpm-archive" - -FILES:${PN}-build = "\ - ${bindir}/rpmbuild \ - ${bindir}/gendiff \ - ${bindir}/rpmspec \ - ${libdir}/librpmbuild.so.* \ - ${libdir}/rpm/brp-* \ - ${libdir}/rpm/check-* \ - ${libdir}/rpm/debugedit \ - ${libdir}/rpm/sepdebugcrcfix \ - ${libdir}/rpm/find-debuginfo.sh \ - ${libdir}/rpm/find-lang.sh \ - ${libdir}/rpm/*provides* \ - ${libdir}/rpm/*requires* \ - ${libdir}/rpm/*deps* \ - ${libdir}/rpm/*.prov \ - ${libdir}/rpm/*.req \ - ${libdir}/rpm/config.* \ - ${libdir}/rpm/mkinstalldirs \ - ${libdir}/rpm/macros.p* \ - ${libdir}/rpm/fileattrs/* \ -" - -FILES:${PN}-sign = "\ - ${bindir}/rpmsign \ - ${libdir}/librpmsign.so.* \ -" - -FILES:${PN}-archive = "\ - ${bindir}/rpm2archive \ -" - -PACKAGES += "python3-rpm" -PROVIDES += "python3-rpm" -FILES:python3-rpm = "${PYTHON_SITEPACKAGES_DIR}/rpm/*" - -RDEPENDS:${PN}-build = "bash perl python3-core" - -PACKAGE_PREPROCESS_FUNCS += "rpm_package_preprocess" - -# Do not specify a sysroot when compiling on a target. -rpm_package_preprocess () { - sed -i -e 's:--sysroot[^ ]*::g' \ - ${PKGD}/${libdir}/rpm/macros -} - -SSTATE_HASHEQUIV_FILEMAP = " \ - populate_sysroot:*/rpm/macros:${TMPDIR} \ - populate_sysroot:*/rpm/macros:${COREBASE} \ - " diff --git a/meta/recipes-devtools/rpm/rpm_4.17.1.bb b/meta/recipes-devtools/rpm/rpm_4.17.1.bb new file mode 100644 index 0000000000..9b6446f265 --- /dev/null +++ b/meta/recipes-devtools/rpm/rpm_4.17.1.bb @@ -0,0 +1,206 @@ +SUMMARY = "The RPM package management system" +DESCRIPTION = "The RPM Package Manager (RPM) is a powerful command line driven \ +package management system capable of installing, uninstalling, \ +verifying, querying, and updating software packages. Each software \ +package consists of an archive of files along with information about \ +the package like its version, a description, etc." + +SUMMARY:${PN}-dev = "Development files for manipulating RPM packages" +DESCRIPTION:${PN}-dev = "This package contains the RPM C library and header files. These \ +development files will simplify the process of writing programs that \ +manipulate RPM packages and databases. These files are intended to \ +simplify the process of creating graphical package managers or any \ +other tools that need an intimate knowledge of RPM packages in order \ +to function." + +SUMMARY:python3-rpm = "Python bindings for apps which will manupulate RPM packages" +DESCRIPTION:python3-rpm = "The python3-rpm package contains a module that permits applications \ +written in the Python programming language to use the interface \ +supplied by the RPM Package Manager libraries." + +HOMEPAGE = "http://www.rpm.org" + +# libraries are also LGPL - how to express this? +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=c4eec0c20c6034b9407a09945b48a43f" + +SRC_URI = "git://github.com/rpm-software-management/rpm;branch=rpm-4.17.x;protocol=https \ + file://environment.d-rpm.sh \ + file://0001-Do-not-add-an-unsatisfiable-dependency-when-building.patch \ + file://0001-Do-not-read-config-files-from-HOME.patch \ + file://0001-When-cross-installing-execute-package-scriptlets-wit.patch \ + file://0001-Do-not-reset-the-PATH-environment-variable-before-ru.patch \ + file://0002-Add-support-for-prefixing-etc-from-RPM_ETCCONFIGDIR-.patch \ + file://0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch \ + file://0001-Add-a-color-setting-for-mips64_n32-binaries.patch \ + file://0001-perl-disable-auto-reqs.patch \ + file://0016-rpmscript.c-change-logging-level-around-scriptlets-t.patch \ + file://0001-lib-transaction.c-fix-file-conflicts-for-MIPS64-N32.patch \ + file://0001-tools-Add-error.h-for-non-glibc-case.patch \ + file://0001-docs-do-not-build-manpages-requires-pandoc.patch \ + file://0001-build-pack.c-do-not-insert-payloadflags-into-.rpm-me.patch \ + file://0001-configure.ac-add-linux-gnux32-variant-to-triplet-han.patch \ + " + +PE = "1" +SRCREV = "5bef402da334595ed9302b8bca1acdf5e88bfe11" + +S = "${WORKDIR}/git" + +DEPENDS = "lua libgcrypt file popt xz bzip2 elfutils python3" +DEPENDS:append:class-native = " file-replacement-native bzip2-replacement-native" + +inherit autotools gettext pkgconfig python3native +export PYTHON_ABI + +AUTOTOOLS_AUXDIR = "${S}/build-aux" + +# OE-core patches autoreconf to additionally run gnu-configize, which fails with this recipe +EXTRA_AUTORECONF:append = " --exclude=gnu-configize" + +# Vendor is detected differently on x86 and aarch64 hosts and can feed into target packages +EXTRA_OECONF:append = " --enable-python --with-crypto=libgcrypt --with-vendor=pc" +EXTRA_OECONF:append:libc-musl = " --disable-nls --disable-openmp" + +# --sysconfdir prevents rpm from attempting to access machine-specific configuration in sysroot/etc; we need to have it in rootfs +# --localstatedir prevents rpm from writing its database to native sysroot when building images +# Forcibly disable plugins for native/nativesdk, as the inhibit and prioreset +# plugins both behave badly inside builds. +EXTRA_OECONF:append:class-native = " --sysconfdir=/etc --localstatedir=/var --disable-plugins" +EXTRA_OECONF:append:class-nativesdk = " --sysconfdir=/etc --disable-plugins" + +BBCLASSEXTEND = "native nativesdk" + +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'inhibit', '', d)} sqlite zstd" +# The inhibit plugin serves no purpose outside of the target +PACKAGECONFIG:remove:class-native = "inhibit" +PACKAGECONFIG:remove:class-nativesdk = "inhibit" + +PACKAGECONFIG[imaevm] = "--with-imaevm,,ima-evm-utils" +PACKAGECONFIG[inhibit] = "--enable-inhibit-plugin,--disable-inhibit-plugin,dbus" +PACKAGECONFIG[rpm2archive] = "--with-archive,--without-archive,libarchive" +PACKAGECONFIG[sqlite] = "--enable-sqlite=yes,--enable-sqlite=no,sqlite3" +PACKAGECONFIG[ndb] = "--enable-ndb,--disable-ndb" +PACKAGECONFIG[bdb-ro] = "--enable-bdb-ro,--disable-bdb-ro" +PACKAGECONFIG[zstd] = "--enable-zstd=yes,--enable-zstd=no,zstd" + +ASNEEDED = "" + +# Direct rpm-native to read configuration from our sysroot, not the one it was compiled in +# libmagic also has sysroot path contamination, so override it + +WRAPPER_TOOLS = " \ + ${bindir}/rpm \ + ${bindir}/rpm2archive \ + ${bindir}/rpm2cpio \ + ${bindir}/rpmbuild \ + ${bindir}/rpmdb \ + ${bindir}/rpmgraph \ + ${bindir}/rpmkeys \ + ${bindir}/rpmsign \ + ${bindir}/rpmspec \ + ${libdir}/rpm/rpmdeps \ +" + +do_configure:prepend() { + mkdir -p ${S}/build-aux +} + +do_install:append:class-native() { + for tool in ${WRAPPER_TOOLS}; do + test -x ${D}$tool && create_wrapper ${D}$tool \ + RPM_CONFIGDIR=${STAGING_LIBDIR_NATIVE}/rpm \ + RPM_ETCCONFIGDIR=${STAGING_DIR_NATIVE} \ + MAGIC=${STAGING_DIR_NATIVE}${datadir_native}/misc/magic.mgc \ + RPM_NO_CHROOT_FOR_SCRIPTS=1 + done +} + +do_install:append:class-nativesdk() { + for tool in ${WRAPPER_TOOLS}; do + test -x ${D}$tool && create_wrapper ${D}$tool \ + RPM_CONFIGDIR='`dirname $''realpath`'/${@os.path.relpath(d.getVar('libdir'), d.getVar('bindir'))}/rpm \ + RPM_ETCCONFIGDIR='$'{RPM_ETCCONFIGDIR-'`dirname $''realpath`'/${@os.path.relpath(d.getVar('sysconfdir'), d.getVar('bindir'))}/..} \ + MAGIC='`dirname $''realpath`'/${@os.path.relpath(d.getVar('datadir'), d.getVar('bindir'))}/misc/magic.mgc \ + RPM_NO_CHROOT_FOR_SCRIPTS=1 + done + + rm -rf ${D}/var + + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-rpm.sh ${D}${SDKPATHNATIVE}/environment-setup.d/rpm.sh +} + +# Rpm's make install creates var/tmp which clashes with base-files packaging +do_install:append:class-target() { + rm -rf ${D}/var +} +do_install:append:class-nativesdk() { + rm -rf ${D}${SDKPATHNATIVE}/var +} + +do_install:append () { + sed -i -e 's:${HOSTTOOLS_DIR}/::g' \ + ${D}/${libdir}/rpm/macros + +} + +FILES:${PN} += "${libdir}/rpm-plugins/*.so \ + " +FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/rpm.sh" + +FILES:${PN}-dev += "${libdir}/rpm-plugins/*.la \ + " +PACKAGE_BEFORE_PN += "${PN}-build ${PN}-sign ${PN}-archive" + +RRECOMMENDS:${PN} += "rpm-sign rpm-archive" + +FILES:${PN}-build = "\ + ${bindir}/rpmbuild \ + ${bindir}/gendiff \ + ${bindir}/rpmspec \ + ${libdir}/librpmbuild.so.* \ + ${libdir}/rpm/brp-* \ + ${libdir}/rpm/check-* \ + ${libdir}/rpm/debugedit \ + ${libdir}/rpm/sepdebugcrcfix \ + ${libdir}/rpm/find-debuginfo.sh \ + ${libdir}/rpm/find-lang.sh \ + ${libdir}/rpm/*provides* \ + ${libdir}/rpm/*requires* \ + ${libdir}/rpm/*deps* \ + ${libdir}/rpm/*.prov \ + ${libdir}/rpm/*.req \ + ${libdir}/rpm/config.* \ + ${libdir}/rpm/mkinstalldirs \ + ${libdir}/rpm/macros.p* \ + ${libdir}/rpm/fileattrs/* \ +" + +FILES:${PN}-sign = "\ + ${bindir}/rpmsign \ + ${libdir}/librpmsign.so.* \ +" + +FILES:${PN}-archive = "\ + ${bindir}/rpm2archive \ +" + +PACKAGES += "python3-rpm" +PROVIDES += "python3-rpm" +FILES:python3-rpm = "${PYTHON_SITEPACKAGES_DIR}/rpm/*" + +RDEPENDS:${PN}-build = "bash perl python3-core" + +PACKAGE_PREPROCESS_FUNCS += "rpm_package_preprocess" + +# Do not specify a sysroot when compiling on a target. +rpm_package_preprocess () { + sed -i -e 's:--sysroot[^ ]*::g' \ + ${PKGD}/${libdir}/rpm/macros +} + +SSTATE_HASHEQUIV_FILEMAP = " \ + populate_sysroot:*/rpm/macros:${TMPDIR} \ + populate_sysroot:*/rpm/macros:${COREBASE} \ + " -- cgit v1.2.3-54-g00ecf