2 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch b/meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch
new file mode 100644
index 0000000000..07a0cfa300
--- /dev/null
+++ b/meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch
@@ -0,0 +1,27 @@
+disable external key server
+Upstream-Status: Pending
+When RPM experiences a signed package, with a signature that it does NOT know.
+By default it will send the -fingerprint- (and only the 16 digit fingerprint) to
+an external HKP server, trying to get the key down.
+This is probably not a reasonable default behavior for the system to do, instead
+it should simply fail the key lookup.  If someone wants to enable the HKP server
+it's easy enough to do by enabling the necessary macros.
+Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+--- a/macros/macros.in
+++ b/macros/macros.in
+@@ -546,8 +546,8 @@ $_arbitrary_tags_tests      Foo:Bar
+ # Horowitz Key Protocol server configuration
+ #
+ #%_hkp_keyserver         hkp://keys.n3npq.net
+-%_hkp_keyserver         hkp://pool.sks-keyservers.net
+-%_hkp_keyserver_query   %{_hkp_keyserver}/pks/lookup?op=get&search=
+#%_hkp_keyserver         hkp://pool.sks-keyservers.net
+#%_hkp_keyserver_query   %{_hkp_keyserver}/pks/lookup?op=get&search=
+ 
+ 
+ %_nssdb_path   /etc/pki/nssdb
diff --git a/meta/recipes-devtools/rpm/rpm_5.4.14.bb b/meta/recipes-devtools/rpm/rpm_5.4.14.bb
index 2e17a91137..bff0687e6c 100644
--- a/meta/recipes-devtools/rpm/rpm_5.4.14.bb
+++ b/meta/recipes-devtools/rpm/rpm_5.4.14.bb
@@ -94,6 +94,7 @@ SRC_URI = "http://www.rpm5.org/files/rpm/rpm-5.4/rpm-5.4.14-0.20131024.src.rpm;e
           file://no-ldflags-in-pkgconfig.patch \
           file://rpm-lua-fix-print.patch \
           file://rpm-check-rootpath-reasonableness.patch \
+           file://rpm-macros.in-disable-external-key-server.patch \
          "
 # Uncomment the following line to enable platform score debugging

diff --git a/meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch b/meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch new file mode 100644 index 0000000000..07a0cfa300 --- /dev/null +++ b/meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch
@@ -0,0 +1,27 @@
		1	disable external key server
		2
		3	Upstream-Status: Pending
		4
		5	When RPM experiences a signed package, with a signature that it does NOT know.
		6	By default it will send the -fingerprint- (and only the 16 digit fingerprint) to
		7	an external HKP server, trying to get the key down.
		8
		9	This is probably not a reasonable default behavior for the system to do, instead
		10	it should simply fail the key lookup. If someone wants to enable the HKP server
		11	it's easy enough to do by enabling the necessary macros.
		12
		13	Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
		14	Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
		15	--- a/macros/macros.in
		16	+++ b/macros/macros.in
		17	@@ -546,8 +546,8 @@ $_arbitrary_tags_tests Foo:Bar
		18	# Horowitz Key Protocol server configuration
		19	#
		20	#%_hkp_keyserver hkp://keys.n3npq.net
		21	-%_hkp_keyserver hkp://pool.sks-keyservers.net
		22	-%_hkp_keyserver_query %{_hkp_keyserver}/pks/lookup?op=get&search=
		23	+#%_hkp_keyserver hkp://pool.sks-keyservers.net
		24	+#%_hkp_keyserver_query %{_hkp_keyserver}/pks/lookup?op=get&search=
		25
		26
		27	%_nssdb_path /etc/pki/nssdb


diff --git a/meta/recipes-devtools/rpm/rpm_5.4.14.bb b/meta/recipes-devtools/rpm/rpm_5.4.14.bb index 2e17a91137..bff0687e6c 100644 --- a/meta/recipes-devtools/rpm/rpm_5.4.14.bb +++ b/meta/recipes-devtools/rpm/rpm_5.4.14.bb
@@ -94,6 +94,7 @@ SRC_URI = "http://www.rpm5.org/files/rpm/rpm-5.4/rpm-5.4.14-0.20131024.src.rpm;e
94	file://no-ldflags-in-pkgconfig.patch \	94	file://no-ldflags-in-pkgconfig.patch \
95	file://rpm-lua-fix-print.patch \	95	file://rpm-lua-fix-print.patch \
96	file://rpm-check-rootpath-reasonableness.patch \	96	file://rpm-check-rootpath-reasonableness.patch \
		97	file://rpm-macros.in-disable-external-key-server.patch \
97	"	98	"
98		99
99	# Uncomment the following line to enable platform score debugging	100	# Uncomment the following line to enable platform score debugging