[oe-commits] [openembedded-core] 39/72: python-smartpm: add support to check signatures
git at git.openembedded.org
git at git.openembedded.org
Mon Jul 25 22:53:07 UTC 2016
rpurdie pushed a commit to branch master-next
in repository openembedded-core.
commit 5c0c1b8a64643ad7130b17b5dfce9cecffa6d962
Author: mingli.yu at windriver.com <mingli.yu at windriver.com>
AuthorDate: Wed Jul 20 16:51:34 2016 +0800
python-smartpm: add support to check signatures
RPMv5 has removed support for _RPMVSF_NOSIGNATURES,
the flag can be replaced with a flags set:
"RPMVSF_NODSAHEADER|RPMVSF_NORSAHEADER|RPMVSF_NODSA
RPMVSF_NORSA"
Signed-off-by: Haiqing Bai <Haiqing.Bai at windriver.com>
Signed-off-by: Mingli Yu <mingli.yu at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
---
.../python/python-smartpm/smartpm-rpm5-nodig.patch | 59 -----------
.../smartpm-rpm5-support-check-signatures.patch | 112 +++++++++++++++++++++
meta/recipes-devtools/python/python-smartpm_git.bb | 2 +-
3 files changed, 113 insertions(+), 60 deletions(-)
diff --git a/meta/recipes-devtools/python/python-smartpm/smartpm-rpm5-nodig.patch b/meta/recipes-devtools/python/python-smartpm/smartpm-rpm5-nodig.patch
deleted file mode 100644
index fefb29a..0000000
--- a/meta/recipes-devtools/python/python-smartpm/smartpm-rpm5-nodig.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-RPM5 has removed support for RPMVSF_NOSIGNATURES
-
-Patch smart to no longer use this flag
-
-Upstream-Status: Pending
-
-Signed-off-by: Mark Hatle <mark.hatle at windriver.com>
-
-diff --git a/smart/backends/rpm/base.py b/smart/backends/rpm/base.py
---- a/smart/backends/rpm/base.py
-+++ b/smart/backends/rpm/base.py
-@@ -63,11 +63,11 @@ def getTS(new=False):
- if sysconf.get("rpm-dbpath"):
- rpm.addMacro('_dbpath', "/" + sysconf.get("rpm-dbpath"))
- getTS.ts = rpm.ts(getTS.root)
-- if not sysconf.get("rpm-check-signatures", False):
-- if hasattr(rpm, '_RPMVSF_NOSIGNATURES'):
-- getTS.ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
-- else:
-- raise Error, _("rpm requires checking signatures")
-+ #if not sysconf.get("rpm-check-signatures", False):
-+ # if hasattr(rpm, '_RPMVSF_NOSIGNATURES'):
-+ # getTS.ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
-+ # else:
-+ # raise Error, _("rpm requires checking signatures")
- rpm_dbpath = sysconf.get("rpm-dbpath", "var/lib/rpm")
- dbdir = rpm_join_dbpath(getTS.root, rpm_dbpath)
- if not os.path.isdir(dbdir):
-@@ -89,11 +89,11 @@ def getTS(new=False):
- if sysconf.get("rpm-dbpath"):
- rpm.addMacro('_dbpath', "/" + sysconf.get("rpm-dbpath"))
- ts = rpm.ts(getTS.root)
-- if not sysconf.get("rpm-check-signatures", False):
-- if hasattr(rpm, '_RPMVSF_NOSIGNATURES'):
-- ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
-- else:
-- raise Error, _("rpm requires checking signatures")
-+ #if not sysconf.get("rpm-check-signatures", False):
-+ # if hasattr(rpm, '_RPMVSF_NOSIGNATURES'):
-+ # ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
-+ # else:
-+ # raise Error, _("rpm requires checking signatures")
- return ts
- else:
- return getTS.ts
-diff --git a/smart/plugins/yumchannelsync.py b/smart/plugins/yumchannelsync.py
---- a/smart/plugins/yumchannelsync.py
-+++ b/smart/plugins/yumchannelsync.py
-@@ -56,8 +56,8 @@ def _getreleasever():
-
- rpmroot = sysconf.get("rpm-root", "/")
- ts = rpmUtils.transaction.initReadOnlyTransaction(root=rpmroot)
-- if hasattr(rpm, '_RPMVSF_NOSIGNATURES') and hasattr(rpm, '_RPMVSF_NODIGESTS'):
-- ts.pushVSFlags(~(rpm._RPMVSF_NOSIGNATURES|rpm._RPMVSF_NODIGESTS))
-+ #if hasattr(rpm, '_RPMVSF_NOSIGNATURES') and hasattr(rpm, '_RPMVSF_NODIGESTS'):
-+ # ts.pushVSFlags(~(rpm._RPMVSF_NOSIGNATURES|rpm._RPMVSF_NODIGESTS))
- releasever = None
- # HACK: we're hard-coding the most used distros, will add more if needed
- idx = ts.dbMatch('provides', 'fedora-release')
diff --git a/meta/recipes-devtools/python/python-smartpm/smartpm-rpm5-support-check-signatures.patch b/meta/recipes-devtools/python/python-smartpm/smartpm-rpm5-support-check-signatures.patch
new file mode 100644
index 0000000..4067a90
--- /dev/null
+++ b/meta/recipes-devtools/python/python-smartpm/smartpm-rpm5-support-check-signatures.patch
@@ -0,0 +1,112 @@
+From 5b79e28bd70a0ec5b34c5ff19b66cbbdd1e48835 Mon Sep 17 00:00:00 2001
+From: Haiqing Bai <Haiqing.Bai at windriver.com>
+Date: Fri, 18 Mar 2016 13:34:07 +0800
+Subject: [PATCH] Make smartpm to support check signatures of rpmv5.
+
+The original support for 'rpm-check-signatures' has been
+disabled for the RPMv5 does not support '_RPMVSF_NOSIGNATURES'
+now. This fix replaces the '_RPMVSF_NOSIGNATURES' with
+rpm VS flags set:RPMVSF_NODSAHEADER|RPMVSF_NORSAHEADER|
+RPMVSF_NODSA|RPMVSF_NORSA.
+
+Upstream-Status: Pending
+Signed-off-by: Haiqing Bai <Haiqing.Bai at windriver.com>
+---
+ smart/backends/rpm/base.py | 43 +++++++++++++++++++++++++++++++----------
+ smart/backends/rpm/pm.py | 2 +-
+ smart/plugins/yumchannelsync.py | 5 +++--
+ 3 files changed, 37 insertions(+), 13 deletions(-)
+
+diff --git a/smart/backends/rpm/base.py b/smart/backends/rpm/base.py
+index 85f4d49..dbd6165 100644
+--- a/smart/backends/rpm/base.py
++++ b/smart/backends/rpm/base.py
+@@ -63,11 +63,23 @@ def getTS(new=False):
+ if sysconf.get("rpm-dbpath"):
+ rpm.addMacro('_dbpath', "/" + sysconf.get("rpm-dbpath"))
+ getTS.ts = rpm.ts(getTS.root)
+- if not sysconf.get("rpm-check-signatures", False):
+- if hasattr(rpm, '_RPMVSF_NOSIGNATURES'):
+- getTS.ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
+- else:
+- raise Error, _("rpm requires checking signatures")
++
++ # _RPMVSF_NOSIGNATURES is not supported in RPMv5, so here uses
++ # RPMVSF_NODSAHEADER|RPMVSF_NORSAHEADER|RPMVSF_NODSA|RPMVSF_NORSA
++ # to replace '_RPMVSF_NOSIGNATURES' to continue to support check
++ # rpm signatures
++
++ #if not sysconf.get("rpm-check-signatures", False):
++ # if hasattr(rpm, '_RPMVSF_NOSIGNATURES'):
++ # getTS.ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
++ # else:
++ # raise Error, _("rpm requires checking signatures")
++ if sysconf.get("rpm-check-signatures") == False:
++ getTS.ts.setVSFlags(rpm.RPMVSF_NODSAHEADER|rpm.RPMVSF_NORSAHEADER|\
++ rpm.RPMVSF_NODSA|rpm.RPMVSF_NORSA)
++ else:
++ getTS.ts.setVSFlags(0)
++
+ rpm_dbpath = sysconf.get("rpm-dbpath", "var/lib/rpm")
+ dbdir = rpm_join_dbpath(getTS.root, rpm_dbpath)
+ if not os.path.isdir(dbdir):
+@@ -89,11 +101,22 @@ def getTS(new=False):
+ if sysconf.get("rpm-dbpath"):
+ rpm.addMacro('_dbpath', "/" + sysconf.get("rpm-dbpath"))
+ ts = rpm.ts(getTS.root)
+- if not sysconf.get("rpm-check-signatures", False):
+- if hasattr(rpm, '_RPMVSF_NOSIGNATURES'):
+- ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
+- else:
+- raise Error, _("rpm requires checking signatures")
++
++ # _RPMVSF_NOSIGNATURES is not supported in RPMv5, so here uses
++ # RPMVSF_NODSAHEADER|RPMVSF_NORSAHEADER|RPMVSF_NODSA|RPMVSF_NORSA
++ # to replace '_RPMVSF_NOSIGNATURES' to continue to support check
++ # rpm signatures
++
++ #if not sysconf.get("rpm-check-signatures", False):
++ # if hasattr(rpm, '_RPMVSF_NOSIGNATURES'):
++ # ts.setVSFlags(rpm._RPMVSF_NOSIGNATURES)
++ # else:
++ # raise Error, _("rpm requires checking signatures")
++ if sysconf.get("rpm-check-signatures") == False:
++ ts.setVSFlags(rpm.RPMVSF_NODSAHEADER|rpm.RPMVSF_NORSAHEADER|\
++ rpm.RPMVSF_NODSA|rpm.RPMVSF_NORSA)
++ else:
++ ts.setVSFlags(0)
+ return ts
+ else:
+ return getTS.ts
+diff --git a/smart/backends/rpm/pm.py b/smart/backends/rpm/pm.py
+index b57a844..7b651b5 100644
+--- a/smart/backends/rpm/pm.py
++++ b/smart/backends/rpm/pm.py
+@@ -180,7 +180,7 @@ class RPMPackageManager(PackageManager):
+ fd = os.open(path, os.O_RDONLY)
+ try:
+ h = ts.hdrFromFdno(fd)
+- if sysconf.get("rpm-check-signatures", False):
++ if sysconf.get("rpm-check-signatures", True):
+ if get_public_key(h) == '(none)':
+ raise rpm.error('package is not signed')
+ except rpm.error, e:
+diff --git a/smart/plugins/yumchannelsync.py b/smart/plugins/yumchannelsync.py
+index f8107e6..2dc5482 100644
+--- a/smart/plugins/yumchannelsync.py
++++ b/smart/plugins/yumchannelsync.py
+@@ -56,8 +56,9 @@ def _getreleasever():
+
+ rpmroot = sysconf.get("rpm-root", "/")
+ ts = rpmUtils.transaction.initReadOnlyTransaction(root=rpmroot)
+- if hasattr(rpm, '_RPMVSF_NOSIGNATURES') and hasattr(rpm, '_RPMVSF_NODIGESTS'):
+- ts.pushVSFlags(~(rpm._RPMVSF_NOSIGNATURES|rpm._RPMVSF_NODIGESTS))
++ #_RPMVSF_NOSIGNATURES is not supported in RPMv5
++ #if hasattr(rpm, '_RPMVSF_NOSIGNATURES') and hasattr(rpm, '_RPMVSF_NODIGESTS'):
++ # ts.pushVSFlags(~(rpm._RPMVSF_NOSIGNATURES|rpm._RPMVSF_NODIGESTS))
+ releasever = None
+ # HACK: we're hard-coding the most used distros, will add more if needed
+ idx = ts.dbMatch('provides', 'fedora-release')
+--
+1.9.1
+
diff --git a/meta/recipes-devtools/python/python-smartpm_git.bb b/meta/recipes-devtools/python/python-smartpm_git.bb
index d9fb271..81e45b7 100644
--- a/meta/recipes-devtools/python/python-smartpm_git.bb
+++ b/meta/recipes-devtools/python/python-smartpm_git.bb
@@ -13,7 +13,6 @@ SRCNAME = "smart"
SRC_URI = "\
git://github.com/smartpm/smart.git \
- file://smartpm-rpm5-nodig.patch \
file://smart-recommends.patch \
file://smart-channelsdir.patch \
file://smart-rpm-transaction-failure-check.patch \
@@ -25,6 +24,7 @@ SRC_URI = "\
file://smart-cache.py-getPackages-matches-name-version.patch \
file://smart-channel-remove-all.patch \
file://smart-locale.patch \
+ file://smartpm-rpm5-support-check-signatures.patch \
"
SRCREV = "407a7eca766431257dcd1da15175cc36a1bb22d0"
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list