1. photon
  2. Commit 21234c3071ea366b5d658ebd3c65cfc5fa07a3bd
Browse code

tdnf: Fix GPGCheck for RPM version 4.14.2

Change-Id: I99fd901213baa86061909cae2be7b92fa6a3f0f2
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6863
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
Tested-by: Anish Swaminathan <anishs@vmware.com>

Keerthana K authored on 2019/03/14 13:25:33
Showing 2 changed files
SPECS/tdnf/tdnf-fix-gpgcheck.patch
History View file @ 21234c3
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,114 @@
0 
+From 5c3de329ce6eb6c71be62d32046d0a6f04d850e5 Mon Sep 17 00:00:00 2001
1 
+From: Keerthana K <keerthanak@vmware.com>
2 
+Date: Fri, 08 Mar 2019 08:30:55 +0000
3 
+Subject: [PATCH] Skip Digest and Signature check if nogpgcheck is enabled.
4 
+
5 
+The signature checks has been split in rpm 4.14.2 version.
6 
+If nogpgcheck is enabled in tdnf we are skipping signature and
7 
+digest checks while installing the rpm.
8 
+
9 
+Change-Id: I9fcb6cd5a46c1ac71b685dcfe12801342d9c4893
10 
+---
11 
+
12 
+diff --git a/client/rpmtrans.c b/client/rpmtrans.c
13 
+index 92e88bf..1111647 100644
14 
+--- a/client/rpmtrans.c
15 
+@@ -278,6 +278,11 @@
16 
+         fprintf(stdout, "Testing transaction\n");
17 
+     }
18 
+
19 
++    if (pTdnf->pArgs->nNoGPGCheck)
20 
++    {
21 
++        rpmtsSetVSFlags(pTS->pTS, rpmtsVSFlags(pTS->pTS) | RPMVSF_MASK_NODIGESTS | RPMVSF_MASK_NOSIGNATURES);
22 
++        rpmtsSetVfyLevel(pTS->pTS, ~RPMSIG_VERIFIABLE_TYPE);
23 
++    }
24 
+     rpmtsSetFlags(pTS->pTS, RPMTRANS_FLAG_TEST);
25 
+     dwError = rpmtsRun(pTS->pTS, NULL, pTS->nProbFilterFlags);
26 
+     BAIL_ON_TDNF_ERROR(dwError);
27 
+@@ -455,6 +460,12 @@
28 
+     }
29 
+     BAIL_ON_TDNF_RPM_ERROR(dwError);
30 
+
31 
++    if (!nGPGCheck)
32 
++    {
33 
++        rpmtsSetVSFlags(pTS->pTS, rpmtsVSFlags(pTS->pTS) | RPMVSF_MASK_NODIGESTS | RPMVSF_MASK_NOSIGNATURES);
34 
++        rpmtsSetVfyLevel(pTS->pTS, ~RPMSIG_VERIFIABLE_TYPE);
35 
++    }
36 
++
37 
+     dwError = rpmtsAddInstallElement(
38 
+                   pTS->pTS,
39 
+                   rpmHeader,
40 
+diff --git a/tests/init.at b/tests/init.at
41 
+index 7c1c497..0bc8380 100644
42 
+--- a/tests/init.at
43 
+@@ -21,6 +21,7 @@
44 
+ mkdir -p $abs_top_builddir/tests/testroot/var/cache/tdnf
45 
+ mkdir -p $abs_top_builddir/tests/testroot/etc/yum.repos.d
46 
+ mkdir -p $abs_top_builddir/tests/testroot/etc/tdnf
47 
++mkdir -p $abs_top_builddir/tests/testroot/etc/pki/rpm-gpg
48 
+ mkdir $abs_top_builddir/tests/testroot/BUILD
49 
+ mkdir $abs_top_builddir/tests/testroot/RPMS
50 
+ mkdir $abs_top_builddir/tests/testroot/SRPMS
51 
+@@ -29,6 +30,24 @@
52 
+ [main]
53 
+ repodir=$abs_top_builddir/tests/testroot/etc/yum.repos.d
54 
+ cachedir=$abs_top_builddir/tests/testroot/var/cache/tdnf
55 
++EOF
56 
++
57 
++cat << EOF > $abs_top_builddir/tests/testroot/etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY
58 
++-----BEGIN PGP PUBLIC KEY BLOCK-----
59 
++Version: GnuPG v1.4.7 (GNU/Linux)
60 
++
61 
++mI0ESAP+VwEEAMZylR8dOijUPNn3He3GdgM/kOXEhn3uQl+sRMNJUDm1qebi2D5b
62 
++Qa7GNBIlXm3DEMAS+ZlkiFQ4WnhUq5awEXU7MGcWCEGfums5FckV2tysSfn7HeWd
63 
++9mkEnsY2CUZF54lyKfY0f+vdFd6QdYo6b+YxGnLyiunEYHXSEo1TNj1vABEBAAG0
64 
++QlZNd2FyZSwgSW5jLiAtLSBMaW51eCBQYWNrYWdpbmcgS2V5IC0tIDxsaW51eC1w
65 
++YWNrYWdlc0B2bXdhcmUuY29tPoi8BBMBAgAmBQJIA/5XAhsDBQkRcu4ZBgsJCAcD
66 
++AgQVAggDBBYCAwECHgECF4AACgkQwLXgq2b9SUkw0AP/UlmWQIjMNcYfTKCOOyFx
67 
++Csl3bY5OZ6HZs4qCRvzESVTyKs0YN1gX5YDDRmE5EbaqSO7OLriA7p81CYhstYID
68 
++GjVTBqH/zJz/DGKQUv0A7qGvnX4MDt/cvvgEXjGpeRx42le/mkPsHdwbG/8jKveY
69 
++S/eu0g9IenS49i0hcOnjShGIRgQQEQIABgUCSAQWfAAKCRD1ZoIQEyn810LTAJ9k
70 
++IOziCqa/awfBvlLq4eRgN/NnkwCeJLOuL6eAueYjaODTcFEGKUXlgM4=
71 
++=bXtp
72 
++-----END PGP PUBLIC KEY BLOCK-----
73 
+ EOF
74 
+ ]])
75 
+
76 
+@@ -41,11 +60,16 @@
77 
+ [basic]
78 
+ name=basic
79 
+ baseurl=file://$abs_top_builddir/tests/testroot/RPMS
80 
++gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY
81 
+ gpgcheck=0
82 
+ enabled=1
83 
+ EOF
84 
+ ]])
85 
+
86 
++m4_define([TDNF_ENABLE_GPGCHECK],[[
87 
++sed -i 's/gpgcheck=0/gpgcheck=1/g' $abs_top_builddir/tests/testroot/etc/yum.repos.d/basic.repo
88 
++]])
89 
++
90 
+ m4_define([TDNF_CHROOT_CLEAN],[[
91 
+ rm -rf $abs_top_builddir/tests/testroot
92 
+ ]])
93 
+diff --git a/tests/install.at b/tests/install.at
94 
+index afede31..b761f7a 100644
95 
+--- a/tests/install.at
96 
+@@ -51,3 +51,14 @@
97 
+ [ignore],
98 
+ [ignore])
99 
+ AT_CLEANUP
100 
++
101 
++AT_SETUP([install without gpgcheck])
102 
++AT_KEYWORDS([install])
103 
++AT_CHECK([
104 
++TDNF_ENABLE_GPGCHECK
105 
++TDNF_CLI_W_CHROOT --nogpgcheck install tdnf-test-two -y
106 
++],
107 
++[0],
108 
++[ignore],
109 
++[ignore])
110 
++AT_CLEANUP
SPECS/tdnf/tdnf.spec
History View file @ 21234c3
... ... 
@@ -4,7 +4,7 @@
4 4 
 Summary:        dnf/yum equivalent using C libs
5 5 
 Name:           tdnf
6 6 
 Version:        2.0.0
7 
-Release:        8%{?dist}
7 
+Release:        9%{?dist}
8 8 
 Vendor:         VMware, Inc.
9 9 
 Distribution:   Photon
10 10 
 License:        LGPLv2.1,GPLv2
... ... 
@@ -40,6 +40,7 @@ Patch4:         tdnf-fix-mem-leak.patch
40 40 
 Patch5:         tdnf-fix-curl-status-type.patch
41 41 
 Patch6:         tdnf-fix-error-no-repo.patch
42 42 
 Patch7:         tdnf-refresh-mkcache.patch
43 
+Patch8:         tdnf-fix-gpgcheck.patch
43 44
44 45 
 %description
45 46 
 tdnf is a yum/dnf equivalent which uses libsolv and libcurl
... ... 
@@ -70,6 +71,7 @@ Library providing cli libs for tdnf like clients.
70 70 
 %patch5 -p1
71 71 
 %patch6 -p1
72 72 
 %patch7 -p1
73 
+%patch8 -p1
73 74
74 75 
 %build
75 76 
 autoreconf -i
... ... 
@@ -170,6 +172,8 @@ systemctl try-restart tdnf-cache-updateinfo.timer >/dev/null 2>&1 || :
170 170 
     %{_libdir}/libtdnfcli.so.*
171 171
172 172 
 %changelog
173 
+*   Thu Mar 14 2019 Keerthana K <keerthanak@vmware.com> 2.0.0-9
174 
+-   GPGCheck fix on RPM version 4.14.2
173 175 
 *   Mon Mar 04 2019 Keerthana K <keerthanak@vmware.com> 2.0.0-8
174 176 
 -   makecache and refresh command updates.
175 177 
 *   Thu Feb 14 2019 Keerthana K <keerthanak@vmware.com> 2.0.0-7