Separate the SELinux patch from the IMA digest list patch

Signed-off-by: xuce <xuce10@h-partners.com>
2024-10-25 12:03:12 +08:00 · 2024-10-25 12:03:12 +08:00 · 9e27ae8ee1
commit 9e27ae8ee1
parent 1084684a52
3 changed files with 56 additions and 40 deletions
--- a/Add-IMA-digest-list-support.patch
+++ b/Add-IMA-digest-list-support.patch
@ -1,20 +1,20 @@
-From 92ed69a1e2051f202a2532c28cb0b17facda1924 Mon Sep 17 00:00:00 2001
+From 773107eccfa7f0da8547b2c5efe8cce996a35a91 Mon Sep 17 00:00:00 2001
 From: zhoushuiqing <zhoushuiqing2@huawei.com>
 Date: Fri, 16 Jun 2023 11:35:21 +0800
 Subject: [PATCH] Add IMA digest list support

+Signed-off-by: xuce <xuce10@h-partners.com>
 ---
 build/files.c           | 305 ++++++++++++++++++++++++++++++++++++++--
 build/parsePreamble.c   |   3 +-
 macros.in               |   1 +
 plugins/Makefile.am     |   4 +
- plugins/selinux.c       |   3 +-
 rpmio/rpmpgp_internal.c |  32 +----
 rpmio/rpmpgp_internal.h |  29 ++++
- 7 files changed, 336 insertions(+), 41 deletions(-)
+ 6 files changed, 334 insertions(+), 40 deletions(-)

 diff --git a/build/files.c b/build/files.c
-index eb008ab..3fc3551 100644
+index 44ac155..53a26b2 100644
 --- a/build/files.c
 +++ b/build/files.c
@@ -50,6 +50,8 @@
@ -46,7 +46,7 @@ index eb008ab..3fc3551 100644
 static void nullAttrRec(AttrRec ar)
 {
     memset(ar, 0, sizeof(*ar));
-@@ -992,6 +1000,139 @@ static int seenHardLink(FileRecords files, FileListRec flp, rpm_ino_t *fileid)
+@@ -993,6 +1001,139 @@ static int seenHardLink(FileRecords files, FileListRec flp, rpm_ino_t *fileid)
  * @param pkg		(sub) package
  * @param isSrc		pass 1 for source packages 0 otherwise
  */
@ -186,7 +186,7 @@ index eb008ab..3fc3551 100644
 static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
 {
     FileListRec flp;
-@@ -1003,6 +1144,11 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
+@@ -1005,6 +1146,11 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
     int override_date = 0;
     time_t source_date_epoch = 0;
     char *srcdate = getenv("SOURCE_DATE_EPOCH");
@ -198,7 +198,7 @@ index eb008ab..3fc3551 100644
 
     /* Limit the maximum date to SOURCE_DATE_EPOCH if defined
      * similar to the tar --clamp-mtime option
-@@ -1200,13 +1346,18 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
+@@ -1203,13 +1349,18 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
 	if (fl->haveCaps) {
 	    headerPutString(h, RPMTAG_FILECAPS, flp->caps);
 	}
@ -223,7 +223,7 @@ index eb008ab..3fc3551 100644
 	buf[0] = '\0';
 	if (S_ISLNK(flp->fl_mode)) {
 	    ssize_t llen = readlink(flp->diskPath, buf, BUFSIZ-1);
-@@ -1247,6 +1398,7 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
+@@ -1250,6 +1401,7 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
 
 	headerPutUint32(h, RPMTAG_FILEFLAGS, &(flp->flags) ,1);
     }
@ -231,7 +231,7 @@ index eb008ab..3fc3551 100644
     pkg->dpaths[npaths] = NULL;
 
     if (totalFileSize < UINT32_MAX) {
-@@ -1285,6 +1437,7 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
+@@ -1287,6 +1439,7 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
 	/* Binary packages with dirNames cannot be installed by legacy rpm. */
 	(void) rpmlibNeedsFeature(pkg, "CompressedFileNames", "3.0.4-1");
     }
@ -239,7 +239,7 @@ index eb008ab..3fc3551 100644
 }
 
 static FileRecords FileRecordsFree(FileRecords files)
-@@ -1359,8 +1512,8 @@ static int validFilename(const char *fn)
+@@ -1361,8 +1514,8 @@ static int validFilename(const char *fn)
  * @param statp		file stat (possibly NULL)
  * @return		RPMRC_OK on success
  */
@ -250,7 +250,7 @@ index eb008ab..3fc3551 100644
 {
     size_t plen = strlen(diskPath);
     char buf[plen + 1];
-@@ -1371,6 +1524,10 @@ static rpmRC addFile(FileList fl, const char * diskPath,
+@@ -1373,6 +1526,10 @@ static rpmRC addFile(FileList fl, const char * diskPath,
     gid_t fileGid;
     const char *fileUname;
     const char *fileGname;
@ -261,7 +261,7 @@ index eb008ab..3fc3551 100644
     rpmRC rc = RPMRC_FAIL; /* assume failure */
 
     /* Strip trailing slash. The special case of '/' path is handled below. */
-@@ -1406,6 +1563,33 @@ static rpmRC addFile(FileList fl, const char * diskPath,
+@@ -1408,6 +1565,33 @@ static rpmRC addFile(FileList fl, const char * diskPath,
     if (*cpioPath == '\0')
 	cpioPath = "/";
 
@ -295,7 +295,7 @@ index eb008ab..3fc3551 100644
     /*
      * Unless recursing, we dont have stat() info at hand. Handle the
      * various cases, preserving historical behavior wrt %dev():
-@@ -1543,6 +1727,8 @@ static rpmRC addFile(FileList fl, const char * diskPath,
+@@ -1545,6 +1729,8 @@ static rpmRC addFile(FileList fl, const char * diskPath,
 	}
 
 	flp->flags = fl->cur.attrFlags;
@ -304,7 +304,7 @@ index eb008ab..3fc3551 100644
 	flp->specdFlags = fl->cur.specdFlags;
 	flp->verifyFlags = fl->cur.verifyFlags;
 
-@@ -1563,6 +1749,32 @@ exit:
+@@ -1565,6 +1751,32 @@ exit:
     return rc;
 }
 
@ -337,7 +337,7 @@ index eb008ab..3fc3551 100644
 /**
  * Add directory (and all of its files) to the package manifest.
  * @param fl		package file tree walk data
-@@ -2584,6 +2796,61 @@ static void addPackageFileList (struct FileList_s *fl, Package pkg,
+@@ -2586,6 +2798,61 @@ static void addPackageFileList (struct FileList_s *fl, Package pkg,
     argvFree(fileNames);
 }
 
@ -399,7 +399,7 @@ index eb008ab..3fc3551 100644
 static rpmRC processPackageFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags,
 				 Package pkg, int didInstall, int test)
 {
-@@ -2597,6 +2861,10 @@ static rpmRC processPackageFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags,
+@@ -2599,6 +2866,10 @@ static rpmRC processPackageFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags,
 	if (readFilesManifest(spec, pkg, *fp))
 	    return RPMRC_FAIL;
     }
@ -410,7 +410,7 @@ index eb008ab..3fc3551 100644
     /* Init the file list structure */
     memset(&fl, 0, sizeof(fl));
 
-@@ -2652,12 +2920,17 @@ static rpmRC processPackageFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags,
+@@ -2654,12 +2925,17 @@ static rpmRC processPackageFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags,
     if (checkHardLinks(&fl.files))
 	(void) rpmlibNeedsFeature(pkg, "PartialHardlinkSets", "4.0.4-1");
 
@ -428,7 +428,7 @@ index eb008ab..3fc3551 100644
     return fl.processingFailed ? RPMRC_FAIL : RPMRC_OK;
 }
 
-@@ -3126,6 +3399,7 @@ static void addPackageDeps(Package from, Package to, enum rpmTag_e tag)
+@@ -3128,6 +3404,7 @@ static void addPackageDeps(Package from, Package to, enum rpmTag_e tag)
 rpmRC processBinaryFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags,
 			int didInstall, int test)
 {
@ -436,7 +436,7 @@ index eb008ab..3fc3551 100644
     Package pkg;
     rpmRC rc = RPMRC_OK;
     char *buildroot;
-@@ -3142,7 +3416,14 @@ rpmRC processBinaryFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags,
+@@ -3144,7 +3421,14 @@ rpmRC processBinaryFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags,
     check_fileList = newStringBuf();
     genSourceRpmName(spec);
     buildroot = rpmGenPath(spec->rootDir, spec->buildRoot, NULL);
@ -452,7 +452,7 @@ index eb008ab..3fc3551 100644
     if (rpmExpandNumeric("%{?_debuginfo_subpackages}")) {
 	maindbg = findDebuginfoPackage(spec);
 	if (maindbg) {
-@@ -3248,6 +3529,7 @@ exit:
+@@ -3250,6 +3534,7 @@ exit:
     check_fileList = freeStringBuf(check_fileList);
     _free(buildroot);
     _free(uniquearch);
@ -476,10 +476,10 @@ index 729fd4f..306a029 100644
         }
 	if (rpmCharCheck(spec, field, ALLOWED_CHARS_VERREL, NULL))
 diff --git a/macros.in b/macros.in
-index 949fd7d..c00d270 100644
+index 4c7073c..6093898 100644
 --- a/macros.in
 +++ b/macros.in
-@@ -1135,6 +1135,7 @@ package or when debugging this package.\
+@@ -1155,6 +1155,7 @@ package or when debugging this package.\
 %__transaction_prioreset	%{__plugindir}/prioreset.so
 %__transaction_audit		%{__plugindir}/audit.so
 %__transaction_dbus_announce	%{__plugindir}/dbus_announce.so
@ -499,22 +499,8 @@ index 822c7d2..161fe4c 100644
 +digest_list_la_sources = digest_list.c
 +digest_list_la_LIBADD = $(top_builddir)/lib/librpm.la $(top_builddir)/rpmio/librpmio.la
 +plugins_LTLIBRARIES += digest_list.la
-diff --git a/plugins/selinux.c b/plugins/selinux.c
-index 316ff88..ac1e354 100644
--- a/plugins/selinux.c
-+++ b/plugins/selinux.c
-@@ -64,7 +64,8 @@ static rpmRC selinux_tsm_pre(rpmPlugin plugin, rpmts ts)
-     rpmRC rc = RPMRC_OK;
- 
-     /* If SELinux isn't enabled on the system, dont mess with it */
-    if (!is_selinux_enabled()) {
-+    if (!is_selinux_enabled() || selinux_file_context_path() == NULL ||
-+        access(selinux_file_context_path(), F_OK)) {
- 	rpmtsSetFlags(ts, (rpmtsFlags(ts) | RPMTRANS_FLAG_NOCONTEXTS));
-     }
- 
 diff --git a/rpmio/rpmpgp_internal.c b/rpmio/rpmpgp_internal.c
-index 19947be..16bf57e 100644
+index 0fcd220..63d065a 100644
 --- a/rpmio/rpmpgp_internal.c
 +++ b/rpmio/rpmpgp_internal.c
@@ -19,34 +19,6 @@
@ -569,7 +555,7 @@ index 19947be..16bf57e 100644
 	rc = tag ? pgpPrtSigParams(tag, v->pubkey_algo, p, h, hlen, _digp) : 0;
     }	break;
     default:
-@@ -636,6 +609,7 @@ static int pgpPrtKey(pgpTag tag, const uint8_t *h, size_t hlen,
+@@ -641,6 +614,7 @@ static int pgpPrtKey(pgpTag tag, const uint8_t *h, size_t hlen,
 	    }
 
 	    p = ((uint8_t *)v) + sizeof(*v);
@ -618,5 +604,5 @@ index 64b50de..67fecb0 100644
     setmpifunc setmpi;
     verifyfunc verify;
 -- 
-2.39.1
+2.43.0

--- a/rpm-selinux-plugin-check-context-file-exist.patch
+++ b/rpm-selinux-plugin-check-context-file-exist.patch
@ -0,0 +1,26 @@
+From 55708fd5822a3e4bf5537002a648f32cb0a6e07e Mon Sep 17 00:00:00 2001
+From: luhuaxin <1539327763@qq.com>
+Date: Tue, 26 Oct 2021 18:39:46 +0800
+Subject: [PATCH] rpm selinux plugin check context file exist
+
+---
+ plugins/selinux.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/plugins/selinux.c b/plugins/selinux.c
+index 1254517..fb8b7a2 100644
+--- a/plugins/selinux.c
+++ b/plugins/selinux.c
+@@ -63,7 +63,8 @@ static rpmRC selinux_tsm_pre(rpmPlugin plugin, rpmts ts)
+     rpmRC rc = RPMRC_OK;
+ 
+     /* If SELinux isn't enabled on the system, dont mess with it */
+-    if (!is_selinux_enabled()) {
+    if (!is_selinux_enabled() || selinux_file_context_path() == NULL ||
+        access(selinux_file_context_path(), F_OK)) {
+ 	rpmtsSetFlags(ts, (rpmtsFlags(ts) | RPMTRANS_FLAG_NOCONTEXTS));
+     }
+ 
+-- 
+2.23.0
+
--- a/rpm.spec
+++ b/rpm.spec
@ -1,6 +1,6 @@
 Name:          rpm
 Version:       4.18.2
-Release:       17
+Release:       18
 Summary:       RPM Package Manager
 License:       GPL-2.0-or-later
 URL:           https://rpm.org/
@ -17,6 +17,7 @@ Patch8: still-in-use-of-python-scripts-from-old-version.patch
 Patch9: Add-loongarch-architecture-support.patch
 Patch10: rpm-Add-sw64-architecture.patch
 Patch11: add-default-machine-name-to-support-loongarch.patch
+Patch12: rpm-selinux-plugin-check-context-file-exist.patch

 Patch6000: backport-revert-Permit-building-rpm-from-git-without-pandoc.patch
 Patch6001: backport-Check-inside-root-when-querying-for-files.patch
@ -335,6 +336,9 @@ make clean
 %exclude %{_mandir}/man8/rpmspec.8*

 %changelog
+* Fri Oct 25 2024 hugel<xuce10@h-partners.com> - 4.18.2-18
+- Separate the SELinux patch from the IMA digest list patch
+
 * Sun Sep 29 2024 hugel<gengqihu2@h-partners.com> - 4.18.2-17
 - Fix testcase failed of rpm addsign