packages/rpm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync changes from openEuler-22.03-LTS

Browse Source
This commit is contained in:
rwx403335 2022-08-09 16:22:04 +08:00
parent b7dd4bcaab
commit d7ed6de903
11 changed files with 713 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
Add-license-to-digest_list.c.patch Normal file
View File

@ -0,0 +1,34 @@
From 676cd4c0b90043b745a39b43446e42e80948c643 Mon Sep 17 00:00:00 2001
From: Roberto Sassu <roberto.sassu@huawei.com>
Date: Fri, 12 Mar 2021 10:57:24 +0100
Subject: [PATCH 5/5] Add license to digest_list.c
---
plugins/digest_list.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/plugins/digest_list.c b/plugins/digest_list.c
index cfde5cd1d..992a7e81a 100644
--- a/plugins/digest_list.c
+++ b/plugins/digest_list.c
@@ -1,3 +1,17 @@
+/*
+ * Copyright (C) 2020-2021 Huawei Technologies Duesseldorf GmbH
+ *
+ * Author: Roberto Sassu <roberto.sassu@huawei.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ *
+ * File: digest_list.c
+ * Plugin to load digest lists in the Linux kernel.
+ */
+
#include "system.h"
#include "errno.h"
--
2.26.2

99
Add-loongarch-architecture-support.patch Normal file
View File

@ -0,0 +1,99 @@
From 3100da59abd272fc3f301a30ebabedf86b0b4a00 Mon Sep 17 00:00:00 2001
From: Sun Haiyong <sunhaiyong@loongson.cn>
Date: Tue, 21 Dec 2021 20:40:27 +0800
Subject: [PATCH] Add loongarch architecture support.
---
installplatform | 12 ++++++++++++
rpmrc.in | 17 +++++++++++++++++
2 files changed, 29 insertions(+)
diff --git a/installplatform b/installplatform
index 12339fc..74c50a2 100755
--- a/installplatform
+++ b/installplatform
@@ -168,6 +168,18 @@ for ARCH in noarch `grep ^arch_canon $RPMRC | cut -d: -f2`; do
CANONARCH=mips64r6el
CANONCOLOR=3
;;
+ loongarch32)
+ ISANAME=loongarch
+ ISABITS=32
+ CANONARCH=loongarch32
+ CANONCOLOR=0
+ ;;
+ loongarch64)
+ ISANAME=loongarch
+ ISABITS=64
+ CANONARCH=loongarch64
+ CANONCOLOR=3
+ ;;
m68k)
ISANAME=m68k
ISABITS=32
diff --git a/rpmrc.in b/rpmrc.in
index 5bd9ba3..fc2932a 100644
--- a/rpmrc.in
+++ b/rpmrc.in
@@ -67,6 +67,8 @@ optflags: mipsr6el -O2 -g
optflags: mips64r6 -O2 -g
optflags: mips64r6el -O2 -g
+optflags: loongarch64 -O2 -g
+
optflags: armv3l -O2 -g -march=armv3
optflags: armv4b -O2 -g -march=armv4
optflags: armv4l -O2 -g -march=armv4
@@ -137,6 +139,9 @@ archcolor: mipsr6el 1
archcolor: mips64r6 2
archcolor: mips64r6el 2
+archcolor: loongarch32 1
+archcolor: loongarch64 2
+
archcolor: m68k 1
archcolor: m68kmint 1
@@ -257,6 +262,9 @@ arch_canon: mips64r6el: mips64r6el 21
arch_canon: riscv: riscv64 22
arch_canon: riscv64: riscv64 22
+arch_canon: loongarch32: loongarch32 25
+arch_canon: loongarch64: loongarch64 26
+
#############################################################
# Canonical OS names and numbers
@@ -360,6 +368,9 @@ buildarchtranslate: mipsr6el: mipsr6el
buildarchtranslate: mips64r6: mips64r6
buildarchtranslate: mips64r6el: mips64r6el
+buildarchtranslate: loongarch32: loongarch32
+buildarchtranslate: loongarch64: loongarch64
+
buildarchtranslate: m68k: m68k
buildarchtranslate: atarist: m68kmint
@@ -449,6 +460,9 @@ arch_compat: mipsr6el: noarch
arch_compat: mips64r6: mipsr6
arch_compat: mips64r6el: mipsr6el
+arch_compat: loongarch32: noarch
+arch_compat: loongarch64: loongarch32
+
arch_compat: hppa2.0: hppa1.2
arch_compat: hppa1.2: hppa1.1
arch_compat: hppa1.1: hppa1.0
@@ -586,6 +600,9 @@ buildarch_compat: mipsr6el: noarch
buildarch_compat: mips64r6: noarch
buildarch_compat: mips64r6el: noarch
+buildarch_compat: loongarch32: noarch
+buildarch_compat: loongarch64: noarch
+
buildarch_compat: armv4b: noarch
buildarch_compat: armv8l: armv7l
buildarch_compat: armv7l: armv6l
--
2.30.0

50
Avoid-generating-digest-lists-if-they-are-already-pa.patch Normal file
View File

@ -0,0 +1,50 @@
From d0b01bb4366ca467bfd1386820fe17ae58aa3c8c Mon Sep 17 00:00:00 2001
From: Roberto Sassu <roberto.sassu@huawei.com>
Date: Wed, 17 Mar 2021 17:25:46 +0100
Subject: [PATCH] Avoid generating digest lists if they are already packaged
---
build/files.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/build/files.c b/build/files.c
index d5c83a094..a30828e1c 100644
--- a/build/files.c
+++ b/build/files.c
@@ -51,6 +51,7 @@
#define DEBUG_ID_DIR "/usr/lib/debug/.build-id"
#define DEBUG_DWZ_DIR "/usr/lib/debug/.dwz"
#define DIGEST_LIST_DIR "/.digest_lists"
+#define DEST_DIGEST_LIST_DIR "/etc/ima/digest_lists"
#undef HASHTYPE
#undef HTKEYTYPE
@@ -993,7 +994,7 @@ static void genDigestListInput(FileList fl, Package pkg, int isSrc)
char buf[BUFSIZ];
char file_info[BUFSIZ];
char file_digest[128 * 2 + 1];
- int i;
+ int i, gen_digest_lists = 1;
uint32_t defaultalgo = PGPHASHALGO_MD5, digestalgo;
Header h = pkg->header; /* just a shortcut */
@@ -1100,9 +1101,15 @@ static void genDigestListInput(FileList fl, Package pkg, int isSrc)
strlen(flp->caps) ? flp->caps : "");
appendStringBuf(check_fileList_bin_pkg, file_info);
}
+
+ if (S_ISREG(flp->fl_mode) &&
+ !strncmp(flp->cpioPath, DEST_DIGEST_LIST_DIR,
+ sizeof(DEST_DIGEST_LIST_DIR) - 1))
+ gen_digest_lists = 0;
}
- if (genDigestList(pkg->header, fl, check_fileList_bin_pkg) > 0)
+ if (gen_digest_lists &&
+ genDigestList(pkg->header, fl, check_fileList_bin_pkg) > 0)
fl->processingFailed = 1;
}
--
2.26.2

29
Check-rpm-parser.patch Normal file
View File

@ -0,0 +1,29 @@
From 18df7feaf512cf4d7548121e1f04d4e7066fb324 Mon Sep 17 00:00:00 2001
From: Roberto Sassu <roberto.sassu@huawei.com>
Date: Wed, 10 Mar 2021 12:23:32 +0100
Subject: [PATCH 2/5] Check rpm parser
---
plugins/digest_list.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/plugins/digest_list.c b/plugins/digest_list.c
index bb778c57f..c62f8c22f 100644
--- a/plugins/digest_list.c
+++ b/plugins/digest_list.c
@@ -131,6 +131,12 @@ static int upload_digest_list(char *path, int type, int digest_list_signed)
/* If the digest list is not signed, execute the RPM parser */
if (!digest_list_signed) {
+ if (stat(RPM_PARSER, &st) == -1) {
+ rpmlog(RPMLOG_DEBUG, "digest_list: %s not found, "
+ "not uploading digest list\n", RPM_PARSER);
+ return 0;
+ }
+
if ((pid = fork()) == 0) {
execlp(RPM_PARSER, RPM_PARSER, (type == TR_ADDED) ?
"add" : "del", path, NULL);
--
2.26.2

81
Fix-digest_list_counter.patch Normal file
View File

@ -0,0 +1,81 @@
From 8ecd5fc6884ae165e38e16b900cc4da90665b9db Mon Sep 17 00:00:00 2001
From: Roberto Sassu <roberto.sassu@huawei.com>
Date: Wed, 10 Mar 2021 12:22:39 +0100
Subject: [PATCH 1/5] Fix digest_list_counter
---
plugins/digest_list.c | 38 +++++++++++++++++++++++---------------
1 file changed, 23 insertions(+), 15 deletions(-)
diff --git a/plugins/digest_list.c b/plugins/digest_list.c
index 2dfa21e35..bb778c57f 100644
--- a/plugins/digest_list.c
+++ b/plugins/digest_list.c
@@ -477,8 +477,8 @@ int digest_list_counter;
static rpmRC digest_list_psm_pre(rpmPlugin plugin, rpmte te)
{
Header rpm = rpmteHeader(te);
- rpmtd dirnames;
- int i;
+ rpmtd dirnames, dirindexes;
+ int i = -1;
digest_list_counter = 0;
@@ -487,13 +487,26 @@ static rpmRC digest_list_psm_pre(rpmPlugin plugin, rpmte te)
while ((i = rpmtdNext(dirnames)) >= 0) {
char *dirname = (char *) rpmtdGetString(dirnames);
+
if (!strncmp(dirname, DIGEST_LIST_DEFAULT_PATH,
- sizeof(DIGEST_LIST_DEFAULT_PATH) - 1))
- digest_list_counter++;
+ sizeof(DIGEST_LIST_DEFAULT_PATH) - 1) &&
+ dirname[sizeof(DIGEST_LIST_DEFAULT_PATH) - 1] == '/')
+ break;
}
rpmtdFree(dirnames);
+ if (i == -1)
+ return RPMRC_OK;
+
+ dirindexes = rpmtdNew();
+ headerGet(rpm, RPMTAG_DIRINDEXES, dirindexes, 0);
+ while (rpmtdNext(dirindexes) >= 0)
+ if (rpmtdGetNumber(dirindexes) == i)
+ digest_list_counter++;
+
+ rpmtdFree(dirindexes);
+
cur_te = te;
return RPMRC_OK;
}
@@ -517,18 +530,13 @@ static rpmRC digest_list_file_common(rpmPlugin plugin, rpmfi fi,
(!pre && action != FA_CREATE))
return RPMRC_OK;
- if (digest_list_counter) {
- if (!pre) {
- if (!strncmp(path, DIGEST_LIST_DEFAULT_PATH,
- sizeof(DIGEST_LIST_DEFAULT_PATH) - 1))
- digest_list_counter--;
- } else {
- digest_list_counter = 0;
- }
+ if (strncmp(path, DIGEST_LIST_DEFAULT_PATH,
+ sizeof(DIGEST_LIST_DEFAULT_PATH) - 1) ||
+ path[sizeof(DIGEST_LIST_DEFAULT_PATH) - 1] != '/')
+ return RPMRC_OK;
- if (digest_list_counter)
- return RPMRC_OK;
- }
+ if (!pre && --digest_list_counter)
+ return RPMRC_OK;
process_digest_list(cur_te, 0);
if (!strcmp(rpmteN(cur_te), "digest-list-tools"))
--
2.26.2

255
Generate-digest-lists-before-calling-genCpioListAndH.patch Normal file
View File

@ -0,0 +1,255 @@
From 2b0cab0ed63e77582b047f723b69a0e3dd647566 Mon Sep 17 00:00:00 2001
From: Roberto Sassu <roberto.sassu@huawei.com>
Date: Wed, 12 Aug 2020 18:23:42 +0200
Subject: [PATCH] Generate digest lists before calling genCpioListAndHeader()
Signed-off-by: luhuaxin <luhuaxin1@huawei.com>
---
build/files.c | 182 ++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 147 insertions(+), 35 deletions(-)
diff --git a/build/files.c b/build/files.c
index d1e56c0..5358ead 100644
--- a/build/files.c
+++ b/build/files.c
@@ -1000,20 +1000,149 @@ static int seenHardLink(FileRecords files, FileListRec flp, rpm_ino_t *fileid)
* @param pkg (sub) package
* @param isSrc pass 1 for source packages 0 otherwise
*/
-static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
+static void genDigestListInput(FileList fl, Package pkg, int isSrc)
{
FileListRec flp;
char buf[BUFSIZ];
char file_info[BUFSIZ];
char file_digest[128 * 2 + 1];
+ int i;
+ uint32_t defaultalgo = PGPHASHALGO_MD5, digestalgo;
+ Header h = pkg->header; /* just a shortcut */
+
+ /*
+ * See if non-md5 file digest algorithm is requested. If not
+ * specified, quietly assume md5. Otherwise check if supported type.
+ */
+ digestalgo = rpmExpandNumeric(isSrc ? "%{_source_filedigest_algorithm}" :
+ "%{_binary_filedigest_algorithm}");
+ if (digestalgo == 0) {
+ digestalgo = defaultalgo;
+ }
+
+ if (rpmDigestLength(digestalgo) == 0) {
+ rpmlog(RPMLOG_WARNING,
+ _("Unknown file digest algorithm %u, falling back to MD5\n"),
+ digestalgo);
+ digestalgo = defaultalgo;
+ }
+
+ /* Sort the big list */
+ if (fl->files.recs) {
+ qsort(fl->files.recs, fl->files.used,
+ sizeof(*(fl->files.recs)), compareFileListRecs);
+ }
+
+ /* Generate the header. */
+ for (i = 0, flp = fl->files.recs; i < fl->files.used; i++, flp++) {
+ /* Merge duplicate entries. */
+ while (i < (fl->files.used - 1) &&
+ rstreq(flp->cpioPath, flp[1].cpioPath)) {
+
+ /* Two entries for the same file found, merge the entries. */
+ /* Note that an %exclude is a duplication of a file reference */
+
+ /* file flags */
+ flp[1].flags |= flp->flags;
+
+ if (!(flp[1].flags & RPMFILE_EXCLUDE))
+ rpmlog(RPMLOG_WARNING, _("File listed twice: %s\n"),
+ flp->cpioPath);
+
+ /* file mode */
+ if (S_ISDIR(flp->fl_mode)) {
+ if ((flp[1].specdFlags & (SPECD_DIRMODE | SPECD_DEFDIRMODE)) <
+ (flp->specdFlags & (SPECD_DIRMODE | SPECD_DEFDIRMODE)))
+ flp[1].fl_mode = flp->fl_mode;
+ } else {
+ if ((flp[1].specdFlags & (SPECD_FILEMODE | SPECD_DEFFILEMODE)) <
+ (flp->specdFlags & (SPECD_FILEMODE | SPECD_DEFFILEMODE)))
+ flp[1].fl_mode = flp->fl_mode;
+ }
+
+ /* uid */
+ if ((flp[1].specdFlags & (SPECD_UID | SPECD_DEFUID)) <
+ (flp->specdFlags & (SPECD_UID | SPECD_DEFUID)))
+ {
+ flp[1].fl_uid = flp->fl_uid;
+ flp[1].uname = flp->uname;
+ }
+
+ /* gid */
+ if ((flp[1].specdFlags & (SPECD_GID | SPECD_DEFGID)) <
+ (flp->specdFlags & (SPECD_GID | SPECD_DEFGID)))
+ {
+ flp[1].fl_gid = flp->fl_gid;
+ flp[1].gname = flp->gname;
+ }
+
+ /* verify flags */
+ if ((flp[1].specdFlags & (SPECD_VERIFY | SPECD_DEFVERIFY)) <
+ (flp->specdFlags & (SPECD_VERIFY | SPECD_DEFVERIFY)))
+ flp[1].verifyFlags = flp->verifyFlags;
+
+ /* XXX to-do: language */
+
+ flp++; i++;
+ }
+
+ /* Skip files that were marked with %exclude. */
+ if (flp->flags & RPMFILE_EXCLUDE)
+ {
+ argvAdd(&pkg->fileExcludeList, flp->cpioPath);
+ continue;
+ }
+
+ buf[0] = '\0';
+ if (S_ISREG(flp->fl_mode) && !(flp->flags & RPMFILE_GHOST))
+ (void) rpmDoDigest(digestalgo, flp->diskPath, 1,
+ (unsigned char *)buf);
+ headerPutString(h, RPMTAG_FILEDIGESTS, buf);
+ snprintf(file_digest, sizeof(file_digest), "%s", buf);
+
+ if (check_fileList_bin_pkg && S_ISREG(flp->fl_mode) &&
+ !(flp->flags & RPMFILE_GHOST)) {
+ appendStringBuf(check_fileList_bin_pkg, "path=");
+ appendStringBuf(check_fileList_bin_pkg, flp->diskPath);
+ snprintf(file_info, sizeof(file_info),
+ "|digestalgopgp=%d|digest=%s|mode=%d"
+ "|uname=%s|gname=%s|caps=%s\n",
+ digestalgo, file_digest, flp->fl_mode,
+ rpmstrPoolStr(fl->pool, flp->uname),
+ rpmstrPoolStr(fl->pool, flp->gname), flp->caps &&
+ strlen(flp->caps) ? flp->caps : "");
+ appendStringBuf(check_fileList_bin_pkg, file_info);
+ }
+ }
+
+ if (genDigestList(pkg->header, fl, check_fileList_bin_pkg) > 0)
+ fl->processingFailed = 1;
+}
+
+/**
+ * Add file entries to header.
+ * @todo Should directories have %doc/%config attributes? (#14531)
+ * @todo Remove RPMTAG_OLDFILENAMES, add dirname/basename instead.
+ * @param fl package file tree walk data
+ * @param pkg (sub) package
+ * @param isSrc pass 1 for source packages 0 otherwise
+ */
+static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
+{
+ FileListRec flp;
+ char buf[BUFSIZ];
int i, npaths = 0;
int fail_on_dupes = rpmExpandNumeric("%{?_duplicate_files_terminate_build}") > 0;
uint32_t defaultalgo = PGPHASHALGO_MD5, digestalgo;
rpm_loff_t totalFileSize = 0;
Header h = pkg->header; /* just a shortcut */
- int processed = 0;
time_t source_date_epoch = 0;
char *srcdate = getenv("SOURCE_DATE_EPOCH");
+ struct rpmtd_s oldfiledigests;
+
+ headerGet(h, RPMTAG_FILEDIGESTS, &oldfiledigests, HEADERGET_ALLOC);
+ headerDel(h, RPMTAG_FILEDIGESTS);
+ rpmtdInit(&oldfiledigests);
/* Limit the maximum date to SOURCE_DATE_EPOCH if defined
* similar to the tar --clamp-mtime option
@@ -1080,9 +1209,8 @@ static void genCpioListAndHeader(FileList fl, Package pkg, int isSrc)
pkg->dpaths = xmalloc((fl->files.used + 1) * sizeof(*pkg->dpaths));
-process_files:
/* Generate the header. */
- for (i = processed, flp = fl->files.recs + processed; i < fl->files.used; i++, flp++) {
+ for (i = 0, flp = fl->files.recs; i < fl->files.used; i++, flp++) {
rpm_ino_t fileid = flp - fl->files.recs;
/* Merge duplicate entries. */
@@ -1212,13 +1340,17 @@ process_files:
if (fl->haveCaps) {
headerPutString(h, RPMTAG_FILECAPS, flp->caps);
}
-
+
buf[0] = '\0';
- if (S_ISREG(flp->fl_mode) && !(flp->flags & RPMFILE_GHOST))
- (void) rpmDoDigest(digestalgo, flp->diskPath, 1,
- (unsigned char *)buf);
- headerPutString(h, RPMTAG_FILEDIGESTS, buf);
- snprintf(file_digest, sizeof(file_digest), "%s", buf);
+ if (strstr(flp->diskPath, DIGEST_LIST_DIR) || !oldfiledigests.count) {
+ if (S_ISREG(flp->fl_mode) && !(flp->flags & RPMFILE_GHOST))
+ (void) rpmDoDigest(digestalgo, flp->diskPath, 1,
+ (unsigned char *)buf);
+ headerPutString(h, RPMTAG_FILEDIGESTS, buf);
+ } else {
+ headerPutString(h, RPMTAG_FILEDIGESTS,
+ rpmtdNextString(&oldfiledigests));
+ }
buf[0] = '\0';
if (S_ISLNK(flp->fl_mode)) {
@@ -1259,31 +1391,6 @@ process_files:
flp->flags &= PARSEATTR_MASK;
headerPutUint32(h, RPMTAG_FILEFLAGS, &(flp->flags) ,1);
-
- if (!processed && check_fileList_bin_pkg && S_ISREG(flp->fl_mode) &&
- !(flp->flags & RPMFILE_GHOST)) {
- appendStringBuf(check_fileList_bin_pkg, "path=");
- appendStringBuf(check_fileList_bin_pkg, flp->diskPath);
- snprintf(file_info, sizeof(file_info),
- "|digestalgopgp=%d|digest=%s|mode=%d"
- "|uname=%s|gname=%s|caps=%s\n",
- digestalgo, file_digest, flp->fl_mode,
- rpmstrPoolStr(fl->pool, flp->uname),
- rpmstrPoolStr(fl->pool, flp->gname), flp->caps &&
- strlen(flp->caps) ? flp->caps : "");
- appendStringBuf(check_fileList_bin_pkg, file_info);
- }
- }
-
- if (!processed) {
- if (genDigestList(pkg->header, fl, check_fileList_bin_pkg) > 0) {
- fl->processingFailed = 1;
- } else if (i < fl->files.used) {
- pkg->dpaths = xrealloc(pkg->dpaths,
- (fl->files.used + 1) * sizeof(*pkg->dpaths));
- processed = i;
- goto process_files;
- }
}
pkg->dpaths[npaths] = NULL;
@@ -1324,6 +1431,7 @@ process_files:
/* Binary packages with dirNames cannot be installed by legacy rpm. */
(void) rpmlibNeedsFeature(pkg, "CompressedFileNames", "3.0.4-1");
}
+ rpmtdFreeData(&oldfiledigests);
}
static FileRecords FileRecordsFree(FileRecords files)
@@ -2808,6 +2916,10 @@ static rpmRC processPackageFiles(rpmSpec spec, rpmBuildPkgFlags pkgFlags,
if (checkHardLinks(&fl.files))
(void) rpmlibNeedsFeature(pkg, "PartialHardlinkSets", "4.0.4-1");
+ genDigestListInput(&fl, pkg, 0);
+ if (fl.processingFailed)
+ goto exit;
+
genCpioListAndHeader(&fl, pkg, 0);
exit:
--
2.33.0

106
Remove-digest-list-from-the-kernel-during-package-re.patch Normal file
View File

@ -0,0 +1,106 @@
From 0f088c5c9efa8ab877455bc273d7e536c763f824 Mon Sep 17 00:00:00 2001
From: Roberto Sassu <roberto.sassu@huawei.com>
Date: Thu, 11 Mar 2021 11:59:45 +0100
Subject: [PATCH] Remove digest list from the kernel during package
reinstallation
Signed-off-by: luhuaxin <luhuaxin1@huawei.com>
---
plugins/digest_list.c | 36 +++++++++++++++++-------------------
1 file changed, 17 insertions(+), 19 deletions(-)
diff --git a/plugins/digest_list.c b/plugins/digest_list.c
index ca77282..63f8f1c 100644
--- a/plugins/digest_list.c
+++ b/plugins/digest_list.c
@@ -27,9 +27,6 @@
#define DIGEST_LIST_DEFAULT_PATH "/etc/ima/digest_lists"
#define RPM_PARSER "/usr/libexec/rpm_parser"
-#define DIGEST_LIST_OP_ADD 0
-#define DIGEST_LIST_OP_DEL 1
-
enum hash_algo {
HASH_ALGO_MD4,
HASH_ALGO_MD5,
@@ -372,12 +369,13 @@ out:
return ret;
}
-static int process_digest_list(rpmte te, int parser)
+static int process_digest_list(rpmte te, int parser, int pre)
{
char *path = NULL, *path_sig = NULL;
int digest_list_signed = 0;
struct stat st;
ssize_t size;
+ int type = rpmteType(te);
struct __user_cap_header_struct cap_header_data;
cap_user_header_t cap_header = &cap_header_data;
struct __user_cap_data_struct cap_data_data;
@@ -431,15 +429,7 @@ static int process_digest_list(rpmte te, int parser)
size = lgetxattr(path, XATTR_NAME_IMA, NULL, 0);
- /* Don't upload again if digest list was already processed */
- if ((rpmteType(te) == TR_ADDED && size > 0) ||
- (rpmteType(te) == TR_REMOVED && size < 0)) {
- rpmlog(RPMLOG_DEBUG, "digest_list: '%s' already processed, "
- "nothing to do\n", path);
- goto out;
- }
-
- if (rpmteType(te) == TR_ADDED) {
+ if (type == TR_ADDED && !pre && size < 0) {
if (!digest_list_signed) {
/* Write RPM header to the disk */
ret = write_rpm_digest_list(te, path);
@@ -472,12 +462,18 @@ static int process_digest_list(rpmte te, int parser)
ret = RPMRC_FAIL;
goto out;
}
+ } else if (type == TR_ADDED && pre) {
+ if (size < 0)
+ goto out;
+
+ /* rpm is overwriting the digest list, remove from the kernel */
+ type = TR_REMOVED;
}
/* Upload digest list to securityfs */
- upload_digest_list(path, rpmteType(te), digest_list_signed);
+ upload_digest_list(path, type, digest_list_signed);
- if (rpmteType(te) == TR_REMOVED) {
+ if (type == TR_REMOVED) {
if (!digest_list_signed) {
unlink(path);
goto out;
@@ -552,8 +548,10 @@ static rpmRC digest_list_file_common(rpmPlugin plugin, rpmfi fi,
if (!pre && res != RPMRC_OK)
return res;
- if ((pre && action != FA_ERASE) ||
- (!pre && action != FA_CREATE))
+ if (!pre && rpmteType(cur_te) != TR_ADDED)
+ return RPMRC_OK;
+
+ if (pre && action == FA_SKIP)
return RPMRC_OK;
if (strncmp(path, DIGEST_LIST_DEFAULT_PATH,
@@ -564,9 +562,9 @@ static rpmRC digest_list_file_common(rpmPlugin plugin, rpmfi fi,
if (!pre && --digest_list_counter)
return RPMRC_OK;
- process_digest_list(cur_te, 0);
+ process_digest_list(cur_te, 0, pre);
if (!strcmp(rpmteN(cur_te), "digest-list-tools"))
- process_digest_list(cur_te, 1);
+ process_digest_list(cur_te, 1, pre);
return RPMRC_OK;
}
--
2.33.0

57
Use-user.digest_list-to-avoid-duplicate-processing-o.patch
View File

@ -1,57 +0,0 @@
From e07cef55252fddf45ff39e264097c04a726d0d79 Mon Sep 17 00:00:00 2001
From: Roberto Sassu <roberto.sassu@huawei.com>
Date: Fri, 7 Aug 2020 09:32:27 +0200
Subject: [PATCH] Use user.digest_list to avoid duplicate processing of the
digest lists
---
plugins/digest_list.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/plugins/digest_list.c b/plugins/digest_list.c
index beb397309..9fcb5c4c5 100644
--- a/plugins/digest_list.c
+++ b/plugins/digest_list.c
@@ -417,7 +417,7 @@ static int process_digest_list(rpmte te, int parser)
DIGEST_LIST_DEFAULT_PATH, rpmteN(te), rpmteV(te),
rpmteR(te), rpmteA(te));
- size = lgetxattr(path, XATTR_NAME_IMA, NULL, 0);
+ size = lgetxattr(path, "user.digest_list", NULL, 0);
/* Don't upload again if digest list was already processed */
if ((rpmteType(te) == TR_ADDED && size > 0) ||
@@ -446,6 +446,14 @@ static int process_digest_list(rpmte te, int parser)
ret = RPMRC_FAIL;
goto out;
}
+
+ ret = lsetxattr(path, "user.digest_list", "1", 1, 0);
+ if (ret < 0)
+ rpmlog(RPMLOG_ERR, "digest_list: cannot add "
+ "user.digest_list to '%s'\n", path);
+ else
+ rpmlog(RPMLOG_DEBUG, "digest_list: user.digest_list "
+ "successfully added to '%s'\n", path);
}
/* Upload digest list to securityfs */
@@ -457,12 +465,12 @@ static int process_digest_list(rpmte te, int parser)
goto out;
}
- ret = lremovexattr(path, XATTR_NAME_IMA);
+ ret = lremovexattr(path, "user.digest_list");
if (ret < 0)
rpmlog(RPMLOG_ERR, "digest_list: cannot remove "
- "security.ima from '%s'\n", path);
+ "user.digest_list from '%s'\n", path);
else
- rpmlog(RPMLOG_DEBUG, "digest_list: security.ima "
+ rpmlog(RPMLOG_DEBUG, "digest_list: user.digest_list "
"successfully removed from '%s'\n", path);
}
out:
--
2.27.GIT

35
dont-remove-ima-xattr-of-parser-when-upgrading.patch Normal file
View File

@ -0,0 +1,35 @@
From 2c27c71952ce3ac61afeabd3ef4e1d182574e905 Mon Sep 17 00:00:00 2001
From: luhuaxin <luhuaxin1@huawei.com>
Date: Tue, 15 Mar 2022 20:54:06 +0800
Subject: [PATCH] dont remove ima xattr of parser when upgrading
Signed-off-by: luhuaxin <luhuaxin1@huawei.com>
---
plugins/digest_list.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/plugins/digest_list.c b/plugins/digest_list.c
index 0692b5b..1d7ef92 100644
--- a/plugins/digest_list.c
+++ b/plugins/digest_list.c
@@ -576,9 +576,16 @@ static rpmRC digest_list_file_common(rpmPlugin plugin, rpmfi fi,
if (!pre && --digest_list_counter)
return RPMRC_OK;
+ rpmlog(RPMLOG_DEBUG, "process ima digest, pre: %d, action: %d, teType: %d\n",
+ pre, action, rpmteType(cur_te));
process_digest_list(cur_te, 0, pre);
- if (!strcmp(rpmteN(cur_te), "digest-list-tools"))
+ if (!strcmp(rpmteN(cur_te), "digest-list-tools")) {
+ if (pre && rpmteType(cur_te) == TR_REMOVED)
+ return RPMRC_OK;
+
+ rpmlog(RPMLOG_DEBUG, "process parser digest\n");
process_digest_list(cur_te, 1, pre);
+ }
return RPMRC_OK;
}
--
2.33.0

7
rpm-selinux-plugin-check-context-file-exist.patch
View File

@ -1,15 +1,14 @@
From 91d2535bb150a4e98ac72f87896f4acadda293d0 Mon Sep 17 00:00:00 2001 From 55708fd5822a3e4bf5537002a648f32cb0a6e07e Mon Sep 17 00:00:00 2001
From: luhuaxin <1539327763@qq.com> From: luhuaxin <1539327763@qq.com>
Date: Tue, 26 Oct 2021 18:39:46 +0800 Date: Tue, 26 Oct 2021 18:39:46 +0800
Subject: [PATCH] rpm selinux plugin check context file exist Subject: [PATCH] rpm selinux plugin check context file exist
Signed-off-by: lujie54 <lujie54@huawei.com>
--- ---
plugins/selinux.c | 3 ++- plugins/selinux.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-) 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/plugins/selinux.c b/plugins/selinux.c diff --git a/plugins/selinux.c b/plugins/selinux.c
index 7c1a0da..c909d18 100644 index 1254517..fb8b7a2 100644
--- a/plugins/selinux.c --- a/plugins/selinux.c
+++ b/plugins/selinux.c +++ b/plugins/selinux.c
@@ -63,7 +63,8 @@ static rpmRC selinux_tsm_pre(rpmPlugin plugin, rpmts ts) @@ -63,7 +63,8 @@ static rpmRC selinux_tsm_pre(rpmPlugin plugin, rpmts ts)
@ -23,5 +22,5 @@ index 7c1a0da..c909d18 100644
} }
-- --
1.8.3.1 2.23.0

28
rpm.spec
View File

@ -1,6 +1,6 @@
Name: rpm Name: rpm
Version: 4.17.0 Version: 4.17.0
Release: 4 Release: 5
Summary: RPM Package Manager Summary: RPM Package Manager
License: GPLv2+ License: GPLv2+
URL: http://www.rpm.org/ URL: http://www.rpm.org/
@ -15,20 +15,28 @@ Patch6: bugfix-rpm-4.14.2-wait-once-get-rpmlock-fail.patch
Patch7: Generate-digest-lists.patch Patch7: Generate-digest-lists.patch
Patch8: Add-digest-list-plugin.patch Patch8: Add-digest-list-plugin.patch
Patch9: Don-t-add-dist-to-release-if-it-is-already-there.patch Patch9: Don-t-add-dist-to-release-if-it-is-already-there.patch
Patch10: Use-user.digest_list-to-avoid-duplicate-processing-o.patch Patch10: Generate-digest-lists-before-calling-genCpioListAndH.patch
Patch11: call-process_digest_list-after-files-are-added.patch Patch11: call-process_digest_list-after-files-are-added.patch
Patch12: fix-lsetxattr-error-in-container.patch Patch12: fix-lsetxattr-error-in-container.patch
Patch13: get-in-use-of-ndb.patch Patch13: rpm-selinux-plugin-check-context-file-exist.patch
Patch14: backport-Use-root-as-default-UID_0_USER-and-UID_0_GROUP.patch Patch14: get-in-use-of-ndb.patch
Patch15: still-in-use-of-python-scripts-from-old-version.patch Patch15: still-in-use-of-python-scripts-from-old-version.patch
Patch16: rpm-selinux-plugin-check-context-file-exist.patch Patch16: Add-loongarch-architecture-support.patch
Patch17: Fix-digest_list_counter.patch
Patch18: Check-rpm-parser.patch
Patch19: Remove-digest-list-from-the-kernel-during-package-re.patch
Patch20: Add-license-to-digest_list.c.patch
Patch21: Avoid-generating-digest-lists-if-they-are-already-pa.patch
Patch22: dont-remove-ima-xattr-of-parser-when-upgrading.patch
Patch6000: backport-Use-root-as-default-UID_0_USER-and-UID_0_GROUP.patch
BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel BuildRequires: gcc autoconf automake libtool make gawk popt-devel openssl-devel readline-devel
BuildRequires: zlib-devel libzstd-devel xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel BuildRequires: zlib-devel libzstd-devel xz-devel bzip2-devel libarchive-devel ima-evm-utils-devel
BuildRequires: dbus-devel fakechroot elfutils-devel elfutils-libelf-devel ima-evm-utils BuildRequires: dbus-devel fakechroot elfutils-devel elfutils-libelf-devel ima-evm-utils
BuildRequires: lua-devel libcap-devel libacl-devel libselinux-devel file-devel gettext-devel ncurses-devel BuildRequires: lua-devel libcap-devel libacl-devel libselinux-devel file-devel gettext-devel ncurses-devel
BuildRequires: system-rpm-config dwz gnupg2 debugedit BuildRequires: system-rpm-config dwz gnupg2 debugedit
Requires: coreutils popt curl zstd libcap crontabs logrotate Requires: coreutils popt curl zstd >= 1.5.0-1 libcap crontabs logrotate
Obsoletes: %{name}-build-libs %{name}-sign-libs %{name}-sign %{name}-cron Obsoletes: %{name}-build-libs %{name}-sign-libs %{name}-sign %{name}-cron
Provides: %{name}-build-libs %{name}-sign-libs %{name}-sign %{name}-cron Provides: %{name}-build-libs %{name}-sign-libs %{name}-sign %{name}-cron
Obsoletes: %{name}-plugin-selinux %{name}-plugin-syslog %{name}-plugin-systemd-inhibit < 4.15.1-28 %{name}-plugin-ima %{name}-plugin-prioreset Obsoletes: %{name}-plugin-selinux %{name}-plugin-syslog %{name}-plugin-systemd-inhibit < 4.15.1-28 %{name}-plugin-ima %{name}-plugin-prioreset
@ -261,9 +269,9 @@ make check || (cat tests/rpmtests.log; exit 0)
%{_rpmconfigdir}/*deps* %{_rpmconfigdir}/*deps*
%{_rpmconfigdir}/*.prov %{_rpmconfigdir}/*.prov
%{_rpmconfigdir}/*.req %{_rpmconfigdir}/*.req
%{_rpmconfigdir}/config.*
%{_rpmconfigdir}/mkinstalldirs %{_rpmconfigdir}/mkinstalldirs
%{_rpmconfigdir}/fileattrs/* %{_rpmconfigdir}/fileattrs/*
%{_rpmconfigdir}/config.*
%files -n python3-%{name} %files -n python3-%{name}
%defattr(-,root,root) %defattr(-,root,root)
@ -291,6 +299,12 @@ make check || (cat tests/rpmtests.log; exit 0)
%{_mandir}/man1/gendiff.1* %{_mandir}/man1/gendiff.1*
%changelog %changelog
* Tue Aug 09 2022 renhongxun<renhongxun@h-partners.com> - 4.17.0-5
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:sync changes from openEuler-22.03-LTS
*Sat Jun 25 2022 lujie<lujie54@huawei.com> - 4.17.0-4 *Sat Jun 25 2022 lujie<lujie54@huawei.com> - 4.17.0-4
- Type:bugfix - Type:bugfix
- ID:NA - ID:NA