From: Mark Hatle <mark.hatle@windriver.com>
To: Markus Lehtonen <markus.lehtonen@linux.intel.com>,
<openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH 1/3] package_rpm: support signing of rpm packages
Date: Thu, 27 Aug 2015 06:55:53 -0500 [thread overview]
Message-ID: <55DEFAC9.3010601@windriver.com> (raw)
In-Reply-To: <D204584A.577A5%markus.lehtonen@linux.intel.com>
[-- Attachment #1: Type: text/plain, Size: 993 bytes --]
On 8/26/15 10:11 PM, Markus Lehtonen wrote:
>> Without pasting the whole patch:
>>
>> --- createrepo-0.4.11.orig/dumpMetadata.py
>> +++ createrepo-0.4.11/dumpMetadata.py
>> @@ -92,7 +92,7 @@ def returnHdr(ts, package):
>> - ts.setVSFlags((rpm.RPMVSF_NOMD5|rpm.RPMVSF_NEEDPAYLOAD))
>> +
>> ts.setVSFlags((rpm.RPMVSF_NOMD5|rpm.RPMVSF_NEEDPAYLOAD|rpm.RPMVSF_NODSA|rp
>> m.RPMVSF_NORSA|rpm.RPMVSF_NODSAHEADER|rpm.RPMVSF_NORSAHEADER))
>>
>> I can send up this change if you think it's useful in this case (and would
>> eliminate these steps.)
>
> I can introduce a separate patch in the next version of this patchset.
>
The patch we use is attached. (it's just a patch, not a proper git commit..)
>
>
>>
>> (The reason I question the steps is purely because we've seen in the past
>> these
>> temporary RPM databases seem to be fragile at times. So anything we can
>> do to
>> avoid that is probably good.)
>
> Yes.
>
>
> Thanks,
> Markus
>
>
[-- Attachment #2: createrepo-skipsigned.patch --]
[-- Type: text/plain, Size: 1149 bytes --]
createrepo: Disable GPG signature validation
If the packages are signed, and the signature is not in the rpm-native
RPMDB, an error will occur. We want to avoid this failure mode
when building the native version of createrepo.
This only affects the feed generation and will not change any later
validations during use/install from the package feed.
Upstream-status: Inappropriate [no longer maintained version]
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Index: createrepo-0.4.11/dumpMetadata.py
===================================================================
--- createrepo-0.4.11.orig/dumpMetadata.py
+++ createrepo-0.4.11/dumpMetadata.py
@@ -92,7 +92,7 @@ def returnHdr(ts, package):
fdno = package # let's assume this is an fdno and go with it :)
except OSError:
raise MDError, "Error opening file"
- ts.setVSFlags((rpm.RPMVSF_NOMD5|rpm.RPMVSF_NEEDPAYLOAD))
+ ts.setVSFlags((rpm.RPMVSF_NOMD5|rpm.RPMVSF_NEEDPAYLOAD|rpm.RPMVSF_NODSA|rpm.RPMVSF_NORSA|rpm.RPMVSF_NODSAHEADER|rpm.RPMVSF_NORSAHEADER))
try:
hdr = ts.hdrFromFdno(fdno)
except rpm.error:
next prev parent reply other threads:[~2015-08-27 11:56 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-26 11:18 [PATCH 0/3] Sign packages in RPM feeds Markus Lehtonen
2015-08-26 11:18 ` [PATCH 1/3] package_rpm: support signing of rpm packages Markus Lehtonen
2015-08-26 15:04 ` Mark Hatle
2015-08-27 3:11 ` Markus Lehtonen
2015-08-27 11:55 ` Mark Hatle [this message]
2015-08-26 11:18 ` [PATCH 2/3] os-release: add the public package-signing key Markus Lehtonen
2015-08-26 11:18 ` [PATCH 3/3] package_manager: support for signed RPM package feeds Markus Lehtonen
2015-08-26 15:10 ` Mark Hatle
2015-08-27 4:27 ` Markus Lehtonen
2015-08-27 12:03 ` Mark Hatle
2015-08-28 10:05 ` Markus Lehtonen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55DEFAC9.3010601@windriver.com \
--to=mark.hatle@windriver.com \
--cc=markus.lehtonen@linux.intel.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox