rpms
/
dnf
20
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

import dnf-4.20.0-8.el10

Browse Source
i10cs changed/i10cs/dnf-4.20.0-8.el10
MSVSphere Packaging Team 4 months ago
commit 1ce74ae900
Signed by: sys_gitsync
GPG Key ID: B2B0B9F29E528FE8
13 changed files with 3762 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
.dnf.metadata
Unescape View File

@ -0,0 +1 @@
4095a2937f72ac4c20f624cc3bfc8cb32e89c715 SOURCES/dnf-4.20.0.tar.gz

1
.gitignore vendored
Unescape View File

@ -0,0 +1 @@
SOURCES/dnf-4.20.0.tar.gz

38
SOURCES/0001-man-Improve-upgrade-minimal-command-docs-RHEL-6417.patch
Unescape View File

@ -0,0 +1,38 @@
From 4a2b425d3f0b7ea95f9584834e86a15ad3c447ab Mon Sep 17 00:00:00 2001
From: Jan Kolarik <jkolarik@redhat.com>
Date: Tue, 30 Apr 2024 06:50:14 +0000
Subject: [PATCH] man: Improve upgrade-minimal command docs (RHEL-6417)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Making the man pages for the `upgrade-minimal` command clearer about how packages with advisories are upgraded.
Resolves: https://issues.redhat.com/browse/RHEL-6417
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
doc/command_ref.rst | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/doc/command_ref.rst b/doc/command_ref.rst
index 71917f75..25431ca1 100644
--- a/doc/command_ref.rst
+++ b/doc/command_ref.rst
@@ -1759,11 +1759,11 @@ Upgrade-Minimal Command
| Deprecated aliases: ``update-minimal``
``dnf [options] upgrade-minimal``
- Updates each package to the latest available version that provides a bugfix, enhancement
- or a fix for a security issue (security).
+ Updates each package to the nearest available version that provides
+ a bugfix, enhancement or a fix for a security issue (security).
``dnf [options] upgrade-minimal <package-spec>...``
- Updates each specified package to the latest available version that provides
+ Updates each specified package to the nearest available version that provides
a bugfix, enhancement or a fix for security issue (security). Updates
dependencies as necessary.
--
2.45.2

135
SOURCES/0002-Limit-queries-to-nevra-forms-when-provided-by-comman.patch
Unescape View File

@ -0,0 +1,135 @@
From b3b9b3a48ca5efd9935f3f12bb65530a51ade09c Mon Sep 17 00:00:00 2001
From: Jaroslav Mracek <jmracek@redhat.com>
Date: Wed, 22 May 2024 11:09:34 +0200
Subject: [PATCH] Limit queries to nevra forms when provided by command
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Command `dnf install-n <provide>` does not install only according
to package mame but still search in provides. The patch limits
searrch only to NEVRA forms for install, remove, autoremove,
and repoquery commands.
Resolves partially: https://issues.redhat.com/browse/RHEL-5747
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
dnf/base.py | 14 ++++++++++++--
dnf/cli/commands/repoquery.py | 5 +++--
doc/api_base.rst | 6 +++++-
doc/command_ref.rst | 7 +++++--
4 files changed, 25 insertions(+), 7 deletions(-)
diff --git a/dnf/base.py b/dnf/base.py
index a6b35746..dac3cefd 100644
--- a/dnf/base.py
+++ b/dnf/base.py
@@ -2064,9 +2064,14 @@ class Base(object):
def install(self, pkg_spec, reponame=None, strict=True, forms=None):
# :api
"""Mark package(s) given by pkg_spec and reponame for installation."""
+ kwargs = {'forms': forms, 'with_src': False}
+ if forms:
+ kwargs['with_nevra'] = True
+ kwargs['with_provides'] = False
+ kwargs['with_filenames'] = False
subj = dnf.subject.Subject(pkg_spec)
- solution = subj.get_best_solution(self.sack, forms=forms, with_src=False)
+ solution = subj.get_best_solution(self.sack, **kwargs)
if self.conf.multilib_policy == "all" or subj._is_arch_specified(solution):
q = solution['query']
@@ -2306,8 +2311,13 @@ class Base(object):
def remove(self, pkg_spec, reponame=None, forms=None):
# :api
"""Mark the specified package for removal."""
+ kwargs = {'forms': forms}
+ if forms:
+ kwargs['with_nevra'] = True
+ kwargs['with_provides'] = False
+ kwargs['with_filenames'] = False
- matches = dnf.subject.Subject(pkg_spec).get_best_query(self.sack, forms=forms)
+ matches = dnf.subject.Subject(pkg_spec).get_best_query(self.sack, **kwargs)
installed = [
pkg for pkg in matches.installed()
if reponame is None or
diff --git a/dnf/cli/commands/repoquery.py b/dnf/cli/commands/repoquery.py
index 83b52a8a..41dd688e 100644
--- a/dnf/cli/commands/repoquery.py
+++ b/dnf/cli/commands/repoquery.py
@@ -461,9 +461,10 @@ class RepoQueryCommand(commands.Command):
if self.opts.key:
remote_packages = self._add_add_remote_packages()
- kwark = {}
+ kwark = {'with_provides': False}
if self.opts.command in self.nevra_forms:
kwark["forms"] = [self.nevra_forms[self.opts.command]]
+ kwark['with_filenames'] = False
pkgs = []
query_results = q.filter(empty=True)
@@ -474,7 +475,7 @@ class RepoQueryCommand(commands.Command):
for key in self.opts.key:
query_results = query_results.union(
dnf.subject.Subject(key, ignore_case=True).get_best_query(
- self.base.sack, with_provides=False, query=q, **kwark))
+ self.base.sack, query=q, **kwark))
q = query_results
if self.opts.recent:
diff --git a/doc/api_base.rst b/doc/api_base.rst
index 389b28ec..95d2d570 100644
--- a/doc/api_base.rst
+++ b/doc/api_base.rst
@@ -280,7 +280,11 @@
.. method:: install(pkg_spec, reponame=None, strict=True, forms=None)
Mark packages matching `pkg_spec` for installation.
- `reponame` can be a name of a repository or a list of repository names. If given, the selection of available packages is limited to packages from these repositories. If strict is set to False, the installation ignores packages with dependency solving problems. Parameter `forms` has the same meaning as in :meth:`dnf.subject.Subject.get_best_query`.
+ `reponame` can be a name of a repository or a list of repository names. If given, the selection of available
+ packages is limited to packages from these repositories. If strict is set to False, the installation ignores
+ packages with dependency solving problems. Parameter `forms` is list of pattern forms from `hawkey`_.
+ Leaving the parameter to ``None`` results in using a reasonable default list of forms. When forms is specified,
+ method will not match `pkg_spec` with provides and file provides.
.. method:: package_downgrade(pkg, strict=False)
diff --git a/doc/command_ref.rst b/doc/command_ref.rst
index 25431ca1..5fba2ebf 100644
--- a/doc/command_ref.rst
+++ b/doc/command_ref.rst
@@ -857,7 +857,8 @@ Install Command
are considered correct, the resulting package is picked simply by lexicographical order.
There are also a few specific install commands ``install-n``, ``install-na`` and
- ``install-nevra`` that allow the specification of an exact argument in the NEVRA format.
+ ``install-nevra`` that allow the specification of an exact argument in the NEVRA format. As a consequence, <spec>
+ will be not matched with provides and file provides.
See also :ref:`\configuration_files_replacement_policy-label`.
@@ -1191,7 +1192,8 @@ Remove Command
Removes old installonly packages, keeping only latest versions and version of running kernel.
There are also a few specific remove commands ``remove-n``, ``remove-na`` and ``remove-nevra``
- that allow the specification of an exact argument in the NEVRA format.
+ that allow the specification of an exact argument in the NEVRA format. As a consequence, <spec>
+ will be not matched with provides and file provides.
Remove Examples
---------------
@@ -1255,6 +1257,7 @@ Repoquery Command
There are also a few specific repoquery commands ``repoquery-n``, ``repoquery-na`` and ``repoquery-nevra``
that allow the specification of an exact argument in the NEVRA format (does not affect arguments of options like --whatprovides <arg>, ...).
+ As a consequence, <spec> will be not matched with file provides.
Select Options
--------------
--
2.45.2

31
SOURCES/0003-doc-Remove-provide-of-spec-definition-for-repoquery-.patch
Unescape View File

@ -0,0 +1,31 @@
From f211e1a41a3d3180481e930836ee1a52a7a32487 Mon Sep 17 00:00:00 2001
From: Jaroslav Mracek <jmracek@redhat.com>
Date: Thu, 23 May 2024 11:25:29 +0200
Subject: [PATCH] [doc] Remove provide of spec definition for repoquery command
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Repoquery command never matched spec with provides.
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
doc/command_ref.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/command_ref.rst b/doc/command_ref.rst
index 5fba2ebf..5684b061 100644
--- a/doc/command_ref.rst
+++ b/doc/command_ref.rst
@@ -1266,7 +1266,7 @@ Together with ``<package-file-spec>``, control what packages are displayed in th
packages to those matching the specification. All packages are considered if no ``<package-file-spec>`` is specified.
``<package-file-spec>``
- Package specification in the NEVRA format (name[-[epoch:]version[-release]][.arch]), a package provide or a file provide. See :ref:`Specifying Packages
+ Package specification in the NEVRA format (name[-[epoch:]version[-release]][.arch]) or a file provide. See :ref:`Specifying Packages
<specifying_packages-label>`.
``-a``, ``--all``
--
2.45.2

81
SOURCES/0004-Drop-collect-file-for-ABRT.patch
Unescape View File

@ -0,0 +1,81 @@
From 78e2838c62bb842cdd6f3adc26e246b97cb7292d Mon Sep 17 00:00:00 2001
From: Jaroslav Mracek <jmracek@redhat.com>
Date: Tue, 11 Jun 2024 16:02:21 +0200
Subject: [PATCH] Drop collect file for ABRT
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
It looks like that it is not required anymore
Resolve: https://issues.redhat.com/browse/RHEL-40382
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
dnf.spec | 2 --
etc/CMakeLists.txt | 1 -
etc/collect_dnf.conf | 24 ------------------------
3 files changed, 27 deletions(-)
delete mode 100644 etc/collect_dnf.conf
diff --git a/dnf.spec b/dnf.spec
index b3b30529..7bc90c5d 100644
--- a/dnf.spec
+++ b/dnf.spec
@@ -103,7 +103,6 @@ Conflicts: python3-dnf-plugins-extras-common < %{conflicts_dnf_plugins_extr
%package data
Summary: Common data and configuration files for DNF
-Requires: libreport-filesystem
%if %{with dnf5_obsoletes_dnf}
Requires: /etc/dnf/dnf.conf
%endif
@@ -336,7 +335,6 @@ popd
%{_mandir}/man5/%{name}.conf.5*
%endif
%{_tmpfilesdir}/%{name}.conf
-%{_sysconfdir}/libreport/events.d/collect_dnf.conf
%files -n %{yum_subpackage_name}
%if "%{yum_compat_level}" == "full"
diff --git a/etc/CMakeLists.txt b/etc/CMakeLists.txt
index c7814205..27e3c8ed 100644
--- a/etc/CMakeLists.txt
+++ b/etc/CMakeLists.txt
@@ -1,4 +1,3 @@
-INSTALL (FILES "collect_dnf.conf" DESTINATION ${SYSCONFDIR}/libreport/events.d/)
ADD_SUBDIRECTORY (bash_completion.d)
ADD_SUBDIRECTORY (dnf)
ADD_SUBDIRECTORY (logrotate.d)
diff --git a/etc/collect_dnf.conf b/etc/collect_dnf.conf
deleted file mode 100644
index b99721b1..00000000
--- a/etc/collect_dnf.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-EVENT=notify component=dnf
- # there has to be a comment here, otherwise
- # the next line is interpreted as a condition
- function fetch()
- {
- for log in $*; do
- new_name=${log//\//_}
- cp $log $new_name
- done
- }
-
- logs=`find /var/cache/dnf -iname '*.log'`
- fetch $logs
- fetch /var/log/dnf.log
- # this would fail for a non-priviledged user
- journalctl _SYSTEMD_UNIT=dnf-makecache.service &>dnf-makecache.log
- fetch /var/log/dnf.transaction.log
- if [[ -r username ]]; then
- username=`cat username`
- if [[ $username != "root" ]]; then
- logs=`find /var/tmp -path "/var/tmp/dnf-${username}-*" -iname '*.log'`
- fetch $logs
- fi
- fi
--
2.45.2

162
SOURCES/0005-tests-Use-PGP-keys-without-SHA-1.patch
Unescape View File

@ -0,0 +1,162 @@
From b23e3fbd8747fdf89c2a90d6ffd899fc53378aa3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Tue, 23 Jul 2024 14:56:46 +0200
Subject: [PATCH] tests: Use PGP keys without SHA-1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Tests failed on RHEL 10 where SHA-1 is disabled in a DEFAULT crypto
policy and where librepo is configured to use rpm-sequoia which
respects the crypto policy (in contrast to gpgme):
1: ======================================================================
1: FAIL: test_rawkey2infos (tests.test_crypto.CryptoTest.test_rawkey2infos)
1: ----------------------------------------------------------------------
1: Traceback (most recent call last):
1: File "/home/test/rhel/dnf/dnf-4.20.0/tests/test_crypto.py", line 75, in test_rawkey2infos
1: self.assertEqual(info.userid, 'Dandy Fied <dnf@example.com>')
1: AssertionError: '' != 'Dandy Fied <dnf@example.com>'
1: + Dandy Fied <dnf@example.com>
The root cause was that tests/keys/key.pub used the SHA-1 digest
algorithm.
This patch replaces that key with a 4096-bit RSA key signed using
SHA-384 digest algorithm.
Resolves: https://issues.redhat.com/browse/RHEL-50218
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
tests/keys/key.pub | 75 ++++++++++++++++++++++++++++----------------
tests/test_crypto.py | 14 ++++-----
2 files changed, 55 insertions(+), 34 deletions(-)
diff --git a/tests/keys/key.pub b/tests/keys/key.pub
index 1b4ad15b7..750e51ac1 100644
--- a/tests/keys/key.pub
+++ b/tests/keys/key.pub
@@ -1,30 +1,51 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1
-mQENBFP0iHYBCADWDO8H+0nIqGgTUisRjjWj9zknXks8PgGIyWydBSjJh84d3lqw
-Tv+RAxClR2j1YBoyMGT9DxN7NwzneQ6Rj4pIP+Z9LYPA7TFYXiSIws1n0MIXIQWV
-Z54H4OzrTHp1B+G2Ykjp2e7/JHvhsPGsRkj4a7zZQGK9xscVTKovAg/PSsBiSGDw
-S2b5kId0UmKRO01FtKPLMRi2Q645d093hHRa3FRv4g99uS3xMZCUUTp3+oV3CEGO
-J4qnKtl5l09RSubZ1gJRtEaHayYzRYq0AngJCSZwEjfNY/RLpe8Fy2zraTtAl/cB
-jC0wIX0BCMuGq5/few7f7InFZIC9XA6Vj/NrABEBAAG0HERhbmR5IEZpZWQgPGRu
-ZkBleGFtcGxlLmNvbT6JATgEEwECACIFAlP0iHYCGwMGCwkIBwMCBhUIAgkKCwQW
-AgMBAh4BAheAAAoJECQ2KoSSUwyO/GUIAK3cUWelkvcLVbeuWxceE1PtWouA8ovJ
-0wJPJv8tScwguTqiZ3ZWOzuLar6e76JEAGiuCZcbrMaNRfydBC64+6lgLpSG3CXJ
-4cXvCD/XkO0DOrWR+TObdoFClgZHwyTpPaBgusVi6pAh8ngphqkVJsn0BRxWQL7u
-WL1g/kvVnd2zbhSpWpgcTvG7ZGINR+zv9yYwr2/Pi1cos0nB7LZjzXClUELLOI1L
-bCtiMYGGiGTOr7US9bmY0Ll0e9foZ/dpqMGeFVRX9ax4LMxNYukmu9UzCxX5HKQl
-os7mZBG1oqvpLMkqcUGn0Na/VxMg+xdPSgiUC/42v3PCvV/fEc3Un7y5AQ0EU/SI
-dgEIANI9gtGtLM6g6Roacdd9xpI+YXey/Nm13NyYcnSLdZdiLQt2ctgyBq8tujSf
-uBmFVujkN0xuV9GCMl8LTbdmF64DVoLLZbWGZIGEiyY3+8lSSh5urgxFrmy6HXUL
-qRpK28aBVP0DuQWgObH/+SJmKXx+c1nfq9zlAIdwTDd/j/IOWnYzFQiJns3hzMmf
-ptnw7gf5P86L0Bq/LMxPXtI0wlJC3NZNU3zKcw0feAbjN77tI8Yc3hOtaMFFVL+Z
-r8zzQXiPrBSlBH/i9cC3O18+3K4PW0LEkRfOBKxMaQhWc1K/VRMbErcXAzVGr3WC
-WXwRW+5gfvhppJbB1guklJk07N0AEQEAAYkBHwQYAQIACQUCU/SIdgIbDAAKCRAk
-NiqEklMMjjS/B/4+207VxTN/42Xx7ZYIdJYp5cZJn3lqHzYhnUrq126EsFzHuRry
-izumAcvLur+dpmOHsqtcocL5s80X6VBG/rgdwHS5Zfnx7SLPk/fK+KwM888jhI67
-616kipZxH0G28+jzRvY5urfCj91b23l4x/upkCpvMQPus520RiQutJBFLgMP4Q8Z
-hlSi13h8bGGgj1JgOgkql8QD/MGuIEcH/0agqSauedtM7h09+UkO/3m2Zd6q5tpH
-3qBcnwiUiq848s7AnUuSF4+ORwJf06sZC1QtmBf/NCVB18mfpa5VY+2XXtX9Nzmd
-HK40HDRIXyBP4BZN6axx1yflGUFGBO+oyGS3
-=qEyr
+mQINBGafpaEBEADQ/43UehLphv0oCUyoiAOrwnoORINcAexTnWioWoYTe4nwIzcg
+9BMFHhkR6Q+F5IIn4iAEFpVazWeluvfylSiJonYvJtg71Adnmjl1AcZwjC1VO0GX
+YZ1vUbuJU28QYf6EOwf979JQfDrle4hVp6Et3cgE25KN1b+L+1BgilMZjCCwgoDt
+5l+4HhVrO35g8xr0ph38Y5EKbQPFlnOj17INtNfM1o2vkaOXz3QF75nTpevwbsHh
+eh8mno/JZZTeNSOMUX4jmyTN1Fl57EGqzE/OUTNH84H3+b8XrqjabhDVHL1l9YXr
+2tOm80jg5r7DDdNENyMImdTxiyXszktwkCXTofkZlbw3zGHVywx/Ozyjvl3Kg36T
+tly+3a0Z7FMJx71VMHOeA7YmDXHs03DPp4zaqhc31dlS+hKlZ7keZfDaqAY6Zjef
+pD2Lpl0x2ckGfA/AdZJG//pPRv1/qqPyVo7M9p4PtZoRx6H43MkRbyfA9EamnWRg
+oJUFfdrkPmAGRex7F2gOPslPBAcWHjyQHlYhOLct61OqjAyOzMo6aKMMbRGDmvp2
+nU+hORP8mt0dvZa5cvrDBCwya4pL+O+zVs8tukj7JkGy076kugpN2RKy9CY7ulDr
+YB88+22+cOUrt3i0wWL35FdE6WrYmHKcaIgbwFyJIZFKgcw0jLZYQpe8xwARAQAB
+tBxEYW5keSBGaWVkIDxkbmZAZXhhbXBsZS5jb20+iQJRBBMBCQA7FiEEiPvOQkup
+lSoUGmope1RDrqpvAfMFAmafpaECGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcC
+F4AACgkQe1RDrqpvAfPFvQ/+NLKjntG9DXVUvt6lh1c6B1Qkc+NrNRGQB1B0LzNa
+HoJSumryG6vOdOj/E7ubLSG5n0infuvO6K0b36uM3fcbZYdFiDENwwE4bO2zVZwe
+l+8a1h52qmNtCR2cLC+UydlRjLziqXjG7+nsjuMYAopD8zL1/MM9m0aoZwQPB1zY
+zXUNbwJ5BrgRi2EpfDC0qzbQPUY7YMPn0qN0tiF07u2FyML2kEqZLzy9ouB79uIx
+h15OZywYun6U9L9uXBR/bfy+f0XmQ0o5DVu66Jtl75SEPnvi7TDT1MUWb0x/D38u
+zP8Cx17hODUTUfh4fzHKB4JxqravP/mvjmdJWom0dzIWLn2P93wfhkku/gJ3Sx9w
+aTyqIV5cwBS1RjE/hFzC3qZZe41D681IBQ4K04NzDVrhiE7bcXIokgGwNbXQwzMx
+tyuerTlkcNHfwmUIQwwfKuRql74Tod4vQexdhc4eLlCzhiiAYzF9kNlDwg25q31c
+hJ09hCiS7ftFjJu9RZEWmrQvNRnIA2OVeLJgB9Wr2g7+7LqSDKqTDQSF11wUli7G
+WqimdHZk+piCAdOOE3buHpeGZAo7XkpezEV8vwB+ZzVdMj2CqJFSaQbMH26T6zeE
+h94KW09Ymg5MrZaNHf9hba5MiGw0ybF4Wix7OEMx2+a5D+x/XSONpK9YHPsWYe8D
+vH25Ag0EZp+loQEQALYxwRwyPF1s5HCAHbxyh5v9/N/C+Lz1U40QfLMQIp/w17EH
+2PrvGgAcvYNnxmwdFkAdJj8rb+T42C3IUxzjYMaZLwnfUtuUvjxdFxm2mqQ0BiEw
+y3wdvnNEafKnLW+BG4aEpoExnmobPLsWSvQFjpZp38Hyu4QZU1PsxX1rdkB9xeQz
+pCIVPSJDfVFkTSHwTrXigWMuHLq6xWzTTXh++dtOBCmRA4UObMtJo6BAZeZxJxyj
+S+szUgskkNADC7SUbokFG6JIvEOVUM8jSlVM11qs5NqIFyKPqQqwD0biohbmREj7
+yDp+r6b6jKm+ArWHW3Hqa2jYMfGxoC9Cs4pMnp0L+Bklc0kfyPtIE2WFvdCexm2c
+bml8S0v7DbN5J0YuptRP+8lqKMsjc7N3Apu/KqYmmkd9FLMu/YFbECO7ySR9Dtsw
+CDHWuz5m5TdZjP5YCD3G+fyLv2e5O8TjOQwuqIBD9OOdrynhT5A1v4Tnb1/9NHyJ
+Tz18/FJbFKBHJVLklYApOXumkwNoA8jFvqhZSAcg1AqPQnMQpdUMAeeGpObn2H9g
+yUsULefA04GPcLfFfubBeAKhL01rb48jkWiW8CGntGpWsxwlYEd4tcxLf7Td0LV2
+xXZAIswRaqFeS2E2+znc9m05qVus1jE1Ioj/TuOVMtq6BQN+7o/JHXMiLQ2ZABEB
+AAGJAjYEGAEJACAWIQSI+85CS6mVKhQaail7VEOuqm8B8wUCZp+loQIbDAAKCRB7
+VEOuqm8B87UmEACFBvl5GXcgv2MpHvgiWTjsP4o+a1UnVLIZr5R/ebR9r6gRonET
+ISI9SWIp8FC5bGBhssN8FfOwoFiVKIiloP+TXnTcHtgn/ZrO93YlmfTlihfGH9pw
+52SGN3veu5JiU2wVO2SnOBDyKJiJLde8FhjtBIN+zcL4kT803EZgVsxW9eMMD5kA
+Ngdm5/UqvkvgWuHgSLP6OHsoxK7DdVScNC1u9mWEsWLf7godP05eoegdzH+L2L6O
+pCTaobPGU6e73x/cLzRf/AbxYXwI4ELTJ6gpldBJ9OGbO0DvpzR8oWI6mg3UlEXJ
+ZAoG7mp4cDo0sza7Dz/fMLWla51Vx7vV8MTajKxTjoJrTweMl18QxN1En73SvygJ
+iphy6R1u/niLYMx/HxyyvEERgRL3Bsg5orFEiV+a9sGp0SdQtc5tDQww4WOVx5Qg
+03k28pKwSd8+S/6Q6o8+HQgQvSF/fYijE/sk0H9RQdQYUIAKnGdRGILTMu540n/R
+rQFB6pjPhOoo5LB6DSEOpB0eRaZn+H40rg8E9F7dXrMR6q9WsyVWMdCkosLqxmVy
+kwsp+iTOMOmOx37EpxYCXtIeYazMoaL9fKYjnaN6kt4CxvlCGLpxTnNMNtCHoU9N
+3bQZ5RxBa+R0l6xzMvwpkuCQEa59SdfOwo5uCUTgGTMm5hsJ060LW4Vupg==
+=P1HS
-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/test_crypto.py b/tests/test_crypto.py
index bb55d2203..dbbcfd630 100644
--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
@@ -30,7 +30,7 @@ import dnf.yum.misc
import tests.support
-FINGERPRINT = '0BE49FAF9C955F4F1A98D14B24362A8492530C8E'
+FINGERPRINT = '88FBCE424BA9952A141A6A297B5443AEAA6F01F3'
KEYFILE = tests.support.resource_path('keys/key.pub')
KEYFILE_URL = 'file://%s' % KEYFILE
@@ -53,11 +53,11 @@ class CryptoTest(tests.support.TestCase):
def test_keyids_from_pubring(self):
ids = dnf.crypto.keyids_from_pubring(self.PUBRING_DIR)
- self.assertIn('24362A8492530C8E', ids)
+ self.assertIn('7B5443AEAA6F01F3', ids)
def test_printable_fingerprint(self):
self.assertEqual(dnf.crypto._printable_fingerprint(FINGERPRINT),
- '0BE4 9FAF 9C95 5F4F 1A98 D14B 2436 2A84 9253 0C8E')
+ '88FB CE42 4BA9 952A 141A 6A29 7B54 43AE AA6F 01F3')
def test_pubring_dir(self):
self.assertNotEqual(os.environ.get('GNUPGHOME'), self.PUBRING_DIR)
@@ -68,10 +68,10 @@ class CryptoTest(tests.support.TestCase):
with open(KEYFILE, 'rb') as keyfile:
info = dnf.crypto.rawkey2infos(keyfile)[0]
self.assertEqual(info.fingerprint, FINGERPRINT)
- self.assertEqual(info.short_id, '92530C8E')
- self.assertEqual(info.rpm_id, '92530c8e')
- self.assertIn(b'Frmy6HXUL\n', info.raw_key)
- self.assertEqual(info.timestamp, 1408534646)
+ self.assertEqual(info.short_id, 'AA6F01F3')
+ self.assertEqual(info.rpm_id, 'aa6f01f3')
+ self.assertIn(b'E4bO2zVZwe\n', info.raw_key)
+ self.assertEqual(info.timestamp, 1721738657)
self.assertEqual(info.userid, 'Dandy Fied <dnf@example.com>')
def test_retrieve(self):
--
2.45.2

98
SOURCES/0006-Add-detection-for-ostree-based-systems-and-warn-user.patch
Unescape View File

@ -0,0 +1,98 @@
From b00c7171f58dbbda3df4bf5f2e65cbc7eff37a5b Mon Sep 17 00:00:00 2001
From: David Cantrell <dcantrell@redhat.com>
Date: Thu, 15 Feb 2024 14:03:32 -0500
Subject: [PATCH] Add detection for ostree-based systems and warn users about
losing changes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Upstream commit: 5c050ba2324c5fb95bf0e0501c7925f38f6a09dc
On ostree-based systems, users can use dnf to customize the
environment but those changes will be lost at the next ostree-based
image update. If you want to retain changes between ostree-updates
you need to make use of rpm-ostree right now.
Signed-off-by: David Cantrell <dcantrell@redhat.com>
Resolves: https://issues.redhat.com/browse/RHEL-49671
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
dnf/cli/cli.py | 9 +++++++++
dnf/util.py | 31 +++++++++++++++++++++++++++++++
2 files changed, 40 insertions(+)
diff --git a/dnf/cli/cli.py b/dnf/cli/cli.py
index 1824bd00e..c14f83639 100644
--- a/dnf/cli/cli.py
+++ b/dnf/cli/cli.py
@@ -214,6 +214,15 @@ class BaseCli(dnf.Base):
elif 'test' in self.conf.tsflags:
logger.info(_("{prog} will only download packages, install gpg keys, and check the "
"transaction.").format(prog=dnf.util.MAIN_PROG_UPPER))
+ if dnf.util.is_container():
+ _container_msg = _("""
+*** This system is managed with ostree. Changes to the system
+*** made with dnf will be lost with the next ostree-based update.
+*** If you do not want to lose these changes, use 'rpm-ostree'.
+""")
+ logger.info(_container_msg)
+ raise CliError(_("Operation aborted."))
+
if self._promptWanted():
if self.conf.assumeno or not self.output.userconfirm():
raise CliError(_("Operation aborted."))
diff --git a/dnf/util.py b/dnf/util.py
index 6cd7ad41f..1b465bda5 100644
--- a/dnf/util.py
+++ b/dnf/util.py
@@ -33,11 +33,13 @@ import errno
import functools
import hawkey
import itertools
+import json
import locale
import logging
import os
import pwd
import shutil
+import subprocess
import sys
import tempfile
import time
@@ -639,3 +641,32 @@ def _is_file_pattern_present(specs):
if subj._filename_pattern:
return True
return False
+
+
+def is_container():
+ """Returns true is the system is managed as an immutable container,
+ false otherwise. If msg is True, a warning message is displayed
+ for the user.
+ """
+
+ bootc = '/usr/bin/bootc'
+ ostree = '/sysroot/ostree'
+
+ if os.path.isfile(bootc) and os.access(bootc, os.X_OK):
+ p = subprocess.Popen([bootc, "status", "--json"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ (out, err) = p.communicate()
+
+ if p.returncode == 0:
+ # check the output of 'bootc status'
+ j = json.loads(out)
+
+ # XXX: the API from bootc status is evolving
+ status = j.get("status", "")
+ kind = j.get("kind", "")
+
+ if kind.lower() == "bootchost" and bool(status.get("isContainer", None)):
+ return True
+ elif os.path.isdir(ostree):
+ return True
+
+ return False
--
2.46.2

106
SOURCES/0007-Update-ostree-bootc-host-system-check.patch
Unescape View File

@ -0,0 +1,106 @@
From e2dbb97b9e13a73c47dd59827d7f2214bbdde99f Mon Sep 17 00:00:00 2001
From: Joseph Marrero <jmarrero@redhat.com>
Date: Tue, 16 Jul 2024 15:48:41 -0400
Subject: [PATCH] Update ostree/bootc host system check.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Upstream commit: 6120fe52511775b60b6031d4169988c025610ab5
This changes the is_container() func for _is_bootc_host()
and updates the logic and message. This should detect on
all ostree and bootc hosts to date that are not using
bootc usroverlay or ostree admin unlock for development
purposes.
Resolves: https://issues.redhat.com/browse/RHEL-49671
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
dnf/cli/cli.py | 11 +++++------
dnf/util.py | 33 ++++++++-------------------------
2 files changed, 13 insertions(+), 31 deletions(-)
diff --git a/dnf/cli/cli.py b/dnf/cli/cli.py
index c14f83639..83b190026 100644
--- a/dnf/cli/cli.py
+++ b/dnf/cli/cli.py
@@ -214,13 +214,12 @@ class BaseCli(dnf.Base):
elif 'test' in self.conf.tsflags:
logger.info(_("{prog} will only download packages, install gpg keys, and check the "
"transaction.").format(prog=dnf.util.MAIN_PROG_UPPER))
- if dnf.util.is_container():
- _container_msg = _("""
-*** This system is managed with ostree. Changes to the system
-*** made with dnf will be lost with the next ostree-based update.
-*** If you do not want to lose these changes, use 'rpm-ostree'.
+ if dnf.util._is_bootc_host():
+ _bootc_host_msg = _("""
+*** Error: system is configured to be read-only; for more
+*** information run `bootc status` or `ostree admin status`.
""")
- logger.info(_container_msg)
+ logger.info(_bootc_host_msg)
raise CliError(_("Operation aborted."))
if self._promptWanted():
diff --git a/dnf/util.py b/dnf/util.py
index 1b465bda5..1ba2e27ff 100644
--- a/dnf/util.py
+++ b/dnf/util.py
@@ -33,13 +33,11 @@ import errno
import functools
import hawkey
import itertools
-import json
import locale
import logging
import os
import pwd
import shutil
-import subprocess
import sys
import tempfile
import time
@@ -643,30 +641,15 @@ def _is_file_pattern_present(specs):
return False
-def is_container():
+def _is_bootc_host():
"""Returns true is the system is managed as an immutable container,
false otherwise. If msg is True, a warning message is displayed
for the user.
"""
-
- bootc = '/usr/bin/bootc'
- ostree = '/sysroot/ostree'
-
- if os.path.isfile(bootc) and os.access(bootc, os.X_OK):
- p = subprocess.Popen([bootc, "status", "--json"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
- (out, err) = p.communicate()
-
- if p.returncode == 0:
- # check the output of 'bootc status'
- j = json.loads(out)
-
- # XXX: the API from bootc status is evolving
- status = j.get("status", "")
- kind = j.get("kind", "")
-
- if kind.lower() == "bootchost" and bool(status.get("isContainer", None)):
- return True
- elif os.path.isdir(ostree):
- return True
-
- return False
+ ostree_booted = '/run/ostree-booted'
+ usr = '/usr/'
+ # Check if usr is writtable and we are in a running ostree system.
+ # We want this code to return true only when the system is in locked state. If someone ran
+ # bootc overlay or ostree admin unlock we would want normal DNF path to be ran as it will be
+ # temporary changes (until reboot).
+ return os.path.isfile(ostree_booted) and not os.access(usr, os.W_OK)
--
2.46.2

32
SOURCES/0008-Update-bootc-hosts-message-to-point-to-bootc-help.patch
Unescape View File

@ -0,0 +1,32 @@
From 15aedf5f4e70695e7801c80498d4da52e49ac626 Mon Sep 17 00:00:00 2001
From: Joseph Marrero <jmarrero@redhat.com>
Date: Mon, 22 Jul 2024 15:33:32 -0400
Subject: [PATCH] Update bootc hosts message to point to bootc --help
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Upstream commit: e2535589ce16bc36b96b37369502a3c312f6056a
Resolves: https://issues.redhat.com/browse/RHEL-49671
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
dnf/cli/cli.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dnf/cli/cli.py b/dnf/cli/cli.py
index 83b190026..0eda2c8cb 100644
--- a/dnf/cli/cli.py
+++ b/dnf/cli/cli.py
@@ -217,7 +217,7 @@ class BaseCli(dnf.Base):
if dnf.util._is_bootc_host():
_bootc_host_msg = _("""
*** Error: system is configured to be read-only; for more
-*** information run `bootc status` or `ostree admin status`.
+*** information run `bootc --help`.
""")
logger.info(_bootc_host_msg)
raise CliError(_("Operation aborted."))
--
2.46.2

47
SOURCES/0009-Allow-installroot-on-read-only-bootc-system.patch
Unescape View File

@ -0,0 +1,47 @@
From ff86cee7cf33f44e4b10538ceeee5f284d6735ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Thu, 15 Aug 2024 14:04:55 +0200
Subject: [PATCH] Allow --installroot on read-only bootc system
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Upstream commit: a1aa8d0e048751859a2bec1b2fb12fcca93c6e83
Some people use --installroot on a read-only bootc system to install
a system into a chroot subtree. However, current bootc check did not
take into account --installroot and rejected the operation.
This patch augments the check for the installroot being different
from /.
It's pointless to check for installroot writability here because
installroot is written before this check when updating the
repositories and computing a transaction. Moving this check sooner
would not help because some directories (/opt, /) are kept read-only
even on writable bootc.
Resolves: #2108
Resolves: https://issues.redhat.com/browse/RHEL-49671
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
dnf/cli/cli.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/dnf/cli/cli.py b/dnf/cli/cli.py
index 0eda2c8cb..008262ea0 100644
--- a/dnf/cli/cli.py
+++ b/dnf/cli/cli.py
@@ -214,7 +214,8 @@ class BaseCli(dnf.Base):
elif 'test' in self.conf.tsflags:
logger.info(_("{prog} will only download packages, install gpg keys, and check the "
"transaction.").format(prog=dnf.util.MAIN_PROG_UPPER))
- if dnf.util._is_bootc_host():
+ if dnf.util._is_bootc_host() and \
+ os.path.realpath(self.conf.installroot) == "/":
_bootc_host_msg = _("""
*** Error: system is configured to be read-only; for more
*** information run `bootc --help`.
--
2.46.2

40
SOURCES/0010-Allow-downloadonly-on-read-only-bootc-system.patch
Unescape View File

@ -0,0 +1,40 @@
From 86bc1d60e1b8188ca5a682974d734ac3a0cdc102 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Thu, 10 Oct 2024 10:57:48 +0200
Subject: [PATCH] Allow --downloadonly on read-only bootc system
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Upstream commit: 8d888d26e6da27ba37243d7504eb42472f389bde
"dnf install --downloadonly" failed on read-only bootc system despite
not running the transaction. The downloaded packages are stored under
writable /var or to a directory explicitly choosen by a user.
This patch suppresses the bootc read-only bailout if --downloadonly
option is used.
https://issues.redhat.com/browse/RHEL-62028
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
dnf/cli/cli.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/dnf/cli/cli.py b/dnf/cli/cli.py
index 008262ea0..d3844df34 100644
--- a/dnf/cli/cli.py
+++ b/dnf/cli/cli.py
@@ -215,7 +215,8 @@ class BaseCli(dnf.Base):
logger.info(_("{prog} will only download packages, install gpg keys, and check the "
"transaction.").format(prog=dnf.util.MAIN_PROG_UPPER))
if dnf.util._is_bootc_host() and \
- os.path.realpath(self.conf.installroot) == "/":
+ os.path.realpath(self.conf.installroot) == "/" and \
+ not self.conf.downloadonly:
_bootc_host_msg = _("""
*** Error: system is configured to be read-only; for more
*** information run `bootc --help`.
--
2.47.0

2990
SPECS/dnf.spec
View File

File diff suppressed because it is too large Load Diff
Write Preview
Loading…
Cancel
Save