Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libzypp-plugin-appdata for
openSUSE:Factory checked in at 2023-01-20 17:37:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libzypp-plugin-appdata (Old)
and /work/SRC/openSUSE:Factory/.libzypp-plugin-appdata.new.32243 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libzypp-plugin-appdata"
Fri Jan 20 17:37:42 2023 rev:25 rq:1059022 version:1.0.1+git.20230117
Changes:
--------
---
/work/SRC/openSUSE:Factory/libzypp-plugin-appdata/libzypp-plugin-appdata.changes
2022-08-17 18:20:04.422795714 +0200
+++
/work/SRC/openSUSE:Factory/.libzypp-plugin-appdata.new.32243/libzypp-plugin-appdata.changes
2023-01-20 17:37:44.412209273 +0100
@@ -1,0 +2,12 @@
+Tue Jan 17 12:02:21 UTC 2023 - dims...@opensuse.org
+
+- Update to version 1.0.1+git.20230117:
+ * InstallAppdata: use subprocess.run instead of os.system (CVE-2023-22643)
+
+-------------------------------------------------------------------
+Tue Jan 17 11:07:35 UTC 2023 - dims...@opensuse.org
+
+- Update to version 1.0.1+git.20220909:
+ * Add dist directory, for openSUSE packaging
+
+-------------------------------------------------------------------
Old:
----
openSUSE-appstream-1.0.1+git.20220816.tar.xz
New:
----
openSUSE-appstream-1.0.1+git.20230117.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libzypp-plugin-appdata.spec ++++++
--- /var/tmp/diff_new_pack.3Enuao/_old 2023-01-20 17:37:45.008212570 +0100
+++ /var/tmp/diff_new_pack.3Enuao/_new 2023-01-20 17:37:45.012212592 +0100
@@ -1,7 +1,7 @@
#
# spec file for package libzypp-plugin-appdata
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: libzypp-plugin-appdata
-Version: 1.0.1+git.20220816
+Version: 1.0.1+git.20230117
Release: 0
Summary: libzypp extension to handle AppStream metadata
License: CC0-1.0 AND MIT
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.3Enuao/_old 2023-01-20 17:37:45.064212880 +0100
+++ /var/tmp/diff_new_pack.3Enuao/_new 2023-01-20 17:37:45.068212901 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/DimStar77/openSUSE-appstream.git</param>
- <param
name="changesrevision">39008e0c9df9f404666d7979e4b166840be6c436</param></service></servicedata>
+ <param
name="changesrevision">e7c9645b8b2182fd50d6f1945316ac24ce4289c9</param></service></servicedata>
(No newline at EOF)
++++++ openSUSE-appstream-1.0.1+git.20220816.tar.xz ->
openSUSE-appstream-1.0.1+git.20230117.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/openSUSE-appstream-1.0.1+git.20220816/InstallAppdata.py
new/openSUSE-appstream-1.0.1+git.20230117/InstallAppdata.py
--- old/openSUSE-appstream-1.0.1+git.20220816/InstallAppdata.py 2022-08-16
14:17:09.000000000 +0200
+++ new/openSUSE-appstream-1.0.1+git.20230117/InstallAppdata.py 2023-01-17
12:06:31.000000000 +0100
@@ -23,6 +23,7 @@
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
import os
+import subprocess
import sys
import glob
@@ -30,7 +31,7 @@
for oldappdata in glob.glob('/var/cache/app-info/xmls/*.xml.gz'):
appdata=os.path.basename(oldappdata).strip('.xml.gz')
- os.system("/usr/bin/appstream-util uninstall \"%s\"" % appdata)
+ subprocess.run(["/usr/bin/appstream-util", "uninstall", appdata])
# Install new appdata files - libzypp calls us with 6 parameters per repo:
# -R REPO_ALIAS -t REPO_TYPE -p REPO_METADATA_PATH [-R NEXT_REPO....]
@@ -39,7 +40,7 @@
try:
while args[0] == "-R":
- os.system("/usr/lib/AsHelper install %s %s %s %s %s %s" % (args[0],
args[1], args[2], args[3], args[4], args[5]))
+ subprocess.run(["/usr/lib/AsHelper", "install", args[0], args[1], args[2],
args[3], args[4], args[5]])
args=args[6:]
except IndexError:
pass
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/openSUSE-appstream-1.0.1+git.20220816/dist/libzypp-plugin-appdata-rpmlintrc
new/openSUSE-appstream-1.0.1+git.20230117/dist/libzypp-plugin-appdata-rpmlintrc
---
old/openSUSE-appstream-1.0.1+git.20220816/dist/libzypp-plugin-appdata-rpmlintrc
1970-01-01 01:00:00.000000000 +0100
+++
new/openSUSE-appstream-1.0.1+git.20230117/dist/libzypp-plugin-appdata-rpmlintrc
2023-01-17 12:06:31.000000000 +0100
@@ -0,0 +1,4 @@
+# W: shlib-policy-missing-lib: false positive: this integrates with libzypp,
name is correct
+addFilter("shlib-policy-missing-lib");
+# W: suse-missing-rclink: the service is not meant to be manually started,
hence the rcFOO link makes no sense
+addFilter("suse-missing-rclink");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/openSUSE-appstream-1.0.1+git.20220816/dist/libzypp-plugin-appdata.changes
new/openSUSE-appstream-1.0.1+git.20230117/dist/libzypp-plugin-appdata.changes
---
old/openSUSE-appstream-1.0.1+git.20220816/dist/libzypp-plugin-appdata.changes
1970-01-01 01:00:00.000000000 +0100
+++
new/openSUSE-appstream-1.0.1+git.20230117/dist/libzypp-plugin-appdata.changes
2023-01-17 12:06:31.000000000 +0100
@@ -0,0 +1,254 @@
+-------------------------------------------------------------------
+Thu Sep 8 13:36:20 UTC 2022 - Dominique Leuenberger <dims...@opensuse.org>
+
+- Convert to a git-remote asset based package.
+
+-------------------------------------------------------------------
+Tue Aug 16 12:19:30 UTC 2022 - dims...@opensuse.org
+
+- Update to version 1.0.1+git.20220816:
+ * Drop call to appstreamcli refresh
+ * Added hardening to systemd service (bsc#1181400)
+ * Typo fix for command help
+- Drop harden_appstream-sync-cache.service.patch: fixed upstream.
+- Drop Appstream recommends: no longer needed, as we no longer call
+ appstreamcli.
+
+-------------------------------------------------------------------
+Tue Oct 5 09:12:00 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+ * harden_appstream-sync-cache.service.patch
+
+-------------------------------------------------------------------
+Fri Sep 4 12:46:34 UTC 2020 - Dominique Leuenberger <dims...@opensuse.org>
+
+- Install ASHelper to %{_prefix}/lib: the scripts hardcode this
+ path.
+
+-------------------------------------------------------------------
+Thu Mar 28 12:54:44 UTC 2019 - Dominique Leuenberger <dims...@opensuse.org>
+
+- Only Recommend instead of require AppStream: Allow distros like
+ SLE not to ship AppStream as part of the main channel, but only
+ in PK for example. SLE only ships GNOME Software, which does not
+ rely on the xapian database, so we don't need this cache being
+ refreshed. On SLE+PH or openSUSE, we also have KDE Discover,
+ where xapian becomes a topic (boo#1125898).
+
+-------------------------------------------------------------------
+Mon Apr 30 15:16:07 UTC 2018 - jeng...@inai.de
+
+- Switch summary to a noun phrase.
+
+-------------------------------------------------------------------
+Thu Apr 26 08:01:48 UTC 2018 - dims...@opensuse.org
+
+- Update to version 1.0.1+git.20180426:
+ * systemd-service: we only need local filesystem, no network.
+
+-------------------------------------------------------------------
+Wed Apr 25 16:03:37 UTC 2018 - dims...@opensuse.org
+
+- Update to version 1.0.1+git.20180425:
+ * Rewrite InstallAppdata in python, having slightly better
+ control over the execution
+ * Add systemd service to resync the repodata cache (boo#1009745).
+
+-------------------------------------------------------------------
+Fri Apr 20 13:45:17 UTC 2018 - dims...@opensuse.org
+
+- Drop the post scriptlet attempting to fix boo#1009745: at the
+ time this script is executed on a fresh install, the repos are
+ not yet setup in the chroot, resulting in the zypper lr call to
+ fail and the AS data still not being initialzied.
+
+-------------------------------------------------------------------
+Tue Mar 27 11:26:55 UTC 2018 - dims...@opensuse.org
+
+- Update to version 1.0.1+git.20180327:
+ * AsHelper: normalize the repo alias names
+
+-------------------------------------------------------------------
+Tue Mar 27 08:27:00 UTC 2018 - dims...@opensuse.org
+
+- Start zypper lr with ZYPP_PLUGIN_APPDATA_FORCE_COLLECT=1 post
+ installation (boo#1009745).
+- Add relevant Requires(post) to ensure packages are installed in
+ the right order:
+ + appstream-glib >= 0.3.6
+ + python3-cmdln
+ + python3-createrepo_c
+ + libzypp >= 16.13.1
+ + zypper
+
+-------------------------------------------------------------------
+Wed Mar 21 19:15:14 UTC 2018 - dims...@opensuse.org
+
+- Update to version 1.0.1+git.20180321:
+ * ZYpp AsHelper: install AS data into system cache: new python
+ helper to be a bit smarter (part of boo#996896).
+
+-------------------------------------------------------------------
+Wed Feb 28 16:36:57 UTC 2018 - dims...@opensuse.org
+
+- Modernize spec-file by calling spec-cleaner
+
+-------------------------------------------------------------------
+Wed Oct 4 09:39:20 UTC 2017 - dleuenber...@suse.com
+
+- Do not consider appdata-ignore.xml.gz as appdata to be installed.
+
+-------------------------------------------------------------------
+Fri Jul 14 08:49:26 UTC 2017 - dims...@opensuse.org
+
+- Bump version to 1.0.1+git.20170629: We were originally at 1.0.1
+ before switching to a git based source service, then 'downgraded'
+ to 1.0+git, which was a mistake.
+
+-------------------------------------------------------------------
+Wed Jun 28 11:55:21 UTC 2017 - dims...@opensuse.org
+
+- Update to version 1.0+git.20150408:
+ + Drop the irrelevant LICENSE file from git.
+- Update License tag to be MIT (InstallAppdata.sh) AND CC0-1.0 (the
+ appdata metafiles).
+
+-------------------------------------------------------------------
+Mon Jun 26 15:02:47 UTC 2017 - dims...@opensuse.org
+
+- Provide 'appstream-provider': we might want to implement
+ different methods of providing AppStream metadata to
+ applications, and the frontends should not have to care about the
+ technical details in the background. Software Centers like GNOME
+ Software and Discover are supposed to use the new symbol.
+
+-------------------------------------------------------------------
+Fri Jun 23 12:21:44 UTC 2017 - dims...@opensuse.org
+
+- Update InstallAppdata.sh: use appstreamcli refresh-cache instead
+ of refresh-index (boo#1044114).
+- Drop GNOME software mention from the description. There are other
+ frontends out there by now.
+
+-------------------------------------------------------------------
+Fri Jul 15 07:25:08 UTC 2016 - dims...@opensuse.org
+
+- InstallAppdata.sh: do not stumble over the presence of the
+ appdata-failed.xml.gz file: this is for debug purpose and does
+ not contain valid applications (boo#989031).
+- Add awk Requires, as the latest modification relies on awk to
+ find the right filenames.
+
+-------------------------------------------------------------------
+Tue May 3 14:13:12 UTC 2016 - dims...@opensuse.org
+
+- InstallAppdata.sh: prepare for YaST type repositories to receive
+ appdata.xml.gz and appdata-icons.tar.gz with a hashed filename in
+ order to allow mirrorbrain to distribute it.
+
+-------------------------------------------------------------------
+Fri Feb 5 13:36:42 UTC 2016 - tittiatc...@gmail.com
+
+- Expand the InstallAppdata.sh so that it (re)builds the Xapian
+ database for the available appdata. This Xapian database is
+ required by the KDE tools (Muon/Discover) to show the
+ installed software
+ * Add Requires on AppStream package as that this provides the
+ appstreamcli binary
+
+-------------------------------------------------------------------
+Fri May 8 20:08:01 UTC 2015 - dims...@opensuse.org
+
+- Fix installation of rpm-md provided metadata (expanding globs
+ inside quotes does not work).
+
+-------------------------------------------------------------------
+Thu Apr 23 07:23:16 UTC 2015 - dims...@opensuse.org
+
+- No need to validate appdata.xml.gz in a yast2 repo: those are
+ created by kiwi, which in turn spanws appstream-builder: we can
+ trust that it creates valid enough metadata.
+
+-------------------------------------------------------------------
+Tue Apr 7 11:42:52 UTC 2015 - dims...@opensuse.org
+
+- Move openSUSE-appstream-process to appstream-glib package, as
+ updating one often means a change in the other anyway.
+- Rename openSUSE-appstream-extra to openSUSE-appdata-extra, to
+ better reflect what content to expect in this package (after the
+ github reorganisation).
+
+-------------------------------------------------------------------
+Thu Apr 2 13:38:08 UTC 2015 - dims...@opensuse.org
+
+- InstallAppdata.sh: pass --nonet to appstream-util when
+ validating appstream.xml.gz.
+
+-------------------------------------------------------------------
+Tue Mar 31 13:41:00 UTC 2015 - dims...@opensuse.org
+
+- InstallAppdata.sh: only install AppStream metadata, that
+ validates.
+
+-------------------------------------------------------------------
+Fri Mar 20 12:55:38 UTC 2015 - dims...@opensuse.org
+
+- Re-enable the actual libzypp plugin in place of shipping a static
+ version of appstream metadata (last updated for 13.2). We can do
+ this, as Tumbleweed now produces valid metadata. 3rd party repos
+ are not yet able to produce valid metadata it seems.
+
+-------------------------------------------------------------------
+Tue Mar 17 13:14:07 UTC 2015 - dims...@opensuse.org
+
+- Pass --include-failed to appstream-builder (requires apb 0.3.5).
+
+-------------------------------------------------------------------
+Fri Mar 13 13:19:07 UTC 2015 - dims...@opensuse.org
+
+- Require openSUSE-appstream-extra by openSUSE-appstream-process:
+ Having the extra appstream metadata available will allow the
+ builder to get better results.
+
+-------------------------------------------------------------------
+Fri Jan 23 12:50:11 UTC 2015 - opensuse-packag...@opensuse.org
+
+- Preparations on the way to get AppStream metadata produced in a
+ more conform way.
+- Add new subpackages:
+ + openSUSE-appstream-extras:
+ - Contains additional appstream metadata to assist upstreams
+ not yet shipping their own .appdata.xml file.
+ + openSUSE-appstream-process:
+ - The processor is an attempt to be used by kiwi to produce
+ valid appstream metadata.
+
+-------------------------------------------------------------------
+Wed Jan 21 17:53:41 UTC 2015 - dims...@opensuse.org
+
+- Update InstallAppdata.sh: the yast2 metadata structure got a
+ slight change with the switch to appstream-builder.
+
+-------------------------------------------------------------------
+Wed Nov 5 15:49:01 UTC 2014 - dims...@opensuse.org
+
+- Update License to MIT, which matches the header in
+ InstallAppdata.sh.
+
+-------------------------------------------------------------------
+Wed Oct 29 16:48:05 UTC 2014 - dims...@opensuse.org
+
+- Bump version of libzypp-plugin-appdata to 1.0.1:
+ + Disable the automatic metadata update mechanism, openSUSE 13.2
+ metadata quality is not ready for this.
+ + Inject offline generated metadata into the system, so that
+ gnome-software has usable metadata.
+
+-------------------------------------------------------------------
+Wed Oct 29 16:05:15 UTC 2014 - dims...@opensuse.org
+
+- Split out of gnome-software, to be able to easier maintain
+ updates.
+
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/openSUSE-appstream-1.0.1+git.20220816/dist/libzypp-plugin-appdata.spec
new/openSUSE-appstream-1.0.1+git.20230117/dist/libzypp-plugin-appdata.spec
--- old/openSUSE-appstream-1.0.1+git.20220816/dist/libzypp-plugin-appdata.spec
1970-01-01 01:00:00.000000000 +0100
+++ new/openSUSE-appstream-1.0.1+git.20230117/dist/libzypp-plugin-appdata.spec
2023-01-17 12:06:31.000000000 +0100
@@ -0,0 +1,107 @@
+#
+# spec file for package libzypp-plugin-appdata
+#
+# Copyright (c) 2022 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name: libzypp-plugin-appdata
+Version: 1.0.1+git.20220908
+Release: 0
+Summary: libzypp extension to handle AppStream metadata
+License: CC0-1.0 AND MIT
+Group: System/Libraries
+URL: https://wiki.gnome.org/Design/Apps/Software
+#!RemoteAssetUrl: git+https://github.com/DimStar77/openSUSE-appstream
+Source99: libzypp-plugin-appdata-rpmlintrc
+# appstream-glib >= 0.3.6 is the first to correctly to appstream-util
uninstall in /var/cache
+Requires: appstream-glib >= 0.3.6
+# appdata hook was introduced in libzypp 14.29.4
+Requires: libzypp >= 14.29.4
+# AsHelper is a python program with few dependencies
+Requires: python3-cmdln
+Requires: python3-createrepo_c
+Requires(post): appstream-glib >= 0.3.6
+# libzypp 16.13.1 was the version gaingin support for
ZYPP_PLUGIN_APPDATA_FORCE_COLLECT
+Requires(post): libzypp >= 16.13.1
+Requires(post): python3-cmdln
+Requires(post): python3-createrepo_c
+Requires(post): zypper
+# This is one way of providing valid appstream metadata to applications
(currently the only implemented one)
+Provides: appstream-provider
+BuildArch: noarch
+
+%description
+This plugin extends libzypp to install AppStream metadata, as extracted from
the
+repository metadata, onto the file system in order to be picked up by
+software centers.
+
+%package -n openSUSE-appdata-extra
+Summary: Additional Appstream Metadata
+License: CC0-1.0
+Group: Metapackages
+
+%description -n openSUSE-appdata-extra
+This package contains extra appstream metadata to be used by appstream-builder
+
+%prep
+%autosetup -p1 -n openSUSE-appstream -c -T
+cp -a %{_sourcedir}/openSUSE-appstream/* .
+
+%build
+
+%install
+# install the additional appstream metadata
+install -m 0755 -d %{buildroot}%{_datadir}/appdata-extra
+cp appdata-extra/*/* %{buildroot}%{_datadir}/appdata-extra/
+
+# Install AppData zypp plugin
+install -Dm 0755 InstallAppdata.py
%{buildroot}%{_prefix}/lib/zypp/plugins/appdata/InstallAppdata
+install -Dm 0755 AsHelper.py %{buildroot}%{_prefix}/lib/AsHelper
+
+# Install zypper helper command
+install -Dm 0755 zypper-appstream-cache
%{buildroot}%{_prefix}/lib/zypper/commands/zypper-appstream-cache
+
+# Install the systemd service, which triggers when /var/cache/app-info/xmls
does not yet exist during a boot
+install -dm 0755 %{buildroot}%{_unitdir}
+install -m 0644 appstream-sync-cache.service %{buildroot}%{_unitdir}
+
+%preun
+%service_del_preun appstream-sync-cache.service
+
+%pre
+%service_add_pre appstream-sync-cache.service
+
+%post
+%service_add_post appstream-sync-cache.service
+
+%postun
+%service_del_postun appstream-sync-cache.service
+
+%files
+# zypp plugin triggering AppData update on repo refresh
+%dir %{_prefix}/lib/zypp
+%dir %{_prefix}/lib/zypp/plugins
+%dir %{_prefix}/lib/zypp/plugins/appdata/
+%{_prefix}/lib/zypp/plugins/appdata/InstallAppdata
+%dir %{_prefix}/lib/zypper
+%dir %{_prefix}/lib/zypper/commands
+%{_prefix}/lib/zypper/commands/zypper-appstream-cache
+%{_prefix}/lib/AsHelper
+%{_unitdir}/appstream-sync-cache.service
+
+%files -n openSUSE-appdata-extra
+%{_datadir}/appdata-extra/
+
+%changelog
