[Rpm-maint] [rpm-software-management/rpm] New RPM doesn't like Amazon Linux 2023 signing key (Issue #2680)
The amazon linux 2023 signing key upsets newer RPMs (such as in Fedora 38). The key can be found here: https://raw.githubusercontent.com/xsuchy/distribution-gpg-keys/main/keys/amazon-linux/RPM-GPG-KEY-amazon-linux-2023 sq seems to like it enough: ``` sq inspect RPM-GPG-KEY-amazon-linux-2023 RPM-GPG-KEY-amazon-linux-2023: OpenPGP Certificate. Fingerprint: B21C50FA44A99720EAA72F7FE951904AD832C631 Public-key algo: RSA (Encrypt or Sign) Public-key size: 4096 bits Creation time: 2022-12-08 16:14:49 UTC UserID: Amazon Linux ``` But trying to import it results in: ``` $ sudo rpm --import RPM-GPG-KEY-amazon-linux-2023 warning: Certificate E951904AD832C631: Certificate does not have any usable signing keys ``` and `rpm` also refuses to open any Amazon Linux 2023 packages (which effectively breaks using `mkosi` (which I'm trying to add AL2023 support to) from a recent Fedora or even Ubuntu): ``` $ rpm -qpi bash-5.2.15-1.amzn2023.0.2.x86_64.rpm error: Verifying a signature using certificate B21C50FA44A99720EAA72F7FE951904AD832C631 (Amazon Linux ): Key E951904AD832C631 invalid: not signing capable error: bash-5.2.15-1.amzn2023.0.2.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID d832c631: BAD error: bash-5.2.15-1.amzn2023.0.2.x86_64.rpm: not an rpm package (or package manifest) ``` This RPM can be obtained here: https://cdn.amazonlinux.com/al2023/core/guids/9cf1057036ef7d615de550a658447fad88617805da0cfc9b854ba0fb8a668466/x86_64/../../../../blobstore/7788b494301e4b43761962716e25f799cf4411e74e472772714a58e7dc08f1b4/bash-5.2.15-1.amzn2023.0.2.x86_64.rpm The RPMs are signed using a custom internal solution, so we might have an issue with our signatures format but I am concerned that the key itself already seems to upset rpm. I'm not a PGP expert, so any advice here would be welcome. Unfortunately I don't see any way for us to replace the key and re-sign all our packages :-( -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2680 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] WIP: Use Python Stable ABI for the bindings (PR #2674)
> With CMake 3.26+, stable ABI will be used by default. This is fine, we can work in subsequent PRs to handle it internally for older CMake versions. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2674#issuecomment-1738117094 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] SOURCE_DATE_EPOCH=0 not clamping file mtime (Issue #2679)
Looking at the commits, it's likely https://github.com/rpm-software-management/rpm/commit/11132fc21fb01ed63c621d852bc081a914d4f021, ping @pmatilai -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2679#issuecomment-1737985106 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
[Rpm-maint] [rpm-software-management/rpm] SOURCE_DATE_EPOCH=0 not clamping file mtime (Issue #2679)
Here a simple reproducer: ``` Name:test Version: 1 Release: 1 Summary: test SOURCE_DATE_EPOCH=0 License: GPLv2 %global source_date_epoch_from_changelog 0 %global clamp_mtime_to_source_date_epoch 1 %global use_source_date_epoch_as_buildtime 1 %description %build echo "this is a test" > 0.txt %install %{__install} -m 644 -D 0.txt %{buildroot}/0.txt %files /0.txt ``` ``` $ SOURCE_DATE_EPOCH=0 rpmbuild -bb test.spec $ rpm -q --dump ~/rpmbuild/RPMS/x86_64/test-1-1.x86_64.rpm /0.txt 15 1695843332 91751cee0a1ab8414400238a761411daa29643ab4b8243e9a91649e25be53ada 0100644 root root 0 0 0 X $ rpm -qi ~/rpmbuild/RPMS/x86_64/test-1-1.x86_64.rpm Build Date : Wed Dec 31 19:00:00 1969 ``` It works fine with SOURCE_DATE_EPOCH=1 ``` $ SOURCE_DATE_EPOCH=1 rpmbuild -bb test.spec $ rpm -q --dump ~/rpmbuild/RPMS/x86_64/test-1-1.x86_64.rpm /0.txt 15 1 91751cee0a1ab8414400238a761411daa29643ab4b8243e9a91649e25be53ada 0100644 root root 0 0 0 X ``` This is an issue on both Fedora 38 (rpm-4.18.1-3.fc38.x86_64) and Alma 9 (rpm-4.16.1.3-22.el9.x86_64) It works fine on Alma 8 (rpm-4.14.3-26.el8.x86_64) ``` $ SOURCE_DATE_EPOCH=0 rpmbuild -bb test.spec $ rpm -q --dump ~/rpmbuild/RPMS/x86_64/test-1-1.x86_64.rpm /0.txt 15 0 91751cee0a1ab8414400238a761411daa29643ab4b8243e9a91649e25be53ada 0100644 root root 0 0 0 X ``` -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2679 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
[Rpm-maint] [rpm-software-management/rpm] RFE: automatically sign packages on build (Issue #2678)
If we automatically signed all built packages, enabling enforcing signature checking by default would be much less of an issue because it would no longer require --nosignature in common use-cases. The gpg-agent stuff seems ill-suited for builds in non-interactive environments. I think rpm5 did something with keyutils(7), that may be something to look into. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2678 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RFE: introduce an rpm-controlled per-build directory to builds (Issue #2078)
This keeps coming up in various contexts. It's time we actually do it. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2078#issuecomment-1736875779 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RFE: Standardize on OCI images for test-suite, even locally (Issue #2643)
Yep, thanks. I noticed this too on Hacker News yesterday and was almost going to post the same here :smile: -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2643#issuecomment-1736872845 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] rpmtests: The testsuites are getting failed (Issue #2106)
Closed #2106 as completed. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2106#event-10483782305 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] rpmtests: The testsuites are getting failed (Issue #2106)
Closing due to inactivity. Besides, the way the test-suite is executed has rather fundamentally changed in the meanwhile. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2106#issuecomment-1736871767 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Add a new perl.prov script to generate normalized module versions (PR #2586)
> Which license should I use? Same as rpm package has now, as you copy code. GPL-2.0-or-later according to the files itself. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/2586#issuecomment-1736867275 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RPM v6 package format, first public draft for commenting (Discussion #2374)
There's no reason to link that to v6 in particular, additional data can be added any time. Head over to https://github.com/rpm-software-management/rpm/issues/2389 to discuss that. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/discussions/2374#discussioncomment-7120262 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] Deprecate Lua posix.fork() and posix.exec() (Issue #2420)
We should add deprecation warnings in 4.20, and remove these in v6. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2420#issuecomment-1736852016 You are receiving this because you are subscribed to this thread. Message ID: ___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint