Re: [Rpm-maint] [rpm-software-management/rpm] Implement openpgp.cert.d based keystore (PR #3437)

[Florian Festi]

@ffesti commented on this pull request.



>  
-if (replace) {
-   rasprintf(&tmppath, "%s.new", path);
-   unlink(tmppath);
+rc = write_key_to_disk(key, dirstr, keyfmt, replace, flags);
+
+if (!rc && replace) {
+   /* find and delete the old pubkey entry */

The patch obscures that this is actually old code. This is about converting 
from the old (short keyids based) file names to new (fingerprint based) 
filenames. Here we are just deleting the old file which is now redundant.

The merging of the keys does happen - it just doesn't happen here.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3437#discussion_r1834493385
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Implement openpgp.cert.d based keystore (PR #3437)

[Florian Festi]

@ffesti commented on this pull request.



>  }
 
-if (rpmMkdirs(rpmtxnRootDir(txn), "%{_keyringpath}")) {
+free(dir);
+return rc;
+}
+
+/*/
+
+static rpmRC acquire_write_lock(rpmtxn txn)

I know. But the standard requires a lockfile on disk as part of the 
openpgp.cert.d format. If we want other tools to be able to read it we should 
try to adhere to that. 

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3437#discussion_r1834485302
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

[Rpm-maint] [rpm-software-management/rpm] Implement openpgp.cert.d based keystore (PR #3437)

[Florian Festi]

Refactor code from the fs backend into shared helper functions

This does implement the layout on the file system and the write lock of the 
openpgp.cert.d proposal according to
https://www.ietf.org/archive/id/draft-nwjw-openpgp-cert-d-00.html but not the 
Trust root, Petname mapping or Trusted introducers.

This still is a mess of C and C++ style strings that we want to clean up later 
by adding C++ string based path handling and may be using the filesystem C++ 
library.

Resolves:  #3341
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/3437

-- Commit Summary --

  * Implement openpgp.cert.d based keystore

-- File Changes --

M lib/keystore.cc (178)
M lib/keystore.hh (7)
M lib/rpmts.cc (2)
M tests/rpmsigdig.at (89)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/3437.patch
https://github.com/rpm-software-management/rpm/pull/3437.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3437
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Move installed gpg keys to the currently configured storage (Issue #3347)

[Florian Festi]

Should have worded this better: Do the fs backend keys survive a rpmdb 
--rebuild?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3347#issuecomment-2464689314
You are receiving this because you are subscribed to this thread.

Message ID: 

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Move installed gpg keys to the currently configured storage (Issue #3347)

[Florian Festi]

Hmm, the question is on how to do that in a save way. E.g. for the database 
backend there is no clean slate to start from. We ofc could remove all 
gpgpubkey packages and then add the loaded keys back. But that leaves things 
very vulnerable inbetween.

The file based backends can at least save stuff elsewhere by manipulating 
`%_keyringpath`.

Hmm, with the key store in the rpmdb directory does that survive an rpmdb 
--rebuild?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3347#issuecomment-2464512982
You are receiving this because you are subscribed to this thread.

Message ID: 

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Use rpmkeys --list in test cases (PR #3434)

[Florian Festi]

@ffesti pushed 1 commit.

0744ee17dd9b866b6875ec97ade73d30b3b41cf8  Use rpmkeys --list in test cases

-- 
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3434/files/e4f43ca01e35b7b48da3f2daa057171a0a12b0a6..0744ee17dd9b866b6875ec97ade73d30b3b41cf8
You are receiving this because you are subscribed to this thread.

Message ID: 

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

[Rpm-maint] [rpm-software-management/rpm] Use rpmkeys --list in test cases (PR #3434)

[Florian Festi]

This indeed does work with the fs backend nowadays. Since 
42985d54824fc518b203aebfaf12e1daa3bb994a actually.
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/3434

-- Commit Summary --

  * Use rpmkeys --list in test cases

-- File Changes --

M tests/rpmsigdig.at (8)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/3434.patch
https://github.com/rpm-software-management/rpm/pull/3434.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3434
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Use rpmkeys --list in test cases (PR #3434)

[Florian Festi]

There are a couple of other test having an even more thorough look on the file 
system. Keeping the `find` line for the one case where there actually files to 
find. 

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3434#issuecomment-2462163980
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Another signature verification verbose message update (PR #3432)

[Florian Festi]

Merged #3432 into master.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3432#event-15180030109
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Fix rpmsign --key-id regression (PR #3423)

[Florian Festi]

Merged #3423 into master.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3423#event-15145540716
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] RPM db does not upgrades when upgrading from `4.11.3` to `4.18.2` (Issue #3420)

[Florian Festi]

@ffesti converted this issue into discussion #3431.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3420#event-15143634325
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Use consistent case in signature and key messages (PR #3426)

[Florian Festi]

Merged #3426 into master.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3426#event-15115396134
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Use consistent case in signature and key messages (PR #3426)

[Florian Festi]

Not sure if I like that "only appear as the first word on the line" 
argument when we lower cased the first word everywhere else. Anyway, this is a 
lot better than before and we change change Payload and Header later on.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3426#issuecomment-2456486184
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Use consistent case in signature and key messages (PR #3426)

[Florian Festi]

What about "Header"?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3426#issuecomment-2456444289
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmlogOnce() and rpmlogReset() (PR #3417)

[Florian Festi]

@ffesti commented on this pull request.



> @@ -22,6 +23,7 @@ struct rpmlogCtx_s {
 unsigned mask;
 int nrecsPri[RPMLOG_NPRIS];
 std::vector recs;
+std::map, int>> seen;

Yeah, I thought about using an unordered map in the beginning and then opted to 
go for the normal map just in case.

Good I did because I might not have been able to make the unordered_map work 
right away. The missing hash function for pairs gives a pretty long compiler 
message. But I got it working now.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3417#discussion_r1827335472
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmlogOnce() and rpmlogReset() (PR #3417)

[Florian Festi]

@ffesti pushed 2 commits.

d0b48668e20fd1e60a70f770bd804a88d1a7fafd  Add rpmlogOnce() and rpmlogReset()
6be14bd24eb29087c5d82b370a12988af4c057a2  Use rpmlogOnce() in handleHdrVS

-- 
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3417/files/7b3377bb0c2bff99a06c5dd4d3aa7ef560549ccf..6be14bd24eb29087c5d82b370a12988af4c057a2
You are receiving this because you are subscribed to this thread.

Message ID: 

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmlogOnce() and rpmlogReset() (PR #3417)

[Florian Festi]

@ffesti commented on this pull request.



> @@ -412,3 +415,36 @@ void rpmlog (int code, const char *fmt, ...)
 exit:
 errno = saved_errno;
 }
+
+int rpmlogOnce (uint64_t domain, const char * key, int code, const char *fmt, 
...)
+{
+int saved_errno = errno;
+rpmlogCtx ctx = rpmlogCtxAcquire();
+int newkey = 0;
+
+if (ctx) {
+   wrlock lock(ctx->mutex);

Technically yes. For now I don't want to over complicate things for what is 
very little gains in practice.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3417#discussion_r1826531797
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmlogOnce() and rpmlogReset() (PR #3417)

[Florian Festi]

recs is not really suited for this. It is a vector so lookups are not cheap. It 
only stores WARNING and above. We might want to link to the recs entry but even 
that does not really solve anything if the lower prio entries are missing.

The additional string is there for cases where the message contains differing 
info. E.g. the package name or location of the error. Imagine suppressing a 
missing macro message. This will give a file and line number. And you do want 
that so you can look at the place where things go wrong in case it is just a 
typo. You still want to suppress the follow up messages if the macro is 
actually missing. So having a key allows to put them all under the same 
category.

I don't think we will have logging objects for every possible occasion but only 
for majors things like builds or transactions. So I expect the domain to stay 
relevant even if we no longer have global logging. But that might just me being 
unimaginative.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3417#issuecomment-2449257525
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmlogOnce() and rpmlogReset() (PR #3417)

[Florian Festi]

@ffesti pushed 2 commits.

f83a969b903a6cef614a2daa1e59650e1eeb0742  Add rpmlogOnce() and rpmlogReset()
7b3377bb0c2bff99a06c5dd4d3aa7ef560549ccf  Use rpmlogOnce() in handleHdrVS

-- 
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3417/files/02750bb69f9ad931fe26bef15a4b2615cdfcc27b..7b3377bb0c2bff99a06c5dd4d3aa7ef560549ccf
You are receiving this because you are subscribed to this thread.

Message ID: 

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Implement a native C++ macro API + use it to replace manual macro locking (PR #3408)

[Florian Festi]

This looks do to me now. May be @dmnks can have a look and second opinion 
before merging.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3408#issuecomment-2450223428
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmlogOnce() and rpmlogReset() (PR #3417)

[Florian Festi]

OK, test added.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3417#issuecomment-2450139574
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Support Fedora 41 in Dockerfile (PR #3418)

[Florian Festi]

Merged #3418 into master.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3418#event-15035058916
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmlogOnce() and rpmlogReset() (PR #3417)

[Florian Festi]

OK; this should address all issues except for the Python based test case which 
I will add next.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3417#issuecomment-2449444799
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmlogOnce() and rpmlogReset() (PR #3417)

[Florian Festi]

@ffesti pushed 2 commits.

c0bb2aaf51f78ac30e86e65f772c17d4c8dde8ae  Add rpmlogOnce() and rpmlogReset()
02750bb69f9ad931fe26bef15a4b2615cdfcc27b  Use rpmlogOnce() in handleHdrVS

-- 
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3417/files/bf6baaa3ef7d62959064583d5ead2d64a18fda0c..02750bb69f9ad931fe26bef15a4b2615cdfcc27b
You are receiving this because you are subscribed to this thread.

Message ID: 

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmlogOnce() and rpmlogReset() (PR #3417)

[Florian Festi]

@ffesti commented on this pull request.



> + }
+   va_end(ap);
+}
+errno = saved_errno;
+return newkey;
+}
+
+void rpmlogReset(uint64_t domain, int mode=0)
+{
+rpmlogCtx ctx = rpmlogCtxAcquire();
+std::map, int> domain_data = {};
+
+if (ctx) {
+   wrlock lock(ctx->mutex);
+   if (mode)
+   domain_data = ctx->seen[domain];

Deleted.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3417#discussion_r1824115788
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmlogOnce() and rpmlogReset() (PR #3417)

[Florian Festi]

I don't disagree that this can probably be done better with proper OO. But I 
don't want to get into this right now. Redoing the whole rpmlog thing is a 
story for another time. As this is a internal API for now we can still change 
it later one when we get to that.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3417#issuecomment-2449381162
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmlogOnce() and rpmlogReset() (PR #3417)

[Florian Festi]

@ffesti commented on this pull request.



> @@ -412,3 +415,43 @@ void rpmlog (int code, const char *fmt, ...)
 exit:
 errno = saved_errno;
 }
+
+int rpmlogOnce (uint64_t domain, const char * key, int code, const char *fmt, 
...)
+{
+int saved_errno = errno;
+rpmlogCtx ctx = rpmlogCtxAcquire();
+int newkey = 0;
+
+if (ctx) {
+   wrlock lock(ctx->mutex);
+   newkey = !ctx->seen[domain][{code, key}]++;

Yeah this needs a comment. Is `/* This gets initialized automatically on first 
access */` clear enough?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3417#discussion_r1824114894
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmlogOnce() and rpmlogReset() (PR #3417)

[Florian Festi]

@ffesti pushed 1 commit.

bf6baaa3ef7d62959064583d5ead2d64a18fda0c  Add rpmlogOnce() and rpmlogReset()

-- 
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3417/files/7eb7b473a04ccad9457bbd0de1bc6c7f52d11b93..bf6baaa3ef7d62959064583d5ead2d64a18fda0c
You are receiving this because you are subscribed to this thread.

Message ID: 

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmlogOnce() and rpmlogReset() (PR #3417)

[Florian Festi]

@ffesti commented on this pull request.



> @@ -412,3 +415,43 @@ void rpmlog (int code, const char *fmt, ...)
 exit:
 errno = saved_errno;
 }
+
+int rpmlogOnce (uint64_t domain, const char * key, int code, const char *fmt, 
...)
+{
+int saved_errno = errno;
+rpmlogCtx ctx = rpmlogCtxAcquire();
+int newkey = 0;
+
+if (ctx) {

It is not. It is there to limit the scope of the lock. If you want to use 
rpmlock below to print the numbers for the repeated messages we can't hold a 
lock there.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3417#discussion_r1824017885
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Implement a native C++ macro API + use it to replace manual macro locking (PR #3408)

[Florian Festi]

May be just add a two line comments before or just in the class declaration 
stating that this si for getting a lock on a macro context and use it to do 
macro stuff with it.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3408#issuecomment-2447265321
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Implement a native C++ macro API + use it to replace manual macro locking (PR #3408)

[Florian Festi]

The macro class needs a bit more doc strings. It is kinda weird that it is 
basically just a lock around the macro context. Not that there is anything 
wrong with that - it's just weird

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3408#issuecomment-2447043090
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

[Rpm-maint] [rpm-software-management/rpm] Add rpmlogOnce() and rpmlogReset() (PR #3417)

[Florian Festi]

These are internal only for now to allow us gain soem more confidence on the 
design.

rpmlogOnce allows showing a log message only once. rpmlogReset allows purging 
the list of known message keys for a given domain. This allows for different 
live times e.g. per transaction or per package.

Use in handleHdrVS. This does not add a new test case but various existing test 
cases fail when the NOKEY message is omited or shown more than once. The code 
uses the pointer to the rpmts object as a domain and resets it when the rpmts 
is freed.

Resolves: #3336
Resolves: #
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/3417

-- Commit Summary --

  * Add rpmlogOnce() and rpmlogReset()

-- File Changes --

M lib/package.cc (31)
M lib/rpmts.cc (2)
M rpmio/rpmlog.cc (45)
A rpmio/rpmlog_internal.hh (23)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/3417.patch
https://github.com/rpm-software-management/rpm/pull/3417.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3417
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmLogOnce to filter log message (Issue #3395)

[Florian Festi]

OK; let's start with the second thing first.

void rpmlogOnce (uint64_t ctx, const char * key, int code, const char *fmt, 
...);
void rpmlogReset(uint64_t ctx, int suppress);

Look fine to me. `suppress` probably morphing into a enum for the different 
modes of operation.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3395#issuecomment-2444244887
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmLogOnce to filter log message (Issue #3395)

[Florian Festi]

Hmm, "last warning repeated 123 times" works fine if there is only one message 
repeated all over. There surely are cases like this in rpmbuild. But for things 
like the signature results they are interwoven with other messages. Same is 
probably true with for other things. E.g. warnings for non declared macros - if 
we want to add those. Alternative would be listing the suppressed messages and 
their number at the end. Or we could add "further messages are left out" to the 
second message.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3395#issuecomment-2444005620
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmLogOnce to filter log message (Issue #3395)

[Florian Festi]

#3336 calls for this to be independent of the process life time. The issue here 
is that the whole logging system is bound to the process as it is build on top 
of a global variable.

The right thing IMHO would be adding this functionality to the global log 
context for now and deal with the issue of non-global logging separately. For 
now we could add just one new function:

void rpmlogOnce (const char * key, int code, const char *fmt, ...);

`rpmlogClose` would also clear the memory of what has already logged. So far 
this is only used in `rpmcliFini` which is only called at the end of the 
command line tools.

So this is basically a non solution but it moves it in with the logging global 
context issue that we do have anyway. 




-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3395#issuecomment-2443717627
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Implement an abstact keystore API (Issue #3342)

[Florian Festi]

Closed #3342 as completed via #3407.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3342#event-14957962988
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Implement an abstract keystore class + port fs + rpmdb keystores to it (PR #3407)

[Florian Festi]

Merged #3407 into master.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3407#event-14957962131
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Implement an abstract keystore class + port fs + rpmdb keystores to it (PR #3407)

[Florian Festi]

This is surprisingly straight forward. Guess all the refactoring in advance has 
paid off.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3407#issuecomment-2441445864
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Unknown keyid warning is tied to process lifetime (Issue #3336)

[Florian Festi]

Looks like `rpmKeyringVerifySig*` could easily deal with this. Unfortunately 
there isn't a good way to return the information. Sure we could add something 
like RPMRC_NOKEY_REPEATED and RPMRC_NOTTRUSTED_REPEATED as a return value. But 
that breaks the API for users being unaware and requires fixing our own callers 
to take these values into account. There are about half a dozen places so it is 
not that difficult to do, but I wonder if this is just too much of an 
disruption.

The alternative would be adding something like stashKeyId to the keyring - 
probably with a better name.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3336#issuecomment-2441295345
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Take read-only transaction lock for keyring load (PR #3406)

[Florian Festi]

Merged #3406 into master.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3406#event-1495276
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Drill pubkeys one level deeper into the keystore APIs (PR #3404)

[Florian Festi]

Merged #3404 into master.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3404#event-14949990586
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Require macro filenames to end in alphanum char (PR #3399)

[Florian Festi]

Merged #3399 into master.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3399#event-14949925786
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

[Rpm-maint] [rpm-software-management/rpm] Handle subkeys in rpmKeyringModify (PR #3403)

[Florian Festi]

Remove all other subkey handling code

Inline the remaining few lines of keyringAdd in keystore.cc

This slightly changes the DEBUG messages as the keyring does not have
access to the origin of the keys. So rpmtsLoadKeyringFrom* still gives
the location the keys came from while the keyring only lists the
fingerprint of the primary keys and the number for the sub keys.

This changes the return value of rpmKeystoreLoad to the number of
primary keys and no longer accounts for the subkeys.

Subkeys are covered by multiple test already - including merging a newer
key. So this does not add additional tests.

Resolves: #3350
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/3403

-- Commit Summary --

  * Simplify rpmKeyringModify(RPMKEYRING_REPLACE)
  * Handle subkeys in rpmKeyringModify

-- File Changes --

M lib/keystore.cc (34)
M lib/rpmts.cc (11)
M rpmio/rpmkeyring.cc (28)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/3403.patch
https://github.com/rpm-software-management/rpm/pull/3403.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3403
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] rpmKeyringAddKey() should add subkeys too (Issue #3350)

[Florian Festi]

OK, last time around I ran into trouble when trying to attach the sub keys to 
the primary keys. But as nothing seems to use the subkeys outside of the 
keyring there isn't really a good reason to do so. So I am currently just 
adding (and removing) the subkeys from the keyring without changing anything 
else in the data structures.



-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3350#issuecomment-2435183261
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] rpmKeyring: Support keys with the same key ID (PR #3398)

[Florian Festi]

Guess it is a matter of taste. The original code just made sure the value of 
key was valid all the time - NULL or not. Now that we rely on the results 
vector that is not needed as urgently

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398#issuecomment-2434722110
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Handle subkeys in rpmKeyringModify (PR #3403)

[Florian Festi]

@ffesti pushed 1 commit.

c6593c5e509176de6c8480094e7bf666e7e3c0fd  Handle subkeys in rpmKeyringModify

-- 
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3403/files/1ad8f7969a69597ac335a6e5f9e8737f9ba0d75a..c6593c5e509176de6c8480094e7bf666e7e3c0fd
You are receiving this because you are subscribed to this thread.

Message ID: 

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Handle subkeys in rpmKeyringModify (PR #3403)

[Florian Festi]

@ffesti commented on this pull request.



> @@ -133,16 +133,32 @@ int rpmKeyringModify(rpmKeyring keyring, rpmPubkey key, 
> rpmKeyringModifyMode mod
if (item->second->fp == key->fp)
break;
 }
-if (item != range.second && mode == RPMKEYRING_DELETE) {
+if (item != range.second && (mode == RPMKEYRING_DELETE || mode == 
RPMKEYRING_REPLACE)) {
+   /* remove sub keys */
+   for (auto it = keyring->keys.begin(); it != keyring->keys.end();) {
+   if (it->second->primarykey == item->second) {
+   rpmPubkeyFree(it->second);
+   it = keyring->keys.erase(it);
+   } else {
+   ++it;

Well in C `for` loops are `while` loops with fancy decorations. I find using a 
for loop much more clear as it indicates that we are looping over all items in 
order. If I see a while loop this could do anything.

Not that I care much, changed.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3403#discussion_r1814975098
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] rpmKeyring: Support keys with the same key ID (PR #3398)

[Florian Festi]

> There are two entirely separate cases here:
> 
> * no key, which can only return FAIL/NOKEY
> 
> * one or more matches, which can only return FAIL/OK
>   You'll want those in a top-level if-else so there's no doubt 
> whatsoever: only one of them can execute, and keyptr can only be set by the 
> latter. Which means "key" can and should move to a more local scope in the 
> second. And for the no key case, it'd be a good idea to add an actual assert 
> to make it 200% clear: it can never ever return OK.


This is wrong IMHO. There may be keys that get dropped in the loop because we 
can figure out they do not match. If we can get the fingerprint of some 
signatures at some point we might be able to filter out non-matching keys even 
more. In these cases we still need to run the NOKEY part if all keys got 
dropped.

Also even in the NOKEY part we want to write NULL to the keyptr so callers can 
rely on their key variable getting updated.


-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398#issuecomment-2434571186
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] rpmKeyring: Support keys with the same key ID (PR #3398)

[Florian Festi]

@ffesti pushed 1 commit.

6add112349e19cb55cccb26ea60bdcfbee85f366  rpmKeyring: Support keys with the 
same key ID

-- 
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398/files/b854e91d02c0125643db5a4a30b4801658d532ac..6add112349e19cb55cccb26ea60bdcfbee85f366
You are receiving this because you are subscribed to this thread.

Message ID: 

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Refactor the subkey handling to a keystore helper function (PR #3401)

[Florian Festi]

Merged #3401 into master.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3401#event-14844679373
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] rpmKeyring: Support keys with the same key ID (PR #3398)

[Florian Festi]

@ffesti pushed 1 commit.

b854e91d02c0125643db5a4a30b4801658d532ac  rpmKeyring: Support keys with the 
same key ID

-- 
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398/files/23ab18d5836c42632293584e0a2a53c961bcaa25..b854e91d02c0125643db5a4a30b4801658d532ac
You are receiving this because you are subscribed to this thread.

Message ID: 

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] rpmKeyring: Support keys with the same key ID (PR #3398)

[Florian Festi]

@ffesti pushed 1 commit.

23ab18d5836c42632293584e0a2a53c961bcaa25  rpmKeyring: Support keys with the 
same key ID

-- 
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398/files/02842c16f6bf255266aa44acaace499f8d9d4f3a..23ab18d5836c42632293584e0a2a53c961bcaa25
You are receiving this because you are subscribed to this thread.

Message ID: 

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] rpmKeyring: Support keys with the same key ID (PR #3398)

[Florian Festi]

OK, simplified the code. Just print out the right messages. I'd guess there 
shouldn't be a message for RPMRC_OK but the code for now does not make that 
assumption.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398#issuecomment-2432383611
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] rpmKeyring: Support keys with the same key ID (PR #3398)

[Florian Festi]

@ffesti pushed 1 commit.

02842c16f6bf255266aa44acaace499f8d9d4f3a  rpmKeyring: Support keys with the 
same key ID

-- 
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398/files/9bef89efbbfda5005f287243af0fd2e0f2b6c004..02842c16f6bf255266aa44acaace499f8d9d4f3a
You are receiving this because you are subscribed to this thread.

Message ID: 

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] rpmKeyring: Support keys with the same key ID (PR #3398)

[Florian Festi]

@ffesti pushed 1 commit.

9bef89efbbfda5005f287243af0fd2e0f2b6c004  rpmKeyring: Support keys with the 
same key ID

-- 
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398/files/ed5cc0cc98e534ced89407595899c93971ba721e..9bef89efbbfda5005f287243af0fd2e0f2b6c004
You are receiving this because you are subscribed to this thread.

Message ID: 

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] rpmKeyring: Support keys with the same key ID (PR #3398)

[Florian Festi]

rpmKeyringModify still has `auto item = range.first;` outside the loop. But 
this is going to change for #3350 anyway.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398#issuecomment-2431969324
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] rpmKeyring: Support keys with the same key ID (PR #3398)

[Florian Festi]

@ffesti pushed 1 commit.

ed5cc0cc98e534ced89407595899c93971ba721e  rpmKeyring: Support keys with the 
same key ID

-- 
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398/files/f48524f9cc27680ff2e5d2c683358a4aac474b82..ed5cc0cc98e534ced89407595899c93971ba721e
You are receiving this because you are subscribed to this thread.

Message ID: 

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Refactor keystore operations to a separate source + internal API (PR #3397)

[Florian Festi]

Merged #3397 into master.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3397#event-14806506031
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Refactor keystore operations to a separate source + internal API (PR #3397)

[Florian Festi]

Otherwise this looks pretty straight forward and good.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3397#issuecomment-2431366866
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Refactor keystore operations to a separate source + internal API (PR #3397)

[Florian Festi]

`static rpmRC rpmtsDeleteDBKey(rpmtxn txn, rpmPubkey key)` and friends look 
weird to me - having a `rpmts` prefix but getting called with `rpmtxn`. Yes, 
these are all just internal helpers so it is not a big deal. Still noticing.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3397#issuecomment-2431350590
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] keyring only allows unique key IDs (Issue #3334)

[Florian Festi]

OK, the code does that now. Don't have a test case with more than one failing 
key yet. Guess we could arrange that by damaging the signature. Having 3 keys 
sharing a key ID does not seem like a realistic thing to get in our life time. 

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3334#issuecomment-2429118504
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] rpmKeyring: Support keys with the same key ID (PR #3398)

[Florian Festi]

@ffesti pushed 1 commit.

f48524f9cc27680ff2e5d2c683358a4aac474b82  rpmKeyring: Support keys with the 
same key ID

-- 
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398/files/d64ab890166d4f8de3130afcd484741489575285..f48524f9cc27680ff2e5d2c683358a4aac474b82
You are receiving this because you are subscribed to this thread.

Message ID: 

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] keyring only allows unique key IDs (Issue #3334)

[Florian Festi]

OK, may be I should have worded this better. We get a meaningful human readable 
message from the backend. But not a meaningful return code. So while the user 
is getting the right idea what the issue might be I don't think we want to 
parse that message to figure out whether the pubkey is matching.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3334#issuecomment-2429007217
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] keyring only allows unique key IDs (Issue #3334)

[Florian Festi]

Toying around with the test cases I wonder if the opposite is actually what we 
want. If there are only keys that do not actually match you'd want to issue a 
NOKEY response. But for that we'd need to actually understand which key is the 
matching one - if any.

We do get an meaningful error message from the back end if signature and pubkey 
don't match up though.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3334#issuecomment-2428916917
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] rpmKeyring: Support keys with the same key ID (PR #3398)

[Florian Festi]

@ffesti pushed 1 commit.

d50ebbb7dc43ab3832d537f595fb0aea2e26941b  rpmKeyring: Support keys with the 
same key ID

-- 
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398/files/a1402d0224e9ff0a435c4cbcd97d4641f4405bdd..d50ebbb7dc43ab3832d537f595fb0aea2e26941b
You are receiving this because you are subscribed to this thread.

Message ID: 

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] rpmKeyring: Support keys with the same key ID (PR #3398)

[Florian Festi]

For now the test case only has two keys with matching key IDs. Will add tests 
with 3 or 4 keys with the same id at some later point.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398#issuecomment-2428870284
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

[Rpm-maint] [rpm-software-management/rpm] rpmKeyring: Support keys with the same key ID (PR #3398)

[Florian Festi]

Loop over the candidates during signature verification and use the one 
verifying it - iff any. Otherwise use last key with matching key ID (basically 
a random one).
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/3398

-- Commit Summary --

  * rpmKeyring: Support keys with the same key ID

-- File Changes --

M rpmio/rpmkeyring.cc (69)
A tests/data/keys/keyidcollision1.asc (8)
A tests/data/keys/keyidcollision1.pub (8)
A tests/data/keys/keyidcollision2.asc (8)
A tests/data/keys/keyidcollision2.pub (8)
M tests/rpmsigdig.at (68)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/3398.patch
https://github.com/rpm-software-management/rpm/pull/3398.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] keyring only allows unique key IDs (Issue #3334)

[Florian Festi]

Yes, the code loops over all they and stops if one verifies the signature. If 
none does we just use the last one (random key) to produce the error messages. 
This is less than ideal as the messages for the other key(s) could be more 
meaningful. But the return codes of pgpVerifySignature() don't seem very 
helpful in making a better decision.

Also having a failure of a signature with multiple candidates that all fail 
seems like a very rare occasion and I might be fine with the error message 
being correct enough. 

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3334#issuecomment-2428713450
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Redo lib/package.c stashKeyid() and rpmsinfo_s.keyid to use long KeyId (Issue #3333)

[Florian Festi]

Closed # as completed via #3396.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/#event-14778331240
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Redo lib/package.c stashKeyid() and rpmsinfo_s.keyid to use long KeyId (Issue #3333)

[Florian Festi]

Closed # as completed via 6699388227b37665b2926dc5d767dec4d6fec54b.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/#event-14778331264
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Use full keyid for the unknown keyid warning message tracking (PR #3396)

[Florian Festi]

Merged #3396 into master.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3396#event-14778331011
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Redo lib/package.c stashKeyid() and rpmsinfo_s.keyid to use long KeyId (Issue #3333)

[Florian Festi]

Sure, then just commit and push.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/#issuecomment-2426792250
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Redo lib/package.c stashKeyid() and rpmsinfo_s.keyid to use long KeyId (Issue #3333)

[Florian Festi]

Nah, I'll be able to hack that 2 loc myself.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/#issuecomment-2426694571
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

[Rpm-maint] [rpm-software-management/rpm] Add rpmLogOnce to filter log message (Issue #3395)

[Florian Festi]

**Is your feature request related to a problem? Please describe.**

Many log messages are repeated over and over and need to be filtered down to 
just one instance. One example is #.  
There needs to be a way to limit the lifetime of this (see #3336). 
Unfortunately the whole logging is currently using global instances.

**Describe the solution you'd like**
The rpmlog module should offer a simple API to do that without needing local 
book keeping.

**Additional context**
#3389 was a first attempt adding this to rpmts. See dicussion there.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3395
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Migrate keystores to operate by fingerprint instead of short keyid (PR #3390)

[Florian Festi]

Merged #3390 into master.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3390#event-14761081151
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Migrate keystores to operate by fingerprint instead of short keyid (PR #3390)

[Florian Festi]

Yeah, one step at a time.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3390#issuecomment-2426108495
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Both rpmdb and fs keystores store keys by the short keyid (Issue #3360)

[Florian Festi]

Closed #3360 as completed via #3390.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3360#event-14761081428
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmtsLogOnce() (PR #3389)

[Florian Festi]

Closed #3389.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3389#event-14713178907
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Add rpmtsLogOnce() (PR #3389)

[Florian Festi]

Closing until the details are figured out.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3389#issuecomment-2421604020
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

[Rpm-maint] [rpm-software-management/rpm] Add rpmtsLogOnce() (PR #3389)

[Florian Festi]

Allows showing a log message only once.

Use in handleHdrVS. This does not add a new test case but various existing test 
cases fail when the NOKEY message is omited or shown more than once.

Resolves: #3336
Resolves: #
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/3389

-- Commit Summary --

  * Add rpmtsLogOnce()

-- File Changes --

M include/rpm/rpmts.h (10)
M lib/package.cc (35)
M lib/rpmts.cc (21)
M lib/rpmts_internal.hh (2)
M lib/rpmvs.cc (3)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/3389.patch
https://github.com/rpm-software-management/rpm/pull/3389.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3389
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Make rpmPubkeyFingerprintAsHex() and rpmPubkeyKeyIDAsHex() nicer to use from C (PR #3386)

[Florian Festi]

Merged #3386 into master.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3386#event-14696044132
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Make rpmPubkeyFingerprintAsHex() and rpmPubkeyKeyIDAsHex() nicer to use from C (PR #3386)

[Florian Festi]

I wonder if the keyID and fingerprint really can change.

May be we should just declare the keys read only and don't use locking at all.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3386#issuecomment-2418975475
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Both rpmdb and fs keystores store keys by the short keyid (Issue #3360)

[Florian Festi]

There is so much wrong with the gpg-pubkey packages it really doesn't matter. 
Additional Provides won't hurt but I doubt the existing ones are used for 
anything anyway.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3360#issuecomment-2418795574
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] keyring only allows unique key IDs (Issue #3334)

[Florian Festi]

AC:

* rpmKeyring can store multiple keys with the same key ID
* The verification code loops over the keys and ignores the ones not actually 
matching the signature

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3334#issuecomment-2416404624
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

[Rpm-maint] [rpm-software-management/rpm] Add rpmkeys --expor (PR #3383)

[Florian Festi]

Just writes the keys out to stdout in an ASCII armored format.

Resolves: https://github.com/rpm-software-management/rpm/issues/3366

May be an option to write the keys into different files with the fingerprints 
as a filename might also be handy. 
You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/3383

-- Commit Summary --

  * Add rpmPubkeyArmorWrap()
  * Add rpmkeys --export

-- File Changes --

M docs/man/rpmkeys.8.md (6)
M include/rpm/rpmkeyring.h (7)
M rpmio/rpmkeyring.cc (11)
M tests/rpmdb.at (147)
M tools/rpmkeys.cc (18)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/3383.patch
https://github.com/rpm-software-management/rpm/pull/3383.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3383
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] RFE: add rpmkeys --export for exporting the ASCII armored key material (Issue #3366)

[Florian Festi]

AC:

* Add `rpmkeys --export [FINGERPRINT ...]`
* Outputs the ASCII armored keys to stdout

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3366#issuecomment-2413833052
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] RFE: add rpmkeys --export for exporting the ASCII armored key material (Issue #3366)

[Florian Festi]

For the record: There is currently a way to do this with the current API by 
getting `rpmPubkeyBase64` and then decoding it again. But this is rather silly.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3366#issuecomment-2413828143
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] RFE: add rpmkeys --export for exporting the ASCII armored key material (Issue #3366)

[Florian Festi]

OK, adding this to `rpmkeys` is rather easy now that we have `matchingKeys` in 
place. One issue that goes beyond this ticket is the disconnect between 
rpmkeyring.h and rpmPubkey on one side and rpmpgp.h on the other. The later 
works either on pgpDigParams - which rpmPubkey can return - or the raw packet 
data and length. The later is stored in the rpmPubkey object of the primary 
keys but is not exported. SO the question is do we add a function to retrieve 
the blob or do we basically attach the functions in rpmpgp.h to the rpmPubkey 
data structure?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3366#issuecomment-2413825599
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] rpmKeyringAddKey() should add subkeys too (Issue #3350)

[Florian Festi]

With [Turn nrefs into 
atomic_int](https://github.com/rpm-software-management/rpm/pull/3370) merged 
this can get another try.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3350#issuecomment-2413810630
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Pass rpmPubkey instance to rpmtxnDeletePubkey (PR #3374)

[Florian Festi]

@ffesti pushed 4 commits.

7928d99073a7f38ec3f6fd8223d99f7b3dd0ae9c  rpmkeys: Match error message of 
--list to --delete
2da4d23bec28dd8a668e231f59e1c76ef8e28f52  Make rpmkeys --list accept short key 
IDs
52c675f099550b7bbf7089c29f3259c6d259fc61  Improve matchingKeys
662c231e0fcaa5e238b8dde18903c1416964d3dc  Pass rpmPubkey instance to 
rpmtxnDeletePubkey

-- 
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3374/files/5101c630d73e9a0b9efca364013198b9c7b791fd..662c231e0fcaa5e238b8dde18903c1416964d3dc
You are receiving this because you are subscribed to this thread.

Message ID: 

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Is it necessary to touch a %ghost? (Discussion #3380)

[Florian Festi]

You still might want to create the ghost file - e.g. if you want to reserve the 
space during installation. The meta data is taken from the file if it exists.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/3380#discussioncomment-10945487
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Having no keys imported is not an error (PR #3378)

[Florian Festi]

Merged #3378 into master.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3378#event-14653637160
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Replace all gpg-pubkey access in tests with rpmkeys calls (Issue #3343)

[Florian Festi]

Closed #3343 as completed via 5f5a016b00239e2e049fec805975ea33f4af5c06.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3343#event-14653607213
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Replace gpg-pubkey access with rpmkeys where possible (PR #3379)

[Florian Festi]

Merged #3379 into master.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3379#event-14653606890
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Turn nrefs into atomic_int (PR #3370)

[Florian Festi]

Yes, this all only works if everyone is using *Link and *Free as pairs.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3370#issuecomment-2413137932
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Turn nrefs into atomic_int (PR #3370)

[Florian Festi]

Yes, this is just about `nrefs` and does not add thread safety for the content 
of the data types.

`--nrefs` decreases the nrefs and returns the new value atomically. As reaching 
0 means no one has a reference it "can not" increase again. So checking the 
value later is fine. Note that we get a copy of the value returned from 
`--nrefs` so other changes to the `nrefs` attibute won't change the return 
value of the `--` operator.

So during the `--` operator the decision if made whether we need to free the 
instance. And we get a copy of that decision. So the *Free() function is not 
racy.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3370#issuecomment-2411799018
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Fix formatting in the rpmsort man page. (PR #3376)

[Florian Festi]

Thanks for the patch!

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3376#issuecomment-2411551949
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Fix formatting in the rpmsort man page. (PR #3376)

[Florian Festi]

Merged #3376 into master.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3376#event-14638737262
You are receiving this because you are subscribed to this thread.

Message ID: 
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] rpmkeys --list and --delete must work for unloadable keys (Issue #3375)

[Florian Festi]

Or just drop all key that you can't load.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3375#issuecomment-2411339346
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Pass rpmPubkey instance to rpmtxnDeletePubkey (PR #3374)

[Florian Festi]

@ffesti commented on this pull request.



> @@ -359,7 +360,7 @@ rpmRC rpmtxnImportPubkey(rpmtxn txn, const unsigned char 
> * pkt, size_t pktlen);
  * RPMRC_NOKEY on invalid keyid
  * RPMRC_FAIL on other failure
  */
-rpmRC rpmtxnDeletePubkey(rpmtxn txn, const char *keyid);
+rpmRC rpmtxnDeletePubkey(rpmtxn txn, rpmPubkey key);

OK, this here is the minimal approach. It keeps the old function as 
rpmtxnDeletePubkeyByID. We can smush this into a different shape once we now 
what to do in the backend.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3374#discussion_r1799522708
You are receiving this because you are subscribed to this thread.

Message ID: ___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint