diff --git a/.gitignore b/.gitignore index 920eefa..d591383 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/librepo-1.10.3.tar.gz +SOURCES/librepo-1.11.0.tar.gz diff --git a/.librepo.metadata b/.librepo.metadata index 62ec408..77f8d67 100644 --- a/.librepo.metadata +++ b/.librepo.metadata @@ -1 +1 @@ -0f55637ac71b2f72f9ecd243ee3c220f6402f4af SOURCES/librepo-1.10.3.tar.gz +45b628df3c4a6b6a33674934db0c9b5219becb06 SOURCES/librepo-1.11.0.tar.gz diff --git a/SOURCES/0001-Create-a-directory-for-gpg-sockets-in-run-user-RhBug.patch b/SOURCES/0001-Create-a-directory-for-gpg-sockets-in-run-user-RhBug.patch new file mode 100644 index 0000000..1dd0f80 --- /dev/null +++ b/SOURCES/0001-Create-a-directory-for-gpg-sockets-in-run-user-RhBug.patch @@ -0,0 +1,109 @@ +From d474bcad3fdca0e009f24e11d927a3cdc7fd6a55 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Hr=C3=A1zk=C3=BD?= +Date: Wed, 27 Nov 2019 16:15:20 +0100 +Subject: [PATCH] Create a directory for gpg sockets in /run/user/ + (RhBug:1769831,1771012) + +The solution of sending the "KILLAGENT" message to gpgagent to make it +clean up its sockets in gpg home dir is causing a race condition with +the gpgme_release() function. + +Instead of trying to make the agent clean up its sockets (which doesn't +seem to be reliably possible), take advantage of its feature to create +the sockets under '/run/user/$UID' if this directory is present. The +sockets shouldn't be causing any trouble in this directory. + +The commit creates the '/run/user/$UID' directory if it's not present on +the system. The sockets are then created there. + +https://bugzilla.redhat.com/show_bug.cgi?id=1769831 +https://bugzilla.redhat.com/show_bug.cgi?id=1771012 +--- + librepo/gpg.c | 56 +++++++++++++++++++++++++-------------------------- + 1 file changed, 28 insertions(+), 28 deletions(-) + +diff --git a/librepo/gpg.c b/librepo/gpg.c +index a019015..a134d44 100644 +--- a/librepo/gpg.c ++++ b/librepo/gpg.c +@@ -32,28 +32,33 @@ + #include "util.h" + #include "gpg.h" + +-static void +-kill_gpg_agent(gpgme_ctx_t context, const char *home_dir) +-{ +- gpgme_error_t gpgerr; +- +- gpgerr = gpgme_set_protocol(context, GPGME_PROTOCOL_ASSUAN); +- if (gpgerr != GPG_ERR_NO_ERROR) { +- g_warning("%s: gpgme_set_protocol: %s", __func__, gpgme_strerror(gpgerr)); +- return; +- } +- if (home_dir) { +- gchar * gpg_agent_sock = g_build_filename(home_dir, "S.gpg-agent", NULL); +- gpgerr = gpgme_ctx_set_engine_info(context, GPGME_PROTOCOL_ASSUAN, gpg_agent_sock, home_dir); +- g_free(gpg_agent_sock); +- if (gpgerr != GPG_ERR_NO_ERROR) { +- g_warning("%s: gpgme_ctx_set_engine_info: %s", __func__, gpgme_strerror(gpgerr)); +- return; +- } ++/* ++ * Creates the '/run/user/$UID' directory if it doesn't exist. If this ++ * directory exists, gpgagent will create its sockets under ++ * '/run/user/$UID/gnupg'. ++ * ++ * If this directory doesn't exist, gpgagent will create its sockets in gpg ++ * home directory, which is under '/var/cache/yum/metadata/' and this was ++ * causing trouble with container images, see [1]. ++ * ++ * Previous solution was to send the agent a "KILLAGENT" message, but that ++ * would cause a race condition with calling gpgme_release(), see [2], [3]. ++ * ++ * Since the agent doesn't clean up its sockets properly, by creating this ++ * directory we make sure they are in a place that is not causing trouble with ++ * container images. ++ * ++ * [1] https://bugzilla.redhat.com/show_bug.cgi?id=1650266 ++ * [2] https://bugzilla.redhat.com/show_bug.cgi?id=1769831 ++ * [3] https://github.com/rpm-software-management/microdnf/issues/50 ++ */ ++void ensure_socket_dir_exists() { ++ char dirname[32]; ++ snprintf(dirname, sizeof(dirname), "/run/user/%u", getuid()); ++ int res = mkdir(dirname, 0700); ++ if (res != 0 && errno != EEXIST) { ++ g_debug("Failed to create \"%s\": %d - %s\n", dirname, errno, strerror(errno)); + } +- gpgerr = gpgme_op_assuan_transact_ext(context, "KILLAGENT", NULL, NULL, NULL, NULL, NULL, NULL, NULL); +- if (gpgerr != GPG_ERR_NO_ERROR) +- g_debug("%s: gpgme_op_assuan_transact_ext: %s", __func__, gpgme_strerror(gpgerr)); + } + + gboolean +@@ -239,6 +244,8 @@ lr_gpg_import_key(const char *key_fn, const char *home_dir, GError **err) + + assert(!err || *err == NULL); + ++ ensure_socket_dir_exists(); ++ + // Initialization + gpgme_check_version(NULL); + gpgerr = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP); +@@ -320,13 +327,6 @@ lr_gpg_import_key(const char *key_fn, const char *home_dir, GError **err) + + close(key_fd); + +- // Running gpg-agent kept opened sockets on the system. +- // It tries to exit gpg-agent. Path to the communication socket is derived from homedir. +- // The gpg-agent automaticaly removes all its socket before exit. +- // Newer gpg-agent creates sockets under [/var]/run/user/{pid}/... if directory exists. +- // In this case gpg-agent will not be exited. +- kill_gpg_agent(context, home_dir); +- + gpgme_release(context); + + return TRUE; +-- +2.24.0 + diff --git a/SOURCES/0001-Handle-webservers-that-dont-support-ranges-when-downloading-zck.patch b/SOURCES/0001-Handle-webservers-that-dont-support-ranges-when-downloading-zck.patch deleted file mode 100644 index f528c6b..0000000 --- a/SOURCES/0001-Handle-webservers-that-dont-support-ranges-when-downloading-zck.patch +++ /dev/null @@ -1,124 +0,0 @@ -From 614d7874bfa82cb19b328278590af0f99e1ec682 Mon Sep 17 00:00:00 2001 -From: Jonathan Dieter -Date: Fri, 14 Jun 2019 23:13:30 +0100 -Subject: [PATCH] Handle webservers that don't support ranges when downloading zck - -Make sure we fall back to downloading full zchunk file if a webserver -doesn't support ranges. - -Signed-off-by: Jonathan Dieter ---- - librepo/downloader.c | 37 ++++++++++++++++++++++++++----------- - librepo/downloadtarget.c | 1 + - librepo/downloadtarget.h | 4 ++++ - 3 files changed, 31 insertions(+), 11 deletions(-) - -diff --git a/librepo/downloader.c b/librepo/downloader.c -index 6189681..53161f7 100644 ---- a/librepo/downloader.c -+++ b/librepo/downloader.c -@@ -473,7 +473,7 @@ lr_headercb(void *ptr, size_t size, size_t nmemb, void *userdata) - } - - #ifdef WITH_ZCHUNK -- if(lrtarget->target->is_zchunk) -+ if(lrtarget->target->is_zchunk && lrtarget->mirror->max_ranges > 0) - return lr_zckheadercb(ptr, size, nmemb, userdata); - #endif /* WITH_ZCHUNK */ - -@@ -586,7 +586,7 @@ lr_writecb(char *ptr, size_t size, size_t nmemb, void *userdata) - size_t cur_written; - LrTarget *target = (LrTarget *) userdata; - #ifdef WITH_ZCHUNK -- if(target->target->is_zchunk) -+ if(target->target->is_zchunk && target->mirror->max_ranges > 0) - return lr_zck_writecb(ptr, size, nmemb, userdata); - #endif /* WITH_ZCHUNK */ - -@@ -1240,6 +1240,12 @@ check_zck(LrTarget *target, GError **err) - assert(!err || *err == NULL); - assert(target && target->f && target->target); - -+ if(target->mirror->max_ranges == 0) { -+ target->zck_state = LR_ZCK_DL_BODY; -+ target->target->expectedsize = target->target->origsize; -+ return TRUE; -+ } -+ - if(target->target->zck_dl == NULL) { - target->target->zck_dl = zck_dl_init(NULL); - if(target->target->zck_dl == NULL) { -@@ -2166,25 +2172,34 @@ check_transfer_statuses(LrDownload *dd, GError **err) - if (target->target->is_zchunk) { - zckCtx *zck = NULL; - if (target->zck_state == LR_ZCK_DL_HEADER) { -- if(!lr_zck_valid_header(target->target, target->target->path, -+ if(target->mirror->max_ranges > 0 && -+ !lr_zck_valid_header(target->target, target->target->path, - fd, &transfer_err)) - goto transfer_error; - } else if(target->zck_state == LR_ZCK_DL_BODY) { -- zckCtx *zck = zck_dl_get_zck(target->target->zck_dl); -- if(zck == NULL) { -- g_set_error(&transfer_err, LR_DOWNLOADER_ERROR, LRE_ZCK, -- "Unable to get zchunk file from download context"); -- goto transfer_error; -+ if(target->mirror->max_ranges > 0) { -+ zckCtx *zck = zck_dl_get_zck(target->target->zck_dl); -+ if(zck == NULL) { -+ g_set_error(&transfer_err, LR_DOWNLOADER_ERROR, LRE_ZCK, -+ "Unable to get zchunk file from download context"); -+ goto transfer_error; -+ } -+ if(zck_failed_chunks(zck) == 0 && zck_missing_chunks(zck) == 0) -+ target->zck_state = LR_ZCK_DL_FINISHED; -+ } else { -+ if(target->range_fail) { -+ target->range_fail = FALSE; -+ } else { -+ target->zck_state = LR_ZCK_DL_FINISHED; -+ } - } -- if(zck_failed_chunks(zck) == 0 && zck_missing_chunks(zck) == 0) -- target->zck_state = LR_ZCK_DL_FINISHED; - } - if(target->zck_state == LR_ZCK_DL_FINISHED) { - zck = lr_zck_init_read(target->target, target->target->path, fd, - &transfer_err); - if(!zck) - goto transfer_error; -- if(!zck_validate_checksums(zck)) { -+ if(zck_validate_checksums(zck) < 1) { - zck_free(&zck); - g_set_error(&transfer_err, LR_DOWNLOADER_ERROR, LRE_BADCHECKSUM, - "At least one of the zchunk checksums doesn't match in %s", -diff --git a/librepo/downloadtarget.c b/librepo/downloadtarget.c -index d20aa44..40c10f3 100644 ---- a/librepo/downloadtarget.c -+++ b/librepo/downloadtarget.c -@@ -100,6 +100,7 @@ lr_downloadtarget_new(LrHandle *handle, - target->fn = lr_string_chunk_insert(target->chunk, fn); - target->checksums = possiblechecksums; - target->expectedsize = expectedsize; -+ target->origsize = expectedsize; - target->resume = resume; - target->progresscb = progresscb; - target->cbdata = cbdata; -diff --git a/librepo/downloadtarget.h b/librepo/downloadtarget.h -index f4c1f26..c935219 100644 ---- a/librepo/downloadtarget.h -+++ b/librepo/downloadtarget.h -@@ -88,6 +88,10 @@ typedef struct { - gint64 expectedsize; /*!< - Expected size of the target */ - -+ gint64 origsize; /*!< -+ Original expected size of the target. Sometimes expectedsize will -+ change, especially if zchunk is in use, but this will never change */ -+ - gboolean resume; /*!< - Resume: - 0 - no resume, download whole file, --- -libgit2 0.28.2 - diff --git a/SOURCES/0002-Define-LRO_SUPPORTS_CACHEDIR-only-with-zchunk-RhBug17261411719830.patch b/SOURCES/0002-Define-LRO_SUPPORTS_CACHEDIR-only-with-zchunk-RhBug17261411719830.patch deleted file mode 100644 index 97b933d..0000000 --- a/SOURCES/0002-Define-LRO_SUPPORTS_CACHEDIR-only-with-zchunk-RhBug17261411719830.patch +++ /dev/null @@ -1,28 +0,0 @@ -From ab99b7c51f18eb5e11b4350024f05f9c5b3795e6 Mon Sep 17 00:00:00 2001 -From: Jaroslav Mracek -Date: Tue, 2 Jul 2019 18:32:38 +0200 -Subject: [PATCH] Define LRO_SUPPORTS_CACHEDIR only with zchunk (RhBug:1726141,1719830) - ---- - librepo/handle.h | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/librepo/handle.h b/librepo/handle.h -index 48fdac6..96ac027 100644 ---- a/librepo/handle.h -+++ b/librepo/handle.h -@@ -37,9 +37,11 @@ G_BEGIN_DECLS - */ - typedef struct _LrHandle LrHandle; - -+#ifdef WITH_ZCHUNK - /** Define LRO_SUPPORTS_CACHEDIR so clients can check for this feature at build - * time */ - #define LRO_SUPPORTS_CACHEDIR -+#endif /* WITH_ZCHUNK */ - - /** LRO_FASTESTMIRRORMAXAGE default value */ - #define LRO_FASTESTMIRRORMAXAGE_DEFAULT 2592000L // 30 days --- -libgit2 0.27.8 - diff --git a/SOURCES/0003-Fix-Verification-of-checksum-from-file-attr.patch b/SOURCES/0003-Fix-Verification-of-checksum-from-file-attr.patch deleted file mode 100644 index fb9fefa..0000000 --- a/SOURCES/0003-Fix-Verification-of-checksum-from-file-attr.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 54e905450e53ed9b21a4737a41a4550958570067 Mon Sep 17 00:00:00 2001 -From: Jaroslav Rohel -Date: Thu, 5 Sep 2019 13:36:41 +0200 -Subject: [PATCH] Fix: Verification of checksum from file attr - -Related to https://bugzilla.redhat.com/show_bug.cgi?id=1700341 - -File copy could result in change in file attributes where -null-terminators are stripped out. The new code does not relly on it. ---- - librepo/checksum.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/librepo/checksum.c b/librepo/checksum.c -index 006a7fc..5d164eb 100644 ---- a/librepo/checksum.c -+++ b/librepo/checksum.c -@@ -221,18 +221,20 @@ lr_checksum_fd_compare(LrChecksumType type, - // Load cached checksum if enabled and used - struct stat st; - if (fstat(fd, &st) == 0) { -- ssize_t attr_ret; - _cleanup_free_ gchar *key = NULL; - char buf[256]; - - key = g_strdup_printf("user.Zif.MdChecksum[%llu]", - (unsigned long long) st.st_mtime); -- attr_ret = fgetxattr(fd, key, &buf, 256); -- if (attr_ret != -1) { -+ ssize_t attr_size = fgetxattr(fd, key, &buf, sizeof(buf)); -+ if (attr_size != -1) { - // Cached checksum found - g_debug("%s: Using checksum cached in xattr: [%s] %s", - __func__, key, buf); -- *matches = strcmp(expected, buf) ? FALSE : TRUE; -+ size_t expected_len = strlen(expected); -+ // xattr may contain null terminator (+1 byte) -+ *matches = (attr_size == expected_len || attr_size == expected_len + 1) && -+ memcmp(expected, buf, attr_size) == 0; - return TRUE; - } - } --- -2.21.0 - diff --git a/SPECS/librepo.spec b/SPECS/librepo.spec index c8a789d..1a8435f 100644 --- a/SPECS/librepo.spec +++ b/SPECS/librepo.spec @@ -26,16 +26,14 @@ %global dnf_conflict 2.8.8 Name: librepo -Version: 1.10.3 -Release: 3%{?dist} +Version: 1.11.0 +Release: 2%{?dist} Summary: Repodata downloading library License: LGPLv2+ URL: https://github.com/rpm-software-management/librepo Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz -Patch0: 0001-Handle-webservers-that-dont-support-ranges-when-downloading-zck.patch -Patch1: 0002-Define-LRO_SUPPORTS_CACHEDIR-only-with-zchunk-RhBug17261411719830.patch -Patch2: 0003-Fix-Verification-of-checksum-from-file-attr.patch +Patch0: 0001-Create-a-directory-for-gpg-sockets-in-run-user-RhBug.patch BuildRequires: cmake BuildRequires: gcc @@ -192,6 +190,25 @@ popd %endif %changelog +* Fri Dec 06 2019 Lukas Hrazky - 1.11.0-2 + - Create a directory for gpg sockets in /run/user/ (RhBug:1769831,1771012) + +* Tue Nov 12 2019 Ales Matej - 1.11.0-1 + - Update to 1.11.0 + - Retry mirrorlist/metalink downloads several times (RhBug:1741931) + - Improve variable substitutions in URLs and add ${variable} support + +* Tue Oct 22 2019 Ales Matej - 1.10.6-1 +- Update to 1.10.6 +- Imporove handling of xattr to re-download damadged files (RhBug:1690894) +- Rephrase repository GPG check error message (RhBug:1741442) +- Add sleep before next try when all mirrors were tried (RhBug:1741931) +- Raise logging level of error messages (RhBug:1737709) +- Handle webservers that don't support ranges when downloading zck +- Define LRO_SUPPORTS_CACHEDIR only with zchunk (RhBug:1726141) +- Allow to use mirrors multiple times for a target (RhBug:1678588) +- Allow to try baseurl multiple times (RhBug:1678588) + * Fri Sep 06 2019 Marek Blaha - 1.10.3-3 - Backport patch: Fix: Verification of checksum from file attr