diff --git a/.gitignore b/.gitignore index bb3b302..d5eca14 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/librepo-1.12.0.tar.gz +SOURCES/librepo-1.14.0.tar.gz diff --git a/.librepo.metadata b/.librepo.metadata index 7d9c0bf..fcd9ed5 100644 --- a/.librepo.metadata +++ b/.librepo.metadata @@ -1 +1 @@ -1981d485743337c93d2b098920e5f738bd41fdc9 SOURCES/librepo-1.12.0.tar.gz +b09cf9ac3751e3c513e1c30a527d1a5e460853b7 SOURCES/librepo-1.14.0.tar.gz diff --git a/SOURCES/0001-Recover-from-fsync-fail-on-read-only-filesystem-RhBu.patch b/SOURCES/0001-Recover-from-fsync-fail-on-read-only-filesystem-RhBu.patch new file mode 100644 index 0000000..637f081 --- /dev/null +++ b/SOURCES/0001-Recover-from-fsync-fail-on-read-only-filesystem-RhBu.patch @@ -0,0 +1,44 @@ +From 33be80700bc594f34818ce697493c17e70430390 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= +Date: Mon, 17 May 2021 08:50:25 +0200 +Subject: [PATCH] Recover from fsync fail on read-only filesystem + (RhBug:1956361) + +When `fsync` fails due to the file not supporting synchronization just log +the problem instead of failing the whole dnf run. This happens for +example with filesystems mounted read-only in which case there is no +point to `fsync` anyway. + +Currently we also ignore return values from `FSETXATTR` which also fails +on read-only filesystem (so no checksum cache is set). This is fine however +since the checksum is recomputed when needed, dnf is just a bit slower. + +https://bugzilla.redhat.com/show_bug.cgi?id=1956361 +--- + librepo/checksum.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/librepo/checksum.c b/librepo/checksum.c +index db37040..6bba53c 100644 +--- a/librepo/checksum.c ++++ b/librepo/checksum.c +@@ -266,9 +266,13 @@ lr_checksum_fd_compare(LrChecksumType type, + *matches = (strcmp(expected, checksum)) ? FALSE : TRUE; + + if (fsync(fd) != 0) { +- g_set_error(err, LR_CHECKSUM_ERROR, LRE_FILE, +- "fsync failed: %s", strerror(errno)); +- return FALSE; ++ if (errno == EROFS || errno == EINVAL) { ++ g_debug("fsync failed: %s", strerror(errno)); ++ } else { ++ g_set_error(err, LR_CHECKSUM_ERROR, LRE_FILE, ++ "fsync failed: %s", strerror(errno)); ++ return FALSE; ++ } + } + + if (caching && *matches && timestamp != -1) { +-- +2.31.1 + diff --git a/SOURCES/0001-Validate-path-read-from-repomd.xml-RhBug-1866498.patch b/SOURCES/0001-Validate-path-read-from-repomd.xml-RhBug-1866498.patch deleted file mode 100644 index aeb2858..0000000 --- a/SOURCES/0001-Validate-path-read-from-repomd.xml-RhBug-1866498.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 699d3ee7b8968b5586ceb53e07d678e702735609 Mon Sep 17 00:00:00 2001 -From: Jaroslav Rohel -Date: Wed, 12 Aug 2020 08:35:28 +0200 -Subject: [PATCH] Validate path read from repomd.xml - ---- - librepo/yum.c | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/librepo/yum.c b/librepo/yum.c -index 3059188..529257b 100644 ---- a/librepo/yum.c -+++ b/librepo/yum.c -@@ -23,6 +23,7 @@ - #define BITS_IN_BYTE 8 - - #include -+#include - #include - #include - #include -@@ -770,6 +771,22 @@ prepare_repo_download_targets(LrHandle *handle, - continue; - - char *location_href = record->location_href; -+ -+ char *dest_dir = realpath(handle->destdir, NULL); -+ path = lr_pathconcat(handle->destdir, record->location_href, NULL); -+ char *requested_dir = realpath(dirname(path), NULL); -+ lr_free(path); -+ if (!g_str_has_prefix(requested_dir, dest_dir)) { -+ g_debug("%s: Invalid path: %s", __func__, location_href); -+ g_set_error(err, LR_YUM_ERROR, LRE_IO, "Invalid path: %s", location_href); -+ g_slist_free_full(*targets, (GDestroyNotify) lr_downloadtarget_free); -+ free(requested_dir); -+ free(dest_dir); -+ return FALSE; -+ } -+ free(requested_dir); -+ free(dest_dir); -+ - gboolean is_zchunk = FALSE; - #ifdef WITH_ZCHUNK - if (handle->cachedir && record->header_checksum) --- -2.28.0 - diff --git a/SOURCES/0002-Add-support-for-pkcs11-certificate-and-key-for-repos.patch b/SOURCES/0002-Add-support-for-pkcs11-certificate-and-key-for-repos.patch deleted file mode 100644 index d4ab6f5..0000000 --- a/SOURCES/0002-Add-support-for-pkcs11-certificate-and-key-for-repos.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 1e7673d07308081f13e7bb1829cfed2ccd865ea0 Mon Sep 17 00:00:00 2001 -From: Masahiro Matsuya -Date: Fri, 13 Nov 2020 17:37:59 +0100 -Subject: [PATCH] Add support for pkcs11 certificate and key for repository - authorization - -msg: Add support for pkcs11 certificate and key for repository authorization -type: enhancement -resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1859495 ---- - librepo/handle.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/librepo/handle.c b/librepo/handle.c -index d8728c4..33edf5d 100644 ---- a/librepo/handle.c -+++ b/librepo/handle.c -@@ -649,6 +649,9 @@ lr_handle_setopt(LrHandle *handle, - lr_free(handle->sslclientcert); - handle->sslclientcert = g_strdup(va_arg(arg, char *)); - c_rc = curl_easy_setopt(c_h, CURLOPT_SSLCERT, handle->sslclientcert); -+ if (c_rc == CURLE_OK && handle->sslclientcert && !strncasecmp(handle->sslclientcert, "pkcs11:", 7)) { -+ c_rc = curl_easy_setopt(c_h, CURLOPT_SSLCERTTYPE, "ENG"); -+ } - break; - - case LRO_SSLCLIENTKEY: -@@ -656,6 +659,9 @@ lr_handle_setopt(LrHandle *handle, - lr_free(handle->sslclientkey); - handle->sslclientkey = g_strdup(va_arg(arg, char *)); - c_rc = curl_easy_setopt(c_h, CURLOPT_SSLKEY, handle->sslclientkey); -+ if (c_rc == CURLE_OK && handle->sslclientkey && !strncasecmp(handle->sslclientkey, "pkcs11:", 7)) { -+ c_rc = curl_easy_setopt(c_h, CURLOPT_SSLKEYTYPE, "ENG"); -+ } - break; - - case LRO_SSLCACERT: --- -2.26.2 - diff --git a/SPECS/librepo.spec b/SPECS/librepo.spec index 4ed5503..08cc06b 100644 --- a/SPECS/librepo.spec +++ b/SPECS/librepo.spec @@ -1,21 +1,6 @@ -%global libcurl_version 7.28.0 +%global libcurl_version 7.52.0 -%if 0%{?rhel} && 0%{?rhel} <= 7 -# Do not build bindings for python3 for RHEL <= 7 -%bcond_with python3 -# python-flask is not in RHEL7 -%bcond_with pythontests -%else -%bcond_without python3 -%bcond_without pythontests -%endif - -%if 0%{?rhel} > 7 || 0%{?fedora} > 29 -# Do not build bindings for python2 for RHEL > 7 and Fedora > 29 -%bcond_with python2 -%else -%bcond_without python2 -%endif +%undefine __cmake_in_source_build %if 0%{?rhel} %bcond_with zchunk @@ -26,16 +11,15 @@ %global dnf_conflict 2.8.8 Name: librepo -Version: 1.12.0 -Release: 3%{?dist} +Version: 1.14.0 +Release: 2%{?dist} Summary: Repodata downloading library License: LGPLv2+ URL: https://github.com/rpm-software-management/librepo Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz -Patch1: 0001-Validate-path-read-from-repomd.xml-RhBug-1866498.patch -Patch2: 0002-Add-support-for-pkcs11-certificate-and-key-for-repos.patch +Patch1: 0001-Recover-from-fsync-fail-on-read-only-filesystem-RhBu.patch BuildRequires: cmake BuildRequires: gcc @@ -64,48 +48,14 @@ Requires: %{name}%{?_isa} = %{version}-%{release} %description devel Development files for librepo. -%if %{with python2} -%package -n python2-%{name} -Summary: Python bindings for the librepo library -%{?python_provide:%python_provide python2-%{name}} -%if 0%{?rhel} && 0%{?rhel} <= 7 -BuildRequires: python-sphinx -%else -BuildRequires: python2-sphinx -%endif -BuildRequires: python2-devel -%if %{with pythontests} -BuildRequires: python2-flask -BuildRequires: python2-nose -BuildRequires: python2-requests -%if (0%{?rhel} && 0%{?rhel} <= 7) -BuildRequires: pyxattr -BuildRequires: pygpgme -%else -BuildRequires: python2-pyxattr -BuildRequires: python2-gpg -%endif -%endif -# endif with pythontests -Requires: %{name}%{?_isa} = %{version}-%{release} -Conflicts: python2-dnf < %{dnf_conflict} - -%description -n python2-%{name} -Python 2 bindings for the librepo library. -%endif - -%if %{with python3} %package -n python3-%{name} Summary: Python 3 bindings for the librepo library %{?python_provide:%python_provide python3-%{name}} BuildRequires: python3-devel -%if %{with pythontests} BuildRequires: python3-gpg BuildRequires: python3-flask -BuildRequires: python3-nose BuildRequires: python3-pyxattr BuildRequires: python3-requests -%endif BuildRequires: python3-sphinx Requires: %{name}%{?_isa} = %{version}-%{release} # Obsoletes Fedora 27 package @@ -114,56 +64,19 @@ Conflicts: python3-dnf < %{dnf_conflict} %description -n python3-%{name} Python 3 bindings for the librepo library. -%endif %prep %autosetup -p1 -mkdir build-py2 -mkdir build-py3 - %build -%if %{with python2} -pushd build-py2 - %cmake -DPYTHON_DESIRED:FILEPATH=%{__python2} %{!?with_zchunk:-DWITH_ZCHUNK=OFF} -DENABLE_PYTHON_TESTS=%{?with_pythontests:ON}%{!?with_pythontests:OFF} .. - %make_build -popd -%endif - -%if %{with python3} -pushd build-py3 - %cmake -DPYTHON_DESIRED:FILEPATH=%{__python3} %{!?with_zchunk:-DWITH_ZCHUNK=OFF} -DENABLE_PYTHON_TESTS=%{?with_pythontests:ON}%{!?with_pythontests:OFF} .. - %make_build -popd -%endif +%cmake %{!?with_zchunk:-DWITH_ZCHUNK=OFF} +%cmake_build %check -%if %{with python2} -pushd build-py2 - #ctest -VV - make ARGS="-V" test -popd -%endif - -%if %{with python3} -pushd build-py3 - #ctest -VV - make ARGS="-V" test -popd -%endif +%ctest %install -%if %{with python2} -pushd build-py2 - %make_install -popd -%endif - -%if %{with python3} -pushd build-py3 - %make_install -popd -%endif +%cmake_install %if 0%{?rhel} && 0%{?rhel} <= 7 %post -p /sbin/ldconfig @@ -182,17 +95,23 @@ popd %{_libdir}/pkgconfig/%{name}.pc %{_includedir}/%{name}/ -%if %{with python2} -%files -n python2-%{name} -%{python2_sitearch}/%{name}/ -%endif - -%if %{with python3} %files -n python3-%{name} %{python3_sitearch}/%{name}/ -%endif %changelog +* Fri Jun 25 2021 Marek Blaha - 1.14.0-2 +- Recover from fsync fail on read-only filesystem (RhBug:1956361) + +* Fri Apr 30 2021 Pavla Kratochvilova - 1.14.0-1 +- Update to 1.14.0 +- Fix the key string parsing in url_substitution +- When zchunk enabled and not using HTTP/S protocol, download the whole file (RhBug:1886706) +- Add an option LRO_SSLVERIFYSTATUS to check TLS certificate revocation status (using OCSP stapling) (RhBug:1814383) +- Fix: lr_perform() - Avoid 100% CPU usage +- Add support for working with certificates used with proxy +- Reposync does not re-download unchanged packages (RhBug:1931904) +- Fix memory leaks + * Tue Dec 15 2020 Marek Blaha - 1.12.0-3 - Add support for pkcs11 certificate and key for repository authorization (RhBug:1859495)