diff --git a/SOURCES/rpm-4.14.3-fapolicyd-make-write-nonblocking.patch b/SOURCES/rpm-4.14.3-fapolicyd-make-write-nonblocking.patch new file mode 100644 index 0000000..343bd02 --- /dev/null +++ b/SOURCES/rpm-4.14.3-fapolicyd-make-write-nonblocking.patch @@ -0,0 +1,167 @@ +From 534fd1f0c84b12ba6080a46e07c57ef913c77cba Mon Sep 17 00:00:00 2001 +From: Radovan Sroka +Date: Thu, 25 Aug 2022 15:38:01 +0200 +Subject: [PATCH] fapolicyd: Make write() nonblocking + +- switch to read only and non blocking mode for pipe +- add 1 minute loop to wait for pipe to reappear + +Sometimes during the system update/upgrade fapolicyd +get restarted e.g. when systemd gets updated. +That can lead to the situation where fapolicyd pipe +has been removed and created again. +In such cases rpm-plugin-fapolicyd gets stuck on +write() to the pipe which does not exist anymore. +After switching to non blocking file descriptor +we can try to reopen the pipe if there is an error +from write(). Assuming that a new pipe should appear +when fapolicyd daemon starts again. +If not then after 1 minute of waiting we expect +fapolicyd daemon to be not active and we let the +transaction continue. + +Signed-off-by: Radovan Sroka +--- + plugins/fapolicyd.c | 74 +++++++++++++++++++++++++++++++++++++++------ + 1 file changed, 65 insertions(+), 9 deletions(-) + +diff --git a/plugins/fapolicyd.c b/plugins/fapolicyd.c +index 1ff50c30f..6c6322941 100644 +--- a/plugins/fapolicyd.c ++++ b/plugins/fapolicyd.c +@@ -27,7 +27,7 @@ static rpmRC open_fifo(struct fapolicyd_data* state) + int fd = -1; + struct stat s; + +- fd = open(state->fifo_path, O_RDWR); ++ fd = open(state->fifo_path, O_WRONLY|O_NONBLOCK); + if (fd == -1) { + rpmlog(RPMLOG_DEBUG, "Open: %s -> %s\n", state->fifo_path, strerror(errno)); + goto bad; +@@ -55,15 +55,26 @@ static rpmRC open_fifo(struct fapolicyd_data* state) + } + + state->fd = fd; ++ + /* considering success */ + return RPMRC_OK; + + bad: + if (fd >= 0) + close(fd); ++ ++ state->fd = -1; + return RPMRC_FAIL; + } + ++static void close_fifo(struct fapolicyd_data* state) ++{ ++ if (state->fd > 0) ++ (void) close(state->fd); ++ ++ state->fd = -1; ++} ++ + static rpmRC write_fifo(struct fapolicyd_data* state, const char * str) + { + ssize_t len = strlen(str); +@@ -86,6 +97,54 @@ static rpmRC write_fifo(struct fapolicyd_data* state, const char * str) + return RPMRC_FAIL; + } + ++static void try_to_write_to_fifo(struct fapolicyd_data* state, const char * str) ++{ ++ int reload = 0; ++ int printed = 0; ++ ++ /* 1min/60s */ ++ const int timeout = 60; ++ ++ /* wait up to X seconds */ ++ for (int i = 0; i < timeout; i++) { ++ ++ if (reload) { ++ if (!printed) { ++ rpmlog(RPMLOG_WARNING, "rpm-plugin-fapolicyd: waiting for the service connection to resume, it can take up to %d seconds\n", timeout); ++ printed = 1; ++ } ++ ++ (void) close_fifo(state); ++ (void) open_fifo(state); ++ } ++ ++ if (state->fd >= 0) { ++ if (write_fifo(state, str) == RPMRC_OK) { ++ ++ /* write was successful after few reopens */ ++ if (reload) ++ rpmlog(RPMLOG_WARNING, "rpm-plugin-fapolicyd: the service connection has resumed\n"); ++ ++ break; ++ } ++ } ++ ++ /* failed write or reopen */ ++ reload = 1; ++ sleep(1); ++ ++ /* the last iteration */ ++ /* consider failure */ ++ if (i == timeout-1) { ++ rpmlog(RPMLOG_WARNING, "rpm-plugin-fapolicyd: the service connection has not resumed\n"); ++ rpmlog(RPMLOG_WARNING, "rpm-plugin-fapolicyd: continuing without the service\n"); ++ } ++ ++ } ++ ++} ++ ++ + static rpmRC fapolicyd_init(rpmPlugin plugin, rpmts ts) + { + if (rpmtsFlags(ts) & (RPMTRANS_FLAG_TEST|RPMTRANS_FLAG_BUILD_PROBS)) +@@ -102,10 +161,7 @@ static rpmRC fapolicyd_init(rpmPlugin plugin, rpmts ts) + + static void fapolicyd_cleanup(rpmPlugin plugin) + { +- if (fapolicyd_state.fd > 0) +- (void) close(fapolicyd_state.fd); +- +- fapolicyd_state.fd = -1; ++ (void) close_fifo(&fapolicyd_state); + } + + static rpmRC fapolicyd_tsm_post(rpmPlugin plugin, rpmts ts, int res) +@@ -116,9 +172,9 @@ static rpmRC fapolicyd_tsm_post(rpmPlugin plugin, rpmts ts, int res) + /* we are ready */ + if (fapolicyd_state.fd > 0) { + /* send a signal that transaction is over */ +- (void) write_fifo(&fapolicyd_state, "1\n"); ++ (void) try_to_write_to_fifo(&fapolicyd_state, "1\n"); + /* flush cache */ +- (void) write_fifo(&fapolicyd_state, "2\n"); ++ (void) try_to_write_to_fifo(&fapolicyd_state, "2\n"); + } + + end: +@@ -133,7 +189,7 @@ static rpmRC fapolicyd_scriptlet_pre(rpmPlugin plugin, const char *s_name, + + if (fapolicyd_state.changed_files > 0) { + /* send signal to flush cache */ +- (void) write_fifo(&fapolicyd_state, "2\n"); ++ (void) try_to_write_to_fifo(&fapolicyd_state, "2\n"); + + /* optimize flushing */ + /* flush only when there was an actual change */ +@@ -176,7 +232,7 @@ static rpmRC fapolicyd_fsm_file_prepare(rpmPlugin plugin, rpmfi fi, + char * sha = rpmfiFDigestHex(fi, NULL); + + snprintf(buffer, 4096, "%s %lu %64s\n", dest, size, sha); +- (void) write_fifo(&fapolicyd_state, buffer); ++ (void) try_to_write_to_fifo(&fapolicyd_state, buffer); + + free(sha); + +-- +2.37.3 + diff --git a/SOURCES/rpm-4.14.3-rpm2archive-Don-t-print-usage.patch b/SOURCES/rpm-4.14.3-rpm2archive-Don-t-print-usage.patch new file mode 100644 index 0000000..ff9d1a3 --- /dev/null +++ b/SOURCES/rpm-4.14.3-rpm2archive-Don-t-print-usage.patch @@ -0,0 +1,29 @@ +From fe274b8f965582fdf97e6c46f90b9e7c124b0b8b Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Fri, 16 Dec 2022 15:50:12 +0100 +Subject: [PATCH] rpm2archive: Don't print usage on no arguments + +given as we want to default to reading from stdin and writing to stdout in +that case. +--- + rpm2archive.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/rpm2archive.c b/rpm2archive.c +index 09da8d16b..53f047f58 100644 +--- a/rpm2archive.c ++++ b/rpm2archive.c +@@ -241,10 +241,6 @@ int main(int argc, const char *argv[]) + exit(EXIT_FAILURE); + } + } +- if (argc < 2 || poptGetNextOpt(optCon) == 0) { +- poptPrintUsage(optCon, stderr, 0); +- exit(EXIT_FAILURE); +- } + + rpmts ts = rpmtsCreate(); + rpmVSFlags vsflags = 0; +-- +2.38.1 + diff --git a/SOURCES/rpm-4.14.3-rpm2archive-nocompression.patch b/SOURCES/rpm-4.14.3-rpm2archive-nocompression.patch new file mode 100644 index 0000000..92c84ae --- /dev/null +++ b/SOURCES/rpm-4.14.3-rpm2archive-nocompression.patch @@ -0,0 +1,138 @@ +From d8a169164cf40fc1cf6448792c1fa991f19bb375 Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Thu, 22 Apr 2021 14:50:34 +0200 +Subject: [PATCH] Add --nocompression option to rpm2archive + +Also use popt for the command line handling. As we are using librpm +anyway there is no reason to keep the dependencies low (as with +rpm2cpio). + +Resolves: #1530 +--- + doc/rpm2archive.8 | 16 ++++++++++--- + rpm2archive.c | 60 ++++++++++++++++++++++++++++++++++------------- + 2 files changed, 57 insertions(+), 19 deletions(-) + +diff --git a/rpm2archive.c b/rpm2archive.c +index d96db006ea..cb39c7a712 100644 +--- a/rpm2archive.c ++++ b/rpm2archive.c +@@ -10,6 +10,8 @@ + + #include + ++#include ++ + #include + #include + #include +@@ -18,6 +20,16 @@ + + #define BUFSIZE (128*1024) + ++int compress = 1; ++ ++static struct poptOption optionsTable[] = { ++ { "nocompression", 'n', POPT_ARG_VAL, &compress, 0, ++ N_("create uncompressed tar file"), ++ NULL }, ++ POPT_AUTOHELP ++ POPT_TABLEEND ++}; ++ + static void fill_archive_entry(struct archive * a, struct archive_entry * entry, rpmfi fi) + { + archive_entry_clear(entry); +@@ -60,7 +72,7 @@ static void write_file_content(struct archive * a, char * buf, rpmfi fi) + } + } + +-static int process_package(rpmts ts, char * filename) ++static int process_package(rpmts ts, const char * filename) + { + FD_t fdi; + FD_t gzdi; +@@ -119,9 +131,11 @@ static int process_package(rpmts ts, char * filename) + + /* create archive */ + a = archive_write_new(); +- if (archive_write_add_filter_gzip(a) != ARCHIVE_OK) { +- fprintf(stderr, "Error: Could not create gzip output filter\n"); +- exit(EXIT_FAILURE); ++ if (compress) { ++ if (archive_write_add_filter_gzip(a) != ARCHIVE_OK) { ++ fprintf(stderr, "%s\n", archive_error_string(a)); ++ exit(EXIT_FAILURE); ++ } + } + if (archive_write_set_format_pax_restricted(a) != ARCHIVE_OK) { + fprintf(stderr, "Error: Format pax restricted is not supported\n"); +@@ -142,7 +156,12 @@ static int process_package(rpmts ts, char * filename) + } + archive_write_open_fd(a, STDOUT_FILENO); + } else { +- char * outname = rstrscat(NULL, filename, ".tgz", NULL); ++ char * outname = rstrscat(NULL, filename, NULL); ++ if (compress) { ++ outname = rstrscat(&outname, ".tgz", NULL); ++ } else { ++ outname = rstrscat(&outname, ".tar", NULL); ++ } + if (archive_write_open_filename(a, outname) != ARCHIVE_OK) { + fprintf(stderr, "Error: Can't open output file: %s\n", outname); + exit(EXIT_FAILURE); +@@ -203,21 +222,22 @@ static int process_package(rpmts ts, char * filename) + return rc; + } + +-int main(int argc, char *argv[]) ++int main(int argc, const char *argv[]) + { +- int rc = 0, i; ++ int rc = 0; ++ poptContext optCon; ++ const char *fn; + + xsetprogname(argv[0]); /* Portability call -- see system.h */ + rpmReadConfigFiles(NULL, NULL); + +- if (argc > 1 && (rstreq(argv[1], "-h") || rstreq(argv[1], "--help"))) { +- fprintf(stderr, "Usage: %s [file.rpm ...]\n", argv[0]); ++ optCon = poptGetContext(NULL, argc, argv, optionsTable, 0); ++ poptSetOtherOptionHelp(optCon, "[OPTIONS]* "); ++ if (argc < 2 || poptGetNextOpt(optCon) == 0) { ++ poptPrintUsage(optCon, stderr, 0); + exit(EXIT_FAILURE); + } + +- if (argc == 1) +- argv[argc++] = "-"; /* abuse NULL pointer at the end of argv */ +- + rpmts ts = rpmtsCreate(); + rpmVSFlags vsflags = 0; + +@@ -227,13 +247,21 @@ int main(int argc, char *argv[]) + vsflags |= RPMVSF_NOHDRCHK; + (void) rpmtsSetVSFlags(ts, vsflags); + +- for (i = 1; i < argc; i++) { ++ /* if no file name is given use stdin/stdout */ ++ if (!poptPeekArg(optCon)) { ++ rc = process_package(ts, "-"); ++ if (rc != 0) ++ goto exit; ++ } + +- rc = process_package(ts, argv[i]); ++ while ((fn = poptGetArg(optCon)) != NULL) { ++ rc = process_package(ts, fn); + if (rc != 0) +- return rc; ++ goto exit; + } + ++ exit: ++ poptFreeContext(optCon); + (void) rpmtsFree(ts); + return rc; + } diff --git a/SOURCES/rpm-4.14.3-rpm2archive-parse-popt-options.patch b/SOURCES/rpm-4.14.3-rpm2archive-parse-popt-options.patch new file mode 100644 index 0000000..0170c35 --- /dev/null +++ b/SOURCES/rpm-4.14.3-rpm2archive-parse-popt-options.patch @@ -0,0 +1,36 @@ +From 8f416b275a365426b07c75adfc017e0b18a85450 Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Fri, 16 Dec 2022 15:45:20 +0100 +Subject: [PATCH] rpm2archive: Properly parse popt options + +and issue an error message for unknown options. Before unknown options +could mess up the argument parsing leading to reading and writing from +stdin/stdout. + +Thanks to Eva Mrakova and the Red Hat QE team for spotting this! +--- + rpm2archive.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/rpm2archive.c b/rpm2archive.c +index de1a17d2b..09da8d16b 100644 +--- a/rpm2archive.c ++++ b/rpm2archive.c +@@ -233,6 +233,14 @@ int main(int argc, const char *argv[]) + + optCon = poptGetContext(NULL, argc, argv, optionsTable, 0); + poptSetOtherOptionHelp(optCon, "[OPTIONS]* "); ++ while ((rc = poptGetNextOpt(optCon)) != -1) { ++ if (rc < 0) { ++ fprintf(stderr, "%s: %s\n", ++ poptBadOption(optCon, POPT_BADOPTION_NOALIAS), ++ poptStrerror(rc)); ++ exit(EXIT_FAILURE); ++ } ++ } + if (argc < 2 || poptGetNextOpt(optCon) == 0) { + poptPrintUsage(optCon, stderr, 0); + exit(EXIT_FAILURE); +-- +2.38.1 + diff --git a/SOURCES/rpm-4.16.1.3-rpm2archive-error-handling.patch b/SOURCES/rpm-4.16.1.3-rpm2archive-error-handling.patch new file mode 100644 index 0000000..4a8a6f5 --- /dev/null +++ b/SOURCES/rpm-4.16.1.3-rpm2archive-error-handling.patch @@ -0,0 +1,51 @@ +From f1634250587479d664b34b6de1a6546b2c2b9de5 Mon Sep 17 00:00:00 2001 +From: Florian Festi +Date: Mon, 18 Jan 2021 15:02:34 +0100 +Subject: [PATCH] rpm2archive: Add more error handling + +Cleanly error out if file can't be written instead of segfaulting + +Resolves: #1091 +--- + rpm2archive.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/rpm2archive.c b/rpm2archive.c +index 646f1663d..15c5da016 100644 +--- a/rpm2archive.c ++++ b/rpm2archive.c +@@ -119,9 +119,14 @@ static int process_package(rpmts ts, char * filename) + + /* create archive */ + a = archive_write_new(); +- archive_write_add_filter_gzip(a); +- archive_write_set_format_pax_restricted(a); +- ++ if (archive_write_add_filter_gzip(a) != ARCHIVE_OK) { ++ fprintf(stderr, "Error: Could not create gzip output filter\n"); ++ exit(EXIT_FAILURE); ++ } ++ if (archive_write_set_format_pax_restricted(a) != ARCHIVE_OK) { ++ fprintf(stderr, "Error: Format pax restricted is not supported\n"); ++ exit(EXIT_FAILURE); ++ } + if (!strcmp(filename, "-")) { + if (isatty(STDOUT_FILENO)) { + fprintf(stderr, "Error: refusing to output archive data to a terminal.\n"); +@@ -130,9 +135,11 @@ static int process_package(rpmts ts, char * filename) + archive_write_open_fd(a, STDOUT_FILENO); + } else { + char * outname = rstrscat(NULL, filename, ".tgz", NULL); +- archive_write_open_filename(a, outname); ++ if (archive_write_open_filename(a, outname) != ARCHIVE_OK) { ++ fprintf(stderr, "Error: Can't open output file: %s\n", outname); ++ exit(EXIT_FAILURE); ++ } + _free(outname); +- // XXX error handling + } + + entry = archive_entry_new(); +-- +2.38.1 + diff --git a/SPECS/rpm.spec b/SPECS/rpm.spec index d2e8994..f235765 100644 --- a/SPECS/rpm.spec +++ b/SPECS/rpm.spec @@ -32,7 +32,7 @@ %global rpmver 4.14.3 #global snapver rc2 -%global rel 23 +%global rel 26 %global srcver %{version}%{?snapver:-%{snapver}} %global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x} @@ -114,6 +114,11 @@ Patch160: rpm-4.14.3-macroize-find-debuginfo-script-location.patch Patch161: rpm-4.14.3-validate-and-require-subkey-binding-sigs.patch Patch162: rpm-4.14.3-fix-spurious-transfiletriggerpostun-execution.patch Patch163: rpm-4.14.3-skip-recorded-symlinks-in-setperms.patch +Patch164: rpm-4.14.3-fapolicyd-make-write-nonblocking.patch +Patch165: rpm-4.16.1.3-rpm2archive-error-handling.patch +Patch166: rpm-4.14.3-rpm2archive-nocompression.patch +Patch167: rpm-4.14.3-rpm2archive-parse-popt-options.patch +Patch168: rpm-4.14.3-rpm2archive-Don-t-print-usage.patch # Python 3 string API sanity Patch500: 0001-In-Python-3-return-all-our-string-data-as-surrogate-.patch @@ -694,6 +699,12 @@ make check || cat tests/rpmtests.log %doc doc/librpm/html/* %changelog +* Mon Dec 19 2022 Florian Festi - 4.14.4-26 +- Add --nocompression to rpm2archive (#2129345) + +* Tue Sep 13 2022 Michal Domonkos - 4.14.3-24 +- Make write() nonblocking in fapolicyd plugin (#2110787) + * Tue Apr 05 2022 Michal Domonkos - 4.14.3-23 - Fix minor ABI regression in rpmcli.h (#1940895)