PR#12: Merge c8s into epel8, lower the release number to match RHEL 8.9 - rpms/python3-rpm

rpms / python3-rpm

#12 Merge c8s into epel8, lower the release number to match RHEL 8.9

Merged 4 months ago by churchyard. Opened 4 months ago by churchyard.

rpms/ churchyard/python3-rpm epel8-8.9 into epel8

Lower the release number to match RHEL 8.9

Miro Hrončok • 4 months ago

6485d8f

Merge c8s into epel8

Miro Hrončok • 4 months ago

df90ec8

Fix issues with backported file handling

Florian Festi • 6 months ago

b86572b

Fix regression in new code

Florian Festi • 7 months ago

284b6bc

Fix plugin code for the new fsm implementation

Florian Festi • 7 months ago

e91f7f7

Backport file handling code from rpm-4.19

Florian Festi • 7 months ago

0408f93

Fix version in the two latest %changelog entries

Miro Hrončok • 8 months ago

563383c

Make brp-python-bytecompile script compatible with Python 3.10+

Lumir Balhar • 9 months ago

527b56f

re-import sources as agreed with the maintainer

Adam Samalik • 11 months ago

3f9d64d

.gitignore

file modified

+33 -1

		`@@ -1,2 +1,34 @@`
		`- SOURCES/rpm-4.14.3.tar.bz2`
		`+ /rpm-4.9.90.git11505.tar.bz2`
		`+ /rpm-4.9.90.git11519.tar.bz2`
		`+ /rpm-4.9.90.git11536.tar.bz2`
		`+ /rpm-4.10.0-beta1.tar.bz2`
		`+ /rpm-4.10.0.tar.bz2`
		`+ /rpm-4.10.1.tar.bz2`
		`+ /rpm-4.10.90.git11989.tar.bz2`
		`+ /rpm-4.11.0-beta1.tar.bz2`
		`+ /rpm-4.11.0.1.tar.bz2`
		`+ /rpm-4.11.1-rc1.tar.bz2`
		`+ /rpm-4.11.1-rc2.tar.bz2`
		`+ /rpm-4.11.1.tar.bz2`
		`+ /rpm-4.11.2-rc1.tar.bz2`
		`+ /rpm-4.11.2-rc2.tar.bz2`
		`+ /rpm-4.11.2.tar.bz2`
		`+ /rpm-4.11.90-git12844.tar.bz2`
		`+ /rpm-4.12.0-beta1.tar.bz2`
		`+ /rpm-4.12.0-rc1.tar.bz2`
		`+ /rpm-4.12.0.tar.bz2`
		`+ /rpm-4.12.0.1.tar.bz2`
		`+ /rpm-4.12.90.tar.bz2`
		`+ /rpm-4.13.0-rc1.tar.bz2`
		`+ /rpm-4.13.0-rc2.tar.bz2`
		`+ /rpm-4.13.0.tar.bz2`
		`+ /rpm-4.13.0.1.tar.bz2`
		`+ /rpm-4.13.90-git14002.tar.bz2`
		`+ /rpm-4.14.0-rc1.tar.bz2`
		`+ /rpm-4.14.0-rc2.tar.bz2`
		`+ /rpm-4.14.0.tar.bz2`
		`+ /rpm-4.14.1.tar.bz2`
		`+ /rpm-4.14.2-rc1.tar.bz2`
		`+ /rpm-4.14.2-rc2.tar.bz2`
		`+ /rpm-4.14.2.tar.bz2`
		`/rpm-4.14.3.tar.bz2`

0001-Add-optional-callback-on-directory-changes-during-rp.patch

file added

+107

		`@@ -0,0 +1,107 @@`
		`+ From 186e0ab025b9ad92d900697f611633a6f6162f3b Mon Sep 17 00:00:00 2001`
		`+ From: Panu Matilainen <pmatilai@redhat.com>`
		`+ Date: Wed, 9 Feb 2022 14:47:14 +0200`
		`+ Subject: [PATCH] Add optional callback on directory changes during rpmfi`
		`+ iteration`
		`+`
		`+ Internal only for now in case we need to fiddle with the API some more,`
		`+ but no reason this couldn't be made public later.`
		`+ ---`
		`+ lib/rpmfi.c \| 24 ++++++++++++++++++++----`
		`+ lib/rpmfi_internal.h \| 17 +++++++++++++++++`
		`+ 2 files changed, 37 insertions(+), 4 deletions(-)`
		`+`
		`+ diff --git a/lib/rpmfi.c b/lib/rpmfi.c`
		`+ index aec8220a3..6c631fdb5 100644`
		`+ --- a/lib/rpmfi.c`
		`+ +++ b/lib/rpmfi.c`
		`+ @@ -53,6 +53,9 @@ struct rpmfi_s {`
		`+ int intervalStart; /!< Start of iterating interval. /`
		`+ int intervalEnd; /!< End of iterating interval. /`
		`+`
		`+ + rpmfiChdirCb onChdir; /!< Callback for directory changes /`
		`+ + void onChdirData; /!< Caller private callback data */`
		`+ +`
		`+ rpmfiles files; /!< File info set /`
		`+ rpmcpio_t archive; /!< Archive with payload /`
		`+ unsigned char * found; /!< Bit field of files found in the archive /`
		`+ @@ -298,11 +301,16 @@ rpm_count_t rpmfiDC(rpmfi fi)`
		`+ return (fi != NULL ? rpmfilesDC(fi->files) : 0);`
		`+ }`
		`+`
		`+ -#ifdef NOTYET`
		`+ -int rpmfiDI(rpmfi fi)`
		`+ +int rpmfiSetOnChdir(rpmfi fi, rpmfiChdirCb cb, void *data)`
		`+ {`
		`+ + int rc = -1;`
		`+ + if (fi != NULL) {`
		`+ + fi->onChdir = cb;`
		`+ + fi->onChdirData = data;`
		`+ + rc = 0;`
		`+ + }`
		`+ + return rc;`
		`+ }`
		`+ -#endif`
		`+`
		`+ int rpmfiFX(rpmfi fi)`
		`+ {`
		`+ @@ -314,9 +322,17 @@ int rpmfiSetFX(rpmfi fi, int fx)`
		`+ int i = -1;`
		`+`
		`+ if (fi != NULL && fx >= 0 && fx < rpmfilesFC(fi->files)) {`
		`+ + int dx = fi->j;`
		`+ i = fi->i;`
		`+ fi->i = fx;`
		`+ fi->j = rpmfilesDI(fi->files, fi->i);`
		`+ + i = fi->i;`
		`+ +`
		`+ + if (fi->j != dx && fi->onChdir) {`
		`+ + int chrc = fi->onChdir(fi, fi->onChdirData);`
		`+ + if (chrc < 0)`
		`+ + i = chrc;`
		`+ + }`
		`+ }`
		`+ return i;`
		`+ }`
		`+ @@ -1682,9 +1698,9 @@ static rpmfi initIter(rpmfiles files, int itype, int link)`
		`+ if (files && itype>=0 && itype<=RPMFILEITERMAX) {`
		`+ fi = xcalloc(1, sizeof(*fi));`
		`+ fi->i = -1;`
		`+ + fi->j = -1;`
		`+ fi->files = link ? rpmfilesLink(files) : files;`
		`+ fi->next = nextfuncs[itype];`
		`+ - fi->i = -1;`
		`+ if (itype == RPMFI_ITER_BACK) {`
		`+ fi->i = rpmfilesFC(fi->files);`
		`+ } else if (itype >=RPMFI_ITER_READ_ARCHIVE`
		`+ diff --git a/lib/rpmfi_internal.h b/lib/rpmfi_internal.h`
		`+ index dccc6ccbe..37f1d45f5 100644`
		`+ --- a/lib/rpmfi_internal.h`
		`+ +++ b/lib/rpmfi_internal.h`
		`+ @@ -13,6 +13,23 @@`
		`+ extern "C" {`
		`+ #endif`
		`+`
		`+ +/** \ingroup rpmfi`
		`+ + * Callback on file iterator directory changes`
		`+ + * @param fi file info`
		`+ + * @param data caller private callback data`
		`+ + * @return 0 on success, < 0 on error (to stop iteration)`
		`+ + */`
		`+ +typedef int (rpmfiChdirCb)(rpmfi fi, void data);`
		`+ +`
		`+ +/** \ingroup rpmfi`
		`+ + * Set a callback for directory changes during iteration.`
		`+ + * @param fi file info`
		`+ + * @param cb callback function`
		`+ + * @param data caller private callback data`
		`+ + * @return string pool handle (weak reference)`
		`+ + */`
		`+ +int rpmfiSetOnChdir(rpmfi fi, rpmfiChdirCb cb, void *data);`
		`+ +`
		`+ /** \ingroup rpmfi`
		`+ * Return file info set string pool handle`
		`+ * @param fi file info`
		`+ --`
		`+ 2.41.0`
		`+`

0001-Don-t-warn-about-missing-user-group-on-skipped-files.patch

file added

+30

		`@@ -0,0 +1,30 @@`
		`+ From 6c66abd34cccbb5b3c063f8f613e0c2faffc415f Mon Sep 17 00:00:00 2001`
		`+ From: Panu Matilainen <pmatilai@redhat.com>`
		`+ Date: Wed, 13 Dec 2023 11:57:50 +0200`
		`+ Subject: [PATCH] Don't warn about missing user/group on skipped files`
		`+`
		`+ There's no reason to complain about missing user/group for entities`
		`+ we don't create at all. It's cosmetical only, but "regressed" in the`
		`+ 4.17 fsm robustness rewrite.`
		`+`
		`+ Reported in https://issues.redhat.com/browse/RHEL-18037`
		`+ ---`
		`+ lib/fsm.c \| 2 +-`
		`+ 1 file changed, 1 insertion(+), 1 deletion(-)`
		`+`
		`+ diff --git a/lib/fsm.c b/lib/fsm.c`
		`+ index 2189bd84c..a54e43bae 100644`
		`+ --- a/lib/fsm.c`
		`+ +++ b/lib/fsm.c`
		`+ @@ -903,7 +903,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,`
		`+ fp->fpath = fsmFsPath(fi, fp->suffix);`
		`+`
		`+ /* Remap file perms, owner, and group. */`
		`+ - rc = rpmfiStat(fi, 1, &fp->sb);`
		`+ + rc = rpmfiStat(fi, (fp->skip == 0), &fp->sb);`
		`+`
		`+ /* Hardlinks are tricky and handled elsewhere for install */`
		`+ fp->setmeta = (fp->skip == 0) &&`
		`+ --`
		`+ 2.43.0`
		`+`

0001-Eliminate-code-duplication-from-rpmfiNext.patch

file added

+35

		`@@ -0,0 +1,35 @@`
		`+ From 0bc13d75b5883ccf4d6579f7a60fb1badd104649 Mon Sep 17 00:00:00 2001`
		`+ From: Panu Matilainen <pmatilai@redhat.com>`
		`+ Date: Thu, 10 Feb 2022 10:23:22 +0200`
		`+ Subject: [PATCH] Eliminate code duplication from rpmfiNext()`
		`+`
		`+ Now that we can, let rpmfiSetFX() take care of the details.`
		`+ ---`
		`+ lib/rpmfi.c \| 11 ++---------`
		`+ 1 file changed, 2 insertions(+), 9 deletions(-)`
		`+`
		`+ diff --git a/lib/rpmfi.c b/lib/rpmfi.c`
		`+ index 689ead2c5..aec8220a3 100644`
		`+ --- a/lib/rpmfi.c`
		`+ +++ b/lib/rpmfi.c`
		`+ @@ -856,15 +856,8 @@ int rpmfiNext(rpmfi fi)`
		`+ next = fi->next(fi);`
		`+ } while (next == RPMERR_ITER_SKIP);`
		`+`
		`+ - if (next >= 0 && next < rpmfilesFC(fi->files)) {`
		`+ - fi->i = next;`
		`+ - fi->j = rpmfilesDI(fi->files, fi->i);`
		`+ - } else {`
		`+ - fi->i = -1;`
		`+ - if (next >= 0) {`
		`+ - next = -1;`
		`+ - }`
		`+ - }`
		`+ + if (next >= 0)`
		`+ + next = rpmfiSetFX(fi, next);`
		`+ }`
		`+ return next;`
		`+ }`
		`+ --`
		`+ 2.41.0`
		`+`

0001-Emit-full-paths-for-file-disposition-diagnostics-on-.patch

file added

+66

		`@@ -0,0 +1,66 @@`
		`+ From c140768202e271b60910644c1e4bf848a50218d3 Mon Sep 17 00:00:00 2001`
		`+ From: Panu Matilainen <pmatilai@redhat.com>`
		`+ Date: Mon, 27 Nov 2023 11:52:34 +0200`
		`+ Subject: [PATCH] Emit full paths for file disposition diagnostics on`
		`+ --fsmdebug`
		`+`
		`+ The full path is visible in the actual file operations later, but the`
		`+ pre-flight disposition diagnostics is unreadable without the full path.`
		`+ This regressed in the switch to relative paths for the *at() API family`
		`+ for the symlink CVE fixes.`
		`+ ---`
		`+ lib/fsm.c \| 12 ++++++------`
		`+ 1 file changed, 6 insertions(+), 6 deletions(-)`
		`+`
		`+ diff --git a/lib/fsm.c b/lib/fsm.c`
		`+ index 091e90554..fcd764648 100644`
		`+ --- a/lib/fsm.c`
		`+ +++ b/lib/fsm.c`
		`+ @@ -482,14 +482,14 @@ static void removeSBITS(int dirfd, const char *path)`
		`+ }`
		`+ }`
		`+`
		`+ -static void fsmDebug(const char *fpath, rpmFileAction action,`
		`+ +static void fsmDebug(const char dn, const char fpath, rpmFileAction action,`
		`+ const struct stat *st)`
		`+ {`
		`+ - rpmlog(RPMLOG_DEBUG, "%-10s %06o%3d (%4d,%4d)%6d %s\n",`
		`+ + rpmlog(RPMLOG_DEBUG, "%-10s %06o%3d (%4d,%4d)%6d %s%s\n",`
		`+ fileActionString(action), (int)st->st_mode,`
		`+ (int)st->st_nlink, (int)st->st_uid,`
		`+ (int)st->st_gid, (int)st->st_size,`
		`+ - (fpath ? fpath : ""));`
		`+ + (dn ? dn : ""), (fpath ? fpath : ""));`
		`+ }`
		`+`
		`+ static int fsmSymlink(const char opath, int dirfd, const char path)`
		`+ @@ -910,7 +910,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,`
		`+ (fp->sb.st_nlink == 1 \|\| fp->action == FA_TOUCH);`
		`+`
		`+ setFileState(fs, fx);`
		`+ - fsmDebug(fp->fpath, fp->action, &fp->sb);`
		`+ + fsmDebug(rpmfiDN(fi), fp->fpath, fp->action, &fp->sb);`
		`+`
		`+ fp->stage = FILE_PRE;`
		`+ }`
		`+ @@ -975,7 +975,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,`
		`+ rpmlog(RPMLOG_DEBUG, "file %s vanished unexpectedly\n",`
		`+ fp->fpath);`
		`+ fp->action = FA_CREATE;`
		`+ - fsmDebug(fp->fpath, fp->action, &fp->sb);`
		`+ + fsmDebug(rpmfiDN(fi), fp->fpath, fp->action, &fp->sb);`
		`+ }`
		`+`
		`+ /* When touching we don't need any of this... */`
		`+ @@ -1138,7 +1138,7 @@ int rpmPackageFilesRemove(rpmts ts, rpmte te, rpmfiles files,`
		`+`
		`+ rc = fsmStat(di.dirfd, fp->fpath, 1, &fp->sb);`
		`+`
		`+ - fsmDebug(fp->fpath, fp->action, &fp->sb);`
		`+ + fsmDebug(rpmfiDN(fi), fp->fpath, fp->action, &fp->sb);`
		`+`
		`+ /* Run fsm file pre hook for all plugins */`
		`+ rc = rpmpluginsCallFsmFilePre(plugins, fi, fp->fpath,`
		`+ --`
		`+ 2.43.0`
		`+`

0001-Fix-wrong-return-code-on-O_DIRECTORY-open-of-invalid.patch

file added

+46

		`@@ -0,0 +1,46 @@`
		`+ From 89ce4e7ca592f5abafc3f25aeaa07d36a7b43a61 Mon Sep 17 00:00:00 2001`
		`+ From: Panu Matilainen <pmatilai@redhat.com>`
		`+ Date: Tue, 14 Nov 2023 11:37:48 +0200`
		`+ Subject: [PATCH] Fix wrong return code on O_DIRECTORY open of invalid symlink`
		`+`
		`+ The dir argument to fsmOpenpath() is supposed to be a rough O_DIRECTORY`
		`+ equivalent, and if the path is actually a misowned symlink it should`
		`+ return ENOTDIR instead of ELOOP. Makes the resulting error messages`
		`+ at least a little more comprehensible.`
		`+ ---`
		`+ lib/fsm.c \| 5 +++--`
		`+ 1 file changed, 3 insertions(+), 2 deletions(-)`
		`+`
		`+ diff --git a/lib/fsm.c b/lib/fsm.c`
		`+ index 51f439ef3..091e90554 100644`
		`+ --- a/lib/fsm.c`
		`+ +++ b/lib/fsm.c`
		`+ @@ -304,6 +304,7 @@ static int fsmOpenat(int dirfd, const char *path, int flags, int dir)`
		`+ struct stat lsb, sb;`
		`+ int sflags = flags \| O_NOFOLLOW;`
		`+ int fd = openat(dirfd, path, sflags);`
		`+ + int ffd = fd;`
		`+`
		`+ /*`
		`+ * Only ever follow symlinks by root or target owner. Since we can't`
		`+ @@ -312,7 +313,7 @@ static int fsmOpenat(int dirfd, const char *path, int flags, int dir)`
		`+ * it could've only been the link owner or root.`
		`+ */`
		`+ if (fd < 0 && errno == ELOOP && flags != sflags) {`
		`+ - int ffd = openat(dirfd, path, flags);`
		`+ + ffd = openat(dirfd, path, flags);`
		`+ if (ffd >= 0) {`
		`+ if (fstatat(dirfd, path, &lsb, AT_SYMLINK_NOFOLLOW) == 0) {`
		`+ if (fstat(ffd, &sb) == 0) {`
		`+ @@ -327,7 +328,7 @@ static int fsmOpenat(int dirfd, const char *path, int flags, int dir)`
		`+ }`
		`+`
		`+ /* O_DIRECTORY equivalent */`
		`+ - if (dir && fd >= 0 && fstat(fd, &sb) == 0 && !S_ISDIR(sb.st_mode)) {`
		`+ + if (dir && ((fd != ffd) \|\| (fd >= 0 && fstat(fd, &sb) == 0 && !S_ISDIR(sb.st_mode)))) {`
		`+ errno = ENOTDIR;`
		`+ fsmClose(&fd);`
		`+ }`
		`+ --`
		`+ 2.43.0`
		`+`

0001-Pass-file-descriptor-to-file-prepare-plugin-hook-use.patch

file added

+153

		`@@ -0,0 +1,153 @@`
		`+ From ac7b0dbd5a18d2c57a942ca14ac856b8047425ff Mon Sep 17 00:00:00 2001`
		`+ From: Panu Matilainen <pmatilai@redhat.com>`
		`+ Date: Tue, 15 Feb 2022 10:43:13 +0200`
		`+ Subject: [PATCH] Pass file descriptor to file prepare plugin hook, use when`
		`+ possible`
		`+`
		`+ Sadly the thing that allegedly makes things better mostly just makes`
		`+ things more complicated as symlinks can't be opened, so we'll now have`
		`+ to deal with both cases in plugins too. To make matters worse, most`
		`+ APIs out there support either an fd or a path, but very few support`
		`+ the *at() style dirfd + basename approach so plugins are stuck with`
		`+ absolute paths for now.`
		`+`
		`+ This is of course a plugin API/ABI change too.`
		`+ ---`
		`+ lib/rpmplugin.h \| 2 +-`
		`+ lib/rpmplugins.c \| 4 ++--`
		`+ lib/rpmplugins.h \| 3 ++-`
		`+ plugins/ima.c \| 9 +++++++--`
		`+ plugins/selinux.c \| 13 ++++++++-----`
		`+ 5 files changed, 20 insertions(+), 11 deletions(-)`
		`+`
		`+ diff --git a/lib/rpmplugin.h b/lib/rpmplugin.h`
		`+ index fd81aec8d..fab4b3e83 100644`
		`+ --- a/lib/rpmplugin.h`
		`+ +++ b/lib/rpmplugin.h`
		`+ @@ -57,7 +57,7 @@ typedef rpmRC (*plugin_fsm_file_post_func)(rpmPlugin plugin, rpmfi fi,`
		`+ const char* path, mode_t file_mode,`
		`+ rpmFsmOp op, int res);`
		`+ typedef rpmRC (*plugin_fsm_file_prepare_func)(rpmPlugin plugin, rpmfi fi,`
		`+ - const char* path,`
		`+ + int fd, const char* path,`
		`+ const char *dest,`
		`+ mode_t file_mode, rpmFsmOp op);`
		`+`
		`+ diff --git a/lib/rpmplugins.c b/lib/rpmplugins.c`
		`+ index 65e684e84..923084b78 100644`
		`+ --- a/lib/rpmplugins.c`
		`+ +++ b/lib/rpmplugins.c`
		`+ @@ -384,7 +384,7 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char *path,`
		`+ }`
		`+`
		`+ rpmRC rpmpluginsCallFsmFilePrepare(rpmPlugins plugins, rpmfi fi,`
		`+ - const char path, const char dest,`
		`+ + int fd, const char path, const char dest,`
		`+ mode_t file_mode, rpmFsmOp op)`
		`+ {`
		`+ plugin_fsm_file_prepare_func hookFunc;`
		`+ @@ -394,7 +394,7 @@ rpmRC rpmpluginsCallFsmFilePrepare(rpmPlugins plugins, rpmfi fi,`
		`+ for (i = 0; i < plugins->count; i++) {`
		`+ rpmPlugin plugin = plugins->plugins[i];`
		`+ RPMPLUGINS_SET_HOOK_FUNC(fsm_file_prepare);`
		`+ - if (hookFunc && hookFunc(plugin, fi, path, dest, file_mode, op) == RPMRC_FAIL) {`
		`+ + if (hookFunc && hookFunc(plugin, fi, fd, path, dest, file_mode, op) == RPMRC_FAIL) {`
		`+ rpmlog(RPMLOG_ERR, "Plugin %s: hook fsm_file_prepare failed\n", plugin->name);`
		`+ rc = RPMRC_FAIL;`
		`+ }`
		`+ diff --git a/lib/rpmplugins.h b/lib/rpmplugins.h`
		`+ index 39762c376..ddf5d7048 100644`
		`+ --- a/lib/rpmplugins.h`
		`+ +++ b/lib/rpmplugins.h`
		`+ @@ -156,6 +156,7 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char* path,`
		`+ * permissions etc, but before committing file to destination path.`
		`+ * @param plugins plugins structure`
		`+ * @param fi file info iterator (or NULL)`
		`+ + * @param fd file descriptor (or -1 if not available)`
		`+ * @param path file object current path`
		`+ * @param dest file object destination path`
		`+ * @param mode file object mode`
		`+ @@ -164,7 +165,7 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char* path,`
		`+ */`
		`+ RPM_GNUC_INTERNAL`
		`+ rpmRC rpmpluginsCallFsmFilePrepare(rpmPlugins plugins, rpmfi fi,`
		`+ - const char path, const char dest,`
		`+ + int fd, const char path, const char dest,`
		`+ mode_t mode, rpmFsmOp op);`
		`+`
		`+ #ifdef __cplusplus`
		`+ diff --git a/plugins/fapolicyd.c b/plugins/fapolicyd.c`
		`+ index 7ac44f0d0..1ff50c30f 100644`
		`+ --- a/plugins/fapolicyd.c`
		`+ +++ b/plugins/fapolicyd.c`
		`+ @@ -145,7 +145,8 @@ static rpmRC fapolicyd_scriptlet_pre(rpmPlugin plugin, const char *s_name,`
		`+ }`
		`+`
		`+ static rpmRC fapolicyd_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,`
		`+ - const char path, const char dest,`
		`+ + int fd, const char *path,`
		`+ + const char *dest,`
		`+ mode_t file_mode, rpmFsmOp op)`
		`+ {`
		`+ /* not ready */`
		`+ --- a/plugins/ima.c 2020-04-28 14:50:11.835399269 +0200`
		`+ +++ b/plugins/ima.c 2023-12-13 11:19:58.835948660 +0100`
		`+ @@ -39,7 +39,7 @@`
		`+ return (memcmp(fsig, &zero_hdr, sizeof(zero_hdr)) == 0);`
		`+ }`
		`+`
		`+ -static rpmRC ima_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,`
		`+ +static rpmRC ima_fsm_file_prepare(rpmPlugin plugin, rpmfi fi, int fd,`
		`+ const char *path,`
		`+ const char *dest,`
		`+ mode_t file_mode, rpmFsmOp op)`
		`+ @@ -63,8 +63,14 @@`
		`+`
		`+ fsig = rpmfiFSignature(fi, &len);`
		`+ if (fsig && (check_zero_hdr(fsig, len) == 0)) {`
		`+ - if (lsetxattr(path, XATTR_NAME_IMA, fsig, len, 0) < 0) {`
		`+ - rpmlog(RPMLOG_ERR,`
		`+ + int xx;`
		`+ + if (fd >= 0)`
		`+ + xx = fsetxattr(fd, XATTR_NAME_IMA, fsig, len, 0);`
		`+ + else`
		`+ + xx = lsetxattr(path, XATTR_NAME_IMA, fsig, len, 0);`
		`+ + if (xx < 0) {`
		`+ + int is_err = errno != EOPNOTSUPP;`
		`+ + rpmlog(is_err?RPMLOG_ERR:RPMLOG_DEBUG,`
		`+ "ima: could not apply signature on '%s': %s\n",`
		`+ path, strerror(errno));`
		`+ rc = RPMRC_FAIL;`
		`+ --- a/plugins/selinux.c 2023-12-13 11:21:54.935009141 +0100`
		`+ +++ b/plugins/selinux.c 2023-12-13 11:22:23.172510285 +0100`
		`+ @@ -149,7 +149,7 @@`
		`+ return rc;`
		`+ }`
		`+`
		`+ -static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,`
		`+ +static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi, int fd,`
		`+ const char path, const char dest,`
		`+ mode_t file_mode, rpmFsmOp op)`
		`+ {`
		`+ @@ -159,14 +159,17 @@`
		`+ if (sehandle && !XFA_SKIPPING(action)) {`
		`+ security_context_t scon = NULL;`
		`+ if (selabel_lookup_raw(sehandle, &scon, dest, file_mode) == 0) {`
		`+ - int conrc = lsetfilecon(path, scon);`
		`+ + int conrc;`
		`+ + if (fd >= 0)`
		`+ + conrc = fsetfilecon(fd, scon);`
		`+ + else`
		`+ + conrc = lsetfilecon(path, scon);`
		`+`
		`+ if (conrc == 0 \|\| (conrc < 0 && errno == EOPNOTSUPP))`
		`+ rc = RPMRC_OK;`
		`+`
		`+ - rpmlog((rc != RPMRC_OK) ? RPMLOG_ERR : RPMLOG_DEBUG,`
		`+ - "lsetfilecon: (%s, %s) %s\n",`
		`+ - path, scon, (conrc < 0 ? strerror(errno) : ""));`
		`+ + rpmlog((rc != RPMRC_OK) ? RPMLOG_ERR : RPMLOG_DEBUG, "lsetfilecon: (%d %s, %s) %s\n",`
		`+ + fd, path, scon, (conrc < 0 ? strerror(errno) : ""));`
		`+`
		`+ freecon(scon);`
		`+ } else {`

0001-Print-full-path-if-file-removal-fails.patch

file added

+32

		`@@ -0,0 +1,32 @@`
		`+ From f1503ab6e898430b80017c0f8347860f3a74d5bb Mon Sep 17 00:00:00 2001`
		`+ From: Florian Festi <ffesti@redhat.com>`
		`+ Date: Mon, 11 Dec 2023 15:50:15 +0100`
		`+ Subject: [PATCH] Print full path if file removal fails`
		`+`
		`+ For normal debug output the basename of the files are sufficient as when`
		`+ debugging is enabled the directories are also printed. But here the`
		`+ warning is given without a debug flag so we need the full context right`
		`+ there.`
		`+ ---`
		`+ lib/fsm.c \| 4 ++--`
		`+ 1 file changed, 2 insertions(+), 2 deletions(-)`
		`+`
		`+ diff --git a/lib/fsm.c b/lib/fsm.c`
		`+ index fcd764648..2189bd84c 100644`
		`+ --- a/lib/fsm.c`
		`+ +++ b/lib/fsm.c`
		`+ @@ -1174,9 +1174,9 @@ int rpmPackageFilesRemove(rpmts ts, rpmte te, rpmfiles files,`
		`+`
		`+ if (rc) {`
		`+ int lvl = strict_erasures ? RPMLOG_ERR : RPMLOG_WARNING;`
		`+ - rpmlog(lvl, _("%s %s: remove failed: %s\n"),`
		`+ + rpmlog(lvl, _("%s %s%s: remove failed: %s\n"),`
		`+ S_ISDIR(fp->sb.st_mode) ? _("directory") : _("file"),`
		`+ - fp->fpath, strerror(errno));`
		`+ + rpmfiDN(fi), fp->fpath, strerror(errno));`
		`+ }`
		`+ }`
		`+`
		`+ --`
		`+ 2.43.0`
		`+`

0001-Swap-over-to-dirfd-basename-based-operation-within-t.patch

file added

+90

		`@@ -0,0 +1,90 @@`
		`+ From 6dd62720fe84f7e2ad902c915b952fc0b29e3dcd Mon Sep 17 00:00:00 2001`
		`+ From: Panu Matilainen <pmatilai@redhat.com>`
		`+ Date: Tue, 15 Feb 2022 11:34:37 +0200`
		`+ Subject: [PATCH] Swap over to dirfd+basename based operation within the fsm`
		`+`
		`+ Within fsm this is just a matter of adjusting error messages to include`
		`+ the directory... if it only wasn't for the plugins requiring absolute`
		`+ paths for outside users. For the plugins, we need to assemble absolute`
		`+ paths as needed, both in ensureDir() and plugin file slots.`
		`+ ---`
		`+ lib/rpmplugins.c \| 20 +++++++++++++++++---`
		`+ 2 files changed, 36 insertions(+), 14 deletions(-)`
		`+`
		`+ diff --git a/lib/rpmplugins.c b/lib/rpmplugins.c`
		`+ index 703368c0d..f06fd7895 100644`
		`+ --- a/lib/rpmplugins.c`
		`+ +++ b/lib/rpmplugins.c`
		`+ @@ -350,21 +350,31 @@ rpmRC rpmpluginsCallScriptletPost(rpmPlugins plugins, const char *s_name, int ty`
		`+ return rc;`
		`+ }`
		`+`
		`+ +static char abspath(rpmfi fi, const char path)`
		`+ +{`
		`+ + if (*path == '/')`
		`+ + return xstrdup(path);`
		`+ + else`
		`+ + return rstrscat(NULL, rpmfiDN(fi), path, NULL);`
		`+ +}`
		`+ +`
		`+ rpmRC rpmpluginsCallFsmFilePre(rpmPlugins plugins, rpmfi fi, const char *path,`
		`+ mode_t file_mode, rpmFsmOp op)`
		`+ {`
		`+ plugin_fsm_file_pre_func hookFunc;`
		`+ int i;`
		`+ rpmRC rc = RPMRC_OK;`
		`+ + char *apath = abspath(fi, path);`
		`+`
		`+ for (i = 0; i < plugins->count; i++) {`
		`+ rpmPlugin plugin = plugins->plugins[i];`
		`+ RPMPLUGINS_SET_HOOK_FUNC(fsm_file_pre);`
		`+ - if (hookFunc && hookFunc(plugin, fi, path, file_mode, op) == RPMRC_FAIL) {`
		`+ + if (hookFunc && hookFunc(plugin, fi, apath, file_mode, op) == RPMRC_FAIL) {`
		`+ rpmlog(RPMLOG_ERR, "Plugin %s: hook fsm_file_pre failed\n", plugin->name);`
		`+ rc = RPMRC_FAIL;`
		`+ }`
		`+ }`
		`+ + free(apath);`
		`+`
		`+ return rc;`
		`+ }`
		`+ @@ -375,14 +385,16 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char *path,`
		`+ plugin_fsm_file_post_func hookFunc;`
		`+ int i;`
		`+ rpmRC rc = RPMRC_OK;`
		`+ + char *apath = abspath(fi, path);`
		`+`
		`+ for (i = 0; i < plugins->count; i++) {`
		`+ rpmPlugin plugin = plugins->plugins[i];`
		`+ RPMPLUGINS_SET_HOOK_FUNC(fsm_file_post);`
		`+ - if (hookFunc && hookFunc(plugin, fi, path, file_mode, op, res) == RPMRC_FAIL) {`
		`+ + if (hookFunc && hookFunc(plugin, fi, apath, file_mode, op, res) == RPMRC_FAIL) {`
		`+ rpmlog(RPMLOG_WARNING, "Plugin %s: hook fsm_file_post failed\n", plugin->name);`
		`+ }`
		`+ }`
		`+ + free(apath);`
		`+`
		`+ return rc;`
		`+ }`
		`+ @@ -394,15 +406,17 @@ rpmRC rpmpluginsCallFsmFilePrepare(rpmPlugins plugins, rpmfi fi,`
		`+ plugin_fsm_file_prepare_func hookFunc;`
		`+ int i;`
		`+ rpmRC rc = RPMRC_OK;`
		`+ + char *apath = abspath(fi, path);`
		`+`
		`+ for (i = 0; i < plugins->count; i++) {`
		`+ rpmPlugin plugin = plugins->plugins[i];`
		`+ RPMPLUGINS_SET_HOOK_FUNC(fsm_file_prepare);`
		`+ - if (hookFunc && hookFunc(plugin, fi, fd, path, dest, file_mode, op) == RPMRC_FAIL) {`
		`+ + if (hookFunc && hookFunc(plugin, fi, fd, apath, dest, file_mode, op) == RPMRC_FAIL) {`
		`+ rpmlog(RPMLOG_ERR, "Plugin %s: hook fsm_file_prepare failed\n", plugin->name);`
		`+ rc = RPMRC_FAIL;`
		`+ }`
		`+ }`
		`+ + free(apath);`
		`+`
		`+ return rc;`
		`+ }`
		`+ --`
		`+ 2.41.0`
		`+`

0001-Use-file-state-machine-from-rpm-4.19.patch

file added

+1654

The added file is too large to be shown here, see it at: 0001-Use-file-state-machine-from-rpm-4.19.patch

STAGE2-rpm

file added

+34

		`@@ -0,0 +1,34 @@`
		`+ #requires popt`
		`+ #requires nss-softokn`
		`+ #requires nss`
		`+ #requires file`
		`+ #requires libarchive`
		`+ #requires libdb4`
		`+ #requires redhat-rpm-config`
		`+ #requires lua`
		`+ #requires autoconf`
		`+ #requires pkgconfig`
		`+`
		`+`
		`+ (cd $SRC/rpm-*/ && autoreconf -vif)`
		`+`
		`+ mcd $BUILDDIR/rpm`
		`+`
		`+ $SRC/rpm-*/configure $TCONFIGARGS \`
		`+ --build=${TARGET} \`
		`+ --host=${TARGET} \`
		`+ --target=${TARGET} \`
		`+ CPPFLAGS="-I/usr/include/nspr -I/usr/include/nss3 -DPACKAGE -DPACKAGE_VERSION" \`
		`+ --libdir=/usr/lib${SUFFIX} \`
		`+ --with-external-db \`
		`+ --disable-static \`
		`+ --with-lua \`
		`+ --localstatedir=/var`
		`+`
		`+ make $J`
		`+ make $J install`
		`+`
		`+ mkdir -p /etc/rpm`
		`+ mkdir -p /var/lib/rpm`
		`+`
		`+ rpm --initdb`

brp-python-bytecompile-compatibility-with-newer-pyth.patch

file added

+46

		`@@ -0,0 +1,46 @@`
		`+ From acbf558c486ee3518aca74045504f05872da4a58 Mon Sep 17 00:00:00 2001`
		`+ From: Lumir Balhar <lbalhar@redhat.com>`
		`+ Date: Tue, 26 Sep 2023 13:14:44 +0200`
		`+ Subject: [PATCH] brp-python-bytecompile compatibility with newer pythons`
		`+`
		`+ ---`
		`+ scripts/brp-python-bytecompile \| 8 ++++----`
		`+ 1 file changed, 4 insertions(+), 4 deletions(-)`
		`+`
		`+ diff --git a/scripts/brp-python-bytecompile b/scripts/brp-python-bytecompile`
		`+ index 4a9b49e..472bf10 100644`
		`+ --- a/scripts/brp-python-bytecompile`
		`+ +++ b/scripts/brp-python-bytecompile`
		`+ @@ -58,7 +58,7 @@ EOF`
		`+ # and below /usr/lib/python3.1/, we're targeting /usr/bin/python3.1`
		`+`
		`+ shopt -s nullglob`
		+ -for python_libdir in `find "$RPM_BUILD_ROOT" -type d\|grep -E "/usr/lib(64)?/python[0-9]\.[0-9]$"`;
		+ +for python_libdir in `find "$RPM_BUILD_ROOT" -type d\|grep -E "/usr/lib(64)?/python[0-9]\.[0-9]+$"`;
		`+ do`
		`+ python_binary=/usr/bin/$(basename $python_libdir)`
		`+ if [ "$python_binary" = "/usr/bin/python3.6" ]; then`
		`+ @@ -97,17 +97,17 @@ fi`
		`+`
		`+ # Figure out if there are files to be bytecompiled with the default_python at all`
		`+ # this prevents unnecessary default_python invocation`
		`+ -find "$RPM_BUILD_ROOT" -type f -name "*.py" \| grep -Ev "/bin/\|/sbin/\|/usr/lib(64)?/python[0-9]\.[0-9]\|/usr/share/doc" \|\| exit 0`
		`+ +find "$RPM_BUILD_ROOT" -type f -name "*.py" \| grep -Ev "/bin/\|/sbin/\|/usr/lib(64)?/python[0-9]\.[0-9]+\|/usr/share/doc" \|\| exit 0`
		`+`
		`+ # Generate normal (.pyc) byte-compiled files.`
		`+ -python_bytecompile "" $default_python "/bin/\|/sbin/\|/usr/lib(64)?/python[0-9]\.[0-9]\|/usr/share/doc" "$RPM_BUILD_ROOT" "$depth" "/"`
		`+ +python_bytecompile "" $default_python "/bin/\|/sbin/\|/usr/lib(64)?/python[0-9]\.[0-9]+\|/usr/share/doc" "$RPM_BUILD_ROOT" "$depth" "/"`
		`+ if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then`
		`+ # One or more of the files had a syntax error`
		`+ exit 1`
		`+ fi`
		`+`
		`+ # Generate optimized (.pyo) byte-compiled files.`
		`+ -python_bytecompile "-O" $default_python "/bin/\|/sbin/\|/usr/lib(64)?/python[0-9]\.[0-9]\|/usr/share/doc" "$RPM_BUILD_ROOT" "$depth" "/"`
		`+ +python_bytecompile "-O" $default_python "/bin/\|/sbin/\|/usr/lib(64)?/python[0-9]\.[0-9]+\|/usr/share/doc" "$RPM_BUILD_ROOT" "$depth" "/"`
		`+ if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then`
		`+ # One or more of the files had a syntax error`
		`+ exit 1`
		`+ --`
		`+ 2.41.0`
		`+`

python3-rpm.spec ~~rpm.spec~~

file renamed

+91 -352

		`@@ -32,22 +32,28 @@`

		`%global rpmver 4.14.3`
		`#global snapver rc2`
		`- %global rel 26`
		`+ %global rel 28`
		`+ %global rhelrel %{?snapver:0.%{snapver}.}%{rel}`
		`+ %global rel_next %{lua:print(tonumber(rpm.expand("%rel")) + 1)}`
		`+ %global rhelrel_next %{?snapver:0.%{snapver}.}%{rel_next}`
		`+`
		`+ # Bump this for EPEL only rebuilds, reset when %%rel was bumped`
		`+ %global baserelease 1`

		`%global srcver %{version}%{?snapver:-%{snapver}}`
		`- %global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} \| cut -d'.' -f1-2).x}`
		`+ %global srcdir %{?snapver:testing}%{!?snapver:rpm-%(echo %{version} \| cut -d'.' -f1-2).x}`

		`%define bdbname libdb`
		`%define bdbver 5.3.15`
		`%define dbprefix db`

		`- Summary: The RPM package management system`
		`- Name: rpm`
		`+ Summary: Python 3.X packages with RPM bindings`
		`+ Name: python3-rpm`
		`Version: %{rpmver}`
		`- Release: %{?snapver:0.%{snapver}.}%{rel}%{?dist}`
		`+ Release: %{rhelrel}.%{baserelease}%{?dist}`
		`Group: System Environment/Base`
		`Url: http://www.rpm.org/`
		`- Source0: http://ftp.rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2`
		`+ Source0: http://ftp.rpm.org/releases/%{srcdir}/rpm-%{srcver}.tar.bz2`
		`%if %{with int_bdb}`
		`Source1: db-%{bdbver}.tar.gz`
		`%else`
		`@@ -119,6 +125,16 @@`
		`Patch166: rpm-4.14.3-rpm2archive-nocompression.patch`
		`Patch167: rpm-4.14.3-rpm2archive-parse-popt-options.patch`
		`Patch168: rpm-4.14.3-rpm2archive-Don-t-print-usage.patch`
		`+ # Backport fsm to fix CVEs`
		`+ Patch169: 0001-Eliminate-code-duplication-from-rpmfiNext.patch`
		`+ Patch170: 0001-Add-optional-callback-on-directory-changes-during-rp.patch`
		`+ Patch171: 0001-Pass-file-descriptor-to-file-prepare-plugin-hook-use.patch`
		`+ Patch172: 0001-Swap-over-to-dirfd-basename-based-operation-within-t.patch`
		`+ Patch173: 0001-Use-file-state-machine-from-rpm-4.19.patch`
		`+ Patch174: 0001-Emit-full-paths-for-file-disposition-diagnostics-on-.patch`
		`+ Patch175: 0001-Fix-wrong-return-code-on-O_DIRECTORY-open-of-invalid.patch`
		`+ Patch176: 0001-Print-full-path-if-file-removal-fails.patch`
		`+ Patch177: 0001-Don-t-warn-about-missing-user-group-on-skipped-files.patch`

		`# Python 3 string API sanity`
		`Patch500: 0001-In-Python-3-return-all-our-string-data-as-surrogate-.patch`
		`@@ -150,18 +166,19 @@`
		`Patch1001: compile-with-Platform-Python-binary-where-relevant.patch`
		`# make unversioned %%__python an error unless explicitly overridden`
		`Patch1002: rpm-4.14.2-unversioned-python.patch`
		`+ # Make brp-python-bytecompile compatible with Python 3.10+`
		`+ Patch1003: brp-python-bytecompile-compatibility-with-newer-pyth.patch`

		`# Partially GPL/LGPL dual-licensed and some bits with BSD`
		`# SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD`
		`License: GPLv2+`

		`- Requires: coreutils`
		`- %if %{without int_bdb}`
		`- # db recovery tools, rpmdb_util symlinks`
		`- Requires: %{_bindir}/%{dbprefix}_stat`
		`- %endif`
		`- Requires: popt%{_isa} >= 1.10.2.1`
		`- Requires: curl`
		`+ # This prevents a build with uninstallable runtime Requires`
		`+ BuildRequires: (rpm-libs >= %{version}-%{rhelrel} with rpm-libs < %{version}-%{rhelrel_next})`
		`+`
		`+ # Use a specific (tested) Python macros edition`
		`+ # 3.11 has broken %%py3_check_import -- https://bugzilla.redhat.com/2207631`
		`+ BuildRequires: python39-rpm-macros`

		`%if %{without int_bdb}`
		`BuildRequires: %{bdbname}-devel`
		`@@ -233,204 +250,36 @@`
		`%endif`

		`%description`
		`- The RPM Package Manager (RPM) is a powerful command line driven`
		`- package management system capable of installing, uninstalling,`
		`- verifying, querying, and updating software packages. Each software`
		`- package consists of an archive of files along with information about`
		`- the package like its version, a description, etc.`
		`-`
		`- %package libs`
		`- Summary: Libraries for manipulating RPM packages`
		`- Group: Development/Libraries`
		`- License: GPLv2+ and LGPLv2+ with exceptions`
		`- Requires: %{name} = %{version}-%{release}`
		`- # librpm uses cap_compare, introduced sometimes between libcap 2.10 and 2.16.`
		`- # A manual require is needed, see #505596`
		`- Requires: libcap%{_isa} >= 2.16`
		`-`
		`- %description libs`
		`- This package contains the RPM shared libraries.`
		`-`
		`- %package build-libs`
		`- Summary: Libraries for building and signing RPM packages`
		`- Group: Development/Libraries`
		`- License: GPLv2+ and LGPLv2+ with exceptions`
		`- Requires: rpm-libs%{_isa} = %{version}-%{release}`
		`- Requires: %{_bindir}/gpg2`
		`-`
		`- %description build-libs`
		`- This package contains the RPM shared libraries for building and signing`
		`- packages.`
		`+ Additional Python 3.X packages with the RPM Python bindings.`

		`- %package devel`
		`- Summary: Development files for manipulating RPM packages`
		`+ %define python3x_package %{?name:%package -n python%{python3_pkgversion}-rpm`
		`+ Summary: Python %{_python3_pkgversion_with_dot} bindings for apps which will manipulate RPM packages`
		`Group: Development/Libraries`
		`- License: GPLv2+ and LGPLv2+ with exceptions`
		`- Requires: %{name} = %{version}-%{release}`
		`- Requires: %{name}-libs%{_isa} = %{version}-%{release}`
		`- Requires: %{name}-build-libs%{_isa} = %{version}-%{release}`
		`- Requires: popt-devel%{_isa}`
		`-`
		`- %description devel`
		`- This package contains the RPM C library and header files. These`
		`- development files will simplify the process of writing programs that`
		`- manipulate RPM packages and databases. These files are intended to`
		`- simplify the process of creating graphical package managers or any`
		`- other tools that need an intimate knowledge of RPM packages in order`
		`- to function.`
		`-`
		`- This package should be installed if you want to develop programs that`
		`- will manipulate RPM packages and databases.`
		`-`
		`- %package build`
		`- Summary: Scripts and executable programs used to build packages`
		`- Group: Development/Tools`
		`- Requires: rpm = %{version}-%{release}`
		`- Requires: elfutils >= 0.128 binutils`
		`- Requires: findutils sed grep gawk diffutils file patch >= 2.5`
		`- Requires: tar unzip gzip bzip2 cpio xz`
		`- %if %{with zstd}`
		`- Requires: zstd`
		`- %endif`
		`- Requires: pkgconfig >= 1:0.24`
		`- Requires: /usr/bin/gdb-add-index`
		`- # Technically rpmbuild doesn't require any external configuration, but`
		`- # creating distro-compatible packages does. To make the common case`
		`- # "just work" while allowing for alternatives, depend on a virtual`
		`- # provide, typically coming from redhat-rpm-config.`
		`- Requires: system-rpm-config`
		`-`
		`- %description build`
		`- The rpm-build package contains the scripts and executable programs`
		`- that are used to build packages using the RPM Package Manager.`
		`-`
		`- %package sign`
		`- Summary: Package signing support`
		`- Group: System Environment/Base`
		`- Requires: rpm-build-libs%{_isa} = %{version}-%{release}`
		`-`
		`- %description sign`
		`- This package contains support for digitally signing RPM packages.`
		`-`
		`- %if %{with python2}`
		`- %package -n python2-%{name}`
		`- Summary: Python 2 bindings for apps which will manipulate RPM packages`
		`- Group: Development/Libraries`
		`- BuildRequires: python2-devel`
		`- %{?python_provide:%python_provide python2-%{name}}`
		`- Requires: %{name}-libs%{?_isa} = %{version}-%{release}`
		`- Provides: %{name}-python = %{version}-%{release}`
		`- Obsoletes: %{name}-python < %{version}-%{release}`
		`-`
		`- %description -n python2-%{name}`
		`- The python2-rpm package contains a module that permits applications`
		`- written in the Python programming language to use the interface`
		`- supplied by RPM Package Manager libraries.`
		`-`
		`- This package should be installed if you want to develop Python 2`
		`- programs that will manipulate RPM packages and databases.`
		`- %endif # with python2`
		`-`
		`- %package -n python3-%{name}`
		`- Summary: Python 3 bindings for apps which will manipulate RPM packages`
		`- Group: Development/Libraries`
		`- BuildRequires: python3-devel`
		`- %{?python_provide:%python_provide python3-%{name}}`
		`- Requires: %{name}-libs%{?_isa} = %{version}-%{release}`
		`- Provides: %{name}-python3 = %{version}-%{release}`
		`- Obsoletes: %{name}-python3 < %{version}-%{release}`
		`+ BuildRequires: python%{python3_pkgversion}-devel`
		`+ %{?python_provide:%python_provide python%{python3_pkgversion}-rpm}`
		`+ Requires: (rpm-libs%{?_isa} >= %{version}-%{rhelrel} with rpm-libs%{?_isa} < %{version}-%{rhelrel_next})`
		`+ Provides: rpm-python%{python3_pkgversion} = %{version}-%{release}`
		`# Lowest compatible DNF version (acts as a safeguard to protect DNF from`
		`# breaking in case the user attempts to upgrade RPM separately).`
		`# Version 4.2.7 added support for the new API output format introduced in`
		`# rpm-4.14.2-10.`
		`- Conflicts: python3-dnf < 4.2.7`
		`+ Conflicts: python%{python3_pkgversion}-dnf < 4.2.7`

		`- %description -n python3-%{name}`
		`- The python3-rpm package contains a module that permits applications`
		`+ %description -n python%{python3_pkgversion}-rpm`
		`+ The python%{python3_pkgversion}-rpm package contains a module that permits applications`
		`written in the Python programming language to use the interface`
		`supplied by RPM Package Manager libraries.`

		`- This package should be installed if you want to develop Python 3`
		`- programs that will manipulate RPM packages and databases.`
		`-`
		`- %package apidocs`
		`- Summary: API documentation for RPM libraries`
		`- Group: Documentation`
		`- BuildArch: noarch`
		`-`
		`- %description apidocs`
		`- This package contains API documentation for developing applications`
		`- that will manipulate RPM packages and databases.`
		`-`
		`- %package cron`
		`- Summary: Create daily logs of installed packages.`
		`- Group: System Environment/Base`
		`- BuildArch: noarch`
		`- Requires: crontabs logrotate rpm = %{version}-%{release}`
		`-`
		`- %description cron`
		`- This package contains a cron job which creates daily logs of installed`
		`- packages on a system.`
		`+ This package should be installed if you want to develop Python %{_python3_pkgversion_with_dot}`
		`+ programs that will manipulate RPM packages and databases.}`

		`- %if %{with plugins}`
		`- %package plugin-selinux`
		`- Summary: Rpm plugin for SELinux functionality`
		`- Group: System Environment/Base`
		`- Requires: rpm-libs%{_isa} = %{version}-%{release}`
		`- Requires: selinux-policy-base`
		`-`
		`- %description plugin-selinux`
		`- %{summary}`
		`-`
		`- %package plugin-syslog`
		`- Summary: Rpm plugin for syslog functionality`
		`- Group: System Environment/Base`
		`- Requires: rpm-libs%{_isa} = %{version}-%{release}`
		`-`
		`- %description plugin-syslog`
		`- %{summary}`
		`-`
		`- %package plugin-systemd-inhibit`
		`- Summary: Rpm plugin for systemd inhibit functionality`
		`- Group: System Environment/Base`
		`- Requires: rpm-libs%{_isa} = %{version}-%{release}`
		`-`
		`- %description plugin-systemd-inhibit`
		`- This plugin blocks systemd from entering idle, sleep or shutdown while an rpm`
		`- transaction is running using the systemd-inhibit mechanism.`
		`-`
		`- %package plugin-ima`
		`- Summary: Rpm plugin ima file signatures`
		`- Group: System Environment/Base`
		`- Requires: rpm-libs%{_isa} = %{version}-%{release}`
		`-`
		`- %description plugin-ima`
		`- %{summary}`
		`-`
		`- %package plugin-prioreset`
		`- Summary: Rpm plugin for resetting scriptlet priorities for SysV init`
		`- Group: System Environment/Base`
		`- Requires: rpm-libs%{_isa} = %{version}-%{release}`
		`-`
		`- %description plugin-prioreset`
		`- %{summary}`
		`-`
		`- Useful on legacy SysV init systems if you run rpm transactions with`
		`- nice/ionice priorities. Should not be used on systemd systems.`
		`-`
		`- %package plugin-fapolicyd`
		`- Summary: Rpm plugin for fapolicyd functionality`
		`- Requires: rpm-libs%{_isa} = %{version}-%{release}`
		`- Provides: fapolicyd-plugin`
		`- Obsoletes: fapolicyd-dnf-plugin`
		`-`
		`- %description plugin-fapolicyd`
		`- %{summary}.`
		`-`
		`- %endif # with plugins`
		`+ %global python3_pkgversion 39`
		`+ %python3x_package`
		`+ %global python3_pkgversion 3.11`
		`+ %python3x_package`

		`%prep`
		`- %autosetup -n %{name}-%{srcver} %{?with_int_bdb:-a 1} -p1`
		`+ %autosetup -n rpm-%{srcver} %{?with_int_bdb:-a 1} -p1`

		`%if %{with int_bdb}`
		`ln -s db-%{bdbver} db`
		`@@ -453,6 +302,11 @@`
		`%{__sed} -i.backup -e 's~compiler_flags=$~compiler_flags="%{_hardened_ldflags}"~' $i`
		`done;`

		`+ # For configure, we'll use 3.9 explicitly`
		`+ # Multiple-digit "minor" Python versions don't work here yet anyway`
		`+ %global python3_pkgversion 39`
		`+ export PYTHON=%{__python3}`
		`+`
		`# Using configure macro has some unwanted side-effects on rpm platform`
		`# setup, use the old-fashioned way for now only defining minimal paths.`
		`./configure \`
		`@@ -478,8 +332,7 @@`
		`%{?with_sqlite: --enable-sqlite} \`
		`--with-fapolicyd \`
		`--enable-python \`
		`- --with-crypto=openssl \`
		`- PYTHON=python3`
		`+ --with-crypto=openssl`

		`make %{?_smp_mflags}`

		`@@ -487,6 +340,9 @@`
		`%if %{with python2}`
		`%{__python2} setup.py build`
		`%endif # with python2`
		`+ %global python3_pkgversion 39`
		`+ %{__python3} setup.py build`
		`+ %global python3_pkgversion 3.11`
		`%{__python3} setup.py build`
		`popd`

		`@@ -501,6 +357,9 @@`
		`%if %{with python2}`
		`%{__python2} setup.py install --skip-build --root $RPM_BUILD_ROOT`
		`%endif # with python2`
		`+ %global python3_pkgversion 39`
		`+ %{__python3} setup.py install --skip-build --root $RPM_BUILD_ROOT`
		`+ %global python3_pkgversion 3.11`
		`%{__python3} setup.py install --skip-build --root $RPM_BUILD_ROOT`
		`popd`

		`@@ -536,170 +395,50 @@`
		`done`
		`%endif`

		`- %find_lang %{name}`
		`-`
		`find $RPM_BUILD_ROOT -name "*.la"\|xargs rm -f`

		`- # These live in perl-generators and python-rpm-generators now`
		`- rm -f $RPM_BUILD_ROOT/%{rpmhome}/{perldeps.pl,perl.,pythond}`
		`- rm -f $RPM_BUILD_ROOT/%{_fileattrsdir}/{perl,python}`
		`- # Axe unused cruft`
		`- rm -f $RPM_BUILD_ROOT/%{rpmhome}/{tcl.req,osgideps.pl}`
		`+ # Remove all non-Python files`
		`+ rm -r %{buildroot}%{_bindir}`
		`+ rm -r %{buildroot}%{_datadir}`
		`+ rm -r %{buildroot}%{_includedir}`
		`+ rm -r %{buildroot}%{_libdir}/lib*`
		`+ rm -r %{buildroot}%{_libdir}/pkgconfig/`
		`+ rm -r %{buildroot}%{_libdir}/rpm-plugins/`
		`+ rm -r %{buildroot}%{_localstatedir}`
		`+ rm -r %{buildroot}%{_prefix}/lib`
		`+ rm -r %{buildroot}%{_sysconfdir}`

		`- # Avoid unnecessary dependency on /usr/bin/python`
		`- chmod a-x $RPM_BUILD_ROOT/%{rpmhome}/python-macro-helper`
		`-`
		`- %if %{with check}`
		`%check`
		`+ %global python3_pkgversion 39`
		`+ %py3_check_import rpm rpm.transaction`
		`+ %global python3_pkgversion 3.11`
		`+ %py3_check_import rpm rpm.transaction`
		`+ %if %{with check}`
		`make check \|\| cat tests/rpmtests.log`
		`%endif`

		`- %post libs -p /sbin/ldconfig`
		`- %postun libs -p /sbin/ldconfig`
		`-`
		`- %post build-libs -p /sbin/ldconfig`
		`- %postun build-libs -p /sbin/ldconfig`
		`-`
		`- %files -f %{name}.lang`
		`+ %global python3_pkgversion 39`
		`+ %files -n python%{python3_pkgversion}-rpm`
		`%license COPYING`
		`- %doc CREDITS doc/manual/[a-z]*`
		`-`
		`- /usr/lib/tmpfiles.d/rpm.conf`
		`- %dir %{_sysconfdir}/rpm`
		`-`
		`- %attr(0755, root, root) %dir /var/lib/rpm`
		`- %attr(0644, root, root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/lib/rpm/*`
		`-`
		`- %{_bindir}/rpm`
		`- %if %{with libarchive}`
		`- %{_bindir}/rpm2archive`
		`- %endif`
		`- %{_bindir}/rpm2cpio`
		`- %{_bindir}/rpmdb`
		`- %{_bindir}/rpmkeys`
		`- %{_bindir}/rpmquery`
		`- %{_bindir}/rpmverify`
		`-`
		`- %{_mandir}/man8/rpm.8*`
		`- %{_mandir}/man8/rpmdb.8*`
		`- %{_mandir}/man8/rpmkeys.8*`
		`- %{_mandir}/man8/rpm2cpio.8*`
		`- %{_mandir}/man8/rpm-misc.8*`
		`-`
		`- # XXX this places translated manuals to wrong package wrt eg rpmbuild`
		`- %lang(fr) %{_mandir}/fr/man[18]/.[18]`
		`- %lang(ko) %{_mandir}/ko/man[18]/.[18]`
		`- %lang(ja) %{_mandir}/ja/man[18]/.[18]`
		`- %lang(pl) %{_mandir}/pl/man[18]/.[18]`
		`- %lang(ru) %{_mandir}/ru/man[18]/.[18]`
		`- %lang(sk) %{_mandir}/sk/man[18]/.[18]`
		`-`
		`- %attr(0755, root, root) %dir %{rpmhome}`
		`- %{rpmhome}/macros`
		`- %{rpmhome}/macros.d`
		`- %{rpmhome}/rpmpopt*`
		`- %{rpmhome}/rpmrc`
		`-`
		`- %{rpmhome}/rpmdb_*`
		`- %{rpmhome}/rpm.daily`
		`- %{rpmhome}/rpm.log`
		`- %{rpmhome}/rpm.supp`
		`- %{rpmhome}/rpm2cpio.sh`
		`- %{rpmhome}/tgpg`
		`- %{rpmhome}/python-macro-helper`
		`-`
		`- %{rpmhome}/platform`
		`-`
		`- %dir %{rpmhome}/fileattrs`
		`-`
		`- %files libs`
		`- %{_libdir}/librpmio.so.*`
		`- %{_libdir}/librpm.so.*`
		`- %if %{with plugins}`
		`- %dir %{_libdir}/rpm-plugins`
		`-`
		`- %files plugin-syslog`
		`- %{_libdir}/rpm-plugins/syslog.so`
		`-`
		`- %files plugin-selinux`
		`- %{_libdir}/rpm-plugins/selinux.so`
		`-`
		`- %files plugin-systemd-inhibit`
		`- %{_libdir}/rpm-plugins/systemd_inhibit.so`
		`- %{_mandir}/man8/rpm-plugin-systemd-inhibit.8*`
		`-`
		`- %files plugin-ima`
		`- %{_libdir}/rpm-plugins/ima.so`
		`-`
		`- %files plugin-prioreset`
		`- %{_libdir}/rpm-plugins/prioreset.so`
		`-`
		`- %files plugin-fapolicyd`
		`- %{_libdir}/rpm-plugins/fapolicyd.so`
		`- %{_mandir}/man8/rpm-plugin-fapolicyd.8*`
		`- %endif # with plugins`
		`-`
		`- %files build-libs`
		`- %{_libdir}/librpmbuild.so.*`
		`- %{_libdir}/librpmsign.so.*`
		`-`
		`- %files build`
		`- %{_bindir}/rpmbuild`
		`- %{_bindir}/gendiff`
		`- %{_bindir}/rpmspec`
		`-`
		`- %{_mandir}/man1/gendiff.1*`
		`- %{_mandir}/man8/rpmbuild.8*`
		`- %{_mandir}/man8/rpmdeps.8*`
		`- %{_mandir}/man8/rpmspec.8*`
		`-`
		`- %{rpmhome}/brp-*`
		`- %{rpmhome}/check-*`
		`- %{rpmhome}/debugedit`
		`- %{rpmhome}/sepdebugcrcfix`
		`- %{rpmhome}/find-debuginfo.sh`
		`- %{rpmhome}/find-lang.sh`
		`- %{rpmhome}/provides`
		`- %{rpmhome}/requires`
		`- %{rpmhome}/deps`
		`- %{rpmhome}/*.prov`
		`- %{rpmhome}/*.req`
		`- %{rpmhome}/config.*`
		`- %{rpmhome}/mkinstalldirs`
		`- %{rpmhome}/macros.p*`
		`- %{rpmhome}/fileattrs/*`
		`-`
		`- %files sign`
		`- %{_bindir}/rpmsign`
		`- %{_mandir}/man8/rpmsign.8*`
		`+ %{python3_sitearch}/rpm/`
		`+ %{python3_sitearch}/rpm-%{version}*.egg-info`

		`- %if %{with python2}`
		`- %files -n python2-%{name}`
		`- %{python2_sitearch}/%{name}/`
		`- %{python2_sitearch}/%{name}-%{version}*.egg-info`
		`- %endif # with python2`
		`-`
		`- %files -n python3-%{name}`
		`- %{python3_sitearch}/%{name}/`
		`- %{python3_sitearch}/%{name}-%{version}*.egg-info`
		`-`
		`- %files devel`
		`- %{_mandir}/man8/rpmgraph.8*`
		`- %{_bindir}/rpmgraph`
		`- %{_libdir}/librp*[a-z].so`
		`- %{_libdir}/pkgconfig/%{name}.pc`
		`- %{_includedir}/%{name}/`
		`-`
		`- %files cron`
		`- %{_sysconfdir}/cron.daily/rpm`
		`- %config(noreplace) %{_sysconfdir}/logrotate.d/rpm`
		`-`
		`- %files apidocs`
		`+ %global python3_pkgversion 3.11`
		`+ %files -n python%{python3_pkgversion}-rpm`
		`%license COPYING`
		`- %doc doc/librpm/html/*`
		`+ %{python3_sitearch}/rpm/`
		`+ %{python3_sitearch}/rpm-%{version}*.egg-info`

		`%changelog`
		`- * Mon Dec 19 2022 Florian Festi <ffesti@redhat.com> - 4.14.4-26`
		`+ * Tue Dec 12 2023 Florian Festi <ffesti@redhat.com> - 4.14.3-28`
		`+ - Backport file handling code from rpm-4.19 to fix CVE-2021-35937,`
		`+ CVE-2021-35938 and CVE-2021-35939`
		`+`
		`+ * Tue Sep 26 2023 Lumír Balhar <lbalhar@redhat.com> - 4.14.3-27`
		`+ - Make brp-python-bytecompile script compatible with Python 3.10+`
		`+ Resolves: RHEL-6423`
		`+`
		`+ * Mon Dec 19 2022 Florian Festi <ffesti@redhat.com> - 4.14.3-26`
		`- Add --nocompression to rpm2archive (#2129345)`

		`* Tue Sep 13 2022 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-24`

rpm-4.14.1-python-brp-bytecompile.patch

file added

+15

		`@@ -0,0 +1,15 @@`
		`+ diff --git a/scripts/brp-python-bytecompile b/scripts/brp-python-bytecompile`
		`+ index 894fa3459..47776215a 100644`
		`+ --- a/scripts/brp-python-bytecompile`
		`+ +++ b/scripts/brp-python-bytecompile`
		`+ @@ -87,6 +87,10 @@ if [ ! -x "$default_python" ]; then`
		`+ exit 0`
		`+ fi`
		`+`
		`+ +# Figure out if there are files to be bytecompiled with the default_python at all`
		`+ +# this prevents unnecessary default_python invocation`
		`+ +find "$RPM_BUILD_ROOT" -type f -name "*.py" \| grep -Ev "/bin/\|/sbin/\|/usr/lib(64)?/python[0-9]\.[0-9]\|/usr/share/doc" \|\| exit 0`
		`+ +`
		`+ # Generate normal (.pyc) byte-compiled files.`
		`+ python_bytecompile "" $default_python "/bin/\|/sbin/\|/usr/lib(64)?/python[0-9]\.[0-9]\|/usr/share/doc" "$RPM_BUILD_ROOT" "$depth" "/"`
		`+ if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then`

no initial comment

ktdreyer commented 4 months ago

A local mock build fails:

+ /usr/bin/cat /builddir/build/SOURCES/disable-python-extra.patch
+ /usr/bin/patch -p1 -s --fuzz=0 --no-backup-if-mismatch
+ /usr/bin/cat /builddir/build/SOURCES/rpm-4.14.2-unversioned-python.patch
+ /usr/bin/patch -p1 -s --fuzz=0 --no-backup-if-mismatch
+ /usr/bin/cat /builddir/build/SOURCES/brp-python-bytecompile-compatibility-with-newer-pyth.patch
+ /usr/bin/patch -p1 -s --fuzz=0 --no-backup-if-mismatch
1 out of 2 hunks FAILED -- saving rejects to file scripts/brp-python-bytecompile.rej
error: Bad exit status from /var/tmp/rpm-tmp.HQj5Qv (%prep)

churchyard commented 4 months ago

I observe the same problem. Investigating.

9 new commits added

Lower the release number to match RHEL 8.9
Merge c8s into epel8
Fix issues with backported file handling
Fix regression in new code
Fix plugin code for the new fsm implementation
Backport file handling code from rpm-4.19
Fix version in the two latest %changelog entries
Make brp-python-bytecompile script compatible with Python 3.10+
re-import sources as agreed with the maintainer

4 months ago

churchyard commented 4 months ago

compile-with-Platform-Python-binary-where-relevant.patch was missing from the spec file. it is also moot, so I added it back.

ktdreyer commented 4 months ago

I built this with mock locally and it works great. My test suite for my application passes with this. Thanks.

churchyard commented 4 months ago

Waiting for the CI scratch build to finish before merging. Koji seems kinda slow.

gotmax23 commented 4 months ago

I worked on a different approach in https://src.fedoraproject.org/fork/gotmax23/rpms/python3-rpm/commits/epel8-sync that takes the sources directly from the RHEL 8 SRPM. I'm not a fan of trying to reproduce the RHEL 8 sources from c8s, but I guess it works. Feel free to choose whichever approach makes the most sense to you.

churchyard commented 4 months ago

Waiting for the CI scratch build to finish before merging. Koji seems kinda slow.

FTR Koji was updated and there are database problems, it may take a while.

churchyard commented 4 months ago

Feel free to choose whichever approach makes the most sense to you.

Here we see individual commits which seem easier to debug if there is a regression. Also, when RHEL 8.10 is out, we will use this anyway (sans the lowered release number). Thanks for demonstrating an alternate approach -- I have considered it as well, but I prefer this one.

Pull-Request has been merged by churchyard

4 months ago