- We wouldn't want anybody to shutdown (or reboot) the system while a
transaction is in progress, it's just that there hasn't been a whole lot
that could've been done about it. Recent systemd versions provide an API to
prevent shutdowns however:
http://www.freedesktop.org/wiki/Software/systemd/inhibit
- Add a simple plugin which, if enabled, tries to acquire a shutdown
inhibitor lock from systemd for the duration of transactionsd. This
could use better error handling and all... but its a start at least.
- Note that D-BUS is required, but only for the plugin, not (lib)rpm.
- VFY_VerifyDigest() has been deprecated since NSS >= 3.12 and for
a good reason too: with VFY_VerifyDigest() caller needs to painfully
enumerate every possible supported enc + hash combination, only for
NSS to revert the process. Use the saner VFY_VerifyDigestDirect()
interface instead and test for its presence in configure.
- This means we now require NSS >= 3.12 but as that's already 4.5 years
old and included in ancient beasts like RHEL-4, this doesn't seem
exactly unreasonable requirement. And then there's always beecrypt...
- Older NSS versions operate on global context, which can cause
all sorts of trouble when an API user tries to use NSS for their
own purposes: eg they might want to use NSS databases which is not
possible once we've initialized NSS with NSS_NoDB_Init(). Further
background on the subject at https://wiki.mozilla.org/NSS_Library_Init
- Use private private NSS context when possible (NSS >= 3.12.5) to
avoid such clashes, but keep support for older versions for now.
- NSS is a big and quirky monster for our needs but that's what we've
been defaulting to for the last years, and then there are those
certifications...
- Also default to external beecrypt even if --with-beecrypt is used
- Fixes fallout from commit f9c69f803f74bd458269c7a06def494ea63387e6:
running these tests with -Wstrict-prototypes causes all these tests
to fail as AC_LANG_PROGRAM() uses an incomplete prototype for
main() :(
- On gcc versions supporting -fstack-protector, not all platforms
support this feature, causing gcc to emit only a warning instead
of an error. Which then causes warning-spew on every compiled file.
Run all the supported flag tests with -Werror to turn the warnings
into errors, there could be other similar cases besides stack protector.
- Patch originally from Arnaud Patard according to this Mandriva commit:
http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages?view=revision&revision=448632
- Commit 4cb02aa928 asked to see
what breaks when mmap() is used, now we know: large package support
broke when enabling it. Could be fixed of course by eg adding
a size cap to the fsm part as well, but just doesn't seem worth it:
I fail to measure any meaningful performance improvement from mmap
usage in either case, and added complexity for what is close to
zero benefit just doesn't make sense... and various sources in fact
note the rpm usage (read through the entire file sequentially) as one
of the cases where mmap() is NOT beneficial due to mmap() high
setup + teardown cost + page fault speed (or lack of thereof).
- These are both "appears to have roughly the intended effect" level
tested, but I'm not really familiar with either bzr or quilt so
any further refinements need to come from people actually familiar
with these tools.
- This adds two main macros (+ bunch of helpers) to automate the
common case tasks in %prep:
1) %autopatch which automatically applies all patches from a spec
2) %autosetup which (optionally) takes care of it all, and (also
optionally) sets up a git/hg repository of the unpacked source +
applied patches as it goes.
- This should be considered a starting point only, there are various
things to improve. Eg we'd like to be able to make backups
with plain patch (based on patch number maybe) and at least with git,
we'd like to be able be (optionally) use 'git am' patching style
to preserve original authors + commit messages etc.
- A noteworthy point here is that as these are fully implemented as
macros, they are compatible with several older rpm versions as well.
- Lump glob.h and glob.c into rpmglob.c in all their g(l)ory libc
decorations and make everything static to stop overriding system
library symbols with our own glob().
Teach %prep and %uncompress how to handle 7zip tarballs, with
the mingw toolchain landing in fedora, this may be useful when
crossbuilding Windows sources compressed using 7zip (CxImage is
one such project).
- WTH are we compiling with -Wno-char-subscripts? This appears to have
been there since the dawn of times, and at least nowadays removing
it causes no new warnings.
- Re-enable -Wstrict-prototypes, either NSS headers have gotten fixed
or GCC has gotten smarter and no longer whines about broken
system headers.
- Unlike bz2 and xz/lz, zlib compression is not tracked by any rpmlib
feature and is part of the original package format really, zlib
simply must be always present.
- it's not rpm's job, not is it possible for rpm to know about
distribution/vendor names and preferences
- use build_vendor as the canonical vendor (affecting %{_vendor} default
and macro + rpmrc paths) unless overridden by --with-vendor=name
- Steps towards separating rpm-python from the main rpm tarball even
though developed within the rpm repository.
- Having the bindings in a separate tarball makes it simpler to build
them for different python versions, notably python 3 (RhBug:531543)
- For now this is really just to allow building statically while
hacking, for "real world" use this has implications on collections
support etc which is not handled by this patch.
This adds a new plugin specifically for a collection to load SELinux
policy. This implements the post_add and pre_remove plugin hooks. The
only time anything happens during the pre_remove hook is if post_add was
not called (i.e. if the transaction only removes policies).
This plugin extracts all the policy information from packages in the
sepolicy collection during the open te hook. It then determines which
policies should be installed/removed based on if the package is being
installed/removed and the type of the policy and the system policy. It
then executes semodule (or uses libsemanage if semodule cannot be
executed or installing in a chroot) to remove and install the necessary
policies. It then reloads the selinux state, reloads the file contexts,
and if necessary, relabels the file system.
This replaces the old matchpathcon interfaces with the new selabel
interfaces for relabeling files, storing an selabel handle in the
transaction set.
With this change, also comes an added distinction between --nocontexts
being specified and a failure to read the load file contexts.
Previously, there was no distinction, and both cases used the
RPMTRANS_FLAG_NOCONTEXTS flag.
However, with the new policy plugin, it is necessary to make such a
distinction. This is because matchpathcon_init (now selabel interfaces)
can fail at the beginning of the transaction, but succeed later after
new policy is installed. Because of this, we may need to enable/disable
RPMTRANS_FLAG_NOCONTEXTS multiple times. However, because this flag
could also mean --nocontexts, we cannot do that. By storing the selabel
handle in the rpmts, we can easily keep track if the handle has been
successfully created, rather than overloading RPMTRANS_FLAG_NOCONTEXTS
with two meanings.
This patch adds a generic plugin, exec.so, that should be sufficient for the
majority of Collection actions. After all packages in a Collection have been
installed/removed, this plugin executes the arguments by calling system(3),
allowing for a very generic and powerful method to perform many actions.
This also adds two sample macros as examples of the format, using the exec.so
plugin.
- move most of the hardwired classification logic from rpmfc C-code
to macro-based configuration, supporting drop-in addition of arbitrary
new attributes + dependency extractors based on regex matching of
libmagic file types and paths
- just the initial rough conversion of our built-in dependency types,
various open questions + todo-items remain, plus likely fair amount
of more-or-less subtle breakage
- Elf dependency extraction code code lifted from rpmfcELF() and refactored
to saner pieces. Having it in separate executable also frees librpmbuild
of libelf dependency, clean up the unnecessary linkage etc from
autofoo
- This lets internal dependency generator for elf files be
overridden without losing file coloring (which is required for
correct multilib handling). It also permits non-native elf files
(eg when cross-building) to be handled by providing a custom
elf dependency helper
- On the flip side, this inevitably slows down builds somewhat as
two fork-exec's are needed for every elf file, but unlike invoking
something like the python interpreter, this is a slim helper...
- All dependency extractors of the internal dependency generator are now
external helpers (how twisted is that, huh? :) and thus can be customized
and filtered through %__foo_provides|requires macros
Panu Matilainen