- precalculate the message length, relying on C99 vsnprintf() semantics
- generate the log message and rest of the record in rpmlog() already,
and just pass the record to lower level to do actual logging
- also something was wrong in the old version as valgrind complained
about illegal reads, that is also cured here
- nothing at all uses this, dont bother
- if plaintext size of digests is needed, the correct place to calculate
it is in the digest routines, not manual beancounting all over the place
- PKCS#11 standard requires modules to be re-initialized after fork(),
arrange this to occur automatically.
- Most of the time child processes will exec() something else so dont
bother shutting down NSS for every child, only lazily re-initialize
as needed.
- This lets us initialize NSS early to force preloading of its dlopen()'ed
libraries to avoid issues on chroot(), without causing problems to API
users which fork() after initializing rpm (such as func, urpmi etc).
- define %_rpmconfigdir via %getconfdir in the main macro config, this
avoids it getting lost on macro reloads as happens when building
several packages at once
- new pgpVerifySig() call to perform the lowlevel verify, use for
verifying DSA/RSA signatures
- librpm is now free of NSS specifics (apart from what still leaks through
including rpmio/digest.h), remove linkage
- allocate+free digests locally where needed, pass around in separate argument
- use digest bundles to handle rpmVerifySignatures() needs
- kill-kill-kill fdStealDigest(), dup the contexts from bundles as needed
- in various places we need to calculate different digests of the same
data, having them stored in a single container makes managing easier
- can hold as many digest types as we support
- remembers how much input data it has handled
- "lzma alone" is superseeded by XZ but it's used by Suse and Mandriva
distros so it's nice to have as it doesn't need much, only open differs
from XZ
- rpmlib() dependency versions are an uuuuuuuugly mess here: Suse used
"PayloadIsLzma = 4.4.2-1" so that's what we provide to be most compatible
(hopefully). Built packages require "PayloadIsLzma <= 4.4.6-1" however
to be compatible with Mandriva 2008.0. Did I already say it's ugly?
- Based on similar patch in Mandriva by Per Øyvind Karlsen, but avoiding
unnecessary renames in rpmio
- what we support now in payloads is XZ, not the former LZMA format, rename
user- and header-visible parts to match this
- rpmlib(PayloadIsXz) dependency versioned 5.2-1 to avoid unnecessary
incompatibility with what rpm5 has and what Mandriva is already using
- only provide the rpmlib dependency if actually built with xz support
- rpmFileIsCompressed() attempts to guess the magicless old lzma format
by file suffix, so it can handle both right now
- sha1(len) and md5(len) are only needed and used locally in
verify[DR]SASignature(), no point carrying them around in pgpDig
- use wrapper function to hide type differences between rpm and NSS
- add %verify(nofiledigest) as %verify(nomd5) file attribute alias
- reference digests as digests not checksums
- make old md5 related symbols obsolete and use newer reference
- update man page accordingly
- retrieve global state, init if needed
- inspired by rpm5.org, details differ
- use it for initialisation in rpmrc instead of abusing rpmluaGetPrintBuffer
- since NSS is allergic (ie becomes non-functional) after forking, delay
it's initialization until really needed, ie lazy init in rpmDigestInit()
- however as NSS init can fail if attempted in completely empty chroot,
we force crypto init to happen at transaction set create time, forking
past that is pretty much doomed anyway
- this is the other half of the fix for rhbz#476737, and similar case
noticed by Pixel in Mandriva (due to urpm forking)
- this can happen if NSS is not properly initialized, such as after
forking
- partial fix to rhbz#476737 (as in "doesn't crash"), deeper issue is
that NSS init needs to be done later than we do now
Panu Matilainen