NSS is a behemoth of a library which drags in a whole runtime subsystem
of its own which is often at odds with normal Unix system behavior
(hello SIGPIPE). Now that we have nicer alternatives available there's
little reason to lug this baggage along. NSS was deprecated in rpm 4.16
(commit 0b9efb93fb).
Adding a new header just for this seems a bit much but we'll be adding
stuff there shortly.
No functional changes as such, this is prerequisite for supporting
version comparison in expressions.
In the three years that LMDB support has been in the tree, and four
since upstream promised 1.0.0 in a couple of months, there have been
no upstream changes towards eliminating the key size limitations that
we need. And in the meanwhile it has become clearer that LMDB is not
the promised land it seemed on the outset, instead it has issues
like requiring the database size to be pre-determined (#902).
Drop support for LMDB, there's active development going on in the area
of database backends and we cannot afford to drag along an experimental
backend that is blocked on upstream design limitations and shows no signs
of moving forward. We can always bring it back if the upstream situation
changes.
Rename to rpmExprBool/Str() for namespace's sake, drop internal
visibility and move to librpmio for wider usability.
No functional changes here but needed for the next step.
The signing library is separated from librpm and librpmbuild
specifically so it can have more exotic dependencies than is
desireable for librpm, ditto for plugin existence. However
rpmSignFiles() being in librpm drags that libimaevm dependency
to main rpm for no good reason at all. Move it where it belongs,
does not actually affect functionality.
- The basic concept is not without merit but what was implemented here
has been stuck in experimental state in middle of two sorta conflicting
goals for four years now, and world has moved onward in the meanwhile.
The sepolicy part is better handled in the new selinux plugin, and other
action business belongs to packages (in the form of some trigger-like
scripts or such) rather than rpm plugins.
- Deleted here, but the sepolicy plugin functionality still needs
merging into the new selinux plugin...
- RPMTAG_COLLECTIONS left in place but tagged unimplemented as per policy
to never actually remove tags
- This stuff doesn't belong in rpmfi, rpmte, psm or anywhere else either.
Invent a new dark hole to shove it into...
- No functional changes as such, just shuffling things around.
- Add popt exec aliases to rpmdb for backwards compatibility
- Change test-suite to use 'rpmdb --initdb' instead of 'rpm --initdb'
as popt exec aliases with absolute paths dont play very well
with the test-suite, duh...
- rpmdb maintenance only requires privileges on the rpmdb directory,
not elsewhere on the system. Splitting to separate tool allows
finer grained SELinux policies and makes adding new db-specific
switches saner.
- Keyring operations (adding/viewing/removing keys and verifying
packages against a given keyring) are different from main rpm operations
in that they only need access to the rpm keyring, and no write access
anywhere else in the system. At the moment the rpm keyring happens
to be the rpmdb but that's just an implementation detail that is
likely to change sooner or later. Besides paving way to separating
the rpm keyring from the rpmdb, splitting this to a small, separate
utility allows limiting its required access from SELinux POV etc.
- For now, this only implements what's already in rpm: --import and
--checksig, remaining operations like listing and manipulating
keyring contents is left as an exercise for another day...
- Signing (and deleting) are different from everything else in rpm
in that it needs very little of rpm's facilities. For example access
to the rpmdb is not needed at all. Splitting this to a separate,
small utility allows various possibilities, like severely limiting
its access from SELinux POV, control of signature generation with
cli arguments (the main rpm executable is already overcrowded with
options). It's also the first step to allow reasonably splitting
rpm signing to a separate package; not everybody needs to sign
packages, yet signing support needs to drag in GPG and whatnot.
- Reimplement / refactor various librpm signature generation helpers
into somewhat saner internal versions.
- Make a copy of the entire rpmqv.c source to rpmbuild.c and switch
make to use the new copy. No functional changes. Making a copy first
means we get much easier to follow patch-series on the changes
that will follow.
- Chroot is a process global state so it needs to be tracked globally.
A process can (in theory) have several transaction sets, each with
different roots (although only one can be active at any time), so
associating the chroot state with transaction set (as currently done)
is not right.
- "Reference count" chroot entering and exiting so callers dont need
to track the state changes individually when they need to go
in and out of chroot if not already done.
- This should probably go to librpmio eventually but as there are no
needs outside librpm currently, keeping this internal so we're free
to fiddle with the api if necessary
- Besides there not being much point in having a separate source + header
for a small single function, this fixes build on case-insensitive
systems such as Mac OS X.
Panu Matilainen