packages:rpm
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
packages:rpm [2021-02-06 19:17] – fix long opt formatting glen | packages:rpm [2025-02-27 13:03] (current) – arekm | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== RPM Package ====== | ====== RPM Package ====== | ||
+ | |||
+ | ===== rpm 4.20, sequoia OpenPGP and old packages ===== | ||
+ | |||
+ | TL;DR Packages with non-conformant OpenPGP signatures must be | ||
+ | resinstalled with --nosignature. | ||
+ | |||
+ | rpm 4.20 dropped the venerable rpmpgp custom library in favor of | ||
+ | rpm-sequoia (https:// | ||
+ | sequoia is much stricter in validating signatures and fail if the | ||
+ | format is non-conformat to the standard. What it means is that | ||
+ | packages built with rpm5 cannot be installed and ones already | ||
+ | installed will cause errors and must be reinstalled. | ||
+ | |||
+ | The former problem is fixed, All packages in main PLD Th repo have been re-signed. | ||
+ | |||
+ | The later is more involved, because rpm will barf without telling | ||
+ | which package ails it. | ||
+ | |||
+ | The easiest way to check if your system is affeted is to run | ||
+ | ''< | ||
+ | if you see errors like those at the end of this message. | ||
+ | In case you do, just run the below command, which will reinstall rpm packages (packages on ftp | ||
+ | were re-signed to correct signatures). | ||
+ | |||
+ | LC_ALL=C rpm -Va --nofiledigest --nofiles --nodigest 2>&1 | \ | ||
+ | grep ' | ||
+ | LC_ALL=C xargs -r rpm -q --qf=' | ||
+ | grep -vE ' | ||
+ | xargs -r poldek --reinstall --pmopt=--nosignature | ||
+ | | ||
+ | If you get errors about some packages not available (on ftp) from poldek then try reinstalling one by one: | ||
+ | |||
+ | [...] (like above) | ||
+ | xargs -n 1 -r poldek --reinstall --pmopt=--nosignature | ||
+ | | ||
+ | And possibly uninstall packages that are no longer available and are not needed. | ||
+ | |||
+ | |||
+ | Final words - while we could stick to rpmpgp_legacy library for now, | ||
+ | since it still can be used after going through some hoops, it will not | ||
+ | be pssible in the future, so let's deal with this now. | ||
+ | |||
+ | Sample errors: | ||
+ | |||
+ | error: rpmdbNextIterator: | ||
+ | Header DSA signature: BAD (header tag 267: invalid OpenPGP signature: Parsing an OpenPGP packet: | ||
+ | Failed to parse Signature Packet | ||
+ | because: Signature appears to be created by a non-conformant OpenPGP implementation, | ||
+ | because: Malformed MPI: leading bit is not set: expected bit 8 to be set in | ||
+ | Header SHA1 digest: OK | ||
+ | |||
+ | |||
+ | error: Verifying a signature, but no certificate was provided: | ||
+ | Signature fcf4 created at Thu Aug 16 07:33:10 2018 invalid: signature is not alive | ||
+ | because: Expired on 2018-09-15T07: | ||
+ | error: rpmdbNextIterator: | ||
+ | Header V4 DSA/SHA1 Signature, key ID 61ac3fd4: BAD | ||
+ | Header SHA1 digest: OK | ||
===== rpm5 to rpm.org rpm porting status ===== | ===== rpm5 to rpm.org rpm porting status ===== | ||
Line 20: | Line 78: | ||
* The rpm database format changes from Berkeley DB to SQLite, conversion is automatic after rpm package set update. Backup of the old database is saved as ''/ | * The rpm database format changes from Berkeley DB to SQLite, conversion is automatic after rpm package set update. Backup of the old database is saved as ''/ | ||
- | * Users who have a particular need to stay on Berkeley DB backend can still do so by overriding the configuration manually (eg. '' | + | * Users who have a particular need to stay on Berkeley DB backend can still do so by overriding the configuration manually (eg. '' |
* It is also possible to convert back bu overriding '' | * It is also possible to convert back bu overriding '' | ||
<note warning> | <note warning> | ||
</ | </ | ||
+ | |||
+ | ==== Repackage support ==== | ||
+ | |||
+ | <note warning> | ||
==== Python bindings ==== | ==== Python bindings ==== | ||
Line 46: | Line 108: | ||
===== Spec development ===== | ===== Spec development ===== | ||
- | * rpm.org rpm generates '' | + | * rpm.org rpm generates '' |
* Patch is now run with '' | * Patch is now run with '' | ||
* Package file checksum digests are now SHA256 based, if you need to keep previous behaviour, define '' | * Package file checksum digests are now SHA256 based, if you need to keep previous behaviour, define '' |
packages/rpm.1612635433.txt.gz · Last modified: 2021-02-06 19:17 by glen