Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: rpm-software-management/dnf
base: 4.18.1
Choose a base ref
...
head repository: rpm-software-management/dnf
compare: 4.18.2
Choose a head ref
  • 11 commits
  • 12 files changed
  • 5 contributors

Commits on Nov 14, 2023

  1. Fix typo in test file

    @firefly-cpp @m-blaha
    firefly-cpp authored and m-blaha committed Nov 14, 2023
    Configuration menu
    Copy the full SHA
    3f8a560 View commit details
    Browse the repository at this point in the history

Commits on Nov 15, 2023

  1. DNS key verification: Fix parsing an armored PGP key 

    A PGP armor message can contain any amount of headers. Up to Fedora 38
there was one:

  -----BEGIN PGP PUBLIC KEY BLOCK-----
  Version: rpm-4.18.0-beta1

  mQINBGIC2cYBEADJye1aE0AR17qwj6wsHWlCQlcihmqkL8s4gbOk1IevBbH4iXJx
  [...]
  =CHKS
  -----END PGP PUBLIC KEY BLOCK-----

Since Fedora 39 there is none:

  -----BEGIN PGP PUBLIC KEY BLOCK-----

  mQINBGLykg8BEADURjKtgQpQNoluifXia+U3FuqGCTQ1w7iTqx1UvNhLX6tb9Qjy
  l/vjl1iXxucrd2JBnrT/21BdtaABhu2hPy7bpcGEkG8MDinAMZBzcyzHcS/JiGHZ
  [...]
  =CHKS
  -----END PGP PUBLIC KEY BLOCK-----

RpmImportedKeys._query_db_for_gpg_keys() assumed exactly one header.
As a result if gpgkey_dns_verification configuration option was true,
DNF reported that Fedora 39 keys was revoked because the key
misextratracted from RPM database did not match a key in DNS:

    # dnf-3 upgrade
    DNSSEC extension: Testing already imported keys for their validity.
    DNSSEC extension: GPG Key [email protected] has been revoked and should be removed immediately

This patch implements skipping all armor headers.

https://bugzilla.redhat.com/show_bug.cgi?id=2249380
    @ppisar @jan-kolarik
    ppisar authored and jan-kolarik committed Nov 15, 2023
    Configuration menu
    Copy the full SHA
    49feb22 View commit details
    Browse the repository at this point in the history

  2. DNS key verification: Fix handling keys without an e-mail address 

    If an PGP key is stored in an RPM database without a "packager" RPM
header, or without an e-mail address there, DNS verification crashed
on converting the undefined address into a DNS domain. That was the
case of Fedora 13 key:

    # dnf-3 upgrade
    Traceback (most recent call last):
      File "/usr/bin/dnf-3", line 62, in <module>
        main.user_main(sys.argv[1:], exit_code=True)
      File "/usr/lib/python3.12/site-packages/dnf/cli/main.py", line 201, in user_main
        errcode = main(args)
                  ^^^^^^^^^^
      File "/usr/lib/python3.12/site-packages/dnf/cli/main.py", line 67, in main
        return _main(base, args, cli_class, option_parser_class)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3.12/site-packages/dnf/cli/main.py", line 106, in _main
        return cli_run(cli, base)
               ^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3.12/site-packages/dnf/cli/main.py", line 122, in cli_run
        cli.run()
      File "/usr/lib/python3.12/site-packages/dnf/cli/cli.py", line 1040, in run
        self._process_demands()
      File "/usr/lib/python3.12/site-packages/dnf/cli/cli.py", line 741, in _process_demands
        self.base.fill_sack(
      File "/usr/lib/python3.12/site-packages/dnf/base.py", line 403, in fill_sack
        dnf.dnssec.RpmImportedKeys.check_imported_keys_validity()
      File "/usr/lib/python3.12/site-packages/dnf/dnssec.py", line 286, in check_imported_keys_validity
        keys = RpmImportedKeys._query_db_for_gpg_keys()
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3.12/site-packages/dnf/dnssec.py", line 276, in _query_db_for_gpg_keys
        email = re.search('<(.*@.*)>', packager).group(1)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib64/python3.12/re/__init__.py", line 177, in search
        return _compile(pattern, flags).search(string)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    TypeError: expected string or bytes-like object, got 'NoneType'

This patch defends the crash at two places: In
_query_db_for_gpg_keys() because here we know a NEVRA of the key
and can produce a meaningful message. And in _cache_miss() because
we can get there independenly and called email2location() would also
crash.
    @ppisar @jan-kolarik
    ppisar authored and jan-kolarik committed Nov 15, 2023
    Configuration menu
    Copy the full SHA
    53a5a93 View commit details
    Browse the repository at this point in the history

  3. DNS key verification: Fix caching negative responses 

    If a user had installed multiple keys for the same e-mail address in
an RPM database, and no records for the address existed in DNS, DNF
validated the first key correctly, but reported that the other key is
revoked:

    # rpm -q gpg-pubkey --qf '%{packager} %{nevra}\n' |grep nokey
    nokey1 <[email protected]> gpg-pubkey-7460757e-6553a6ab
    nokey2 <[email protected]> gpg-pubkey-c8d04ba8-6553a6b1
    # dnf-3 upgrade
    DNSSEC extension: Testing already imported keys for their validity.
    DNSSEC extension: GPG Key [email protected] has been revoked and should be removed immediately

The cause was a wrong test for a cached negative reponse. This patch
fixes it.

https://bugzilla.redhat.com/show_bug.cgi?id=2249380
    @ppisar @jan-kolarik
    ppisar authored and jan-kolarik committed Nov 15, 2023
    Configuration menu
    Copy the full SHA
    5d95553 View commit details
    Browse the repository at this point in the history

  4. Added feature to allow emitters to invoke on dnf error

    @derickdiaz @jan-kolarik
    derickdiaz authored and jan-kolarik committed Nov 15, 2023
    Configuration menu
    Copy the full SHA
    c59b50e View commit details
    Browse the repository at this point in the history

  5. Checks if emitter is null incase build_emitters throws a ConfigError

    @derickdiaz @jan-kolarik
    derickdiaz authored and jan-kolarik committed Nov 15, 2023
    Configuration menu
    Copy the full SHA
    bbbc19b View commit details
    Browse the repository at this point in the history

  6. Added 'send_error_messages' Boolean Option and updated man docs 

    Added option 'send_error_messages'

Fixed Option String List

Changed option to Boolean
    @derickdiaz @jan-kolarik
    derickdiaz authored and jan-kolarik committed Nov 15, 2023
    Configuration menu
    Copy the full SHA
    d523c19 View commit details
    Browse the repository at this point in the history

  7. Fixed Typo in docs

    @derickdiaz @jan-kolarik
    derickdiaz authored and jan-kolarik committed Nov 15, 2023
    Configuration menu
    Copy the full SHA
    6229c1d View commit details
    Browse the repository at this point in the history

Commits on Nov 30, 2023

  1. Build PR packages in COPR using packit

    @inknos @jan-kolarik
    inknos authored and jan-kolarik committed Nov 30, 2023
    Configuration menu
    Copy the full SHA
    e1ddff2 View commit details
    Browse the repository at this point in the history

  2. Add pre-commit checks

    @inknos @jan-kolarik
    inknos authored and jan-kolarik committed Nov 30, 2023
    Configuration menu
    Copy the full SHA
    cb54681 View commit details
    Browse the repository at this point in the history

Commits on Dec 8, 2023

  1. Release 4.18.2

    @jan-kolarik
    jan-kolarik committed Dec 8, 2023
    Configuration menu
    Copy the full SHA
    1c43d09 View commit details
    Browse the repository at this point in the history