From ec7c205ba87273419b485de86543779642ff40f1 Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Thu, 17 Jan 2019 14:37:16 +0100 Subject: [PATCH 1/7] Add backward compatibility with pygpgme This brings back old pygpgme support (when python2-gpg is not available) removed by commit 2996c09, allowing the upstream version of yum to work on CentOS/RHEL <= 7 again. --- test/pubringtests.py | 6 ++++- yum.spec | 7 +++++- yum/misc.py | 57 +++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 67 insertions(+), 3 deletions(-) diff --git a/test/pubringtests.py b/test/pubringtests.py index 44e5ca2d..dda38796 100644 --- a/test/pubringtests.py +++ b/test/pubringtests.py @@ -1,11 +1,11 @@ import unittest -import gpg import os import shutil import tempfile import time from yum import misc +from yum.misc import gpg PWD = os.path.dirname(os.path.abspath(__file__)) KEYDIR = '%s/gpg' % PWD @@ -26,6 +26,10 @@ def setUp(self): self.ctx = gpg.Context() def tearDown(self): + if isinstance(gpg, misc.GpgmeAdapter): + shutil.rmtree(self.gpgdir) + return + # Ask gpg-agent to quit (copied from the gpgme test suite). If we # didn't do this, shutil.rmtree() could fail when deleting some of the # sockets due to them already being gone. That's because gpg-agent diff --git a/yum.spec b/yum.spec index 63b3bb57..3fbb8c80 100644 --- a/yum.spec +++ b/yum.spec @@ -83,7 +83,13 @@ BuildRequires: rpm-python, rpm >= 0:4.4.2 BuildRequires: python-iniparse BuildRequires: python-urlgrabber >= 3.10-8 BuildRequires: yum-metadata-parser >= 1.1.0 +%if 0%{?rhel} +BuildRequires: pygpgme +Requires: pygpgme +%else BuildRequires: python2-gpg +Requires: python2-gpg +%endif # End of CheckRequires Conflicts: pirut < 1.1.4 Requires: python >= 2.4 @@ -91,7 +97,6 @@ Requires: rpm-python, rpm >= 0:4.4.2 Requires: python-iniparse Requires: python-urlgrabber >= 3.10-8 Requires: yum-metadata-parser >= 1.1.0 -Requires: python2-gpg # rawhide is >= 0.5.3-7.fc18 ... as this is added. Requires: pyliblzma # Not really a suggests anymore, due to metadata using it. diff --git a/yum/misc.py b/yum/misc.py index fd24221d..3d6b23d7 100644 --- a/yum/misc.py +++ b/yum/misc.py @@ -18,7 +18,6 @@ import pgpmsg import tempfile import glob -import gpg import pwd import fnmatch import bz2 @@ -36,6 +35,62 @@ from rpmUtils.miscutils import stringToVersion, flagToString from stat import * + +class GpgmeAdapter(object): + """Wrapper for the old gpg API.""" + + class errors(object): + class GPGMEError(Exception): + pass + class BadSignatures(Exception): + pass + + class Context(object): + def __init__(self): + self.ctx = gpgme.Context() + + def __enter__(self): + return self + + def __exit__(self, *args): + pass + + def op_import(self, rawkey): + keyf = StringIO(rawkey) + imp = self.ctx.import_(keyf) + keyf.close() + # Ultimately trust the key + fpr = imp.imports[0][0] + key = self.ctx.get_key(fpr) + gpgme.editutil.edit_trust(self.ctx, key, gpgme.VALIDITY_ULTIMATE) + + def verify(self, signed_text, sig, plaintext): + try: + sigs = self.ctx.verify(sig, signed_text, plaintext) + except gpgme.GpgmeError as e: + raise GpgmeAdapter.errors.GPGMEError() + # is there ever a case where we care about a sig beyond the first + # one? + if not sigs or not sigs[0] or sigs[0].validity not in ( + gpgme.VALIDITY_FULL, gpgme.VALIDITY_MARGINAL, + gpgme.VALIDITY_ULTIMATE): + raise GpgmeAdapter.errors.BadSignatures() + + def __getattr__(self, name): + return getattr(self.ctx, name) + + def __getattr__(self, name): + return getattr(gpgme, name) + +try: + # Official GnuPG Python binding (not available on CentOS/RHEL <= 7) + import gpg +except ImportError: + # Alternative fallback implementation (not available on Fedora any more) + import gpgme + import gpgme.editutil + gpg = GpgmeAdapter() + try: import hashlib _available_checksums = set(['md5', 'sha1', 'sha256', 'sha384', 'sha512']) From 9dde5c6b75e4d0b92acba57082546bf3b4812049 Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Tue, 9 May 2017 14:31:19 +0200 Subject: [PATCH 2/7] Spec file: Fix yum.conf installation Source1 was never defined in the upstream spec file (so building an RPM would fail). In Fedora, we use it to override the upstream yum.conf with our own. As upstream should rather be distro-agnostic, let's just stick with the defaults here. --- yum.spec | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/yum.spec b/yum.spec index 3fbb8c80..6613b4e9 100644 --- a/yum.spec +++ b/yum.spec @@ -257,14 +257,13 @@ INIT=sysv make DESTDIR=$RPM_BUILD_ROOT UNITDIR=%{_unitdir} INIT=$INIT install -install -m 644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/yum.conf mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/yum/pluginconf.d $RPM_BUILD_ROOT/%{yum_pluginslib} mkdir -p $RPM_BUILD_ROOT/%{yum_pluginsshare} %if %{move_yum_conf_back} # for now, move repodir/yum.conf back mv $RPM_BUILD_ROOT/%{_sysconfdir}/yum/repos.d $RPM_BUILD_ROOT/%{_sysconfdir}/yum.repos.d -rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/yum/yum.conf +mv $RPM_BUILD_ROOT/%{_sysconfdir}/yum/yum.conf $RPM_BUILD_ROOT/%{_sysconfdir}/yum.conf %endif %if %{yum_updatesd} From 387685e23f50860137bb96c201e3e515a4f6c17c Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Tue, 9 May 2017 14:37:43 +0200 Subject: [PATCH 3/7] Makefile: add rpm target Mostly useful for development. --- .gitignore | 1 + Makefile | 21 ++++++++++++++++++++- README | 7 +++++++ 3 files changed, 28 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 85decd58..f9933a15 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ docs/sphinxdocs/_build .project .pydevproject asthelper.completions +build diff --git a/Makefile b/Makefile index 9389aa89..9b2b925e 100644 --- a/Makefile +++ b/Makefile @@ -11,10 +11,15 @@ PYTHON=python WEBHOST = yum.baseurl.org WEB_DOC_PATH = /srv/projects/yum/web/download/docs/yum-api/ +BUILDDIR = build +MOCK_CONF = epel-7-x86_64 + all: subdirs clean: rm -f *.pyc *.pyo *~ *.bak + rm -f $(BUILDDIR)/{SOURCES,SRPMS,RPMS}/* + mock -r $(MOCK_CONF) --clean for d in $(SUBDIRS); do make -C $$d clean ; done cd test; rm -f *.pyc *.pyo *~ *.bak @@ -58,7 +63,7 @@ transifex: make transifex-push git commit -a -m 'Transifex push, yum.pot update' -.PHONY: docs test +.PHONY: docs test srpm rpm DOCS = yum rpmUtils callback.py yumcommands.py shell.py output.py cli.py utils.py\ yummain.py @@ -122,3 +127,17 @@ _archive: @rm -rf /tmp/${PKGNAME}-$(VERSION) @echo "The archive is in ${PKGNAME}-$(VERSION).tar.gz" +### RPM packaging ### + +$(BUILDDIR): + @mkdir -p $@/{SOURCES,SRPMS,RPMS} + +srpm: archive $(BUILDDIR) + @cp $(PKGNAME)-$(VERSION).tar.gz $(BUILDDIR)/SOURCES/ + @rpmbuild --define '_topdir $(BUILDDIR)' -bs yum.spec + +rpm: srpm + @mock -r $(MOCK_CONF) --resultdir=$(BUILDDIR)/RPMS \ + --no-clean --no-cleanup-after \ + $(BUILDDIR)/SRPMS/$(PKGNAME)-$(VERSION)-$(RELEASE).src.rpm + @echo "The RPMs are in $(BUILDDIR)/RPMS" diff --git a/README b/README index c3570fdf..36a4d771 100644 --- a/README +++ b/README @@ -33,3 +33,10 @@ wiki: http://yum.baseurl.org/wiki Starting commit is roughly: a3c91d7f6a15f31a42d020127b2da2877dfc137d E.g. git diff a3c91d7f6a15f31a42d020127b2da2877dfc137d +Development: + +You can build an RPM package by running: + +$ make rpm + +Note: Make sure you have mock and lynx installed. From ae33e38b623d5440c260487957b5914e94608bb1 Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Tue, 23 May 2017 10:55:07 +0200 Subject: [PATCH 4/7] Rename bin/yum.py to bin/yum This allows for running the binary from the source tree (with PYTHONPATH set to the tree). Previously, the binary would try to import itself when it calls "import yum" instead of the top-level package "yum" (the script directory is inserted _before_ PYTHONPATH in sys.path). --- Makefile | 2 +- bin/{yum.py => yum} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename bin/{yum.py => yum} (100%) diff --git a/Makefile b/Makefile index 9b2b925e..afa3b409 100644 --- a/Makefile +++ b/Makefile @@ -36,7 +36,7 @@ install: $(PYTHON) -c "import compileall; compileall.compile_dir('$(DESTDIR)/usr/share/yum-cli', 1, '/usr/share/yum-cli', 1)" mkdir -p $(DESTDIR)/usr/bin $(DESTDIR)/usr/sbin - install -m 755 bin/yum.py $(DESTDIR)/usr/bin/yum + install -m 755 bin/yum $(DESTDIR)/usr/bin/yum install -m 755 bin/yum-updatesd.py $(DESTDIR)/usr/sbin/yum-updatesd mkdir -p $(DESTDIR)/var/cache/yum diff --git a/bin/yum.py b/bin/yum similarity index 100% rename from bin/yum.py rename to bin/yum From 8aafe94a591f3ea75c0cdac2169c80c0759de8f1 Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Fri, 11 May 2018 19:20:59 +0200 Subject: [PATCH 5/7] README: convert to markdown --- README | 42 ------------------------------------------ README.md | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ yum.spec | 2 +- 3 files changed, 51 insertions(+), 43 deletions(-) delete mode 100644 README create mode 100644 README.md diff --git a/README b/README deleted file mode 100644 index 36a4d771..00000000 --- a/README +++ /dev/null @@ -1,42 +0,0 @@ -------------------------------------- -Yum - an automatic updater and installer for rpm-based systems -------------------------------------- - -Included programs: -/usr/bin/yum Main program - -Basic usage description follows: - -Yum is run with one of the following options: - - - update [package list] - If run without any packages, Yum will automatically upgrade every - currently installed package. If one or more packages are - specified, Yum will only update the packages listed. - - - install - Yum will install the latest version of the specified package - (don't specify version information). - - - remove - Yum will remove the specified packages from the system. - - - yum list [package list] - List available packages - -See the man page for more information (man yum) -Also see the webpage and wiki for more information: -web page: http://yum.baseurl.org/ -wiki: http://yum.baseurl.org/wiki - -3.2.X Branch - yum-3_2_X - Starting commit is roughly: a3c91d7f6a15f31a42d020127b2da2877dfc137d - E.g. git diff a3c91d7f6a15f31a42d020127b2da2877dfc137d - -Development: - -You can build an RPM package by running: - -$ make rpm - -Note: Make sure you have mock and lynx installed. diff --git a/README.md b/README.md new file mode 100644 index 00000000..9f95f711 --- /dev/null +++ b/README.md @@ -0,0 +1,50 @@ +# YUM + +Yum is an automatic updater and installer for rpm-based systems. + +Included programs: + + /usr/bin/yum Main program + +## Usage + +Yum is run with one of the following options: + +* `update [package list]` + + If run without any packages, Yum will automatically upgrade every currently + installed package. If one or more packages are specified, Yum will only + update the packages listed. + +* `install ` + + Yum will install the latest version of the specified package (don't specify + version information). + +* `remove ` + + Yum will remove the specified packages from the system. + +* `list [package list]` + + List available packages. + +See the man page for more information (`man yum`). Also see: + +* web page: http://yum.baseurl.org/ + +* wiki: http://yum.baseurl.org/wiki + +``` +3.2.X Branch - yum-3_2_X + Starting commit is roughly: a3c91d7f6a15f31a42d020127b2da2877dfc137d + E.g. git diff a3c91d7f6a15f31a42d020127b2da2877dfc137d +``` + +## Building + +You can build an RPM package by running: + + $ make rpm + +**Note:** Make sure you have `mock` and `lynx` installed. diff --git a/yum.spec b/yum.spec index 6613b4e9..a0ded5fd 100644 --- a/yum.spec +++ b/yum.spec @@ -410,7 +410,7 @@ exit 0 %files -f %{name}.lang %defattr(-, root, root, -) -%doc README AUTHORS COPYING TODO ChangeLog PLUGINS docs/comps.rng +%doc README.md AUTHORS COPYING TODO ChangeLog PLUGINS docs/comps.rng %if %{move_yum_conf_back} %config(noreplace) %{_sysconfdir}/yum.conf %dir %{_sysconfdir}/yum.repos.d From be6d487a8f0f9e5a8ea46f880a88bc065b60b90e Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Tue, 12 Feb 2019 10:38:37 +0100 Subject: [PATCH 6/7] Makefile: update URL paths After the newly migrated webserver VM, the original links for the PLUGINS and FAQ files no longer work, making "make rpm" fail. Let's replace these with empty files (the upstream spec file is not used for official releases anyway). --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index afa3b409..b13145d2 100644 --- a/Makefile +++ b/Makefile @@ -118,8 +118,8 @@ _archive: @rm -rf ${PKGNAME}-%{VERSION}.tar.gz @rm -rf /tmp/${PKGNAME}-$(VERSION) /tmp/${PKGNAME} @dir=$$PWD; cd /tmp; git clone $$dir ${PKGNAME} - lynx -dump 'http://yum.baseurl.org/wiki/WritingYumPlugins?format=txt' > /tmp/${PKGNAME}/PLUGINS - lynx -dump 'http://yum.baseurl.org/wiki/Faq?format=txt' > /tmp/${PKGNAME}/FAQ + @touch /tmp/${PKGNAME}/PLUGINS + @touch /tmp/${PKGNAME}/FAQ @rm -f /tmp/${PKGNAME}/$(remove_spec) @rm -rf /tmp/${PKGNAME}/.git @mv /tmp/${PKGNAME} /tmp/${PKGNAME}-$(VERSION) From 439e4c232659605223ae2ff9e6064436e72d1ce8 Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Fri, 4 Jan 2019 18:54:02 +0100 Subject: [PATCH 7/7] Add podman-based development support --- Dockerfile | 27 +++++++++++++++++++++++++++ Makefile | 15 ++++++++++++++- README.md | 26 ++++++++++++++++++++++++++ 3 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..235ec63f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,27 @@ +# YUM development image + +FROM centos:7 + +# Set up EPEL +RUN yum install -y \ + epel-release + +# Install useful stuff +RUN yum install -y \ + python-pip \ + python-ipdb \ + ipython \ + vim \ + less +RUN rpm -e --nodeps yum +RUN rm -rf /var/cache/yum +RUN pip install --upgrade pip && pip install pudb + +# Use the yum checkout mounted from the host +ENV PATH=/src/bin:$PATH \ + PYTHONPATH=/src:$PYTHONPATH +RUN ln -s /src/etc/yum.conf /etc/yum.conf +RUN ln -s /src/etc/version-groups.conf /etc/yum/version-groups.conf + +VOLUME ["/src"] +ENTRYPOINT ["/bin/bash"] diff --git a/Makefile b/Makefile index b13145d2..29b66db7 100644 --- a/Makefile +++ b/Makefile @@ -13,6 +13,7 @@ WEB_DOC_PATH = /srv/projects/yum/web/download/docs/yum-api/ BUILDDIR = build MOCK_CONF = epel-7-x86_64 +PODMAN_IMAGE = yum-devel all: subdirs @@ -63,7 +64,7 @@ transifex: make transifex-push git commit -a -m 'Transifex push, yum.pot update' -.PHONY: docs test srpm rpm +.PHONY: docs test srpm rpm shell DOCS = yum rpmUtils callback.py yumcommands.py shell.py output.py cli.py utils.py\ yummain.py @@ -141,3 +142,15 @@ rpm: srpm --no-clean --no-cleanup-after \ $(BUILDDIR)/SRPMS/$(PKGNAME)-$(VERSION)-$(RELEASE).src.rpm @echo "The RPMs are in $(BUILDDIR)/RPMS" + +### Container-based development ### + +$(BUILDDIR)/image: Dockerfile $(BUILDDIR) + podman build -t $(PODMAN_IMAGE) . + @touch $@ + +shell: $(BUILDDIR)/image + @podman run \ + -v=$(CURDIR):/src:ro,z \ + --detach-keys="ctrl-@" \ + -it $(PODMAN_ARGS) $(PODMAN_IMAGE) || true diff --git a/README.md b/README.md index 9f95f711..bd883184 100644 --- a/README.md +++ b/README.md @@ -48,3 +48,29 @@ You can build an RPM package by running: $ make rpm **Note:** Make sure you have `mock` and `lynx` installed. + +## Development + +You can run Yum from the current checkout in a container as follows (make sure +you have the `podman` package installed): + + $ make shell + +This will first build a CentOS 7 image (if not built already) and then run a +container with a shell where you can directly execute Yum: + + [root@bf03d3a43cbf /] yum + +When you edit the code on your host, the changes you make will be immediately +reflected inside the container since the checkout is bind-mounted. + +**Warning:** There's a (probably) bug in podman at the moment which makes it +not see symlinks in a freshly created container, which, in turn, makes Yum not +see the `/etc/yum.conf` symlink when it runs for the first time. The +workaround is to `touch /etc/yum.conf` or simply re-run Yum. + +**Note:** When you exit the container, it is not deleted but just stopped. To +re-attach to it, use (replace the ID appropriately): + + $ podman start bf03d3a43cbf + $ podman attach bf03d3a43cbf