createrepo: disable RPM signature validation

Disable RPM signature validation so that it is possible to create
package feeds of signed RPM packages without importing the public part
of the signing key into the RPM database. In any case, the signatures
are validated when the packages in the feed are used (e.g. in image
generation of manually installing packages from the feed).

The original idea idea of this patch is from Mark Hatle
<mark.hatle@windriver.com>.

[YOCTO #8134]

Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-support/createrepo/createrepo/dumpMetadata-disable-signature-validation.patch b/meta/recipes-support/createrepo/createrepo/dumpMetadata-disable-signature-validation.patch
new file mode 100644 (file)
index 0000000..905531f
--- /dev/null
+++ b/meta/recipes-support/createrepo/createrepo/dumpMetadata-disable-signature-validation.patch
@@ -0,0 +1,31 @@
+dumpMetadata: disable signature validation
+
+Makes it possible to work on RPM repositories that contain signed packages
+without the need of importing the public part of the signing key into the RPM
+database.
+
+Upstream-Status: Pending
+
+Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
+---
+ dumpMetadata.py | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/dumpMetadata.py b/dumpMetadata.py
+index e40e8ac..ca6a82d 100644
+--- a/dumpMetadata.py
++++ b/dumpMetadata.py
+@@ -92,7 +92,9 @@ def returnHdr(ts, package):
+             fdno = package # let's assume this is an fdno and go with it :)
+     except OSError:
+         raise MDError, "Error opening file"
+-    ts.setVSFlags((rpm.RPMVSF_NOMD5|rpm.RPMVSF_NEEDPAYLOAD))
++    ts.setVSFlags((rpm.RPMVSF_NOMD5|rpm.RPMVSF_NEEDPAYLOAD|
++                   rpm.RPMVSF_NODSA|rpm.RPMVSF_NORSA|
++                   rpm.RPMVSF_NODSAHEADER|rpm.RPMVSF_NORSAHEADER))
+     try:
+         hdr = ts.hdrFromFdno(fdno)
+     except rpm.error:
+-- 
+2.1.4
+

diff --git a/meta/recipes-support/createrepo/createrepo_0.4.11.bb b/meta/recipes-support/createrepo/createrepo_0.4.11.bb
index d6fe436f80aafa15d01be8269cbec76d4fb54b8d..5f9ecf65f3edf9142fef57d44f2fe2c57e44159a 100644 (file)
--- a/meta/recipes-support/createrepo/createrepo_0.4.11.bb
+++ b/meta/recipes-support/createrepo/createrepo_0.4.11.bb
@@ -11,14 +11,15 @@ RDEPENDS_${PN}_class-target = "libxml2-python"
 
 PR = "r9"
 
-SRC_URI= "http://createrepo.baseurl.org/download/${BP}.tar.gz \
-          file://fix-native-install.patch \
-          file://python-scripts-should-use-interpreter-from-env.patch \
-         file://createrepo-rpm549.patch \
-         file://recommends.patch \
-         file://createrepo-dbpath.patch \
-         file://rpm-createsolvedb.py \
-         "
+SRC_URI = "http://createrepo.baseurl.org/download/${BP}.tar.gz \
+           file://fix-native-install.patch \
+           file://python-scripts-should-use-interpreter-from-env.patch \
+           file://createrepo-rpm549.patch \
+           file://recommends.patch \
+           file://createrepo-dbpath.patch \
+           file://dumpMetadata-disable-signature-validation.patch \
+           file://rpm-createsolvedb.py \
+           "
 
 SRC_URI[md5sum] = "3e9ccf4abcffe3f49af078c83611eda2"
 SRC_URI[sha256sum] = "a73ae11a0dcde8bde36d900bc3f7f8f1083ba752c70a5c61b72d1e1e7608f21b"