]> code.ossystems Code Review - openembedded-core.git/commitdiff
Code Review / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: c82557d)
rpm: disable external key server
authoryzhu1 <yanjun.zhu@windriver.com>
Wed, 8 Jul 2015 03:30:57 +0000 (11:30 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 8 Jul 2015 12:14:06 +0000 (13:14 +0100)
When RPM experiences a signed package, with a signature that it does NOT know.
By default it will send the -fingerprint- (and only the 16 digit fingerprint)
to an external HKP server, trying to get the key down.

This is probably not a reasonable default behavior for the system to do,
instead it should simply fail the key lookup.  If someone wants to enable the
HKP server it's easy enough to do by enabling the necessary macros.

Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch [new file with mode: 0644] patch | blob
meta/recipes-devtools/rpm/rpm_5.4.14.bb patch | blob | history

diff --git a/meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch b/meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch
new file mode 100644 (file)
index 0000000..07a0cfa
--- /dev/null
+++ b/meta/recipes-devtools/rpm/rpm/rpm-macros.in-disable-external-key-server.patch
@@ -0,0 +1,27 @@
+disable external key server
+
+Upstream-Status: Pending
+
+When RPM experiences a signed package, with a signature that it does NOT know.
+By default it will send the -fingerprint- (and only the 16 digit fingerprint) to
+an external HKP server, trying to get the key down.
+
+This is probably not a reasonable default behavior for the system to do, instead
+it should simply fail the key lookup.  If someone wants to enable the HKP server
+it's easy enough to do by enabling the necessary macros.
+
+Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+--- a/macros/macros.in
++++ b/macros/macros.in
+@@ -546,8 +546,8 @@ $_arbitrary_tags_tests     Foo:Bar
+ # Horowitz Key Protocol server configuration
+ #
+ #%_hkp_keyserver         hkp://keys.n3npq.net
+-%_hkp_keyserver         hkp://pool.sks-keyservers.net
+-%_hkp_keyserver_query   %{_hkp_keyserver}/pks/lookup?op=get&search=
++#%_hkp_keyserver         hkp://pool.sks-keyservers.net
++#%_hkp_keyserver_query   %{_hkp_keyserver}/pks/lookup?op=get&search=
+ %_nssdb_path  /etc/pki/nssdb
diff --git a/meta/recipes-devtools/rpm/rpm_5.4.14.bb b/meta/recipes-devtools/rpm/rpm_5.4.14.bb
index 2e17a9113775835522acd0dec3a0885cf1d0e679..bff0687e6c77fff8189537e2bd5555f91f44c8fa 100644 (file)
--- a/meta/recipes-devtools/rpm/rpm_5.4.14.bb
+++ b/meta/recipes-devtools/rpm/rpm_5.4.14.bb
@@ -94,6 +94,7 @@ SRC_URI = "http://www.rpm5.org/files/rpm/rpm-5.4/rpm-5.4.14-0.20131024.src.rpm;e
           file://no-ldflags-in-pkgconfig.patch \
           file://rpm-lua-fix-print.patch \
           file://rpm-check-rootpath-reasonableness.patch \
+          file://rpm-macros.in-disable-external-key-server.patch \
          "
 
 # Uncomment the following line to enable platform score debugging
Mirror of the official openembedded-core repository