[main] Adding Mariner's GPG keys to RPM's database in the worker chroot. (#2640)
* Update 'tdnf' to import Mariner GPG keys. * Removing '--assumeyes'.
This commit is contained in:
Pawel Winogrodzki
GitHub
Родитель
b6b8a2e809
Коммит
1c234d6df9
|
|
@ -1,7 +1,7 @@
|
|||
Summary: dnf/yum equivalent using C libs
|
||||
Name: tdnf
|
||||
Version: 3.2.2
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: LGPLv2.1 AND GPLv2
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
|
@ -37,6 +37,7 @@ Requires: curl
|
|||
Requires: libmetalink
|
||||
Requires: libsolv
|
||||
Requires: openssl-libs
|
||||
Requires: rpm
|
||||
Requires: rpm-libs
|
||||
Requires: tdnf-cli-libs = %{version}-%{release}
|
||||
Obsoletes: yum
|
||||
|
|
@ -133,6 +134,12 @@ find %{buildroot} -name '*.pyc' -delete
|
|||
|
||||
%ldconfig_scriptlets
|
||||
|
||||
%triggerin -n %{name} -- mariner-repos-shared
|
||||
for gpg_key in $(rpm -q -l mariner-repos-shared | grep "rpm-gpg")
|
||||
do
|
||||
rpm --import "$gpg_key"
|
||||
done
|
||||
|
||||
%files
|
||||
%license COPYING
|
||||
%defattr(-,root,root,0755)
|
||||
|
|
@ -178,6 +185,9 @@ find %{buildroot} -name '*.pyc' -delete
|
|||
%{_bindir}/tdnf-automatic
|
||||
|
||||
%changelog
|
||||
* Thu Mar 31 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 3.2.2-2
|
||||
- Installing Mariner GPG keys when present/installed.
|
||||
|
||||
* Wed Jan 12 2022 Mateusz Malisz <mamalisz@microsoft.com> - 3.2.2-1
|
||||
- Update to 3.2.2 version
|
||||
- Remove upstreamed patches
|
||||
|
|
|
|||
|
|
@ -193,10 +193,10 @@ krb5-1.19.2-1.cm2.aarch64.rpm
|
|||
curl-7.82.0-1.cm2.aarch64.rpm
|
||||
curl-devel-7.82.0-1.cm2.aarch64.rpm
|
||||
curl-libs-7.82.0-1.cm2.aarch64.rpm
|
||||
tdnf-3.2.2-1.cm2.aarch64.rpm
|
||||
tdnf-cli-libs-3.2.2-1.cm2.aarch64.rpm
|
||||
tdnf-devel-3.2.2-1.cm2.aarch64.rpm
|
||||
tdnf-plugin-repogpgcheck-3.2.2-1.cm2.aarch64.rpm
|
||||
tdnf-3.2.2-2.cm2.aarch64.rpm
|
||||
tdnf-cli-libs-3.2.2-2.cm2.aarch64.rpm
|
||||
tdnf-devel-3.2.2-2.cm2.aarch64.rpm
|
||||
tdnf-plugin-repogpgcheck-3.2.2-2.cm2.aarch64.rpm
|
||||
createrepo_c-0.17.5-1.cm2.aarch64.rpm
|
||||
libxml2-2.9.13-1.cm2.aarch64.rpm
|
||||
libxml2-devel-2.9.13-1.cm2.aarch64.rpm
|
||||
|
|
|
|||
|
|
@ -193,10 +193,10 @@ krb5-1.19.2-1.cm2.x86_64.rpm
|
|||
curl-7.82.0-1.cm2.x86_64.rpm
|
||||
curl-devel-7.82.0-1.cm2.x86_64.rpm
|
||||
curl-libs-7.82.0-1.cm2.x86_64.rpm
|
||||
tdnf-3.2.2-1.cm2.x86_64.rpm
|
||||
tdnf-cli-libs-3.2.2-1.cm2.x86_64.rpm
|
||||
tdnf-devel-3.2.2-1.cm2.x86_64.rpm
|
||||
tdnf-plugin-repogpgcheck-3.2.2-1.cm2.x86_64.rpm
|
||||
tdnf-3.2.2-2.cm2.x86_64.rpm
|
||||
tdnf-cli-libs-3.2.2-2.cm2.x86_64.rpm
|
||||
tdnf-devel-3.2.2-2.cm2.x86_64.rpm
|
||||
tdnf-plugin-repogpgcheck-3.2.2-2.cm2.x86_64.rpm
|
||||
createrepo_c-0.17.5-1.cm2.x86_64.rpm
|
||||
libxml2-2.9.13-1.cm2.x86_64.rpm
|
||||
libxml2-devel-2.9.13-1.cm2.x86_64.rpm
|
||||
|
|
|
|||
|
|
@ -542,13 +542,13 @@ systemd-bootstrap-devel-250.3-2.cm2.aarch64.rpm
|
|||
systemd-bootstrap-rpm-macros-250.3-2.cm2.noarch.rpm
|
||||
tar-1.34-1.cm2.aarch64.rpm
|
||||
tar-debuginfo-1.34-1.cm2.aarch64.rpm
|
||||
tdnf-3.2.2-1.cm2.aarch64.rpm
|
||||
tdnf-autoupdate-3.2.2-1.cm2.aarch64.rpm
|
||||
tdnf-cli-libs-3.2.2-1.cm2.aarch64.rpm
|
||||
tdnf-debuginfo-3.2.2-1.cm2.aarch64.rpm
|
||||
tdnf-devel-3.2.2-1.cm2.aarch64.rpm
|
||||
tdnf-plugin-repogpgcheck-3.2.2-1.cm2.aarch64.rpm
|
||||
tdnf-python-3.2.2-1.cm2.aarch64.rpm
|
||||
tdnf-3.2.2-2.cm2.aarch64.rpm
|
||||
tdnf-autoupdate-3.2.2-2.cm2.aarch64.rpm
|
||||
tdnf-cli-libs-3.2.2-2.cm2.aarch64.rpm
|
||||
tdnf-debuginfo-3.2.2-2.cm2.aarch64.rpm
|
||||
tdnf-devel-3.2.2-2.cm2.aarch64.rpm
|
||||
tdnf-plugin-repogpgcheck-3.2.2-2.cm2.aarch64.rpm
|
||||
tdnf-python-3.2.2-2.cm2.aarch64.rpm
|
||||
texinfo-6.8-1.cm2.aarch64.rpm
|
||||
texinfo-debuginfo-6.8-1.cm2.aarch64.rpm
|
||||
unzip-6.0-19.cm2.aarch64.rpm
|
||||
|
|
|
|||
|
|
@ -542,13 +542,13 @@ systemd-bootstrap-devel-250.3-2.cm2.x86_64.rpm
|
|||
systemd-bootstrap-rpm-macros-250.3-2.cm2.noarch.rpm
|
||||
tar-1.34-1.cm2.x86_64.rpm
|
||||
tar-debuginfo-1.34-1.cm2.x86_64.rpm
|
||||
tdnf-3.2.2-1.cm2.x86_64.rpm
|
||||
tdnf-autoupdate-3.2.2-1.cm2.x86_64.rpm
|
||||
tdnf-cli-libs-3.2.2-1.cm2.x86_64.rpm
|
||||
tdnf-debuginfo-3.2.2-1.cm2.x86_64.rpm
|
||||
tdnf-devel-3.2.2-1.cm2.x86_64.rpm
|
||||
tdnf-plugin-repogpgcheck-3.2.2-1.cm2.x86_64.rpm
|
||||
tdnf-python-3.2.2-1.cm2.x86_64.rpm
|
||||
tdnf-3.2.2-2.cm2.x86_64.rpm
|
||||
tdnf-autoupdate-3.2.2-2.cm2.x86_64.rpm
|
||||
tdnf-cli-libs-3.2.2-2.cm2.x86_64.rpm
|
||||
tdnf-debuginfo-3.2.2-2.cm2.x86_64.rpm
|
||||
tdnf-devel-3.2.2-2.cm2.x86_64.rpm
|
||||
tdnf-plugin-repogpgcheck-3.2.2-2.cm2.x86_64.rpm
|
||||
tdnf-python-3.2.2-2.cm2.x86_64.rpm
|
||||
texinfo-6.8-1.cm2.x86_64.rpm
|
||||
texinfo-debuginfo-6.8-1.cm2.x86_64.rpm
|
||||
unzip-6.0-19.cm2.x86_64.rpm
|
||||
|
|
|
|||
|
|
@ -580,7 +580,7 @@ func initializeTdnfConfiguration(installRoot string) (err error) {
|
|||
|
||||
logger.Log.Debugf("Downloading '%s' package to a clean RPM root under '%s'.", releasePackage, installRoot)
|
||||
|
||||
err = shell.ExecuteLive(squashErrors, "tdnf", "download", "--assumeyes", "--alldeps", "--destdir", installRoot, releasePackage)
|
||||
err = shell.ExecuteLive(squashErrors, "tdnf", "download", "--alldeps", "--destdir", installRoot, releasePackage)
|
||||
if err != nil {
|
||||
logger.Log.Errorf("Failed to prepare the RPM database on downloading the 'mariner-release' package: %v", err)
|
||||
return
|
||||
|
|
|
|||
|
|
@ -269,7 +269,6 @@ func (r *RpmRepoCloner) Clone(cloneDeps bool, packagesToClone ...*pkgjson.Packag
|
|||
|
||||
logger.Log.Debugf("Cloning: %s", pkgName)
|
||||
args := []string{
|
||||
"--assumeyes",
|
||||
"--destdir",
|
||||
chrootDownloadDir,
|
||||
pkgName,
|
||||
|
|
@ -302,7 +301,6 @@ func (r *RpmRepoCloner) WhatProvides(pkgVer *pkgjson.PackageVer) (packageNames [
|
|||
baseArgs := []string{
|
||||
"provides",
|
||||
provideQuery,
|
||||
"--assumeyes",
|
||||
fmt.Sprintf("--disablerepo=%s", allRepoIDs),
|
||||
}
|
||||
|
||||
|
|
@ -425,7 +423,6 @@ func (r *RpmRepoCloner) ClonedRepoContents() (repoContents *repocloner.RepoConte
|
|||
tdnfArgs := []string{
|
||||
"list",
|
||||
"ALL",
|
||||
"--assumeyes",
|
||||
fmt.Sprintf("--disablerepo=%s", allRepoIDs),
|
||||
fmt.Sprintf("--enablerepo=%s", checkedRepoID),
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ chroot_log="$log_path"/$chroot_name.log
|
|||
install_one_toolchain_rpm () {
|
||||
error_msg_tail="Inspect $chroot_log for more info. Did you hydrate the toolchain?"
|
||||
|
||||
echo "Adding RPM to worker chroot: $1." | tee -a "$chroot_log"
|
||||
echo "Adding RPM to worker chroot: $1." | tee -a "$chroot_log"
|
||||
|
||||
full_rpm_path=$(find "$rpm_path" -name "$1" -type f 2>>"$chroot_log")
|
||||
if [ ! $? -eq 0 ] || [ -z "$full_rpm_path" ]
|
||||
|
|
@ -55,7 +55,7 @@ while read -r package || [ -n "$package" ]; do
|
|||
done < "$packages"
|
||||
|
||||
TEMP_DB_PATH=/temp_db
|
||||
echo "Setting up a clean RPM database before the Berkeley DB -> SQLite conversion under '$TEMP_DB_PATH'." | tee -a "$chroot_log"
|
||||
echo "Setting up a clean RPM database before the Berkeley DB -> SQLite conversion under '$TEMP_DB_PATH'." | tee -a "$chroot_log"
|
||||
chroot "$chroot_builder_folder" mkdir -p "$TEMP_DB_PATH"
|
||||
chroot "$chroot_builder_folder" rpm --initdb --dbpath="$TEMP_DB_PATH"
|
||||
|
||||
|
|
@ -64,16 +64,23 @@ while read -r package || [ -n "$package" ]; do
|
|||
full_rpm_path=$(find "$rpm_path" -name "$package" -type f 2>>"$chroot_log")
|
||||
cp $full_rpm_path $chroot_builder_folder/$package
|
||||
|
||||
echo "Adding RPM DB entry to worker chroot: $package." | tee -a "$chroot_log"
|
||||
echo "Adding RPM DB entry to worker chroot: $package." | tee -a "$chroot_log"
|
||||
|
||||
chroot "$chroot_builder_folder" rpm -i -v --nodeps --noorder --force --dbpath="$TEMP_DB_PATH" --justdb "$package" &>> "$chroot_log"
|
||||
chroot "$chroot_builder_folder" rm $package
|
||||
done < "$packages"
|
||||
|
||||
echo "Overwriting old RPM database with the results of the conversion." | tee -a "$chroot_log"
|
||||
echo "Overwriting old RPM database with the results of the conversion." | tee -a "$chroot_log"
|
||||
chroot "$chroot_builder_folder" rm -rf /var/lib/rpm
|
||||
chroot "$chroot_builder_folder" mv "$TEMP_DB_PATH" /var/lib/rpm
|
||||
|
||||
echo "Importing CBL-Mariner GPG keys." | tee -a "$chroot_log"
|
||||
for gpg_key in $(chroot "$chroot_builder_folder" rpm -q -l mariner-repos-shared | grep "rpm-gpg")
|
||||
do
|
||||
echo "Importing GPG key: $gpg_key" | tee -a "$chroot_log"
|
||||
chroot "$chroot_builder_folder" rpm --import "$gpg_key"
|
||||
done
|
||||
|
||||
HOME=$ORIGINAL_HOME
|
||||
|
||||
# In case of Docker based build do not add the below folders into chroot tarball
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче