32829 – bm fails to unpack some srpm ( old/missing signature keys )

Bug 32829 - bm fails to unpack some srpm ( old/missing signature keys )

Summary: bm fails to unpack some srpm ( old/missing signature keys )

Status:	NEW

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	All Packagers
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-02-10 17:26 CET by Aurelian R
Modified:	2024-02-12 22:15 CET (History)
CC List:	1 user (show)

See Also:
Source RPM:	bm-3.4-1.mga9.src.rpm, bm-3.4-4.mga10.src.rpm
CVE:
Status comment:

Attachments
bm patch to force unpacking (4.25 KB, patch) 2024-02-10 17:26 CET, Aurelian R	Details \| Diff
spec file for bm (1.21 KB, text/plain) 2024-02-10 17:36 CET, Aurelian R	Details
diff bm.spec for Cauldron only (1.08 KB, patch) 2024-02-11 13:27 CET, Aurelian R	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Description Aurelian R 2024-02-10 17:26:36 CET

Created attachment 14362 [details]
bm patch to force unpacking

bm fails to unpack source rpm packages that don't have proper/missing signature key.
Attached is a crude patch that enables a "--force-unpack" option to override the rpm complaints and just unpack the thing.
This is done by disabling verification of the rpm package( setVSFlasgs(-1) ), documentation can be found here:
https://jfearn.fedorapeople.org/en-US/RPM/4/html/RPM_Guide/ch16s04s02.html


Steps to reproduce:

1. get a troublesome package like:
 https://ftp.lysator.liu.se/pub/opensuse/source/tumbleweed/repo/oss/src/replay-sorcery-0.6.0-2.7.src.rpm
2. run "bm -u --unpack-dir=./ replay-sorcery.src.rpm"
   Error:

$ bm -u --unpack-dir=./ replay-sorcery-0.6.0-2.7.src.rpm
creating package list
warning: /home/ubuild/Downloads/replay-sorcery-0.6.0-2.7.src.rpm: Header V3 RSA/SHA512 Signature, key ID 29b700a4: NOKEY
Traceback (most recent call last):
  File "/usr/bin/bm", line 202, in <module>
    main()
  File "/usr/bin/bm", line 192, in main
    status = builder.run()
  File "/usr/lib/python3.10/site-packages/BuildManager/build.py", line 43, in run
    pkg = Package(filename, self.opts.build_log)
  File "/usr/lib/python3.10/site-packages/BuildManager/package.py", line 36, in __init__
    self._package = globals()["_package_"+ext](file, log)
  File "/usr/lib/python3.10/site-packages/BuildManager/package.py", line 61, in __init__
    self._init()
  File "/usr/lib/python3.10/site-packages/BuildManager/package.py", line 153, in _init
    h = ts.hdrFromFdno(file.fileno())
  File "/usr/lib64/python3.10/site-packages/rpm/transaction.py", line 191, in hdrFromFdno
    raise rpm.error("public key not available")
_rpm.error: public key not available

3. patching bm works for me.

Regards.

Comment 1 Aurelian R 2024-02-10 17:36:23 CET

Created attachment 14364 [details]
spec file for bm

bm spec file updated to pyproject and that includes patches from here plus from bug #31850 - attachment #14363 [details]

Comment 2 Jani Välimaa 2024-02-11 11:41:03 CET

Please provide diff for .spec so maintainer(s) can see the changes and review them.

Comment 3 Aurelian R 2024-02-11 13:27:47 CET

Created attachment 14368 [details]
diff bm.spec for Cauldron only

sorry, should have known better ...

Comment 4 Lewis Smith 2024-02-11 21:24:07 CET

Thank you Aurelian for your action on this.

For those of use to whom 'bm' means nothing:
BuildManager - rpm package building helper

Assigning globally. Jani, DavidG & Joseph were the most recent committers of bm.
Note comment 1 about bug 31850 also.

Assignee: bugsquad => pkg-bugs

Comment 5 Mageia Robot 2024-02-12 19:07:58 CET

commit 23ce51cf774a24cafd46a9a5896e54f45c42de35
Author: daviddavid <geiger.david68210@...>
Date:   Mon Feb 12 19:07:53 2024 +0100

    Add "--force-unpack" command to force unpacking (mga#32829)
    
    - Thanks to Aurelian R
---
 Commit Link:
   https://gitweb.mageia.org/software/build-system/bm/commit/?id=23ce51cf774a24cafd46a9a5896e54f45c42de35

Comment 6 Aurelian R 2024-02-12 19:18:15 CET

Great, thanks David for your hard work!

Comment 7 David GEIGER 2024-02-12 20:07:11 CET

bm-3.5 is available for test on Cauldron!

CC: (none) => geiger.david68210

Comment 8 Aurelian R 2024-02-12 22:15:45 CET

Cool, tested bm-3.5 and it works!

Test:

$ bm --version
bm 3.5
$ bm -u ~/Downloads/replay-sorcery-0.6.0-2.7.src.rpm 
creating package list
warning: /home/ubuild/Downloads/replay-sorcery-0.6.0-2.7.src.rpm: Header V3 RSA/SHA512 Signature, key ID 29b700a4: NOKEY
Traceback (most recent call last):
  File "/usr/bin/bm", line 205, in <module>
    main()
  File "/usr/bin/bm", line 195, in main
    status = builder.run()
             ^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/BuildManager/build.py", line 43, in run
    pkg = Package(filename, self.opts.build_log, self.opts.forceunpack)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/BuildManager/package.py", line 36, in __init__
    self._package = globals()["_package_"+ext](file, log, flag)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/BuildManager/package.py", line 62, in __init__
    self._init()
  File "/usr/lib/python3.12/site-packages/BuildManager/package.py", line 156, in _init
    h = ts.hdrFromFdno(file.fileno())
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.12/site-packages/rpm/transaction.py", line 191, in hdrFromFdno
    raise rpm.error("public key not available")
_rpm.error: public key not available
$ bm -u --force-unpack ~/Downloads/replay-sorcery-0.6.0-2.7.src.rpm 
creating package list
processing package replay-sorcery-0.6.0-2.7
unpacking
succeeded!
$ ls -l
total 4
drwxr-xr-x 8 ubuild ubuild 4096 Feb 12 23:09 replay-sorcery-0.6.0-2.7-topdir/

Thanks.

Note You need to log in before you can comment on or make changes to this bug.