Bug 1114605 - pesign-obs-integration: repackaging mangles some bits
pesign-obs-integration: repackaging mangles some bits
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Other
Leap 15.0
x86-64 All
: P5 - None : Normal (vote)
: ---
Assigned To: Gary Ching-Pang Lin
E-mail List
:
Depends on:
Blocks: 1081754 1180279
  Show dependency treegraph
 
Reported: 2018-11-05 04:49 UTC by Bernhard Wiedemann
Modified: 2022-01-22 12:35 UTC (History)
1 user (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Bernhard Wiedemann 2018-11-05 04:49:39 UTC
This should be released as a maintenance-update to 15.0 so that 15.1 will be fixed, too:
https://github.com/openSUSE/pesign-obs-integration/pull/8

And eventually, we might also want a solution for
https://github.com/openSUSE/pesign-obs-integration/issues/9
Comment 2 Swamp Workflow Management 2018-12-17 23:14:18 UTC
SUSE-RU-2018:4164-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1114605
CVE References: 
Sources used:
SUSE Linux Enterprise Module for Development Tools 15 (src):    pesign-obs-integration-10.0-7.3.1
Comment 3 Swamp Workflow Management 2018-12-22 17:15:19 UTC
openSUSE-RU-2018:4250-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1114605
CVE References: 
Sources used:
openSUSE Leap 15.0 (src):    pesign-obs-integration-10.0-lp150.6.3.1
Comment 4 Bernhard Wiedemann 2020-05-27 09:45:13 UTC
https://github.com/openSUSE/pesign-obs-integration/issues/9 is still open
and affecting all our kmps

Anything we can do to change virtualbox
so that it no longer breaks from my change?
Comment 5 Gary Ching-Pang Lin 2020-05-28 03:29:31 UTC
(In reply to Bernhard Wiedemann from comment #4)
> https://github.com/openSUSE/pesign-obs-integration/issues/9 is still open
> and affecting all our kmps
> 
> Anything we can do to change virtualbox
> so that it no longer breaks from my change?

As long as we can get rid of the following lines in virtualbox.spec, my patch(*) can be applied:

# Do not provide libGL.so symbols - they are owned by Mesa already and this could potentially confuse rpm/zypp
%global __provides_exclude ^libE?GL.so.1.*$

(*) https://github.com/lcp/pesign-obs-integration/commit/b19e313c6c94a0d391d3ac1289f9b6fe5e5b2d9b
Comment 6 Gary Ching-Pang Lin 2020-05-28 03:33:47 UTC
(In reply to Gary Ching-Pang Lin from comment #5)
> (In reply to Bernhard Wiedemann from comment #4)
> > https://github.com/openSUSE/pesign-obs-integration/issues/9 is still open
> > and affecting all our kmps
> > 
> > Anything we can do to change virtualbox
> > so that it no longer breaks from my change?
> 
> As long as we can get rid of the following lines in virtualbox.spec, my
> patch(*) can be applied:
> 
> # Do not provide libGL.so symbols - they are owned by Mesa already and this
> could potentially confuse rpm/zypp
> %global __provides_exclude ^libE?GL.so.1.*$
> 

> (*)
> https://github.com/lcp/pesign-obs-integration/commit/
> b19e313c6c94a0d391d3ac1289f9b6fe5e5b2d9b

Correction: It's your patch https://github.com/openSUSE/pesign-obs-integration/commit/42b934760a75cf077d3c5831aaa14d3d104ba5cd
Comment 7 Gary Ching-Pang Lin 2020-05-28 04:00:39 UTC
Just an idea. If the virtualbox kmp can be split from virtualbox.spec, then maybe we don't have to worry about the customized provide anymore.
Comment 8 Gary Ching-Pang Lin 2020-07-13 03:46:15 UTC
Status update:
The change to split kmp from virtualbox main package has landed Virtualization repo and is making its way to Factory. If it doesn't break anything, then we can move forward to merge the pesign-obs-integration fix.
Comment 9 Gary Ching-Pang Lin 2020-07-13 03:48:21 UTC
The virtualbox change for Factory:
https://build.opensuse.org/request/show/820056
Comment 10 Gary Ching-Pang Lin 2020-07-17 06:49:30 UTC
Virtualbox in Factory is now split into the main package and kmp package. Let's try the provides/requires patch again :)
Comment 11 Gary Ching-Pang Lin 2020-07-22 02:42:42 UTC
The fix for find_provides/requires was merged into openSUSE:Factory. Closing this bug.
Comment 12 OBSbugzilla Bot 2020-09-16 14:10:08 UTC
This is an autogenerated message for OBS integration:
This bug (1114605) was mentioned in
https://build.opensuse.org/request/show/834917 15.2 / virtualbox
Comment 13 Swamp Workflow Management 2020-09-20 16:14:03 UTC
openSUSE-SU-2020:1486-1: An update that fixes 25 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1114605,1174075,1174159,1175201
CVE References: CVE-2020-14628,CVE-2020-14629,CVE-2020-14646,CVE-2020-14647,CVE-2020-14648,CVE-2020-14649,CVE-2020-14650,CVE-2020-14673,CVE-2020-14674,CVE-2020-14675,CVE-2020-14676,CVE-2020-14677,CVE-2020-14694,CVE-2020-14695,CVE-2020-14698,CVE-2020-14699,CVE-2020-14700,CVE-2020-14703,CVE-2020-14704,CVE-2020-14707,CVE-2020-14711,CVE-2020-14712,CVE-2020-14713,CVE-2020-14714,CVE-2020-14715
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    virtualbox-6.1.14-lp152.2.5.1, virtualbox-kmp-6.1.14-lp152.2.5.1