[OM Cooker] rpm-5.4.16 snapshot

Jeff Johnson n3npq at mac.com
Tue Mar 15 17:30:53 EDT 2016


On Mar 15, 2016, at 5:12 PM, Bernhard Rosenkraenzer wrote:

> Hi,
> this looks interesting.
> One question:
> "3) (recommended) rpm-5.4.16 uses db-6.1.23 (not 6.1.26)"
> 
> Did you have any particular problems with 6.1.26?
> From the changelog, it looks like 6.1.26 is a bugfix release more than anything else.
> http://download.oracle.com/otndocs/products/berkeleydb/html/changelog_6_1.html#idp518176
> 

Yes I had problems with db-6.1.26 and decided to punt for the moment. The issue is
gonna be something silliy and obscure, not anything major.

Once I get all the other stuff working, I will drill out db-6.1.26 issues. Meanwhile
I expect most distros to still be using db-5.3.x (and perhaps db-5.2.x to avoid
an obscure regression between db-5.2.x -> db-5.3.x with a duplicate key that
POK has been screaming about for years and I have yet to see).

I have checked with db-5.3.x and WORKSFORME. I can pretty simply recheck
with db-5.[23].x if you are worried about functionality or portability.

> Did it introduce any new bad things, or are you just recommending 6.1.23 because it has had more testing with rpm already?
> 

There are going to be issues with DB_MULTIVERSION and DB_TXN_SNAPSHOT
with non-root access to /var/lib/rpm/__db* files in order to create read locks even
if only reading.

rpm has been playing fast-and-loose for a long time now, permitting non-root reads without
read locks and the very occaisonal segfault if a query is being performed while an install
is actually being performed.

There are 2 possible solutions, each with its own degrees of disruption:

1) (developers and single owners) switch to a "chmod g+w /var/lib/rpm" scheme and chmod g+s /usr/bin/rpm
	That of course propagates through entire tool chains like urpmi

2) push the dbenv __db* files into shared memory or /var/cache/rpm with rw_rw_rw access
	This opens several DoS attacks.

But perhaps YMMV ... I am currently doing the "chmod g+w /var/lib/rpm" approach.

BTW, if you want to try a parallel install of rpm-5.4.16 to system rpm, do this
	1) add configure ... --with-paths-versioned
	2) instead of doing "make install", do "make DESTDIR=/var/tmp/rpm-root" and copy the tree to /
		The issue is libtool relinking necessitates the versions being added after install -c ... which
		just clobbered /usr/bin/rpm ...

Cloning the data base --with-paths-versioned SHOULD be as simple as doing
	cp /var/lib/rpm{,-5.4.16}
	rpm-5.4.16 --rebuilddb
but YMMV.

hth

73 de Jeff
	

> ttyl
> bero
> 
> On 2016-03-15 21:28, Jeff Johnson wrote:
>> There is a snapshot release of rpm-5.4.16 now available at
>>        http://rpm5.org/files/rpm/rpm-5.4/SNAPSHOT/rpm-5.4.16-0.20160315.src.rpm
>> This is the first SRPM built by itself that is headed for release
>> in the next few weeks that is being provided as a public reference
>> point for integration and portability testing.
>> See the included INSTALL document for the build pre-requisite versions used.
>> From a distro POV, please note the following changes that are included
>> in the snapshot that will (at least) need to be considered when upgrading:
>>        1) (recommended) rpm-5.4.16 uses BLAKE2bp for file digests.
>>          BLAKe2bp is a 256bit digest that is faster than SHA256 (and MD5)
>>          that will improve installation speeds.
>>          Details are here:
>>                https://blake2.net
>>        2) (recommended) rpm-5.4.16 uses libtomcrypt (rather than BeeCrypt).
>>          LibTomCrypt has support for ECDSA and is used by recent python and
>>          the linux kernel (iirc).
>>          Details are here:
>>                https://github.com/libtom/libtomcrypt
>>        3) (recommended) rpm-5.4.16 uses db-6.1.23 (not 6.1.26) with
>>          DB_MULTIVERSION and DB_TXN_SNAPSHOT.
>>          DB_TXN_SNAPSHOT avoids deadlocks with copy-on-write rather than
>>          locking semantics.
>>          The change is necessary to support nested transactional commits
>>          in rpm like
>>                command transaction
>>                   package transaction
>>                      install transaction
>>                      erase transaction
>>          without deadlocking on trigger lookups.
>>          Details about DB_MULTIVERSION and DB_TXN_SNAPSHOT can be found
>>          in the Oracle Berkeley DB documentation here:
>>                http://docs.oracle.com/cd/E17076_04/html/index.html
>> As always, rpm can be configured to use any of ~120 digests, any of
>>        BeeCrypt
>>        NSS
>>        Openssl
>>        Libgcrypt
>>        LibTomCrypt
>> and (most likely, unchecked) any version of Berkeley DB back to db-4.6.x.
>> Bug reports are requested at
>>        https://launchpad.net/rpm
>> Patches and discussion are requested at
>>        <rpm-devel at rpm5.org>
>> Enjoy!
>> 73 de Jeff
>> _______________________________________________
>> OM-Cooker mailing list
>> OM-Cooker at ml.openmandriva.org
>> http://ml.openmandriva.org/mailman/listinfo/om-cooker_ml.openmandriva.org
> 




More information about the OM-Cooker mailing list