From 996107dee8aacf62a7ea3b1e26495acc9c4e7b0a Mon Sep 17 00:00:00 2001 From: Oliver Kurth Date: Wed, 10 Sep 2025 20:49:32 +0000 Subject: [PATCH 1/4] add files for Debian packages --- debian/README.Debian | 67 ++++++++++++ debian/build-packages.sh | 118 +++++++++++++++++++++ debian/changelog | 10 ++ debian/control | 120 ++++++++++++++++++++++ debian/copyright | 62 +++++++++++ debian/debhelper-build-stamp | 7 ++ debian/not-installed | 6 ++ debian/rules | 46 +++++++++ debian/source/format | 1 + debian/source/options | 66 ++++++++++++ debian/tdnf-automatic.install | 8 ++ debian/tdnf-automatic.postrm.debhelper | 36 +++++++ debian/tdnf-automatic.substvars | 2 + debian/tdnf-cli-libs.install | 1 + debian/tdnf-cli-libs.postinst | 12 +++ debian/tdnf-cli-libs.postrm | 12 +++ debian/tdnf-cli-libs.substvars | 3 + debian/tdnf-dev.install | 13 +++ debian/tdnf-dev.substvars | 2 + debian/tdnf-plugin-metalink.install | 2 + debian/tdnf-plugin-metalink.substvars | 3 + debian/tdnf-plugin-repogpgcheck.install | 2 + debian/tdnf-plugin-repogpgcheck.substvars | 3 + debian/tdnf-pytests.install | 2 + debian/tdnf-pytests.substvars | 2 + debian/tdnf.install | 12 +++ debian/tdnf.postinst | 28 +++++ debian/tdnf.postrm | 17 +++ debian/tdnf.substvars | 3 + 29 files changed, 666 insertions(+) create mode 100644 debian/README.Debian create mode 100755 debian/build-packages.sh create mode 100644 debian/changelog create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/debhelper-build-stamp create mode 100644 debian/not-installed create mode 100755 debian/rules create mode 100644 debian/source/format create mode 100644 debian/source/options create mode 100644 debian/tdnf-automatic.install create mode 100644 debian/tdnf-automatic.postrm.debhelper create mode 100644 debian/tdnf-automatic.substvars create mode 100644 debian/tdnf-cli-libs.install create mode 100755 debian/tdnf-cli-libs.postinst create mode 100755 debian/tdnf-cli-libs.postrm create mode 100644 debian/tdnf-cli-libs.substvars create mode 100644 debian/tdnf-dev.install create mode 100644 debian/tdnf-dev.substvars create mode 100644 debian/tdnf-plugin-metalink.install create mode 100644 debian/tdnf-plugin-metalink.substvars create mode 100644 debian/tdnf-plugin-repogpgcheck.install create mode 100644 debian/tdnf-plugin-repogpgcheck.substvars create mode 100644 debian/tdnf-pytests.install create mode 100644 debian/tdnf-pytests.substvars create mode 100644 debian/tdnf.install create mode 100755 debian/tdnf.postinst create mode 100755 debian/tdnf.postrm create mode 100644 debian/tdnf.substvars diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 00000000..f39ea6ae --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,67 @@ +tdnf for Debian +=============== + +This package provides tdnf, a lightweight package manager that is compatible +with yum/dnf but implemented in C using libsolv and libcurl for better +performance and lower memory usage. + +Package Structure +----------------- + +The Debian packaging splits tdnf into several packages: + +- tdnf: Main package with the tdnf binary and core functionality +- tdnf-dev: Development headers and libraries +- tdnf-cli-libs: Shared libraries for CLI functionality +- tdnf-plugin-metalink: Plugin for metalink repository support +- tdnf-plugin-repogpgcheck: Plugin for GPG verification of repository metadata +- tdnf-automatic: Systemd services for automatic updates +- tdnf-pytests: Test suite (development/testing only) + +Compatibility +------------- + +This package provides yum compatibility through symbolic links and provides/conflicts +declarations. The following commands are available as alternatives to yum: + +- yum -> tdnf +- tyum -> tdnf (transitional yum) +- tdnfj -> tdnf (JSON output variant) + +Configuration +------------- + +Configuration files are located in: +- /etc/tdnf/tdnf.conf - Main configuration +- /etc/tdnf/pluginconf.d/ - Plugin configurations + +Cache and data directories: +- /var/cache/tdnf/ - Package cache +- /var/lib/tdnf/ - History database and persistent data + +Automatic Updates +----------------- + +The tdnf-automatic package provides systemd timers for automatic updates: +- tdnf-automatic.timer - Full automatic updates +- tdnf-automatic-install.timer - Install updates automatically +- tdnf-automatic-notifyonly.timer - Check and notify only + +These services are installed but not enabled by default. Enable them with: + systemctl enable --now tdnf-automatic.timer + +Package Format +-------------- + +This is a Debian native package, meaning the Debian packaging is maintained +directly alongside the upstream source code. This approach is used because +VMware maintains both the upstream tdnf project and the Debian packaging. + +Repository Setup +---------------- + +Unlike RPM-based distributions, Debian systems typically use APT repositories. +This package is primarily useful for managing RPM packages on Debian systems +or in containerized environments where RPM package management is needed. + + -- VMware, Inc. Wed, 10 Sep 2025 12:00:00 +0000 diff --git a/debian/build-packages.sh b/debian/build-packages.sh new file mode 100755 index 00000000..8df9b90f --- /dev/null +++ b/debian/build-packages.sh @@ -0,0 +1,118 @@ +#!/bin/bash +# +# Build script for creating Debian packages for tdnf +# Supports Ubuntu 22.04, 24.04, and Debian Bookworm +# + +set -e + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +NC='\033[0m' # No Color + +print_status() { + echo -e "${GREEN}[INFO]${NC} $1" +} + +print_warning() { + echo -e "${YELLOW}[WARNING]${NC} $1" +} + +print_error() { + echo -e "${RED}[ERROR]${NC} $1" +} + +# Check if we're in the right directory +if [ ! -f "tdnf.spec" ] || [ ! -d "debian" ]; then + print_error "This script must be run from the tdnf source directory" + exit 1 +fi + +# Detect distribution +if [ -f /etc/os-release ]; then + . /etc/os-release + DISTRO="$ID" + VERSION="$VERSION_ID" +else + print_error "Cannot detect distribution" + exit 1 +fi + +print_status "Detected distribution: $DISTRO $VERSION" + +# Check if this is a supported distribution +case "$DISTRO" in + ubuntu) + case "$VERSION" in + "22.04"|"24.04") + print_status "Supported Ubuntu version: $VERSION" + ;; + *) + print_warning "Untested Ubuntu version: $VERSION" + ;; + esac + ;; + debian) + case "$VERSION" in + "12") + print_status "Supported Debian version: $VERSION (Bookworm)" + ;; + *) + print_warning "Untested Debian version: $VERSION" + ;; + esac + ;; + *) + print_warning "Untested distribution: $DISTRO" + ;; +esac + +# Install build dependencies +print_status "Installing build dependencies..." +sudo apt-get update +sudo apt-get install -y \ + debhelper-compat \ + cmake \ + gcc \ + make \ + libpopt-dev \ + librpm-dev \ + libssl-dev \ + libsolv-dev \ + libcurl4-openssl-dev \ + libexpat1-dev \ + libsqlite3-dev \ + zlib1g-dev \ + systemd \ + libgpgme-dev \ + pkg-config \ + devscripts \ + build-essential \ + fakeroot \ + git + +# Clean previous builds +print_status "Cleaning previous builds..." +rm -rf debian/tmp debian/.debhelper debian/files + +# Native packages don't need upstream tarballs +VERSION=$(dpkg-parsechangelog -S Version) +print_status "Building native package version: $VERSION" + +# Build source package +print_status "Building source package..." +dpkg-buildpackage -S -us -uc + +# Build binary packages +print_status "Building binary packages..." +dpkg-buildpackage -b -us -uc + +print_status "Build completed successfully!" +print_status "Packages are available in the parent directory:" +ls -la ../*.deb + +print_status "To install the packages, run:" +echo " sudo dpkg -i ../*.deb" +echo " sudo apt-get install -f # to fix any dependency issues" diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 00000000..5cdc7bdc --- /dev/null +++ b/debian/changelog @@ -0,0 +1,10 @@ +tdnf (3.6.0) unstable; urgency=medium + + * Initial Debian package release + * Port from RPM spec file to Debian packaging + * Support for Ubuntu 22.04, 24.04 and Debian Bookworm + * dnf/yum equivalent using C libs with libsolv and libcurl + * Includes plugins for metalink and repository GPG checking + * Automatic update functionality via systemd timers + + -- VMware, Inc. Wed, 10 Sep 2025 12:00:00 +0000 diff --git a/debian/control b/debian/control new file mode 100644 index 00000000..7d3ca28e --- /dev/null +++ b/debian/control @@ -0,0 +1,120 @@ +Source: tdnf +Section: admin +Priority: optional +Maintainer: VMware, Inc. +Build-Depends: debhelper-compat (= 13), + cmake (>= 3.10), + gcc, + make, + libpopt-dev, + librpm-dev (>= 4.16.1.3), + libssl-dev (>= 1.1.1), + libsolv-dev (>= 0.7.19), + libcurl4-openssl-dev, + libexpat1-dev, + libsqlite3-dev, + zlib1g-dev, + systemd, + libgpgme-dev, + pkg-config +Standards-Version: 4.6.2 +Homepage: https://github.com/vmware/tdnf +Vcs-Git: https://github.com/vmware/tdnf.git +Vcs-Browser: https://github.com/vmware/tdnf +Rules-Requires-Root: no + +Package: tdnf +Architecture: any +Depends: ${shlibs:Depends}, + ${misc:Depends}, + librpm9 (>= 4.16.1.3), + libcurl4, + libexpat1, + tdnf-cli-libs (= ${binary:Version}), + libsolv1 (>= 0.7.19), + zlib1g +Provides: yum +Conflicts: yum +Replaces: yum +Description: dnf/yum equivalent using C libs + tdnf is a yum/dnf equivalent which uses libsolv and libcurl. + It provides a command-line interface for package management + on RPM-based systems with better performance and lower + memory usage compared to traditional Python-based package + managers. + +Package: tdnf-dev +Architecture: any +Section: libdevel +Depends: ${misc:Depends}, + tdnf (= ${binary:Version}), + libsolv-dev +Description: Development files for tdnf + This package contains the header files and libraries needed + to develop applications that use the tdnf library. + +Package: tdnf-cli-libs +Architecture: any +Section: libs +Depends: ${shlibs:Depends}, + ${misc:Depends} +Description: Library providing CLI libs for tdnf-like clients + This package provides the shared library that contains + common functionality for tdnf command-line interface + clients. + +Package: tdnf-plugin-metalink +Architecture: any +Section: admin +Depends: ${shlibs:Depends}, + ${misc:Depends}, + libgpgme11 +Description: tdnf plugin providing metalink functionality + This plugin provides metalink functionality for repository + configurations in tdnf, allowing for mirror redundancy + and checksumming. + +Package: tdnf-plugin-repogpgcheck +Architecture: any +Section: admin +Depends: ${shlibs:Depends}, + ${misc:Depends}, + libgpgme11 +Description: tdnf plugin providing GPG verification for repository metadata + This plugin provides GPG verification functionality for + repository metadata in tdnf, ensuring the authenticity + and integrity of repository information. + +Package: tdnf-automatic +Architecture: any +Section: admin +Depends: ${shlibs:Depends}, + ${misc:Depends}, + tdnf (= ${binary:Version}), + systemd +Description: Automated upgrades for tdnf + This package provides systemd units that can periodically + download package upgrades and apply them automatically. + It includes timer and service units for different upgrade + modes: automatic, install-only, and notify-only. + +Package: tdnf-pytests +Architecture: all +Section: devel +Depends: ${misc:Depends}, + tdnf (>= ${source:Version}), + tdnf-automatic (>= ${source:Version}), + tdnf-plugin-repogpgcheck (>= ${source:Version}), + tdnf-plugin-metalink (>= ${source:Version}), + python3-pytest, + python3-requests, + rpm, + build-essential, + createrepo-c, + sudo, + e2fsprogs, + util-linux, + findutils +Description: Test suite for tdnf + This package contains the Python test suite for tdnf, + including integration tests and test repositories. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 00000000..55920048 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,62 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: tdnf +Upstream-Contact: VMware, Inc. +Source: https://github.com/vmware/tdnf + +Files: * +Copyright: 2019-2023 VMware, Inc. +License: LGPL-2.1+ or GPL-2+ +Comment: The libtdnf source code is distributed under LGPL-2.1+, + while the tdnf utility source code is distributed under GPL-2+. + +Files: client/* include/* common/* solv/* history/* jsondump/* llconf/* +Copyright: 2019-2023 VMware, Inc. +License: LGPL-2.1+ + +Files: bin/* tools/* +Copyright: 2019-2023 VMware, Inc. +License: GPL-2+ + +Files: pytests/* +Copyright: 2019-2023 VMware, Inc. +License: GPL-2+ + +Files: debian/* +Copyright: 2025 VMware, Inc. +License: GPL-2+ + +License: LGPL-2.1+ + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + . + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + . + On Debian systems, the complete text of the GNU Lesser General Public + License version 2.1 can be found in "/usr/share/common-licenses/LGPL-2.1". + +License: GPL-2+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + . + On Debian systems, the complete text of the GNU General Public + License version 2 can be found in "/usr/share/common-licenses/GPL-2". diff --git a/debian/debhelper-build-stamp b/debian/debhelper-build-stamp new file mode 100644 index 00000000..f606b3f3 --- /dev/null +++ b/debian/debhelper-build-stamp @@ -0,0 +1,7 @@ +tdnf +tdnf-dev +tdnf-cli-libs +tdnf-plugin-metalink +tdnf-plugin-repogpgcheck +tdnf-automatic +tdnf-pytests diff --git a/debian/not-installed b/debian/not-installed new file mode 100644 index 00000000..0201e07d --- /dev/null +++ b/debian/not-installed @@ -0,0 +1,6 @@ +# Files that are built but not packaged +usr/include/tdnf/._* +usr/include/tdnf/tdnf-common-defines.h.trace +usr/share/tdnf/pytests/repo/._* +usr/share/tdnf/pytests/tests/._* +usr/share/tdnf/pytests/config.json diff --git a/debian/rules b/debian/rules new file mode 100755 index 00000000..3109fb18 --- /dev/null +++ b/debian/rules @@ -0,0 +1,46 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# Enable hardening +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +# Configure CMake options +CMAKE_OPTS = \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_INSTALL_LIBDIR=lib/$(DEB_HOST_MULTIARCH) \ + -DSYSTEMD_DIR=/lib/systemd/system \ + -DHISTORY_DB_DIR=/var/lib/tdnf + +%: + dh $@ --buildsystem=cmake + +override_dh_auto_configure: + dh_auto_configure -- $(CMAKE_OPTS) + +override_dh_auto_install: + dh_auto_install + # Create cache directory + mkdir -p debian/tmp/var/cache/tdnf + # Create yum.repos.d directory for compatibility + mkdir -p debian/tmp/etc/yum.repos.d + # Create symlinks for yum compatibility + ln -sv tdnf debian/tmp/usr/bin/tyum + ln -sv tdnf debian/tmp/usr/bin/yum + ln -sv tdnf debian/tmp/usr/bin/tdnfj + # Remove static libraries + find debian/tmp -name '*.a' -delete + +override_dh_install: + dh_install --sourcedir=debian/tmp + +override_dh_installsystemd: + dh_installsystemd --package=tdnf-automatic --name=tdnf-automatic --no-enable --no-start + dh_installsystemd --package=tdnf-automatic --name=tdnf-automatic-install --no-enable --no-start + dh_installsystemd --package=tdnf-automatic --name=tdnf-automatic-notifyonly --no-enable --no-start + +override_dh_auto_test: + # Skip tests during build - they require special setup + true diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 00000000..89ae9db8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/debian/source/options b/debian/source/options new file mode 100644 index 00000000..e6549d4f --- /dev/null +++ b/debian/source/options @@ -0,0 +1,66 @@ +# Exclude macOS metadata files and other binary files +extend-diff-ignore = "\.DS_Store$" +extend-diff-ignore = "\._.*$" +extend-diff-ignore = "\.tar\.gz$" +extend-diff-ignore = "\.tar\.bz2$" +extend-diff-ignore = "\.tar\.xz$" +extend-diff-ignore = "\.rpm$" +extend-diff-ignore = "\.deb$" +extend-diff-ignore = "build/" +extend-diff-ignore = "\.git/" + +# Exclude patch files that might be in working directory +extend-diff-ignore = ".*\.patch$" + +# Exclude build artifacts and generated files +extend-diff-ignore = "package_list\.gz$" +extend-diff-ignore = "rpmprovides$" +extend-diff-ignore = "mirror\.list$" + +# Exclude test artifacts +extend-diff-ignore = "pytests/\.pytest_cache/" +extend-diff-ignore = "pytests/virtual_disks/" +extend-diff-ignore = "pytests/tdnf-test-one$" + +# Exclude repository data +extend-diff-ignore = "repo/repodata/" +extend-diff-ignore = "repo/.*\.rpm$" + +# Exclude generated binaries and scripts +extend-diff-ignore = "bin/tdnf-automatic$" +extend-diff-ignore = "bin/tdnf-cache-updateinfo$" +extend-diff-ignore = "scripts/build-tdnf-rpms$" + +# Exclude pytest and test configuration +extend-diff-ignore = "pytests/config-install\.json$" +extend-diff-ignore = "pytests/config\.json$" +extend-diff-ignore = "pytests/snapshot\.repo$" +extend-diff-ignore = "pytests/mount-small-cache$" + +# Exclude additional generated/untracked files +extend-diff-ignore = "history/config\.h$" +extend-diff-ignore = "include/tdnf-common-defines\.h\.trace$" +extend-diff-ignore = "solv/defines\.h\.trace$" +extend-diff-ignore = "rpmprovides\.c$" +extend-diff-ignore = "tdnf\.spec\.in\.away$" +extend-diff-ignore = "tdnf\.spec$" +extend-diff-ignore = "v.*\.tar\.gz$" + +# Exclude CMake-generated config.h files +extend-diff-ignore = "client/config\.h$" +extend-diff-ignore = "plugins/metalink/config\.h$" +extend-diff-ignore = "plugins/repogpgcheck/config\.h$" +extend-diff-ignore = "common/config\.h$" + +# Also exclude from tarball creation +tar-ignore = "._*" +tar-ignore = "*.tar.gz" +tar-ignore = "*.rpm" +tar-ignore = "*.deb" +tar-ignore = ".DS_Store" +tar-ignore = "package_list.gz" +tar-ignore = "rpmprovides" +tar-ignore = "pytests/.pytest_cache" +tar-ignore = "pytests/virtual_disks" +tar-ignore = "repo/repodata" +tar-ignore = "build" diff --git a/debian/tdnf-automatic.install b/debian/tdnf-automatic.install new file mode 100644 index 00000000..98ebb083 --- /dev/null +++ b/debian/tdnf-automatic.install @@ -0,0 +1,8 @@ +usr/bin/tdnf-automatic +etc/tdnf/automatic.conf +lib/systemd/system/tdnf-automatic.timer +lib/systemd/system/tdnf-automatic.service +lib/systemd/system/tdnf-automatic-install.timer +lib/systemd/system/tdnf-automatic-install.service +lib/systemd/system/tdnf-automatic-notifyonly.timer +lib/systemd/system/tdnf-automatic-notifyonly.service diff --git a/debian/tdnf-automatic.postrm.debhelper b/debian/tdnf-automatic.postrm.debhelper new file mode 100644 index 00000000..3373165c --- /dev/null +++ b/debian/tdnf-automatic.postrm.debhelper @@ -0,0 +1,36 @@ +# Automatically added by dh_installsystemd/13.14.1ubuntu5 +if [ "$1" = remove ] && [ -d /run/systemd/system ] ; then + systemctl --system daemon-reload >/dev/null || true +fi +# End automatically added section +# Automatically added by dh_installsystemd/13.14.1ubuntu5 +if [ "$1" = "purge" ]; then + if [ -x "/usr/bin/deb-systemd-helper" ]; then + deb-systemd-helper purge 'tdnf-automatic-notifyonly.timer' >/dev/null || true + fi +fi +# End automatically added section +# Automatically added by dh_installsystemd/13.14.1ubuntu5 +if [ "$1" = remove ] && [ -d /run/systemd/system ] ; then + systemctl --system daemon-reload >/dev/null || true +fi +# End automatically added section +# Automatically added by dh_installsystemd/13.14.1ubuntu5 +if [ "$1" = "purge" ]; then + if [ -x "/usr/bin/deb-systemd-helper" ]; then + deb-systemd-helper purge 'tdnf-automatic-install.timer' >/dev/null || true + fi +fi +# End automatically added section +# Automatically added by dh_installsystemd/13.14.1ubuntu5 +if [ "$1" = remove ] && [ -d /run/systemd/system ] ; then + systemctl --system daemon-reload >/dev/null || true +fi +# End automatically added section +# Automatically added by dh_installsystemd/13.14.1ubuntu5 +if [ "$1" = "purge" ]; then + if [ -x "/usr/bin/deb-systemd-helper" ]; then + deb-systemd-helper purge 'tdnf-automatic.timer' >/dev/null || true + fi +fi +# End automatically added section diff --git a/debian/tdnf-automatic.substvars b/debian/tdnf-automatic.substvars new file mode 100644 index 00000000..978fc8b5 --- /dev/null +++ b/debian/tdnf-automatic.substvars @@ -0,0 +1,2 @@ +misc:Depends= +misc:Pre-Depends= diff --git a/debian/tdnf-cli-libs.install b/debian/tdnf-cli-libs.install new file mode 100644 index 00000000..5ac3d371 --- /dev/null +++ b/debian/tdnf-cli-libs.install @@ -0,0 +1 @@ +usr/lib/*/libtdnfcli.so.* diff --git a/debian/tdnf-cli-libs.postinst b/debian/tdnf-cli-libs.postinst new file mode 100755 index 00000000..1ab15839 --- /dev/null +++ b/debian/tdnf-cli-libs.postinst @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +case "$1" in + configure) + ldconfig + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/tdnf-cli-libs.postrm b/debian/tdnf-cli-libs.postrm new file mode 100755 index 00000000..9df3db34 --- /dev/null +++ b/debian/tdnf-cli-libs.postrm @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +case "$1" in + remove|upgrade|deconfigure|purge) + ldconfig + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/tdnf-cli-libs.substvars b/debian/tdnf-cli-libs.substvars new file mode 100644 index 00000000..8076074e --- /dev/null +++ b/debian/tdnf-cli-libs.substvars @@ -0,0 +1,3 @@ +shlibs:Depends=libc6 (>= 2.17) +misc:Depends= +misc:Pre-Depends= diff --git a/debian/tdnf-dev.install b/debian/tdnf-dev.install new file mode 100644 index 00000000..d1d854f2 --- /dev/null +++ b/debian/tdnf-dev.install @@ -0,0 +1,13 @@ +usr/include/tdnf/tdnf.h +usr/include/tdnf/tdnfcli.h +usr/include/tdnf/tdnfclierror.h +usr/include/tdnf/tdnfclitypes.h +usr/include/tdnf/tdnf-common-defines.h +usr/include/tdnf/tdnferror.h +usr/include/tdnf/tdnfplugin.h +usr/include/tdnf/tdnfplugineventmap.h +usr/include/tdnf/tdnftypes.h +usr/lib/*/libtdnf.so +usr/lib/*/libtdnfcli.so +usr/lib/*/pkgconfig/tdnf.pc +usr/lib/*/pkgconfig/tdnf-cli-libs.pc diff --git a/debian/tdnf-dev.substvars b/debian/tdnf-dev.substvars new file mode 100644 index 00000000..978fc8b5 --- /dev/null +++ b/debian/tdnf-dev.substvars @@ -0,0 +1,2 @@ +misc:Depends= +misc:Pre-Depends= diff --git a/debian/tdnf-plugin-metalink.install b/debian/tdnf-plugin-metalink.install new file mode 100644 index 00000000..b8b1171f --- /dev/null +++ b/debian/tdnf-plugin-metalink.install @@ -0,0 +1,2 @@ +etc/tdnf/pluginconf.d/tdnfmetalink.conf +usr/lib/*/tdnf-plugins/libtdnfmetalink.so diff --git a/debian/tdnf-plugin-metalink.substvars b/debian/tdnf-plugin-metalink.substvars new file mode 100644 index 00000000..0044c14e --- /dev/null +++ b/debian/tdnf-plugin-metalink.substvars @@ -0,0 +1,3 @@ +shlibs:Depends=libc6 (>= 2.33), libexpat1 (>= 2.0.1), tdnf (>= 3.6.0) +misc:Depends= +misc:Pre-Depends= diff --git a/debian/tdnf-plugin-repogpgcheck.install b/debian/tdnf-plugin-repogpgcheck.install new file mode 100644 index 00000000..afec8e6d --- /dev/null +++ b/debian/tdnf-plugin-repogpgcheck.install @@ -0,0 +1,2 @@ +etc/tdnf/pluginconf.d/tdnfrepogpgcheck.conf +usr/lib/*/tdnf-plugins/libtdnfrepogpgcheck.so diff --git a/debian/tdnf-plugin-repogpgcheck.substvars b/debian/tdnf-plugin-repogpgcheck.substvars new file mode 100644 index 00000000..3aa9c3aa --- /dev/null +++ b/debian/tdnf-plugin-repogpgcheck.substvars @@ -0,0 +1,3 @@ +shlibs:Depends=libc6 (>= 2.17), libgpgme11t64 (>= 1.2.0), tdnf (>= 3.6.0) +misc:Depends= +misc:Pre-Depends= diff --git a/debian/tdnf-pytests.install b/debian/tdnf-pytests.install new file mode 100644 index 00000000..3db54373 --- /dev/null +++ b/debian/tdnf-pytests.install @@ -0,0 +1,2 @@ +usr/share/tdnf/pytests/ +usr/bin/jsondumptest diff --git a/debian/tdnf-pytests.substvars b/debian/tdnf-pytests.substvars new file mode 100644 index 00000000..978fc8b5 --- /dev/null +++ b/debian/tdnf-pytests.substvars @@ -0,0 +1,2 @@ +misc:Depends= +misc:Pre-Depends= diff --git a/debian/tdnf.install b/debian/tdnf.install new file mode 100644 index 00000000..68b515d1 --- /dev/null +++ b/debian/tdnf.install @@ -0,0 +1,12 @@ +usr/bin/tdnf +usr/bin/tyum +usr/bin/yum +usr/bin/tdnfj +usr/bin/tdnf-config +usr/lib/*/libtdnf.so.* +usr/libexec/tdnf/tdnf-history-util +etc/tdnf/tdnf.conf +etc/motdgen.d/02-tdnf-updateinfo.sh +etc/yum.repos.d +var/cache/tdnf +usr/share/bash-completion/completions/tdnf diff --git a/debian/tdnf.postinst b/debian/tdnf.postinst new file mode 100755 index 00000000..3ae07f0a --- /dev/null +++ b/debian/tdnf.postinst @@ -0,0 +1,28 @@ +#!/bin/sh +set -e + +# Create history database directory if it doesn't exist +HIST_DB_DIR="/var/lib/tdnf" +HISTORY_DB_FN="${HIST_DB_DIR}/history.db" +HISTORY_UTIL="/usr/libexec/tdnf/tdnf-history-util" + +case "$1" in + configure) + # Create history database directory + if [ ! -d "${HIST_DB_DIR}" ]; then + mkdir -p "${HIST_DB_DIR}" + fi + + # Initialize history database if it doesn't exist + if [ ! -f "${HISTORY_DB_FN}" ] && [ -x "${HISTORY_UTIL}" ]; then + "${HISTORY_UTIL}" init || true + fi + + # Update library cache + ldconfig + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/tdnf.postrm b/debian/tdnf.postrm new file mode 100755 index 00000000..74528443 --- /dev/null +++ b/debian/tdnf.postrm @@ -0,0 +1,17 @@ +#!/bin/sh +set -e + +case "$1" in + remove|upgrade|deconfigure) + ldconfig + ;; + purge) + # Remove cache directory on purge + rm -rf /var/cache/tdnf || true + ldconfig + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/tdnf.substvars b/debian/tdnf.substvars new file mode 100644 index 00000000..0a33935d --- /dev/null +++ b/debian/tdnf.substvars @@ -0,0 +1,3 @@ +shlibs:Depends=libc6 (>= 2.34), libcurl4t64 (>= 7.16.2), librpm9t64 (>= 4.16.1.3), librpmio9t64 (>= 4.16.1.3), libsolv1 (>= 0.7.19), libsolvext1 (>= 0.7.19), libsqlite3-0 (>= 3.5.9), tdnf (>= 3.6.0), tdnf-cli-libs (>= 3.6.0) +misc:Depends= +misc:Pre-Depends= From 382aa96e8d332e9c63198f1ec17a7cef2549f4f9 Mon Sep 17 00:00:00 2001 From: Oliver Kurth Date: Wed, 10 Sep 2025 20:50:31 +0000 Subject: [PATCH 2/4] fix compiler warning for curl_easy_setopt() by type casting the argument --- client/repoutils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/repoutils.c b/client/repoutils.c index 0500e1ee..2f1574c3 100644 --- a/client/repoutils.c +++ b/client/repoutils.c @@ -434,7 +434,7 @@ TDNFRepoApplyDownloadSettings( if((curlError = curl_easy_setopt( pCurl, CURLOPT_MAX_RECV_SPEED_LARGE, - pRepo->nThrottle)) != CURLE_OK) + (curl_off_t)pRepo->nThrottle)) != CURLE_OK) { dwError = ERROR_TDNF_CURL_BASE + curlError; BAIL_ON_TDNF_ERROR(dwError); From 79eaeeb37ac4f01a75131f76f300c22652271b9d Mon Sep 17 00:00:00 2001 From: Oliver Kurth Date: Mon, 27 Oct 2025 20:22:30 +0000 Subject: [PATCH 3/4] fix minor warnings --- client/remoterepo.c | 2 +- client/rpmtrans.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/client/remoterepo.c b/client/remoterepo.c index 2767722f..9b20d407 100644 --- a/client/remoterepo.c +++ b/client/remoterepo.c @@ -376,7 +376,7 @@ TDNFDownloadPackage( uint32_t dwError = 0; char *pszPackageFile = NULL; char *pszCopyOfPackageLocation = NULL; - int nSize; + int nSize = 0; if(!pTdnf || !pTdnf->pArgs || diff --git a/client/rpmtrans.c b/client/rpmtrans.c index 436da1b4..451a0b0f 100644 --- a/client/rpmtrans.c +++ b/client/rpmtrans.c @@ -783,7 +783,7 @@ TDNFTransAddInstallPkg( const char* pszPkgName = NULL; uint8_t digest_from_file[EVP_MAX_MD_SIZE] = {0}; hash_op *hash = NULL; - int nSize; + int nSize = 0; if(!pTS || !pTdnf || !pInfo || !pRepo) { @@ -942,7 +942,7 @@ TDNFTransAddInstallPkg( return dwError; error: - pr_err("Error processing package: %s\n", pszPackageLocation); + pr_err("Error processing package: %s\n", pszPackageLocation ? pszPackageLocation : "(null)"); TDNF_SAFE_FREE_MEMORY(pszFilePath); TDNF_SAFE_FREE_MEMORY(pRpmCache); goto cleanup; From dcbbe15c7b19d0892492bbbce05ed25ef9d51607 Mon Sep 17 00:00:00 2001 From: Oliver Kurth Date: Mon, 27 Oct 2025 20:24:53 +0000 Subject: [PATCH 4/4] use -fPIC properly, enable opverride for -D_FORTIFY_SOURCE --- client/CMakeLists.txt | 4 ++ cmake/CFlags.cmake | 86 +++++++++++++++++++++++++---- common/CMakeLists.txt | 8 ++- history/CMakeLists.txt | 8 ++- jsondump/CMakeLists.txt | 8 +++ llconf/CMakeLists.txt | 20 ++++--- plugins/metalink/CMakeLists.txt | 4 ++ plugins/repogpgcheck/CMakeLists.txt | 4 ++ solv/CMakeLists.txt | 9 +++ tools/cli/CMakeLists.txt | 5 +- tools/cli/lib/CMakeLists.txt | 4 ++ tools/config/CMakeLists.txt | 5 +- 12 files changed, 144 insertions(+), 21 deletions(-) diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index 521ca6ac..a1790ccf 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -58,7 +58,11 @@ target_link_libraries(${LIB_TDNF} set_target_properties(${LIB_TDNF} PROPERTIES VERSION ${PROJECT_VERSION} SOVERSION ${PROJECT_VERSION_MAJOR} + POSITION_INDEPENDENT_CODE ON ) +# Apply appropriate flags for shared library +apply_tdnf_flags(${LIB_TDNF} SHARED) + install(FILES ${CMAKE_CURRENT_BINARY_DIR}/tdnf.pc DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) install(TARGETS ${LIB_TDNF} LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} COMPONENT library) diff --git a/cmake/CFlags.cmake b/cmake/CFlags.cmake index 3100a1d3..b581c4e4 100644 --- a/cmake/CFlags.cmake +++ b/cmake/CFlags.cmake @@ -44,11 +44,9 @@ set(EXTRA_WARN_CFLAGS -Walloc-zero -Walloca -Wtrampolines ) -# Extra security / hardening flags -set(EXTRA_SECURITY_CFLAGS - -D_FORTIFY_SOURCE=2 +# Extra security / hardening flags for executables +set(EXTRA_SECURITY_CFLAGS_EXE -fstack-clash-protection - -fcf-protection=full -fPIE -pie -Wl,-z,relro @@ -57,6 +55,31 @@ set(EXTRA_SECURITY_CFLAGS -fno-plt ) +# Extra security / hardening flags for shared libraries +set(EXTRA_SECURITY_CFLAGS_SO + -fstack-clash-protection + -fPIC + -Wl,-z,relro + -Wl,-z,now + -Wl,-z,noexecstack + -fno-plt +) + +# Extra security / hardening flags for static libraries (no linker flags, no LTO) +set(EXTRA_SECURITY_CFLAGS_STATIC + -fstack-clash-protection + -fPIC + -fno-plt + -fno-lto +) + +# Add architecture-specific flags +if(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64|amd64") + list(APPEND EXTRA_SECURITY_CFLAGS_EXE -fcf-protection=full) + list(APPEND EXTRA_SECURITY_CFLAGS_SO -fcf-protection=full) + list(APPEND EXTRA_SECURITY_CFLAGS_STATIC -fcf-protection=full) +endif() + # Build-type dependent flags set(DEBUG_CFLAGS -Og -g @@ -72,22 +95,65 @@ set(FEATURE_FLAGS -D_DEFAULT_SOURCE ) -### Combine all flags -set(TDNF_CFLAGS +# Add _FORTIFY_SOURCE if not already defined by the build system +# Check if _FORTIFY_SOURCE is already in the compiler flags +string(FIND "${CMAKE_C_FLAGS}" "_FORTIFY_SOURCE" FORTIFY_POS) +if(FORTIFY_POS EQUAL -1) + list(APPEND FEATURE_FLAGS -D_FORTIFY_SOURCE=2) +endif() + +### Combine all flags for executables +set(TDNF_CFLAGS_EXE + ${WARN_CFLAGS} + ${OPTIMIZE_CFLAGS} + ${SECURITY_CFLAGS} + ${EXTRA_WARN_CFLAGS} + ${EXTRA_SECURITY_CFLAGS_EXE} + ${FEATURE_FLAGS} +) + +### Combine all flags for shared libraries +set(TDNF_CFLAGS_SO ${WARN_CFLAGS} ${OPTIMIZE_CFLAGS} ${SECURITY_CFLAGS} ${EXTRA_WARN_CFLAGS} - ${EXTRA_SECURITY_CFLAGS} + ${EXTRA_SECURITY_CFLAGS_SO} + ${FEATURE_FLAGS} +) + +### Combine all flags for static libraries +set(TDNF_CFLAGS_STATIC + ${WARN_CFLAGS} + ${OPTIMIZE_CFLAGS} + ${SECURITY_CFLAGS} + ${EXTRA_WARN_CFLAGS} + ${EXTRA_SECURITY_CFLAGS_STATIC} ${FEATURE_FLAGS} ) if(CMAKE_BUILD_TYPE STREQUAL "Debug") - list(APPEND TDNF_CFLAGS ${DEBUG_CFLAGS}) + list(APPEND TDNF_CFLAGS_EXE ${DEBUG_CFLAGS}) + list(APPEND TDNF_CFLAGS_SO ${DEBUG_CFLAGS}) + list(APPEND TDNF_CFLAGS_STATIC ${DEBUG_CFLAGS}) elseif(CMAKE_BUILD_TYPE STREQUAL "Release") - list(APPEND TDNF_CFLAGS ${RELEASE_CFLAGS}) + list(APPEND TDNF_CFLAGS_EXE ${RELEASE_CFLAGS}) + list(APPEND TDNF_CFLAGS_SO ${RELEASE_CFLAGS}) + list(APPEND TDNF_CFLAGS_STATIC ${RELEASE_CFLAGS}) endif() -foreach(flag IN LISTS TDNF_CFLAGS) +# Apply flags to executables by default +foreach(flag IN LISTS TDNF_CFLAGS_EXE) add_c_compiler_flag(${flag}) endforeach() + +# Function to apply appropriate flags based on target type +function(apply_tdnf_flags target_name target_type) + if(target_type STREQUAL "SHARED") + target_compile_options(${target_name} PRIVATE ${TDNF_CFLAGS_SO}) + elseif(target_type STREQUAL "STATIC") + target_compile_options(${target_name} PRIVATE ${TDNF_CFLAGS_STATIC}) + else() + target_compile_options(${target_name} PRIVATE ${TDNF_CFLAGS_EXE}) + endif() +endfunction() diff --git a/common/CMakeLists.txt b/common/CMakeLists.txt index 3f797e89..e5497e70 100644 --- a/common/CMakeLists.txt +++ b/common/CMakeLists.txt @@ -16,4 +16,10 @@ add_library(${LIB_TDNF_COMMON} STATIC lock.c ) -set_target_properties(${LIB_TDNF_COMMON} PROPERTIES POSITION_INDEPENDENT_CODE ON) +# Apply appropriate flags for static library +apply_tdnf_flags(${LIB_TDNF_COMMON} STATIC) + +set_target_properties(${LIB_TDNF_COMMON} PROPERTIES + POSITION_INDEPENDENT_CODE ON + INTERFACE_POSITION_INDEPENDENT_CODE ON +) diff --git a/history/CMakeLists.txt b/history/CMakeLists.txt index 133bb06f..c17df34a 100644 --- a/history/CMakeLists.txt +++ b/history/CMakeLists.txt @@ -21,7 +21,13 @@ add_library(${LIB_TDNF_HISTORY} STATIC history.c ) -set_target_properties(${LIB_TDNF_HISTORY} PROPERTIES POSITION_INDEPENDENT_CODE ON) +# Apply appropriate flags for static library +apply_tdnf_flags(${LIB_TDNF_HISTORY} STATIC) + +set_target_properties(${LIB_TDNF_HISTORY} PROPERTIES + POSITION_INDEPENDENT_CODE ON + INTERFACE_POSITION_INDEPENDENT_CODE ON +) install(TARGETS ${TDNF_HISTORY_UTIL_BIN} RUNTIME DESTINATION ${CMAKE_INSTALL_LIBEXECDIR}/tdnf COMPONENT binary) diff --git a/jsondump/CMakeLists.txt b/jsondump/CMakeLists.txt index 4b9a1250..9bafe33d 100644 --- a/jsondump/CMakeLists.txt +++ b/jsondump/CMakeLists.txt @@ -18,6 +18,14 @@ add_library(${LIB_TDNF_JSONDUMP} STATIC jsondump.c ) +# Apply appropriate flags for static library +apply_tdnf_flags(${LIB_TDNF_JSONDUMP} STATIC) + +set_target_properties(${LIB_TDNF_JSONDUMP} PROPERTIES + POSITION_INDEPENDENT_CODE ON + INTERFACE_POSITION_INDEPENDENT_CODE ON +) + target_link_libraries(${TDNF_JSON_BIN} ${LIB_TDNF_JSONDUMP} ) diff --git a/llconf/CMakeLists.txt b/llconf/CMakeLists.txt index 067ab23c..a7302fbb 100644 --- a/llconf/CMakeLists.txt +++ b/llconf/CMakeLists.txt @@ -7,12 +7,18 @@ # add_library(${LIB_TDNF_LLCONF} STATIC - entry.c - ini.c - lines.c - modules.c - nodes.c - strutils.c + entry.c + ini.c + lines.c + modules.c + nodes.c + strutils.c ) -set_target_properties(${LIB_TDNF_LLCONF} PROPERTIES POSITION_INDEPENDENT_CODE ON) +# Apply appropriate flags for static library +apply_tdnf_flags(${LIB_TDNF_LLCONF} STATIC) + +set_target_properties(${LIB_TDNF_LLCONF} PROPERTIES + POSITION_INDEPENDENT_CODE ON + INTERFACE_POSITION_INDEPENDENT_CODE ON +) diff --git a/plugins/metalink/CMakeLists.txt b/plugins/metalink/CMakeLists.txt index e432e51c..c9988864 100644 --- a/plugins/metalink/CMakeLists.txt +++ b/plugins/metalink/CMakeLists.txt @@ -31,4 +31,8 @@ target_link_libraries(${PROJECT_NAME} set_target_properties(${PROJECT_NAME} PROPERTIES LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/plugins/lib) + +# Apply appropriate flags for shared library +apply_tdnf_flags(${PROJECT_NAME} SHARED) + install(TARGETS ${PROJECT_NAME} DESTINATION ${CMAKE_INSTALL_LIBDIR}/tdnf-plugins) diff --git a/plugins/repogpgcheck/CMakeLists.txt b/plugins/repogpgcheck/CMakeLists.txt index f9af7b81..493f7dda 100644 --- a/plugins/repogpgcheck/CMakeLists.txt +++ b/plugins/repogpgcheck/CMakeLists.txt @@ -32,4 +32,8 @@ target_link_libraries(${PROJECT_NAME} set_target_properties(${PROJECT_NAME} PROPERTIES LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/plugins/lib) + +# Apply appropriate flags for shared library +apply_tdnf_flags(${PROJECT_NAME} SHARED) + install(TARGETS ${PROJECT_NAME} DESTINATION ${CMAKE_INSTALL_LIBDIR}/tdnf-plugins) diff --git a/solv/CMakeLists.txt b/solv/CMakeLists.txt index 316c7868..15fa49cb 100644 --- a/solv/CMakeLists.txt +++ b/solv/CMakeLists.txt @@ -15,3 +15,12 @@ add_library(${LIB_TDNF_SOLV} STATIC tdnfrepo.c simplequery.c ) + +# Apply appropriate flags for static library +apply_tdnf_flags(${LIB_TDNF_SOLV} STATIC) + +set_target_properties(${LIB_TDNF_SOLV} PROPERTIES + POSITION_INDEPENDENT_CODE ON + INTERFACE_POSITION_INDEPENDENT_CODE ON +) + diff --git a/tools/cli/CMakeLists.txt b/tools/cli/CMakeLists.txt index 0e2a2e30..807ec3bb 100644 --- a/tools/cli/CMakeLists.txt +++ b/tools/cli/CMakeLists.txt @@ -18,7 +18,10 @@ target_link_libraries(${TDNF_BIN} ${LIB_TDNF} ) -set_target_properties(${TDNF_BIN} PROPERTIES OUTPUT_NAME tdnf) +set_target_properties(${TDNF_BIN} PROPERTIES + OUTPUT_NAME tdnf + POSITION_INDEPENDENT_CODE ON +) install(TARGETS ${TDNF_BIN} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} COMPONENT binary) diff --git a/tools/cli/lib/CMakeLists.txt b/tools/cli/lib/CMakeLists.txt index 7f5e3ab4..ad15bb6a 100644 --- a/tools/cli/lib/CMakeLists.txt +++ b/tools/cli/lib/CMakeLists.txt @@ -36,7 +36,11 @@ target_link_libraries(${LIB_TDNF_CLI} set_target_properties(${LIB_TDNF_CLI} PROPERTIES VERSION ${PROJECT_VERSION} SOVERSION ${PROJECT_VERSION_MAJOR} + POSITION_INDEPENDENT_CODE ON ) +# Apply appropriate flags for shared library +apply_tdnf_flags(${LIB_TDNF_CLI} SHARED) + install(FILES ${CMAKE_CURRENT_BINARY_DIR}/tdnf-cli-libs.pc DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) install(TARGETS ${LIB_TDNF_CLI} LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} COMPONENT library) diff --git a/tools/config/CMakeLists.txt b/tools/config/CMakeLists.txt index 9d703d79..82f23d5c 100644 --- a/tools/config/CMakeLists.txt +++ b/tools/config/CMakeLists.txt @@ -18,7 +18,10 @@ target_link_libraries(${TDNF_CONFIG_BIN} ${CMAKE_DL_LIBS} ) -set_target_properties(${TDNF_CONFIG_BIN} PROPERTIES OUTPUT_NAME tdnf-config) +set_target_properties(${TDNF_CONFIG_BIN} PROPERTIES + OUTPUT_NAME tdnf-config + POSITION_INDEPENDENT_CODE ON +) install(TARGETS ${TDNF_CONFIG_BIN} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} COMPONENT binary)