- Fixes a regression introduced in rpm >= 4.10 caused by query format
simplification (loss of zero padding support), in commit
1f1e5e88a1.
- 'chmod' command doesn't need zero padding, just remove the formatting.
In fact we shouldn't be passing the entire mode to it but just the
permission bits, but fortunately chmod isn't too picky here.
- Previously any arguments to interpreter were invisible unless
you happened to know that RPMTAG_FOOPROG are actually string
arrays despite their type showing plain string, and queried
as arrays. This makes all the arguments for all scriptlets
supporting interpreter arguments visible on --scripts query
and also serves as an example on how to properly query them.i
- Perhaps worth noting is the exact formatting of the query:
"(using[ %{PRETRANSPROG}]" instead of the more typical style of
"(using [%{PRETRANSPROG} ]" to avoid extra trailing blanks.
- poptExecPath() pointing to meaningful place allows removal of these.
- Make test-suite rely on the --initdb exec alias so we catch out
if anything here breaks
- This ensures its available in all our executables without adding
umphteen copies into rpmpopt (after the cli splits, this was missing
in eg rpmdb executable...)
- Changing db_api to db_ver to force breakage on anything using the
value, db_ver containing the BDB major version just to put something
in the error messages where the dbapi version used to be.
- Avoids having to link /bin/rpm with librpmbuild and everything it
might bring in (eg libmagic) which are not needed for core operation.
- Minimally preserve backwards compatibility with popt exec alias
- Add popt exec aliases to rpmdb for backwards compatibility
- Change test-suite to use 'rpmdb --initdb' instead of 'rpm --initdb'
as popt exec aliases with absolute paths dont play very well
with the test-suite, duh...
- This was broken for years without anybody complaining, should
be safe to conclude nobody will miss it later either. And if
somebody misses it, this is a job for rpmlint really.
- Signing is better done in an environment completely separated from
the process of actually building packages. This is how its generally
done anyway by distros, this change just forces the issue.
- While signing on build seems handy and saves some io-churn, this
is very insecure as your precious secret passphrase remains unencrypted
in memory for the entire duration of the build where it's accessible
to whatever happens to be building. This change doesn't
affect fix the issue of unencrypted passphrase residing in memory
and potentially getting swapped out, it only limits the exposure
to the actual signing process which isn't subject to unknown scripts
poking around.
- Minimally preserve rpmbuild's --sign functionality via popt --pipe hack
to call rpm --addsign when build completes
- macro fiddling to pass the macros set by --httpproxy etc popt aliases
to the url helper
- ftp proxy and http proxy control the same thing (http proxy) now to
keep things simple
- while at it, add %__urlhelper_localopts for local customization needs
without having to override the entire __urlhelperopts macro
- rpm doesn't manage selinux contexts so it doesn't need to know about them
other than when creating files
- implement --fscontext as popt alias since it's easy to do so...
The SELinux file contexts can and do change, and local policies might be
in place, the contexts on the build system at build time have zero relevance
to anything and are just header bloat.
Remove --filecontexts alias while at it, not useful for anything anyway.
Panu Matilainen