--setperms, --setugids and --setcaps were fun demos of alias capabilities
in the nineties, but they can be downright dangerous when used
separately, are blisfully unaware of all state in rpm yet try to
duplicate functionality existing in C, and thus are a constant source
of bugs that are between hard to impossible to fix in the alias space.
Add a new transaction element type for the restore operation, wire
through all the necessary places. In places (like ordering) this is
an overkill but otherwise it seems like a natural thing to be able
to process restore alongside package install/remove. The restore
operation is a cross between install and erase codepath-wise so touches
some funny places, but FA_TOUCH does just the thing, and now all the
regular disablers like --nocontext and --nocaps can be used if
necessary, plugins get to do their work and also timestamps are
restored.
Remove the dangerous shell implementations of things and just make them
aliases to --restore.
Fixes: #965
Commit b3d672a552 got the base reasoning
in the ballpark but the code all wrong, introducing a severe performance
regression without actually fixing what it claimed to.
The missing incredient is actually comparing the current prefix with the
triggers in matched package (trying to describe this makes my head
spin): a package may have multiple triggers on multiple prefixes and
we need to make sure we only execute triggers of this type, from this
prefix.
This stuff really needs more and better testcases.
Fixes: b3d672a552
The rpmdb cookie is not a security feature, but as these existing
hashes are more convenient than coming up with our own... we then
run into the great big wall of FIPS which in its current incarnation
disallows use of SHA1. And so rpmdbCookie() fails under current FIPS.
Just bumping the algorithm to SHA256 seems the path of lowest
resistance, whether that algo makes sense for this purpose or not.
* Explicitly state that \0 is not supported in queryformat strings.
Signed-off-by: Thomas Moschny <thomas.moschny@gmx.de>
Co-authored-by: Florian Festi <ffesti@redhat.com>
For whatever reason, `runroot_other test -d /foo` ends up testing
for `/foo` outside our test-root, which makes the test broken for what
it's supposed to test, and behave funny should somebody have a `/foo`
directory on their system.
Avoid having to test for the directory by ensuring it's always there,
this would still catch --justdb not working because then find would find
multiple files inside.
If a public key was too short for the curve ID, the code would
previously perform out-of-bounds pointer arithmetic, which is undefined
behavior in C. Check that the packet is long enough to contain the
curve ID before bumping `se` past the curve ID.
Furthermore, if a public key is too short to even contain the fixed-size
header, an out-of-bounds pointer would be created, which is also
undefined behavior. Fix this by returning early if the buffer is too
short.
Finally, return early if the public key algorithm or curve ID is
invalid, rather than relying in processMpis() to fail. While
processMpis() will error out, bailing out explicitly is much clearer.
ad87ced fixed compilation for ARM64 macOS, but it broke builds on Intel
macOS.
Let's fix it by gating the changes from ad87ced behind
`_DARWIN_FEATURE_ONLY_64_BIT_INODE`. This macro is defined whenever the
ARM64 macOS fix is appropriate, but only after we've included
`sys/cdefs.h`.
This does mean that we're still using a deprecated API on Intel macOS
10.6+. I looked into avoiding this, but it seems to require more
significant refactoring. It's not clear that these changes would be
worth it given that Apple is slowly phasing out their Intel machines.
Sometimes you just want to extract the files without touching the
database, just like sometimes you just want the database changed.
Potential use-cases include rpm2cpio style operation and src.rpm
install.
How do we even _know_ user wants to debug malloc in rpmbuild,
maybe user wants to debug it in _the child_?
Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Pass relocatable package prefixes as RPM_INSTALL_PREFIX Lua table
to Lua scriptlets, add a test-case.
In Lua, indexes start at 1 rather than 0, so the numbers appear
off by one which is annoying, but consistent within Lua and our other
similar Lua constructs such as scriptlet arg.
Fixes: #1531
If a package contains a symlink in the buildroot which is declared as a
ghost or config file but is a regular file or directory on the system
where it's installed, a --setperms call will reset its permissions to
those of a symlink (777 on Linux), which almost certainly is not the
correct thing to do.
To fix that, just skip files that were recorded as symlinks.
This is a special case of a general issue in --setperms; since file
permission semantics may change depending on the file type, to stay on
the safe side, any (ghost or config) file whose type changes after
installation should probably be skipped. However, symlinks are the most
prominent case here, so let's just focus on that now and avoid adding
too much cleverness to a popt alias (this got us into trouble not too
long ago, see commits 38c2f6e and 0d83637). We may revisit this in the
eventual C implementation.
These three changed tests were failing, on at least aarch64, due to
architectural incompatibility errors on installing the
`hello-1.0-1.i386.rpm`, though the tests themselves aren't concerned
with executing the binaries, just querying the installed files. Thus, we
can just install them with `--ignorearch`.
Make the regular expressions more precise (anchor them to
the end of the input string), and try to catch any future
unrecognized target triplets by checking for a "-gnu" part
left over after the known variants were supposedly stripped.
There were two problems here: first, the -gnueabihf and -gnuabi64
suffixes were not recognized at all, and second, -gnueabihf was
misdetected as -gnueabi since the regular expression is not precise
enough (no "$" at the end), leading to an inconsistent situation of
host_os_gnu being set (incorrectly) and the suffix *not* removed from
host_os.
We are using weak dependency for ordering now. So it make sense to also
qualify weak dependencies with the time they are needed/wanted in the
transaction to make use of this information in ordering.
Especially (posttrans) could be useful to remove weak deps from dependency
loops during ordering when they are only needed after the installation.
Resolves: #624
Most qualifiers make as much sense to weak dependencies as they do for
normal dependencies, so we'd like to allow them in packages. Rpmbuild
doesn't currently allow them but packages from other implementations may
have them anyway.
To protect rpm's primary means of dependency loop cutting, don't let
weak dependencies inflate the value of pre/post etc dependencies by
simply ignoring those flags.
Since that commit builds would fail with
RPM build errors:
Installed (but unpackaged) file(s) found:
/.gz
Use a similar find -print0 construct as the other loop above.
Commit 13f70e3710 caused minimize_writes
to actually not minimize anything since fsmVerify() only "verifies"
the thing does NOT exist anymore when it exist. Sigh.
FA_TOUCH needs different kind of verification, stat the file instead
to see if it needs creating afterall. This is all soooo broken...
Fixes: #1881
pgpPrtParams() may leave sig2 unchanged and if we're not in the very
first iteration of the while() loop, we could pass a freed pointer to
pgpDigParamsCmp(). Fix by setting it to NULL after freeing.
Found by Coverity, after commit bd36c5d (subkey binding validation),
although note that the commit didn't introduce this bug; it just seems
to have been a false negative that got "fixed" by the changes in
pgpPrtParams() in that commit.
Make sure selfsig is freed in case we break out of the loop in this
block.
Note that the tests added with the binding validation commit bd36c5d do
not cover this code path so valgrind won't show this.
Commit fab2debfe4 managed to mess up the
order of the last two callback arguments, doh.
Goes to show that nobody has missed this stuff in 12+ years, so it might
be more merciful to put this thing out of its misery...
Fixes: #1871
Here is simplified overview of possible dereference:
if (fc == NULL) {
rpmlog(RPMLOG_ERR, _("Empty file classifier\n"));
goto exit;
}
// ...
exit:
rpmstrPoolFreeze(fc->cdict, 0);
~~~~~~~~~
This issue was found by Svace Static Analyzer.
Manual page Relocatable Packges was corrupted
due to use of unescaped angle brackets '<' and '>'.
Parser attempts to interpret these as a html tag.
Fixed by escaping the brackets with '\'.
Demi Marie Obenour