This is the only dependency on awk in the runtime commandline part of
rpm, which is bloating minimal container images a bit. We can rewrite
that into a single sed statement. We love you anyway, awk.
These are obviously the long lost uninstall-time counterparts of
%pretrans and %posttrans.
%preuntrans is easy but %postuntrans is the reason this hasn't been
implemented so far: by the time it's supposed to execute, the header will
be gone. Work around this by allowing the rpmte to hold on to its header
if it has a %postuntrans scriptlet.
Cheapskate on transaction flags and reuse pre/posttrans flags for these
uninstall counterparts too, adding separate flags and disablers just
doesn't seem worth it, especially as we're quite short of free bits.
Fixes: #2119
--setperms, --setugids and --setcaps were fun demos of alias capabilities
in the nineties, but they can be downright dangerous when used
separately, are blisfully unaware of all state in rpm yet try to
duplicate functionality existing in C, and thus are a constant source
of bugs that are between hard to impossible to fix in the alias space.
Add a new transaction element type for the restore operation, wire
through all the necessary places. In places (like ordering) this is
an overkill but otherwise it seems like a natural thing to be able
to process restore alongside package install/remove. The restore
operation is a cross between install and erase codepath-wise so touches
some funny places, but FA_TOUCH does just the thing, and now all the
regular disablers like --nocontext and --nocaps can be used if
necessary, plugins get to do their work and also timestamps are
restored.
Remove the dangerous shell implementations of things and just make them
aliases to --restore.
Fixes: #965
If a package contains a symlink in the buildroot which is declared as a
ghost or config file but is a regular file or directory on the system
where it's installed, a --setperms call will reset its permissions to
those of a symlink (777 on Linux), which almost certainly is not the
correct thing to do.
To fix that, just skip files that were recorded as symlinks.
This is a special case of a general issue in --setperms; since file
permission semantics may change depending on the file type, to stay on
the safe side, any (ghost or config) file whose type changes after
installation should probably be skipped. However, symlinks are the most
prominent case here, so let's just focus on that now and avoid adding
too much cleverness to a popt alias (this got us into trouble not too
long ago, see commits 38c2f6e and 0d83637). We may revisit this in the
eventual C implementation.
When splitting rpmsign from rpmbuild this command line parameter was kept
as an popt alias. But this limits what other parameter can be passed to
the rpmsign command in a difficult to understand way. In the end everyone
is better off using the rpmsign command directly.
Issue a error message stating the parameter is no longer supported and
exit rpmbuild.
Resolves: #153
This adds all of the rpmbuild popt aliases that expand to defines to
rpmspec as well.
It also changes --trace to include --POPTdesc argument help.
[v2: fix an error that broke rpmbuild --trace]
Signed-off-by: Peter Jones <pjones@redhat.com>
In ALT there can be different builds of the same NEVR which only
differ in DistTag, so it is useful to print its value as part of
package information.
Signed-off-by: Vladimir D. Seleznev <vseleznv@altlinux.org>
If a file in a package does not have any capabilities rpm --setcaps should
remove capabilities of the file. Prior to this patch capabilities of the file
were set as empty.
Empty capabilities mean more than no capabilities. A file with no capabilities
can inherit capabilities, but file with empty capabilities can not.
When ever package does not have any capabilities set %|FILECAPS? is false.
If some files have capabilities, %|FILECAPS? is true but %{FILECAPS} is ''
when the file does not have capabilities and '= <capstring>' when there is some.
Reported and patch created by Markus Linnala
Commit message edited by Pavlina Moravcova Varekova and Florian Festi.
Fixes#585Fixes#586
Commit 38c2f6e160 causes --setperms and
--setugids follow symlinks instead of skipping them.
In case of --setperms, all encountered symlinks will have their
target file/directory permissions set to the 0777 of the link itself
(so world writable etc but suid/sgid stripped), temporarily or permanently,
depending on whether the symlink occurs before or after it's target in the
package file list. When the link occurs before its target, there's a short
window where the target is world writable before having it's permissions
reset to original, making it particularly bad for suid/sgid binaries.
--setugids is similarly affected with link targets owner/group changing
to that of the symlink.
Add missing parentheses to the conditions introduced in commit
38c2f6e160 to fix.
Reported by Karel Srot, patch by Pavlina Moravcova Varekova.
Almost nobody uses them, so the
"Relocations : (not relocatable)" line is a waste of screen estate.
Just output the line if there's something interesting to show.
Currenlty, the incantation to skip creating debuginfo RPMs is:
$ rpmbuild -ba --define "debug_package %{nil}" hello.spec
Which looks ad-hoc and always requires me to go back and check my notes...
This commit adds a shortcut by making it possible to run:
$ rpmbuild -ba --nodebuginfo hello.spec
Also add test coverage for the new feature.
%_ftpport and %_ftpproxy have been unused since 2007 or so, and the
cli options --ftpport and --ftpproxy have been pointing to http proxy,
but ftp- and http-proxy is not interchangable. Eliminate the broken
options, http-proxy settings are used for everything. Update the manual
accordingly, claryifying a few things on the way.
--setcaps resets capabilities of package files.
Because the opotion is popt-based it has some drawbacks -
it does not know about %ghost files, file states, etc.
--restore regenerate owner, group, permissions and capabilities
of package files.
It uses 3 already defined options in the correct order.
rpm --setugids is used first of all, because it may change permissions
or capabilities. rpm --setperms is used before rpm --setcaps, but the
opposite order is right too.
This allows you to do 'rpmspec --trace -P foo.spec", which is much more
natural than editing the .spec itself to add %trace, and much more
convenient than using --eval yourself.
Signed-off-by: Peter Jones <pjones@redhat.com>
As of 57f94a5826, it's now possible
to have proper changelogs with dates and times properly set.
Thus, it makes sense to offer an option to render this information.
This patch extends the rpmsign tool to sign package files. It defines a new
rpmsign option called "signfiles".
rpm --addsign [--signfiles] PACKAGE
Signfiles signs all the file digests included in the package and stores
the signatures in the package header. The file signing key, used to sign
the file digests, can be provided one the command line with --fskpath or
in a macro file with %_file_signing_key. After including file signatures,
the package is signed normally.
The package needs to be built with SHA-1 or SHA-2 digests before package
files are signed, this prerequisite is noted in rpmsign man page.
Changelog:
- throw argerror when --fskpath is used without --signfiles
Signed-off-by: Lubos Kardos <lkardos@redhat.com>
On some locales (e.g: french), sort interprets the space character as a
thousands separator. As a result, digit(s) at the beginning of package
names (e.g: '0' for 0ad), are merged with package installation
timestamp and the output of rpm -qa --last is wrong.
For instance, the following list:
1398777401 0ad-0.0.15-3.fc20.x86_64
1397901236 kernel-3.13.10-200.fc20.x86_64
1399198174 kernel-3.14.2-200.fc20.x86_64
is sorted like this:
1398777401 0ad-0.0.15-3.fc20.x86_64
1399198174 kernel-3.14.2-200.fc20.x86_64
1397901236 kernel-3.13.10-200.fc20.x86_64
instead of:
1399198174 kernel-3.14.2-200.fc20.x86_64
1398777401 0ad-0.0.15-3.fc20.x86_64
1397901236 kernel-3.13.10-200.fc20.x86_64
This patch ensures that the space character is not interpreted as a
thousands separator anymore by setting the environment variable
LC_NUMERIC to C locale for numeric sorts.
- Fixes a regression introduced in rpm >= 4.10 caused by query format
simplification (loss of zero padding support), in commit
1f1e5e88a1.
- 'chmod' command doesn't need zero padding, just remove the formatting.
In fact we shouldn't be passing the entire mode to it but just the
permission bits, but fortunately chmod isn't too picky here.
- Previously any arguments to interpreter were invisible unless
you happened to know that RPMTAG_FOOPROG are actually string
arrays despite their type showing plain string, and queried
as arrays. This makes all the arguments for all scriptlets
supporting interpreter arguments visible on --scripts query
and also serves as an example on how to properly query them.i
- Perhaps worth noting is the exact formatting of the query:
"(using[ %{PRETRANSPROG}]" instead of the more typical style of
"(using [%{PRETRANSPROG} ]" to avoid extra trailing blanks.
- poptExecPath() pointing to meaningful place allows removal of these.
- Make test-suite rely on the --initdb exec alias so we catch out
if anything here breaks
- This ensures its available in all our executables without adding
umphteen copies into rpmpopt (after the cli splits, this was missing
in eg rpmdb executable...)
- Changing db_api to db_ver to force breakage on anything using the
value, db_ver containing the BDB major version just to put something
in the error messages where the dbapi version used to be.
- Avoids having to link /bin/rpm with librpmbuild and everything it
might bring in (eg libmagic) which are not needed for core operation.
- Minimally preserve backwards compatibility with popt exec alias
- Add popt exec aliases to rpmdb for backwards compatibility
- Change test-suite to use 'rpmdb --initdb' instead of 'rpm --initdb'
as popt exec aliases with absolute paths dont play very well
with the test-suite, duh...
- This was broken for years without anybody complaining, should
be safe to conclude nobody will miss it later either. And if
somebody misses it, this is a job for rpmlint really.
Panu Matilainen