The dir argument to fsmOpenpath() is supposed to be a rough O_DIRECTORY
equivalent, and if the path is actually a misowned symlink it should
return ENOTDIR instead of ELOOP. Makes the resulting error messages
at least a little more comprehensible.
Now that rpm2archive knows how to impersonate rpm2cpio when called by
that name, we can just drop the latter entirely. The one notable
behavior change is src.rpm contents now getting ./ prepended to the
paths. We could fixup for that too, but there's doesn't seem to be
any reason to bother.
It's crucial that we start steering people away from rpm2cpio because it
wont be able to deal with v6 content. cpio is obsolete even in POSIX now.
Do all the entry fillup in the function intended for that,
no functional changes intended. Drop the unnecessary nlink check
from the unpacking: if there's content, it should unpacked.
cpio is a legacy format but content in that format will remain with us
for a very, very, very long time still. Better support the format here
than have to support a separate tool just for the purpose.
The "new ascii cpio" format can't host files larger than 4GB, but
most rpm content fits and will continue to do so in that range easily,
so instead of just outlawing the good 'ole format, just skip over
anything we can't handle and emit a warning.
Additionally, if invoked as "rpm2cpio", behave like it: no compression,
cpio format.
Take advantage of rpmfiStat() and archive_entry_copy_stat() which
handle most of the dirty work here. Hardlink sizes are special because
in archives, the file size is 0 except for the one with the content,
but otherwise of course hardlinked files have sizes as usual.
runroot is the wrong thing to use with rpm2cpio which doesn't understand
things like --define. This has only worked because rpm2cpio is dumb
enough not to look at its arguments at all.
glibc versions prior to 2020 know about AT_SYMLINK_NOFOLLOW but don't
actually implement it for fchmodat() and returns ENOSYS when used.
We don't check the return code in removeSBITS() so this silently fails
on those older versions.
We already verify the thing is not a link in the fstatat() condition
because cap_set_fileat() doesn't have any "dont follow" mode at all,
so we can just as well drop it from the fchmodat() and make this
work on more libc versions.
Add a test for the suid bit removal while at it.
The fedora-repos-modular package is gone from F39. This commit makes
the Dockerfile work on a F39 host with the mktree.oci backend since we
override the release with "podman build --from fedora:39 ..." there.
Commit 11132fc21f assumed that the value
of 0 is never used in practice and thus used it to indicate "disabled",
however that assumption has turned out to be wrong because ostree uses
precisely that value as mtime in inodes, which in turn breaks existing
workflows in this space (see the associated ticket).
Fix this by reverting the above commit (except leaving source_date_epoch
initialized to 0, to prevent GCC warnings as mentioned in that commit).
As to why not just initialize source_date_epoch to -1: time_t happens to
be a signed integer on most platforms but POSIX doesn't specify its
signed-ness.
Add some accompanying tests too.
Fixes: #2679
Configure traditionally sets it to %{_prefix}/com which RPM has followed
so far. But this directory is not used anywhere and everybody changes
the location to /var/lib. This also changes the default for the %configure
macro. This is safe as everyone that cares about the the sharedstatedir
had to set it manually anyway.
Resolves: #2092
Now that we can, just define __file_lineno as an auxiliary macro that
only does any work in the rare case where an error or warning occurred.
This saves an enormous amount of huffing and puffing defining and
undefining macros that are not used at all in the normal paths, on
every rpm startup and spec parse.
Technically we could use a common macro function for both but as they're
in separate libraries, this doesn't seem worth the few lines of saving.
People will want to use existing sysusers.d files through rpm and while
we don't support 'r' and 'm' at this time, we shouldn't really call
them "invalid" and error out. Issue a warning instead, and ignore.
This is the first half of
https://bugzilla.redhat.com/show_bug.cgi?id=2246236
After years of BDB, sometimes folks just want some assurance that their db
is still fine. Properly exposing an operation to do so hopefully makes
less likely to poke at the db directly (with eg sqlite3 command).
Right now, if the podman image fails to build or rpm fails to
build/install, we happily continue and run the test-suite, only to
eventually fail with some cryptic error, such as:
error: cannot find rpm
Not too helpful, indeed. Instead, just fail the whole tree preparation
process if we encounter an error.
Fix the return code of unshared() so that we don't fail on that, though.
Also, when building the RPM layer, use a proper cleanup trap instead of
ignoring SIGINT since a failing make_install() can now terminate the
script.
Fixes: #2667
This name is a better fit as it puts more emphasis on the format of the
resulting tree, not as much on the actual container engine used (which
can be swapped, and currently is in the CI where we use docker instead
of podman).
Also drop the awkward .docker symlink now and instead pass the container
engine through the MKTREE_ENGINE environment variable.
Turns out the docker command in CI is set up such that it doesn't need
an explicit sudo, so remove it. This will also allow us to easily pass
environment variables to mktree in the next commit (as otherwise we'd
have to use the ugly -E, --preserve-env option).
No functional change.
Commit 09e472040a moved the snapshot
function to mktree.common so that we could later use it in non-cmake
mode (outside of the build directory) too, to containerize rpmtests
itself. In the end, however, we've decided to just use Podman/Docker
for the outer container as it simplifies things.
Therefore, the snapshot function is no longer needed outside of the
test-suite, it's an internal implementation detail at this point which
doesn't have anything to do with mktree, so move it back to atlocal
where it really belongs.
As a bonus, the rpmtests wrapper can now be simplified a bit more, too.
No functional change.
Instead of manually bootstrapping our own base "image" using a host
specific script, just use the official, prebuilt OCI images with
Podman/Docker. This has several advantages:
- Standard, ubiquitous OCI images (easy support for other distros)
- No manual setup of DNF, RPM macros, user namespaces and whatnot
- Single recipe (Dockerfile) for both the local and CI purposes
- Outsourced image caching (Podman/Docker storage)
- Faster (just downloads the prebuilt image)
- Less dependencies on the host
Now that we've prepared mktree.podman for local use, just switch to it
in cmake and drop the Fedora backend. Update the docs and comments
accordingly, too, those should explain the details.
Fixes: #2643
Instead of building RPM from scratch as part of the image, allow for
reusing the existing build artifacts on the host to produce the final
image.
This ensures we test the actual local build, not just the sources, and
speeds up the whole process, allowing it to be used for local
development as well.
No immediate effect, we'll hook this up to cmake in the next commit.
Rename the existing Dockerfile and add a symlink for the original
filename. This will allow for supporting other, non-Fedora, Linux
distros in the future and is a prerequisite for the next commits.
Right now, we build and tag a new image on each mktree.podman run. This
causes an unnecessary buildup of images over time that needs to be
manually cleaned with podman-image-prune(1). Instead, tag the base
layer and then only rebuild the RPM layer.
Log mode is mostly useful in the CI environment so don't enable it by
default. This is another step towards the unified OCI backend.
No functional change.
This invokes an interactive shell in a dummy test where all the usual
test commands work, and is meant as a replacement for what mktree.fedora
currently does for its shell/atshell commands. This feature basically
emulates a single test so it really belongs to the rpmtests wrapper, not
mktree.
For consistency, also do the permission fixup for rpmtests.dir (just
like in mktree.fedora), this will be needed once we drop mktree.fedora.
Don't symlink rpmtests itself, we can run it directly from the
installation directory in the test tree. This eliminates some extra
cd-ing.
No functional change.
Allows %prep, %conf, %build, %install, %check, %clean and %generate_depends
to be augmented arbitrary number of times by appending or prepending to
them. The main use-case is to support automatic population of these
sections (declarative builds) while still allowing packagers to easily
tweak them, but could also be useful for complicated conditional specs
and such.
Related: #1087
Now that we can, implement %setup and %patch as auxiliary macros that are
defined only during %prep parsing. And voila, %prep is no longer special
at all. Not much anyhow.
Notably rpmspec --parse now emits %build where it belongs.
The error message on %patchN is now very much an ugly hack, but at least
it's something we can drop one sunny day.
Fixes: #2205
Panu Matilainen