In case of hardlinked files, we first create a zero-length file
to which all the links are created, the content comes in the last
link. When the links have been created with no permissions at all
(as per commit 7e26e2bd72), reopening
the final file for writing the actual content fails for non-root users.
Which breaks installation of hardlinked files for regular users,
including our testsuite.
Creating the files with write-only permissions solves the issue - we
*are* writing to these files afterall so it only makes sense.
This doesn't stop root from reading the file but neither does zero
permissions so no change there. But if somebody reads a file with
write-only permissions and gets garbage, at least we get to tell
them "told you so".
This reverts commit a42a8cc175.
On closer examination this makes hardlinked files vulnerable to
CVE-2013-6435 again, so it's not a very good fix for breakage
caused by fixing CVE-2013-6435.
add_minidebug uses nm to select the function symbols to include in the
mini-symtab table. But on arches that use function descriptors (like ppc64)
nm --format-posix doesn't make it clear which symbols are real functions
The symbols point to the (stripped away) function descriptor table).
Use --format=sysv style to match the ELF symbol type directly instead of
using the somewhat ambiguous symbol type char used in --format=posix style
in binutils nm.
https://bugzilla.redhat.com/show_bug.cgi?id=1052415
Signed-off-by: Mark Wielaard <mjw@redhat.com>
When creating the compressed mini-symtab section in find-debuginfo
add_minidebug we explicitly remove .gdb_index and .comment. But there
can be other non-empty sections in the debuginfo that shouldn't be
copied. For example rust binaries might have a .rustc section.
Explicitly remove any non-allocated PROGBITS or NOTE sections.
https://bugzilla.redhat.com/show_bug.cgi?id=1382394
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Since newly installed files may be invoked by post install scriptlets,
we need to have them signed before the scriptlets are executed.
Therefore, we now move the IMA plugin to the fsm_file_prepare hook.
This way we can also correctly handle skipped files without silencing
away any errors from lsetxattr().
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Some configuration files are executables and so they require the
signature in the extended attribute. If they are not executable,
they can be skipped.
Examples for configuration files that are also executables are
the grub files in /etc/grub.d.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Besides unused, this has started spitting warnings in recent selinux versions:
In file included from selinux.c:5:0:
/usr/include/selinux/flask.h:5:2: warning: #warning "Please remove any #include's of this header in your source code." [-Wcpp]
#warning "Please remove any #include's of this header in your source code."
^~~~~~~
Commit bbfe1f86b2 tries to behave sanely
and use compat setting when %_build_id_links is undefined, but
rpmExpand() never returns NULL so the original check is incorrect.
Check for empty string instead.
This function is not necessarily called first by rpmdbCheckSignals, as
long as it is a part of API. Thus, it is important to return the same
value on subsequent runs.
Signed-off-by: Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org>
... and rpmdbIndexIterator.
This makes functions assume that the object has been freed if it is not
on the list.
Signed-off-by: Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org>
GCC6 will warn about:
lib/rpmplugins.c: In function ‘rpmpluginsCallInit’:
lib/rpmplugins.c:217:5: warning: this ‘if’ clause does not guard...
if (hookFunc)
^~
lib/rpmplugins.c:219:9: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
if (rc != RPMRC_OK && rc != RPMRC_NOTFOUND)
^~
GCC is right, this is misleading and causes the if statement to be executed
even when it isn't necessary. It doesn't actually cause wrong results
because rc is initialized to RPMRC_OK earlier and can only change when
hookFunc != NULL.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Add a -j <n> option, which, when used, will spawn <n> processes to do the
debuginfo extraction in parallel. A pipe is used to dispatch the files among
the processes.
Signed-off-by: Michal Marek <mmarek@suse.com>
This siplifies the handling of hardlinks a bit and allows a later patch
to parallelize the debuginfo extraction.
Signed-off-by: Michal Marek <mmarek@suse.com>
The logic that tests whether gcc supports or not certain flags uses
AC_COMPILE_IFELSE(). However, when checking for stack smashing
protection support, an AC_LINK_IFELSE() test is needed, since the
build might work but not the link stage if certain libraries are
missing for proper stack smashing protection support.
Therefore, this commit switches to use AC_LINK_IFELSE().
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: James Knight <james.d.knight@live.com>
rpm2cpio.sh was refactored to minimize the use of external tools.
* after refactoring the utility requires to work: dd, printf, and unarchivers;
* add check that file passed as argument is a rpm-file;
* fix signatures of compressed data.
Signed-off-by: Alexey Gladkov <gladkov.alexey@gmail.com>
As 32 bit build suffers under the limitation of 32 bit address space,
regardless of it's environment would be ie. 64 bit and not have this
constration, rpm must make sure not to exceed this memory limitation.
When using multithreaded xz compression, the number of threads used will
increase the memory usage, making it necessary to check the memory
required with the number of threads to be used.
Number of compression threads will therefore be kept reduced untill
amount of memory required won't exceed this limitation.
For 32 bit binaries running under 64 bit host environment, where less
available memory will be reserved for kernel, easing memory constraints,
determination of this will be done by a combination of checking host
arch as well as whether 32 bit personality flag is set, thereby still
allow a sligthly greater memory usage for such cases to avoid
imposing unnecessatry limitations under such environments.
The current version of gpg2 asks for password using a curses dialogue
or a GTK dialogue. Both methods breaks automation of package signing.
If we want to be asked the old way on terminal, we must run gpg2 with
additional arguments '--pinentry-mode loopback' (and gpg-agent must be
allow looping back (--allow-loopback) - allowed by default since 2.1.13).
Currently there is no other way how to tweak gpg command line than
creating a wrapper script and redefining %__gpg macro.
The wrapper script method can lead to use of wrong version of gpg
binary, hence, this patch adds possibility to specify additional command
lines argument passed on gpg's command line.
Signed-off-by: Jakub Filak <jfilak@redhat.com>
Otherwise on old platforms which have GNU Make < 4.0 it will fail with:
/usr/bin/make: invalid option -- 'O'
We could check version of GNU Make, but we want to rely on feature, and
not on the version. Features can be backported.
Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>
Acked-by: Alexey Gladkov <agladkov@redhat.com>
This could lead to a stack-based overflow, while parsing a crafted CPIO header in the payload section of an RPM file.
Fixes: rhbz#1168715, CVE-2014-8118
Fakechroot returns -ENOENT for such paths:
$ FAKECHROOT_BASE=$PWD/tests/testing fakechroot ls /not_an.rpm
/not_an.rpm
$ FAKECHROOT_BASE=$PWD/tests/testing fakechroot ls $PWD/not_an.rpm
ls: cannot access /home/mmarek/GIT/rpm/not_an.rpm: No such file or directory
Signed-off-by: Michal Marek <mmarek@suse.com>
Tomas Orsava from the Fedora Python SIG requested that
the dependency generator support only using pythonXdist(M)
format for both Provides and Requires, so now this capability
exists.
Use the default hash algorithm md5 on RPMs that do not contain the
RPMTAG_FILEDIGESTALGO. This may be the case if the default hash
algorithm used on files is md5 and thus no RPMTAG_FILEDIGESTALGO is
being written (see build/files.c:genCpioListAndHeader()).
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
commit a82119 "configure.ac: use LIBDW always conditionally" contained
a typo that caused WITH_LIBDW_LIB never to be set when you were using
libelf. Fixed by reverting the "!=" to "=" again.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Returning the value into a char is a mistake on all platforms, but is
particularly bad on RISC-V. On that platform (like ARM) char is
unsigned. Therefore EOF (-1) is returned as 255, and the subsequent
test 'c == EOF' ('255 == -1') fails causing an infinite loop.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
On RISC-V, the kernel can return uname.machine == "riscv" (for all bit
sizes). I say "can" return, because that is the default, but it is
also possible to compile the kernel specially so it returns "riscv64"
etc.
GNU is using "riscv64".
This commit converts the kernel uname machine type "riscv" to a more
suitable value.
This conversion is supposed to be done by the arch_canon table.
However the arch_canon table is not populated until after the
defaultMachine function is called for the first time, making it a bit
useless. In any case, arch_canon cannot take into account the bit
size of the architecture, but the C code here can.
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
From setuptools's documentation:
These files are not eggs, strictly speaking. They simply provide a way
to reference an egg that is not physically installed in the desired
location. They exist primarily as a cross-platform alternative to
symbolic links, to support "installing" code that is being developed in
a different location than the desired installation location.
If we read .egg-link using pkg_resources.Distribution it will
never have version as it is just list of directories which should be
taken into account.
We could change into that directories and add eggs from those locations
for parsing, but RPM's dependency generator already passing all files
from built RPM so it just does not make any sense to traverse those
directories.
After all written above, let's just ignore .egg-link files.
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
In 49197c930b we introduced skipping
metadata which has no version, but it's better to show some warning.
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
For example, reading .egg-link using pkg_resources.Distribution returns
actual metadata, but it does not contain version. It returns traceback like:
File "/usr/lib/rpm/pythondistdeps.py", line 113, in <module>
pyver_major = dist.py_version.split('.')[0]
AttributeError: 'NoneType' object has no attribute 'split'
Traceback (most recent call last):
File "/usr/lib/rpm/pythondistdeps.py", line 113, in <module>
pyver_major = dist.py_version.split('.')[0]
AttributeError: 'NoneType' object has no attribute 'split'
Let's just skip such errors as we can't do much about that.
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1368673
Reported-and-tested-by: Igor Gnatenko <ignatenko@redhat.com>
This patch lets debuginfo packages provide build-id like follows:
debuginfo(build-id) = c63cb23876c5fa85f36beaff58f8557e1bf22517
Originally this patch was written by Jan Blunck <jblunck@suse.de>.
Signed-off-by: Igor Gnatenko <ignatenko@redhat.com>
Introduce a new macro _unique_debug_names that when set will pass
--unique-debug-arch "%{_arch}" to find-debuginfo.sh to create debuginfo
files which end in "-<ver>-<rel>.<arch>.debug" instead of simply ".debug".
Adds testcases for dwz and buildid with and without unique debug file names.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Introduces _include_gdb_index macro and -i flag to find-debuginfo.sh to
enable or disable adding a .gdb_index section to debug files. Adds tests
to make sure the .gdb_index is really added (or not) when requested.
Checks that gdb-add-index is actually installed instead of silently
failing if not. Similar for dwz.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Introduce a new macro _unique_build_ids that when set will pass the
version and release to find-debuginfo.sh and debugedit to recalculate
the build-id of ELF files.
Includes two new testcases to make sure the new setting works as expected
both when set and unset.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
This patch moves the main ELF file build-id symlinks from the
debuginfo package into the main package. And uses different
base directories for the main ELF file build-id symlink.
For the main build-id use /usr/lib/.build-id and for the debug
build-id use /usr/lib/debug/.build-id.
There are two reasons for doing this. The main package and the
debuginfo package might get out of sync, or the debuginfo package
might not be installed at all. In which case finding the main ELF
file through the build-id symlink becomes impossible. Secondly by
moving the main ELF build-id symlink in its own directory the
/usr/lib/debug directory gets populated with only debuginfo files
which is convenient if the user might want to have that directory
populated through a network mountpoint.
To support the new logic the symlink code has been moved from
find-debuginfo.sh to build/files.c.
This also includes support for a new config %_build_id_links that
defaults to compat. The other settings are none, alldebug (the old
style) and separate. compat is like separate, but adds a compatibility
link under /usr/lib/debug/.build-id for the main build-id symlink.
There are several new testcases added to test the various settings
using the new keyword "buildid".
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Some old tools might still use the .gnu_debuglink section to find
separate debuginfo files instead of build-id style lookups. When
dwz has compresses the .debug files the original CRC in the main
ELF file will no longer match. Make sure to run sepdebugcrcfix
after dwz to recalculate the CRC.
The original fix was created by Jan Kratochvil based on code
from GNU binutils BFD. https://bugzilla.redhat.com/show_bug.cgi?id=971119
I added a testcase to make sure the CRCs were all correctly
updated after dwz has run to compress a debuginfo package.
And a change (plus testcase) to make sure implicit suid binaries
didn't accidentially got their suid flag bit.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Support for minisymtab (a minimal function symbol table in a compressed
section in the main binary) has been in gdb and elfutils based tools
since some years. Fedora has had this as rpm-4.10.0-minidebuginfo.patch
since 2012.
The patch adjusts macros to pass -m to find-debuginfo.sh when
_include_minidebuginfo has been set. find-debuginfo.sh now takes -m
as argument to generate the .gnu_debugdata ELF section to be added
to the main executable.
To support the testcases a new macros.debug is added that is used to
generate debuginfo packages in the rpmbuild.at testsuite.
The original support was added to Fedora rpm by Alexander Larsson.
Lubos Kardos fixed a bug in it when strip -g was used. I added some
configuration macros and two testcases to check the basic support works
and for the strip -g bug.
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Since commit f4a49c3d44 ( Unceremoniously
eliminate rpmpsmNext() ), when a preun scriptlet is failing, rpm continues to
be erased. Handling return code of runInstScript.
Panu Matilainen