Age | Commit message (Collapse) | Author | Files | Lines |
|
The following issues are fixed:
1. Prevent execution of arbitrary scripts
2. Enable dash(-) in spec file.
3. Ignore bad expressions in %if conditionals.
4. Ignore unknown tags.
5. Ignore error macro.
Change-Id: Id5b7b47c1a78de364ef0d513023fbe9ccc773a87
Signed-off-by: xuhy <huayong.xu@samsung.com>
|
|
Change-Id: I21bf1a3a7c25cbec43022202cf2e5865b603a309
Signed-off-by: wangbiao <biao716.wang@samsung.com>
|
|
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
|
|
|
|
|
|
-All post hooks take an additional rc argument that indicates general return code from operation.
-All post hooks are always called if correspoding pre hook has been called.
-The return value from post hooks is curently ignored
Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
|
|
Three new hooks added:
PLUGINHOOK_SCRIPTLET_PRE_FUNC
Called before scriptlet execution
PLUGINHOOK_SCRIPTLET_FORK_POST_FUNC
Called after fork() but before scriptlet execution
PLUGINHOOK_SCRIPTLET_POST_FUNC
Called after scriptlet execution
Currently pre and post hooks are called for externals and internal lua scripts.
post hook is called even if scriptlet execution has failed and
the return code is given as an argument.
fork_post hook is only called for external scriptlets,
because for internal scriptlets no fork() is currently performed.
Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
|
|
This change adds a new type of the rpm plugin, called transaction plugin
and a set of initial hooks for this plugin. The hooks are:
PLUGINHOOK_TSM_PRE
Pre-transaction hook that is called before an rpm transaction begins
PLUGINHOOK_TSM_POST
Post-transaction hook that is called after an rpm transaction ends
PLUGINHOOK_PSM_PRE
Pre-transaction-element hook that is called before an rpm
transaction-element is processed
PLUGINHOOK_PSM_POST
Post-transaction-element hook that is called after an rpm
transaction-element is processed
PLUGINHOOK_SCRIPT_SETUP
Per-script hook that is called once for each rpm mainainers script
that is present in the package
Each hook is called for every plugin that have this hook registered.
The avaliable transaction plugins can be specified in macros.in via
transaction_plugins element.
Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
A) use RPMTAG_SUGGESTS and RPMTAG_ENHANCES to store them.
This is different to upstream, which uses RPMSENSE_MISSINGOK
and RPMTAG_REQUIRES/RPMTAG_PROVIDES instead. I chose different
tags because I wanted to be compatible. The point is that
applications that don't know about the new MISSINGOK semantics
will mis-interpret the provides/requires otherwise, which
I deemed to risky.
B) use RPMSENSE_STRONG to support a "strong" version, "Recommends"
instead of "Suggests" and "Supplements" instead of "Enhances".
|
|
Suspend exclusive database lock when scriptlets get called, allowing
read access in scriptlets. Only needed for DB_PRIVATE (aka global)
locking.
|
|
Fix global (DB_PRIVATE) lock code: fix recursion counter, retry
failed lock operations for up to 3 minutes.
|
|
Also test architecture in "refresh" test when not colored. This allows
updates to different architectures.
|
|
This patch supports an extension in the condition evaluation.
If the condition is a format and returns an nonempty string, it is
assumed to be true.
This mechanism is used by the weakdeps patch to filter the
"RPMSENSE_STRONG" flag.
|
|
|
|
Needs berkeley db patch.
|
|
Also compare the name and not only the version when checking if
two packages are the same. rh#104066
|
|
Assumes utf8 input if the decoding works, otherwise iso-8859-1.
(imported from suse rpm)
|
|
- Make rpmfiConfigConflict() consider any existing %ghost %config
as "modified". This causes them to be left alone on erasure to match
long-standing rpm behavior (whether the behavior is intended or not...)
Ghost config testcase passes again, talk about flip-flop. Sigh.
- Legacy behavior had an extra twist which we are intentionally NOT
restoring: if a non-empty %ghost exists at build-time, its digest
is stored in the header despite the file not being present in
the payload. With previous versions of rpm, the contents of an
existing %ghost %config would be compared to the one in header and
resulting in different behavior on erasure: if the contents matched
that of build-time, the file would be removed, otherwise it would
be preserved. Ghosts remembering their identity from previous life
goes a little bit too far into the land of paranormal for me...
(cherry picked from commit 233e4573d1d21a36d06874fea6c594428033802e)
|
|
- Explicitly test for shared file/dir being ghost when deciding whether
to skip create: we must never skip the creation of a real file/dir
because of a ghost as the ghosts do not get created.
- This fixes the shared ghost testcase, ie the thing that commit
a712252392eca75443ca45c10a72873cabec7963 was supposed to fix,
without side-effects that I can see.
(cherry picked from commit 147a26c5f672ee3421fe057725f6be357031bbb5)
|
|
- Reverts the bad half of commit a712252392eca75443ca45c10a72873cabec7963:
treating files that wont be installed as skipped seems logical enough,
but rpm disagrees... making %ghosts FA_SKIP on install causes
upgrades on %ghost %config files to miss the necessary FA_SKIP getting
set on the erase half via handleInstInstalledFile() and
rpmfiDecideFate(), causing %ghost %config files to be nuked. Which isn't
very nice when your /var/lib/rpm/ contents are packaged as
%ghost %config...
- This fixes the %ghost %config testcase but breaks the shared %ghost
case in turn.
(cherry picked from commit 471b74bf6e218abb06bb3131a259cdfaec3f08cf)
|
|
- Only skip shared file/dir creation if its actually being created
by another package. Previously we could've decided to skip an entry
where the other file was also being skipped for some other reason.
- Ensure %ghost entries always have FA_SKIP on install, previously
they often were FA_CREATE which makes no sense for %ghost. We dont
encounter %ghosts at all during install in the FSM as they dont
exist in the payload, but the file disposition calculations need
to take them into account now that we're avoiding redundant creates.
- Fixes a regression from commit f7f5f88f9f3d6587e747b034ccb64a3f00ff4e1e
which unearthed the %ghost FA_CREATE issue, reported here:
http://lists.fedoraproject.org/pipermail/buildsys/2013-January/004047.html
(cherry picked from commit a712252392eca75443ca45c10a72873cabec7963)
|
|
- Previously the pool would only get allocated on successfull addition
of install or erasure elements, causing assert() failures on
operations on empty transaction set, which should be just a no-op,
not an error.
- Make rpmtsPool() create the pool if it doesn't exist, update relevant
users to call rpmtsPool() instead of directly accessing tsmem->pool,
this avoids having to worry about pool existence in all the various cases.
- Also fix up the pool-related comment on rpmtsEmpty(): pools does not
and can not support emptying as it could break references to its
contents. Per-string refcount would be needed for emptying support.
(cherry picked from commit d73535e1a9dc5095e78475adc5b636d99f01efa9)
|
|
- grabData() only returns non-NULL on data length > 0, separately
checking for length only makes it look like a possible case when
its not. If it were, it'd be a memory leak.
(cherry picked from commit aa6af71d457be5d78252f23ea68322dcaf199e4e)
|
|
- Nothing is setting "arch" here anymore, this should've been removed in
commit fddfee17c3c4e19269665800d557d3452cbde162 already
(cherry picked from commit 1c3f966903743ea571a23e1af08a618b4179c5cb)
|
|
- rpmpkgRead() starts with assumed failure, but there are a number
of places assigning the return code, and by the time we get
to the parsePGPSig() calls its likely to be RPMRC_OK, so the
jumps to exit result in "all is well" return code on a signature
we couldn't even parse. Oops.
- Set the failure status explicitly to fix this fairly nasty regression
introduced in commit e8bc3ff5d780f4ee6656c24464402723e5fb04f4, ie
rpm >= 4.10.
(cherry picked from commit 96a616c6aed4c516789a154af188f005caf23f14)
|
|
- Should've been in commit cbd6ef58bbc122e6adf2138679915bd3845d6756,
this breaks build when selinux-support is not compiled in
(cherry picked from commit ebba1c7b58ba089bb9e1ded147c789d9ca067b6c)
|
|
(cherry picked from commit 644f080a4868208bf61f28103b7b676c094129a0)
|
|
- Similar to commit 85df102165fdbe64978f2019d757d400e7448218, but
for forced file replacements.
(cherry picked from commit b1d3f21a54eb1f23a08e9e2d943a6438502b0e47)
|
|
- Since commit f7f5f88f9f3d6587e747b034ccb64a3f00ff4e1e, only the first
instance of shared files is created, the rest are FA_SKIP which
consume no disk space and are not counted either.
(cherry picked from commit f8da4f613680b4da4ee191f8b7451de9b36bfcbd)
|
|
- When updating packages, we first create them with a temporary names
and only after all files from payload have been created this way,
the files are renamed to the final target. This means that performing
an update temporarily requires roughly twice the disk space (and inodes)
compared to the final result on per-package level. Which matters
when space is tight, such as presumably in RhBug:872314.
- Simulate what happens on upgrades by adding block and inode delta
to the equation: installing a file always consumes an inode and
the specified amount of disk space. But when replacing files,
reduce the size-delta from disk consumption *after* checking for
problems in a given DSI.
- Also fixes inode accounting which has been broken for forever (since
commit a9a1fd866c573f41287e6ad256ce64b3970a1eaa more exactly)
(cherry picked from commit 85df102165fdbe64978f2019d757d400e7448218)
|
|
- There of course already is a drop-in directory for macro config bits
in $(sysconfdir)/rpm/ but as /etc is supposed to be per-host admin
territory, having another place for system package provided rpm config
doesn't seem unreasonable.
- Whether this early in the path is the best possible or even reasonable
position for this remains to be seen... but this way it could be used
for "factory default" config bits by rpm itself as well, while still
permitting vendor/host/user override.
(cherry picked from commit dcd261b9fe1e61e8ac3e99dbb443145bbf896886)
|
|
(cherry picked from commit 4b19c17f53f56c841903e5d6a09efdb10b2ca400)
|
|
- In recent Fedora, struct selinux_opt value member is changed to an
anonymous union of char * and char **. Initialize the members by name
to avoid warnings in both (patched and unpatched) cases.
|
|
- We haven't removed or changed any interfaces in a way that would
require full soname bump, only a handful of new interfaces have
been added.
- There aren't actually any new interfaces in librpmbuild or librpmsign
but for sanity and consistency's sake they're all updated...
|
|
- In the package/transaction related things the strpool is more of
an internal implementation detail than an end-goal in itself, move
string pool related interfaces of rpmts, rpmfi and rpmds to
internal-only APIs for now. The kind interfaces we'll want to eventually
export a) dont exist yet and b) are likely to be something very different.
- The string pool itself remains exported however, its a handy data
structure for all sorts of things and both librpm and librpmbuild
heavily use it already.
|
|
- There are no guarantees Fread() will return all of the requested size:
it can return partial data eg on signals and pipe descriptors. Introduce
a helper function to handle this centrally for all package read IO,
effectively reintroducing timedRead() but without the caveats:
timedRead() did not work on compressed streams, did not handle
eg EINTR correctly and while really being an internal helper,
was exported in the API.
|
|
- When the "BEGIN PGP" marker is not found at all, we would silently
exit with success when trying to import utter garbage, such as
rpmkeys --import /bin/bash (not that I consider bash as gargabe ;)
|
|
- Nobody is freezing our pool so there's no need to unfreeze it either...
|
|
- Prior to string pool existence, the static "caches" were kinda
necessary for sharing the relatively static content of user/group
names and file languages, but this is nothing but an unfreeable
block of memory at this point. Just use the same pool as everything
else - whether private or shared.
|
|
- If link or regular file sizes differ, they cannot possibly be
identical. Saves us from doing bunch of pointless string and
memory comparisons on what's a very busy path - not exactly a huge
with but measurable nevertheless.
|
|
- Files of different size cannot possibly be identical, dont bother
with expensive digest calculation.
|
|
Add compatibility support for both lua-5.1 and lua-5.2,
assuming that the LUA_COMPAT might have been disabled.
Signed-off-by: Panu Matilainen <pmatilai@redhat.com>
|
|
- Calculating digest of %ghost config is useless as there's nothing
to compare the result to. Also we never take backups of %ghost
configuration anyway, so this is a total waste of time. One common
case of %ghost %config is the rpmdb (environment and all) which
can be rather large and calculating digests can take several seconds,
only for the results to be thrown away unused.
- There are some cases where it might be reasonable to back up %ghost
%config (eg if it gets replaced by non-config), but
rpmfiConfigConflictIndex() doesn't have sufficient context to figure
that out. For now, preserve the traditional simple rule: no backups
for ghosts, ever.
|