Compare commits
6 Commits
imports/c8
...
c8
Author | SHA1 | Date |
---|---|---|
eabdullin | c5e12412cf | |
eabdullin | a5abd868a0 | |
CentOS Sources | 801a95ca56 | |
CentOS Sources | a096a86a0e | |
CentOS Sources | 836001d6af | |
CentOS Sources | 56f20294c9 |
|
@ -0,0 +1,107 @@
|
|||
From 186e0ab025b9ad92d900697f611633a6f6162f3b Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Wed, 9 Feb 2022 14:47:14 +0200
|
||||
Subject: [PATCH] Add optional callback on directory changes during rpmfi
|
||||
iteration
|
||||
|
||||
Internal only for now in case we need to fiddle with the API some more,
|
||||
but no reason this couldn't be made public later.
|
||||
---
|
||||
lib/rpmfi.c | 24 ++++++++++++++++++++----
|
||||
lib/rpmfi_internal.h | 17 +++++++++++++++++
|
||||
2 files changed, 37 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/lib/rpmfi.c b/lib/rpmfi.c
|
||||
index aec8220a3..6c631fdb5 100644
|
||||
--- a/lib/rpmfi.c
|
||||
+++ b/lib/rpmfi.c
|
||||
@@ -53,6 +53,9 @@ struct rpmfi_s {
|
||||
int intervalStart; /*!< Start of iterating interval. */
|
||||
int intervalEnd; /*!< End of iterating interval. */
|
||||
|
||||
+ rpmfiChdirCb onChdir; /*!< Callback for directory changes */
|
||||
+ void *onChdirData; /*!< Caller private callback data */
|
||||
+
|
||||
rpmfiles files; /*!< File info set */
|
||||
rpmcpio_t archive; /*!< Archive with payload */
|
||||
unsigned char * found; /*!< Bit field of files found in the archive */
|
||||
@@ -298,11 +301,16 @@ rpm_count_t rpmfiDC(rpmfi fi)
|
||||
return (fi != NULL ? rpmfilesDC(fi->files) : 0);
|
||||
}
|
||||
|
||||
-#ifdef NOTYET
|
||||
-int rpmfiDI(rpmfi fi)
|
||||
+int rpmfiSetOnChdir(rpmfi fi, rpmfiChdirCb cb, void *data)
|
||||
{
|
||||
+ int rc = -1;
|
||||
+ if (fi != NULL) {
|
||||
+ fi->onChdir = cb;
|
||||
+ fi->onChdirData = data;
|
||||
+ rc = 0;
|
||||
+ }
|
||||
+ return rc;
|
||||
}
|
||||
-#endif
|
||||
|
||||
int rpmfiFX(rpmfi fi)
|
||||
{
|
||||
@@ -314,9 +322,17 @@ int rpmfiSetFX(rpmfi fi, int fx)
|
||||
int i = -1;
|
||||
|
||||
if (fi != NULL && fx >= 0 && fx < rpmfilesFC(fi->files)) {
|
||||
+ int dx = fi->j;
|
||||
i = fi->i;
|
||||
fi->i = fx;
|
||||
fi->j = rpmfilesDI(fi->files, fi->i);
|
||||
+ i = fi->i;
|
||||
+
|
||||
+ if (fi->j != dx && fi->onChdir) {
|
||||
+ int chrc = fi->onChdir(fi, fi->onChdirData);
|
||||
+ if (chrc < 0)
|
||||
+ i = chrc;
|
||||
+ }
|
||||
}
|
||||
return i;
|
||||
}
|
||||
@@ -1682,9 +1698,9 @@ static rpmfi initIter(rpmfiles files, int itype, int link)
|
||||
if (files && itype>=0 && itype<=RPMFILEITERMAX) {
|
||||
fi = xcalloc(1, sizeof(*fi));
|
||||
fi->i = -1;
|
||||
+ fi->j = -1;
|
||||
fi->files = link ? rpmfilesLink(files) : files;
|
||||
fi->next = nextfuncs[itype];
|
||||
- fi->i = -1;
|
||||
if (itype == RPMFI_ITER_BACK) {
|
||||
fi->i = rpmfilesFC(fi->files);
|
||||
} else if (itype >=RPMFI_ITER_READ_ARCHIVE
|
||||
diff --git a/lib/rpmfi_internal.h b/lib/rpmfi_internal.h
|
||||
index dccc6ccbe..37f1d45f5 100644
|
||||
--- a/lib/rpmfi_internal.h
|
||||
+++ b/lib/rpmfi_internal.h
|
||||
@@ -13,6 +13,23 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
+/** \ingroup rpmfi
|
||||
+ * Callback on file iterator directory changes
|
||||
+ * @param fi file info
|
||||
+ * @param data caller private callback data
|
||||
+ * @return 0 on success, < 0 on error (to stop iteration)
|
||||
+ */
|
||||
+typedef int (*rpmfiChdirCb)(rpmfi fi, void *data);
|
||||
+
|
||||
+/** \ingroup rpmfi
|
||||
+ * Set a callback for directory changes during iteration.
|
||||
+ * @param fi file info
|
||||
+ * @param cb callback function
|
||||
+ * @param data caller private callback data
|
||||
+ * @return string pool handle (weak reference)
|
||||
+ */
|
||||
+int rpmfiSetOnChdir(rpmfi fi, rpmfiChdirCb cb, void *data);
|
||||
+
|
||||
/** \ingroup rpmfi
|
||||
* Return file info set string pool handle
|
||||
* @param fi file info
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
From 6c66abd34cccbb5b3c063f8f613e0c2faffc415f Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Wed, 13 Dec 2023 11:57:50 +0200
|
||||
Subject: [PATCH] Don't warn about missing user/group on skipped files
|
||||
|
||||
There's no reason to complain about missing user/group for entities
|
||||
we don't create at all. It's cosmetical only, but "regressed" in the
|
||||
4.17 fsm robustness rewrite.
|
||||
|
||||
Reported in https://issues.redhat.com/browse/RHEL-18037
|
||||
---
|
||||
lib/fsm.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/fsm.c b/lib/fsm.c
|
||||
index 2189bd84c..a54e43bae 100644
|
||||
--- a/lib/fsm.c
|
||||
+++ b/lib/fsm.c
|
||||
@@ -903,7 +903,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
|
||||
fp->fpath = fsmFsPath(fi, fp->suffix);
|
||||
|
||||
/* Remap file perms, owner, and group. */
|
||||
- rc = rpmfiStat(fi, 1, &fp->sb);
|
||||
+ rc = rpmfiStat(fi, (fp->skip == 0), &fp->sb);
|
||||
|
||||
/* Hardlinks are tricky and handled elsewhere for install */
|
||||
fp->setmeta = (fp->skip == 0) &&
|
||||
--
|
||||
2.43.0
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
From 0bc13d75b5883ccf4d6579f7a60fb1badd104649 Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Thu, 10 Feb 2022 10:23:22 +0200
|
||||
Subject: [PATCH] Eliminate code duplication from rpmfiNext()
|
||||
|
||||
Now that we can, let rpmfiSetFX() take care of the details.
|
||||
---
|
||||
lib/rpmfi.c | 11 ++---------
|
||||
1 file changed, 2 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/lib/rpmfi.c b/lib/rpmfi.c
|
||||
index 689ead2c5..aec8220a3 100644
|
||||
--- a/lib/rpmfi.c
|
||||
+++ b/lib/rpmfi.c
|
||||
@@ -856,15 +856,8 @@ int rpmfiNext(rpmfi fi)
|
||||
next = fi->next(fi);
|
||||
} while (next == RPMERR_ITER_SKIP);
|
||||
|
||||
- if (next >= 0 && next < rpmfilesFC(fi->files)) {
|
||||
- fi->i = next;
|
||||
- fi->j = rpmfilesDI(fi->files, fi->i);
|
||||
- } else {
|
||||
- fi->i = -1;
|
||||
- if (next >= 0) {
|
||||
- next = -1;
|
||||
- }
|
||||
- }
|
||||
+ if (next >= 0)
|
||||
+ next = rpmfiSetFX(fi, next);
|
||||
}
|
||||
return next;
|
||||
}
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,66 @@
|
|||
From c140768202e271b60910644c1e4bf848a50218d3 Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Mon, 27 Nov 2023 11:52:34 +0200
|
||||
Subject: [PATCH] Emit full paths for file disposition diagnostics on
|
||||
--fsmdebug
|
||||
|
||||
The full path is visible in the actual file operations later, but the
|
||||
pre-flight disposition diagnostics is unreadable without the full path.
|
||||
This regressed in the switch to relative paths for the *at() API family
|
||||
for the symlink CVE fixes.
|
||||
---
|
||||
lib/fsm.c | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/lib/fsm.c b/lib/fsm.c
|
||||
index 091e90554..fcd764648 100644
|
||||
--- a/lib/fsm.c
|
||||
+++ b/lib/fsm.c
|
||||
@@ -482,14 +482,14 @@ static void removeSBITS(int dirfd, const char *path)
|
||||
}
|
||||
}
|
||||
|
||||
-static void fsmDebug(const char *fpath, rpmFileAction action,
|
||||
+static void fsmDebug(const char *dn, const char *fpath, rpmFileAction action,
|
||||
const struct stat *st)
|
||||
{
|
||||
- rpmlog(RPMLOG_DEBUG, "%-10s %06o%3d (%4d,%4d)%6d %s\n",
|
||||
+ rpmlog(RPMLOG_DEBUG, "%-10s %06o%3d (%4d,%4d)%6d %s%s\n",
|
||||
fileActionString(action), (int)st->st_mode,
|
||||
(int)st->st_nlink, (int)st->st_uid,
|
||||
(int)st->st_gid, (int)st->st_size,
|
||||
- (fpath ? fpath : ""));
|
||||
+ (dn ? dn : ""), (fpath ? fpath : ""));
|
||||
}
|
||||
|
||||
static int fsmSymlink(const char *opath, int dirfd, const char *path)
|
||||
@@ -910,7 +910,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
|
||||
(fp->sb.st_nlink == 1 || fp->action == FA_TOUCH);
|
||||
|
||||
setFileState(fs, fx);
|
||||
- fsmDebug(fp->fpath, fp->action, &fp->sb);
|
||||
+ fsmDebug(rpmfiDN(fi), fp->fpath, fp->action, &fp->sb);
|
||||
|
||||
fp->stage = FILE_PRE;
|
||||
}
|
||||
@@ -975,7 +975,7 @@ int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
|
||||
rpmlog(RPMLOG_DEBUG, "file %s vanished unexpectedly\n",
|
||||
fp->fpath);
|
||||
fp->action = FA_CREATE;
|
||||
- fsmDebug(fp->fpath, fp->action, &fp->sb);
|
||||
+ fsmDebug(rpmfiDN(fi), fp->fpath, fp->action, &fp->sb);
|
||||
}
|
||||
|
||||
/* When touching we don't need any of this... */
|
||||
@@ -1138,7 +1138,7 @@ int rpmPackageFilesRemove(rpmts ts, rpmte te, rpmfiles files,
|
||||
|
||||
rc = fsmStat(di.dirfd, fp->fpath, 1, &fp->sb);
|
||||
|
||||
- fsmDebug(fp->fpath, fp->action, &fp->sb);
|
||||
+ fsmDebug(rpmfiDN(fi), fp->fpath, fp->action, &fp->sb);
|
||||
|
||||
/* Run fsm file pre hook for all plugins */
|
||||
rc = rpmpluginsCallFsmFilePre(plugins, fi, fp->fpath,
|
||||
--
|
||||
2.43.0
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
From 89ce4e7ca592f5abafc3f25aeaa07d36a7b43a61 Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Tue, 14 Nov 2023 11:37:48 +0200
|
||||
Subject: [PATCH] Fix wrong return code on O_DIRECTORY open of invalid symlink
|
||||
|
||||
The dir argument to fsmOpenpath() is supposed to be a rough O_DIRECTORY
|
||||
equivalent, and if the path is actually a misowned symlink it should
|
||||
return ENOTDIR instead of ELOOP. Makes the resulting error messages
|
||||
at least a little more comprehensible.
|
||||
---
|
||||
lib/fsm.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/fsm.c b/lib/fsm.c
|
||||
index 51f439ef3..091e90554 100644
|
||||
--- a/lib/fsm.c
|
||||
+++ b/lib/fsm.c
|
||||
@@ -304,6 +304,7 @@ static int fsmOpenat(int dirfd, const char *path, int flags, int dir)
|
||||
struct stat lsb, sb;
|
||||
int sflags = flags | O_NOFOLLOW;
|
||||
int fd = openat(dirfd, path, sflags);
|
||||
+ int ffd = fd;
|
||||
|
||||
/*
|
||||
* Only ever follow symlinks by root or target owner. Since we can't
|
||||
@@ -312,7 +313,7 @@ static int fsmOpenat(int dirfd, const char *path, int flags, int dir)
|
||||
* it could've only been the link owner or root.
|
||||
*/
|
||||
if (fd < 0 && errno == ELOOP && flags != sflags) {
|
||||
- int ffd = openat(dirfd, path, flags);
|
||||
+ ffd = openat(dirfd, path, flags);
|
||||
if (ffd >= 0) {
|
||||
if (fstatat(dirfd, path, &lsb, AT_SYMLINK_NOFOLLOW) == 0) {
|
||||
if (fstat(ffd, &sb) == 0) {
|
||||
@@ -327,7 +328,7 @@ static int fsmOpenat(int dirfd, const char *path, int flags, int dir)
|
||||
}
|
||||
|
||||
/* O_DIRECTORY equivalent */
|
||||
- if (dir && fd >= 0 && fstat(fd, &sb) == 0 && !S_ISDIR(sb.st_mode)) {
|
||||
+ if (dir && ((fd != ffd) || (fd >= 0 && fstat(fd, &sb) == 0 && !S_ISDIR(sb.st_mode)))) {
|
||||
errno = ENOTDIR;
|
||||
fsmClose(&fd);
|
||||
}
|
||||
--
|
||||
2.43.0
|
||||
|
|
@ -0,0 +1,153 @@
|
|||
From ac7b0dbd5a18d2c57a942ca14ac856b8047425ff Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Tue, 15 Feb 2022 10:43:13 +0200
|
||||
Subject: [PATCH] Pass file descriptor to file prepare plugin hook, use when
|
||||
possible
|
||||
|
||||
Sadly the thing that allegedly makes things better mostly just makes
|
||||
things more complicated as symlinks can't be opened, so we'll now have
|
||||
to deal with both cases in plugins too. To make matters worse, most
|
||||
APIs out there support either an fd or a path, but very few support
|
||||
the *at() style dirfd + basename approach so plugins are stuck with
|
||||
absolute paths for now.
|
||||
|
||||
This is of course a plugin API/ABI change too.
|
||||
---
|
||||
lib/rpmplugin.h | 2 +-
|
||||
lib/rpmplugins.c | 4 ++--
|
||||
lib/rpmplugins.h | 3 ++-
|
||||
plugins/ima.c | 9 +++++++--
|
||||
plugins/selinux.c | 13 ++++++++-----
|
||||
5 files changed, 20 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/lib/rpmplugin.h b/lib/rpmplugin.h
|
||||
index fd81aec8d..fab4b3e83 100644
|
||||
--- a/lib/rpmplugin.h
|
||||
+++ b/lib/rpmplugin.h
|
||||
@@ -57,7 +57,7 @@ typedef rpmRC (*plugin_fsm_file_post_func)(rpmPlugin plugin, rpmfi fi,
|
||||
const char* path, mode_t file_mode,
|
||||
rpmFsmOp op, int res);
|
||||
typedef rpmRC (*plugin_fsm_file_prepare_func)(rpmPlugin plugin, rpmfi fi,
|
||||
- const char* path,
|
||||
+ int fd, const char* path,
|
||||
const char *dest,
|
||||
mode_t file_mode, rpmFsmOp op);
|
||||
|
||||
diff --git a/lib/rpmplugins.c b/lib/rpmplugins.c
|
||||
index 65e684e84..923084b78 100644
|
||||
--- a/lib/rpmplugins.c
|
||||
+++ b/lib/rpmplugins.c
|
||||
@@ -384,7 +384,7 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char *path,
|
||||
}
|
||||
|
||||
rpmRC rpmpluginsCallFsmFilePrepare(rpmPlugins plugins, rpmfi fi,
|
||||
- const char *path, const char *dest,
|
||||
+ int fd, const char *path, const char *dest,
|
||||
mode_t file_mode, rpmFsmOp op)
|
||||
{
|
||||
plugin_fsm_file_prepare_func hookFunc;
|
||||
@@ -394,7 +394,7 @@ rpmRC rpmpluginsCallFsmFilePrepare(rpmPlugins plugins, rpmfi fi,
|
||||
for (i = 0; i < plugins->count; i++) {
|
||||
rpmPlugin plugin = plugins->plugins[i];
|
||||
RPMPLUGINS_SET_HOOK_FUNC(fsm_file_prepare);
|
||||
- if (hookFunc && hookFunc(plugin, fi, path, dest, file_mode, op) == RPMRC_FAIL) {
|
||||
+ if (hookFunc && hookFunc(plugin, fi, fd, path, dest, file_mode, op) == RPMRC_FAIL) {
|
||||
rpmlog(RPMLOG_ERR, "Plugin %s: hook fsm_file_prepare failed\n", plugin->name);
|
||||
rc = RPMRC_FAIL;
|
||||
}
|
||||
diff --git a/lib/rpmplugins.h b/lib/rpmplugins.h
|
||||
index 39762c376..ddf5d7048 100644
|
||||
--- a/lib/rpmplugins.h
|
||||
+++ b/lib/rpmplugins.h
|
||||
@@ -156,6 +156,7 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char* path,
|
||||
* permissions etc, but before committing file to destination path.
|
||||
* @param plugins plugins structure
|
||||
* @param fi file info iterator (or NULL)
|
||||
+ * @param fd file descriptor (or -1 if not available)
|
||||
* @param path file object current path
|
||||
* @param dest file object destination path
|
||||
* @param mode file object mode
|
||||
@@ -164,7 +165,7 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char* path,
|
||||
*/
|
||||
RPM_GNUC_INTERNAL
|
||||
rpmRC rpmpluginsCallFsmFilePrepare(rpmPlugins plugins, rpmfi fi,
|
||||
- const char *path, const char *dest,
|
||||
+ int fd, const char *path, const char *dest,
|
||||
mode_t mode, rpmFsmOp op);
|
||||
|
||||
#ifdef __cplusplus
|
||||
diff --git a/plugins/fapolicyd.c b/plugins/fapolicyd.c
|
||||
index 7ac44f0d0..1ff50c30f 100644
|
||||
--- a/plugins/fapolicyd.c
|
||||
+++ b/plugins/fapolicyd.c
|
||||
@@ -145,7 +145,8 @@ static rpmRC fapolicyd_scriptlet_pre(rpmPlugin plugin, const char *s_name,
|
||||
}
|
||||
|
||||
static rpmRC fapolicyd_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
|
||||
- const char *path, const char *dest,
|
||||
+ int fd, const char *path,
|
||||
+ const char *dest,
|
||||
mode_t file_mode, rpmFsmOp op)
|
||||
{
|
||||
/* not ready */
|
||||
--- a/plugins/ima.c 2020-04-28 14:50:11.835399269 +0200
|
||||
+++ b/plugins/ima.c 2023-12-13 11:19:58.835948660 +0100
|
||||
@@ -39,7 +39,7 @@
|
||||
return (memcmp(fsig, &zero_hdr, sizeof(zero_hdr)) == 0);
|
||||
}
|
||||
|
||||
-static rpmRC ima_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
|
||||
+static rpmRC ima_fsm_file_prepare(rpmPlugin plugin, rpmfi fi, int fd,
|
||||
const char *path,
|
||||
const char *dest,
|
||||
mode_t file_mode, rpmFsmOp op)
|
||||
@@ -63,8 +63,14 @@
|
||||
|
||||
fsig = rpmfiFSignature(fi, &len);
|
||||
if (fsig && (check_zero_hdr(fsig, len) == 0)) {
|
||||
- if (lsetxattr(path, XATTR_NAME_IMA, fsig, len, 0) < 0) {
|
||||
- rpmlog(RPMLOG_ERR,
|
||||
+ int xx;
|
||||
+ if (fd >= 0)
|
||||
+ xx = fsetxattr(fd, XATTR_NAME_IMA, fsig, len, 0);
|
||||
+ else
|
||||
+ xx = lsetxattr(path, XATTR_NAME_IMA, fsig, len, 0);
|
||||
+ if (xx < 0) {
|
||||
+ int is_err = errno != EOPNOTSUPP;
|
||||
+ rpmlog(is_err?RPMLOG_ERR:RPMLOG_DEBUG,
|
||||
"ima: could not apply signature on '%s': %s\n",
|
||||
path, strerror(errno));
|
||||
rc = RPMRC_FAIL;
|
||||
--- a/plugins/selinux.c 2023-12-13 11:21:54.935009141 +0100
|
||||
+++ b/plugins/selinux.c 2023-12-13 11:22:23.172510285 +0100
|
||||
@@ -149,7 +149,7 @@
|
||||
return rc;
|
||||
}
|
||||
|
||||
-static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
|
||||
+static rpmRC selinux_fsm_file_prepare(rpmPlugin plugin, rpmfi fi, int fd,
|
||||
const char *path, const char *dest,
|
||||
mode_t file_mode, rpmFsmOp op)
|
||||
{
|
||||
@@ -159,14 +159,17 @@
|
||||
if (sehandle && !XFA_SKIPPING(action)) {
|
||||
security_context_t scon = NULL;
|
||||
if (selabel_lookup_raw(sehandle, &scon, dest, file_mode) == 0) {
|
||||
- int conrc = lsetfilecon(path, scon);
|
||||
+ int conrc;
|
||||
+ if (fd >= 0)
|
||||
+ conrc = fsetfilecon(fd, scon);
|
||||
+ else
|
||||
+ conrc = lsetfilecon(path, scon);
|
||||
|
||||
if (conrc == 0 || (conrc < 0 && errno == EOPNOTSUPP))
|
||||
rc = RPMRC_OK;
|
||||
|
||||
- rpmlog((rc != RPMRC_OK) ? RPMLOG_ERR : RPMLOG_DEBUG,
|
||||
- "lsetfilecon: (%s, %s) %s\n",
|
||||
- path, scon, (conrc < 0 ? strerror(errno) : ""));
|
||||
+ rpmlog((rc != RPMRC_OK) ? RPMLOG_ERR : RPMLOG_DEBUG, "lsetfilecon: (%d %s, %s) %s\n",
|
||||
+ fd, path, scon, (conrc < 0 ? strerror(errno) : ""));
|
||||
|
||||
freecon(scon);
|
||||
} else {
|
|
@ -0,0 +1,32 @@
|
|||
From f1503ab6e898430b80017c0f8347860f3a74d5bb Mon Sep 17 00:00:00 2001
|
||||
From: Florian Festi <ffesti@redhat.com>
|
||||
Date: Mon, 11 Dec 2023 15:50:15 +0100
|
||||
Subject: [PATCH] Print full path if file removal fails
|
||||
|
||||
For normal debug output the basename of the files are sufficient as when
|
||||
debugging is enabled the directories are also printed. But here the
|
||||
warning is given without a debug flag so we need the full context right
|
||||
there.
|
||||
---
|
||||
lib/fsm.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/lib/fsm.c b/lib/fsm.c
|
||||
index fcd764648..2189bd84c 100644
|
||||
--- a/lib/fsm.c
|
||||
+++ b/lib/fsm.c
|
||||
@@ -1174,9 +1174,9 @@ int rpmPackageFilesRemove(rpmts ts, rpmte te, rpmfiles files,
|
||||
|
||||
if (rc) {
|
||||
int lvl = strict_erasures ? RPMLOG_ERR : RPMLOG_WARNING;
|
||||
- rpmlog(lvl, _("%s %s: remove failed: %s\n"),
|
||||
+ rpmlog(lvl, _("%s %s%s: remove failed: %s\n"),
|
||||
S_ISDIR(fp->sb.st_mode) ? _("directory") : _("file"),
|
||||
- fp->fpath, strerror(errno));
|
||||
+ rpmfiDN(fi), fp->fpath, strerror(errno));
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
2.43.0
|
||||
|
|
@ -0,0 +1,90 @@
|
|||
From 6dd62720fe84f7e2ad902c915b952fc0b29e3dcd Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Tue, 15 Feb 2022 11:34:37 +0200
|
||||
Subject: [PATCH] Swap over to dirfd+basename based operation within the fsm
|
||||
|
||||
Within fsm this is just a matter of adjusting error messages to include
|
||||
the directory... if it only wasn't for the plugins requiring absolute
|
||||
paths for outside users. For the plugins, we need to assemble absolute
|
||||
paths as needed, both in ensureDir() and plugin file slots.
|
||||
---
|
||||
lib/rpmplugins.c | 20 +++++++++++++++++---
|
||||
2 files changed, 36 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/lib/rpmplugins.c b/lib/rpmplugins.c
|
||||
index 703368c0d..f06fd7895 100644
|
||||
--- a/lib/rpmplugins.c
|
||||
+++ b/lib/rpmplugins.c
|
||||
@@ -350,21 +350,31 @@ rpmRC rpmpluginsCallScriptletPost(rpmPlugins plugins, const char *s_name, int ty
|
||||
return rc;
|
||||
}
|
||||
|
||||
+static char *abspath(rpmfi fi, const char *path)
|
||||
+{
|
||||
+ if (*path == '/')
|
||||
+ return xstrdup(path);
|
||||
+ else
|
||||
+ return rstrscat(NULL, rpmfiDN(fi), path, NULL);
|
||||
+}
|
||||
+
|
||||
rpmRC rpmpluginsCallFsmFilePre(rpmPlugins plugins, rpmfi fi, const char *path,
|
||||
mode_t file_mode, rpmFsmOp op)
|
||||
{
|
||||
plugin_fsm_file_pre_func hookFunc;
|
||||
int i;
|
||||
rpmRC rc = RPMRC_OK;
|
||||
+ char *apath = abspath(fi, path);
|
||||
|
||||
for (i = 0; i < plugins->count; i++) {
|
||||
rpmPlugin plugin = plugins->plugins[i];
|
||||
RPMPLUGINS_SET_HOOK_FUNC(fsm_file_pre);
|
||||
- if (hookFunc && hookFunc(plugin, fi, path, file_mode, op) == RPMRC_FAIL) {
|
||||
+ if (hookFunc && hookFunc(plugin, fi, apath, file_mode, op) == RPMRC_FAIL) {
|
||||
rpmlog(RPMLOG_ERR, "Plugin %s: hook fsm_file_pre failed\n", plugin->name);
|
||||
rc = RPMRC_FAIL;
|
||||
}
|
||||
}
|
||||
+ free(apath);
|
||||
|
||||
return rc;
|
||||
}
|
||||
@@ -375,14 +385,16 @@ rpmRC rpmpluginsCallFsmFilePost(rpmPlugins plugins, rpmfi fi, const char *path,
|
||||
plugin_fsm_file_post_func hookFunc;
|
||||
int i;
|
||||
rpmRC rc = RPMRC_OK;
|
||||
+ char *apath = abspath(fi, path);
|
||||
|
||||
for (i = 0; i < plugins->count; i++) {
|
||||
rpmPlugin plugin = plugins->plugins[i];
|
||||
RPMPLUGINS_SET_HOOK_FUNC(fsm_file_post);
|
||||
- if (hookFunc && hookFunc(plugin, fi, path, file_mode, op, res) == RPMRC_FAIL) {
|
||||
+ if (hookFunc && hookFunc(plugin, fi, apath, file_mode, op, res) == RPMRC_FAIL) {
|
||||
rpmlog(RPMLOG_WARNING, "Plugin %s: hook fsm_file_post failed\n", plugin->name);
|
||||
}
|
||||
}
|
||||
+ free(apath);
|
||||
|
||||
return rc;
|
||||
}
|
||||
@@ -394,15 +406,17 @@ rpmRC rpmpluginsCallFsmFilePrepare(rpmPlugins plugins, rpmfi fi,
|
||||
plugin_fsm_file_prepare_func hookFunc;
|
||||
int i;
|
||||
rpmRC rc = RPMRC_OK;
|
||||
+ char *apath = abspath(fi, path);
|
||||
|
||||
for (i = 0; i < plugins->count; i++) {
|
||||
rpmPlugin plugin = plugins->plugins[i];
|
||||
RPMPLUGINS_SET_HOOK_FUNC(fsm_file_prepare);
|
||||
- if (hookFunc && hookFunc(plugin, fi, fd, path, dest, file_mode, op) == RPMRC_FAIL) {
|
||||
+ if (hookFunc && hookFunc(plugin, fi, fd, apath, dest, file_mode, op) == RPMRC_FAIL) {
|
||||
rpmlog(RPMLOG_ERR, "Plugin %s: hook fsm_file_prepare failed\n", plugin->name);
|
||||
rc = RPMRC_FAIL;
|
||||
}
|
||||
}
|
||||
+ free(apath);
|
||||
|
||||
return rc;
|
||||
}
|
||||
--
|
||||
2.41.0
|
||||
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,46 @@
|
|||
From acbf558c486ee3518aca74045504f05872da4a58 Mon Sep 17 00:00:00 2001
|
||||
From: Lumir Balhar <lbalhar@redhat.com>
|
||||
Date: Tue, 26 Sep 2023 13:14:44 +0200
|
||||
Subject: [PATCH] brp-python-bytecompile compatibility with newer pythons
|
||||
|
||||
---
|
||||
scripts/brp-python-bytecompile | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/scripts/brp-python-bytecompile b/scripts/brp-python-bytecompile
|
||||
index 4a9b49e..472bf10 100644
|
||||
--- a/scripts/brp-python-bytecompile
|
||||
+++ b/scripts/brp-python-bytecompile
|
||||
@@ -58,7 +58,7 @@ EOF
|
||||
# and below /usr/lib/python3.1/, we're targeting /usr/bin/python3.1
|
||||
|
||||
shopt -s nullglob
|
||||
-for python_libdir in `find "$RPM_BUILD_ROOT" -type d|grep -E "/usr/lib(64)?/python[0-9]\.[0-9]$"`;
|
||||
+for python_libdir in `find "$RPM_BUILD_ROOT" -type d|grep -E "/usr/lib(64)?/python[0-9]\.[0-9]+$"`;
|
||||
do
|
||||
python_binary=/usr/bin/$(basename $python_libdir)
|
||||
if [ "$python_binary" = "/usr/bin/python3.6" ]; then
|
||||
@@ -97,17 +97,17 @@ fi
|
||||
|
||||
# Figure out if there are files to be bytecompiled with the default_python at all
|
||||
# this prevents unnecessary default_python invocation
|
||||
-find "$RPM_BUILD_ROOT" -type f -name "*.py" | grep -Ev "/bin/|/sbin/|/usr/lib(64)?/python[0-9]\.[0-9]|/usr/share/doc" || exit 0
|
||||
+find "$RPM_BUILD_ROOT" -type f -name "*.py" | grep -Ev "/bin/|/sbin/|/usr/lib(64)?/python[0-9]\.[0-9]+|/usr/share/doc" || exit 0
|
||||
|
||||
# Generate normal (.pyc) byte-compiled files.
|
||||
-python_bytecompile "" $default_python "/bin/|/sbin/|/usr/lib(64)?/python[0-9]\.[0-9]|/usr/share/doc" "$RPM_BUILD_ROOT" "$depth" "/"
|
||||
+python_bytecompile "" $default_python "/bin/|/sbin/|/usr/lib(64)?/python[0-9]\.[0-9]+|/usr/share/doc" "$RPM_BUILD_ROOT" "$depth" "/"
|
||||
if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then
|
||||
# One or more of the files had a syntax error
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Generate optimized (.pyo) byte-compiled files.
|
||||
-python_bytecompile "-O" $default_python "/bin/|/sbin/|/usr/lib(64)?/python[0-9]\.[0-9]|/usr/share/doc" "$RPM_BUILD_ROOT" "$depth" "/"
|
||||
+python_bytecompile "-O" $default_python "/bin/|/sbin/|/usr/lib(64)?/python[0-9]\.[0-9]+|/usr/share/doc" "$RPM_BUILD_ROOT" "$depth" "/"
|
||||
if [ $? -ne 0 -a 0$errors_terminate -ne 0 ]; then
|
||||
# One or more of the files had a syntax error
|
||||
exit 1
|
||||
--
|
||||
2.41.0
|
||||
|
|
@ -0,0 +1,197 @@
|
|||
From 013cd4ba63c35fa75feeccde0022d56e68bc5845 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Domonkos <mdomonko@redhat.com>
|
||||
Date: Mon, 16 Aug 2021 18:21:02 +0200
|
||||
Subject: [PATCH] Add support for RPMDBI_BASENAMES on file queries
|
||||
|
||||
There are legitimate reasons (such as rhbz#1940895 or the included test)
|
||||
for wanting the former behavior where all file states were considered in
|
||||
file queries prior to commit 9ad57bda4a82b9847826daa766b4421d877bb3d9,
|
||||
so celebrate the tenth anniversary of that commit by adding a CLI switch
|
||||
(a new package selector --path), as contemplated back then.
|
||||
|
||||
Update the man page for --file to reflect it's current behavior and make
|
||||
--path that more obvious.
|
||||
|
||||
Resolves: rhbz#1940895
|
||||
|
||||
Combined with:
|
||||
d1aebda01033bc8ba0d748b49f6fad9a5c0caa3f
|
||||
f62b6d27cd741406a52a7e9c5b1d6f581dbd3af8
|
||||
|
||||
Backported for 4.14.3.
|
||||
---
|
||||
doc/rpm.8 | 9 ++++++--
|
||||
lib/poptQV.c | 6 +++++-
|
||||
lib/query.c | 7 +++++--
|
||||
lib/rpmcli.h | 1 +
|
||||
tests/rpmquery.at | 52 +++++++++++++++++++++++++++++++++++++++++++++++
|
||||
5 files changed, 70 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/doc/rpm.8 b/doc/rpm.8
|
||||
index 15a3db25f..74604c8ec 100644
|
||||
--- a/doc/rpm.8
|
||||
+++ b/doc/rpm.8
|
||||
@@ -57,7 +57,7 @@ rpm \- RPM Package Manager
|
||||
.PP
|
||||
|
||||
[\fB\fIPACKAGE_NAME\fB\fR]
|
||||
- [\fB-a,--all [\fISELECTOR\fR]\fR] [\fB-f,--file \fIFILE\fB\fR]
|
||||
+ [\fB-a,--all [\fISELECTOR\fR]\fR] [\fB-f,--file \fIFILE\fB\fR] [\fB--path \fIPATH\fB\fR]
|
||||
[\fB-g,--group \fIGROUP\fB\fR] {\fB-p,--package \fIPACKAGE_FILE\fB\fR]
|
||||
[\fB--hdrid \fISHA1\fB\fR] [\fB--pkgid \fIMD5\fB\fR] [\fB--tid \fITID\fB\fR]
|
||||
[\fB--querybynumber \fIHDRNUM\fB\fR] [\fB--triggeredby \fIPACKAGE_NAME\fB\fR]
|
||||
@@ -555,7 +555,7 @@ starts with "b".
|
||||
List duplicated packages.
|
||||
.TP
|
||||
\fB-f, --file \fIFILE\fB\fR
|
||||
-Query package owning \fIFILE\fR.
|
||||
+Query package owning installed \fIFILE\fR.
|
||||
.TP
|
||||
\fB--filecaps\fR
|
||||
List file names with POSIX1.e capabilities.
|
||||
@@ -598,6 +598,11 @@ that will be expanded to paths that are substituted in place of
|
||||
the package manifest as additional \fIPACKAGE_FILE\fR
|
||||
arguments to the query.
|
||||
.TP
|
||||
+\fB--path \fIPATH\fB\fR
|
||||
+Query package(s) owning \fIPATH\fR, whether the file is installed or not.
|
||||
+Multiple packages may own a \fIPATH\fR, but the file is only owned by the
|
||||
+package installed last.
|
||||
+.TP
|
||||
\fB--pkgid \fIMD5\fB\fR
|
||||
Query package that contains a given package identifier, i.e. the
|
||||
\fIMD5\fR digest of the combined header and
|
||||
diff --git a/lib/poptQV.c b/lib/poptQV.c
|
||||
index 9021d7b3c..f752d8b82 100644
|
||||
--- a/lib/poptQV.c
|
||||
+++ b/lib/poptQV.c
|
||||
@@ -27,6 +27,7 @@ struct rpmQVKArguments_s rpmQVKArgs;
|
||||
#define POPT_WHATENHANCES -1014
|
||||
#define POPT_WHATOBSOLETES -1015
|
||||
#define POPT_WHATCONFLICTS -1016
|
||||
+#define POPT_QUERYBYPATH -1017
|
||||
|
||||
/* ========== Query/Verify/Signature source args */
|
||||
static void rpmQVSourceArgCallback( poptContext con,
|
||||
@@ -58,6 +59,7 @@ static void rpmQVSourceArgCallback( poptContext con,
|
||||
case POPT_WHATSUPPLEMENTS: qva->qva_source |= RPMQV_WHATSUPPLEMENTS; break;
|
||||
case POPT_WHATENHANCES: qva->qva_source |= RPMQV_WHATENHANCES; break;
|
||||
case POPT_TRIGGEREDBY: qva->qva_source |= RPMQV_TRIGGEREDBY; break;
|
||||
+ case POPT_QUERYBYPATH: qva->qva_source |= RPMQV_PATH_ALL; break;
|
||||
case POPT_QUERYBYPKGID: qva->qva_source |= RPMQV_PKGID; break;
|
||||
case POPT_QUERYBYHDRID: qva->qva_source |= RPMQV_HDRID; break;
|
||||
case POPT_QUERYBYTID: qva->qva_source |= RPMQV_TID; break;
|
||||
@@ -80,7 +82,9 @@ struct poptOption rpmQVSourcePoptTable[] = {
|
||||
{ "checksig", 'K', POPT_ARGFLAG_DOC_HIDDEN, NULL, 'K',
|
||||
N_("rpm checksig mode"), NULL },
|
||||
{ "file", 'f', 0, 0, 'f',
|
||||
- N_("query/verify package(s) owning file"), "FILE" },
|
||||
+ N_("query/verify package(s) owning installed file"), "FILE" },
|
||||
+ { "path", '\0', 0, 0, POPT_QUERYBYPATH,
|
||||
+ N_("query/verify package(s) owning path, installed or not"), "PATH" },
|
||||
{ "group", 'g', 0, 0, 'g',
|
||||
N_("query/verify package(s) in group"), "GROUP" },
|
||||
{ "package", 'p', 0, 0, 'p',
|
||||
diff --git a/lib/query.c b/lib/query.c
|
||||
index 26cdecf10..e6ea1fa2d 100644
|
||||
--- a/lib/query.c
|
||||
+++ b/lib/query.c
|
||||
@@ -440,6 +440,7 @@ static rpmdbMatchIterator initQueryIterator(QVA_t qva, rpmts ts, const char * ar
|
||||
}
|
||||
/* fallthrough on absolute and relative paths */
|
||||
case RPMQV_PATH:
|
||||
+ case RPMQV_PATH_ALL:
|
||||
{ char * fn;
|
||||
|
||||
for (s = arg; *s != '\0'; s++)
|
||||
@@ -458,8 +459,10 @@ static rpmdbMatchIterator initQueryIterator(QVA_t qva, rpmts ts, const char * ar
|
||||
fn = xstrdup(arg);
|
||||
(void) rpmCleanPath(fn);
|
||||
|
||||
- /* XXX Add a switch to enable former BASENAMES behavior? */
|
||||
- mi = rpmtsInitIterator(ts, RPMDBI_INSTFILENAMES, fn, 0);
|
||||
+ rpmDbiTagVal tag = RPMDBI_INSTFILENAMES;
|
||||
+ if (qva->qva_source == RPMQV_PATH_ALL)
|
||||
+ tag = RPMDBI_BASENAMES;
|
||||
+ mi = rpmtsInitIterator(ts, tag, fn, 0);
|
||||
if (mi == NULL)
|
||||
mi = rpmtsInitIterator(ts, RPMDBI_PROVIDENAME, fn, 0);
|
||||
|
||||
diff --git a/lib/rpmcli.h b/lib/rpmcli.h
|
||||
index 99af2585a..c0d07d137 100644
|
||||
--- a/lib/rpmcli.h
|
||||
+++ b/lib/rpmcli.h
|
||||
@@ -102,6 +102,7 @@ enum rpmQVSources_e {
|
||||
RPMQV_SPECBUILTRPMS, /*!< ... from pkgs which would be built from spec */
|
||||
RPMQV_WHATOBSOLETES, /*!< ... from obsoletes db search. */
|
||||
RPMQV_WHATCONFLICTS, /*!< ... from conflicts db search. */
|
||||
+ RPMQV_PATH_ALL, /*!< ... from file path db search (all states). */
|
||||
};
|
||||
|
||||
typedef rpmFlags rpmQVSources;
|
||||
diff --git a/tests/rpmquery.at b/tests/rpmquery.at
|
||||
index 36c62339a..ad580f664 100644
|
||||
--- a/tests/rpmquery.at
|
||||
+++ b/tests/rpmquery.at
|
||||
@@ -194,6 +194,58 @@ runroot rpm \
|
||||
|
||||
AT_CLEANUP
|
||||
|
||||
+# ------------------------------
|
||||
+# query a package by a file
|
||||
+AT_SETUP([rpm -qf])
|
||||
+AT_KEYWORDS([query])
|
||||
+AT_CHECK([
|
||||
+RPMDB_INIT
|
||||
+runroot rpm \
|
||||
+ --nodeps \
|
||||
+ -i /data/RPMS/hello-1.0-1.i386.rpm
|
||||
+runroot rpm \
|
||||
+ -qf /usr/local/bin/hello
|
||||
+],
|
||||
+[0],
|
||||
+[hello-1.0-1.i386
|
||||
+],
|
||||
+[])
|
||||
+AT_CLEANUP
|
||||
+
|
||||
+AT_SETUP([rpm -qf on non-installed file])
|
||||
+AT_KEYWORDS([query])
|
||||
+AT_CHECK([
|
||||
+RPMDB_INIT
|
||||
+runroot rpm \
|
||||
+ --nodeps \
|
||||
+ --excludedocs \
|
||||
+ -i /data/RPMS/hello-1.0-1.i386.rpm
|
||||
+runroot rpm \
|
||||
+ -qf /usr/share/doc/hello-1.0/FAQ
|
||||
+],
|
||||
+[1],
|
||||
+[],
|
||||
+[error: file /usr/share/doc/hello-1.0/FAQ: No such file or directory
|
||||
+])
|
||||
+AT_CLEANUP
|
||||
+
|
||||
+AT_SETUP([rpm -q --path on non-installed file])
|
||||
+AT_KEYWORDS([query])
|
||||
+AT_CHECK([
|
||||
+RPMDB_INIT
|
||||
+runroot rpm \
|
||||
+ --nodeps \
|
||||
+ --excludedocs \
|
||||
+ -i /data/RPMS/hello-1.0-1.i386.rpm
|
||||
+runroot rpm \
|
||||
+ -q --path /usr/share/doc/hello-1.0/FAQ
|
||||
+],
|
||||
+[0],
|
||||
+[hello-1.0-1.i386
|
||||
+],
|
||||
+[])
|
||||
+AT_CLEANUP
|
||||
+
|
||||
# ------------------------------
|
||||
AT_SETUP([integer array query])
|
||||
AT_KEYWORDS([query])
|
||||
--
|
||||
2.35.1
|
||||
|
|
@ -0,0 +1,167 @@
|
|||
From 534fd1f0c84b12ba6080a46e07c57ef913c77cba Mon Sep 17 00:00:00 2001
|
||||
From: Radovan Sroka <rsroka@redhat.com>
|
||||
Date: Thu, 25 Aug 2022 15:38:01 +0200
|
||||
Subject: [PATCH] fapolicyd: Make write() nonblocking
|
||||
|
||||
- switch to read only and non blocking mode for pipe
|
||||
- add 1 minute loop to wait for pipe to reappear
|
||||
|
||||
Sometimes during the system update/upgrade fapolicyd
|
||||
get restarted e.g. when systemd gets updated.
|
||||
That can lead to the situation where fapolicyd pipe
|
||||
has been removed and created again.
|
||||
In such cases rpm-plugin-fapolicyd gets stuck on
|
||||
write() to the pipe which does not exist anymore.
|
||||
After switching to non blocking file descriptor
|
||||
we can try to reopen the pipe if there is an error
|
||||
from write(). Assuming that a new pipe should appear
|
||||
when fapolicyd daemon starts again.
|
||||
If not then after 1 minute of waiting we expect
|
||||
fapolicyd daemon to be not active and we let the
|
||||
transaction continue.
|
||||
|
||||
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
|
||||
---
|
||||
plugins/fapolicyd.c | 74 +++++++++++++++++++++++++++++++++++++++------
|
||||
1 file changed, 65 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/plugins/fapolicyd.c b/plugins/fapolicyd.c
|
||||
index 1ff50c30f..6c6322941 100644
|
||||
--- a/plugins/fapolicyd.c
|
||||
+++ b/plugins/fapolicyd.c
|
||||
@@ -27,7 +27,7 @@ static rpmRC open_fifo(struct fapolicyd_data* state)
|
||||
int fd = -1;
|
||||
struct stat s;
|
||||
|
||||
- fd = open(state->fifo_path, O_RDWR);
|
||||
+ fd = open(state->fifo_path, O_WRONLY|O_NONBLOCK);
|
||||
if (fd == -1) {
|
||||
rpmlog(RPMLOG_DEBUG, "Open: %s -> %s\n", state->fifo_path, strerror(errno));
|
||||
goto bad;
|
||||
@@ -55,15 +55,26 @@ static rpmRC open_fifo(struct fapolicyd_data* state)
|
||||
}
|
||||
|
||||
state->fd = fd;
|
||||
+
|
||||
/* considering success */
|
||||
return RPMRC_OK;
|
||||
|
||||
bad:
|
||||
if (fd >= 0)
|
||||
close(fd);
|
||||
+
|
||||
+ state->fd = -1;
|
||||
return RPMRC_FAIL;
|
||||
}
|
||||
|
||||
+static void close_fifo(struct fapolicyd_data* state)
|
||||
+{
|
||||
+ if (state->fd > 0)
|
||||
+ (void) close(state->fd);
|
||||
+
|
||||
+ state->fd = -1;
|
||||
+}
|
||||
+
|
||||
static rpmRC write_fifo(struct fapolicyd_data* state, const char * str)
|
||||
{
|
||||
ssize_t len = strlen(str);
|
||||
@@ -86,6 +97,54 @@ static rpmRC write_fifo(struct fapolicyd_data* state, const char * str)
|
||||
return RPMRC_FAIL;
|
||||
}
|
||||
|
||||
+static void try_to_write_to_fifo(struct fapolicyd_data* state, const char * str)
|
||||
+{
|
||||
+ int reload = 0;
|
||||
+ int printed = 0;
|
||||
+
|
||||
+ /* 1min/60s */
|
||||
+ const int timeout = 60;
|
||||
+
|
||||
+ /* wait up to X seconds */
|
||||
+ for (int i = 0; i < timeout; i++) {
|
||||
+
|
||||
+ if (reload) {
|
||||
+ if (!printed) {
|
||||
+ rpmlog(RPMLOG_WARNING, "rpm-plugin-fapolicyd: waiting for the service connection to resume, it can take up to %d seconds\n", timeout);
|
||||
+ printed = 1;
|
||||
+ }
|
||||
+
|
||||
+ (void) close_fifo(state);
|
||||
+ (void) open_fifo(state);
|
||||
+ }
|
||||
+
|
||||
+ if (state->fd >= 0) {
|
||||
+ if (write_fifo(state, str) == RPMRC_OK) {
|
||||
+
|
||||
+ /* write was successful after few reopens */
|
||||
+ if (reload)
|
||||
+ rpmlog(RPMLOG_WARNING, "rpm-plugin-fapolicyd: the service connection has resumed\n");
|
||||
+
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /* failed write or reopen */
|
||||
+ reload = 1;
|
||||
+ sleep(1);
|
||||
+
|
||||
+ /* the last iteration */
|
||||
+ /* consider failure */
|
||||
+ if (i == timeout-1) {
|
||||
+ rpmlog(RPMLOG_WARNING, "rpm-plugin-fapolicyd: the service connection has not resumed\n");
|
||||
+ rpmlog(RPMLOG_WARNING, "rpm-plugin-fapolicyd: continuing without the service\n");
|
||||
+ }
|
||||
+
|
||||
+ }
|
||||
+
|
||||
+}
|
||||
+
|
||||
+
|
||||
static rpmRC fapolicyd_init(rpmPlugin plugin, rpmts ts)
|
||||
{
|
||||
if (rpmtsFlags(ts) & (RPMTRANS_FLAG_TEST|RPMTRANS_FLAG_BUILD_PROBS))
|
||||
@@ -102,10 +161,7 @@ static rpmRC fapolicyd_init(rpmPlugin plugin, rpmts ts)
|
||||
|
||||
static void fapolicyd_cleanup(rpmPlugin plugin)
|
||||
{
|
||||
- if (fapolicyd_state.fd > 0)
|
||||
- (void) close(fapolicyd_state.fd);
|
||||
-
|
||||
- fapolicyd_state.fd = -1;
|
||||
+ (void) close_fifo(&fapolicyd_state);
|
||||
}
|
||||
|
||||
static rpmRC fapolicyd_tsm_post(rpmPlugin plugin, rpmts ts, int res)
|
||||
@@ -116,9 +172,9 @@ static rpmRC fapolicyd_tsm_post(rpmPlugin plugin, rpmts ts, int res)
|
||||
/* we are ready */
|
||||
if (fapolicyd_state.fd > 0) {
|
||||
/* send a signal that transaction is over */
|
||||
- (void) write_fifo(&fapolicyd_state, "1\n");
|
||||
+ (void) try_to_write_to_fifo(&fapolicyd_state, "1\n");
|
||||
/* flush cache */
|
||||
- (void) write_fifo(&fapolicyd_state, "2\n");
|
||||
+ (void) try_to_write_to_fifo(&fapolicyd_state, "2\n");
|
||||
}
|
||||
|
||||
end:
|
||||
@@ -133,7 +189,7 @@ static rpmRC fapolicyd_scriptlet_pre(rpmPlugin plugin, const char *s_name,
|
||||
|
||||
if (fapolicyd_state.changed_files > 0) {
|
||||
/* send signal to flush cache */
|
||||
- (void) write_fifo(&fapolicyd_state, "2\n");
|
||||
+ (void) try_to_write_to_fifo(&fapolicyd_state, "2\n");
|
||||
|
||||
/* optimize flushing */
|
||||
/* flush only when there was an actual change */
|
||||
@@ -176,7 +232,7 @@ static rpmRC fapolicyd_fsm_file_prepare(rpmPlugin plugin, rpmfi fi,
|
||||
char * sha = rpmfiFDigestHex(fi, NULL);
|
||||
|
||||
snprintf(buffer, 4096, "%s %lu %64s\n", dest, size, sha);
|
||||
- (void) write_fifo(&fapolicyd_state, buffer);
|
||||
+ (void) try_to_write_to_fifo(&fapolicyd_state, buffer);
|
||||
|
||||
free(sha);
|
||||
|
||||
--
|
||||
2.37.3
|
||||
|
|
@ -0,0 +1,184 @@
|
|||
From f17aa638649fb8de730fecdbc906dc869b626ba5 Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Tue, 16 Nov 2021 11:49:18 +0200
|
||||
Subject: [PATCH 1/2] Fix spurious %transfiletriggerpostun execution
|
||||
(RhBug:2023311)
|
||||
|
||||
If a package has multiple %transfiletriggerpostun triggers, any one
|
||||
of them matching would cause all of them to run, due to disconnect
|
||||
in the intel gathering stage: we'd gather all the headers with matching
|
||||
files into a lump, and then add any postun triggers found in them,
|
||||
but this loses the triggering file information and causes all postuns
|
||||
to run.
|
||||
|
||||
The triggers need to be added while looping over the file matches,
|
||||
like runFileTriggers() does. Doing so actually simplifies the code.
|
||||
These should really be unified to use the same code, but leaving
|
||||
that exercise to another rainy day.
|
||||
---
|
||||
lib/rpmtriggers.c | 64 +++++++++++++++++++++++------------------------
|
||||
1 file changed, 31 insertions(+), 33 deletions(-)
|
||||
|
||||
diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c
|
||||
index 0827af0c2..dc457f7cc 100644
|
||||
--- a/lib/rpmtriggers.c
|
||||
+++ b/lib/rpmtriggers.c
|
||||
@@ -97,19 +97,37 @@ static void rpmtriggersSortAndUniq(rpmtriggers trigs)
|
||||
}
|
||||
}
|
||||
|
||||
+static void addTriggers(rpmts ts, Header trigH, rpmsenseFlags filter)
|
||||
+{
|
||||
+ int tix = 0;
|
||||
+ rpmds ds;
|
||||
+ rpmds triggers = rpmdsNew(trigH, RPMTAG_TRANSFILETRIGGERNAME, 0);
|
||||
+
|
||||
+ while ((ds = rpmdsFilterTi(triggers, tix))) {
|
||||
+ if ((rpmdsNext(ds) >= 0) && (rpmdsFlags(ds) & filter)) {
|
||||
+ struct rpmtd_s priorities;
|
||||
+
|
||||
+ if (headerGet(trigH, RPMTAG_TRANSFILETRIGGERPRIORITIES,
|
||||
+ &priorities, HEADERGET_MINMEM)) {
|
||||
+ rpmtdSetIndex(&priorities, tix);
|
||||
+ rpmtriggersAdd(ts->trigs2run, headerGetInstance(trigH),
|
||||
+ tix, *rpmtdGetUint32(&priorities));
|
||||
+ }
|
||||
+ }
|
||||
+ rpmdsFree(ds);
|
||||
+ tix++;
|
||||
+ }
|
||||
+ rpmdsFree(triggers);
|
||||
+}
|
||||
+
|
||||
void rpmtriggersPrepPostUnTransFileTrigs(rpmts ts, rpmte te)
|
||||
{
|
||||
- rpmdbMatchIterator mi;
|
||||
rpmdbIndexIterator ii;
|
||||
- Header trigH;
|
||||
const void *key;
|
||||
size_t keylen;
|
||||
rpmfiles files;
|
||||
- rpmds rpmdsTriggers;
|
||||
- rpmds rpmdsTrigger;
|
||||
|
||||
ii = rpmdbIndexIteratorInit(rpmtsGetRdb(ts), RPMDBI_TRANSFILETRIGGERNAME);
|
||||
- mi = rpmdbNewIterator(rpmtsGetRdb(ts), RPMDBI_PACKAGES);
|
||||
files = rpmteFiles(te);
|
||||
|
||||
/* Iterate over file triggers in rpmdb */
|
||||
@@ -121,39 +139,19 @@ void rpmtriggersPrepPostUnTransFileTrigs(rpmts ts, rpmte te)
|
||||
rpmfi fi = rpmfilesFindPrefix(files, pfx);
|
||||
while (rpmfiNext(fi) >= 0) {
|
||||
if (RPMFILE_IS_INSTALLED(rpmfiFState(fi))) {
|
||||
- /* If yes then store it */
|
||||
- rpmdbAppendIterator(mi, rpmdbIndexIteratorPkgOffsets(ii),
|
||||
- rpmdbIndexIteratorNumPkgs(ii));
|
||||
- break;
|
||||
+ unsigned int npkg = rpmdbIndexIteratorNumPkgs(ii);
|
||||
+ const unsigned int *offs = rpmdbIndexIteratorPkgOffsets(ii);
|
||||
+ /* Save any matching postun triggers */
|
||||
+ for (int i = 0; i < npkg; i++) {
|
||||
+ Header h = rpmdbGetHeaderAt(rpmtsGetRdb(ts), offs[i]);
|
||||
+ addTriggers(ts, h, RPMSENSE_TRIGGERPOSTUN);
|
||||
+ headerFree(h);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
rpmfiFree(fi);
|
||||
}
|
||||
rpmdbIndexIteratorFree(ii);
|
||||
-
|
||||
- if (rpmdbGetIteratorCount(mi)) {
|
||||
- /* Filter triggers and save only trans postun triggers into ts */
|
||||
- while ((trigH = rpmdbNextIterator(mi)) != NULL) {
|
||||
- int tix = 0;
|
||||
- rpmdsTriggers = rpmdsNew(trigH, RPMTAG_TRANSFILETRIGGERNAME, 0);
|
||||
- while ((rpmdsTrigger = rpmdsFilterTi(rpmdsTriggers, tix))) {
|
||||
- if ((rpmdsNext(rpmdsTrigger) >= 0) &&
|
||||
- (rpmdsFlags(rpmdsTrigger) & RPMSENSE_TRIGGERPOSTUN)) {
|
||||
- struct rpmtd_s priorities;
|
||||
-
|
||||
- headerGet(trigH, RPMTAG_TRANSFILETRIGGERPRIORITIES,
|
||||
- &priorities, HEADERGET_MINMEM);
|
||||
- rpmtdSetIndex(&priorities, tix);
|
||||
- rpmtriggersAdd(ts->trigs2run, rpmdbGetIteratorOffset(mi),
|
||||
- tix, *rpmtdGetUint32(&priorities));
|
||||
- }
|
||||
- rpmdsFree(rpmdsTrigger);
|
||||
- tix++;
|
||||
- }
|
||||
- rpmdsFree(rpmdsTriggers);
|
||||
- }
|
||||
- }
|
||||
- rpmdbFreeIterator(mi);
|
||||
rpmfilesFree(files);
|
||||
}
|
||||
|
||||
--
|
||||
2.35.1
|
||||
|
||||
From e617e7c550d3523998707c55f96b37ede2c48c78 Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Wed, 2 Feb 2022 13:46:23 +0200
|
||||
Subject: [PATCH 2/2] Really fix spurious %transfiletriggerpostun execution
|
||||
(RhBug:2023311)
|
||||
|
||||
Commit b3d672a5523dfec033160e5cc866432a0e808649 got the base reasoning
|
||||
in the ballpark but the code all wrong, introducing a severe performance
|
||||
regression without actually fixing what it claimed to.
|
||||
|
||||
The missing incredient is actually comparing the current prefix with the
|
||||
triggers in matched package (trying to describe this makes my head
|
||||
spin): a package may have multiple triggers on multiple prefixes and
|
||||
we need to make sure we only execute triggers of this type, from this
|
||||
prefix.
|
||||
|
||||
This stuff really needs more and better testcases.
|
||||
|
||||
Fixes: b3d672a5523dfec033160e5cc866432a0e808649
|
||||
---
|
||||
lib/rpmtriggers.c | 11 +++++++----
|
||||
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/lib/rpmtriggers.c b/lib/rpmtriggers.c
|
||||
index dc457f7cc..c652981be 100644
|
||||
--- a/lib/rpmtriggers.c
|
||||
+++ b/lib/rpmtriggers.c
|
||||
@@ -97,14 +97,16 @@ static void rpmtriggersSortAndUniq(rpmtriggers trigs)
|
||||
}
|
||||
}
|
||||
|
||||
-static void addTriggers(rpmts ts, Header trigH, rpmsenseFlags filter)
|
||||
+static void addTriggers(rpmts ts, Header trigH, rpmsenseFlags filter,
|
||||
+ const char *prefix)
|
||||
{
|
||||
int tix = 0;
|
||||
rpmds ds;
|
||||
rpmds triggers = rpmdsNew(trigH, RPMTAG_TRANSFILETRIGGERNAME, 0);
|
||||
|
||||
while ((ds = rpmdsFilterTi(triggers, tix))) {
|
||||
- if ((rpmdsNext(ds) >= 0) && (rpmdsFlags(ds) & filter)) {
|
||||
+ if ((rpmdsNext(ds) >= 0) && (rpmdsFlags(ds) & filter) &&
|
||||
+ strcmp(prefix, rpmdsN(ds)) == 0) {
|
||||
struct rpmtd_s priorities;
|
||||
|
||||
if (headerGet(trigH, RPMTAG_TRANSFILETRIGGERPRIORITIES,
|
||||
@@ -141,12 +143,13 @@ void rpmtriggersPrepPostUnTransFileTrigs(rpmts ts, rpmte te)
|
||||
if (RPMFILE_IS_INSTALLED(rpmfiFState(fi))) {
|
||||
unsigned int npkg = rpmdbIndexIteratorNumPkgs(ii);
|
||||
const unsigned int *offs = rpmdbIndexIteratorPkgOffsets(ii);
|
||||
- /* Save any matching postun triggers */
|
||||
+ /* Save any postun triggers matching this prefix */
|
||||
for (int i = 0; i < npkg; i++) {
|
||||
Header h = rpmdbGetHeaderAt(rpmtsGetRdb(ts), offs[i]);
|
||||
- addTriggers(ts, h, RPMSENSE_TRIGGERPOSTUN);
|
||||
+ addTriggers(ts, h, RPMSENSE_TRIGGERPOSTUN, pfx);
|
||||
headerFree(h);
|
||||
}
|
||||
+ break;
|
||||
}
|
||||
}
|
||||
rpmfiFree(fi);
|
||||
--
|
||||
2.35.1
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
From 77007d68782b66f2d00d7b200516731246876dca Mon Sep 17 00:00:00 2001
|
||||
From: Panu Matilainen <pmatilai@redhat.com>
|
||||
Date: Thu, 27 May 2021 13:58:58 +0300
|
||||
Subject: [PATCH] Macroize find-debuginfo script location
|
||||
|
||||
Makes it easier to handle varying paths, mainly in preparation for the
|
||||
next step.
|
||||
|
||||
Backported for 4.14.3.
|
||||
---
|
||||
macros.in | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/macros.in b/macros.in
|
||||
index a6069ee4d..be28a3b28 100644
|
||||
--- a/macros.in
|
||||
+++ b/macros.in
|
||||
@@ -82,6 +82,8 @@
|
||||
%__remsh %{__rsh}
|
||||
%__strip @__STRIP@
|
||||
|
||||
+%__find_debuginfo %{_rpmconfigdir}/find-debuginfo.sh
|
||||
+
|
||||
# XXX avoid failures if tools are not installed when rpm is built.
|
||||
%__libtoolize libtoolize
|
||||
%__aclocal aclocal
|
||||
@@ -177,7 +179,7 @@
|
||||
# the script. See the script for details.
|
||||
#
|
||||
%__debug_install_post \
|
||||
- %{_rpmconfigdir}/find-debuginfo.sh \\\
|
||||
+ %{__find_debuginfo} \\\
|
||||
%{?_smp_mflags} \\\
|
||||
%{?_missing_build_ids_terminate_build:--strict-build-id} \\\
|
||||
%{?_no_recompute_build_ids:-n} \\\
|
||||
--
|
||||
2.33.1
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
From fe274b8f965582fdf97e6c46f90b9e7c124b0b8b Mon Sep 17 00:00:00 2001
|
||||
From: Florian Festi <ffesti@redhat.com>
|
||||
Date: Fri, 16 Dec 2022 15:50:12 +0100
|
||||
Subject: [PATCH] rpm2archive: Don't print usage on no arguments
|
||||
|
||||
given as we want to default to reading from stdin and writing to stdout in
|
||||
that case.
|
||||
---
|
||||
rpm2archive.c | 4 ----
|
||||
1 file changed, 4 deletions(-)
|
||||
|
||||
diff --git a/rpm2archive.c b/rpm2archive.c
|
||||
index 09da8d16b..53f047f58 100644
|
||||
--- a/rpm2archive.c
|
||||
+++ b/rpm2archive.c
|
||||
@@ -241,10 +241,6 @@ int main(int argc, const char *argv[])
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
}
|
||||
- if (argc < 2 || poptGetNextOpt(optCon) == 0) {
|
||||
- poptPrintUsage(optCon, stderr, 0);
|
||||
- exit(EXIT_FAILURE);
|
||||
- }
|
||||
|
||||
rpmts ts = rpmtsCreate();
|
||||
rpmVSFlags vsflags = 0;
|
||||
--
|
||||
2.38.1
|
||||
|
|
@ -0,0 +1,138 @@
|
|||
From d8a169164cf40fc1cf6448792c1fa991f19bb375 Mon Sep 17 00:00:00 2001
|
||||
From: Florian Festi <ffesti@redhat.com>
|
||||
Date: Thu, 22 Apr 2021 14:50:34 +0200
|
||||
Subject: [PATCH] Add --nocompression option to rpm2archive
|
||||
|
||||
Also use popt for the command line handling. As we are using librpm
|
||||
anyway there is no reason to keep the dependencies low (as with
|
||||
rpm2cpio).
|
||||
|
||||
Resolves: #1530
|
||||
---
|
||||
doc/rpm2archive.8 | 16 ++++++++++---
|
||||
rpm2archive.c | 60 ++++++++++++++++++++++++++++++++++-------------
|
||||
2 files changed, 57 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/rpm2archive.c b/rpm2archive.c
|
||||
index d96db006ea..cb39c7a712 100644
|
||||
--- a/rpm2archive.c
|
||||
+++ b/rpm2archive.c
|
||||
@@ -10,6 +10,8 @@
|
||||
|
||||
#include <rpm/rpmts.h>
|
||||
|
||||
+#include <popt.h>
|
||||
+
|
||||
#include <archive.h>
|
||||
#include <archive_entry.h>
|
||||
#include <unistd.h>
|
||||
@@ -18,6 +20,16 @@
|
||||
|
||||
#define BUFSIZE (128*1024)
|
||||
|
||||
+int compress = 1;
|
||||
+
|
||||
+static struct poptOption optionsTable[] = {
|
||||
+ { "nocompression", 'n', POPT_ARG_VAL, &compress, 0,
|
||||
+ N_("create uncompressed tar file"),
|
||||
+ NULL },
|
||||
+ POPT_AUTOHELP
|
||||
+ POPT_TABLEEND
|
||||
+};
|
||||
+
|
||||
static void fill_archive_entry(struct archive * a, struct archive_entry * entry, rpmfi fi)
|
||||
{
|
||||
archive_entry_clear(entry);
|
||||
@@ -60,7 +72,7 @@ static void write_file_content(struct archive * a, char * buf, rpmfi fi)
|
||||
}
|
||||
}
|
||||
|
||||
-static int process_package(rpmts ts, char * filename)
|
||||
+static int process_package(rpmts ts, const char * filename)
|
||||
{
|
||||
FD_t fdi;
|
||||
FD_t gzdi;
|
||||
@@ -119,9 +131,11 @@ static int process_package(rpmts ts, char * filename)
|
||||
|
||||
/* create archive */
|
||||
a = archive_write_new();
|
||||
- if (archive_write_add_filter_gzip(a) != ARCHIVE_OK) {
|
||||
- fprintf(stderr, "Error: Could not create gzip output filter\n");
|
||||
- exit(EXIT_FAILURE);
|
||||
+ if (compress) {
|
||||
+ if (archive_write_add_filter_gzip(a) != ARCHIVE_OK) {
|
||||
+ fprintf(stderr, "%s\n", archive_error_string(a));
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
}
|
||||
if (archive_write_set_format_pax_restricted(a) != ARCHIVE_OK) {
|
||||
fprintf(stderr, "Error: Format pax restricted is not supported\n");
|
||||
@@ -142,7 +156,12 @@ static int process_package(rpmts ts, char * filename)
|
||||
}
|
||||
archive_write_open_fd(a, STDOUT_FILENO);
|
||||
} else {
|
||||
- char * outname = rstrscat(NULL, filename, ".tgz", NULL);
|
||||
+ char * outname = rstrscat(NULL, filename, NULL);
|
||||
+ if (compress) {
|
||||
+ outname = rstrscat(&outname, ".tgz", NULL);
|
||||
+ } else {
|
||||
+ outname = rstrscat(&outname, ".tar", NULL);
|
||||
+ }
|
||||
if (archive_write_open_filename(a, outname) != ARCHIVE_OK) {
|
||||
fprintf(stderr, "Error: Can't open output file: %s\n", outname);
|
||||
exit(EXIT_FAILURE);
|
||||
@@ -203,21 +222,22 @@ static int process_package(rpmts ts, char * filename)
|
||||
return rc;
|
||||
}
|
||||
|
||||
-int main(int argc, char *argv[])
|
||||
+int main(int argc, const char *argv[])
|
||||
{
|
||||
- int rc = 0, i;
|
||||
+ int rc = 0;
|
||||
+ poptContext optCon;
|
||||
+ const char *fn;
|
||||
|
||||
xsetprogname(argv[0]); /* Portability call -- see system.h */
|
||||
rpmReadConfigFiles(NULL, NULL);
|
||||
|
||||
- if (argc > 1 && (rstreq(argv[1], "-h") || rstreq(argv[1], "--help"))) {
|
||||
- fprintf(stderr, "Usage: %s [file.rpm ...]\n", argv[0]);
|
||||
+ optCon = poptGetContext(NULL, argc, argv, optionsTable, 0);
|
||||
+ poptSetOtherOptionHelp(optCon, "[OPTIONS]* <FILES>");
|
||||
+ if (argc < 2 || poptGetNextOpt(optCon) == 0) {
|
||||
+ poptPrintUsage(optCon, stderr, 0);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
- if (argc == 1)
|
||||
- argv[argc++] = "-"; /* abuse NULL pointer at the end of argv */
|
||||
-
|
||||
rpmts ts = rpmtsCreate();
|
||||
rpmVSFlags vsflags = 0;
|
||||
|
||||
@@ -227,13 +247,21 @@ int main(int argc, char *argv[])
|
||||
vsflags |= RPMVSF_NOHDRCHK;
|
||||
(void) rpmtsSetVSFlags(ts, vsflags);
|
||||
|
||||
- for (i = 1; i < argc; i++) {
|
||||
+ /* if no file name is given use stdin/stdout */
|
||||
+ if (!poptPeekArg(optCon)) {
|
||||
+ rc = process_package(ts, "-");
|
||||
+ if (rc != 0)
|
||||
+ goto exit;
|
||||
+ }
|
||||
|
||||
- rc = process_package(ts, argv[i]);
|
||||
+ while ((fn = poptGetArg(optCon)) != NULL) {
|
||||
+ rc = process_package(ts, fn);
|
||||
if (rc != 0)
|
||||
- return rc;
|
||||
+ goto exit;
|
||||
}
|
||||
|
||||
+ exit:
|
||||
+ poptFreeContext(optCon);
|
||||
(void) rpmtsFree(ts);
|
||||
return rc;
|
||||
}
|
|
@ -0,0 +1,36 @@
|
|||
From 8f416b275a365426b07c75adfc017e0b18a85450 Mon Sep 17 00:00:00 2001
|
||||
From: Florian Festi <ffesti@redhat.com>
|
||||
Date: Fri, 16 Dec 2022 15:45:20 +0100
|
||||
Subject: [PATCH] rpm2archive: Properly parse popt options
|
||||
|
||||
and issue an error message for unknown options. Before unknown options
|
||||
could mess up the argument parsing leading to reading and writing from
|
||||
stdin/stdout.
|
||||
|
||||
Thanks to Eva Mrakova and the Red Hat QE team for spotting this!
|
||||
---
|
||||
rpm2archive.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/rpm2archive.c b/rpm2archive.c
|
||||
index de1a17d2b..09da8d16b 100644
|
||||
--- a/rpm2archive.c
|
||||
+++ b/rpm2archive.c
|
||||
@@ -233,6 +233,14 @@ int main(int argc, const char *argv[])
|
||||
|
||||
optCon = poptGetContext(NULL, argc, argv, optionsTable, 0);
|
||||
poptSetOtherOptionHelp(optCon, "[OPTIONS]* <FILES>");
|
||||
+ while ((rc = poptGetNextOpt(optCon)) != -1) {
|
||||
+ if (rc < 0) {
|
||||
+ fprintf(stderr, "%s: %s\n",
|
||||
+ poptBadOption(optCon, POPT_BADOPTION_NOALIAS),
|
||||
+ poptStrerror(rc));
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
+ }
|
||||
if (argc < 2 || poptGetNextOpt(optCon) == 0) {
|
||||
poptPrintUsage(optCon, stderr, 0);
|
||||
exit(EXIT_FAILURE);
|
||||
--
|
||||
2.38.1
|
||||
|
|
@ -0,0 +1,40 @@
|
|||
From 2e61e5846f8301f85da9d30281538ea736d96fd0 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Domonkos <mdomonko@redhat.com>
|
||||
Date: Tue, 7 Dec 2021 08:08:37 +0100
|
||||
Subject: [PATCH] Skip recorded symlinks in --setperms (RhBug:1900662)
|
||||
|
||||
If a package contains a symlink in the buildroot which is declared as a
|
||||
ghost or config file but is a regular file or directory on the system
|
||||
where it's installed, a --setperms call will reset its permissions to
|
||||
those of a symlink (777 on Linux), which almost certainly is not the
|
||||
correct thing to do.
|
||||
|
||||
To fix that, just skip files that were recorded as symlinks.
|
||||
|
||||
This is a special case of a general issue in --setperms; since file
|
||||
permission semantics may change depending on the file type, to stay on
|
||||
the safe side, any (ghost or config) file whose type changes after
|
||||
installation should probably be skipped. However, symlinks are the most
|
||||
prominent case here, so let's just focus on that now and avoid adding
|
||||
too much cleverness to a popt alias (this got us into trouble not too
|
||||
long ago, see commits 38c2f6e and 0d83637). We may revisit this in the
|
||||
eventual C implementation.
|
||||
---
|
||||
rpmpopt.in | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/rpmpopt.in b/rpmpopt.in
|
||||
index 67fcabfb1..e130a5d05 100644
|
||||
--- a/rpmpopt.in
|
||||
+++ b/rpmpopt.in
|
||||
@@ -44,6 +44,7 @@ rpm alias --scripts --qf '\
|
||||
--POPTdesc=$"list install/erase scriptlets from package(s)"
|
||||
|
||||
rpm alias --setperms -q --qf '[\[ -L %{FILENAMES:shescape} \] || \
|
||||
+ \[ -n %{FILELINKTOS:shescape} \] || \
|
||||
( \[ $((%{FILEFLAGS} & 2#1001000)) != 0 \] && \[ ! -e %{FILENAMES:shescape} \] ) || \
|
||||
chmod %7{FILEMODES:octal} %{FILENAMES:shescape}\n]' \
|
||||
--pipe "grep -v \(none\) | grep '^. -L ' | sed 's/chmod .../chmod /' | sh" \
|
||||
--
|
||||
2.35.1
|
||||
|
|
@ -0,0 +1,51 @@
|
|||
From f1634250587479d664b34b6de1a6546b2c2b9de5 Mon Sep 17 00:00:00 2001
|
||||
From: Florian Festi <ffesti@redhat.com>
|
||||
Date: Mon, 18 Jan 2021 15:02:34 +0100
|
||||
Subject: [PATCH] rpm2archive: Add more error handling
|
||||
|
||||
Cleanly error out if file can't be written instead of segfaulting
|
||||
|
||||
Resolves: #1091
|
||||
---
|
||||
rpm2archive.c | 17 ++++++++++++-----
|
||||
1 file changed, 12 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/rpm2archive.c b/rpm2archive.c
|
||||
index 646f1663d..15c5da016 100644
|
||||
--- a/rpm2archive.c
|
||||
+++ b/rpm2archive.c
|
||||
@@ -119,9 +119,14 @@ static int process_package(rpmts ts, char * filename)
|
||||
|
||||
/* create archive */
|
||||
a = archive_write_new();
|
||||
- archive_write_add_filter_gzip(a);
|
||||
- archive_write_set_format_pax_restricted(a);
|
||||
-
|
||||
+ if (archive_write_add_filter_gzip(a) != ARCHIVE_OK) {
|
||||
+ fprintf(stderr, "Error: Could not create gzip output filter\n");
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
+ if (archive_write_set_format_pax_restricted(a) != ARCHIVE_OK) {
|
||||
+ fprintf(stderr, "Error: Format pax restricted is not supported\n");
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
if (!strcmp(filename, "-")) {
|
||||
if (isatty(STDOUT_FILENO)) {
|
||||
fprintf(stderr, "Error: refusing to output archive data to a terminal.\n");
|
||||
@@ -130,9 +135,11 @@ static int process_package(rpmts ts, char * filename)
|
||||
archive_write_open_fd(a, STDOUT_FILENO);
|
||||
} else {
|
||||
char * outname = rstrscat(NULL, filename, ".tgz", NULL);
|
||||
- archive_write_open_filename(a, outname);
|
||||
+ if (archive_write_open_filename(a, outname) != ARCHIVE_OK) {
|
||||
+ fprintf(stderr, "Error: Can't open output file: %s\n", outname);
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
_free(outname);
|
||||
- // XXX error handling
|
||||
}
|
||||
|
||||
entry = archive_entry_new();
|
||||
--
|
||||
2.38.1
|
||||
|
|
@ -32,7 +32,7 @@
|
|||
|
||||
%global rpmver 4.14.3
|
||||
#global snapver rc2
|
||||
%global rel 19
|
||||
%global rel 31
|
||||
|
||||
%global srcver %{version}%{?snapver:-%{snapver}}
|
||||
%global srcdir %{?snapver:testing}%{!?snapver:%{name}-%(echo %{version} | cut -d'.' -f1-2).x}
|
||||
|
@ -44,7 +44,7 @@
|
|||
Summary: The RPM package management system
|
||||
Name: rpm
|
||||
Version: %{rpmver}
|
||||
Release: %{?snapver:0.%{snapver}.}%{rel}%{?dist}.2
|
||||
Release: %{?snapver:0.%{snapver}.}%{rel}%{?dist}
|
||||
Group: System Environment/Base
|
||||
Url: http://www.rpm.org/
|
||||
Source0: http://ftp.rpm.org/releases/%{srcdir}/%{name}-%{srcver}.tar.bz2
|
||||
|
@ -109,7 +109,26 @@ Patch154: rpm-4.14.3-more-careful-sig-hdr-copy.patch
|
|||
Patch156: rpm-4.14.3-hdrblobInit-add-bounds-check.patch
|
||||
Patch157: rpm-4.14.3-add-read-only-support-for-sqlite.patch
|
||||
Patch158: rpm-4.14.3-imp-covscan-fixes.patch
|
||||
Patch159: rpm-4.14.3-validate-and-require-subkey-binding-sigs.patch
|
||||
Patch159: rpm-4.14.3-add-path-query-option.patch
|
||||
Patch160: rpm-4.14.3-macroize-find-debuginfo-script-location.patch
|
||||
Patch161: rpm-4.14.3-validate-and-require-subkey-binding-sigs.patch
|
||||
Patch162: rpm-4.14.3-fix-spurious-transfiletriggerpostun-execution.patch
|
||||
Patch163: rpm-4.14.3-skip-recorded-symlinks-in-setperms.patch
|
||||
Patch164: rpm-4.14.3-fapolicyd-make-write-nonblocking.patch
|
||||
Patch165: rpm-4.16.1.3-rpm2archive-error-handling.patch
|
||||
Patch166: rpm-4.14.3-rpm2archive-nocompression.patch
|
||||
Patch167: rpm-4.14.3-rpm2archive-parse-popt-options.patch
|
||||
Patch168: rpm-4.14.3-rpm2archive-Don-t-print-usage.patch
|
||||
# Backport fsm to fix CVEs
|
||||
Patch169: 0001-Eliminate-code-duplication-from-rpmfiNext.patch
|
||||
Patch170: 0001-Add-optional-callback-on-directory-changes-during-rp.patch
|
||||
Patch171: 0001-Pass-file-descriptor-to-file-prepare-plugin-hook-use.patch
|
||||
Patch172: 0001-Swap-over-to-dirfd-basename-based-operation-within-t.patch
|
||||
Patch173: 0001-Use-file-state-machine-from-rpm-4.19.patch
|
||||
Patch174: 0001-Emit-full-paths-for-file-disposition-diagnostics-on-.patch
|
||||
Patch175: 0001-Fix-wrong-return-code-on-O_DIRECTORY-open-of-invalid.patch
|
||||
Patch176: 0001-Print-full-path-if-file-removal-fails.patch
|
||||
Patch177: 0001-Don-t-warn-about-missing-user-group-on-skipped-files.patch
|
||||
|
||||
# Python 3 string API sanity
|
||||
Patch500: 0001-In-Python-3-return-all-our-string-data-as-surrogate-.patch
|
||||
|
@ -141,6 +160,8 @@ Patch1000: disable-python-extra.patch
|
|||
Patch1001: compile-with-Platform-Python-binary-where-relevant.patch
|
||||
# make unversioned %%__python an error unless explicitly overridden
|
||||
Patch1002: rpm-4.14.2-unversioned-python.patch
|
||||
# Make brp-python-bytecompile compatible with Python 3.10+
|
||||
Patch1003: brp-python-bytecompile-compatibility-with-newer-pyth.patch
|
||||
|
||||
# Partially GPL/LGPL dual-licensed and some bits with BSD
|
||||
# SourceLicense: (GPLv2+ and LGPLv2+ with exceptions) and BSD
|
||||
|
@ -690,11 +711,34 @@ make check || cat tests/rpmtests.log
|
|||
%doc doc/librpm/html/*
|
||||
|
||||
%changelog
|
||||
* Mon Jan 10 2022 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-19.2
|
||||
- Address covscan issues in binding sigs validation patch (#2022537)
|
||||
* Tue Dec 12 2023 Florian Festi <ffesti@redhat.com> - 4.14.3-31
|
||||
- Backport file handling code from rpm-4.19 to fix CVE-2021-35937,
|
||||
CVE-2021-35938 and CVE-2021-35939
|
||||
|
||||
* Thu Jan 06 2022 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-19.1
|
||||
- Validate and require subkey binding sigs on PGP pubkeys (#2022537)
|
||||
* Tue Sep 26 2023 Lumír Balhar <lbalhar@redhat.com> - 4.14.3-27
|
||||
- Make brp-python-bytecompile script compatible with Python 3.10+
|
||||
Resolves: RHEL-6423
|
||||
|
||||
* Mon Dec 19 2022 Florian Festi <ffesti@redhat.com> - 4.14.3-26
|
||||
- Add --nocompression to rpm2archive (#2129345)
|
||||
|
||||
* Tue Sep 13 2022 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-24
|
||||
- Make write() nonblocking in fapolicyd plugin (#2110787)
|
||||
|
||||
* Tue Apr 05 2022 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-23
|
||||
- Fix minor ABI regression in rpmcli.h (#1940895)
|
||||
|
||||
* Tue Feb 15 2022 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-22
|
||||
- Fix spurious %transfiletriggerpostun execution (#2023693)
|
||||
- Skip recorded symlinks in --setperms (#1900662)
|
||||
|
||||
* Mon Jan 10 2022 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-21
|
||||
- Address covscan issues in binding sigs validation patch (#1958480)
|
||||
|
||||
* Thu Dec 09 2021 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-20
|
||||
- Add --path query option (#1940895)
|
||||
- Macroize find-debuginfo script location (#2019540)
|
||||
- Validate and require subkey binding sigs on PGP pubkeys (#1958480)
|
||||
- Fixes CVE-2021-3521
|
||||
|
||||
* Wed Oct 06 2021 Michal Domonkos <mdomonko@redhat.com> - 4.14.3-19
|
||||
|
|
Loading…
Reference in New Issue