| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
cap_compare() is in libcap since 2008 or so, we really don't need to
bother with versions older than that. Another redundant configure check
and a piece of moldy code bites the dust.
|
|
|
|
|
| |
This is not supposed to actually change anything as such but
inconsistency is bad and causes other kinds of headaches.
|
|
|
|
|
| |
This improves performance of rpm -V --nofiledigests by ~2%
by avoiding an extra parameter and a sprintf call.
|
|
|
|
|
| |
Include necessary headers that were previously transitively included
by including rpmpgp.h.
|
|
|
|
|
|
|
|
|
|
| |
Back in 2013, the Berkeley DB license was changed in a way that prevented
most of open-source world to go along, rpm was no different. We now have
other options and a standalone migration path from BDB for those that
haven't yet done so.
Whatever else might be said about this partnership, it has been a long one.
Now's the time to part ways.
|
|
|
|
|
| |
fcntl.h is standard, include it from places that need it and drop
from system.h.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rpm used to rely on the "replacepkgs hack" to get rid of the old
header entry when reinstalling a package. This has a number of
problems when the headers are not identical or different
install flags were used.
To mitigate this, a '--reinstall' option was added that made rpm
use an erase element in this case.
This commit takes this one step further by changing the code to also
use an erase element in the --upgrade case. The code is mostly simpler,
but we need a different implementation for commit fd40d58efa, as we now
have erase elements both for --reinstall and --upgrade. Thus we
need to store the addop in the transaction element.
The commit does not change the behaviour of 'rpm --install'.
|
|
|
|
|
| |
This is of course an API change, but we're breaking API in a bunch of
other places in this cycle too so...
|
|
|
|
|
|
| |
The original file capability verification in rpm incorrectly assumed
empty capabilities equals no capabilities, now we differentiate
between the two and report it in verification. Related to #585.
|
|
|
|
|
| |
Introduced in commit 591f95a849776aba2a6a9e42fbdd27754a2818b0: unlike
rpmfiFN(), rpmfilesFN() returns alloced data and thus needs to be freed.
|
|
|
|
|
|
|
| |
The file verification logic wrt directory symlinks needs to match that
of fsmVerify(), which wasn't really the case. This should've been in
commit d3fae43615f4e925e21fd12a96974a85542f13b9, and thanks for Michael
Schroeder for this one too.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Looks like a regression on first sight but it's actually just an ancient
bug unearthed by commit bb27f9fffa8e557b931314523473ed782b86cc97 - this
can only happen now that we actually are verifying %ghosts:
%ghost and %missingok files would still cause verify to return an error
code although no output for them was shown.
It's tempting to filter RPMVERIFY_LSTATFAIL on %ghost/%missingok in
rpmfilesVerify() already but then we couldn't report them as missing
in verbose mode. So instead just filter them out in verifyHeader()
after generating output.
|
|
|
|
|
|
|
|
| |
These are common in all cli operation, hiding them in "query flags" under
yet another (or actually two, QUERY_DIGEST / VERIFY_DIGEST etc) different
names and then translating back to internal vsflags everywhere doesn't
make anybody's life easier. No functional changes from cli point of view,
any theoretical API users will need changes of course.
|
|
|
|
|
| |
I doubt it was ever used outside rpm itself so probably nobody notices,
in any case it's trivial to port to the new APIs instead.
|
|
|
|
|
| |
Per-file verify flags are their own distinct set of things, splitting
them off makes things clearer and will eliminate need to duplicate stuff.
|
|
|
|
|
|
|
|
|
|
|
| |
Since it comes at very nearly zero cost now, support include-filtering
(--configfiles etc) for verify too.
The actual functionality is little more than a single if-continue
in the verify code, what unfortunately makes this commit so "big" is
rearranging the popt tables to have separate file selection options
table that is common for both query and verify, plus update the
manual to reflect that, plus testcases for the functionality.
|
|
|
|
|
|
| |
No functional changes, just an API break in the practically unused
cli-department. Of course wouldn't be worth the breaking unless there
was a benefit, which will come in later commits.
|
|
|
|
|
|
|
|
|
| |
This can be used to differentiate files that are not natural parts of
packages but created as by-products of our processing so they're easy
to filter out of queries.
Possible candidates include build-ids, byte compiled files etc, but this
nothing is automatically marked as artifact in this commit.
|
|
|
|
|
|
|
|
|
|
|
| |
These are not transaction members in the traditional sense as they
simply represent a package that is in the rpmdb and cannot actually
be members of a transaction set (at least not currently). But packages
from the rpmdb can and do participate in the transaction in the form of
triggers and file triggers, and abusing TR_REMOVED for the purpose is
just that - abuse.
This is not supposed to actually change any behavior though.
|
|
|
|
|
|
|
| |
No need for the separate accessor calls now, just use the data from
the stat struct from rpmfilesStat(). No functional changes, but this
depends on commit b7f6ad39195442ec53b7f8453aae4499a63bc311 to get the
size right.
|
|
|
|
|
|
| |
Casts from the past are not needed when we use mode_t for dealing
with this data to begin with. In addition, use the standard S_IFMT
macro for file type masking instead of hardcoded hex value.
|
|
|
|
|
|
|
|
|
|
| |
Lose the duplicate detection introduced in commit
348eea3a4151b1dbe6f9976ef50cd7ba3820fa79 which was a bit controversial,
and outside rpm's jurisdiction. Instead grab all the relevant file data
in through rpmfilesStat(). Simplifies things a good deal without really
losing anything, multiple user/groupnames will still be handled correctly
as long as they can be resolved to the same id via the normal means.
So from rpm's POV no functional changes, just 40 lines less goo...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only follow directory symlinks owned by target directory owner or root
during verification to match the behavior of fsmVerify() in the new
CVE-2017-7500 world order.
The code is klunkier than it should and the logic should use common code
with fsmVerify() instead of duplicating it here, but that needs more
changes than is comfortable to backport so starting with this.
Also worth noting that the previous "follow the link" logic from
commit 3ccd774255b8215733e0bdfdf5a683da9dd10923 was not quite right,
it'd fail with RPMVERIFY_LSTATFAIL on a broken symlink when it should've
ran verification on the symlink itself. This behavior is fixed here too.
Finally, once again fakechroot gets in the way and forces the related
verify testcase to be changed to be able to create a valid link. Reuse
the replacement testcase for the purpose and add another case for
verifying an invalid link.
|
|
|
|
|
|
|
|
|
|
|
| |
We only have a disabler for %ghost files ATM but that doesn't mean
the actual code can't be generic, the logic is actually much clearer
this way (especially compared to the to-negate-or-not-to-negate
fun on verify side)
One might envision a generic way to set filters via a cli argument to
go with this, eg --noattr=cd to skip documentation and configs,
or --noattr=g as an alias to --noghost.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Verify has "always" accepted --noghost as an option but it's always
been broken too, the --noghost option used to *clear* the bit on
qva_fflags, bit which nothing set in the first place. When you
test that bit for enabling verify on ghosts, chances are the ghosts
remain ethereal...
That was until commit efd696d32d343b82832dd9e4aee992bff8e64ad0 fixed
the bit clear to set to make --noghost work on queries, but hardwired
the verify code to no ghosts. Wtf?
So... after 15 years of existence (commit
60977b6c27aca83d1c15deef2e4f759268308075) and somewhat colorful
history, lets make it work and document it too. qva_fflags is supposed
to be a "filter out if matching attribute in file" bitfield but its been
kinda hard to tell when there was one example left which had it the wrong
way around. The original commit has two more examples where the bit setting
is right but disabled with "ifdef NEVER" ... since removed.
|
|
|
|
|
|
|
|
| |
Replace manually maintained yet-another-return-code with an
"all failures" variable and base the actual return code on that.
It's tempting to use just one verify result variable but that'd be
wrong because of the shared file mtime filtering.
No functional changes intended.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Turn rpmVerifyFile() into indexed rpmfilesVerify() method but
drop the unnecessary double return code which also "fixes" the
oddball argument order where return value is not last, add
thin wrapper for rpmfi iteration. Mark rpmVerifyFile() deprecated
due to the strange calling conventions and unused arguments.
Leaving the code in verify.c to make it clearer what changed, looks
a bit out of place but doesn't matter as it doesn't need access
to rpmfi(les) internals.
Verification functionality as such is supposed to be unchanged by this.
|
|
|
|
|
|
|
|
|
|
| |
Use a local helper variable for collecting verification results,
arrange a single exit point for the function and base the return
value on the verify result to make it clear what the return code
actually means. As a sort of side-effect its now legal to call
rpmVerifyFile() with NULL res, not that it makes a whole lot of
sense to do so since all the interesting stuff is there. But useful
for next refactoring steps...
|
|
|
|
|
|
|
| |
The size is likely to be wrong anyhow but if we can't read the file
then any correction is likely to be more wrong than the original value.
While at it, eliminate an unnecessary function-level temporary
variable used for this one purpose only.
|
| |
|
|
|
|
|
|
| |
- An unforced installation must not cause verification failures - we
permit directories to be replaced by directory symlinks during
install so we need to do the same in verify too.
|
|
|
|
|
|
|
|
|
|
| |
- When duplicate user/groupnames or UID/GIDs are present, data can be
inconsistent depending on which way the id/name lookup is done.
Reporting an error when neither the file ownership or the related
user/group entry was changed on the system seems wrong, so try
to do better... Look up the data both ways and only fail the
verification if data from both is wrong, but warn about duplicates
on inconsistent results.
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Unlike other file states, replaced state is always a forced one
and thus a likely problem. Always report replaced files in verify
output by appending the state to the verify line, similar to
strerror() for unexpected errors. In verbose mode, report all
non-normal file states.
- Like any output change, this can potentially break user scripts but
at least this way the breakage should be minimal as regular output
does not change, and similarly appended error strings have been
present since 4.4.x days.
|
|
|
|
|
|
|
|
|
|
|
| |
- Verifying files against the originating, non-installed package can
be useful sometimes, eg if rpmdb is broken or cannot be trusted.
Of course such verification will give false positives on files that
were intentionally skipped during installation (nodocs, wrong color,
netshared...), that can't be helped.
- This restores the former behavior that was erroneously changed
in commit adbd484372cb38aca5aca3c6dba3b2ca9cae93d1 while "fixing"
an unhandled enumeration in the switch. Doh.
|
|
|
|
|
|
|
|
|
|
| |
- Commit ac0ab016a5ec31e65eb0c0910a5a6f1199aae3e7 unintentionally
changed the order of the problems shown in verify strings due to
a dumb oversight (greetings to self, duh). In other words, this
fixes a verify output regression in rpm >= 4.9.x by restoring
the long-standing (and documented) order of the verify output chars.
- Also fix the testcase which unfortunately was only added after
the output-changing commit so it didn't catch the breakage either :-/
|
|
|
|
|
|
|
|
| |
- Add NULL checks and add/adjust comments where appropriate.
- The remaining callers should handle NULL fi gracefully if not
entirely correctly: rpmfiFC() returns 0 on NULL fi, so these
callers just see the erronous file info set as "no files" case.
Something to fine-tune later...
|
|
|
|
|
|
|
|
| |
- Return error from verifyscript if rpmteNew() fails. This can't
currently happen but handling this error makes it possible to
do sanity checks on the header contents, such as file list integrity etc.
Unlikely to occur for installed packages, but verify can be run
on non-installed packages as well, where failure is more of a possibility.
|
|
|
|
|
|
|
| |
- The common pattern here is grabbing current flags to a local
variable, modifying them for an operation and then restoring,
which is fine... but we dont care about the previous flags
when we're restoring them.
|
|
|
|
|
| |
- Remove NULL-assignments of local variables at the end of scope
in "cli-level" code
|
|
|
|
|
|
|
|
|
|
| |
- Verification from non-installed packages can be useful sometimes:
http://lists.rpm.org/pipermail/rpm-maint/2011-May/003015.html
- %verifyscript is unlike all other scriptlets so might as well
take some shortcuts and bypass rpmteProcess() & all, just
create a lone rpmte, force the header we got and call rpmpsmRun()
directly on it, bypassing rpmteProcess() which is only an
unnecessary complication here (based on patch by Michael Schroeder)
|
|
|
|
|
|
|
|
|
| |
- Non-regular files mostly share the same unverifiable properties,
no point in listing all the cases separately. Links are a notable
exception in that they're different from everything else, handle
that separately.
- Also clean up other formatting: wrap lines at a better point +
avoid multiline-comments when single line suffices.
|
|
|
|
|
|
|
|
|
| |
- We can't verify any properties of replaced files, but we can and
should still see if it exists at all.
- Files skipped due to wrong color are supposed to share some of
the attributes with the file that got actually installed, such
as permissions and whether it exists at all. Verify what we can
instead of silently ignoring.
|
|
|
|
|
|
|
|
| |
- We'll want to unify this and the similar caching done in librpmbuild,
so we need to expose these in the ABI at least, rename to get
them namespaced and use a separate source module (again) as
this is a pretty distinct functionality.
- This would really belong to librpmio but leaving here for now...
|
|
|
|
|
| |
- In all these cases the value comes from a non-enum source so
just use an int instead
|
| |
|
|
|
|
|
|
|
|
| |
- Shuts up couple of "not in enum" complaints from gcc, and actually
"no state" is a perfectly valid state for one case: non-installed
packages (so remove the "not valid" comment from formats.c)
- OTOH, this created a new complaint for not handled case in a switch.
Oh well, fix it up too...
|
|
|
|
|
| |
- Verify scriptlet failures were only logged but didn't reflect error
codes as they were considered "warn only" along with most others
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Technically this changes the rpmcliQuery() and rpmcliVerify() API
in the sense that we no longer honor the qva->qva_flags for the
--nosignature and others, but we assume anybody using these (as if
anybody was using the "cli" API) uses rpmcliInit() which takes
care of these common bits... shrug.
- Ditch ancient and hidden --nopgp --nogpg switches along with the
dishwater which are simply alias to --nosignature.
- Eliminate now unused qva_flags from rpmInstallArguments (along with
a double vsflags goo from rpmgraph)
|
| |
|
|
|
|
|
|
| |
- Eliminates some copy-paste slopping. Verify code traditionally only
shows the first attribute, take care to keep that format to avoid
breaking scripts unnecessarily
|