| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
We've removed a tonne of obsolete APIs in this release so...
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These are obviously the long lost uninstall-time counterparts of
%pretrans and %posttrans.
%preuntrans is easy but %postuntrans is the reason this hasn't been
implemented so far: by the time it's supposed to execute, the header will
be gone. Work around this by allowing the rpmte to hold on to its header
if it has a %postuntrans scriptlet.
Cheapskate on transaction flags and reuse pre/posttrans flags for these
uninstall counterparts too, adding separate flags and disablers just
doesn't seem worth it, especially as we're quite short of free bits.
Fixes: #2119
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create a new optional UpstreamReleases tag that allows to specify an URL
of the location, where the source code could be downloaded. In
contrast to the URL part of the Source tag, this is intended for
the referrer of the sorce code, e. g. download top dir or the
sub-page of the web that contains references to the source files.
Third party tools or the package maintainer can use this tag and
find the latest version of the source code.
Co-authoredby: Florian Festi <ffesti@redhat.com>
|
|
|
|
|
|
| |
Create a new optional TranslationURL tag that allows to specify URL
for translators. Third party tools can visualize it and motivate
people to translate.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The trend of packaging is to hide more and more of what actually happens
behind helper macros and other dynamically generated constructs. While
this is mostly a good thing, it makes understanding and postmortem
analysis harder than it should be. Add the spec in its parsed and
expanded form into the src.rpm header to make the actual contents of the
build more trackable.
It can be argued this does not belong in the header and should be in
payload instead, my rationale for the placement is that this way the
payload remains effectively arch independent, whereas the header already
heavily reflects the particular environment where it was built.
Probably worth noting that %setup and %patch built-in macros are not
properly expanded in the stored spec, but that's a separate issue
related the special way %prep is processed.
Fixes: #1241
|
|
|
|
| |
There are added interfaces but none removed, so no soname bump needed.
|
|
|
|
|
| |
The new tag returns src/nosrc instead of the build architecture of
(no)source packages.
|
|
|
|
| |
We've only added APIs so no soname bump required.
|
|
|
|
|
|
|
|
| |
If $TAPE is set tar uses the tape drive instead of stdout as default.
The rpm2archive test assumed that tar will just use stdout no matter what.
Force this behaviour per command line option.
Resolves: rhbz#1902844
|
|
|
|
|
|
| |
Test that the shared objects created during compilation matches the
expectations of the person bumping the libtool version, which is oh
so easy to get wrong. This of course needs to be skipped for static builds.
|
|
|
|
|
|
| |
Make sure we pass the checks with the new tags in place.
Signed-off-by: Jes Sorensen <jsorensen@fb.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During build, also calculate a digest for the uncompressed payload data
and add to packages. On verify side this is equivalent to the existing
payload digest (through sharing the same disabler), which allows
either one to be used for verification. This means deltarpm and similar
don't need to recompress the data which is both expensive and error-prone
due to minor differences in compressed stream despite the actual data
being identical.
Add a testcase for the basic behavior and update other test output
expectations where necessary.
|
|
|
|
| |
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
| |
|
|
|
|
|
| |
Tag can be set with a ModularityLabel: statement in the spec file preamble or
via the modularitylabel macro
|
|
|
|
|
|
|
|
|
|
|
| |
SHA1 has been getting a bit long in the tooth for many years by now,
add a more modern digest to eventually supplant it, for now just
prefer SHA256 over SHA1 if present when verifying. Using a hardwired
algorithm instead of configurable one to keep things on the simple
side when dealing with the signature header.
Signing could add the new digest for older packages but we don't do
that to avoid surprises when people are signing older packages.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There needs to be a way to verify the payload before trying to uncompress
and unpack it:
- We have digests on the contents of individual files, but detecting
corruption in middle of installation, after all sorts of scripts might
have already run, is no good at all
- Compresssion libraries have vulnerabilities of their own
- The RPMv3 digest covering the payload is the obsolete MD5, and furthermore
it covers the header AND the payload, which is extremely cumbersome
to begin with but also vulnerable because it's in the unprotected
signature header.
This adds two tags: one for the actual digest, and another for the
algorithm, much like with filedigests. The digest tag is specified
as a string array to leave room for future expansion: the idea is
that there could be intermediate snapshots over the payload, and
the last one is always on the entire payload, so an array of just
one is compatible with this specification.
Getting the digest into the main header is fairly complicated since the
package format on-disk is exactly in the opposite order of how we need
to write things there, add a lenghty comment to writeRPM() to explain.
The MD5 digest needs to die, really - it forces a second read over
the entire header + payload for what is practically worthless hash.
Note that there's no code to actually verify this digest at the moment,
nor is there a way to configure the used algorithm, SHA256 is used as the
default for now.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds rpmtags for file signatures and their length, so they
can be stored in the package header.
Changelog:
- update rpmtag values (rebase error) - Mimi
- fix test case 0004 - Florian
- update rpmtag values again - Fin
[lkardos@redhat.com: tag numbers was changed in order not to conflict]
Signed-off-by: Lubos Kardos <lkardos@redhat.com>
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- This adds brutally simple utf-8 validation to spec parse & package
construction: all string-class tags in headers are checked regardless
of other tag semantics.
- Parse-time validation is optional via RPMSPEC_NOUTF8
flag, but package construction time is required as we want to
stomp RPMTAG_ENCODING to all packages that pass. What is always
optional is whether non-valid utf-8 strings fail the build, defaulting
to off (but distros probably want to enable it)
- Note we dont give a damn about the spec itself, only what ends up in
packages: strings can come from numerous other sources than spec
directly, and OTOH who cares if eg spec comments are non-utf?
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- The basic concept is not without merit but what was implemented here
has been stuck in experimental state in middle of two sorta conflicting
goals for four years now, and world has moved onward in the meanwhile.
The sepolicy part is better handled in the new selinux plugin, and other
action business belongs to packages (in the form of some trigger-like
scripts or such) rather than rpm plugins.
- Deleted here, but the sepolicy plugin functionality still needs
merging into the new selinux plugin...
- RPMTAG_COLLECTIONS left in place but tagged unimplemented as per policy
to never actually remove tags
|
|
|
|
| |
This allows reading packages with SUSE's old style weak dependencies
|
|
|
|
| |
RPMTAG_ENHANCENEVRS extension tags
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
- The current method that --requires and friends use is kinda
cumbersome and outputs extra whitespace for dependencies which
dont have flags+version attached. Adding extensions for this
is likely to be easier than teaching query formatting to
permit conditionalizing on current value instead of just tag existence.
|
|
|
|
|
|
|
| |
- For a more consistent experience wrt all the state-awareness stuff,
this needs to be easily querifiable too.
- Also makes the tagnames kludgery from commit
cac8c389607d7a5735b2905035fdfe4404670d06 unnecessary
|
| |
|
|
|
|
|
| |
- Remove duplicate --version checks (doh) and some commented out
build tests that are unlikely to ever be implemented in reality
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add support for new "OrderWithRequires: foo" spec syntax
which has "if and only if foo is present in transaction, order
the transaction as if this package required foo" semantics.
While it looks, and in some ways is, a soft dependency, this
is not the same as recommends/suggests etc: those have unknown
depsolver policy dependent semantics attached to them, whereas
ordering hints have a clear definition and is only relevant for rpm
itself, depsolvers should not even look at the data.
- This allows packages to express correct ordering for optional
functionality, such as
%post
if [ -x %{_bindir}/register-component ]; then
%{_bindir}/register-component %{name}
fi
If the package containing %{_bindir}/register-component is included
in the same transaction, it makes sense to have it installed before the
package(s) that use it. But as it is fully optional, Requires would
not be appropriate. Using OrderWithRequires allows this to be expressed
without dragging in extraneous dependencies for optional functionality.
|
|
|
|
|
|
|
|
|
| |
- This is a bad "API" for verification, it can't be controlled and
causes heavy IO where one would not expect it. Getting rid of it now
before anybody starts relying on it...
- Leaving :fstatus format extension alone however, it's at least harmless
and produces a more predictable output than :vflags extension so it
might be actually useful in scripts.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Spec files have a lot of metadata about a project. However one of the
most key components is the upstream version control system which was
notably lacking.
Resolve this by adding a "VCS" key. There is no specification
for contents of this key, given that the set of version control
systems (and features thereof) are not well-defined. However,
recommendations are:
* git: This URL should be in a form that can be passed to "git clone",
with the additional feature that an optional fragment identifier "#foo"
denotes a branch or tag.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The %sepolicy section is used to describe SELinux policy to be included
in a package. It's syntax is similar to other sections (%files, %pre,
%post, etc.) in that you can provide a string and -n after the
declaration to specify policy should be added to a subpackage.
For example:
%sepolicy
# policy in this section will be added to the main package
%sepolicy foo
# policy in this section will be added to the '<mainpackage>-foo' subpackage
%sepolicy -n bar
# policy in this section will be added to the 'bar' subpackage
The %sepolicy section contains zero or more %semodule directives, with the
following format:
%semodule [OPTIONS] path/to/module.pp
The available options are:
-b, --base
The module is a base module
-n, --name=NAME
The name of the module. If not given, assumes the name is the basename of
the module file with file extensions removed.
-t, --types=TYPES
One or more comma-separated strings specifying which policy types the
module can work with. To explicitly state that a module can work with any
policy type, "default" can be specified as the value. If not specified,
assumes the module can work with any policy type, and assigns the types as
"default".
Below is an example of this new format:
%sepolicy
%semodule -n foo -t mls policy/foo.pp
%semodule -n bar -t strict,targeted,mls -b policy/bar.pp
This also adds new header tags to store the new information:
RPMTAG_POLICYNAMES (string array)
RPMTAG_POLICYTYPES (string array)
RPMTAG_POLICYTYPESINDEXES (uint32 array)
RPMTAG_POLICYFLAGS (uint32 array)
The index of NAMES and FLAGS maps directly to the index of RPMTAG_POLICIES.
However, because a single policy can have multiple types, the mapping for
TYPES is not direct. For this, the index maps to TYPESINDEXES, which
contains the index of the policy that the type maps to. This is similar to
how DIRINDEXES is used to map DIRNAMES and BASENAMES. As an example, the
previous %sepolicy section would have the following header tags:
RPMTAG_POLICIES:
0: <foo.pp data, base64 encoded>
1: <bar.pp data, base64 encoded>
RPMTAG_POLICYNAMES:
0: foo
1: bar
RPMTAG_POLICYFLAGS:
0: 0
1: 1 # assumes flag 1 == BASE
RPMTAG_POILCYTYPES: RPMTAG_POLICYTYPESINDEXES:
0: mls 0: 0
1: strict 1: 1
2: targeted 2: 1
3: mls 3: 1
|
|
|
|
|
| |
This adds a new Collections preamble tag, which contains a space separated list
of collection names that the package belongs to.
|
|
|
|
|
|
|
|
| |
- Permits basic file verification with just a headerGet(), with some
caveats: there's no way to control which attributes get verified,
and there's no filtering of mtime differences of shared files. Those
aside, rpm -q --qf "[%{filestates:vflags} %{filenames}\n] <args>" now
performs the same as "rpm -V --nodeps --noscripts <args>"
|
|
|
|
|
| |
- RPMTAG_CAPABILITY and RPMTAG_RHNPLATFORM are truly obsolete and
should've been taken out a long time ago
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add per-scriptlet type flag tags to control special behavior.
- Add rpmlib dependency on scriptlet expansion - if a package relies
on scriptlet expansion it cannot be correctly installed with
a version of rpm that doesn't support it.
- Expansion is always an opt-in behavior, enabled with -q and/or -e argument
in spec. We can't just blindly expand even macros as there's no telling
%{} constructs might mean in whatever language is used for the script.
- Queryformat expansion requires great care with strange and ugly escapes
when writing scriptlets, but OTOH it permits access arbitrary header
data at runtime, which has previously been completely impossible.
- The handling of these expansions needs unifying for all scriptlet types,
the trigger scriptlet handling is uuugly. Macro expansion could be
transparently done from rpmScriptRun(), but because of their similar
syntax, macro expansion needs to happen before query format expansion,
and we dont have the header available in rpmScriptrun()
|
| |
|
|
|
|
|
| |
- return RPMTAG_EPOCH but convert non-existent epoch to 0, as rpm internals
treat it
|
|
|
|
| |
- hack to permit different query formatting based on rpm's verbosity level
|
|
|
|
|
| |
- use common numeric tag generation helper for header color
and dbinstance tags
|
|
|
|
| |
- RPMTAG_NVRA same as rpm5.org, others are new tags
|
| |
|
|
|
|
| |
- should've been in commit 86032bfbb61f1bdee9ac42989a14ea40bed0deec, duh
|
|
|
|
| |
- just initial groupings to have something there..
|
| |
|