-
Notifications
You must be signed in to change notification settings - Fork 372
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exempt src.rpm packages from file signature business #3470
base: master
Are you sure you want to change the base?
Conversation
Should be fixed now, based on the above discussion. Note that I'm not a huge fan of the additional |
Argh, what a strange CI failure, looking now... |
A silly memory leak in my code! Fixing now... |
... aaand fixed. |
This shouldn't normally happen but rpmtsPlugins() does return NULL when the passed transaction (ts) is NULL. Handle that in the plugin hooks and other utility functions so that we don't try to dereference a NULL pointer in such a case. This is also useful for the next commit where we'll make this into a deliberate case.
Source packages aren't really "installed", just unpacked, and plugins are by design meant for transactions, so disable the tsm/fsm/psm and scriptlet hooks for those. Note that the init and cleanup hooks will still run, those are supposed to only do reversible actions such as opening and closing files, and we wouldn't avoid them if there was a binary package supplied on the rpm -i command line anyway. This fixes, in particular, src.rpm installations done by a regular user (a common case) on systems with a plugin that requires root privileges, such as the ima plugin, which would otherwise cause a spurious warning or even failure (see RhBug:2316785). Extending rpmtsPlugins() here would be nicer but it's public API so just add a static wrapper. Reuse the plugin development test, we don't have anything better at the moment and it does the job well.
File signatures make no sense in source packages as they don't ship binaries to be installed on the target system, they're just fancy archives unpacked into %_topdir for packaging purposes. Disable the respective flags when processing a src.rpm and log a debug message as a heads-up, but don't skip the rest, header signatures are still relevant for source rpms, as is the deletion of existing file signatures.
Don't add file signatures to source packages and if they happen to be present (i.e. built with an older rpm version), ignore them when unpacking (by not running plugins at all for source packages).
AC (taken from original bug):