unpacker: Error out when trying to install RPM in /usr/local

This came up with `https://developer.download.nvidia.com/compute/cuda/repos/rhel7/x86_64/cuda-license-9-0-9.0.176-1.x86_64.rpm`. Reported by @dustymabe on IRC. Closes: #1090 Approved by: jlebon
2017-11-07 17:10:10 -05:00 · 2017-11-07 17:10:10 -05:00 · 94a1776fe7
commit 94a1776fe7
parent 407bfd5bc1
2 changed files with 15 additions and 3 deletions
--- a/src/libpriv/rpmostree-unpacker.c
+++ b/src/libpriv/rpmostree-unpacker.c
@ -608,7 +608,8 @@ path_is_ostree_compliant (const char *path)
  g_assert (*path == '/');
  path++;
  return (*path == '\0' ||
-          g_str_equal (path, "usr")   || g_str_has_prefix (path, "usr/")  ||
+          g_str_equal (path, "usr")   || (g_str_has_prefix (path, "usr/")
+                                          && !g_str_has_prefix (path, "usr/local/")) ||
          g_str_equal (path, "bin")   || g_str_has_prefix (path, "bin/")  ||
          g_str_equal (path, "sbin")  || g_str_has_prefix (path, "sbin/") ||
          g_str_equal (path, "lib")   || g_str_has_prefix (path, "lib/")  ||
--- a/tests/vmcheck/test-layering-basic.sh
+++ b/tests/vmcheck/test-layering-basic.sh
@ -35,7 +35,7 @@ vm_assert_status_jq \
  '.deployments[0]["base-checksum"]|not' \
  '.deployments[0]["pending-base-checksum"]|not'

-# make sure installing in /opt fails
+# make sure installing in /opt and /usr/local fails

 vm_build_rpm test-opt \
  files /opt/app \
@ -46,7 +46,18 @@ if vm_rpmostree install test-opt-1.0 2>err.txt; then
 fi
 assert_file_has_content err.txt "See https://github.com/projectatomic/rpm-ostree/issues/233"

-echo "ok failed to install in opt"
+# https://developer.download.nvidia.com/compute/cuda/repos/rhel7/x86_64/cuda-license-9-0-9.0.176-1.x86_64.rpm
+# was known to do this.
+vm_build_rpm test-usrlocal \
+             files /usr/local/bin/foo \
+             install "mkdir -p %{buildroot}/usr/local/bin/
+                      touch %{buildroot}/usr/local/bin/foo"
+if vm_rpmostree install test-usrlocal-1.0 2>err.txt; then
+    assert_not_reached "Was able to install a package in /usr/local/"
+fi
+assert_file_has_content err.txt "See https://github.com/projectatomic/rpm-ostree/issues/233"
+
+echo "ok failed to install in /opt and /usr/local"

 vm_build_rpm foo
 vm_rpmostree pkg-add foo-1.0