Commit Graph

953 Commits

Author SHA1 Message Date
Alexey Tourbin
e5f015d831 find-package (FindPackage): fixed shell syntax (D'oh!) 2007-09-12 19:34:01 +04:00
Alexey Tourbin
4eb4ccf490 find-package: fixed Verbose message for contents_index_bin 2007-09-12 19:28:46 +04:00
Alexey Tourbin
2b1c36538f find-package: implemented protection against shell metacharacters and evil paths
There are two possibilities for protection:
1) we should protect at least from very evil shell metacharacters,
like [$*], and also from [:cntrl:] (e.g. newline).
2) we can provide an exhaustive list of characters that are valid
for non-evil pathnames and commands, and issue mandatory warning
if the command or path appears to be evil.

I chose the latter approach.
Valid character range is 'A-Za-z0-9/@=.,:_+-'.

Note that (almost) all files from our base build system
are valid paths:

$ valid='A-Za-z0-9/@=.,:_+-'
$ hsh-run -- rpm -qal |grep "[^$valid]"
/usr/bin/[
/usr/share/man/man1/[.1.bz2
(contains no files)
(contains no files)
$

Later we'll see if the range of valid characters needs to be extended.
2007-09-10 13:32:26 +04:00
Alexey Tourbin
9196764224 pkgconfiglib.req: better error message 2007-08-29 02:19:10 +04:00
Alexey Tourbin
cc20bfa4b1 pkgconfiglib.req: use CanonPath for libdir before rpmquery 2007-08-29 01:59:16 +04:00
Alexey Tourbin
0e085c0a83 pkgconfiglib.req: new pkgconfig.req mode (makes dependencies on Libs)
This will grab libraries from ^Libs: clause and map each library
to rpm dependency, which is typically lib*-devel package.

$ grep ^Libs: /usr/lib/pkgconfig/directfb.pc
Libs: -ldirectfb -lpthread -ldl -lz
$

It works like this:

$ ln -s pkgconfig.req.in scripts/pkgconfiglib.req.in
$ scripts/pkgconfiglib.req.in -v /usr/lib/pkgconfig/directfb.pc
pkgconfiglib.req.in: /usr/lib/pkgconfig/directfb.pc: libdirectfb.so -> libdirectfb-devel
libdirectfb-devel
pkgconfiglib.req.in: /usr/lib/pkgconfig/directfb.pc: libz.so -> zlib-devel
zlib-devel
pkgconfiglib.req.in: /usr/lib/pkgconfig/directfb.pc: libfusion.so -> libdirectfb-devel
libdirectfb-devel
pkgconfiglib.req.in: /usr/lib/pkgconfig/directfb.pc: libdirect.so -> libdirectfb-devel
libdirectfb-devel
pkgconfiglib.req.in: /usr/lib/pkgconfig/directfb.pc: libpthread.so -> glibc-devel (skip)
pkgconfiglib.req.in: /usr/lib/pkgconfig/directfb.pc: libdl.so -> glibc-devel (skip)
$

Some minor problems:

$ scripts/pkgconfiglib.req.in /usr/lib/pkgconfig/*.pc >/dev/null
pkgconfiglib.req.in: /usr/lib/pkgconfig/avahi-qt3.pc: cannot find libavahi-qt3.so library path (skip)
pkgconfiglib.req.in: /usr/lib/pkgconfig/libgdiplus.pc: cannot find libexif.so library path (skip)
pkgconfiglib.req.in: /usr/lib/pkgconfig/valgrind.pc: cannot find libcoregrind.so library path (skip)
pkgconfiglib.req.in: /usr/lib/pkgconfig/valgrind.pc: cannot find libvex.so library path (skip)
pkgconfiglib.req.in: /usr/lib/pkgconfig/valgrind.pc: cannot find libgcc.so library path (skip)
$
2007-08-28 20:40:22 +04:00
Alexey Tourbin
63ac11f82e pkgconfig.req: better diagnostics
(old)
$ /usr/lib/rpm/pkgconfig.req /usr/lib/pkgconfig/gtkextra-2.0.pc
Package gtk+-2.0 was not found in the pkg-config search path.
Perhaps you should add the directory containing `gtk+-2.0.pc'
to the PKG_CONFIG_PATH environment variable
Package 'gtk+-2.0', required by 'GtkExtra', not found
$

(new)
$ scripts/pkgconfig.req.in /usr/lib/pkgconfig/gtkextra-2.0.pc
Package gtk+-2.0 was not found in the pkg-config search path.
Perhaps you should add the directory containing `gtk+-2.0.pc'
to the PKG_CONFIG_PATH environment variable
Package 'gtk+-2.0', required by 'GtkExtra', not found
pkgconfig.req.in: failed to process /usr/lib/pkgconfig/gtkextra-2.0.pc
$
2007-08-28 18:52:13 +04:00
Alexey Tourbin
015636ebda pkgconfig.req.files: check for *" text"* type
$ ls /usr/lib/pkgconfig/*.pc >.1
$ ls /usr/lib/pkgconfig/*.pc |file -NF$'\t' -f - |./scripts/pkgconfig.req.files >.2
pkgconfig.req.files: /usr/lib/pkgconfig/libpng.pc:  symbolic link to `libpng12.pc'
$ diff -U1 .1 .2
--- .1  2007-08-28 18:26:10 +0400
+++ .2  2007-08-28 18:26:13 +0400
@@ -115,3 +115,2 @@
 /usr/lib/pkgconfig/libpcre.pc
-/usr/lib/pkgconfig/libpng.pc
 /usr/lib/pkgconfig/libpng12.pc
$

Remember that symlinks are relevant only for find-requires.
There is no such thing as symbolic links in find-provides.
2007-08-28 18:29:27 +04:00
Alexey Tourbin
c5dd9e98c3 merged pkgconfig.{req,prov} scripts into pkgconfig.req, added install-data-local target 2007-08-28 18:11:26 +04:00
Alexey Tourbin
7b199c08da shell.req: use "file -bL" 2007-08-28 02:12:58 +04:00
Alexey Tourbin
806a7e6491 shell.req: reworked
Now "sh --rpm-requires" failures are always verbose:

$ ln -s /usr/lib/rpm @RPMCONFIGDIR@
$ scripts/shell.req.in /usr/lib/rpm/tcl.req
/usr/lib/rpm/tcl.req: line 32: syntax error near unexpected token `}'
/usr/lib/rpm/tcl.req: line 32: `}'
shell.req.in: /usr/lib/rpm/tcl.req is ${RPM_TCLSH:-/usr/bin/tclsh} script!
shell.req.in: /usr/lib/rpm/tcl.req: invalid pathname ${RPM_TCLSH:-/usr/bin/tclsh}
$ echo $?
0
$

$ scripts/shell.req.in /usr/bin/perldoc
/usr/bin/perldoc: line 6: syntax error near unexpected token `Pod::Perldoc-'
/usr/bin/perldoc: line 6: `exit( Pod::Perldoc->run() );'
shell.req.in: /usr/bin/perldoc: /bin/sh --rpm-requires failed
$ echo $?
1
$
2007-08-28 01:22:46 +04:00
Alexey Tourbin
650b0fc0c1 find-package (FindByPath): use CanonPath before contens_index search
I see that this can add SOME problems if e.g. /usr is relocated
to /storage/usr in the build environment.  This is because CanonPath
follows symlinks for dirname.

But I argue that it is safe for hasher, and it fixes some problems
with contents_index search which is used only in the hasher (by default).

I also argue that, even if /usr is relocated, this is not going to be a BIG
problem, because it is not going to produce unmet dependencies (well, most
of the time).  This is because 'rpm -qf' will work as expected in that screwed
build environment.
2007-08-27 21:27:05 +04:00
Alexey Tourbin
5a5bd82133 scripts/functions: CanonPath: new function (canonicalize each path component except for the last)
This is actually a DWIM-style hack.  It does what we want but I cannot
think of a better name.  The idea is that sometimes we want to clean
up path name, possibly following symbolic links, except for the last
component, which we want to keep as is.

$ sh -c '. scripts/functions; CanonPath /etc/init.d/functions'
/etc/rc.d/init.d/functions
$ sh -c '. scripts/functions; CanonPath /usr/bin/../bin/perl'
/usr/bin/perl
$

So actually it does a few different things: 1) prepend $PWD if needed;
2) cleanup dirname; 3) canonicalize dirname with respect to symbolic links.

Now the question is how to process symbolic links which
targets are directories, e.g. /etc/init.d ?  My answer is that
both "/etc/init.d" and "/etc/init.d/", as well as "/etc/init.d/."
should yield the same result, which is "/etc/rc.d/init.d".
2007-08-27 21:00:00 +04:00
Alexey Tourbin
32909e6a8a 4.0.4-alt78
- implemented modular subsystem for find-requires and find-provides;
  there's no separate doc yet, except for my protva2007-ru-short.pdf;
  see also git changelog, especially commit 9717c128
- improved /usr/lib/rpm/find-package algorithms
2007-08-11 01:19:46 +04:00
Alexey Tourbin
66ed9feb2a find-requires, find-provides: sort each dependency list, and use merge sort at the end 2007-08-11 00:56:43 +04:00
Alexey Tourbin
9175b4190a find-requires, find-provides: removed the reset of unused code, specifically for mono and java
rpm-build-mono has been adapted.
Updated rpm-build dependencies:
	Conflicts: rpm-build-mono <= 1.0

rpm-build-java does NOT include java.req in current sisyphus release
1.0.0-alt1.  I have done some major development for rpm-build-java,
but there is still no consensus about it.
Not updated rpm-build dependencies: nothing to do.
2007-08-11 00:48:49 +04:00
Alexey Tourbin
71c3d7908d find-package (FindByName): in ambigous case, first check if [ path = pkg ] 2007-08-10 16:10:58 +04:00
Alexey Tourbin
bd368155cd find-package (FindByPath): discard rpmquery stderr 2007-08-08 02:54:04 +04:00
Alexey Tourbin
968016ffdc find-package: added description atop 2007-08-08 00:49:48 +04:00
Alexey Tourbin
7c7eccde32 find-package (FindByName): added more comments, for casual readers 2007-08-08 00:28:55 +04:00
Alexey Tourbin
706ff5d5ec find-package: more comments for RPM_FINDPACKAGE_PATH processing 2007-08-07 22:59:50 +04:00
Alexey Tourbin
91b7ebe4c6 find-package: added comments to RPM_FINDPACKAGE_PATH awk script 2007-08-07 22:41:19 +04:00
Alexey Tourbin
c9dbb383f6 find-package: manage verbosity with 'local Verbose' variable
When something goes not as good as we would like, we should
be able to increase verbosity locally for this particular case.

Old behaviour:

$ sh -efu -c '. /usr/lib/rpm/find-package; RPM_PKG_CONTENTS_INDEX_ALL=/etc/passwd FindPackage myscript /bin/cat'
sh: myscript: checking contents_index_all for /bin/cat
coreutils
$

In this example I pretend that /bin/cat lookup failed against
contents_index_all.  The problem here is that, once we know about
a "strange thing" happening, we also want to know the end of the story.
Where does coreutils come from?  That is the question.

New behaviour:

$ sh -efu -c '. /usr/lib/rpm/find-package; RPM_PKG_CONTENTS_INDEX_ALL=/etc/passwd FindPackage myscript /bin/cat'
sh: myscript: checking contents_index_all for /bin/cat
sh: myscript: /bin/cat -> coreutils (via rpmdb)
coreutils
$

When "strange things" happen, I increase verbosity locally,
until the "strange thing" is resolved.  I use 'local Verbose=Info'
approach to increase verbosity.  Since shell has dynamic variables
(with visibility bound to function-call stack), this is just what
we need.

Strange things are:
- in FindByPath:
  + contents_index_all search
- in FindByName:
  + ambiguous contents_index_bin search
    (the same command under e.g. /sbin and /usr/bin)
  + ambiguous /usr/bin/which search (ditto)
2007-08-07 22:17:58 +04:00
Alexey Tourbin
a2090d8dd9 find-package (FindPackage): enhanced path vs. command validation
Also increased verbosity for invalid pathnames and/or commands.
2007-08-07 20:43:02 +04:00
Alexey Tourbin
3f764319ec find-package (FindByPath): enhanced contents_index search
In FindByPath, we should always check contents_index_bin first.
It is not quite expensive, and we make no assumptions which path
entries it may contain (our contents_index_bin, in addition
to standard *bin/ paths, also has /etc entries).

However, if contents_index_bin lookup fails, we may or may
not want to proceed with very expensive contents_index_all
search.  We assume that, if contents_index_bin lookup actually
has take place for some standard *bin/ path, then there is simply
no need to proceed with contents_index_all.

Now we also assume that contents_index_all file can be possibly
gzipped (I use "gzip -cdfq" for "zcat or cat", found in zgrep).

Also increased verbosity (Verbose to Info) for contents_index_all
messages, since it is expensive and it is a means of "last resort"
to finding something strange before giving up, which is quite worth
to note about.

Also increased verbosity for "raw, not found" dependencies,
since they are likely to become unmet.
2007-08-07 19:58:35 +04:00
Alexey Tourbin
60ca916d3b shell.req.in: quote grep arguments with "--"
There's a bug in "sh --rpm-requires" mode:

$ sh --rpm-requires /dev/stdin <<<'exec -a PERL /usr/bin/perl'
executable(-a)
$

Then "-a" is passed to grep as its first argument (search pattern).
2007-08-03 19:04:29 +04:00
Alexey Tourbin
3ed0194c90 find-requires, find-provides: removed ulimit and LD_PRELOAD code 2007-08-03 12:07:58 +04:00
Alexey Tourbin
c1c04912cc Merge 4.0.4-alt77 into mod 2007-08-02 18:56:55 +04:00
Alexey Tourbin
abce94e210 platform.in: removed tcl stuff from %___build_pre (moved to tcl.env in rpm-build-tcl) 2007-08-01 16:49:44 +04:00
Alexey Tourbin
198276caed platform.in: removed tcl macros (moved them into rpm-build-tcl) 2007-08-01 16:45:44 +04:00
Alexey Tourbin
f139f95028 spec: updated dependency on rpm-build-tcl 2007-08-01 16:05:54 +04:00
Alexey Tourbin
e4ac5eca65 find-requires, find-provides: removed perl, python, and tcl stuff 2007-08-01 16:05:26 +04:00
1105a961ca 4.0.4-alt77
- rpmio/macro.c (doFoo):
  Fixed potential buffer overflow in %%homedir macro processing.
- lib/formats.c (i18nTag):
  Fixed potential null dereference on header without RPMTAG_NAME (RH#239557).
- lib/package.c (readPackageHeaders):
  Removed insecure legacy providePackageNVR() call.
- lib/query.c (showQueryPackage):
  Fixed potential null dereference in QUERY_FOR_DEFAULT mode.
2007-05-18 12:47:58 +00:00
8440b43b3c lib/query.c (showQueryPackage): Fix potential null dereference in QUERY_FOR_DEFAULT mode 2007-05-18 00:54:19 +00:00
4c4920e2d8 lib/query.c (showQueryPackage): Check all header strings to resize buffer (CVE-2006-5466, RH#212833)
Backported from rpm-4.4.8
2007-05-18 00:33:44 +00:00
6e81fe8727 lib/package.c (readPackageHeaders): Remove insecure legacy providePackageNVR() call 2007-05-18 00:20:42 +00:00
8a189d448b lib/formats.c (i18nTag): Avoid segfault on header without RPMTAG_NAME (RH#239557)
https://lists.dulug.duke.edu/pipermail/rpm-devel/2007-May/002653.html
2007-05-16 13:20:45 +00:00
20400c24b8 rpmio/macro.c (doFoo): Fix potential buffer overflow in %homedir macro processing 2007-04-11 18:18:01 +00:00
6719c93a11 Merge branch 'master' into mod 2007-04-09 21:17:16 +00:00
36d31bbf3c 4.0.4-alt76
- rpmRunTransactions:
  Ignore unavailable mount points instead of bailing out.
2007-04-09 21:13:58 +00:00
0da910fb46 lib/transaction.c (rpmRunTransactions): Ignore unavailable mount points instead of bailing out 2007-03-29 16:03:42 +00:00
Alexey Tourbin
2635799cae spec: updated dependencies on rpm-build-perl and rpm-build-python 2007-03-28 16:53:56 +04:00
Alexey Tourbin
d55243bd02 platform.in: removed perl macros 2007-03-28 16:52:33 +04:00
a78e49bdb2 Merge branch 'master' into mod 2007-03-27 23:15:44 +00:00
9eb6e27e8a 4.0.4-alt75
- Changed /mnt/* mountpoints handling to behave the same way
  as other mountpoints.
- Fixed support of filesystems with f_bsize==0.
- files.req.list: Added /etc/hooks directory.
2007-03-27 22:43:15 +00:00
94bc3f23e1 scripts/files.req.list: Add /etc/hooks 2007-03-27 22:36:28 +00:00
2aea31a78f lib/transaction.c (rpmRunTransactions): Drop "/mnt" support 2007-03-27 15:41:57 +00:00
8708708cac lib/fs.c (getFilesystemList): Drop "/mnt" support 2007-03-27 15:41:38 +00:00
Alexey Tourbin
85b13554f1 platform.in: moved the reset of python macros to rpm-build-python/python,
except for %__python_version, which is used in rpm-build-python.spec
2007-03-19 14:15:39 +03:00
Alexey Tourbin
0551d4e07e platform.in: removed python from %___build_pre, will be re-added in rpm-build-python/python.env 2007-03-19 13:36:52 +03:00