IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This should affect dependencies only when no contents_index_bin is available.
After "APT-freindly" logic was introduced, host-system lookup always yields
file paths, but we want package names (except for alternatives etc.).
(old behaviour)
$ sh -c '. /usr/lib/rpm/find-package; FindPackage script perl'
/usr/bin/perl
$
(new behaviour)
$ sh -c '. ./scripts/find-package.in; FindPackage script perl'
perl-base
$
$ less alterator-install-common-desktop-0.11-alt1.i586.rpm |grep help
-rwxr-xr-x 1 root root 972 Oct 30 18:38 /usr/share/alterator/help/ru_RU/basesystem.html
-rwxr-xr-x 1 root root 340 Oct 30 18:38 /usr/share/alterator/help/ru_RU/kbd.html
-rwxr-xr-x 1 root root 2233 Oct 30 18:38 /usr/share/alterator/help/ru_RU/license.html
-rwxr-xr-x 1 root root 1280 Oct 30 18:38 /usr/share/alterator/help/ru_RU/lilo.html
-rwxr-xr-x 1 root root 3032 Oct 30 18:38 /usr/share/alterator/help/ru_RU/network.html
-rwxr-xr-x 1 root root 4840 Oct 30 18:38 /usr/share/alterator/help/ru_RU/packages.html
-rwxr-xr-x 1 root root 1928 Oct 30 18:38 /usr/share/alterator/help/ru_RU/root.html
-rwxr-xr-x 1 root root 1387 Oct 30 18:38 /usr/share/alterator/help/ru_RU/time.html
-rwxr-xr-x 1 root root 1223 Oct 30 18:38 /usr/share/alterator/help/ru_RU/user.html
-rwxr-xr-x 1 root root 11024 Oct 30 18:38 /usr/share/alterator/help/ru_RU/vm.html
-rwxr-xr-x 1 root root 1789 Oct 30 18:38 /usr/share/alterator/help/ru_RU/x11.html
lrwxrwxrwx 1 root root 31 Oct 30 18:38 /usr/share/alterator/help/ru_UA -> /usr/share/alterator/help/ru_RU
$
%files ...
%_datadir/alterator/help/ru_RU/*
%_datadir/alterator/help/ru_UA
The package referes ru_RU directory but does not own the directory.
Old behaviour: unmet dependency.
> alterator-icons-lite-0.4.0-alt1 Requires(rpmlib) rpmlib(PayloadFilesHavePrefix) <= 4.0-1
> +alterator-install-common-desktop-0.11-alt1 Requires /usr/share/alterator/help/ru_RU
> alterator-install-common-desktop-0.11-alt1 Requires alterator-autoinstall
New behaviour: though the package does not explicitly own the directory,
it has some files packaged under the directory. Because of this, ru_UA
symlink will not be broken after install. We chose to be forgiving:
symlinks.req: WARNING: /usr/src/tmp/alterator-install2-desktop-buildroot/usr/share/alterator/help/ru_UA: directory /usr/share/alterator/help/ru_RU not owned by the package
This will also check if the link is not owned by any package,
but the path is provided by some package.
$ rpm -qf /usr/bin/python
warning: file /usr/bin/python is not owned by any package
$ rpm -q --whatprovides /usr/bin/python
python-base-2.4.4-alt13
$
This looks very much like an alternative, ESPECIALLY if an intermediate
path component, which is a link to directory (python is not the case).
This new condition is disabled, only a warning is issued.
We'll see if it should be enabled.
Note that alternative path may also require non-blind canonicalization (in
very pathological cases), for which I also use CanonPath.
(old behaviour, wrong)
$ sudo ln -s share /usr/bare
$ sh -efu -c '. scripts/find-package.in; FindPackage script /usr/bare/libtool/config.guess'
/usr/bare/libtool
sh: script: alternative /usr/bare/libtool prevents /usr/bare/libtool/config.guess dependency resolution
$
(new behaviour, good)
$ sh -efu -c '. scripts/find-package.in; FindPackage script /usr/bare/libtool/config.guess'
/usr/share/libtool
sh: script: alternative /usr/share/libtool prevents /usr/bare/libtool/config.guess dependency resolution
$
Some examples.
1)
$ sh -efu -c '. scripts/find-package.in; FindPackage script /usr/share/libtool'
/usr/share/libtool
$ sh -efu -c '. scripts/find-package.in; FindPackage script /usr/share/libtool/'
/usr/share/libtool
$
This shows that alterntaives check is no longer restricted to deficient
readlink "$rep" |grep '^/etc/alternatives/'
logic. Old behaviour was:
$ sh -efu -c '. /usr/lib/rpm/find-package; FindPackage script /usr/share/libtool'
/usr/share/libtool
$ sh -efu -c '. /usr/lib/rpm/find-package; FindPackage script /usr/share/libtool/'
sh: script: checking contents_index_all for /usr/share/libtool-1.5
sh: script: /usr/share/libtool-1.5 -> libtool_1.5 (via contents_index_all)
libtool_1.5
$
2)
$ sh -efu -c '. scripts/find-package.in; FindPackage script /usr/share/libtool/../autoconf'
/usr/share/autoconf
/usr/share/libtool
$
This shows that any number of alternatives can be resolved within a single path.
3)
$ sh -efu -c '. scripts/find-package.in; FindPackage script /usr/share/libtool/config.guess'
/usr/share/libtool
sh: script: alternative /usr/share/libtool prevents /usr/share/libtool/config.guess resolution
$
This shows that we cannot resolve paths under alternatives directory.
4)
$ sh -efu -c '. scripts/find-package.in; FindPackage script /usr/share/libtool/../../bin/perl'
/usr/share/libtool
perl-base
$
This shows that we actually CAN resolve paths which are not under alternatives directory.
This is to address a few problems:
1) When checking RPM_BUILD_ROOT, st_mode test performed by /usr/bin/which
is not quite reliable. Files can be packaged with different %attr mode.
2) When checking RPM_BUILD_ROOT, there could be symbolic links there
which are (not-so-) broken.
3) When checking host system, files like /sbin/init (which is 0700)
are effectively bypassed by /usr/bin/which.
4) There's an ongoing practice of placing shell function libraries
under /usr/bin, e.g. /usr/bin/git-sh-setup. These files are sourced
from within shell scripts and need not be executable at all.
This leads me to the point that permission check, which is performed by
/usr/bin/which, is not needed at all. Note that things are getting more like
contents_index_bin search. And for RPM_BUILD_ROOT, we do not even require
strong stat-wise file existence.
I like this new term: "strong stat-wise file existence".
It's awesome.
There are two possibilities for protection:
1) we should protect at least from very evil shell metacharacters,
like [$*], and also from [:cntrl:] (e.g. newline).
2) we can provide an exhaustive list of characters that are valid
for non-evil pathnames and commands, and issue mandatory warning
if the command or path appears to be evil.
I chose the latter approach.
Valid character range is 'A-Za-z0-9/@=.,:_+-'.
Note that (almost) all files from our base build system
are valid paths:
$ valid='A-Za-z0-9/@=.,:_+-'
$ hsh-run -- rpm -qal |grep "[^$valid]"
/usr/bin/[
/usr/share/man/man1/[.1.bz2
(contains no files)
(contains no files)
$
Later we'll see if the range of valid characters needs to be extended.
I see that this can add SOME problems if e.g. /usr is relocated
to /storage/usr in the build environment. This is because CanonPath
follows symlinks for dirname.
But I argue that it is safe for hasher, and it fixes some problems
with contents_index search which is used only in the hasher (by default).
I also argue that, even if /usr is relocated, this is not going to be a BIG
problem, because it is not going to produce unmet dependencies (well, most
of the time). This is because 'rpm -qf' will work as expected in that screwed
build environment.
