* [devel] bad paths in rpm packages
@ 2008-03-24 23:07 Alexey Tourbin
2008-03-24 23:13 ` Dmitry V. Levin
` (2 more replies)
0 siblings, 3 replies; 12+ messages in thread
From: Alexey Tourbin @ 2008-03-24 23:07 UTC (permalink / raw)
To: devel
[-- Attachment #1: Type: text/plain, Size: 1331 bytes --]
$ fgrep /../ /ALT/Sisyphus/noarch/base/contents_index |head
/usr/share/php/pear/../pear pear-core
/usr/share/php/pear/../pear/.channels pear-core
/usr/share/php/pear/../pear/.channels/.alias pear-core
/usr/share/php/pear/../pear/.channels/.alias/pear.txt pear-core
/usr/share/php/pear/../pear/.channels/.alias/pecl.txt pear-core
/usr/share/php/pear/../pear/.channels/__uri.reg pear-core
/usr/share/php/pear/../pear/.channels/pear.php.net.reg pear-core
/usr/share/php/pear/../pear/.channels/pecl.php.net.reg pear-core
/usr/share/php/pear/../pear/.depdb pear-core
/usr/share/php/pear/../pear/.depdblock pear-core
$ fgrep /./ /ALT/Sisyphus/noarch/base/contents_index |head
/usr/share/php/pear/./.channels pear-core
/usr/share/php/pear/./.channels/.alias pear-core
/usr/share/php/pear/./.channels/.alias/pear.txt pear-core
/usr/share/php/pear/./.channels/.alias/pecl.txt pear-core
/usr/share/php/pear/./.channels/__uri.reg pear-core
/usr/share/php/pear/./.channels/pear.php.net.reg pear-core
/usr/share/php/pear/./.channels/pecl.php.net.reg pear-core
/usr/share/php/pear/./.depdb pear-core
/usr/share/php/pear/./.depdblock pear-core
/usr/share/php/pear/./.filemap pear-core
$
$ rpmpeek /ALT/Sisyphus/files/SRPMS/pear-core-1.6.2-alt6.src.rpm fgrep /. pear-core.spec
%pear_dir/.*
$
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [devel] bad paths in rpm packages
2008-03-24 23:07 [devel] bad paths in rpm packages Alexey Tourbin
@ 2008-03-24 23:13 ` Dmitry V. Levin
2008-03-24 23:17 ` Alexey Tourbin
2008-03-25 0:05 ` Alexey Tourbin
2008-03-24 23:13 ` Alexey Tourbin
2008-03-24 23:42 ` Alexey Tourbin
2 siblings, 2 replies; 12+ messages in thread
From: Dmitry V. Levin @ 2008-03-24 23:13 UTC (permalink / raw)
To: ALT Devel discussion list
[-- Attachment #1: Type: text/plain, Size: 1653 bytes --]
On Tue, Mar 25, 2008 at 02:07:51AM +0300, Alexey Tourbin wrote:
> $ fgrep /../ /ALT/Sisyphus/noarch/base/contents_index |head
> /usr/share/php/pear/../pear pear-core
> /usr/share/php/pear/../pear/.channels pear-core
> /usr/share/php/pear/../pear/.channels/.alias pear-core
> /usr/share/php/pear/../pear/.channels/.alias/pear.txt pear-core
> /usr/share/php/pear/../pear/.channels/.alias/pecl.txt pear-core
> /usr/share/php/pear/../pear/.channels/__uri.reg pear-core
> /usr/share/php/pear/../pear/.channels/pear.php.net.reg pear-core
> /usr/share/php/pear/../pear/.channels/pecl.php.net.reg pear-core
> /usr/share/php/pear/../pear/.depdb pear-core
> /usr/share/php/pear/../pear/.depdblock pear-core
> $ fgrep /./ /ALT/Sisyphus/noarch/base/contents_index |head
> /usr/share/php/pear/./.channels pear-core
> /usr/share/php/pear/./.channels/.alias pear-core
> /usr/share/php/pear/./.channels/.alias/pear.txt pear-core
> /usr/share/php/pear/./.channels/.alias/pecl.txt pear-core
> /usr/share/php/pear/./.channels/__uri.reg pear-core
> /usr/share/php/pear/./.channels/pear.php.net.reg pear-core
> /usr/share/php/pear/./.channels/pecl.php.net.reg pear-core
> /usr/share/php/pear/./.depdb pear-core
> /usr/share/php/pear/./.depdblock pear-core
> /usr/share/php/pear/./.filemap pear-core
> $
>
> $ rpmpeek /ALT/Sisyphus/files/SRPMS/pear-core-1.6.2-alt6.src.rpm fgrep /. pear-core.spec
> %pear_dir/.*
Надо просто добавить проверку в rpm-build.
Аналогичная проверка на то, что все пути начинаются от корня,
там уже есть. Такие пакеты просто не должны собираться.
--
ldv
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [devel] bad paths in rpm packages
2008-03-24 23:07 [devel] bad paths in rpm packages Alexey Tourbin
2008-03-24 23:13 ` Dmitry V. Levin
@ 2008-03-24 23:13 ` Alexey Tourbin
2008-03-24 23:42 ` Alexey Tourbin
2 siblings, 0 replies; 12+ messages in thread
From: Alexey Tourbin @ 2008-03-24 23:13 UTC (permalink / raw)
To: devel
[-- Attachment #1: Type: text/plain, Size: 1737 bytes --]
On Tue, Mar 25, 2008 at 02:07:51AM +0300, Alexey Tourbin wrote:
> $ fgrep /../ /ALT/Sisyphus/noarch/base/contents_index |head
> /usr/share/php/pear/../pear pear-core
> /usr/share/php/pear/../pear/.channels pear-core
> /usr/share/php/pear/../pear/.channels/.alias pear-core
> /usr/share/php/pear/../pear/.channels/.alias/pear.txt pear-core
> /usr/share/php/pear/../pear/.channels/.alias/pecl.txt pear-core
> /usr/share/php/pear/../pear/.channels/__uri.reg pear-core
> /usr/share/php/pear/../pear/.channels/pear.php.net.reg pear-core
> /usr/share/php/pear/../pear/.channels/pecl.php.net.reg pear-core
> /usr/share/php/pear/../pear/.depdb pear-core
> /usr/share/php/pear/../pear/.depdblock pear-core
> $ fgrep /./ /ALT/Sisyphus/noarch/base/contents_index |head
> /usr/share/php/pear/./.channels pear-core
> /usr/share/php/pear/./.channels/.alias pear-core
> /usr/share/php/pear/./.channels/.alias/pear.txt pear-core
> /usr/share/php/pear/./.channels/.alias/pecl.txt pear-core
> /usr/share/php/pear/./.channels/__uri.reg pear-core
> /usr/share/php/pear/./.channels/pear.php.net.reg pear-core
> /usr/share/php/pear/./.channels/pecl.php.net.reg pear-core
> /usr/share/php/pear/./.depdb pear-core
> /usr/share/php/pear/./.depdblock pear-core
> /usr/share/php/pear/./.filemap pear-core
> $
>
> $ rpmpeek /ALT/Sisyphus/files/SRPMS/pear-core-1.6.2-alt6.src.rpm fgrep /. pear-core.spec
> %pear_dir/.*
> $
Caught with:
$ rpmpeek /ALT/Sisyphus/files/noarch/RPMS/pear-core-1.6.2-alt6.noarch.rpm :
cpio: Removing leading `./usr/share/php/pear/..' from member names
cpio: Removing leading `./usr/share/php/pear/../' from member names
$ echo $?
0
$
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [devel] bad paths in rpm packages
2008-03-24 23:13 ` Dmitry V. Levin
@ 2008-03-24 23:17 ` Alexey Tourbin
2008-03-24 23:20 ` Dmitry V. Levin
2008-03-25 0:05 ` Alexey Tourbin
1 sibling, 1 reply; 12+ messages in thread
From: Alexey Tourbin @ 2008-03-24 23:17 UTC (permalink / raw)
To: ALT Devel discussion list
[-- Attachment #1: Type: text/plain, Size: 1883 bytes --]
On Tue, Mar 25, 2008 at 02:13:21AM +0300, Dmitry V. Levin wrote:
> On Tue, Mar 25, 2008 at 02:07:51AM +0300, Alexey Tourbin wrote:
> > $ fgrep /../ /ALT/Sisyphus/noarch/base/contents_index |head
> > /usr/share/php/pear/../pear pear-core
> > /usr/share/php/pear/../pear/.channels pear-core
> > /usr/share/php/pear/../pear/.channels/.alias pear-core
> > /usr/share/php/pear/../pear/.channels/.alias/pear.txt pear-core
> > /usr/share/php/pear/../pear/.channels/.alias/pecl.txt pear-core
> > /usr/share/php/pear/../pear/.channels/__uri.reg pear-core
> > /usr/share/php/pear/../pear/.channels/pear.php.net.reg pear-core
> > /usr/share/php/pear/../pear/.channels/pecl.php.net.reg pear-core
> > /usr/share/php/pear/../pear/.depdb pear-core
> > /usr/share/php/pear/../pear/.depdblock pear-core
> > $ fgrep /./ /ALT/Sisyphus/noarch/base/contents_index |head
> > /usr/share/php/pear/./.channels pear-core
> > /usr/share/php/pear/./.channels/.alias pear-core
> > /usr/share/php/pear/./.channels/.alias/pear.txt pear-core
> > /usr/share/php/pear/./.channels/.alias/pecl.txt pear-core
> > /usr/share/php/pear/./.channels/__uri.reg pear-core
> > /usr/share/php/pear/./.channels/pear.php.net.reg pear-core
> > /usr/share/php/pear/./.channels/pecl.php.net.reg pear-core
> > /usr/share/php/pear/./.depdb pear-core
> > /usr/share/php/pear/./.depdblock pear-core
> > /usr/share/php/pear/./.filemap pear-core
> > $
> >
> > $ rpmpeek /ALT/Sisyphus/files/SRPMS/pear-core-1.6.2-alt6.src.rpm fgrep /. pear-core.spec
> > %pear_dir/.*
>
> Надо просто добавить проверку в rpm-build.
> Аналогичная проверка на то, что все пути начинаются от корня,
> там уже есть. Такие пакеты просто не должны собираться.
Посмотри повнимательнее.
Мне кажется это (ещё и) проблема глоба для %files.
Глоб на должен глобить '.' и '..'.
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [devel] bad paths in rpm packages
2008-03-24 23:17 ` Alexey Tourbin
@ 2008-03-24 23:20 ` Dmitry V. Levin
2008-03-25 2:50 ` Alexey Tourbin
2008-03-25 4:04 ` Alexey Tourbin
0 siblings, 2 replies; 12+ messages in thread
From: Dmitry V. Levin @ 2008-03-24 23:20 UTC (permalink / raw)
To: ALT Devel discussion list
[-- Attachment #1: Type: text/plain, Size: 2086 bytes --]
On Tue, Mar 25, 2008 at 02:17:47AM +0300, Alexey Tourbin wrote:
> On Tue, Mar 25, 2008 at 02:13:21AM +0300, Dmitry V. Levin wrote:
> > On Tue, Mar 25, 2008 at 02:07:51AM +0300, Alexey Tourbin wrote:
> > > $ fgrep /../ /ALT/Sisyphus/noarch/base/contents_index |head
> > > /usr/share/php/pear/../pear pear-core
> > > /usr/share/php/pear/../pear/.channels pear-core
> > > /usr/share/php/pear/../pear/.channels/.alias pear-core
> > > /usr/share/php/pear/../pear/.channels/.alias/pear.txt pear-core
> > > /usr/share/php/pear/../pear/.channels/.alias/pecl.txt pear-core
> > > /usr/share/php/pear/../pear/.channels/__uri.reg pear-core
> > > /usr/share/php/pear/../pear/.channels/pear.php.net.reg pear-core
> > > /usr/share/php/pear/../pear/.channels/pecl.php.net.reg pear-core
> > > /usr/share/php/pear/../pear/.depdb pear-core
> > > /usr/share/php/pear/../pear/.depdblock pear-core
> > > $ fgrep /./ /ALT/Sisyphus/noarch/base/contents_index |head
> > > /usr/share/php/pear/./.channels pear-core
> > > /usr/share/php/pear/./.channels/.alias pear-core
> > > /usr/share/php/pear/./.channels/.alias/pear.txt pear-core
> > > /usr/share/php/pear/./.channels/.alias/pecl.txt pear-core
> > > /usr/share/php/pear/./.channels/__uri.reg pear-core
> > > /usr/share/php/pear/./.channels/pear.php.net.reg pear-core
> > > /usr/share/php/pear/./.channels/pecl.php.net.reg pear-core
> > > /usr/share/php/pear/./.depdb pear-core
> > > /usr/share/php/pear/./.depdblock pear-core
> > > /usr/share/php/pear/./.filemap pear-core
> > > $
> > >
> > > $ rpmpeek /ALT/Sisyphus/files/SRPMS/pear-core-1.6.2-alt6.src.rpm fgrep /. pear-core.spec
> > > %pear_dir/.*
> >
> > Надо просто добавить проверку в rpm-build.
> > Аналогичная проверка на то, что все пути начинаются от корня,
> > там уже есть. Такие пакеты просто не должны собираться.
>
> Посмотри повнимательнее.
> Мне кажется это (ещё и) проблема глоба для %files.
Ещё и.
> Глоб на должен глобить '.' и '..'.
Да, в данном случае точно не должен.
--
ldv
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [devel] bad paths in rpm packages
2008-03-24 23:07 [devel] bad paths in rpm packages Alexey Tourbin
2008-03-24 23:13 ` Dmitry V. Levin
2008-03-24 23:13 ` Alexey Tourbin
@ 2008-03-24 23:42 ` Alexey Tourbin
2008-03-24 23:44 ` Alexey Tourbin
2 siblings, 1 reply; 12+ messages in thread
From: Alexey Tourbin @ 2008-03-24 23:42 UTC (permalink / raw)
To: devel
[-- Attachment #1: Type: text/plain, Size: 1210 bytes --]
On Tue, Mar 25, 2008 at 02:07:51AM +0300, Alexey Tourbin wrote:
> $ rpmpeek /ALT/Sisyphus/files/SRPMS/pear-core-1.6.2-alt6.src.rpm fgrep /. pear-core.spec
> %pear_dir/.*
> $
Oh my gosh!
Here's a nice way to pacakge your %_tmppath!
$ cat test.spec
Name: test
Version: 1.0
Release: alt1
Summary: test
License: GPL
Group: Development/Other
%install
mkdir -p %buildroot
%description
%files
/.*
$ time rpm -bb test.spec
...
/tmp/.private/at/test-buildroot/../BUILD/DateTime-Locale-0.35/t/08dash-in-name.t syntax OK
Can't stat blib/lib: No such file or directory
at /usr/lib/perl5/vendor_perl/File/Find/Rule.pm line 593
You said to run 0 tests at /tmp/.private/at/test-buildroot/../BUILD/DateTime-Locale-0.35/t/99-pod.t line 15.
BEGIN failed--compilation aborted at /tmp/.private/at/test-buildroot/../BUILD/DateTime-Locale-0.35/t/99-pod.t line 15.
# /tmp/.private/at/test-buildroot/../BUILD/DateTime-Locale-0.35/t/99-pod.t: deparse failed. isPerl=0.0386266094420601.
error: /bin/sh failed
error: Failed to find Requires
RPM build errors:
/bin/sh failed
Failed to find Requires
rpm -bb test.spec 97.86s user 15.26s system 54% cpu 3:26.50 total
$
Now go try '/.*/.*/.*'.
What a marvellous back system!!
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [devel] bad paths in rpm packages
2008-03-24 23:42 ` Alexey Tourbin
@ 2008-03-24 23:44 ` Alexey Tourbin
0 siblings, 0 replies; 12+ messages in thread
From: Alexey Tourbin @ 2008-03-24 23:44 UTC (permalink / raw)
To: devel
[-- Attachment #1: Type: text/plain, Size: 139 bytes --]
On Tue, Mar 25, 2008 at 02:42:54AM +0300, Alexey Tourbin wrote:
> Now go try '/.*/.*/.*'.
> What a marvellous back system!!
backup system
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [devel] bad paths in rpm packages
2008-03-24 23:13 ` Dmitry V. Levin
2008-03-24 23:17 ` Alexey Tourbin
@ 2008-03-25 0:05 ` Alexey Tourbin
1 sibling, 0 replies; 12+ messages in thread
From: Alexey Tourbin @ 2008-03-25 0:05 UTC (permalink / raw)
To: ALT Devel discussion list
[-- Attachment #1: Type: text/plain, Size: 338 bytes --]
On Tue, Mar 25, 2008 at 02:13:21AM +0300, Dmitry V. Levin wrote:
> Надо просто добавить проверку в rpm-build.
Там код довольно плохой.
$ cat test.spec
$ perl -le 'print "/" . join "/", 1..8192' >>test.spec
$ rpm -bb test.spec
...
Processing files: test-1.0-alt1
*** buffer overflow detected ***: /usr/lib/rpm/rpmb terminated
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [devel] bad paths in rpm packages
2008-03-24 23:20 ` Dmitry V. Levin
@ 2008-03-25 2:50 ` Alexey Tourbin
2008-03-25 3:08 ` Alexey Tourbin
2008-03-25 22:29 ` Alexey Tourbin
2008-03-25 4:04 ` Alexey Tourbin
1 sibling, 2 replies; 12+ messages in thread
From: Alexey Tourbin @ 2008-03-25 2:50 UTC (permalink / raw)
To: ALT Devel discussion list
[-- Attachment #1: Type: text/plain, Size: 3282 bytes --]
On Tue, Mar 25, 2008 at 02:20:51AM +0300, Dmitry V. Levin wrote:
> > > > $ rpmpeek /ALT/Sisyphus/files/SRPMS/pear-core-1.6.2-alt6.src.rpm fgrep /. pear-core.spec
> > > > %pear_dir/.*
> > >
> > > Надо просто добавить проверку в rpm-build.
> > > Аналогичная проверка на то, что все пути начинаются от корня,
> > > там уже есть. Такие пакеты просто не должны собираться.
> >
> > Посмотри повнимательнее.
> > Мне кажется это (ещё и) проблема глоба для %files.
>
> Ещё и.
Собственно, встал вопрос, как определить: какноничен ли путь,
или не каноничен? Пришлось написать ахтомат (см. ниже).
Но тут всплыла другая проблема: путь может быть каноничен,
но не кошерен. rpm позволяет запаковать некошерный путь:
%install
install -pD /dev/null %buildroot/etc/rc.d/init.d/functions
ln -s rc.d/init.d %buildroot/etc/init.d
%files
/etc/init.d/functions
$ rpm -bb test.spec
...
warning: Installed (but unpackaged) file(s) found:
/etc/init.d
/etc/rc.d/init.d/functions
Wrote: /home/at/RPM/RPMS/athlon/test-1.0-alt1.athlon.rpm
$ rpm -qlvp /home/at/RPM/RPMS/athlon/test-1.0-alt1.athlon.rpm
-rwxr-xr-x 1 root root 0 Mar 20 18:50 /etc/init.d/functions
$
Куда ни кинь, всюду клин.
А ты говоришь "загадка".
commit 44a9bc68edcc01c08a2483dd90b2159fe9b35e36
Author: Alexey Tourbin <at@altlinux>
Date: Tue Mar 25 05:33:59 2008 +0300
file.c (addFile): file path must be canonical (new function pathIsCanonical)
diff --git a/build/files.c b/build/files.c
index 114d575..35d34be 100644
--- a/build/files.c
+++ b/build/files.c
@@ -1487,6 +1487,66 @@ static /*@null@*/ FileListRec freeFileList(/*@only@*/ FileListRec fileList,
return NULL;
}
+/* Written by Alexey Tourbin! */
+static int pathIsCanonical(const char *path)
+{
+ enum {
+ ST_NONE,
+ ST_SLASH,
+ ST_SLASHDOT,
+ ST_SLASHDOTDOT
+ } state = ST_NONE;
+ const char *p = path;
+ while (1) {
+ int c = *p;
+ switch (c) {
+ case '/':
+ switch (state) {
+ case ST_SLASH:
+ case ST_SLASHDOT:
+ case ST_SLASHDOTDOT:
+ return 0;
+ default:
+ state = ST_SLASH;
+ break;
+ }
+ break;
+ case '.':
+ switch (state) {
+ case ST_SLASH:
+ state = ST_SLASHDOT;
+ break;
+ case ST_SLASHDOT:
+ state = ST_SLASHDOTDOT;
+ break;
+ default:
+ state = ST_NONE;
+ break;
+ }
+ break;
+ case '\0':
+ switch (state) {
+ case ST_SLASHDOT:
+ case ST_SLASHDOTDOT:
+ return 0;
+ case ST_SLASH:
+ if (p > path + 1)
+ return 0;
+ return 1;
+ default:
+ return 1;
+ }
+ break;
+ default:
+ state = ST_NONE;
+ break;
+ }
+ p++;
+ }
+ /* not reachable */
+ return 0;
+}
+
/**
* Add a file to the package manifest.
* @param fl package file tree walk data
@@ -1553,6 +1613,13 @@ static int addFile(FileList fl, const char * diskURL,
return RPMERR_BADSPEC;
}
+ if (!pathIsCanonical(fileURL)) {
+ rpmError(RPMERR_BADSPEC,
+ _("File path must be canonical: %s\n"), fileURL);
+ fl->processingFailed = 1;
+ return RPMERR_BADSPEC;
+ }
+
/* If we are using a prefix, validate the file */
if (!fl->inFtw && fl->prefix) {
const char *prefixTest;
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [devel] bad paths in rpm packages
2008-03-25 2:50 ` Alexey Tourbin
@ 2008-03-25 3:08 ` Alexey Tourbin
2008-03-25 22:29 ` Alexey Tourbin
1 sibling, 0 replies; 12+ messages in thread
From: Alexey Tourbin @ 2008-03-25 3:08 UTC (permalink / raw)
To: ALT Devel discussion list
[-- Attachment #1: Type: text/plain, Size: 1612 bytes --]
On Tue, Mar 25, 2008 at 05:50:03AM +0300, Alexey Tourbin wrote:
> Но тут всплыла другая проблема: путь может быть каноничен,
> но не кошерен. rpm позволяет запаковать некошерный путь:
>
> %install
> install -pD /dev/null %buildroot/etc/rc.d/init.d/functions
> ln -s rc.d/init.d %buildroot/etc/init.d
> %files
> /etc/init.d/functions
>
> $ rpm -bb test.spec
> ...
> warning: Installed (but unpackaged) file(s) found:
> /etc/init.d
> /etc/rc.d/init.d/functions
> Wrote: /home/at/RPM/RPMS/athlon/test-1.0-alt1.athlon.rpm
> $ rpm -qlvp /home/at/RPM/RPMS/athlon/test-1.0-alt1.athlon.rpm
> -rwxr-xr-x 1 root root 0 Mar 20 18:50 /etc/init.d/functions
> $
Хужее того, rpm охотно формирует пакет, который заведомо нельзя
установить:
%install
install -pD /dev/null %buildroot/foo/rc.d/init.d/functions
ln -s rc.d/init.d %buildroot/foo/init.d
%files
/foo/init.d/functions
/foo/init.d
lrwxrwxrwx 1 root root 11 Mar 25 06:05 /foo/init.d -> rc.d/init.d
-rwxr-xr-x 1 root root 0 Mar 20 18:50 /foo/init.d/functions
$ sudo rpm -iv /home/at/RPM/RPMS/athlon/test-1.0-alt1.athlon.rpm
Preparing packages for installation...
test-1.0-alt1
error: unpacking of archive failed on file /foo/init.d: cpio: rename failed - Is a directory
$
$ find /foo -ls
261633 4 drwxr-xr-x 3 root root 4096 Mar 25 06:05 /foo
261655 4 drwxr-xr-x 2 root root 4096 Mar 25 06:05 /foo/init.d
261675 0 lrwxrwxrwx 1 root root 11 Mar 25 06:05 /foo/init.d;47e86bfb -> rc.d/init.d
$
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [devel] bad paths in rpm packages
2008-03-24 23:20 ` Dmitry V. Levin
2008-03-25 2:50 ` Alexey Tourbin
@ 2008-03-25 4:04 ` Alexey Tourbin
1 sibling, 0 replies; 12+ messages in thread
From: Alexey Tourbin @ 2008-03-25 4:04 UTC (permalink / raw)
To: ALT Devel discussion list
[-- Attachment #1: Type: text/plain, Size: 975 bytes --]
On Tue, Mar 25, 2008 at 02:20:51AM +0300, Dmitry V. Levin wrote:
> > > > $ rpmpeek /ALT/Sisyphus/files/SRPMS/pear-core-1.6.2-alt6.src.rpm fgrep /. pear-core.spec
> > > > %pear_dir/.*
> > >
> > > Надо просто добавить проверку в rpm-build.
> > > Аналогичная проверка на то, что все пути начинаются от корня,
> > > там уже есть. Такие пакеты просто не должны собираться.
> >
> > Посмотри повнимательнее.
> > Мне кажется это (ещё и) проблема глоба для %files.
>
> Ещё и.
Нет. rpm там кое-где кое-что каноникализирует (по-русски --
канонизирует?). Так что "ещё и" -- это в смысле defensive programming,
когда левая рука не ведает, что творит правая, и защищается от действий
правой руки.
$ grep %files -A1 test.spec
%files
/usr/bin/../bin/foo
$ rpm -qlvp /home/at/RPM/RPMS/athlon/test-1.0-alt1.athlon.rpm
-rwxr-xr-x 1 root root 0 Mar 20 18:50 /usr/bin/foo
$
It looks like non-canonical paths can emerge ONLY with bad glob.
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [devel] bad paths in rpm packages
2008-03-25 2:50 ` Alexey Tourbin
2008-03-25 3:08 ` Alexey Tourbin
@ 2008-03-25 22:29 ` Alexey Tourbin
1 sibling, 0 replies; 12+ messages in thread
From: Alexey Tourbin @ 2008-03-25 22:29 UTC (permalink / raw)
To: ALT Devel discussion list
[-- Attachment #1: Type: text/plain, Size: 2684 bytes --]
On Tue, Mar 25, 2008 at 05:50:03AM +0300, Alexey Tourbin wrote:
> Но тут всплыла другая проблема: путь может быть каноничен,
> но не кошерен. rpm позволяет запаковать некошерный путь:
>
> %install
> install -pD /dev/null %buildroot/etc/rc.d/init.d/functions
> ln -s rc.d/init.d %buildroot/etc/init.d
> %files
> /etc/init.d/functions
>
> $ rpm -bb test.spec
> ...
> warning: Installed (but unpackaged) file(s) found:
> /etc/init.d
> /etc/rc.d/init.d/functions
> Wrote: /home/at/RPM/RPMS/athlon/test-1.0-alt1.athlon.rpm
> $ rpm -qlvp /home/at/RPM/RPMS/athlon/test-1.0-alt1.athlon.rpm
> -rwxr-xr-x 1 root root 0 Mar 20 18:50 /etc/init.d/functions
> $
Вроде сделал проверку, чтобы нельзя было запаковать файл в пути
которого встречается симлинк.
commit 5c12a6d19d7a03752eb0a2f57f7b21bdfaf91589
Author: Alexey Tourbin <at@altlinux>
Date: Wed Mar 26 01:14:32 2008 +0300
files.c (addFile): check that each intermediate path component is directory (not symlink)
%install
install -pD /dev/null %buildroot/etc/rc.d/init.d/functions
ln -s rc.d/init.d %buildroot/etc/init.d
%files
/etc/init.d/functions
/etc/init.d
Old behaviour:
lrwxrwxrwx 1 root root 11 Mar 26 01:15 /etc/init.d -> rc.d/init.d
-rwxr-xr-x 1 root root 0 Mar 20 18:50 /etc/init.d/functions
New behaviour:
error: File path component must be directory (/tmp/.private/at/test-buildroot/etc/init.d): /tmp/.private/at/test-buildroot/etc/init.d/functions
diff --git a/build/files.c b/build/files.c
index 35d34be..0a1451f 100644
--- a/build/files.c
+++ b/build/files.c
@@ -1661,6 +1661,31 @@ static int addFile(FileList fl, const char * diskURL,
}
}
+ /* intermediate path component must be directories, not symlinks */
+ {
+ struct stat st;
+ size_t du_len = strlen(diskURL);
+ char *du = alloca(du_len + 1);
+ char *p = du + du_len - strlen(fileURL);
+ strcpy(du, diskURL);
+ while ((p = strchr(p + 1, '/'))) {
+ *p = '\0';
+ if (Lstat(du, &st)) {
+ rpmError(RPMERR_BADSPEC, _("File not found: %s\n"), diskURL);
+ fl->processingFailed = 1;
+ return RPMERR_BADSPEC;
+ }
+ if (!S_ISDIR(st.st_mode)) {
+ rpmError(RPMERR_BADSPEC,
+ _("File path component must be directory (%s): %s\n"),
+ du, diskURL);
+ fl->processingFailed = 1;
+ return RPMERR_BADSPEC;
+ }
+ *p = '/';
+ }
+ }
+
if ((! fl->isDir) && S_ISDIR(statp->st_mode)) {
/* We use our own ftw() call, because ftw() uses stat() */
/* instead of lstat(), which causes it to follow symlinks! */
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2008-03-25 22:29 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-03-24 23:07 [devel] bad paths in rpm packages Alexey Tourbin
2008-03-24 23:13 ` Dmitry V. Levin
2008-03-24 23:17 ` Alexey Tourbin
2008-03-24 23:20 ` Dmitry V. Levin
2008-03-25 2:50 ` Alexey Tourbin
2008-03-25 3:08 ` Alexey Tourbin
2008-03-25 22:29 ` Alexey Tourbin
2008-03-25 4:04 ` Alexey Tourbin
2008-03-25 0:05 ` Alexey Tourbin
2008-03-24 23:13 ` Alexey Tourbin
2008-03-24 23:42 ` Alexey Tourbin
2008-03-24 23:44 ` Alexey Tourbin
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git