From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <at@altlinux.ru>
Date: Wed, 26 Mar 2008 01:29:41 +0300
From: Alexey Tourbin <at@altlinux.ru>
To: ALT Devel discussion list <devel@lists.altlinux.org>
Message-ID: <20080325222941.GP31135@solemn.turbinal>
Mail-Followup-To: ALT Devel discussion list <devel@lists.altlinux.org>
References: <20080324230751.GD31135@solemn.turbinal>
	<20080324231320.GA21713@wo.int.altlinux.org>
	<20080324231747.GF31135@solemn.turbinal>
	<20080324232051.GC21713@wo.int.altlinux.org>
	<20080325025003.GJ31135@solemn.turbinal>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="gS/sOEqITpbrYRmu"
Content-Disposition: inline
In-Reply-To: <20080325025003.GJ31135@solemn.turbinal>
Subject: Re: [devel] bad paths in rpm packages
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.10b3
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
	<mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
	<mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Mar 2008 22:29:42 -0000
Archived-At: <http://lore.altlinux.org/devel/20080325222941.GP31135@solemn.turbinal/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>


--gS/sOEqITpbrYRmu
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Mar 25, 2008 at 05:50:03AM +0300, Alexey Tourbin wrote:
> =EE=CF =D4=D5=D4 =D7=D3=D0=CC=D9=CC=C1 =C4=D2=D5=C7=C1=D1 =D0=D2=CF=C2=CC=
=C5=CD=C1: =D0=D5=D4=D8 =CD=CF=D6=C5=D4 =C2=D9=D4=D8 =CB=C1=CE=CF=CE=C9=DE=
=C5=CE,
> =CE=CF =CE=C5 =CB=CF=DB=C5=D2=C5=CE.  rpm =D0=CF=DA=D7=CF=CC=D1=C5=D4 =DA=
=C1=D0=C1=CB=CF=D7=C1=D4=D8 =CE=C5=CB=CF=DB=C5=D2=CE=D9=CA =D0=D5=D4=D8:
>=20
> %install
> install -pD /dev/null %buildroot/etc/rc.d/init.d/functions
> ln -s rc.d/init.d %buildroot/etc/init.d
> %files
> /etc/init.d/functions
>=20
> $ rpm -bb test.spec=20
> ...
> warning: Installed (but unpackaged) file(s) found:
>     /etc/init.d
>     /etc/rc.d/init.d/functions
> Wrote: /home/at/RPM/RPMS/athlon/test-1.0-alt1.athlon.rpm
> $ rpm -qlvp /home/at/RPM/RPMS/athlon/test-1.0-alt1.athlon.rpm
> -rwxr-xr-x    1 root    root                0 Mar 20 18:50 /etc/init.d/fu=
nctions
> $

=F7=D2=CF=C4=C5 =D3=C4=C5=CC=C1=CC =D0=D2=CF=D7=C5=D2=CB=D5, =DE=D4=CF=C2=
=D9 =CE=C5=CC=D8=DA=D1 =C2=D9=CC=CF =DA=C1=D0=C1=CB=CF=D7=C1=D4=D8 =C6=C1=
=CA=CC =D7 =D0=D5=D4=C9
=CB=CF=D4=CF=D2=CF=C7=CF =D7=D3=D4=D2=C5=DE=C1=C5=D4=D3=D1 =D3=C9=CD=CC=C9=
=CE=CB.


commit 5c12a6d19d7a03752eb0a2f57f7b21bdfaf91589
Author: Alexey Tourbin <at@altlinux>
Date:   Wed Mar 26 01:14:32 2008 +0300

    files.c (addFile): check that each intermediate path component is direc=
tory (not symlink)
   =20
    %install
    install -pD /dev/null %buildroot/etc/rc.d/init.d/functions
    ln -s rc.d/init.d %buildroot/etc/init.d
    %files
    /etc/init.d/functions
    /etc/init.d
   =20
    Old behaviour:
    lrwxrwxrwx    1 root    root               11 Mar 26 01:15 /etc/init.d =
-> rc.d/init.d
    -rwxr-xr-x    1 root    root                0 Mar 20 18:50 /etc/init.d/=
functions
   =20
    New behaviour:
    error: File path component must be directory (/tmp/.private/at/test-bui=
ldroot/etc/init.d): /tmp/.private/at/test-buildroot/etc/init.d/functions

diff --git a/build/files.c b/build/files.c
index 35d34be..0a1451f 100644
--- a/build/files.c
+++ b/build/files.c
@@ -1661,6 +1661,31 @@ static int addFile(FileList fl, const char * diskURL,
 	}
     }
=20
+    /* intermediate path component must be directories, not symlinks */
+    {
+	struct stat st;
+	size_t du_len =3D strlen(diskURL);
+	char *du =3D alloca(du_len + 1);
+	char *p =3D du + du_len - strlen(fileURL);
+	strcpy(du, diskURL);
+	while ((p =3D strchr(p + 1, '/'))) {
+	    *p =3D '\0';
+	    if (Lstat(du, &st)) {
+		rpmError(RPMERR_BADSPEC, _("File not found: %s\n"), diskURL);
+		fl->processingFailed =3D 1;
+		return RPMERR_BADSPEC;
+	    }
+	    if (!S_ISDIR(st.st_mode)) {
+		rpmError(RPMERR_BADSPEC,
+			_("File path component must be directory (%s): %s\n"),
+			du, diskURL);
+		fl->processingFailed =3D 1;
+		return RPMERR_BADSPEC;
+	    }
+	    *p =3D '/';
+	}
+    }
+
     if ((! fl->isDir) && S_ISDIR(statp->st_mode)) {
 	/* We use our own ftw() call, because ftw() uses stat()    */
 	/* instead of lstat(), which causes it to follow symlinks! */

--gS/sOEqITpbrYRmu
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iEYEARECAAYFAkfpfNUACgkQfBKgtDjnu0aHLgCeKf7AgivogSk0oiSGY3Ojc4Ce
4kAAoNL4lq+BUq4+FLnFexMxqYrv8DT0
=Wh4f
-----END PGP SIGNATURE-----

--gS/sOEqITpbrYRmu--