RPM Community Forums

Mailing List Message of <rpm-devel>

rpm infinite recursions using manifests

From: Jeff Johnson <n3npq@mac.com>
Date: Sun 07 Sep 2008 - 18:10:18 CEST
Message-id: <209BE05A-ADA4-4987-A8C0-D635DBD6C6A7@mac.com>
There's a class of infinite recursion problems with manifests used
on the rpm CLI that I don't know to fix.

A manifest is a file containing a list of paths to packages (or other  
manifests)
that can be used with query/install/signing/verifying rpm modes.

This reproducers illustrates the infinite recursion problem
     echo "foo" > foo
     rpm -qp foo
and here's a slightly more complicated recursion
     echo "foo" > bar
     echo "bar" > foo
     rpm -qp foo

If the loop needs to be detected (I also question whether its worth  
the effort),
one approach would be to check that all argv items are unique after  
macro
expansion and glob'ing. However, that assumes paths are unique, clearly
not the case when symlinks & hardlinks are involved.

The approach to add some explicit identifier to recognize a manifest  
doesn't solve
infinite recursion loops through manifest content.

Another approach would be to digest check the set of parsed argv  
candidates.
Note that a digest of the file alone is not good enough, because  
there may be different
amounts of white space surrounding the parsed tokens.

There are also (at least) two fundamental design flaws with the  
manifest implementation.

The hardest issue to solve is that any item that is not a *.rpm  
package is (by default) read as
a manifest. That means that manifest reading/parsing must deal with  
the infinity of
all unknown inputs. That is a tricky parser to write ...

The other issue with the manifest implementation is that arguments  
are processed
several times, for macro expansion, glob'ing, and finally open'ed  
several times
to try to read arguments first a *.rpm package, then as a manifest,  
and (later) reopened
while installing/upgrading. That's a quite different usage case for  
CLI arguments than
is found in almost every other UNIX executable.

Now that rpm install modes have been hanced to support +bing and - 
bang (and eventually
the depsolve'd variant =boom), the issues will only get more complex.

I'd also like to be able to support archive installation directly  
from CLI arguments, generating
the necessary Header container on the fly, which will lead to Yet  
Another open of CLI arguments
to detect magic, and process the archive.

Any other ideas about how to avoid infinite recursion failure cases  
with CLI input?

73 de Jeff
Received on Sun Sep 7 18:12:14 2008
Driven by Jeff Johnson and the RPM project team.
Hosted by OpenPKG and Ralf S. Engelschall.
Powered by FreeBSD and OpenPKG.