RPM Community Forums

Mailing List Message of <rpm-users>

Re: How not to use rpm owner/group info on unpack?

From: Marc MERLIN <marc_rpm@merlins.org>
Date: Tue 09 Nov 2010 - 05:08:50 CET
Message-ID: <20101109040850.GG4191@merlins.org>
On Mon, Nov 08, 2010 at 09:12:00PM -0500, Jeff Johnson wrote:
> On Nov 8, 2010, at 8:49 PM, Marc MERLIN wrote:
> > I was debugging an rpm problem and pulled my hair on this:
> > 
> > As root, both:
> > rpm2cpio file.rpm | cpio -idv
> > and
> > alien --to-tgz file.rpm ; tar xvzf file.rpm
> > 
> > unpack the package but lose the owner/group info for files.
> Ick.
> Um, and this is an rpm problem ... how? You're not even invoking rpm.

It's a problem if the package cannot be opened along with proper perms with
any standard tool, including rpm2cpio which is part of rpm, is it not? :)
(as far as I can tell, it's rpm2cpio that is losing the file owner info, not
cpio, so that made it an rpm problem for me).

In other words, I haven't found a single way to verify ownership information
of files inside an rpm package without actually installing the rpm.

What if you need to validate an rpm on a server which certainly should not
install said rpm before it's pushed to a bunch of machines?

I thought there would even be a way to do some rpm -qlp foo.rpm to list
files and their rpms ( la ls -l), but didn't find a way to do that.

I'll look at the solution you posted, it looks pretty involved :)

"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/  
Received on Tue Nov 9 05:09:09 2010
Driven by Jeff Johnson and the RPM project team.
Hosted by OpenPKG and Ralf S. Engelschall.
Powered by FreeBSD and OpenPKG.