RPM Community Forums

Mailing List Message of <rpm-users>

Re: How not to use rpm owner/group info on unpack?

From: Jeff Johnson <n3npq@mac.com>
Date: Tue 09 Nov 2010 - 05:28:44 CET
Message-id: <2EA59C50-8EFB-4E57-85B5-2EB7D979D424@mac.com>

On Nov 8, 2010, at 11:08 PM, Marc MERLIN wrote:

> On Mon, Nov 08, 2010 at 09:12:00PM -0500, Jeff Johnson wrote:
>> 
>> On Nov 8, 2010, at 8:49 PM, Marc MERLIN wrote:
>> 
>>> I was debugging an rpm problem and pulled my hair on this:
>>> 
>>> As root, both:
>>> rpm2cpio file.rpm | cpio -idv
>>> and
>>> alien --to-tgz file.rpm ; tar xvzf file.rpm
>>> 
>>> unpack the package but lose the owner/group info for files.
>> 
>> Ick.
>> 
>> Um, and this is an rpm problem ... how? You're not even invoking rpm.
> 
> It's a problem if the package cannot be opened along with proper perms with
> any standard tool, including rpm2cpio which is part of rpm, is it not? :)
> (as far as I can tell, it's rpm2cpio that is losing the file owner info, not
> cpio, so that made it an rpm problem for me).
> 

rpm2cpio.c was one (of several) programs written
to illustrate how to program against an rpm-2.x API
that went obsolete in rpm-3.0. In 1999.

There's a rpm2cpio.sh, and a rpm2cpio.pl and likely every
other widdle language.

No rpm2cpio splits the cpio payload out of a package. Period.

> In other words, I haven't found a single way to verify ownership information
> of files inside an rpm package without actually installing the rpm.
> 

You want to verify what?

If you want to verify what is installed against what is in a *.rpm:

	rpm -Vp foo*.rpm

If you want to verify what cpio -itv would display against package metadata,
it is very close (identical at one point, but cpio output changes too), then

	rpm -qlvp foo*.rpm


> What if you need to validate an rpm on a server which certainly should not
> install said rpm before it's pushed to a bunch of machines?
> 

What is validate? There's file MD5 sums, there's signatures/digest/crc's on *.rpm,
there's installs into a chroot, or on a test machine, or any number of other meanings
for "validate".

Does tar/cpio/alien "validate" an archive on a server?

> I thought there would even be a way to do some rpm -qlp foo.rpm to list
> files and their rpms ( la ls -l), but didn't find a way to do that.
> 

There is, add -v.

> I'll look at the solution you posted, it looks pretty involved :)
> 

A script that containing chown/chgrp to set user/group on uglix, exactly what you asked for,
is "involved"?

Generated from a package without using an rpmdb? Or using alien or tar or anything but
a single rpm command?

What are saying _REALLY_?

73 de Jeff
Received on Tue Nov 9 05:29:24 2010
Driven by Jeff Johnson and the RPM project team.
Hosted by OpenPKG and Ralf S. Engelschall.
Powered by FreeBSD and OpenPKG.