RPM Community Forums

Mailing List Message of <rpm-users>

Re: How not to use rpm owner/group info on unpack?

From: Marc MERLIN <marc_rpm@merlins.org>
Date: Fri 12 Nov 2010 - 23:32:07 CET
Message-ID: <20101112223207.GE4774@merlins.org>
On Tue, Nov 09, 2010 at 12:11:57AM -0500, Jeff Johnson wrote:
> On Nov 8, 2010, at 8:49 PM, Marc MERLIN wrote:
> > 
> > What is the proper way to unpack an rpm without losing the user/group info 
> > (i.e. without installing it and without relying on an rpmdb, just unpacking
> > its files with proper perms).
> > 
> The likely flaw you've experienced is in cpio,
> which for POSIX cpio reasons, chooses to change permissions
> to 700 on directories when run as root.
> rpm2cpio is most definitely doing nothing other than
> seeking to the beginning of the payload, and uncompressing
> everything to EOF. The result is a cpio ball written to stdout.

So, I had to check.

I took an rpm, here is what it says with rpm -qlvp:
drwxr-xr-x    2 merlin  haldaemo      0 Nov 10 11:41 /etc/cron.hourly
-rwxr-xr-x    1 merlin  haldaemo    323 Nov  4 19:45 /etc/cron.hourly/runmailq


(file content here)

Second one starts with
drwxr-xr-x    2 root    root          0 Nov 10 11:41 /etc/cron.hourly
-rwxr-xr-x    1 root    root        323 Nov  4 19:45 /etc/cron.hourly/runmailq

Cpio header is exactly the same, I binary diffed it.

Also 'merlin' or 'haldaemo' were nowhere to be found in the first cpio.

So are you _really_ sure rpm2cpio keeps usernames? Looks to me like it doesn't.

"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/  
Received on Fri Nov 12 23:32:26 2010
Driven by Jeff Johnson and the RPM project team.
Hosted by OpenPKG and Ralf S. Engelschall.
Powered by FreeBSD and OpenPKG.