From 4dbcbe38b1d6a6a5eb6190c59dabf6afbee04fbd Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Thu, 21 Nov 2024 14:22:30 +0100 Subject: [PATCH] Don't run plugins on src.rpm unpacking (RhBug:2316785) Source packages aren't really "installed", just unpacked, and plugins operate on real transactions by design, so disable all hooks for those. This fixes, in particular, src.rpm installations done by a regular user (a fairly common case) on systems equipped with a plugin that needs root privileges (e.g. the ima plugin), which would otherwise cause a spurious warning or even failure (see RhBug:2316785). Do this by setting RPMTRANS_FLAG_NOPLUGINS for the duration of source unpacking. This ensures that ts->plugins, if not populated yet, will remain empty during rpmInstallSource() (rpmtsSetupTransactionPlugins() bails out if the flag is present). However, if any binary packages are among the rpmInstall() arguments, ts->plugins will have been populated by the time rpmInstallSource() is called, so we need to check for the flag in the hooks themselves, too, and prevent them from running if it's present. Reuse the plugin development test, we don't have anything better at the moment and it does the job well. --- lib/psm.cc | 9 +++++++++ tests/rpmdevel.at | 16 ++++++++++++++-- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/lib/psm.cc b/lib/psm.cc index 655e5b9a4f..76efdff514 100644 --- a/lib/psm.cc +++ b/lib/psm.cc @@ -152,6 +152,7 @@ rpmRC rpmInstallSourcePackage(rpmts ts, FD_t fd, rpmte te = NULL; rpmRC rpmrc; int specix = -1; + rpmPlugins plugins = NULL; rpmrc = rpmReadPackageFile(ts, fd, NULL, &h); switch (rpmrc) { @@ -204,6 +205,10 @@ rpmRC rpmInstallSourcePackage(rpmts ts, FD_t fd, rpmfsSetAction(fs, i, FA_CREATE); } + /* Don't run any plugins */ + plugins = ts->plugins; + ts->plugins = rpmpluginsNew(ts); + psm = rpmpsmNew(ts, te, PKG_INSTALL); if (rpmpsmUnpack(psm) == RPMRC_OK) @@ -211,6 +216,10 @@ rpmRC rpmInstallSourcePackage(rpmts ts, FD_t fd, rpmpsmFree(psm); + /* Restore plugins */ + rpmpluginsFree(ts->plugins); + ts->plugins = plugins; + exit: if (rpmrc == RPMRC_OK && specix >= 0) { if (cookie) diff --git a/tests/rpmdevel.at b/tests/rpmdevel.at index 03908c88d6..83cf324c47 100644 --- a/tests/rpmdevel.at +++ b/tests/rpmdevel.at @@ -43,12 +43,15 @@ runroot rpmbuild --quiet -bb \ /data/SPECS/simple.spec \ /data/SPECS/fakeshell.spec +runroot rpmbuild --quiet -bs \ + /data/SPECS/simple.spec + runroot rpm -U /build/RPMS/noarch/fakeshell-1.0-1.noarch.rpm cmake /data/debugplugin && make && make install DESTDIR=${RPMTEST} RPMTEST_CHECK([ -runroot rpm -U /build/RPMS/noarch/simple-1.0-1.noarch.rpm +runroot rpm -U /build/RPMS/noarch/simple-1.0-1.noarch.rpm /build/SRPMS/simple-1.0-1.src.rpm ], [0], [], @@ -70,5 +73,14 @@ debug_psm_post: simple-1.0-1.noarch:0 debug_tsm_post: 0 debug_cleanup ]) -RPMTEST_CLEANUP +RPMTEST_CHECK([ +runroot rpm -i /build/SRPMS/simple-1.0-1.src.rpm +], +[0], +[], +[debug_init +debug_cleanup +]) + +RPMTEST_CLEANUP