rpm --qf / nonsense
Jeffrey Johnson
n3npq at me.com
Thu Sep 18 22:13:37 CEST 2014
On Sep 18, 2014, at 2:48 PM, Elan Ruusamäe wrote:
> On 18.09.2014 20:46, Jeffrey Johnson wrote:
>> Patch to check a lead-in of "@/" attached.
> "@"-special is as lame as "/"-special to me,
Then patch out the code in lib/poptQV.c.
(aside)
You will lose the ability to generate JSON/XML/SQL
markup for a package (or an entire rpmdb) and
likely do not care:
The entries in rpmpopt will expand to unused file names.
Try and see
rpm -qa --yum:primary.xml
> why not just use the parameter as is if such file does not exist?
Because there may be further processing, like macro expansions,
or (already in popt) verifying signed file content.
> use formatfile only if the argument specifies regular file that exists.
Existence isn't enough, there are deeper security checks with attached
signatures.
> fallbacking like the argument did not even exist is not correct behaviour. there was no error reported just silently doing something else.
There are lots of "best effort" silent fallbacks everywhere in RPM
because of the complexity of trying to unravel complex state machines.
>
> as a workaround, i just split the command to two parts:
> 1. fetch rpm -q rpm --qf value
> 2. use value from 1 and do the path related things
>
Whatever works for you.
You got an analysis and a fix with 2 hours of reporting
You are welcome.
73 de Jeff
> http://git.pld-linux.org/?p=packages/rpmlint.git;a=commitdiff;h=07c5699d9caf0b1643d88624724c29988d960f5c
>
> --
> glen
>
> _______________________________________________
> pld-devel-en mailing list
> pld-devel-en at lists.pld-linux.org
> http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
More information about the pld-devel-en
mailing list