rpm -Uhv --oldpackage loses configs

Tomasz Pala gotar at polanet.pl
Tue Jun 7 19:49:20 CEST 2016

Note: I'm not referring to %config issue reported, this is only by-the-way question.

On Tue, Jun 07, 2016 at 13:16:45 -0400, Jeffrey Johnson wrote:

>> A propos - would it be possible for rpm to support "--verify --package"
>> exactly for this purpose, i.e. verifying metadata/manifest against cpio
>> archive contents (including file checksums) without installing package.rpm?
> All rpm operations are supported for any rpm package.

But --verify checks against filesystem. I'm looking for a way to check
against cpio inside...

> is different however. The payload when the repackaged payload is constructed
> is ???best effort??? in the sense that if a file does not exist on its metadata path, then
> the file cannot be included in the package. Similarly, if a file is modified
> from the original content, there is no attempt to recalculate file digests, which
> would also trigger a recalculation of the header SHA1 and (harder) resigning

...just for such cases as you described. In other words: I want to check
if repackaged.rpm contains changed files. Let's name it: integrity test
(manifest vs cpio).

Currently I'm able to do it by installing such package in newly created
(empty) root and verifying against files put inside, but there should be
more elegant/effective way. Considering the --install checks digests
(thus --nomd5/--nodigest was required to install repackaged.rpms with
modified contents), it should be enough to skip appropriate code path,
the one that actually commits filesystem changes.

Tomasz Pala <gotar at pld-linux.org>

More information about the pld-devel-en mailing list