[Rpm-maint] [rpm-software-management/rpm] rpm --verify doesn't respect user/group info from --root (#882)

Lars Karlitski notifications at github.com
Sat Oct 5 20:22:07 UTC 2019


This means that effectively, `--root` cannot be used with `--verify`. And maybe all other operations that depend on the uid mapping, like `--query`, `--install`, `--upgrade`?

I'd say that using the host's uid mapping is always wrong, but I agree that rpm cannot run code from inside the target via nss modules. Could a solution be to ignore those and only look at the target's `/etc/passwd`? I imagine that this will be fine for the vast majority of cases, because rpm packages in practice contain files belonging to system users that are specified in `/etc/passwd`, no?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/882#issuecomment-538685507
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20191005/a46ced2c/attachment.html>


More information about the Rpm-maint mailing list