[Rpm-maint] Rally: minor API requests

Panu Matilainen pmatilai at redhat.com
Tue Nov 13 08:09:24 UTC 2007


On Sat, 3 Nov 2007, Maxim Udushlivy wrote:

> Greetings,

Hi, and sorry for the late reply...

> During the development of the Rally (an RPM front end for advanced desktop 
> users, http://crow-designer.sf.net) I have found several moments where RPM 
> may be improved. This message is about two API additions. I could try to 
> provide patches if these additions are acceptable.

Suggestions (and patches) always welcome, there are a number of 
shortcomings in the RPM API as it is...

> (1)
>   The first is very small and is about the way to check RPM database 
> modification time. This is crucial for a GUI application as in order to run 
> smoothly it must have a full list of installed RPM's with a minimal delay 
> after start. Rally uses a fast internal cache which should be updated only if 
> some RPM's were installed or erased since the last run. Currently I do the 
> same as the Smart package manager: use stat(2)/st_mtime on 
> "/var/lib/rpm/Packages" file, but a specialized function would make RPM API a 
> bit more complete. As an alternative that function may return the number of 
> transactions committed to the database.

Sounds entirely reasonable to me, there are a number of users (smartpm, 
apt-rpm ...) that would benefit. Whatever the implementation, it needs to 
abstract out any backend DB details (as rpm supports BDB and SQLite 
backends for the DB)

> (2)
>   The second issue is related to the digital signature checking. A 
> command-line RPM interface offer users the possibility to install public keys 
> into the database and reuse them later during installation of the packages. 
> When a package is being installed, its signature's fingerprint is used to 
> retrieve a stored public key from the database for the process of 
> verification. Absolutely logical and convenient - but not for GUI front ends 
> that work with "createrepo" repositories. Such applications would want to 
> maintain their own public key directories for (a) security reasons and (b) 
> improved usability.
>   Rally v0.1 uses two functions (readLead and rpmReadSignature) not found in 
> public headers and three internal fields of the rpmts structure (pkpkt, 
> pkpktlen and pksignid) in order to simulate the missing API's: the function 
> to extract a fingerprint from a local RPM file and the function to supply a 
> *particular* public key for a subsequent invocation of the rpmReadPackageFile 
> function.
>   So, where are security and usability problems with the current API? Each 
> "createrepo" repository may refer to its own set of public keys. When all 
> keys from all repositories are installed into one database it becomes 
> impossible to verify a package from a particular repository against a limited 
> set of public keys from exactly that repository. Frankly, I cannot imagine a 
> situation of how current behavior may be exploited but... it is better to act 
> in advance, isn't it?

There are a number of issues (API and other things) with rpm's public key 
handling that need addressing sooner or later .. concrete API suggestions 
welcome.

>   The usability of the GUI front ends may be improved also because it would 
> not be necessary to confuse users with strange questions like this:
>
> ===================
> warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
> Importing GPG key 0x4F2A6FD2 "Fedora Project <fedora at redhat.com>" from 
> /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
> Is this ok [y/N]:

I assume the rpmts_HdrFromFdno junk is what you're referring to as 
"strange" in the above?

 	- Panu -



More information about the Rpm-maint mailing list