[Rpm-maint] [PATCH 3/3] plugins: Pass rpmte to scriptlet_pre and call IMA plugin in this hook
Stefan Berger
stefanb at us.ibm.com
Wed Sep 21 18:14:17 UTC 2016
Stefan Berger <stefanb at linux.vnet.ibm.com> wrote on 09/21/2016 02:04:08
PM:
> From: Stefan Berger <stefanb at linux.vnet.ibm.com>
> To: rpm-maint at lists.rpm.org
> Cc: fionnuala.gunter at gmail.com, stefanb at linux.vnet.ibm.com,
> zohar at linux.vnet.ibm.com, Stefan Berger/Watson/IBM at IBMUS
> Date: 09/21/2016 02:04 PM
> Subject: [PATCH 3/3] plugins: Pass rpmte to scriptlet_pre and call
> IMA plugin in this hook
>
> The IMA plugin needs to also be called before the post installation
> scriptlet is run. The reason for this is that some post installation
> scriptlets invoke the tools that were just installed. The invocatin
> fails, if the signatures have not been applied, yet. Therefore, we
> invoke the IMA plugin with the scriptlet_pre hook.
>
> To be able to do the work in the scriptlet_pre hook, we also need to
> pass the tpmte parameter all the way through.
>
> An example for an RPM that invokes its own programs is coreutils,
> which will invoke /bin/mv in the post installation script.
>
> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
> ---
> lib/rpmplugin.h | 3 ++-
> lib/rpmplugins.c | 5 +++--
> lib/rpmplugins.h | 3 ++-
> lib/rpmscript.c | 5 +++--
> lib/rpmscript.h | 3 ++-
> lib/transaction.c | 2 +-
> plugins/ima.c | 10 ++++++++++
> 7 files changed, 23 insertions(+), 8 deletions(-)
>
> diff --git a/lib/rpmplugin.h b/lib/rpmplugin.h
> index fd81aec..98205db 100644
> --- a/lib/rpmplugin.h
> +++ b/lib/rpmplugin.h
> @@ -44,7 +44,8 @@ typedef rpmRC (*plugin_tsm_post_func)(rpmPlugin
> plugin, rpmts ts, int res);
> typedef rpmRC (*plugin_psm_pre_func)(rpmPlugin plugin, rpmte te);
> typedef rpmRC (*plugin_psm_post_func)(rpmPlugin plugin, rpmte te, int
res);
> typedef rpmRC (*plugin_scriptlet_pre_func)(rpmPlugin plugin,
> - const char *s_name, int type);
> + const char *s_name, int type,
> + rpmte te);
I am obviously modifying a public interface here. This modification does
no harm to other plugins living in the rpm git tree since none of them is
called in this callback hook. Are there any plugins that live outside the
tree that would now not compile anymore? Another solution would be to
introduce a plugin_scriptlet_pre_te_func.
Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20160921/ae24d4e6/attachment.html>
More information about the Rpm-maint
mailing list