[Rpm-maint] [PATCH 3/3] plugins: Pass rpmte to scriptlet_pre and call IMA plugin in this hook
Panu Matilainen
pmatilai at laiskiainen.org
Wed Sep 21 19:21:41 UTC 2016
On 09/21/2016 09:14 PM, Stefan Berger wrote:
> Stefan Berger <stefanb at linux.vnet.ibm.com> wrote on 09/21/2016 02:04:08
> PM:
>
>> From: Stefan Berger <stefanb at linux.vnet.ibm.com>
>> To: rpm-maint at lists.rpm.org
>> Cc: fionnuala.gunter at gmail.com, stefanb at linux.vnet.ibm.com,
>> zohar at linux.vnet.ibm.com, Stefan Berger/Watson/IBM at IBMUS
>> Date: 09/21/2016 02:04 PM
>> Subject: [PATCH 3/3] plugins: Pass rpmte to scriptlet_pre and call
>> IMA plugin in this hook
>>
>> The IMA plugin needs to also be called before the post installation
>> scriptlet is run. The reason for this is that some post installation
>> scriptlets invoke the tools that were just installed. The invocatin
>> fails, if the signatures have not been applied, yet. Therefore, we
>> invoke the IMA plugin with the scriptlet_pre hook.
>>
>> To be able to do the work in the scriptlet_pre hook, we also need to
>> pass the tpmte parameter all the way through.
>>
>> An example for an RPM that invokes its own programs is coreutils,
>> which will invoke /bin/mv in the post installation script.
>>
>> Signed-off-by: Stefan Berger <stefanb at linux.vnet.ibm.com>
>> ---
>> lib/rpmplugin.h | 3 ++-
>> lib/rpmplugins.c | 5 +++--
>> lib/rpmplugins.h | 3 ++-
>> lib/rpmscript.c | 5 +++--
>> lib/rpmscript.h | 3 ++-
>> lib/transaction.c | 2 +-
>> plugins/ima.c | 10 ++++++++++
>> 7 files changed, 23 insertions(+), 8 deletions(-)
>>
>> diff --git a/lib/rpmplugin.h b/lib/rpmplugin.h
>> index fd81aec..98205db 100644
>> --- a/lib/rpmplugin.h
>> +++ b/lib/rpmplugin.h
>> @@ -44,7 +44,8 @@ typedef rpmRC (*plugin_tsm_post_func)(rpmPlugin
>> plugin, rpmts ts, int res);
>> typedef rpmRC (*plugin_psm_pre_func)(rpmPlugin plugin, rpmte te);
>> typedef rpmRC (*plugin_psm_post_func)(rpmPlugin plugin, rpmte te, int
> res);
>> typedef rpmRC (*plugin_scriptlet_pre_func)(rpmPlugin plugin,
>> - const char *s_name, int type);
>> + const char *s_name, int type,
>> + rpmte te);
>
>
> I am obviously modifying a public interface here. This modification does
> no harm to other plugins living in the rpm git tree since none of them is
> called in this callback hook. Are there any plugins that live outside the
> tree that would now not compile anymore? Another solution would be to
> introduce a plugin_scriptlet_pre_te_func.
>
rpmplugin.h is not a public header, the whole plugin interface has been
kept "rpm internal" to allow changing things while it matures. That's
not a (big) problem.
What I do object to is passing the transaction element to
rpmScriptRun(). The scriptlet running machinery is intentionally
disconnected from the higher level objects such as transaction elements.
There were reasons for that, I just dont remember the details anymore,
doh :) *One* of the reasons is that not all scriptlets execute in a
context of a transaction element (think of triggers from installed
packages).
A new plugin hook is probably more appropriate. Or a pair of them - as
you might have noticed they try to stick to symmetry. What the hook(s)
should be called etc I've no clue ATM and its getting late here...
- Panu -
- Panu -
More information about the Rpm-maint
mailing list