[Rpm-maint] [rpm-software-management/rpm] install-time data API (Discussion #3874)
Hank Donnay
notifications at github.com
Thu Sep 25 14:48:18 UTC 2025
> Without additional safeguards, this is an open check to add arbitrary content to an installed package, ranging from scripts to signatures to misleading data, all of which goes outside the signed header part so it's silent. There needs to be some fundamental restrictions for the data that can be added through this mechanism, maybe an explicit allow-list for tags that are permitted or something like that.
Yeah, that makes sense. I was thinking an allow-list (With a size limit for values? Is that a concern?). My follow-up questions are:
1. Would the allowed tags be install-time _only_, meaning it'd be an error to try to set them in an rpm build? I know the existing use-cases wouldn't make sense to do so, but you know how programmers are.
2. If the allow-listed tags _can_ be present in the rpm, should the install-time headers shadow them? Should that happen silently?
> `rpmtsAddInstallElement()` is not a good fit for various use-cases we have, we'd rather not add to a bad API that already has too many arguments to it. Also, you don't need to. You can hook up to `rpmtsSetChangeCallback()` to get access to `rpmte`s as they are added, which also lets you deal with the cases where rpm replaces an element that got obsoleted etc.
Okay, I'll start poking at that.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/3874#discussioncomment-14512320
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/repo-discussions/3874/comments/14512320 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20250925/e5408771/attachment-0001.htm>
More information about the Rpm-maint
mailing list