On Dec 19, 2008, at 11:11 AM, Ralf S. Engelschall wrote:

On Fri, Dec 19, 2008, Ralf S. Engelschall wrote:

On Fri, Dec 19, 2008, Jeff Johnson wrote:

(resent, dunno where the 1st message went)

I don't know, never seen on the list...

I kind of like the idea of using a '@' before a file path as an
"attention" marker to increase the file validation checks, and so I'm likely to refactor the functionality out of rpm and into popt-1.15 as
part of simplifying rpm configuration/initialization.

At the same time, I will probably add a new poptReadConfigFiles()
method whose argument will be a colon separated list of configuration
file paths to read.

Any other opinions?

As long as the particular security check (here rpmSecuritySaneFile
for RPM_VENDOR_OPENPKG) embedded into POPT can be optionally still
overridden from within RPM (in case one needs some additional checks or
a different error message or whatever) I'm happy. Perhaps an optional
callback does the trick.

BTW, under RPM_VENDOR_OPENPKG the "@" attention marker is not just used
for POPT files. It is also used for RPM macro files and Lua script
files! So, please be careful that instead of a "factoring out" not a
"partial removal" happens to the functionality.

Understood. What I like is the idea of a '@' attention in-band, not which particular
config file reading has chosen '@' attention.

I will likely drill similar into lua bootstrapping (if not there already).
I like consistency no matter what. But there are other issues to deal
with there permitting external system lua module loading that have
to be addressed. I have no intent of changing anything, but as you know,
the embedded lua is all snarled up throughout rpm misc/rpmio/lib ...

For completeness reasons, here is how OpenPKG 4 configures RPM 5:

| [...]
| #   determine POPT option, RPM macros and Lua script file paths
| RPMPOPT="%{l_prefix}/lib/openpkg/rpmpopt"
| RPMPOPT="$RPMPOPT:%{l_prefix}/etc/openpkg/rpmpopt"
| RPMPOPT="$RPMPOPT:%{l_prefix}/etc/openpkg/rpmpopt.d/*"
| RPMPOPT="$RPMPOPT:~/.openpkg/rpmpopt"
| RPMPOPT="$RPMPOPT:@../../.openpkg/rpmpopt"
| RPMPOPT="$RPMPOPT:@../.openpkg/rpmpopt"
| RPMPOPT="$RPMPOPT:@./.openpkg/rpmpopt"
| RPMMACROS="%{l_prefix}/lib/openpkg/rpmmacros"
| RPMMACROS="$RPMMACROS:%{l_prefix}/etc/openpkg/rpmmacros"
| RPMMACROS="$RPMMACROS:%{l_prefix}/etc/openpkg/rpmmacros.d/*"
| RPMMACROS="$RPMMACROS:~/.openpkg/rpmmacros"
| RPMMACROS="$RPMMACROS:@../../.openpkg/rpmmacros"
| RPMMACROS="$RPMMACROS:@../.openpkg/rpmmacros"
| RPMMACROS="$RPMMACROS:@./.openpkg/rpmmacros"
| RPMLUA="%{l_prefix}/lib/openpkg/rpmlua"
| RPMLUA="$RPMLUA:%{l_prefix}/etc/openpkg/rpmlua"
| RPMLUA="$RPMLUA:%{l_prefix}/etc/openpkg/rpmlua.d/*"
| RPMLUA="$RPMLUA:~/.openpkg/rpmlua"
| RPMLUA="$RPMLUA:@../../.openpkg/rpmlua"
| RPMLUA="$RPMLUA:@../.openpkg/rpmlua"
| RPMLUA="$RPMLUA:@./.openpkg/rpmlua"
| #   configure program
| ./configure \
|     --cache-file=./config.cache \
|     --prefix=%{l_prefix} \
|     --mandir="%{l_prefix}/man" \
|     --includedir="%{l_prefix}/include/openpkg" \
|     --with-name="OpenPKG RPM" \
|     --with-path-cfg="%{l_prefix}/etc/openpkg" \
|     --with-path-rpmpopt="$RPMPOPT" \
|     --with-path-macros="$RPMMACROS" \
|     --with-path-rpmlua="$RPMLUA" \
|     [...]

As you can see, the attention markers are especially used on all paths
relative to the current working directory. This allows OpenPKG to use a very flexible file-system layout with RPM (based on some additional RPM
macro hacking) while at the same time not open a security hole.

Thanks for the clear and explcit example, that will help me find what I'm
not supposed to break ;-)

73 de Jeff

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to