Replies: 5 comments 9 replies
-
Well I'm glad you're not asking for much 😂 |
Beta Was this translation helpful? Give feedback.
-
On a random related note, many of these things (such as the tag relations) should really be defined through data structure(s) that can be validated rather than these implementation driven checks wherever somebody remembered to check for anomalies. |
Beta Was this translation helpful? Give feedback.
-
Is there an external tool capable of checking these invariants currently? Is this something |
Beta Was this translation helpful? Give feedback.
-
I'm unclear on what this means, do you mean
|
Beta Was this translation helpful? Give feedback.
-
So, not really a question about packages themselves -
(and so on). Would doing such validation be useful or appropriate? Is there a restriction on "what an EVR can look like" outside of the implementation and just "packaging guidelines"? |
Beta Was this translation helpful? Give feedback.
-
What are the invariants that must hold in a valid RPM package? I am
especially interested in the ones that RPM does not currently check
properly. This includes ones that it cannot check due to backwards
compatibility. I would like to see RPM check all of them in v6 packages, and check as many as possible for v4 packages.
Here is my current understanding of package invariants. I would consider
a violation of any of these grounds to consider a package broken.
The ones marked with a (*) are the ones that I know RPM cannot
currently enforce for compatibility reasons. Are there any others that
RPM cannot enforce safely? For those that it can enforce safely, would
patches to enforce them be accepted? From my perspective, enforcement
should ideally take the form of rejecting the package at load time,
but a warning (such as “your package is broken and will be rejected
in the future”) could be an acceptable compromise. For RPMv6 I would
like to enforce all of these invariants.
Padding must be minimal and zeroed.
Regions must be internally consistent. That is, the region trailer
must come after the number of entries the region header says it
does.
(*) Header tag data entries must be sorted.
The signature header must not include any i18string or i18table
entries.
The main header must have an i18table if it has any i18string
entries.
All i18string entries must be of the same length as each other and
the i18ntable.
The Filelangs, Dirindexes, Fileinodes, Filedevices, Basenames,
Fileclass, Fileusername, Filegroupname, Fileflags, Filelinktos,
Filedigests, Filerdevs, Filemodes, Filestates, Filesizes,
Filecolors, Filedependsx, Filedependsn, file signature, and verity
signature arrays must all be the same length if they exist at all.
The entries in Basenames must not contain "/".
Every entry in Fileclass must correspond to an entry in the
Classdict array.
Every entry in Classdict must be the Fileclass entry of at least
one file.
Same as above, but with Dirnames instead of Classdict and
Dirindexes instead of Fileclass.
The Requireflags, Requirename, and Requireversion entries must be
the same length.
The Changelongname, Changelogtime, and Changelogtext entries must
be the same length.
The Encoding entry must exist, be of length 1, and contain the
literal string "utf-8".
The Payloaddigest and Payloaddigestalt entries must each be a
single string with a length matching the Payloaddigestalgo entry.
The Filelinktos must have one non-empty entry for every symlink and
one empty entry for every non-symlink.
For each regular file, the corresponding entry in Filedigests
must have a length that corresponds to the Filedigestalgo entry.
For all other files, the corresponding entry in Filedigests must
be empty.
The Version, Release, Summary, Description, Buildtime, Buildhost,
Size, Distribution, License, Packager, Group, Url, Os, Arch, and
Bugurl entries must be single strings.
The IMA signature, Filedigest, Payloaddigest, and Payloaddigestalt
entries must be valid hex.
Verity signatures must be valid base64, properly padded. The last
byte before the padding must not encode bits that will not occur in
the decoded result. That is, if there is one
=
for padding, thebyte before it must encode a 6-bit value with the bottom two bits
zero, and if there are two
=
, the byte before the first one mustencode a 6-bit value with the bottom four bits zero. Whitespace is
not permitted. These rules should apply to anywhere base64-encoded
data appears in an RPM package and is interpreted by RPM.
All strings in the signature header must be printable ASCII.
All strings in the main header must be valid UTF-8 and not include
non-printable ASCII characters. Spaces, tabs, and newlines are
allowed, though the latter two are not permitted in paths.
The signature header must not contain any duplicate tags: tags
in its dribble are not allowed to duplicate tags in its immutable
region, and entries in both the immutable region and the dribble
must be unique. For v6, I would like to require it to not contain any dribble at all.
The immutable header must not contain any duplicate tags.
Beta Was this translation helpful? Give feedback.
All reactions