8 #if defined(IAM_RPM) || defined(__LCLINT__)
16 #if defined(RPM_VENDOR_OPENPKG)
17 #define _RPMIOB_INTERNAL
29 #if defined(IAM_RPMBT) || defined(IAM_RPMK)
33 #if defined(RPM_VENDOR_OPENPKG)
35 #define _RPMLUA_INTERNAL
37 #include "rpmluaext.h"
50 #define GETOPT_REBUILD 1003
51 #define GETOPT_RECOMPILE 1004
55 #include <rpmrollback.h>
63 #define MODES_QV (MODE_QUERY | MODE_VERIFY)
67 #define MODES_IE (MODE_INSTALL | MODE_ERASE)
73 #define MODES_BT (MODE_BUILD | MODE_TARBUILD | MODE_REBUILD | MODE_RECOMPILE)
77 #define MODES_K (MODE_CHECKSIG | MODE_RESIGN)
88 #define MODES_FOR_DBPATH (MODES_BT | MODES_IE | MODES_QV | MODES_DB)
89 #define MODES_FOR_NODEPS (MODES_BT | MODES_IE | MODE_VERIFY)
90 #define MODES_FOR_TEST (MODES_BT | MODES_IE)
91 #define MODES_FOR_ROOT (MODES_BT | MODES_IE | MODES_QV | MODES_DB | MODES_K)
99 N_(
"Query options (with -q or --query):"),
102 N_(
"Verify options (with -V or --verify):"),
105 { NULL,
'\0', POPT_ARG_INCLUDE_TABLE, rpmcliQVSourcePoptTable, 0,
106 N_(
"Source options (with --query or --verify):"),
111 #if defined(IAM_RPMQV) || defined(IAM_RPMEIU)
113 N_(
"Dependency check/order options:"),
119 N_(
"File tree walk options (with --ftswalk):"),
125 N_(
"Signature options:"),
131 N_(
"Database options:"),
137 N_(
"Build options with [ <specfile> | <tarball> | <source package> ]:"),
143 N_(
"Install/Upgrade/Erase options:"),
148 N_(
"Common options:"),
158 long _stksize = 64 * 1024
L;
175 fprintf(fp,
"rpmlib 0x%08x,0x%08x,0x%08x\n",
179 static void printUsage(poptContext con, FILE * fp,
int flags)
187 poptPrintHelp(con, fp, flags);
189 poptPrintUsage(con, fp, flags);
192 #if defined(RPM_VENDOR_OPENPKG)
194 #if !defined(RPM_INTEGRITY_FP)
195 #error required RPM_INTEGRITY_FP (fingerprint of public key of integrity authority) not defined!
200 INTEGRITY_WARNING = 1,
204 static void integrity_check_message(
const char *fmt, ...)
209 fprintf(stderr,
"rpm: ATTENTION: INTEGRITY CHECKING DETECTED AN ENVIRONMENT ANOMALY!\nrpm: ");
210 vfprintf(stderr, fmt, ap);
215 static void integrity_check(
const char *
progname,
enum modes progmode_num)
219 char *spec_fn = NULL;
220 char *proc_fn = NULL;
221 char *pkey_fn = NULL;
226 const char *result = NULL;
227 const char *error = NULL;
229 const char *progmode;
230 int rc = INTEGRITY_ERROR;
233 spec_fn =
rpmExpand(
"%{?_integrity_spec_cfg}%{!?_integrity_spec_cfg:scripts/integrity.cfg}", NULL);
234 if (spec_fn == NULL || spec_fn[0] ==
'\0') {
235 integrity_check_message(
"ERROR: Integrity Configuration Specification file not configured.\n"
236 "rpm: HINT: macro %%{_integrity_spec_cfg} not configured correctly.\n");
239 proc_fn =
rpmExpand(
"%{?_integrity_proc_lua}%{!?_integrity_proc_lua:scripts/integrity.lua}", NULL);
240 if (proc_fn == NULL || proc_fn[0] ==
'\0') {
241 integrity_check_message(
"ERROR: Integrity Validation Processor file not configured.\n"
242 "rpm: HINT: macro %%{_integrity_proc_lua} not configured correctly.\n");
245 pkey_fn =
rpmExpand(
"%{?_integrity_pkey_pgp}%{!?_integrity_pkey_pgp:scripts/integrity.pgp}", NULL);
246 if (pkey_fn == NULL || pkey_fn[0] ==
'\0') {
247 integrity_check_message(
"ERROR: Integrity Autority Public-Key file not configured.\n"
248 "rpm: HINT: macro %%{_integrity_pkey_pgp} not configured correctly.\n");
258 integrity_check_message(
"ERROR: Integrity Configuration Specification file contains invalid signature.\n"
259 "rpm: HINT: Check file \"%s\".\n", spec_fn);
265 integrity_check_message(
"ERROR: Integrity Validation Processor file contains invalid signature.\n"
266 "rpm: HINT: Check file \"%s\".\n", proc_fn);
272 if (!(xx == 0 && spec_iob != NULL)) {
273 integrity_check_message(
"ERROR: Unable to load Integrity Configuration Specification file.\n"
274 "rpm: HINT: Check file \"%s\".\n", spec_fn);
281 if (!(xx == 0 && proc_iob != NULL)) {
282 integrity_check_message(
"ERROR: Unable to load Integrity Validation Processor file.\n"
283 "rpm: HINT: Check file \"%s\".\n", proc_fn);
289 if (progname == NULL || progname[0] ==
'\0')
291 switch (progmode_num) {
306 default: progmode =
"unknown";
break;
312 rpmluaextActivate(lua);
313 lua_getfield(lua->L, LUA_GLOBALSINDEX,
"integrity");
314 lua_getfield(lua->L, -1,
"processor");
315 lua_remove(lua->L, -2);
316 lua_pushstring(lua->L, progname);
317 lua_pushstring(lua->L, progmode);
318 lua_pushstring(lua->L, spec_fn);
319 lua_pushstring(lua->L, spec);
320 lua_pushstring(lua->L, proc_fn);
321 lua_pushstring(lua->L, proc);
322 #ifdef RPM_INTEGRITY_MV
323 lua_pushstring(lua->L, RPM_INTEGRITY_MV);
325 lua_pushstring(lua->L,
"0");
327 if (lua_pcall(lua->L, 7, 1, 0) != 0) {
328 error = lua_isstring(lua->L, -1) ? lua_tostring(lua->L, -1) :
"unknown error";
330 integrity_check_message(
"ERROR: Failed to execute Integrity Validation Processor.\n"
331 "rpm: ERROR: Lua: %s.\n"
332 "rpm: HINT: Check file \"%s\".\n", error, proc_fn);
337 if (!lua_isstring(lua->L, -1)) {
338 integrity_check_message(
"ERROR: Failed to fetch Integrity Validation Processor results.\n"
339 "rpm: HINT: Check file \"%s\".\n", proc_fn);
342 result = lua_tostring(lua->L, -1);
343 if (strcmp(result,
"OK") == 0)
345 else if (strncmp(result,
"WARNING:", 8) == 0) {
346 rc = INTEGRITY_WARNING;
347 integrity_check_message(
"%s\n", result);
350 rc = INTEGRITY_ERROR;
351 integrity_check_message(
"%s\n", result);
361 if (spec_iob != NULL)
363 if (proc_iob != NULL)
367 if (rc != INTEGRITY_OK) {
368 if (isatty(STDIN_FILENO) || isatty(STDOUT_FILENO))
370 if (rc == INTEGRITY_ERROR)
379 #if !defined(__GLIBC__) && !defined(__LCLINT__)
380 int main(
int argc,
const char ** argv,
char ** envp)
382 int main(
int argc,
const char ** argv)
389 poptContext optCon =
rpmcliInit(argc, (
char *
const *)argv, optionsTable);
394 #if defined(IAM_RPMQV)
406 #if defined(IAM_RPMDB)
410 #if defined(IAM_RPMK)
414 #if defined(IAM_RPMBT) || defined(IAM_RPMK)
415 char * passPhrase =
"";
426 #if !defined(__GLIBC__) && !defined(__LCLINT__)
453 #if defined(IAM_RPMQV)
496 argerror(
_(
"only one major mode may be specified"));
502 argerror(
_(
"only one major mode may be specified"));
508 argerror(
_(
"only one major mode may be specified"));
524 argerror(
_(
"one type of query/verify may be performed at a "
527 if (qva->
qva_flags && (bigMode & ~MODES_QV))
545 argerror(
_(
"only one major mode may be specified"));
574 #if defined(IAM_RPMEIU)
577 argerror(
_(
"only installation, upgrading, rmsource and rmspec may be forced"));
579 argerror(
_(
"files may only be relocated during package installation"));
582 argerror(
_(
"cannot use --prefix with --relocate or --excludepath"));
585 argerror(
_(
"--relocate and --excludepath may only be used when installing new packages"));
588 argerror(
_(
"--prefix may only be used when installing new packages"));
591 argerror(
_(
"arguments to --prefix must begin with a /"));
594 argerror(
_(
"--hash (-h) may only be specified during package "
598 argerror(
_(
"--percent may only be specified during package "
602 argerror(
_(
"--replacepkgs may only be specified during package "
606 argerror(
_(
"--excludedocs may only be specified during package "
610 argerror(
_(
"--includedocs may only be specified during package "
614 argerror(
_(
"only one of --excludedocs and --includedocs may be "
618 argerror(
_(
"--ignorearch may only be specified during package "
622 argerror(
_(
"--ignoreos may only be specified during package "
626 argerror(
_(
"--allmatches may only be specified during package "
630 argerror(
_(
"--allfiles may only be specified during package "
635 argerror(
_(
"--justdb may only be specified during package "
636 "installation and erasure"));
640 argerror(
_(
"script disabling options may only be specified during "
641 "package installation and erasure"));
645 argerror(
_(
"trigger disabling options may only be specified during "
646 "package installation and erasure"));
649 argerror(
_(
"--nodeps may only be specified during package "
650 "building, rebuilding, recompilation, installation, "
651 "erasure, and verification"));
654 argerror(
_(
"--test may only be specified during package installation, "
655 "erasure, and building"));
659 argerror(
_(
"--root (-r) may only be specified during "
660 "installation, erasure, querying, and "
661 "database rebuilds"));
671 argerror(
_(
"arguments to --root (-r) must begin with a /"));
676 #if defined(RPM_VENDOR_OPENPKG)
680 #if defined(IAM_RPMBT) || defined(IAM_RPMK)
682 #
if defined(IAM_RPMBT)
685 #
if defined(IAM_RPMK)
698 if ((av = poptGetArgs(optCon)) == NULL) {
699 fprintf(stderr,
_(
"no files to sign\n"));
703 if (
Stat(*av, &sb)) {
704 fprintf(stderr,
_(
"cannot access file %s\n"), *av);
715 if (poptPeekArg(optCon)
716 #
if defined(IAM_RPMBT)
719 #
if defined(IAM_RPMK)
724 passPhrase =
Getpass(
_(
"Enter pass phrase: "));
726 fprintf(stderr,
_(
"Pass phrase check failed\n"));
730 fprintf(stderr,
_(
"Pass phrase is good.\n"));
732 passPhrase =
xstrdup(passPhrase);
741 fprintf(stderr,
_(
"creating a pipe for --pipe failed: %m\n"));
745 if (!(pipeChild = fork())) {
747 (void) dup2(p[0], STDIN_FILENO);
750 fprintf(stderr,
_(
"exec failed\n"));
754 (void) dup2(p[1], STDOUT_FILENO);
763 #if defined(SUPPORT_INITDB)
777 #if defined(SUPPORT_VERIFYDB)
794 if (!poptPeekArg(optCon))
795 argerror(
_(
"no packages files given for rebuild"));
807 while ((pkg = poptGetArg(optCon))) {
808 const char * specFile = NULL;
820 ec =
build(ts, specFile, ba, NULL);
823 specFile =
_free(specFile);
836 #if defined(RPM_VENDOR_OPENPKG)
872 #if defined(RPM_VENDOR_OPENPKG) || defined(RPM_VENDOR_MANDRIVA) || defined(RPM_VENDOR_ARK)
891 if (!poptPeekArg(optCon)) {
893 argerror(
_(
"no spec files given for build"));
895 argerror(
_(
"no tar files given for build"));
898 while ((pkg = poptGetArg(optCon))) {
907 ec =
build(ts, pkg, ba, NULL);
919 if (!poptPeekArg(optCon)) {
921 argerror(
_(
"no packages given for erase"));
929 ec +=
rpmErase(ts, ia, (
const char **) poptGetArgs(optCon));
960 if (!poptPeekArg(optCon)) {
962 argerror(
_(
"no packages given for install"));
971 ec +=
rpmcliInstall(ts, ia, (
const char **)poptGetArgs(optCon));
980 if (!poptPeekArg(optCon)
982 argerror(
_(
"no arguments given for query"));
986 ec =
rpmcliQuery(ts, qva, (
const char **) poptGetArgs(optCon));
997 if (!poptPeekArg(optCon)
999 argerror(
_(
"no arguments given for verify"));
1000 ec =
rpmcliVerify(ts, qva, (
const char **) poptGetArgs(optCon));
1013 if (!poptPeekArg(optCon))
1016 ec =
rpmcliSign(ts, ka, (
const char **)poptGetArgs(optCon));
1020 #if !defined(IAM_RPMQV)
1024 #if !defined(IAM_RPMK)
1028 #if !defined(IAM_RPMDB)
1033 #if !defined(IAM_RPMBT)
1039 #if !defined(IAM_RPMEIU)
1044 if (poptPeekArg(optCon) != NULL || argc <= 1 ||
rpmIsVerbose()) {
1051 #if defined(IAM_RPMBT) || defined(IAM_RPMK)
1059 (void) fclose(stdout);
1060 (void) waitpid(pipeChild, &status, 0);
1079 if (ec > 254) ec = 254;