Drop support for installing v3 packages

Explicitly refuse to add packages without immutable region into transactions, effectively preventing installation of v3 packages. We still support querying and unpacking such packages, only installing is blocked because the lack of immutable region means such packages are not verifiable after installation. An unexpected gotcha here was that rpmSpecCheckDeps() executes very early on with a malleable (aka v3) header and would now fail. Run a temporary copy of the header-in-progress through headerReload() to appease rpmtsAddInstallElement(). This is obviously far from foolproof, a better check would actually verify the immutable region here but that wouldn't make it foolproof either, just a little harder to fake. Fixes: rpm-software-management#1107
pmatilai · Sep 16, 2024 · 134d3e2 · 134d3e2
1 parent 20be4c9
commit 134d3e2
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 4 deletions.
diff --git a/build/spec.c b/build/spec.c
@@ -312,15 +312,19 @@ rpmds rpmSpecDS(rpmSpec spec, rpmTagVal tag)
 
 rpmps rpmSpecCheckDeps(rpmts ts, rpmSpec spec)
 {
+    /* Make a temporary immutable header to appease rpmtsAddInstallElement() */
+    Header h = headerReload(headerCopy(rpmSpecSourceHeader(spec)),
+			    RPMTAG_HEADERIMMUTABLE);
     rpmps probs = NULL;
 
     rpmtsEmpty(ts);
 
-    rpmtsAddInstallElement(ts, rpmSpecSourceHeader(spec), NULL, 0, NULL);
+    rpmtsAddInstallElement(ts, h, NULL, 0, NULL);
     rpmtsCheck(ts);
     probs = rpmtsProblems(ts);
 
     rpmtsEmpty(ts);
+    headerFree(h);
     return probs;
 }
 

diff --git a/lib/depends.c b/lib/depends.c
@@ -392,6 +392,12 @@ static int addPackage(rpmts ts, Header h,
 	goto exit;
     }
 
+    /* Installing v3 packages is no longer supported */
+    if (!headerIsEntry(h, RPMTAG_HEADERIMMUTABLE)) {
+	ec = 3;
+	goto exit;
+    }
+
     /* Source packages are never "upgraded" */
     if (isSource)
 	op = RPMTE_INSTALL;

diff --git a/lib/rpminstall.c b/lib/rpminstall.c
@@ -635,6 +635,12 @@ int rpmInstall(rpmts ts, struct rpmInstallArguments_s * ia, ARGV_t fileArgv)
 	    eiu->numFailed++;
 	    goto exit;
 	    break;
+	case 3:
+	    rpmlog(RPMLOG_ERR,
+			    _("package format not supported: %s\n"), *eiu->fnp);
+	    eiu->numFailed++;
+	    goto exit;
+	    break;
 	default:
 	    eiu->numFailed++;
 	    goto exit;

diff --git a/tests/rpmpkgfmt.at b/tests/rpmpkgfmt.at
@@ -63,15 +63,15 @@ runroot rpm -U --nodeps /data/RPMS/hello-1.0-1.x86_64.rpm-v3
 [1],
 [],
 [warning: RPM v3 packages are deprecated: hello-1.0-1.x86_64
-	package hello-1.0-1.x86_64 does not verify: no digest
+error: package format not supported: /data/RPMS/hello-1.0-1.x86_64.rpm-v3
 ])
 
 RPMTEST_CHECK([
 runroot rpm -U --nodeps --noverify /data/RPMS/hello-1.0-1.x86_64.rpm-v3
 ],
-[0],
+[1],
 [],
 [warning: RPM v3 packages are deprecated: hello-1.0-1.x86_64
-warning: RPM v3 packages are deprecated: hello-1.0-1.x86_64
+error: package format not supported: /data/RPMS/hello-1.0-1.x86_64.rpm-v3
 ])
 RPMTEST_CLEANUP