Skip to content

Commit

Permalink
Add popt-based options --setcaps and --restore (RhBug:1550745)
Browse files Browse the repository at this point in the history
--setcaps resets capabilities of package files.

Because the opotion is popt-based it has some drawbacks -
it does not know about %ghost files, file states, etc.

--restore regenerate owner, group, permissions and capabilities
of package files.

It uses 3 already defined options in the correct order.
rpm --setugids is used first of all, because it may change permissions
or capabilities. rpm --setperms is used before rpm --setcaps, but the
opposite order is right too.
  • Loading branch information
pavlinamv committed Apr 24, 2018
1 parent 05b233d commit af1fcf0
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 5 deletions.
23 changes: 18 additions & 5 deletions doc/rpm.8
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,10 @@ rpm \- RPM Package Manager

\fBrpm\fR \fB--setugids\fR \fB\fIPACKAGE_NAME\fB\fR\fI ...\fR

\fBrpm\fR \fB--setcaps\fR \fB\fIPACKAGE_NAME\fB\fR\fI ...\fR

\fBrpm\fR \fB--restore\fR \fB\fIPACKAGE_NAME\fB\fR\fI ...\fR

.SS "select-options"
.PP

Expand Down Expand Up @@ -839,15 +843,24 @@ options are currently set in
configuration file(s).
.TP
\fBrpm\fR \fB--setperms\fR \fIPACKAGE_NAME\fR
sets permissions of files in the given package.
sets permissions of files in the given package. Consider using
\fB--restore\fR instead.
.TP
\fBrpm\fR \fB--setugids\fR \fIPACKAGE_NAME\fR
sets user/group ownership of files in the given package. This command can
change permissions of files in that package. It is caused by calling command
\fBchmod\fR that can clear SUID and SGID bits in some situations. So it is
safer to call also \fB--setperms\fR after calling \fB--setugids\fR.
change permissions and capabilities of files in that package. In most
cases it is better to use \fB--restore\fR instead.
.TP
\fBrpm\fR \fB--setcaps\fR \fIPACKAGE_NAME\fR
sets capabilities of files in the given package. Consider using
\fB--restore\fR instead.
.TP
\fBrpm\fR \fB--restore\fR \fIPACKAGE_NAME\fR
The option restores owner, group, permissions and capabilities of files
in the given package.
.TP
Options \fB--setperms\fR and \fB--setugids\fR are mutually exclusive.
Options \fB--setperms\fR, \fB--setugids\fR, \fB--setcaps\fR and
\fB--restore\fR are mutually exclusive.

.SS "FTP/HTTP OPTIONS"
.PP
Expand Down
12 changes: 12 additions & 0 deletions rpmpopt.in
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,18 @@ rpm alias --setugids -q --qf \
--pipe "(echo 'ch() { chown -h -- \"$1\" \"$3\";chgrp -h -- \"$2\" \"$3\"; }';grep '^ch '|grep -v \(none\))|sh" \
--POPTdesc=$"set user/group ownership of files in a package"

rpm alias --setcaps -q --qf \
"[\[ -f %{FILENAMES:shescape} -a ! -L %{FILENAMES:shescape} \] \
&& setcap %|FILECAPS?{%{FILECAPS:shescape}}:{''}| %{FILENAMES:shescape}\n]" \
--pipe "sh" \
--POPTdesc=$"set capabilities of files in a package"

rpm alias --restore -q --qf \
'[ rpm --setugids %{NAME:shescape}; \
rpm --setperms %{NAME:shescape}; \
rpm --setcaps %{NAME:shescape}; \n]' --pipe "sh" \
--POPTdesc=$"restore file/directory permissions"

rpm alias --conflicts --qf \
"[%|VERBOSE?{%{CONFLICTFLAGS:deptype}: }:{}|%{CONFLICTNEVRS}\n]" \
--POPTdesc=$"list capabilities this package conflicts with"
Expand Down

0 comments on commit af1fcf0

Please sign in to comment.