From af1fcf0b0a7c093e3d926680fe73fcf2077fd57c Mon Sep 17 00:00:00 2001 From: Pavlina Moravcova Varekova Date: Tue, 24 Apr 2018 10:30:12 +0200 Subject: [PATCH] Add popt-based options --setcaps and --restore (RhBug:1550745) --setcaps resets capabilities of package files. Because the opotion is popt-based it has some drawbacks - it does not know about %ghost files, file states, etc. --restore regenerate owner, group, permissions and capabilities of package files. It uses 3 already defined options in the correct order. rpm --setugids is used first of all, because it may change permissions or capabilities. rpm --setperms is used before rpm --setcaps, but the opposite order is right too. --- doc/rpm.8 | 23 ++++++++++++++++++----- rpmpopt.in | 12 ++++++++++++ 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/doc/rpm.8 b/doc/rpm.8 index 9a62927d06..d8d6284c6e 100644 --- a/doc/rpm.8 +++ b/doc/rpm.8 @@ -49,6 +49,10 @@ rpm \- RPM Package Manager \fBrpm\fR \fB--setugids\fR \fB\fIPACKAGE_NAME\fB\fR\fI ...\fR +\fBrpm\fR \fB--setcaps\fR \fB\fIPACKAGE_NAME\fB\fR\fI ...\fR + +\fBrpm\fR \fB--restore\fR \fB\fIPACKAGE_NAME\fB\fR\fI ...\fR + .SS "select-options" .PP @@ -839,15 +843,24 @@ options are currently set in configuration file(s). .TP \fBrpm\fR \fB--setperms\fR \fIPACKAGE_NAME\fR -sets permissions of files in the given package. +sets permissions of files in the given package. Consider using +\fB--restore\fR instead. .TP \fBrpm\fR \fB--setugids\fR \fIPACKAGE_NAME\fR sets user/group ownership of files in the given package. This command can -change permissions of files in that package. It is caused by calling command -\fBchmod\fR that can clear SUID and SGID bits in some situations. So it is -safer to call also \fB--setperms\fR after calling \fB--setugids\fR. +change permissions and capabilities of files in that package. In most +cases it is better to use \fB--restore\fR instead. +.TP +\fBrpm\fR \fB--setcaps\fR \fIPACKAGE_NAME\fR +sets capabilities of files in the given package. Consider using +\fB--restore\fR instead. +.TP +\fBrpm\fR \fB--restore\fR \fIPACKAGE_NAME\fR +The option restores owner, group, permissions and capabilities of files +in the given package. .TP -Options \fB--setperms\fR and \fB--setugids\fR are mutually exclusive. +Options \fB--setperms\fR, \fB--setugids\fR, \fB--setcaps\fR and +\fB--restore\fR are mutually exclusive. .SS "FTP/HTTP OPTIONS" .PP diff --git a/rpmpopt.in b/rpmpopt.in index f8ce35f228..e4270fd8e2 100644 --- a/rpmpopt.in +++ b/rpmpopt.in @@ -52,6 +52,18 @@ rpm alias --setugids -q --qf \ --pipe "(echo 'ch() { chown -h -- \"$1\" \"$3\";chgrp -h -- \"$2\" \"$3\"; }';grep '^ch '|grep -v \(none\))|sh" \ --POPTdesc=$"set user/group ownership of files in a package" +rpm alias --setcaps -q --qf \ + "[\[ -f %{FILENAMES:shescape} -a ! -L %{FILENAMES:shescape} \] \ + && setcap %|FILECAPS?{%{FILECAPS:shescape}}:{''}| %{FILENAMES:shescape}\n]" \ + --pipe "sh" \ + --POPTdesc=$"set capabilities of files in a package" + +rpm alias --restore -q --qf \ + '[ rpm --setugids %{NAME:shescape}; \ + rpm --setperms %{NAME:shescape}; \ + rpm --setcaps %{NAME:shescape}; \n]' --pipe "sh" \ + --POPTdesc=$"restore file/directory permissions" + rpm alias --conflicts --qf \ "[%|VERBOSE?{%{CONFLICTFLAGS:deptype}: }:{}|%{CONFLICTNEVRS}\n]" \ --POPTdesc=$"list capabilities this package conflicts with"