Hi Panu,
I finally got back to file hooks and tried to look into this with a fresh head. I think given our previous discussion, I would propose to have only two symmetrical hooks inside FSM for plugins. I would also make rpm to ignore any return code from them now, since there isn't much that we can really do even if they return some failure. FSM_INIT (const char* path, mode_t mode) Called after fsm.Init() has finished, can be used by plugins to get pre-warned that this file will be now installed to filesystem. Currently in msm plugin this hook is used very wrongly in a sense that it attempts to stop the file writing. I am looking forward to change this, but first I would need to resolve the conflict hook problem (see below). However, when the need to do this ugly functionality in this hook goes away, I think plugins might still be able to benefit from the hook or at least for symmetry looks (we do have pre and post hooks for ts and te). FSM_COMMIT (const char* path, mode_t mode) - Called inside fsm.commit(), can be used by plugins to perform file labelling - in the future it would be nice to pass to this hook also fidigest and digestalgo that plugins also can access the digest of the file that got written to fs and do additional labelling (like signing the file based on digest for IMA or smth like this). In addition to these two FSM hooks, we do need a file conflict hook in order to be able to prevent packages rewriting each other files when rpm is run with --replacefiles mode. Previously you mentioned that when the hook is called, signatures of all packages have been already verified, so in principle it should not be a problem to access at this point the info about who signed this particular package that brings this file. However, I can't understand how could it already be verified, if the hook is called inside rpmtsPrepare(). You mentioned that with future changes and introduction of an object we might be able to get needed parameters passed to the hook, but I think I don't understand how it will be working while looking to the code. Could you please explain a bit on this? For FSM hooks, if there are no objections, I can send you a patch tomorrow for a review. Best Regards, Elena.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
