Several points:
1) Your check for repackaged packages is what is running afoul of (what is
obscurely known as) a "dribble", a tag appended to an immutable region, which
is commonly found in repackaged packages (with a doubly linked upgrade chain
tag appended) and in rpmdb headers (signature tags, and local installation
data). You are correct that no *.rpm file has ever had a "dribble" appended,
but there is nothing in a Header that prevents a "dribble" from being used.
2) headerReload() @rpm5.org does more than copy tags into a contiguous malloc.
In fact, an anonymous mmap(2) is used, and mprotect(2) PROT_READ is done to
prevent *all* changes to *any* header data returned as a pointer to the user.
This also makes the pages used to store a Header RO, eliminates the silliness
of HEADER_MINMEM permitting access directly into header data, and (as side
effect) stops the overhead of swabbing all integer data on every headerLoad.
Instead, data is swabbed during headerGet() returned as a malloc'd copy, to
itemize just a few of the differences that prevent reasoning about the behavior
from an identically named "headerReload" symbol.
3) RPMSIGTAG_PADDING can be used not only to reserve space for signatures, but
also to insert block alignment between signature <-> metadata headers (useful
for byte ranged HTTP), and (if also appended to the metadata header( between
metadata <-> payload. Of course having the ability to do HTTP byte range
retrievals suffers from "legacy compatibility" in a sense (backward
compatibility is ensured by the format, but the "feature" cannot be assumed to
exist in any given *.rpm without some other test).
There are yet other reasons to use a "dribble" in a *.rpm package, including
unifying (by nesting immutable regions) signature <-> metadata Header's into a
single blob.
Details are left in my imagination ;-)
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/270#issuecomment-348754764
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint