Re: [Rpm-maint] [PATCH 3/3] plugins: Pass rpmte to scriptlet_pre and call IMA plugin in this hook

2016-09-21 Thread Panu Matilainen 

On 09/21/2016 10:21 PM, Panu Matilainen wrote:

On 09/21/2016 09:14 PM, Stefan Berger wrote:

Stefan Berger  wrote on 09/21/2016 02:04:08
PM:


From: Stefan Berger 
To: rpm-maint@lists.rpm.org
Cc: fionnuala.gun...@gmail.com, stef...@linux.vnet.ibm.com,
zo...@linux.vnet.ibm.com, Stefan Berger/Watson/IBM@IBMUS
Date: 09/21/2016 02:04 PM
Subject: [PATCH 3/3] plugins: Pass rpmte to scriptlet_pre and call
IMA plugin in this hook

The IMA plugin needs to also be called before the post installation
scriptlet is run. The reason for this is that some post installation
scriptlets invoke the tools that were just installed. The invocatin
fails, if the signatures have not been applied, yet. Therefore, we
invoke the IMA plugin with the scriptlet_pre hook.

To be able to do the work in the scriptlet_pre hook, we also need to
pass the tpmte parameter all the way through.

An example for an RPM that invokes its own programs is coreutils,
which will invoke /bin/mv in the post installation script.

Signed-off-by: Stefan Berger 
---
 lib/rpmplugin.h   |  3 ++-
 lib/rpmplugins.c  |  5 +++--
 lib/rpmplugins.h  |  3 ++-
 lib/rpmscript.c   |  5 +++--
 lib/rpmscript.h   |  3 ++-
 lib/transaction.c |  2 +-
 plugins/ima.c | 10 ++
 7 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/lib/rpmplugin.h b/lib/rpmplugin.h
index fd81aec..98205db 100644
--- a/lib/rpmplugin.h
+++ b/lib/rpmplugin.h
@@ -44,7 +44,8 @@ typedef rpmRC (*plugin_tsm_post_func)(rpmPlugin
plugin, rpmts ts, int res);
 typedef rpmRC (*plugin_psm_pre_func)(rpmPlugin plugin, rpmte te);
 typedef rpmRC (*plugin_psm_post_func)(rpmPlugin plugin, rpmte te, int

res);

 typedef rpmRC (*plugin_scriptlet_pre_func)(rpmPlugin plugin,
-  const char *s_name, int type);
+  const char *s_name, int type,
+  rpmte te);



I am obviously modifying a public interface here. This modification does
no harm to other plugins living in the rpm git tree since none of them is
called in this callback hook. Are there any plugins that live outside the
tree that would now not compile anymore? Another solution would be to
introduce a plugin_scriptlet_pre_te_func.



rpmplugin.h is not a public header, the whole plugin interface has been
kept "rpm internal" to allow changing things while it matures. That's
not a (big) problem.

What I do object to is passing the transaction element to
rpmScriptRun(). The scriptlet running machinery is intentionally
disconnected from the higher level objects such as transaction elements.
There were reasons for that, I just dont remember the details anymore,
doh :) *One* of the reasons is that not all scriptlets execute in a
context of a transaction element (think of triggers from installed
packages).

A new plugin hook is probably more appropriate. Or a pair of them - as
you might have noticed they try to stick to symmetry. What the hook(s)
should be called etc I've no clue ATM and its getting late here...


Having slept over it, how about a pair of hooks that execute just before 
and just after files are unpacked or erased. Basically FsmPre and 
FsmPost with similar semantics as all the other hook pairs. So the psm 
patch might look something like this:


--- a/lib/psm.c
+++ b/lib/psm.c
@@ -586,11 +586,14 @@ static rpmRC rpmpsmUnpack(rpmpsm psm)
 rpmpsmNotify(psm, RPMCALLBACK_INST_PROGRESS, 0);

 if (!(rpmtsFlags(psm->ts) & RPMTRANS_FLAG_JUSTDB)) {
-   if (rpmfilesFC(psm->files) > 0) {
+
+   fsmrc = rpmpluginsCallFsmPre(rpmtsPlugins(psm->ts), ...);
+   if (!fsmrc && rpmfilesFC(psm->files) > 0) {
fsmrc = rpmPackageFilesInstall(psm->ts, psm->te, psm->files,
   psm, );
saved_errno = errno;
}
+   rpmpluginsCallFsmPost(rpmtsPlugins(psm->ts), ..., fsmrc);
 }

 /* XXX make sure progress reaches 100% */
@@ -627,10 +630,12 @@ static rpmRC rpmpsmRemove(rpmpsm psm)

 /* XXX should't we log errors from here? */
 if (!(rpmtsFlags(psm->ts) & RPMTRANS_FLAG_JUSTDB)) {
-   if (rpmfilesFC(psm->files) > 0) {
+   fsmrc = rpmpluginsCallFsmPre(rpmtsPlugins(psm->ts), ...)
+   if (!fsmrc && rpmfilesFC(psm->files) > 0) {
fsmrc = rpmPackageFilesRemove(psm->ts, psm->te, psm->files,
  psm, );
}
+   rpmpluginsCallFsmPost(rpmtsPlugins(psm->ts), ..., fsmrc)
 }
 /* XXX make sure progress reaches 100% */
 rpmpsmNotify(psm, RPMCALLBACK_UNINST_PROGRESS, psm->total);
(END)

As for the other arguments to the hooks, passing psm->te and psm->files 
would not seem unreasonable to me, in this context there's no ambiguity 
or other such issues that I can tell. One open question is whether 
FsmPre and Post should get called for packages with no files (so 
psm->files is NULL). The file-level hooks obviously will not get called 
in that case but it might be useful to have

Re: [Rpm-maint] [PATCH 3/3] plugins: Pass rpmte to scriptlet_pre and call IMA plugin in this hook

2016-09-21 Thread Panu Matilainen 

On 09/21/2016 09:14 PM, Stefan Berger wrote:

Stefan Berger  wrote on 09/21/2016 02:04:08
PM:


From: Stefan Berger 
To: rpm-maint@lists.rpm.org
Cc: fionnuala.gun...@gmail.com, stef...@linux.vnet.ibm.com,
zo...@linux.vnet.ibm.com, Stefan Berger/Watson/IBM@IBMUS
Date: 09/21/2016 02:04 PM
Subject: [PATCH 3/3] plugins: Pass rpmte to scriptlet_pre and call
IMA plugin in this hook

The IMA plugin needs to also be called before the post installation
scriptlet is run. The reason for this is that some post installation
scriptlets invoke the tools that were just installed. The invocatin
fails, if the signatures have not been applied, yet. Therefore, we
invoke the IMA plugin with the scriptlet_pre hook.

To be able to do the work in the scriptlet_pre hook, we also need to
pass the tpmte parameter all the way through.

An example for an RPM that invokes its own programs is coreutils,
which will invoke /bin/mv in the post installation script.

Signed-off-by: Stefan Berger 
---
 lib/rpmplugin.h   |  3 ++-
 lib/rpmplugins.c  |  5 +++--
 lib/rpmplugins.h  |  3 ++-
 lib/rpmscript.c   |  5 +++--
 lib/rpmscript.h   |  3 ++-
 lib/transaction.c |  2 +-
 plugins/ima.c | 10 ++
 7 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/lib/rpmplugin.h b/lib/rpmplugin.h
index fd81aec..98205db 100644
--- a/lib/rpmplugin.h
+++ b/lib/rpmplugin.h
@@ -44,7 +44,8 @@ typedef rpmRC (*plugin_tsm_post_func)(rpmPlugin
plugin, rpmts ts, int res);
 typedef rpmRC (*plugin_psm_pre_func)(rpmPlugin plugin, rpmte te);
 typedef rpmRC (*plugin_psm_post_func)(rpmPlugin plugin, rpmte te, int

res);

 typedef rpmRC (*plugin_scriptlet_pre_func)(rpmPlugin plugin,
-  const char *s_name, int type);
+  const char *s_name, int type,
+  rpmte te);



I am obviously modifying a public interface here. This modification does
no harm to other plugins living in the rpm git tree since none of them is
called in this callback hook. Are there any plugins that live outside the
tree that would now not compile anymore? Another solution would be to
introduce a plugin_scriptlet_pre_te_func.



rpmplugin.h is not a public header, the whole plugin interface has been 
kept "rpm internal" to allow changing things while it matures. That's 
not a (big) problem.


What I do object to is passing the transaction element to 
rpmScriptRun(). The scriptlet running machinery is intentionally 
disconnected from the higher level objects such as transaction elements. 
There were reasons for that, I just dont remember the details anymore, 
doh :) *One* of the reasons is that not all scriptlets execute in a 
context of a transaction element (think of triggers from installed 
packages).


A new plugin hook is probably more appropriate. Or a pair of them - as 
you might have noticed they try to stick to symmetry. What the hook(s) 
should be called etc I've no clue ATM and its getting late here...


- Panu -

- Panu -

___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [PATCH 3/3] plugins: Pass rpmte to scriptlet_pre and call IMA plugin in this hook

2016-09-21 Thread Stefan Berger 
Stefan Berger  wrote on 09/21/2016 02:04:08 
PM:

> From: Stefan Berger 
> To: rpm-maint@lists.rpm.org
> Cc: fionnuala.gun...@gmail.com, stef...@linux.vnet.ibm.com, 
> zo...@linux.vnet.ibm.com, Stefan Berger/Watson/IBM@IBMUS
> Date: 09/21/2016 02:04 PM
> Subject: [PATCH 3/3] plugins: Pass rpmte to scriptlet_pre and call 
> IMA plugin in this hook
> 
> The IMA plugin needs to also be called before the post installation
> scriptlet is run. The reason for this is that some post installation
> scriptlets invoke the tools that were just installed. The invocatin
> fails, if the signatures have not been applied, yet. Therefore, we
> invoke the IMA plugin with the scriptlet_pre hook.
> 
> To be able to do the work in the scriptlet_pre hook, we also need to
> pass the tpmte parameter all the way through.
> 
> An example for an RPM that invokes its own programs is coreutils,
> which will invoke /bin/mv in the post installation script.
> 
> Signed-off-by: Stefan Berger 
> ---
>  lib/rpmplugin.h   |  3 ++-
>  lib/rpmplugins.c  |  5 +++--
>  lib/rpmplugins.h  |  3 ++-
>  lib/rpmscript.c   |  5 +++--
>  lib/rpmscript.h   |  3 ++-
>  lib/transaction.c |  2 +-
>  plugins/ima.c | 10 ++
>  7 files changed, 23 insertions(+), 8 deletions(-)
> 
> diff --git a/lib/rpmplugin.h b/lib/rpmplugin.h
> index fd81aec..98205db 100644
> --- a/lib/rpmplugin.h
> +++ b/lib/rpmplugin.h
> @@ -44,7 +44,8 @@ typedef rpmRC (*plugin_tsm_post_func)(rpmPlugin 
> plugin, rpmts ts, int res);
>  typedef rpmRC (*plugin_psm_pre_func)(rpmPlugin plugin, rpmte te);
>  typedef rpmRC (*plugin_psm_post_func)(rpmPlugin plugin, rpmte te, int 
res);
>  typedef rpmRC (*plugin_scriptlet_pre_func)(rpmPlugin plugin,
> -  const char *s_name, int type);
> +  const char *s_name, int type,
> +  rpmte te);


I am obviously modifying a public interface here. This modification does 
no harm to other plugins living in the rpm git tree since none of them is 
called in this callback hook. Are there any plugins that live outside the 
tree that would now not compile anymore? Another solution would be to 
introduce a plugin_scriptlet_pre_te_func.

   Stefan


___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint