Don't run plugins on src.rpm unpacking

dmnks · dmnks · commit 0f70f86ea0a3 · 2024-12-04T17:55:23.000+01:00
Source packages aren't really "installed", just unpacked, and plugins
are by design meant for transactions, so disable the tsm/fsm/psm and
scriptlet hooks for those.

Note that the init and cleanup hooks will still run, those are supposed
to only do reversible actions such as opening and closing files, and we
wouldn't avoid them if there was a binary package supplied on the rpm -i
command line anyway.

This fixes, in particular, src.rpm installations done by a regular user
(a common case) on systems with a plugin that requires root privileges,
such as the ima plugin, which would otherwise cause a spurious warning
or even failure (see RhBug:2316785).

Extending rpmtsPlugins() here would be nicer but it's public API so just
add a static wrapper.

Reuse the plugin development test, we don't have anything better at the
moment and it does the job well.
diff --git a/lib/fsm.cc b/lib/fsm.cc
@@ -875,13 +875,21 @@ static rpmfi fsmIterFini(rpmfi fi, struct diriter_s *di)
     return rpmfiFree(fi);
 }
 
+static rpmPlugins fsmPlugins(rpmts ts, rpmte te)
+{
+    if (headerIsSource(rpmteHeader(te)))
+	return NULL;
+    else
+	return rpmtsPlugins(ts);
+}
+
 int rpmPackageFilesInstall(rpmts ts, rpmte te, rpmfiles files,
               rpmpsm psm, char ** failedFile)
 {
     FD_t payload = rpmtePayload(te);
     rpmfi fi = NULL;
     rpmfs fs = rpmteGetFileStates(te);
-    rpmPlugins plugins = rpmtsPlugins(ts);
+    rpmPlugins plugins = fsmPlugins(ts, te);
     int rc = 0;
     int fx = -1;
     int fc = rpmfilesFC(files);
@@ -1123,7 +1131,7 @@ int rpmPackageFilesRemove(rpmts ts, rpmte te, rpmfiles files,
     struct diriter_s di = { -1, -1 };
     rpmfi fi = fsmIter(NULL, files, RPMFI_ITER_BACK, &di);
     rpmfs fs = rpmteGetFileStates(te);
-    rpmPlugins plugins = rpmtsPlugins(ts);
+    rpmPlugins plugins = fsmPlugins(ts, te);
     int fc = rpmfilesFC(files);
     int fx = -1;
     struct filedata_s *fdata = (struct filedata_s *)xcalloc(fc, sizeof(*fdata));
diff --git a/tests/rpmdevel.at b/tests/rpmdevel.at
@@ -43,6 +43,9 @@ runroot rpmbuild --quiet -bb \
 	/data/SPECS/simple.spec \
 	/data/SPECS/fakeshell.spec
 
+runroot rpmbuild --quiet -bs \
+	/data/SPECS/simple.spec
+
 runroot rpm -U /build/RPMS/noarch/fakeshell-1.0-1.noarch.rpm
 
 cmake /data/debugplugin && make && make install DESTDIR=${RPMTEST}
@@ -70,5 +73,14 @@ debug_psm_post: simple-1.0-1.noarch:0
 debug_tsm_post: 0
 debug_cleanup
 ])
-RPMTEST_CLEANUP
 
+RPMTEST_CHECK([
+runroot rpm -i /build/SRPMS/simple-1.0-1.src.rpm
+],
+[0],
+[],
+[debug_init
+debug_cleanup
+])
+
+RPMTEST_CLEANUP
