Ticket #106 (new defect)

Opened 5 years ago

Last modified 3 years ago

Writes to Name database on querying a package

Reported by: nijel Assigned to: pmatilai
Priority: major Milestone:
Component: rpm Version: RPM Development
Keywords: Cc:

Description

Command "rpm -qp hello-1.0-1.i386.rpm" with not /var/lib/rpm/Name results in writing to file or with an error message if user does not have privileges to do that. Is it really necessary access this database on querying package?

Change History

11/08/11 09:03:53 changed by akozumpl

With RPM 4.9.90 it seems one only needs read permissions for the db to query a not installed package. Will look into why.

11/14/11 15:04:42 changed by akozumpl

What I am seeing with no read permissions on /var/lib/rpm:

$ rpm -qp foo-1.0-1.noarch.rpm
error: cannot open Packages index using db5 - Permission denied (13)
error: cannot open Packages database in /var/lib/rpm
foo-1.0-1.noarch

Debugging this I have found it to be caused by trying to read the keyring from the database before it is clear that this will be necessary. For instance in the case of the package above, it only needs MD5 digest verification and RPM won't use the keyring for anything.

The might be loading the keyring lazily when it is clear we need to read values of it, or perhaps disabling outputting the database access permission errors.