Request for Comments: updating RPMs using binary deltas

Ian Pilcher i.pilcher at comcast.net
Sun Jan 25 13:00:26 UTC 2004 

Toshio wrote:
> So you're saying the SuSE method copies the files from
> foo-1.0-2.Patch-RPM into the file system and then modifies the rpm
> database to think it has foo-1.0-2.rpm installed?  If so I instinctively
> dislike it because it changes the idea that installing _package_
> foo-1.0-2 is the way I add foo-1.0-2 to the rpm db.  (Correct me, but I
> think even --justdb only operates on packages.)

As I envision it, the patch would include metadata identifying the
prior versions to which it could be applied.  Based on this, the
patching tool would identify the files that are going to be replaced
and handle them like a normal RPM upgrade -- but only if all other files
in the installed RPM pass "rpm -V"-style verification.

I'll try to construct an example.  Assume that three previous versions
of package "foo" have been released.  The first version only contained
the executable.

   foo-0.1-1.i386.rpm:

     /bin/foo [v1]

The package was updated to include the man page (the executable did not
change):

   foo-0.1-2.i386.rpm

     /bin/foo [v1]
     /usr/share/man/man1/foo.1.gz [v1]

Version 0.2 of foo was released (the executable changed, but the man
page did not):

   foo-0.2-1.i386.rpm

     /bin/foo [v2]
     /usr/share/man/man1/foo.1.gz [v1]

A day later, a critical security flaw is discovered in foo, and a new
RPM is created with a patched version:

   foo-0.2-1.1.i386.rpm

     /bin/foo [v3]
     /usr/share/man/man1/foo.1.gz [1]

A patch RPM, containing only the updated executable, could be applied to
foo-0.1-2 or foo-0.2-1 (either way, you end up with v3 of the executable
and v1 of the man page); it could not be applied to the original
package, because the man page would be missing and the result would not
be the same as if foo-0.2-1.1.i386.rpm had been installed.

There may be a flaw in my logic, but I think that the algorighm is
valid.

Kernel packages are an interesting twist, because they're actually
installed side-by-side, rather than upgraded.  The same logic should
still apply, though; the patch tool would just have to copy a bunch of
files.

> That's partially a knee-jerk reaction, though.  Perhaps discussion of
> the merits or deficiencies of the SuSE method belongs on rpm-list where
> people more involved with the future of rpm would comment? 

Good luck with that.  I've given up on ever getting a straight answer
about rpmlib out of anyone.

-- 
========================================================================
Ian Pilcher                                        i.pilcher at comcast.net
========================================================================

More information about the fedora-devel-list mailing list