binary rpm package checking

Dag Wieers dag at wieers.com
Tue Feb 15 01:16:40 UTC 2005 

On Sat, 29 Jan 2005, Florian La Roche wrote:

> This is a start to check binary rpm packages for consistency.
> Right now mostly the rpm header is checked to get a feeling
> how much "strange" binary rpm packages might be out there.
> It has two modes of checking, one for the current Fedora Development
> tree with more strict checks and a more relaxed one that should
> work for all existing rpm packages, also other distributions.
> 
> I'd be interested to get feedback on what output is generated
> for rpm addon expositories and non - Red Hat distributions
> if the script generates warning messages.
> At least for Fedora Core only very few rpm tags are actually
> used in the rpm header.
> 
> Examples usage:
> ./pyrpm.py --strict /mirror/fedora/development/i386/Fedora/RPMS/*.rpm
> 
> Checking all rpms:
> locate .rpm | xargs ./pyrpm.py
> find /mirror/linux -name "*.rpm" -type f -print0 2>/dev/null |
> 	xargs -0 ./pyrpm.py

Hi Florian,

I've ran it on about 28000 packages, mostly unknown tag values:

	unknown distribution: Dag Apt Repository for Red Hat 7.3
	unknown packager: Dries Verachtert <dries at ulyssis.org>
	unknown vendor: Dag Apt Repository, http://dag.wieers.com/apt/

However it also triggered a problem:

	ValueError: amavisd-new-milter-2.2.0-2.0.rh8.test.i386.rpm: wrong data in rpm lead
	Traceback (most recent call last):
	  File "./pyrpm.py", line 676, in ?
	    verifyAllRpms()
	  File "./pyrpm.py", line 657, in verifyAllRpms
	    rpm = verifyRpm(a, legacy)
	  File "./pyrpm.py", line 583, in verifyRpm
	    if rpm.readHeader():
	  File "./pyrpm.py", line 308, in readHeader
	    self.parseLead(leaddata)
	  File "./pyrpm.py", line 110, in parseLead
	    self.raiseErr("wrong data in rpm lead")
	  File "./pyrpm.py", line 59, in raiseErr
	    raise ValueError, "%s: %s" % (self.filename, err)

on files like:

	perl-Tk-804.026-1.rhfc1.test.i386.rpm
	amavisd-new-2.2.0-2.0.rh8.test.i386.rpm
	xpde-0.4.0-1.1.fc2.test.i386.rpm

Fortunately all of these have been renamed files where the repotag has 
been changed to 'test'. Something I frequently do after a package didn't 
go through QA but was still worth distributing.

After a while, when it started with kernel-module packages, I got this:

	ValueError: kernel-module-ov511-2.25-0_2.4.20_20.9.dag.rh90.i686.rpm: unknown prog: ['/sbin/depmod', '-ae']
	Traceback (most recent call last):
	  File "./pyrpm.py", line 676, in ?
	    verifyAllRpms()
	  File "./pyrpm.py", line 663, in verifyAllRpms
	    rrpm = RRpm(rpm)
	  File "./pyrpm.py", line 509, in __init__
	    (self.post, self.postprog) = rpm.getScript("postin", "postinprog")
	  File "./pyrpm.py", line 415, in getScript
	    self.raiseErr("unknown prog: %s" % prog)
	  File "./pyrpm.py", line 59, in raiseErr
	    raise ValueError, "%s: %s" % (self.filename, err)

These messages are printed for each package. The command I ran was:

	find /dar/packages/ -type f -name "*.rpm" | xargs -i ./pyrpm.py --strict '{}' \; | grep -vE 'unknown (packager|vendor|distribution)' | sort | uniq -c

I ended it after a lot of these 'errors'. Is the traceback intentional ?

Kind regards,
--   dag wieers,  dag at wieers.com,  http://dag.wieers.com/   --
[all I want is a warm bed and a kind word and unlimited power]

More information about the fedora-devel-list mailing list