[Rpm-devel] Re: binary rpm package checking

Florian La Roche laroche at redhat.com
Tue Feb 15 07:58:22 UTC 2005

Hello Dag,

I've copied a newer version to http://people.redhat.com/laroche/pyrpm/
It can now also read the cpio data part of rpm packages and has several
items cleaned up. I'd be interested to hear more feedback from python
experts about possibly improvements. ;-)

The "--strict" option should only be used for Fedora Core development

> I've ran it on about 28000 packages, mostly unknown tag values:
> 	unknown distribution: Dag Apt Repository for Red Hat 7.3
> 	unknown packager: Dries Verachtert <dries at ulyssis.org>
> 	unknown vendor: Dag Apt Repository, http://dag.wieers.com/apt/

Yepp, content check for "--strict" not useful for non-FC-devel.

> However it also triggered a problem:
> 	ValueError: amavisd-new-milter-2.2.0-2.0.rh8.test.i386.rpm: wrong data in rpm lead
> 	Traceback (most recent call last):
> 	  File "./pyrpm.py", line 676, in ?
> 	    verifyAllRpms()
> 	  File "./pyrpm.py", line 657, in verifyAllRpms
> 	    rpm = verifyRpm(a, legacy)
> 	  File "./pyrpm.py", line 583, in verifyRpm
> 	    if rpm.readHeader():
> 	  File "./pyrpm.py", line 308, in readHeader
> 	    self.parseLead(leaddata)
> 	  File "./pyrpm.py", line 110, in parseLead
> 	    self.raiseErr("wrong data in rpm lead")
> 	  File "./pyrpm.py", line 59, in raiseErr
> 	    raise ValueError, "%s: %s" % (self.filename, err)
> on files like:
> 	perl-Tk-804.026-1.rhfc1.test.i386.rpm
> 	amavisd-new-2.2.0-2.0.rh8.test.i386.rpm
> 	xpde-0.4.0-1.1.fc2.test.i386.rpm
> Fortunately all of these have been renamed files where the repotag has 
> been changed to 'test'. Something I frequently do after a package didn't 
> go through QA but was still worth distributing.

Should also not be happen without the "--strict" option.

> After a while, when it started with kernel-module packages, I got this:
> 	ValueError: kernel-module-ov511-2.25-0_2.4.20_20.9.dag.rh90.i686.rpm: unknown prog: ['/sbin/depmod', '-ae']
> 	Traceback (most recent call last):
> 	  File "./pyrpm.py", line 676, in ?
> 	    verifyAllRpms()
> 	  File "./pyrpm.py", line 663, in verifyAllRpms
> 	    rrpm = RRpm(rpm)
> 	  File "./pyrpm.py", line 509, in __init__
> 	    (self.post, self.postprog) = rpm.getScript("postin", "postinprog")
> 	  File "./pyrpm.py", line 415, in getScript
> 	    self.raiseErr("unknown prog: %s" % prog)
> 	  File "./pyrpm.py", line 59, in raiseErr
> 	    raise ValueError, "%s: %s" % (self.filename, err)
> These messages are printed for each package. The command I ran was:
> 	find /dar/packages/ -type f -name "*.rpm" | xargs -i ./pyrpm.py --strict '{}' \; | grep -vE 'unknown (packager|vendor|distribution)' | sort | uniq -c
> I ended it after a lot of these 'errors'. Is the traceback intentional ?

I should change the tracebacks into errors only, so that you can still
enable this option and look at the items we would not like to have in

Thanks for running this test. Looks like the rpm parser is stable enough
for existing packages and we mostly deal with the "noise" the parser is
also checking right now.


Florian La Roche

More information about the fedora-devel-list mailing list