rpm packages not part of core
Bret Hughes
bhughes at elevating.com
Thu Nov 13 09:07:14 UTC 2003
On Thu, 2003-11-13 at 02:25, Panu Matilainen wrote:
> On 13 Nov 2003, Alexandre Oliva wrote:
>
> > On Nov 12, 2003, Bret Hughes <bhughes at elevating.com> wrote:
> >
> > > Any thoughts on a way to approach this?
> >
> > Remove any non-Core entries from /etc/sysconfig/rhn/sources, then run
> > up2date --show-orphans. The one thing I'm not sure is whether this
> > will let you know about packages that are present in the Core but that
> > have been upgraded to versions that are not in the Core.
>
> Alternatively something like this will get you the same result without
> fiddling with configuration:
> rpm -qa --qf "%{NAME} %{PACKAGER}\n"|grep -v "Red Hat"
>
I thought about that but that could be spoofed pretty easily could it
not? The program I wrote does not require any config file changes nor
does it require network access. it takes all but about 4 of the
querytags returned by rpm --querytags and uses them as the queryformat
and compares it to the same query against the rpmdb-fedora database.
This is still not perfect but it does include gpg signatures file sizes
and stuff like that that should be more difficult to spoof. Anyone can
build a package with the packager and machine name spoofed.
Bret
More information about the fedora-list
mailing list