arr-pm 0.0.10 → 0.0.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 60fcb2287ddbb0f718255da5beb0033d9459be16
-  data.tar.gz: 1586517c23d99e2c5dead4a45128cfd49c9ff87c
+SHA256:
+  metadata.gz: 1b18d6ce9e276f133f3456d3f680c9727936e0be921d1f2492f9541aeefcbca9
+  data.tar.gz: d5bca7b579c4ff1f28b411a0d5195a83d34c023a749d563cbc95b9cb0bb5716b
 SHA512:
-  metadata.gz: e44130d06daa88d4b84b0c800fb54dd8ca8cb4f0b75185c98e450e6b241d30fe666e4a491c6a8113c837d162b95783dcd805c293b1af5fc0d99b2e74ad86eb30
-  data.tar.gz: 1c7b02c83d66bcc5964faeeab66b3cc179acda31225039ba60ef0e05311ab9824887830e2ee568ef7946e18d594b274e11141fde2b92eb4a3418c3b85123abd0
+  metadata.gz: 58e476d730ac09d22ea1ee60cf463f3cc26b4cb3cc99f1f8b44d7cd323084d3ca1208a550b069f56afb2414759b9f3e5475716dfee0f2363ae5a10dc0235ae38
+  data.tar.gz: 361d8dfca458258a617e71153ff8e757c4f8963abe5d07d9020a120407f52059a2f3b8bd0a3e2495f9764a2cc02f18d4755d2ba532f670d16c1adfc3eb85a3cb

data/CHANGELOG.md

@@ -0,0 +1,18 @@
+
+
+# v0.0.12
+
+* Security: Fixed a safety problem which would allow for arbitrary shell execution when invoking `RPM::File#extract` or `RPM::File#files`. (Jordan Sissel, @joernchen; #14, #15)
+* This library now has no external dependencies. (Jordan Sissel, #18)
+* `RPM::File#extract` now correctly works when the target directory contains spaces or other special characters. (@joernchen, #19)
+* Listing files (`RPM::File#files`) no longer requires external tools like `cpio` (Jordan Sissel, #17)
+
+
+# v0.0.11
+
+* Support Ruby 3.0 (Alexey Morozov, #12)
+* Fix bug caused when listing config_files on an rpm with no config files. (Daniel Jay Haskin, #7)
+
+# Older versions
+
+Changelog not tracked for older versions.

data/arr-pm.gemspec

@@ -2,14 +2,13 @@ Gem::Specification.new do |spec|
   files = %x{git ls-files}.split("\n")
 
   spec.name = "arr-pm"
-  spec.version = "0.0.10"
+  spec.version = "0.0.12"
   spec.summary = "RPM reader and writer library"
   spec.description = "This library allows to you to read and write rpm " \
     "packages. Written in pure ruby because librpm is not available " \
     "on all systems"
   spec.license = "Apache 2"
 
-  spec.add_dependency "cabin", ">0" # for logging. apache 2 license
   spec.files = files
   spec.require_paths << "lib"
   spec.bindir = "bin"
@@ -18,6 +17,9 @@ Gem::Specification.new do |spec|
   spec.email = ["jls@semicomplete.com"]
 
   spec.add_development_dependency "flores", ">0"
+  spec.add_development_dependency "rspec", ">3.0.0"
+  spec.add_development_dependency "stud", ">=0.0.23"
+  spec.add_development_dependency "insist", ">=1.0.0"
   #spec.homepage = "..."
 end
 

data/lib/arr-pm/file/header.rb

@@ -1,9 +1,7 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "..", "namespace"))
 require File.join(File.dirname(__FILE__), "tag")
-require "cabin"
 
 class RPM::File::Header
-  include Cabin::Inspectable
   attr_reader :tags
   attr_reader :length
 
@@ -12,16 +10,8 @@ class RPM::File::Header
   attr_accessor :data_length  # rpmlib calls this field 'dl' unhelpfully
 
   HEADER_SIGNED_TYPE = 5
-  
-  if RUBY_VERSION =~ /^2\./
-    # Ruby 2 forces all strings to be UTF-8, so "\x01" becomes "\u0001"
-    # which is two bytes 00 01 which is not what we want. I can't find
-    # a sane way to create a string without this madness in Ruby 2,
-    # so let's just pack two 4-byte integers and go about our day.
-    HEADER_MAGIC = [0x8eade801, 0x00000000].pack("NN")
-  else
-    HEADER_MAGIC = "\x8e\xad\xe8\x01\x00\x00\x00\x00"
-  end
+  HEADER_MAGIC = "\x8e\xad\xe8\x01\x00\x00\x00\x00".force_encoding("BINARY")
+
   # magic + index_count + data_length
   HEADER_HEADER_LENGTH = HEADER_MAGIC.length + 4 + 4
   TAG_ENTRY_SIZE = 16 # tag id, type, offset, count == 16 bytes

data/lib/arr-pm/file/lead.rb

@@ -1,8 +1,6 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "..", "namespace"))
-require "cabin"
 
 class RPM::File::Lead
-  include Cabin::Inspectable
 
   #struct rpmlead {
   attr_accessor :magic #unsigned char magic[4];

data/lib/arr-pm/file/tag.rb

@@ -1,8 +1,6 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "..", "namespace"))
-require "cabin"
 
 class RPM::File::Tag
-  include Cabin::Inspectable
 
   attr_accessor :tag
   attr_accessor :type

data/lib/arr-pm/file.rb

@@ -3,6 +3,7 @@ require File.join(File.dirname(__FILE__), "file", "header")
 require File.join(File.dirname(__FILE__), "file", "lead")
 require File.join(File.dirname(__FILE__), "file", "tag")
 require "fcntl"
+require "shellwords"
 
 # Much of the code here is derived from knowledge gained by reading the rpm
 # source code, but mostly it started making more sense after reading this site:
@@ -88,6 +89,14 @@ class RPM::File
     return @payload
   end # def payload
 
+  def valid_compressor?(name)
+    # I scanned rpm's rpmio.c for payload implementation names and found the following.
+    #    sed -rne '/struct FDIO_s \w+ *= *\{/{ n; s/^.*"(\w+)",$/\1/p }' rpmio/rpmio.c
+    # It's possible this misses some supported rpm payload compressors.
+
+    [ "gzip", "bzip2", "xz", "lzma", "zstd" ].include?(name)
+  end
+
   # Extract this RPM to a target directory.
   #
   # This should have roughly the same effect as:
@@ -97,8 +106,13 @@ class RPM::File
     if !File.directory?(target)
       raise Errno::ENOENT.new(target)
     end
+
+    compressor = tags[:payloadcompressor]
+    if !valid_compressor?(compressor)
+      raise "Cannot decompress. This RPM uses an invalid compressor '#{compressor}'"
+    end
     
-    extractor = IO.popen("#{tags[:payloadcompressor]} -d | (cd #{target}; cpio -i --quiet --make-directories)", "w")
+    extractor = IO.popen("#{compressor} -d | (cd #{Shellwords.escape(target)}; cpio -i --quiet --make-directories)", "w")
     buffer = ""
     begin
         buffer.force_encoding("BINARY")
@@ -179,10 +193,12 @@ class RPM::File
     results = []
     # short-circuit if there's no :fileflags tag
     return results unless tags.include?(:fileflags)
-    tags[:fileflags].each_with_index do |flag, i|
-      # The :fileflags (and other :file... tags) are an array, in order of
-      # files in the rpm payload, we want a list of paths of config files.
-      results << files[i] if mask?(flag, FLAG_CONFIG_FILE)
+    if !tags[:fileflags].nil?
+      tags[:fileflags].each_with_index do |flag, i|
+        # The :fileflags (and other :file... tags) are an array, in order of
+        # files in the rpm payload, we want a list of paths of config files.
+        results << files[i] if mask?(flag, FLAG_CONFIG_FILE)
+      end
     end
     return results
   end # def config_files
@@ -193,49 +209,13 @@ class RPM::File
   # 
   #   % rpm2cpio blah.rpm | cpio -it
   def files
-    return @files unless @files.nil?
-
-    lister = IO.popen("#{tags[:payloadcompressor]} -d | cpio -it --quiet", "r+")
-    buffer = ""
-    begin
-        buffer.force_encoding("BINARY")
-    rescue NoMethodError
-        # Do Nothing
-    end
-    payload_fd = payload.clone
-    output = ""
-    loop do
-      data = payload_fd.read(16384, buffer)
-      break if data.nil? # listerextractor.write(data)
-      lister.write(data)
-
-      # Read output from the pipe.
-      begin
-        output << lister.read_nonblock(16384)
-      rescue Errno::EAGAIN
-        # Nothing to read, move on!
-      end
-    end
-    lister.close_write
-
-    # Read remaining output
-    begin
-      output << lister.read
-    rescue Errno::EAGAIN
-      # Because read_nonblock enables NONBLOCK the 'lister' fd,
-      # and we may have invoked a read *before* cpio has started
-      # writing, let's keep retrying this read until we get an EOF
-      retry
-    rescue EOFError
-      # At EOF, hurray! We're done reading.
-    end
-
-    # Split output by newline and strip leading "."
-    @files = output.split("\n").collect { |s| s.gsub(/^\./, "") }
-    return @files
-  ensure
-    lister.close unless lister.nil?
-    payload_fd.close unless payload_fd.nil?
+    # RPM stores the file metadata split across multiple tags.
+    # A single path's filename (with no directories) is stored in the "basename" tag.
+    # The directory a file lives in is stored in the "dirnames" tag
+    # We can find out what directory a file is in using the "dirindexes" tag.
+    #
+    # We can join each entry of dirnames and basenames to make the full filename.
+    return tags[:basenames].zip(tags[:dirindexes]).map { |name, i| File.join(tags[:dirnames][i], name) }
   end # def files
 
   def mask?(value, mask)

data/lib/arr-pm/namespace.rb

@@ -1,3 +1,9 @@
 class RPM
   class File; end
 end
+
+module ArrPM
+  module V2
+    class Package; end
+  end
+end

data/lib/arr-pm/v2/architecture.rb

@@ -0,0 +1,32 @@
+require "arr-pm/namespace"
+
+module ArrPM::V2::Architecture
+
+  NOARCH = 0
+  I386 = 1
+  ALPHA = 2
+  SPARC = 3
+  MIPS = 4
+  PPC = 5
+  M68K = 6
+  IP = 7
+  RS6000 = 8
+  IA64 = 9
+  SPARC64 = 10
+  MIPSEL = 11
+  ARM = 12
+  MK68KMINT = 13
+  S390 = 14
+  S390X = 15
+  PPC64 = 16
+  SH = 17
+  XTENSA = 18
+  X86_64 = 19
+
+  module_function
+
+  # Is a given rpm architecture value valid?
+  def valid?(value)
+    return value >= 0 && value <= 19
+  end
+end

data/lib/arr-pm/v2/error.rb

@@ -0,0 +1,32 @@
+# encoding: utf-8
+
+require "arr-pm/namespace"
+require "arr-pm/v2/format"
+
+module ArrPM::V2::Error
+  class Base < StandardError; end
+
+  class InvalidMagicValue < Base
+    def initialize(value)
+      super("Got invalid magic value '#{value}'. Expected #{ArrPM::V2::Format::MAGIC}.")
+    end
+  end
+
+  class InvalidHeaderMagicValue < Base
+    def initialize(value)
+      super("Got invalid magic value '#{value}'. Expected #{ArrPM::V2::HeaderHeader::MAGIC}.")
+    end
+  end
+
+  class EmptyFile < Base; end
+  class ShortFile < Base; end
+  class InvalidVersion < Base; end
+  class InvalidType < Base
+    def initialize(value)
+      super("Invalid type: #{value.inspect}")
+    end
+  end
+  class InvalidName < Base; end
+  class InvalidArchitecture < Base; end
+
+end

data/lib/arr-pm/v2/format.rb

@@ -0,0 +1,16 @@
+# encoding: utf-8
+
+require "arr-pm/namespace"
+
+module ArrPM::V2::Format
+  MAGIC = [0x8e, 0xad, 0xe8]
+  MAGIC_LENGTH = MAGIC.count
+  MAGIC_STRING = MAGIC.pack("C#{MAGIC_LENGTH}")
+
+  module_function
+  def valid_magic?(magic)
+    magic = magic.bytes if magic.is_a?(String)
+
+    magic == MAGIC
+  end
+end

data/lib/arr-pm/v2/header.rb

@@ -0,0 +1,35 @@
+# encoding: utf-8
+
+require "arr-pm/namespace"
+require "arr-pm/v2/format"
+require "arr-pm/v2/header_header"
+require "arr-pm/v2/tag"
+require "arr-pm/v2/error"
+
+class ArrPM::V2::Header
+  attr_reader :tags
+
+  def load(io)
+    headerheader = ArrPM::V2::HeaderHeader.new
+    headerheader.load(io)
+    headerdata = io.read(headerheader.entries * 16)
+    tagdata = io.read(headerheader.bytesize)
+    parse(headerdata, headerheader.entries, tagdata)
+
+    # signature headers are padded up to an 8-byte boundar, details here:
+    # http://rpm.org/gitweb?p=rpm.git;a=blob;f=lib/signature.c;h=63e59c00f255a538e48cbc8b0cf3b9bd4a4dbd56;hb=HEAD#l204
+    # Throw away the pad.
+    io.read(tagdata.length % 8)
+  end
+
+  def parse(data, entry_count, tagdata)
+    @tags = entry_count.times.collect do |i|
+      tag_number, type_number, offset, count = data[i * 16, 16].unpack("NNNN")
+
+      tag = ArrPM::V2::Tag.new(tag_number, type_number)
+      tag.parse(tagdata, offset, count)
+      tag
+    end
+    nil
+  end
+end

data/lib/arr-pm/v2/header_header.rb

@@ -0,0 +1,36 @@
+# encoding: utf-8
+
+require "arr-pm/namespace"
+require "arr-pm/v2/format"
+require "arr-pm/v2/error"
+
+# The header of an rpm has ... a header. Funky naming :)
+class ArrPM::V2::HeaderHeader
+  MAGIC = [ 0x8e, 0xad, 0xe8 ]
+  MAGIC_LENGTH = MAGIC.count
+
+  attr_accessor :version, :entries, :bytesize
+
+  def load(io)
+    data = io.read(16)
+    parse(data)
+  end
+
+  def parse(data)
+    magic, version, reserved, entries, bytesize = data.unpack("a3Ca4NN")
+    self.class.validate_magic(magic.bytes)
+
+    @version = version
+    @entries = entries
+    @bytesize = bytesize
+    nil
+  end
+
+  def dump
+    [magic, 1, 0, @entries, @bytesize].pack("a3Ca4NN")
+  end
+
+  def self.validate_magic(value)
+    raise ArrPM::V2::Error::InvalidHeaderMagicValue, value if value != MAGIC
+  end
+end

data/lib/arr-pm/v2/lead.rb

@@ -0,0 +1,121 @@
+# encoding: utf-8
+
+require "arr-pm/namespace"
+require "arr-pm/v2/format"
+require "arr-pm/v2/error"
+
+class ArrPM::V2::Lead
+  LENGTH = 96
+  MAGIC = [ 0xed, 0xab, 0xee, 0xdb ]
+  MAGIC_LENGTH = MAGIC.count
+
+  SIGNED_TYPE = 5
+  
+  attr_accessor :major, :minor, :type, :architecture, :name, :os, :signature_type, :reserved
+
+  def validate
+    self.class.validate_type(type)
+    self.class.validate_architecture(architecture)
+    if name.length > 65
+      raise ArrPM::V2::Error::InvalidName, "Name is longer than 65 chracters. This is invalid."
+    end
+  end
+
+  def dump(io)
+    io.write(serialize)
+  end
+
+  def serialize
+    validate
+    [ *MAGIC, major, minor, type, architecture, name, os, signature_type, *reserved ].pack("C4CCnnZ66nnC16")
+  end
+
+  def load(io)
+    data = io.read(LENGTH)
+    parse(data)
+  end
+
+  def parse(bytestring)
+    raise ArrPM::V2::Error::EmptyFile if bytestring.nil?
+    data = bytestring.bytes
+
+    @magic = self.class.parse_magic(data)
+    @major, @minor = self.class.parse_version(data)
+    @type = self.class.parse_type(data)
+    @architecture = self.class.parse_architecture(data)
+    @name = self.class.parse_name(data)
+    @os = self.class.parse_os(data)
+    @signature_type = self.class.parse_signature_type(data)
+    @reserved = self.class.parse_reserved(data)
+    self
+  end
+  
+  def signature?
+    @signature_type == SIGNED_TYPE
+  end
+
+  def self.valid_version?(version)
+    version == 1
+  end
+
+  def self.parse_magic(data)
+    magic = data[0, MAGIC_LENGTH]
+    validate_magic(magic)
+    magic
+  end
+
+  def self.validate_magic(magic)
+    raise ArrPM::V2::Error::InvalidMagicValue, magic unless magic == MAGIC
+  end
+
+  def self.parse_version(data)
+    offset = MAGIC_LENGTH
+    major, minor = data[offset, 2]
+    return major, minor
+  end
+
+  def self.parse_type(data)
+    offset = MAGIC_LENGTH + 2
+    type = data[offset, 2].pack("CC").unpack("n").first
+    validate_type(type)
+    type
+  end
+
+  def self.validate_type(type)
+    raise ArrPM::V2::Error::InvalidType, type unless ArrPM::V2::Type.valid?(type)
+  end
+
+  def self.parse_architecture(data)
+    offset = MAGIC_LENGTH + 4
+    architecture = data[offset, 2].pack("C*").unpack("n").first
+    validate_architecture(architecture)
+    architecture
+  end
+
+  def self.validate_architecture(architecture)
+    raise ArrPM::V2::Error::InvalidArchitecture unless ArrPM::V2::Architecture.valid?(architecture)
+  end
+
+  def self.parse_name(data)
+    offset = MAGIC_LENGTH + 6
+    name = data[offset, 66]
+    length = name.find_index(0) # find the first null byte
+    raise ArrPM::V2::Error::InvalidName unless length
+    return name[0, length].pack("C*")
+  end
+
+  def self.parse_os(data)
+    offset = MAGIC_LENGTH + 72
+    data[offset, 2].pack("C*").unpack("n").first
+  end
+
+  def self.parse_signature_type(data)
+    offset = MAGIC_LENGTH + 74
+    data[offset, 2].pack("C*").unpack("n").first
+  end
+
+  def self.parse_reserved(data)
+    offset = MAGIC_LENGTH + 76
+    data[offset, 16]
+  end
+end

data/lib/arr-pm/v2/package.rb

@@ -0,0 +1,18 @@
+# encoding: utf-8
+
+require "arr-pm/namespace"
+
+class ArrPM::V2::RPM
+  attr_accessor :name
+  attr_accessor :epoch
+  attr_accessor :version
+  attr_accessor :release
+
+  def initialize
+    defaults
+  end
+
+  def defaults
+    @type = Type::BINARY
+  end
+end

data/lib/arr-pm/v2/tag.rb

@@ -0,0 +1,295 @@
+require "arr-pm/namespace"
+
+class ArrPM::V2::Tag
+  module Type
+    NULL = 0
+    CHAR = 1
+    INT8 = 2
+    INT16 = 3
+    INT32 = 4
+    INT64 = 5
+    STRING = 6
+    BINARY = 7
+    STRING_ARRAY = 8
+    I18NSTRING = 9
+
+    TYPE_MAP = Hash[constants.collect { |c| [const_get(c), c] }]
+
+    def self.parse(data, type, offset, count)
+      case type
+        when NULL
+          nil
+        when CHAR
+          data[offset, count].unpack("A#{count}")
+        when INT8
+          data[offset, count].unpack("C" * count)
+        when INT16
+          data[offset, 2 * count].unpack("n" * count)
+        when INT32
+          data[offset, 4 * count].unpack("N" * count)
+        when INT64
+          a, b = data[offset, 8].unpack("NN")
+          a << 32 + b
+        when STRING, I18NSTRING
+          data[offset..-1][/^[^\0]*/]
+        when BINARY
+          data[offset, count]
+        when STRING_ARRAY
+          data[offset..-1].split("\0")[0...count]
+        else
+          raise ArrPM::V2::Error::InvalidType, type
+      end
+    end
+  end # module Type
+
+  HEADERIMAGE = 61
+  HEADERSIGNATURES = 62
+  HEADERIMMUTABLE = 63
+  HEADERREGIONS = 64
+  HEADERI18NTABLE = 100
+  SIG_BASE = 256
+
+  SIGSIZE = 257
+  SIGLEMD5_1 = 258
+  SIGPGP = 259
+  SIGLEMD5_2 = 260
+  SIGMD5 = 261
+  SIGGPG = 262
+  SIGPGP5 = 263
+  BADSHA1_1 = 264
+  BADSHA1_2 = 265
+  PUBKEYS = 266
+  DSAHEADER = 267
+  RSAHEADER = 268
+  SHA1HEADER = 269
+  LONGSIGSIZE = 270
+  LONGARCHIVESIZE = 271
+
+  NAME = 1000
+  VERSION = 1001
+  RELEASE = 1002
+  EPOCH = 1003
+  SUMMARY = 1004
+  DESCRIPTION = 1005
+  BUILDTIME = 1006
+  BUILDHOST = 1007
+  INSTALLTIME = 1008
+  SIZE = 1009
+  DISTRIBUTION = 1010
+  VENDOR = 1011
+  GIF = 1012
+  XPM = 1013
+  LICENSE = 1014
+  PACKAGER = 1015
+  GROUP = 1016
+  CHANGELOG = 1017
+  SOURCE = 1018
+  PATCH = 1019
+  URL = 1020
+  OS = 1021
+  ARCH = 1022
+  PREIN = 1023
+  POSTIN = 1024
+  PREUN = 1025
+  POSTUN = 1026
+  OLDFILENAMES = 1027
+  FILESIZES = 1028
+  FILESTATES = 1029
+  FILEMODES = 1030
+  FILEUIDS = 1031
+  FILEGIDS = 1032
+  FILERDEVS = 1033
+  FILEMTIMES = 1034
+  FILEDIGESTS = 1035
+  FILELINKTOS = 1036
+  FILEFLAGS = 1037
+  ROOT = 1038
+  FILEUSERNAME = 1039
+  FILEGROUPNAME = 1040
+  EXCLUDE = 1041
+  EXCLUSIVE = 1042
+  ICON = 1043
+  SOURCERPM = 1044
+  FILEVERIFYFLAGS = 1045
+  ARCHIVESIZE = 1046
+  PROVIDENAME = 1047
+  REQUIREFLAGS = 1048
+  REQUIRENAME = 1049
+  REQUIREVERSION = 1050
+  NOSOURCE = 1051
+  NOPATCH = 1052
+  CONFLICTFLAGS = 1053
+  CONFLICTNAME = 1054
+  CONFLICTVERSION = 1055
+  DEFAULTPREFIX = 1056
+  BUILDROOT = 1057
+  INSTALLPREFIX = 1058
+  EXCLUDEARCH = 1059
+  EXCLUDEOS = 1060
+  EXCLUSIVEARCH = 1061
+  EXCLUSIVEOS = 1062
+  AUTOREQPROV = 1063
+  RPMVERSION = 1064
+  TRIGGERSCRIPTS = 1065
+  TRIGGERNAME = 1066
+  TRIGGERVERSION = 1067
+  TRIGGERFLAGS = 1068
+  TRIGGERINDEX = 1069
+  VERIFYSCRIPT = 1079
+  CHANGELOGTIME = 1080
+  CHANGELOGNAME = 1081
+  CHANGELOGTEXT = 1082
+  BROKENMD5 = 1083
+  PREREQ = 1084
+  PREINPROG = 1085
+  POSTINPROG = 1086
+  PREUNPROG = 1087
+  POSTUNPROG = 1088
+  BUILDARCHS = 1089
+  OBSOLETENAME = 1090
+  VERIFYSCRIPTPROG = 1091
+  TRIGGERSCRIPTPROG = 1092
+  DOCDIR = 1093
+  COOKIE = 1094
+  FILEDEVICES = 1095
+  FILEINODES = 1096
+  FILELANGS = 1097
+  PREFIXES = 1098
+  INSTPREFIXES = 1099
+  TRIGGERIN = 1100
+  TRIGGERUN = 1101
+  TRIGGERPOSTUN = 1102
+  AUTOREQ = 1103
+  AUTOPROV = 1104
+  CAPABILITY = 1105
+  SOURCEPACKAGE = 1106
+  OLDORIGFILENAMES = 1107
+  BUILDPREREQ = 1108
+  BUILDREQUIRES = 1109
+  BUILDCONFLICTS = 1110
+  BUILDMACROS = 1111
+  PROVIDEFLAGS = 1112
+  PROVIDEVERSION = 1113
+  OBSOLETEFLAGS = 1114
+  OBSOLETEVERSION = 1115
+  DIRINDEXES = 1116
+  BASENAMES = 1117
+  DIRNAMES = 1118
+  ORIGDIRINDEXES = 1119
+  ORIGBASENAMES = 1120
+  ORIGDIRNAMES = 1121
+  OPTFLAGS = 1122
+  DISTURL = 1123
+  PAYLOADFORMAT = 1124
+  PAYLOADCOMPRESSOR = 1125
+  PAYLOADFLAGS = 1126
+  INSTALLCOLOR = 1127
+  INSTALLTID = 1128
+  REMOVETID = 1129
+  SHA1RHN = 1130
+  RHNPLATFORM = 1131
+  PLATFORM = 1132
+  PATCHESNAME = 1133
+  PATCHESFLAGS = 1134
+  PATCHESVERSION = 1135
+  CACHECTIME = 1136
+  CACHEPKGPATH = 1137
+  CACHEPKGSIZE = 1138
+  CACHEPKGMTIME = 1139
+  FILECOLORS = 1140
+  FILECLASS = 1141
+  CLASSDICT = 1142
+  FILEDEPENDSX = 1143
+  FILEDEPENDSN = 1144
+  DEPENDSDICT = 1145
+  SOURCEPKGID = 1146
+  FILECONTEXTS = 1147
+  FSCONTEXTS = 1148
+  RECONTEXTS = 1149
+  POLICIES = 1150
+  PRETRANS = 1151
+  POSTTRANS = 1152
+  PRETRANSPROG = 1153
+  POSTTRANSPROG = 1154
+  DISTTAG = 1155
+  SUGGESTSNAME = 1156
+  SUGGESTSVERSION = 1157
+  SUGGESTSFLAGS = 1158
+  ENHANCESNAME = 1159
+  ENHANCESVERSION = 1160
+  ENHANCESFLAGS = 1161
+  PRIORITY = 1162
+  CVSID = 1163
+  BLINKPKGID = 1164
+  BLINKHDRID = 1165
+  BLINKNEVRA = 1166
+  FLINKPKGID = 1167
+  FLINKHDRID = 1168
+  FLINKNEVRA = 1169
+  PACKAGEORIGIN = 1170
+  TRIGGERPREIN = 1171
+  BUILDSUGGESTS = 1172
+  BUILDENHANCES = 1173
+  SCRIPTSTATES = 1174
+  SCRIPTMETRICS = 1175
+  BUILDCPUCLOCK = 1176
+  FILEDIGESTALGOS = 1177
+  VARIANTS = 1178
+  XMAJOR = 1179
+  XMINOR = 1180
+  REPOTAG = 1181
+  KEYWORDS = 1182
+  BUILDPLATFORMS = 1183
+  PACKAGECOLOR = 1184
+  PACKAGEPREFCOLOR = 1185
+  XATTRSDICT = 1186
+  FILEXATTRSX = 1187
+  DEPATTRSDICT = 1188
+  CONFLICTATTRSX = 1189
+  OBSOLETEATTRSX = 1190
+  PROVIDEATTRSX = 1191
+  REQUIREATTRSX = 1192
+  BUILDPROVIDES = 1193
+  BUILDOBSOLETES = 1194
+  DBINSTANCE = 1195
+  NVRA = 1196
+  FILENAMES = 5000
+  FILEPROVIDE = 5001
+  FILEREQUIRE = 5002
+  FSNAMES = 5003
+  FSSIZES = 5004
+  TRIGGERCONDS = 5005
+  TRIGGERTYPE = 5006
+  ORIGFILENAMES = 5007
+  LONGFILESIZES = 5008
+  LONGSIZE = 5009
+  FILECAPS = 5010
+  FILEDIGESTALGO = 5011
+  BUGURL = 5012
+  EVR = 5013
+  NVR = 5014
+  NEVR = 5015
+  NEVRA = 5016
+  HEADERCOLOR = 5017
+  VERBOSE = 5018
+  EPOCHNUM = 5019
+  ENCODING = 5062
+
+  TAG_MAP = Hash[constants.collect { |c| [const_get(c), c] }]
+
+  attr_accessor :tag, :type, :value
+
+  def initialize(tag_number, type_number)
+    @tag = self.class::TAG_MAP[tag_number] || tag_number
+    @type = type_number
+  end
+
+  def parse(data, offset, count)
+    @value = Type.parse(data, @type, offset, count)
+    nil
+  end
+
+  def inspect
+    format("<%s#%s> %s/%d value=%s>", self.class.name, self.object_id, @tag, @type, @value.inspect)
+  end
+end # module ArrPM::V2::Tag

data/lib/arr-pm/v2/type.rb

@@ -0,0 +1,15 @@
+require "arr-pm/namespace"
+
+module ArrPM::V2::Type
+  BINARY = 0
+  SOURCE = 1
+
+  module_function
+
+  # Is a given rpm type value valid?
+  #
+  # The only valid types are BINARY (0) or SOURCE (1)
+  def valid?(value)
+    return (value == BINARY || value == SOURCE)
+  end
+end

data/spec/arr-pm/v2/header_spec.rb

@@ -0,0 +1,34 @@
+# encoding: utf-8
+
+require "flores/random"
+
+require "arr-pm/v2/header"
+require "arr-pm/v2/type"
+require "arr-pm/v2/architecture"
+require "json"
+
+describe ArrPM::V2::Header do
+  context "with a known good rpm" do
+    let(:path) { File.join(File.dirname(__FILE__), "../../fixtures/example-1.0-1.x86_64.rpm") }
+    let(:file) { File.new(path) }
+
+    before do
+      lead = ArrPM::V2::Lead.new
+      lead.load(file)
+
+      # Throw away the signature if we have one
+      described_class.new.load(file) if lead.signature?
+
+      subject.load(file)
+    end
+
+    expectations = JSON.parse(File.read(File.join(File.dirname(__FILE__), "../../fixtures/example.json")))
+
+    expectations.each do |name, expected_value|
+      it "should have expected value for the #{name} tag" do
+        tag = subject.tags.find { |t| t.tag.to_s == name }
+        expect(tag.value).to be == expected_value
+      end
+    end
+  end
+end

data/spec/arr-pm/v2/lead_spec.rb

@@ -0,0 +1,125 @@
+# encoding: utf-8
+
+require "flores/random"
+
+require "arr-pm/v2/lead"
+require "arr-pm/v2/type"
+require "arr-pm/v2/architecture"
+
+describe ArrPM::V2::Lead do
+  let(:major) { Flores::Random.integer(0..255) }
+  let(:minor) { Flores::Random.integer(0..255) }
+  let(:magic) { described_class::MAGIC }
+  let(:type) { ArrPM::V2::Type::BINARY }
+  let(:architecture) { ArrPM::V2::Architecture::I386 }
+  let(:os) { 0 }
+  let(:os_bytes) { [os].pack("n").unpack("C2") }
+  let(:signature_type) { 0 }
+  let(:signature_type_bytes) { [signature_type].pack("n").unpack("C2") }
+  let(:longname) { "test-1.0-1" }
+  let(:longnamebytes) { longname.bytes + (66-longname.bytesize).times.collect { 0 } }
+  let(:leadbytes) { magic + [major, minor] + [0, type, 0, architecture] + longnamebytes + os_bytes + signature_type_bytes + 16.times.collect { 0 } }
+  let(:lead) { leadbytes.pack("C*") }
+
+  describe ".parse_magic" do
+    context "when given an invalid magic value" do
+      # Generate random bytes for the magic value, should be bad.
+      let(:magic) { Flores::Random.iterations(0..10).collect { Flores::Random.integer(0..255) } }
+
+      it "should fail" do
+        expect { described_class.parse_magic(leadbytes) }.to raise_error(ArrPM::V2::Error::InvalidMagicValue)
+      end
+    end
+
+    context "when given a valid magic value" do
+      it "should succeed" do
+        expect { described_class.parse_magic(leadbytes) }.not_to raise_error
+      end
+    end
+  end
+
+  describe ".parse_version" do
+    context "when given an invalid version value" do
+      let(:data) { magic + [major, minor] }
+
+      it "should return an array of two values " do
+        expect(described_class.parse_version(leadbytes)).to be == [major, minor]
+      end
+    end
+  end
+
+  describe ".parse_type" do
+    context "when given an invalid type"  do
+      let(:type) { Flores::Random.integer(2..1000) }
+      it "should fail" do
+        expect { described_class.parse_type(leadbytes) }.to raise_error(ArrPM::V2::Error::InvalidType)
+      end
+    end
+    context "with a valid type"  do
+      it "should return the type" do
+        expect(described_class.parse_type(leadbytes)).to be == type
+      end
+    end
+  end
+
+  describe ".parse_name" do
+    context "with a valid name" do
+      it "should return the name" do
+        expect(described_class.parse_name(leadbytes)).to be == longname
+      end
+    end
+  end
+
+  describe ".parse_signature_type" do
+    it "should return the signature type" do
+      expect(described_class.parse_signature_type(leadbytes)).to be == signature_type
+    end
+  end
+
+  describe ".parse_reserved" do
+    it "should return exactly 16 bytes" do
+      expect(described_class.parse_reserved(leadbytes).count).to be == 16
+    end
+  end
+
+  describe "#parse" do
+    before do
+      subject.parse(lead)
+    end
+
+    it "should have a correct parsed values" do
+      expect(subject.name).to be == longname
+      expect(subject.major).to be == major
+      expect(subject.minor).to be == minor
+      expect(subject.type).to be == type
+      expect(subject.architecture).to be == architecture
+    end
+  end
+
+  describe "#dump" do
+    before do
+      subject.parse(lead)
+    end
+
+    let(:blob) { subject.serialize }
+
+    it "should parse successfully" do
+      subject.parse(blob)
+    end
+  end
+
+  context "with a known good rpm" do
+    let(:path) { File.join(File.dirname(__FILE__), "../../fixtures/example-1.0-1.x86_64.rpm") }
+
+    before do
+      subject.load(File.new(path))
+    end
+
+    it "should have expected values" do
+      expect(subject.name).to be == "example-1.0-1"
+      expect(subject.major).to be == 3
+      expect(subject.minor).to be == 0
+      expect(subject.architecture).to be == architecture
+    end
+  end
+end

data/spec/fixtures/example.json

@@ -0,0 +1,55 @@
+{
+  "NAME": "example",
+  "VERSION": "1.0",
+  "RELEASE": "1",
+  "SUMMARY": "no description given",
+  "DESCRIPTION": "no description given",
+  "BUILDTIME": [
+    1466326707
+  ],
+  "BUILDHOST": "localhost",
+  "SIZE": [
+    0
+  ],
+  "VENDOR": "none",
+  "LICENSE": "unknown",
+  "PACKAGER": "<jls@localhost.localdomain>",
+  "GROUP": "default",
+  "URL": "http://example.com/no-uri-given",
+  "OS": "linux",
+  "ARCH": "x86_64",
+  "SOURCERPM": "example-1.0-1.src.rpm",
+  "PROVIDENAME": [
+    "example",
+    "example(x86-64)"
+  ],
+  "REQUIREFLAGS": [
+    16777226,
+    16777226
+  ],
+  "REQUIRENAME": [
+    "rpmlib(CompressedFileNames)",
+    "rpmlib(PayloadFilesHavePrefix)"
+  ],
+  "REQUIREVERSION": [
+    "3.0.4-1",
+    "4.0-1"
+  ],
+  "RPMVERSION": "4.13.0-rc1",
+  "PREFIXES": [
+    "/"
+  ],
+  "PROVIDEFLAGS": [
+    8,
+    8
+  ],
+  "PROVIDEVERSION": [
+    "1.0-1",
+    "1.0-1"
+  ],
+  "PAYLOADFORMAT": "cpio",
+  "PAYLOADCOMPRESSOR": "gzip",
+  "PAYLOADFLAGS": "9",
+  "PLATFORM": "x86_64-redhat-linux-gnu",
+  "ENCODING": "utf-8"
+}

data/spec/rpm/file_spec.rb

@@ -0,0 +1,57 @@
+# encoding: utf-8
+
+require "arr-pm/file"
+require "stud/temporary"
+require "insist"
+
+describe ::RPM::File do
+  subject { described_class.new(path) }
+
+  context "with a known good rpm" do
+    let(:path) { File.join(File.dirname(__FILE__), "../fixtures/pagure-mirror-5.13.2-5.fc35.noarch.rpm") }
+
+    context "#files" do
+      let(:files) { [
+        "/usr/lib/systemd/system/pagure_mirror.service",
+        "/usr/share/licenses/pagure-mirror",
+        "/usr/share/licenses/pagure-mirror/LICENSE"
+      ]}
+
+      it "should have the correct list of files" do
+        expect(subject.files).to eq(files)
+      end
+    end
+  end
+
+  context "#extract" do
+    # This RPM should be correctly built, but we will modify the tags at runtime to force an error.
+    let(:path) { File.join(File.dirname(__FILE__), "../fixtures/example-1.0-1.x86_64.rpm") }
+    let(:dir) { dir = Stud::Temporary.directory }
+
+    after do
+      FileUtils.rm_rf(dir)
+    end
+
+    context "with an invalid payloadcompressor" do
+      before do
+        subject.tags[:payloadcompressor] = "some invalid | string"
+      end
+
+      it "should raise an error" do
+        insist { subject.extract(dir) }.raises(RuntimeError)
+      end
+    end
+
+    [ "gzip", "bzip2", "xz", "lzma", "zstd" ].each do |name|
+      context "with a '#{name}' payloadcompressor" do
+        before do
+          subject.tags[:payloadcompressor] = name
+        end
+
+        it "should succeed" do
+          reject { subject.extract(dir) }.raises(RuntimeError)
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,23 +1,23 @@
 --- !ruby/object:Gem::Specification
 name: arr-pm
 version: !ruby/object:Gem::Version
-  version: 0.0.10
+  version: 0.0.12
 platform: ruby
 authors:
 - Jordan Sissel
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-04-14 00:00:00.000000000 Z
+date: 2022-09-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: cabin
+  name: flores
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">"
       - !ruby/object:Gem::Version
         version: '0'
-  type: :runtime
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -25,19 +25,47 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: flores
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: stud
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.0.23
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.0.23
+- !ruby/object:Gem::Dependency
+  name: insist
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
 description: This library allows to you to read and write rpm packages. Written in
   pure ruby because librpm is not available on all systems
 email:
@@ -46,9 +74,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".batcave/manifest"
 - ".gitignore"
 - ".rubocop.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE
 - Makefile
@@ -63,11 +91,26 @@ files:
 - lib/arr-pm/file/tag.rb
 - lib/arr-pm/namespace.rb
 - lib/arr-pm/requires.rb
-homepage: 
+- lib/arr-pm/v2/architecture.rb
+- lib/arr-pm/v2/error.rb
+- lib/arr-pm/v2/format.rb
+- lib/arr-pm/v2/header.rb
+- lib/arr-pm/v2/header_header.rb
+- lib/arr-pm/v2/lead.rb
+- lib/arr-pm/v2/package.rb
+- lib/arr-pm/v2/tag.rb
+- lib/arr-pm/v2/type.rb
+- spec/arr-pm/v2/header_spec.rb
+- spec/arr-pm/v2/lead_spec.rb
+- spec/fixtures/example-1.0-1.x86_64.rpm
+- spec/fixtures/example.json
+- spec/fixtures/pagure-mirror-5.13.2-5.fc35.noarch.rpm
+- spec/rpm/file_spec.rb
+homepage:
 licenses:
 - Apache 2
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -83,9 +126,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.3
-signing_key: 
+rubygems_version: 3.3.3
+signing_key:
 specification_version: 4
 summary: RPM reader and writer library
 test_files: []

data/.batcave/manifest

@@ -1,5 +0,0 @@
----
-things:
-  ruby:
-    args:
-    - arr-pm