Bug 1220910

Summary: [mock packaging bug](ZYPP_SINGLE_RPMTRANS=1 packages with etc/pki not handled correctly during verification phase)
Product: [openSUSE] openSUSE Tumbleweed Reporter: Luna D Dragon <luna.dragon>
Component: libzyppAssignee: Miika Alikirri <miika.alikirri>
Status: RESOLVED INVALID QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: mls, santiago.zarate
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: zypper.log

Description Luna D Dragon 2024-03-05 06:34:18 UTC 
Created attachment 873209 [details]
zypper.log

Currently when you install a package with a folder inside /etc/pki eg, fwupd, pesign or ca-certificates the package manager will refuse to install and packages stating 


Problem occurred during or after installation or removal of packages:
Executing the transaction failed because of the following problems:
    file /etc/pki from install of mock-5.5-1.2.noarch conflicts with file from package p11-kit-0.25.3-1.2.x86_64
    file /etc/pki from install of mock-5.5-1.2.noarch conflicts with file from package ca-certificates-2+git20230406.2dae8b7-1.3.noarch
    file /etc/pki from install of mock-5.5-1.2.noarch conflicts with file from package pesign-116-4.2.x86_64
    file /etc/pki from install of mock-5.5-1.2.noarch conflicts with file from package fwupd-1.9.14-1.1.x86_64

This goes away if the tech preview is disabled. many packages own /etc/pki even if they only have one folder inside /etc/pki.
Comment 1 Michael Andres 2024-03-05 09:27:33 UTC 
In SINGLE_RPMTRANS librpm performs the fileconflict check (the same way as if they'd call rpm).

In CLASSIC_RPMTRANS libsolv performs the fileconflict check (and rpm is just used to unpack the packages).

If the CLASSIC mode successfully installed the package, then maybe rpm could have been more relaxed in this situation. If the package did not install in CLASSIC mode, it would be a bug in libsolv. (the log does not tell)

> (rpm -qplv...)
> === ca-certificates-2+git20230406.2dae8b7-1.3.noarch.rpm
> drwxr-xr-x    2 root     root       0 Feb  2 17:54 /etc/pki
> === fwupd-1.9.14-1.1.x86_64.rpm
> drwxr-xr-x    2 root     root       0 Feb 28 20:04 /etc/pki
> === p11-kit-0.25.3-1.2.x86_64.rpm
> drwxr-xr-x    2 root     root       0 Feb  2 17:45 /etc/pki
> === pesign-116-4.2.x86_64.rpm
> drwxr-xr-x    2 root     root       0 Feb  2 18:24 /etc/pki

> (from system:packagemanager)
> === mock-5.5-1.2.noarch.rpm
> drwxr-xr-x    2 root    mock        0 Mar  4 23:13 /etc/pki

@mls: Apparently just the directories group changed from root->mock. Does this cause rpm to complain?
Comment 2 Michael Schröder 2024-03-05 12:57:37 UTC 
Seems so. See rpmfilesCompare() in the rpm source. I think libsolv should be made a bit stricter here...
Comment 3 Michael Andres 2024-03-05 13:42:05 UTC 
@miika The mock package needs to be fixed. It must not try to assign different permission/ownership to a common directory.
Comment 4 Luna D Dragon 2024-03-06 11:55:10 UTC 
it was a packaging issue in mock, this has been fixed. The libsolv alg is much more lax and hence it allowed this to occur