📄 appendix-a.html
字号:
<!-- CODE SNIP //-->
<PRE>
00000370: 7270 6d00 322e 322e 3100 3100 5265 6420 rpm.2.2.1.1.Red
</PRE>
<!-- END CODE SNIP //-->
<P>Since the data type for this entry is a null-terminated string, we need to keep reading
bytes until we reach a byte whose numeric value is 0. We find the bytes
72, 70, 6d, and 00—a null. Looking at the ASCII display on the right, we find that the bytes form the string
rpm, which is the name of this package.
</P>
<P>Now for a slightly more complicated example. Let's look at the following index entry:
</P>
<!-- CODE SNIP //-->
<PRE>
00000250: 0000 0403 0000 0008 0000 0199 0000 0018 ................
</PRE>
<!-- END CODE SNIP //-->
<P>Tag 403 means that this entry is a list of filenames. The data type 8, or
STRING_ARRAY, seems to bear this out. From the previous example, we found that the data area for the header began
at offset 370. Adding the offset to the first filename
(199) gives us 509. Finally, the count of 18 hex means that there should be 24 null-terminated strings containing filenames:
</P>
<!-- CODE SNIP //-->
<PRE>
00000500: 696e 6974 6462 0a0a 002f 6269 6e2f 7270 initdb.../bin/rp
00000510: 6d00 2f65 7463 2f72 706d 7263 002f 7573 m./etc/rpmrc./us
</PRE>
<!-- END CODE SNIP //-->
<P>The byte at offset 509 is 2f—a slash (/). Reading up to the first null byte, we find that the
first filename is /bin/rpm, followed by /etc/rpmrc. This continues on for 22 more filenames.
</P>
<P>There are many more tags we could decode, but they are all done in the same manner.
</P>
<B>A.2.1.3.2. Header Tag Listing</B>
<P>The following list shows the tags available, along with their defined values, for use in the header:
</P>
<!-- CODE //-->
<PRE>
#define RPMTAG_NAME 1000
#define RPMTAG_VERSION 1001
#define RPMTAG_RELEASE 1002
#define RPMTAG_SERIAL 1003
#define RPMTAG_SUMMARY 1004
#define RPMTAG_DESCRIPTION 1005
#define RPMTAG_BUILDTIME 1006
#define RPMTAG_BUILDHOST 1007
#define RPMTAG_INSTALLTIME 1008
#define RPMTAG_SIZE 1009
#define RPMTAG_DISTRIBUTION 1010
#define RPMTAG_VENDOR 1011
#define RPMTAG_GIF 1012
</PRE>
<!-- END CODE //-->
<A NAME="PAGENUM-348"><P>Page 348</P></A>
<!-- CODE //-->
<PRE>
#define RPMTAG_XPM 1013
#define RPMTAG_COPYRIGHT 1014
#define RPMTAG_PACKAGER 1015
#define RPMTAG_GROUP 1016
#define RPMTAG_CHANGELOG 1017
#define RPMTAG_SOURCE 1018
#define RPMTAG_PATCH 1019
#define RPMTAG_URL 1020
#define RPMTAG_OS 1021
#define RPMTAG_ARCH 1022
#define RPMTAG_PREIN 1023
#define RPMTAG_POSTIN 1024
#define RPMTAG_PREUN 1025
#define RPMTAG_POSTUN 1026
#define RPMTAG_FILENAMES 1027
#define RPMTAG_FILESIZES 1028
#define RPMTAG_FILESTATES 1029
#define RPMTAG_FILEMODES 1030
#define RPMTAG_FILEUIDS 1031
#define RPMTAG_FILEGIDS 1032
#define RPMTAG_FILERDEVS 1033
#define RPMTAG_FILEMTIMES 1034
#define RPMTAG_FILEMD5S 1035
#define RPMTAG_FILELINKTOS 1036
#define RPMTAG_FILEFLAGS 1037
#define RPMTAG_ROOT 1038
#define RPMTAG_FILEUSERNAME 1039
#define RPMTAG_FILEGROUPNAME 1040
#define RPMTAG_EXCLUDE 1041 /* not used */
#define RPMTAG_EXCLUSIVE 1042 /* not used */
#define RPMTAG_ICON 1043
#define RPMTAG_SOURCERPM 1044
#define RPMTAG_FILEVERIFYFLAGS 1045
#define RPMTAG_ARCHIVESIZE 1046
#define RPMTAG_PROVIDES 1047
#define RPMTAG_REQUIREFLAGS 1048
#define RPMTAG_REQUIRENAME 1049
#define RPMTAG_REQUIREVERSION 1050
#define RPMTAG_NOSOURCE 1051
#define RPMTAG_NOPATCH 1052
#define RPMTAG_CONFLICTFLAGS 1053
#define RPMTAG_CONFLICTNAME 1054
#define RPMTAG_CONFLICTVERSION 1055
#define RPMTAG_DEFAULTPREFIX 1056
#define RPMTAG_BUILDROOT 1057
#define RPMTAG_INSTALLPREFIX 1058
#define RPMTAG_EXCLUDEARCH 1059
#define RPMTAG_EXCLUDEOS 1060
#define RPMTAG_EXCLUSIVEARCH 1061
#define RPMTAG_EXCLUSIVEOS 1062
#define RPMTAG_AUTOREQPROV 1063 /* used internally by build */
#define RPMTAG_RPMVERSION 1064
#define RPMTAG_TRIGGERSCRIPTS 1065
#define RPMTAG_TRIGGERNAME 1066
#define RPMTAG_TRIGGERVERSION 1067
#define RPMTAG_TRIGGERFLAGS 1068
#define RPMTAG_TRIGGERINDEX 1069
#define RPMTAG_VERIFYSCRIPT 1079
</PRE>
<!-- END CODE //-->
<A NAME="PAGENUM-349"><P>Page 349</P></A>
<P>This list is current as of version 2.3 of RPM. For the most up-to-date version, look in the
file lib/rpmlib.h in the latest version of the RPM sources.
</P>
<H4>
A.2.1.3.2. The Archive
</H4>
<P>Following the header section is the archive. The archive holds the actual files that comprise
the package. The archive is compressed using GNU zip. We can verify this if we look at the
start of the archive:
</P>
<!-- CODE SNIP //-->
<PRE>
00000d40: 0000 001f 8b08 0000 0000 0002 03ec fd7b ...............{
00000d50: 7c13 d516 388e 4e92 691b 4a20 010a 1428 |...8.N.i.J ...(
</PRE>
<!-- END CODE SNIP //-->
<P>In this example, the archive starts at offset
d43. According to the contents of /usr/lib/magic, the first 2 bytes of a
gzipped file should be 1f8b, which is, in fact, what we see. The
following byte (08) is the flag used by GNU zip to indicate the file has been compressed with
gzip's
deflation method. The eighth byte has a value of
02, which means that the archive has been compressed using
gzip's maximum compression setting. The following byte contains a
code indicating the operating system under which the archive was compressed. A
03 in this byte indicates that the compression ran under a UNIX-like operating system.
</P>
<P>The remainder of the RPM package file is the compressed archive. After the archive
is uncompressed, it is an ordinary cpio archive in SVR4 format with a CRC checksum.
</P>
<H3>
A.3. Tools for Studying RPM Files
</H3>
<P>In the tools directory packaged with the RPM sources are a number of small programs
that use the RPM library to extract the various sections of a package file.
Normally used by the RPM developers for debugging purposes, these tools can also be used to make it easier to
understand the RPM package file format. Here is a list of the programs and what they do:
</P>
<UL>
<LI> rpmlead—Extracts the lead section from a package file
<LI> rpmsignature—Extracts the signature section from a package file
<LI> rpmheader—Extracts the header from a package file
<LI> rpmarchive—Extracts the archive from a package file
<LI> dump—Displays a header structure in an easily readable format
</UL>
<P>The first four programs take an RPM package file as their input. The package file can be
read either from standard input or by including the filename
on the command line. In either case, the programs write to standard output. Here is how
rpmlead can be used to display the lead from a package file:
</P>
<!-- CODE //-->
<PRE>
# rpmlead foo.rpm | od -x
0000000 abed dbee 0003 0000 0100 7072 2d6d 2e32
0000020 2e32 2d31 0031 0000 0000 0000 0000 0000
0000040 0000 0000 0000 0000 0000 0000 0000 0000
</PRE>
<!-- END CODE //-->
<A NAME="PAGENUM-350"><P>Page 350</P></A>
<!-- CODE SNIP //-->
<PRE>
0000100 0000 0000 0000 0000 0000 0000 0100 0500
0000120 0004 0000 e124 bfff b36b 0800 e600 bfff
0000140
#
</PRE>
<!-- END CODE SNIP //-->
<P>Since each of these programs can also act as a filter, the following command is equivalent
to the preceding one:
</P>
<!-- CODE //-->
<PRE>
# cat foo.rpm | rpmlead | od -x
0000000 abed dbee 0003 0000 0100 7072 2d6d 2e32
0000020 2e32 2d31 0031 0000 0000 0000 0000 0000
0000040 0000 0000 0000 0000 0000 0000 0000 0000
0000100 0000 0000 0000 0000 0000 0000 0100 0500
0000120 0004 0000 e124 bfff b36b 0800 e600 bfff
0000140
#
</PRE>
<!-- END CODE //-->
<P>The dump program is used in conjunction with
rpmsignature or rpmheader. It makes decoding
header structures a snap:
</P>
<!-- CODE //-->
<PRE>
# rpmsignature foo.rpm | dump
Entry count: 3
Data count : 172
CT TAG TYPE OFSET COUNT
Entry : 000 (1000)NAME INT32_TYPE 0x00000000 00000001
Data: 000 0x00044c4f (281679)
Entry : 001 (1001)VERSION BIN_TYPE 0x00000004 00000016
Data: 000 b0 25 b0 97 15 97 01 32
Data: 008 df 35 d1 69 32 9c 53 75
Entry : 002 (1002)RELEASE BIN_TYPE 0x00000014 00000152
Data: 000 89 00 95 03 05 00 31 ed
Data: 008 63 90 a5 20 e8 f1 cb a2
Data: 016 9b f9 01 01 43 7b 04 00
Data: 024 9c 8e 0a d4 37 90 36 4e
Data: 032 df b0 9a 8a 22 b5 b0 b3
Data: 040 dc 30 4c 6f 91 b8 c1 50
Data: 048 70 4e 2c 64 d8 8a 8f ca
Data: 056 18 ab 5b 6f f0 41 eb c8
Data: 064 d1 8a 01 c9 36 01 66 f0
Data: 072 9d dd e9 56 31 42 61 b3
Data: 080 b1 da 84 94 6b ef 9c 19
Data: 088 45 74 c4 9f ee 17 35 e1
Data: 096 d1 05 fb 68 0c e6 71 5a
Data: 104 60 f1 c6 60 27 9f 03 06
Data: 112 28 ed 0b a0 08 55 9e 82
Data: 120 2b 1c 2e de e8 e3 50 90
Data: 128 62 60 0b 3c ba 04 69 a9
Data: 136 25 73 1b bb 5b 65 4d e1
Data: 144 b1 d2 c0 7f 8a fa 4a 9b
#
</PRE>
<!-- END CODE //-->
<P>One aspect of dump worth noting is that it is optimized for decoding the header section of
a package file. When used with rpmsignature, it displays the tag names used in the header
instead of the signature tag names. The data is displayed properly in either case, however.
</P>
<A NAME="PAGENUM-351"><P>Page 351</P></A>
<H3>
A.4. Identifying RPM Files with the
file(1) Command
</H3>
<P>The magic file on most UNIX-like systems today should have the necessary information
to identify RPM files. But in case your system doesn't, the following information can be added
to the file:
</P>
<!-- CODE //-->
<PRE>
#------------------------------------------------------------------
#
# RPM: file(1) magic for Red Hat Packages
#
0 beshort 0xedab
>2 beshort 0xeedb RPM
>>4 byte x v%d
>>6 beshort 0 bin
>>6 beshort 1 src
>>8 beshort 1 i386
>>8 beshort 2 Alpha
>>8 beshort 3 Sparc
>>8 beshort 4 MIPS
>>8 beshort 5 PowerPC
>>8 beshort 6 68000
>>8 beshort 7 SGI
>>10 string x %s
</PRE>
<!-- END CODE //-->
<P>The output of the file command is succinct:
</P>
<!-- CODE SNIP //-->
<PRE>
# file baz
baz: RPM v3 bin i386 vlock-1.0-2
#
</PRE>
<!-- END CODE SNIP //-->
<P>In this case, the file called baz is a version 3 format RPM file containing release 2 of version
1.0 of the vlock package, which has been built for the Intel x86 architecture.
</P>
<A NAME="PAGENUM-352"><P>Page 352</P></A>
<P><CENTER>
<a href="ch21/0334-0336.html">Previous</a> | <a href="ewtoc.html">Table of Contents</a> | <a href="appendix-b.html">Next</a></CENTER></P>
</td>
</tr>
</table>
<!-- begin footer information -->
</body></html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -