rictorres / node-rpm-builder Goto Github PK
View Code? Open in Web Editor NEWBuild RPM packages using Node.JS
License: MIT License
Build RPM packages using Node.JS
License: MIT License
It will print debug info to the console.
{
verbose: true || false
}
Including support for globs
.
Add some examples to make it more easy to use.
RPM Builder is using [email protected] which includes minimatch which shipped with a
ReDoS Security issue, updating to latest should fix this.
There are breaking changes in newer globby versions according to bithound so will require testing
There should be an option to not follow symlinks (and preserve the link) when copying files to BUILDROOT.
According to Node.js / io.js fs.existsSync()
will be deprecated.
Hi, I was getting this to work, and I ran into this glitch. I'd run my little rpmbuilder.js program and after maybe a minute i'd get this:
Error: stderr maxBuffer exceeded
this came from child-process. At first I tried passing in an option:
execOpts: {maxBuffer: 1e6},
but that wasn't even big enough. Finally I commended out this line in index.js:
var cmd = [
'rpmbuild',
'-bb',
//'-vv', <<<====****
'--buildroot',
buildRoot,
specFile
].join(' ');
The -vv was generating gobs and gobs of output into stderr. Since it seems to be dropped anyway, you probably don't need it.
BUT, after that the program wouldn't quit. Generated the rpm file, i just have to ^C. could be my problem, but just fyi.
Latest repository version contains support for RPM Provides
parameter. Latest published version on npm registry is, however, 0.6.1 - according to https://www.npmjs.com/package/rpm-builder
On master branch the version in package.json
has a SNAPSHOT
postfix;
Can be the new version released and published on npm repository please ?
Hi! I've the next problem: I want to build i386 packages in a x86_64 machine. After some tests, the only good solution that I've found is to prepend setarch i386
to the command, so the command:
rpmbuild -bb -vv --buildroot ...
behaves setarch i386 rpmbuild -bb -vv --buildroot...
Can you add some new option to your library that lets prepend "something" to the command? Or if you have a better solution it will be great.
Thanks for your library!!
group
, owner
, chmod
, etc
Really. Otherwise we cannot use your lib here due to failing RPM installation on any other Linux machine.
I'm trying to build a node application rpm using your npm package. I've filled out all the options concerning arch with x86_64
as that's the platform I'm currently running. I get the following error when I run the npm start
.
[root@unknown0800277ccd0f node-app]# uname -m
x86_64
[root@unknown0800277ccd0f node-app]# npm start
> [email protected] start /root/node-app
> node index.js
Creating RPM directory structure at: /root/node-app/tmp-2zFExTn9V
SPEC file created: tmp-2zFExTn9V/SPECS/node-app-0.0.1-1.x86-64.spec
Executing: rpmbuild -bb -vv --buildroot /root/node-app/tmp-2zFExTn9V/BUILDROOT/ tmp-2zFExTn9V/SPECS/node-app-0.0.1-1.x86-64.spec
/root/node-app/index.js:40
throw err;
^
Error: Command failed: rpmbuild -bb -vv --buildroot /root/node-app/tmp-2zFExTn9V/BUILDROOT/ tmp-2zFExTn9V/SPECS/node-app-0.0.1-1.x86-64.spec
error: No compatible architectures found for build
OS I'm build on.
platform:linux
distro:CentOS Linux
release:7
codename:Core
kernel:3.10.0-957.12.2.el7.x86_64
arch:x64
hostname:unknown0800277ccd0f.attlocal.net
codepage:UTF-8
logofile:centos
serial:f5438d6c4f924545873e64ebe3d743a4
build:N/A
servicepack:N/A
Also, I noticed that the keepTemp
option has no logic. Whether I set it or not, it still keeps the temp directory. Not sure if that's happening because the builds are failing before it can complete.
For the config:
const rpmOptions = {
name: packageName,
version: gitVersion.GitVersion,
release: 1,
buildArch: 'noarch',
keepTemp: false,
files: [{ cwd: './dist', src: '*', dest: `/opt/${packageName}/` }],
excludeFiles: ['./dist/static/js/*.js.map']
};
My expected output would be that all files inside the ./dist
directory and subdirectories should be checked against the exclude paths.
What actually happens is that the check stops at the level of the first subdirectory, i.e. the paths checked includes ./dist/static
, and since that path is not itself in the excludeFiles
the entire static
subdirectory is included without checking any of the files within that directory against the excludeFiles
list. i.e. all the *.js.map
files inside the static/js
subdirectory end up being added to the rpm instead of being excluded because those file paths never get tested against the excludeFiles
list.
Tested on rpm_builder v1.1.0
Hi is there a way to block config file replacement on update using
%config(noreplace)
as exposed here https://www.cl.cam.ac.uk/~jw35/docs/rpm_config.html
?
This issue has been generated on-behalf of Mik317 (https://huntr.dev/app/users/Mik317)
Affected versions execute arbitrary commands remotely inside the victim's PC. The issue occurs because user input is formatted inside a command
that will be executed without any checks. The cmd
list is stringed and executed inside the exec
function without checking the buildRoot
and specFile
variables, which are controlled by the user, leading to RCE
.
The issue arises here:
https://github.com/rictorres/node-rpm-builder/blob/master/index.js#L119
Bug Bounty
We have opened up a bounty for this issue on our bug bounty platform. Want to solve this vulnerability and get rewarded ๐ฐ? Go to https://huntr.dev/
...when defining files.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.