The rpm created by tar2rpm contains a "Build Date" that is far in the future.
Steps to reproduce:

kali@kali:~/go$ date
Wed 08 Jul 2020 04:02:49 PM EDT

kali@kali:~/go$ ./tar2rpm -file /tmp/example.rpm -name "Example" -version "1.0" /tmp/input.tar

kali@kali:~/go$ rpm -qip /tmp/example.rpm

Name        : Example
Epoch       : 0
Version     : 1.0
Release     : 
Architecture: noarch
Install Date: (not installed)
Group       : 
Size        : 727851
License     : 
Signature   : (none)
Source RPM  : Example-1.0.src.rpm
Build Date  : Sun 13 Jul 2042 09:04:00 PM EDT
Build Host  : 
Relocations : (not relocatable)
Packager    : 
Vendor      : 
URL         : 
Summary     : 
Description :

Expectation:
The "Build Date:" line of the rpm query should contain something like "Wed 08 Jul 2020 04:02:49 PM EDT", but it's always "Sun 13 Jul 2042 09:04:00 PM EDT" even on subsequent delayed rebuilds of the rpm.

I'd like to submit a PR to add Zstandard compression support. I already added it on a local branch an tested it with https://github.com/goreleaser/nfpm and Fedora 34 (see https://fedoraproject.org/wiki/Changes/Switch_RPMs_to_zstd_compression). Is this something you'd consider merging?

I'd use the zstd implementation from https://github.com/klauspost/compress/tree/master/zstd which is provided "using a Go standard license". While the algorithm stands for itself, the Go implementation is way faster than the Go implementation of xz which makes it a great choice going forward. If you want you can check out the performance benchmarks I made over here: https://github.com/erikgeiser/benchpress

Before submitting the PR, I'd like to ask if you would be fine with changing the Compressor setting to optionally include a level such as gzip:9, zstd:fastest or zstd:best. For gzip the level can be parsed with strconv.Atoi and zstd already provides an EncoderLevelFromString function. I would not support levels for xz and lzma as the settings are too complex. This way, users can better prioritize install speed vs. download speed or even build speed. If you do not like this, I'll submit a PR with a hard coded level for zstd (probably "best"/zstd.SpeedBestCompression as it's the closest to level 19 which is used by Fedora).

nfpm forked us back in september (see goreleaser/nfpm#640 (comment))
I'm trying to get everything up to the same level so we can unfork. @caarlos0 @djgilcrease

The biggest structural change is in sense.go, and in particular SensRPMLIB. I want to get that to work in rpmpack too.

tar2rpm -name "ccal" -version "0.0.1" -release "v0.6.9" -arch "x86_64" -licence "MIT" -prein "/usr/bin/ccal-single" -file "ccal.rpm" ccal.tar

sudo zypper in ccal.rpm

正在加载软件源数据...
正在读取已安装的软件包...
正在解决软件包依赖关系...

将安装以下 1 个新软件包：
  ccal

1 个软件包将新装.
总下载大小：0 B。已缓存：2.6 MiB。 操作完成后，将使用额外的 5.8 MiB。
继续吗？ [y/n/v/...? 显示全部选项] (y): y
在缓存 ccal.rpm 中                                                                                (1/1),   2.6 MiB （解压后   5.8 MiB）

正在检查文件冲突： ..............................................................................................................[完毕]
(1/1) 正在安装：ccal-0.0.1-v0.6.9.x86_64 ........................................................................................[错误]
安装 ccal-0.0.1-v0.6.9.x86_64 失败：
错误: Subprocess failed. Error: RPM 失败： /var/tmp/rpm-tmp.UtwbaF: line 1: /usr/bin/ccal-single: No such file or directory
error: %prein(ccal-0:0.0.1-v0.6.9.x86_64) scriptlet failed, exit status 127
error: ccal-0:0.0.1-v0.6.9.x86_64: install failed

What should I do？

With reference to Maximum RPM:

The %ghost Directive

As we mentioned in the Section called The %files List, if a file is specified in the %files list, that file will automatically be included in the package. There are times when a file should be owned by the package but not installed - log files and state files are good examples of cases you might desire this to happen.

The way to achieve this, is to use the %ghost directive. By adding this directive to the line containing a file, RPM will know about the ghosted file, but will not add it to the package.

The examples there go on to show common RPM operations. Essentially, what needs to happen is that the file is owned by the RPM, but no file contents are added to the same.

The file should be:

1. Shown in rpm -qlp <package.rpm
2. Shown as provided-by the rpm rpm -q --whatprovides <my-ghost-file>
3. Not present in the filesystem after installing the package.

1 & 2 are currently achieved, but 3 is not correct. We end up with an empty file, instead.

in https://github.com/goreleaser/nfpm there is the need to support at least the ConfigFile type https://github.com/sassoftware/go-rpmutils/blob/master/tags.go#L138 because when you uninstall a rpm by default a *.rpmsave file is created for all config files which nfpm verifies as part of it's testing.

Support for this was initially added as #16 but was asked to create an issue around this to determine if and how to support this for the tar2rpm tool

My initial idea was to not support it for the tool, and only for the case where rpmpack is being used as a library. Another option is to provide flags to point to a tar of each filetype. The final option I can think of is to have an option like -config-file=path/to/config/file that would have to match h.Name in https://github.com/google/rpmpack/blob/master/tar.go#L62 to set the file type

Of the 3 options I am personally leaning toward the latter so the command would look something like tar2rpm -config-file etc/bla.conf -config-file etc/bla/overide.conf -file bla.rpm bla.tar which makes it so you do not need to separately tar up each type of file. We would want to ensure wildcard support for this so you could do -config-file etc/*

Open Question: which file types do we want to support from the tool?

• ConfigFile
• DocFile
• IconFile
• MissingFile
• NoReplaceFile
• SpecFile
• GhostFile
• LicenceFile
• ReadmeFile
• ExcludeFile
• UnpatchedFile
• PubKeyFile
• PolicyFile

I know ConfigFile for sure as the need for that prompted adding this feature. I would also say DocFile, LicenceFile, ReadmeFile

example_bazel/BULID.bazel contains the line
`load("@bazel_tools//tools/build_defs/pkg:pkg.bzl", "pkg_tar").

That should be changed to load("@rules_pkg//pkg:tar.bzl", "pkg_tar")
and rules_license added to the WORKSPACE as per https://github.com/bazelbuild/rules_pkg/releases/tag/0.7.0

In Bazel 6.0 your example may cease to work, either because pkg_tar is removed, or simply because the mode and ownername attributes are removed.

Hi,

The size of the payload written to the Size header is incorrect. It should be the length of the compressed payload, not the sun of the sizes of the uncompressed payload files.
This makes the rpm2cpio program exit with a failure, as it does a comparison between the header value and that returned by librpm's ufdCopy() function.

Hi,

is this inversion wanted or a typo (rpm.go l.375):

	r.fileowners = append(r.fileowners, f.Group)
	r.filegroups = append(r.filegroups, f.Owner)

Trying to create an RPM with rpmpack and then read it with go-rpmutils, the owner and group are switched

I would like to be able to do something like

package main

import (
	"log"
	"os"

	"github.com/google/rpmpack"
)

func main() {

	r, err := rpmpack.NewRPM(rpmpack.RPMMetaData{
		Name:    "rpmsample",
		Version: "0.1",
		Release: "A",
		Arch:    "noarch",
	})
	if err != nil {
		log.Fatal(err)
	}
	r.AddScriptlet(
		rpmpack.RPMFile{
			Name:  "pre",
                        Body: []byte(`
echo "-------------"
echo "This is pre"
echo "-------------"
`),
		})
	if err := r.Write(os.Stdout); err != nil {
		log.Fatalf("write failed: %v", err)
	}

}

I am trying to add support for boolean dependencies
https://rpm-software-management.github.io/rpm/manual/boolean_dependencies.html

I see the dependency tags all defined @https://github.com/rpm-software-management/rpm/blob/ab01b5eacf9ec6a07a5d9e1991ef476a12d264fd/include/rpm/rpmds.h

And the rich parser defined
https://github.com/rpm-software-management/rpm/blob/9f62aba3bd26eea51d411f0d17ee4dadbf2fd873/lib/rpmds.c#L1480

based on
https://github.com/rpm-software-management/rpm/blob/9f62aba3bd26eea51d411f0d17ee4dadbf2fd873/lib/rpmds.c#L1126

I think I need to set add a dependency of rpmlib(DynamicBuildRequires)", "4.15.0-1" and set RPMSENSE_RPMLIB to all rpms that should support it, but not 100% sure how to go about that yet.

It looks like the comparators (<, >, =) are not mapped correctly to their rpm bitmask representations:
Example input (through goreleaser/nfpm):

- "dep"
- "dep < 2.0.0"
- "dep > 1.0.0"
- "dep = 1.5.0" 
- "dep <= 1.6.0"
- "dep >= 1.4.0"

Result:

$ rpm -qpR dist/test.rpm
dep
dep  2.0.0
dep < 1.0.0
dep > 1.5.0
dep > 1.6.0
dep <> 1.4.0

According to the RPM source the correct bitmasks are (with my => decimal calculation):

RPMSENSE_ANY = 0, // => 0
RPMSENSE_LESS = (1 << 1), // => 2
RPMSENSE_GREATER = (1 << 2), // => 4
RPMSENSE_EQUAL = (1 << 3), // => 8

However the rpmpack bitmasks are:

SENSE_ANY = 1 << iota >> 1, // iota == 0 so => 0
SENSE_LESS // 1 << 1 >> 1 => 1
SENSE_GREATER // 1 << 2 >> 1 => 2
SENSE_EQUAL // 1 << 3 >> 1 => 4

it looks to me like overcomplicating the bitshift iota has caused the shifts to be off.

I have tested and verified that adjusting the "sense" bitshifts results in a correct rpm:

SenseAny  rpmSense = 0
SenseLess          = 1 << iota
SenseGreater
SenseEqua

Result:

dep 0
dep 2 2.0.0
dep 4 1.0.0
dep 8 1.5.0
dep 10 1.6.0
dep 12 1.4.0
...
$ rpm -qpR dist/test.rpm
dep 
dep < 2.0.0
dep > 1.0.0
dep = 1.5.0
dep <= 1.6.0
dep >= 1.4.0

Hello, team, this project looks not support prefix for the rpm package. So the rpm package is not relocatable. Guys, is there a plan to support this feature?

Ive been trying to build an rpm using pkg_tar2rpm

when i go to install the rpm im seeing the following errors

Error: Transaction check error:
  file /opt from install of envoy-0:1.19.0-pre.noarch conflicts with file from package filesystem-3.8-2.el8.x86_64
  file /usr from install of envoy-0:1.19.0-pre.noarch conflicts with file from package filesystem-3.8-2.el8.x86_64
  file /usr/bin from install of envoy-0:1.19.0-pre.noarch conflicts with file from package filesystem-3.8-2.el8.x86_64

if i use rpm -i --force my.rpm it works - im wondering what im doing wrong (or not doing right) that is fooing the paths in the package

for xz, lzma but not gzip compression types, the output rpms are apparently corrupt:

rpmsample | rpm2cpio | cpio -t
cpio: premature end of archive

tested with rpm2cpio from rhel7 and upstream 4.16.1.3

We use rules_docker not to create images, but rather to run tests in different rpm based operating systems.

Do you plan to add signing support?

It would be very helpful if a version file was supported for setting the package version - as eg pkg_deb does

if a version file could be passed in it would allow pkg_tar2rpm to read version info directly from eg a VERSION file rather than having to duplicate/hardcode the current version in BUILD/bzl files in addition to the canonical setting

I have generated a valid, functioning TAR file with Apache Ant (file says: POSIX tar archive).
When I create an RPM file with tar2rpm there are neither errors or warnings reported but when the generated .rpm file should be installed with "rpm -ivh" the installation fails with:

error: unpacking of archive failed on file /redhat-release;5f2712a5: cpio: Digest mismatch
error: Example-0:1.0-.noarch: install failed

Steps to reprodude:

Use this Dockerfile:

FROM oraclelinux:7

RUN yum -y install oracle-golang-release-el7
RUN yum -y install golang git ant file

RUN go get -u github.com/google/rpmpack/...

RUN echo "<project name='test' default='main' basedir='.'>" >/tmp/build.xml && \
    echo "  <target name='main'>" >>/tmp/build.xml && \
    echo "    <tar destfile='/tmp/generated-by-ant.tar'>" >>/tmp/build.xml  && \
    echo "      <tarfileset dir='/etc' username='root' group='root'>" >>/tmp/build.xml && \
    echo "        <include name='redhat-release'/>" >>/tmp/build.xml && \
    echo "      </tarfileset>" >>/tmp/build.xml && \
    echo "    </tar>" >>/tmp/build.xml && \
    echo "  </target>" >>/tmp/build.xml&& \
    echo "</project>" >> /tmp/build.xml

RUN ant -f /tmp/build.xml
 
ENTRYPOINT ["bash"]

Build and run:

docker build -t rpmtest .
docker run --rm -it rpmtest

Run these commands in the Docker Container:

# Run file to determine the file type:
file /tmp/generated-by-ant.tar
# List the contents of the tar file (or extract it, it will work)
tar -tvf /tmp/generated-by-ant.tar
# Run the tar2rpm tool to generate the rpm
/root/go/bin/tar2rpm -file /tmp/example.rpm -name "Example" -version "1.0" --build_time "$(date +%s)" /tmp/generated-by-ant.tar

#Try to install the rpm
rpm -ivh /tmp/example.rpm

The last command will produce this error:

[root@e5a144d2b99f /]# rpm -ivh /tmp/example.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:Example-0:1.0-                   ################################# [100%]
error: unpacking of archive failed on file /redhat-release;5f2712a5: cpio: Digest mismatch
error: Example-0:1.0-.noarch: install failed
[root@e5a144d2b99f /]# 

Currently rpmpack must maintain a full list of tags and values itself so every time a library needs to support a tag that is not currently in rpmpack they must make a PR here and then update their use after the PR is accepted. So I am proposing reworking the API a bit to make it easier for those using rpmpack as a library to add support for the tags they need without rpmpack explicitly knowing about or officially supporting it.

Rough API Idea

func (r *RPM) AddTag(rpmTag int, value IndexEntry) {...}
func (r *RPM) AddSignatureTag(rpmTag int, value IndexEntry) {...}
func NewIndexEntry(value interface{}) IndexEntry {...}

Now this package is not able to be updated with go get -u.
Coz it depends an old package github.com/cavaliercoder/go-cpio.
That module renamed to github.com/cavaliergopher/cpio.
Please update dependency to it.

In my opinion, the fileType type from file_types.go should be exported, so libraries can for example write wrappers around RPM.AddFiles() like this:

func addFileWrapper(rpm *rpmpack.RPM, ..., fileType rpmpack.FileType) error {
    ...
    rpm.AddFile(rpmpack.RPMFile{
        ...
        Type: fileType
    })
}

Similarly, the tag constants from tags.go should also be exported to allow libraries to use them when extracting and validating RPM properties in tests via these tags.

nfpm, which depends on rpmpack, currently has to employ an ugly workaround for fileType in such a wrapper and redefines many tag constants for tests.