feat(rpm): add support for verify scriptlet (#788)

Co-authored-by: Nicholas Jackson <nicholas.jackson@zii.aero>
2026-06-19 08:05:04 +00:00 · 2024-02-21 15:13:30 -08:00
parent 0b1bc17d46
commit d0d7c60d34
11 changed files with 58 additions and 1 deletions
@@ -202,6 +202,7 @@ func TestRPMSpecific(t *testing.T) {
 	testNames := []string{
 		"release",
 		"directories",
+		"verify",
 	}
 	for _, name := range testNames {
 		for _, arch := range formatArchs[format] {
@@ -362,6 +362,7 @@ type RPM struct {
 type RPMScripts struct {
 	PreTrans  string `yaml:"pretrans,omitempty" json:"pretrans,omitempty" jsonschema:"title=pretrans script"`
 	PostTrans string `yaml:"posttrans,omitempty" json:"posttrans,omitempty" jsonschema:"title=posttrans script"`
+	Verify    string `yaml:"verify,omitempty" json:"verify,omitempty" jsonschema:"title=verify script"`
 }

 type PackageSignature struct {
@@ -342,6 +342,14 @@ func addScriptFiles(info *nfpm.Info, rpm *rpmpack.RPM) error {
 		rpm.AddPosttrans(string(data))
 	}

+	if info.RPM.Scripts.Verify != "" {
+		data, err := os.ReadFile(info.RPM.Scripts.Verify)
+		if err != nil {
+			return err
+		}
+		rpm.AddVerifyScript(string(data))
+	}
+
 	return nil
 }

@@ -82,6 +82,7 @@ func exampleInfo() *nfpm.Info {
 				Scripts: nfpm.RPMScripts{
 					PreTrans:  "../testdata/scripts/pretrans.sh",
 					PostTrans: "../testdata/scripts/posttrans.sh",
+					Verify:    "../testdata/scripts/verify.sh",
 				},
 			},
 		},
@@ -481,6 +482,13 @@ echo "Pretrans" > /dev/null

 echo "Posttrans" > /dev/null
 `, data, "Posttrans script does not match")
+
+	data, err = rpm.Header.GetString(rpmutils.VERIFYSCRIPT)
+	require.NoError(t, err)
+	require.Equal(t, `#!/bin/bash
+
+echo "Verify" > /dev/null
+`, data, "Verify script does not match")
 }

 func TestRPMFileDoesNotExist(t *testing.T) {
@@ -72,6 +72,7 @@ rpm:
  scripts:
    pretrans: ./testdata/acceptance/scripts/pretrans.sh
    posttrans: ./testdata/acceptance/scripts/posttrans.sh
+    verify: ./testdata/acceptance/scripts/verify.sh
 apk:
  scripts:
    preupgrade: ./testdata/acceptance/scripts/preupgrade.sh
@@ -220,3 +220,9 @@ RUN test ! -f /etc/bar/file
 RUN test -d /etc/foo
 RUN test ! -d /etc/bar
 RUN test ! -d /etc/baz
+
+# ---- verify test ----
+FROM min as verify
+RUN rpm -V foo
+RUN rm /tmp/postinstall-proof
+RUN ! rpm -V foo
@@ -0,0 +1,20 @@
+name: "foo"
+arch: "${BUILD_ARCH}"
+platform: "linux"
+version: "v1.2.3"
+maintainer: "Foo Bar"
+release: "4"
+description: |
+  Foo bar
+    Multiple lines
+vendor: "foobar"
+homepage: "https://foobar.org"
+license: "MIT"
+contents:
+  - src: ./testdata/fake
+    dst: /etc/foo/file
+scripts:
+  postinstall: ./testdata/acceptance/scripts/postinstall.sh
+rpm:
+  scripts:
+    verify: ./testdata/acceptance/scripts/verify.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+test -e /tmp/postinstall-proof
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo "Verify" > /dev/null
@@ -322,6 +322,8 @@ rpm:
    pretrans: ./scripts/pretrans.sh
    # The posttrans script runs after all RPM package transactions / stages.
    posttrans: ./scripts/posttrans.sh
+    # The verify script runs when verifying packages using `rpm -V`.
+    verify: ./scripts/verify.sh

  # The package group. This option is deprecated by most distros
  # but required by old distros like CentOS 5 / EL 5 and earlier.
@@ -719,6 +719,10 @@
 					"posttrans": {
 						"type": "string",
 						"title": "posttrans script"
+					},
+					"verify": {
+						"type": "string",
+						"title": "verify script"
 					}
 				},
 				"additionalProperties": false,
@@ -768,4 +772,4 @@
 			}
 		},
 		"description": "nFPM configuration definition file"
-	}
+	}