Add man pages for plugins

* rpm-plugins for plugins in general * selinux plugin * syslog plugin * audit plugin * prioreset plugin * ima plugin
rpm-software-management · Jan 30, 2020 · daec7a9 · daec7a9
1 parent fb54f5c
commit daec7a9
Show file tree

Hide file tree

Showing 7 changed files with 199 additions and 8 deletions.
diff --git a/doc/rpm-plugin-audit.8 b/doc/rpm-plugin-audit.8
@@ -0,0 +1,52 @@
+'\" t
+.TH "RPM-AUDIT" "8" "28 Jan 2020" "Red Hat, Inc."
+.SH NAME
+rpm-plugin-audit \- Audit plugin for the RPM Package Manager
+
+.SH Description
+
+The plugin writes basic information about rpm transactions to the
+audit log - like packages installed or removed. The entries can be
+viewed with
+
+.B ausearch -m SOFTWARE_UPDATE
+
+
+.SS Data fields
+
+The entries in the audit log have the following fields:
+
+.TP
+.B Field
+.B Possible values		Description
+
+.TP
+.B op
+install/update/remove	package operation
+
+.TP
+.B sw
+name-version-release.arch of the package
+.TP
+.B key_enforce
+0/1	are signatures being enforced
+.TP
+.B gpg_res
+0/1	result of signature check (0 == fail / 1 ==success)
+.TP
+.B root_dir
+Root directory of the operation, normally "/"
+.TP
+.B sw_type
+"rpm"	package format
+
+
+.SH Configuration
+
+There are currently no options for this plugin in particular. See
+.BR rpm-plugins (8)
+on how to control plugins in general.
+
+.SH SEE ALSO
+.IR ausearch (8)
+.IR rpm-plugins (8)
diff --git a/doc/rpm-plugin-ima.8 b/doc/rpm-plugin-ima.8
@@ -0,0 +1,26 @@
+.TH "RPM-IMA" "8" "28 Jan 2020" "Red Hat, Inc."
+.SH NAME
+rpm-plugin-ima \- IMA plugin for the RPM Package Manager
+
+.SH Description
+
+Integrity Measurement Architecture (IMA) and the Linux Extended
+Verification Module (EVM) allow to detect when files have been
+accidentally or maliciously altered. This plugin puts IMA/EVM
+signatures in the \fIsecurity.ima\fR extended file attribute during
+installation. This requires packages to contain the signatures -
+typically by being signed with \fBrpmsign --signfiles\fR.
+
+.SH Configuration
+
+The \fI%_ima_sign_config_files\fR macro controls whether signatures
+should also be written for config files.
+
+See
+.BR rpm-plugins (8)
+on how to control plugins in general.
+
+.SH SEE ALSO
+.IR evmctl (1)
+.IR rpmsign (8)
+.IR rpm (8)
diff --git a/doc/rpm-plugin-prioreset.8 b/doc/rpm-plugin-prioreset.8
@@ -0,0 +1,25 @@
+.TH "RPM-PRIORESET" "8" "28 Jan 2020" "Red Hat, Inc."
+.SH NAME
+rpm-plugin-prioreset \- Plugin for the RPM Package Manager to fix
+issues with priorities of deamons on SysV init
+
+.SH Description
+
+In general scriptlets run with the same priority as rpm
+itself. However on legacy SysV init systems, properties of the parent
+process can be inherited by the actual daemons on restart.  As a
+result daemons may end up with unwanted nice or ionice values.  This
+plugin resets the scriptlet process priorities after forking, and can
+be used to counter that effect. Should not be used with systemd
+because the it's not needed there, and the effect is
+counter-productive.
+
+.SH Configuration
+
+There are currently no options for this plugin in particular. See
+.BR rpm-plugins (8)
+on how to control plugins in general.
+
+.SH SEE ALSO
+.IR rpm (8)
+.IR rpm-plugins (8)
diff --git a/doc/rpm-plugin-selinux.8 b/doc/rpm-plugin-selinux.8
@@ -0,0 +1,23 @@
+.TH "RPM-SELINUX" "8" "14 Apr 2016" "Red Hat, Inc."
+.SH NAME
+rpm-plugin-selinux \- SELinux plugin for the RPM Package Manager
+
+.SH Description
+
+The plugin sets SELinux contexts for installed files and executed
+scriptlets. It needs SELinux to be enabled to work but will work in
+both enforcing and permissive mode.
+
+.SH Configuration
+
+The plugin can be disabled temporarily by passing \fB--nocontexts\fR
+at the RPM command line or setting the transaction flag
+\fBRPMTRANS_FLAG_NOCONTEXTS\fR in the API.
+
+See
+.BR rpm-plugins (8)
+on how to control plugins in general.
+
+.SH SEE ALSO
+.IR rpm (8)
+.IR rpm-plugins (8)
diff --git a/doc/rpm-plugin-syslog.8 b/doc/rpm-plugin-syslog.8
@@ -0,0 +1,17 @@
+.TH "RPM-SYSLOG" "8" "14 Apr 2016" "Red Hat, Inc."
+.SH NAME
+rpm-plugin-syslog \- Syslog plugin for the RPM Package Manager
+
+.SH Description
+
+The plugin writes basic information about rpm transactions to the syslog - like transactions run and packages installed or removed.
+
+.SH Configuration
+
+There are currently no options for this plugin in particular. See
+.BR rpm-plugins (8)
+on how to control plugins in general.
+
+.SH SEE ALSO
+.IR rpm (8)
+.IR rpm-plugins (8)
diff --git a/doc/rpm-plugin-systemd-inhibit.8 b/doc/rpm-plugin-systemd-inhibit.8
@@ -13,7 +13,7 @@ roughly equivalent to executing
 
 \fBsystemd-inhibit --mode=block --what=idle:sleep:shutdown --who=RPM --why="Transaction running"\fR
 
-See \fBsystemd-inhibit(1)\fR for the details of this mechanism.
+See \fBsystemd-inhibit\fR(1) for the details of this mechanism.
 
 It is strongly advised to have the plugin installed on all systemd
 based systems.
@@ -26,11 +26,11 @@ interface it gives a warning but does not stop the transaction.
 
 .SH Configuration
 
-The plugin currently does not have any configuration option other than
-turning it on and off. It can be disabled by commenting out the
-\fI%__transaction_systemd_inhibit\fR macro in main macros file
-(typically located at \fI/usr/lib/rpm/macros\fR) or otherwise change
-the value of the macro.
+There are currently no options for this plugin in particular. See
+.BR rpm-plugins (8)
+on how to control plugins in general.
 
-Another option is to remove the plugin from the system if it is
-packaged in its own sub package.
+.SH SEE ALSO
+.IR systemd-inhibit (1)
+.IR rpm (8)
+.IR rpm-plugins (8)
diff --git a/doc/rpm-plugins.8 b/doc/rpm-plugins.8
@@ -0,0 +1,48 @@
+.TH "RPM-PLUGINS" "8" "29 Jan 2020" "Red Hat, Inc."
+.SH NAME
+rpm-plugins \- Plugins for the RPM Package Manager
+
+.SH Description
+
+RPM plugins provide functionality that is not suited to be used
+everywhere. They may not be built or shipped on some platforms or may
+not be installed or be disabled on some systems.
+
+This allows plugins to interface with systems that may not acceptable
+as a dependency for RPM and to provide functionality that may be
+unwanted under some circumstances.
+
+For now the plugin API is internal only. So there is a limited number of
+plugins in the RPM sources.
+
+.SH Configuration
+
+Some plugins can be configured by specific macros or influenced by
+command line parameters. But most can only be turned on or off. See
+the plugin's man page for details.
+
+Plugins are controlled by a macro \fI%__transaction_NAME\fR which is
+set to the location of the plugin file. Undefining the macro
+or setting it to \fI%{nil}\fR will prevent the plugin from being run.
+
+This can be done on the RPM command line e.g. with
+\fB--undefine=__transaction_syslog\fR. To disable a plugin
+permantently drop a file in \fI/etc/rpm/\fR that contains
+
+__transaction_NAME %{nil}
+
+Another option is to remove the plugin from the system if it is
+packaged in its own sub package.
+
+For some operations it may be desirable to disable all plugins at
+once. This can be done by passing \fB--noplugins\fR to \fBrpm\fR at
+the command line.
+
+.SH SEE ALSO
+.IR rpm (8)
+.IR rpm-plugin-audit (8)
+.IR rpm-plugin-ima (8)
+.IR rpm-plugin-prioreset (8)
+.IR rpm-plugin-selinux (8)
+.IR rpm-plugin-syslog (8)
+.IR rpm-plugin-systemd-inhibit (8)