{"id":22281457,"url":"https://github.com/sassoftware/go-rpmutils","last_synced_at":"2025-05-15T06:05:51.678Z","repository":{"id":9642951,"uuid":"59608352","full_name":"sassoftware/go-rpmutils","owner":"sassoftware","description":"Golang implementation of parsing RPM packages","archived":false,"fork":false,"pushed_at":"2025-03-18T17:41:53.000Z","size":144,"stargazers_count":55,"open_issues_count":3,"forks_count":46,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-04-11T15:57:10.251Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sassoftware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-05-24T21:00:55.000Z","updated_at":"2025-03-24T10:55:38.000Z","dependencies_parsed_at":"2024-01-24T17:27:44.101Z","dependency_job_id":"ac883696-0c38-42c0-8090-4ed7281ee0dc","html_url":"https://github.com/sassoftware/go-rpmutils","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sassoftware%2Fgo-rpmutils","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sassoftware%2Fgo-rpmutils/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sassoftware%2Fgo-rpmutils/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sassoftware%2Fgo-rpmutils/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sassoftware","download_url":"https://codeload.github.com/sassoftware/go-rpmutils/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254283339,"owners_count":22045140,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-03T16:18:25.774Z","updated_at":"2025-05-15T06:05:46.668Z","avatar_url":"https://github.com/sassoftware.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Go RPM Utils\n\n[![Go Reference](https://pkg.go.dev/badge/github.com/sassoftware/go-rpmutils.svg)](https://pkg.go.dev/github.com/sassoftware/go-rpmutils)\n\ngo-rpmutils is a library written in [go](http://golang.org) for parsing and extracting content from [RPMs](http://www.rpm.org).\n\n## Overview\n\ngo-rpmutils provides a few interfaces for handling RPM packages. There is a highlevel `Rpm` struct that provides access to the RPM header and [CPIO](https://en.wikipedia.org/wiki/Cpio) payload. The CPIO payload can be extracted to a filesystem location via the `ExpandPayload` function or through a Reader interface, similar to the [tar implementation](https://golang.org/pkg/archive/tar/) in the go standard library.\n\n## Example\n\n```go\n// Opening a RPM file\nf, err := os.Open(\"foo.rpm\")\nif err != nil {\n    panic(err)\n}\nrpm, err := rpmutils.ReadRpm(f)\nif err != nil {\n    panic(err)\n}\n// Getting metadata\nnevra, err := rpm.Header.GetNEVRA()\nif err != nil {\n    panic(err)\n}\nfmt.Println(nevra)\nprovides, err := rpm.Header.GetStrings(rpmutils.PROVIDENAME)\nif err != nil {\n    panic(err)\n}\nfmt.Println(\"Provides:\")\nfor _, p := range provides {\n    fmt.Println(p)\n}\n// Extracting payload\nif err := rpm.ExpandPayload(\"destdir\"); err != nil {\n    panic(err)\n}\n```\n\n## Validating Signatures\n\nrpmutils supports validating PGP signatures embedded in RPM files.\n\n```go\nimport (\n    \"github.com/sassoftware/go-rpmutils\"\n    \"github.com/ProtonMail/go-crypto/openpgp\"\n)\n\nfunc main() {\n    kf, err := os.Open(\"trusted.pgp\")\n    keyring, err := openpgp.ReadArmoredKeyRing(kf)\n    f, err := os.Open(\"foo.rpm\")\n    hdr, sigs, err := rpmutils.Verify(f, keyring)\n}\n```\n\nPassing `nil` as the keyring will parse the signature without validating it, so\nthat the signers' key ID can be inspected.\n\nBy default rpmutils uses the\n[ProtonMail](https://github.com/ProtonMail/go-crypto) PGP implementation, which\nsupports PGP v4 and later signatures. PGP v4 was released in 1998, and yet some\nstill-supported Linux distributions contain RPMs with v3 signatures.\n\nDepending on your needs you may want to use the\n[pgpkeys-eu](https://github.com/pgpkeys-eu/go-crypto) soft fork, which re-adds\nv3 signature support. To consume it, the binary being built must have a\n`replace` directive, and must set the `pgp3` tag to enable the related\nvalidation code in rpmutils:\n\n```\ngo mod edit -replace github.com/ProtonMail/go-crypto=github.com/pgpkeys-eu/go-crypto@main\ngo build -tags pgp3\n```\n\n### Upgrading from versions before v0.4.0\n\nPrevious versions of rpmutils used the standard library\n`golang.org/x/crypto/openpgp` implementation, which has been deprecated for some\ntime. Most callers that are verifying or signing RPMs will just need to change\nimports to `github.com/ProtonMail/go-crypto/openpgp` .\n\nThere are two known regressions with the ProtonMail implementation. The first is\nthat PGP v3 signatures are no longer supported. If this is important to you,\nthen see the above note about using the pgpkeys-eu fork instead.\n\nThe second is that signing with a HSM-bound private key (`crypto.Signer`) of\ntype other than RSA is currently not supported by ProtonMail. Hopefully a future\nrelease will restore this functionality.\n\n## Contributing\n\n1. Read contributor agreement\n2. Fork it\n3. Create your feature branch (`git checkout -b my-new-feature`)\n4. Commit your changes (`git commit -a`). Make sure to include a Signed-off-by line per the contributor agreement.\n5. Push to the branch (`git push origin my-new-feature`)\n6. Create new Pull Request\n\n## License\n\ngo-rpmutils is released under the Apache 2.0 license. See [LICENSE](https://github.com/sassoftware/go-rpmutils/blob/master/LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsassoftware%2Fgo-rpmutils","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsassoftware%2Fgo-rpmutils","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsassoftware%2Fgo-rpmutils/lists"}