tmpfiles: insist on at least one configuration file being specified on --purge

poettering · bluca · commit 41064a3c97c9 · 2024-06-18T14:45:59.000+01:00
Also, extend the man page explanation substantially, matching more closely what --create says. Fixes: systemd#33349
diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
@@ -151,12 +151,26 @@
 
       <varlistentry>
         <term><option>--purge</option></term>
-        <listitem><para>If this option is passed, all files and directories created by a
-        <filename>tmpfiles.d/</filename> entry will be deleted. Keep in mind that by default,
-        <filename>/home</filename> is created by <command>systemd-tmpfiles</command>
-        (see <filename>/usr/lib/tmpfiles.d/home.conf</filename>). Therefore it is recommended
-        to first run <command>systemd-tmpfiles --dry-run --purge</command> to be certain which files
-        and directories will be deleted.</para>
+
+        <listitem><para>If this option is passed, all files and directories marked for
+        <emphasis>creation</emphasis> by the <filename>tmpfiles.d/</filename> files specified on the command
+        line will be <emphasis>deleted</emphasis>. Specifically, this acts on all files and directories
+        marked with <varname>f</varname>, <varname>F</varname>, <varname>d</varname>, <varname>D</varname>,
+        <varname>v</varname>, <varname>q</varname>, <varname>Q</varname>, <varname>p</varname>,
+        <varname>L</varname>, <varname>c</varname>, <varname>b</varname>, <varname>C</varname>,
+        <varname>w</varname>, <varname>e</varname>. If this switch is used at least one
+        <filename>tmpfiles.d/</filename> file (or <filename>-</filename> for standard input) must be
+        specified on the command line or the invocation will be refused, for safety reasons (as otherwise
+        much of the installed system files might be removed).</para>
+
+        <para>The primary usecase for this option is to automatically remove files and directories that
+        originally have been created on behalf of an installed packaged at package removal time.</para>
+
+        <para>It is recommended to first run this command in combination with <option>--dry-run</option>
+        (see below) to verify which files and directories will be deleted.</para>
+
+        <para><emphasis>Warning!</emphasis> This is is usually not the command you want! In most cases
+        <option>--remove</option> is what you are looking for.</para>
 
         <xi:include href="version-info.xml" xpointer="v256"/></listitem>
       </varlistentry>
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
@@ -4344,6 +4344,10 @@ static int parse_argv(int argc, char *argv[]) {
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                        "You need to specify at least one of --clean, --create, --remove, or --purge.");
 
+        if (FLAGS_SET(arg_operation, OPERATION_PURGE) && optind >= argc)
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                                       "Refusing --purge without specification of a configuration file.");
+
         if (arg_replace && arg_cat_flags != CAT_CONFIG_OFF)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                        "Option --replace= is not supported with --cat-config/--tldr.");
