Fix destructive-cleanup failure when no old packages exist

[henrywang]

When rpm -qa returns no packages, xargs would still invoke rpm -e with no arguments, causing failure with "no packages given for erase" (exit code 123).

Add -r flag to xargs to skip execution when input is empty.

Resolves #1935

[gemini-code-assist]

Code Review

This pull request aims to fix a bug in the fedora-bootc-destructive-cleanup script where it would fail if no RPM packages were found. While the addition of the -r flag to xargs addresses this, a critical security vulnerability has been identified: the current use of xargs with output from a potentially untrusted filesystem introduces an argument injection risk. An attacker could manipulate the RPM database to inject flags into rpm -e, potentially leading to unintended package deletions on the host system. It is strongly recommended to use the -- flag to terminate options and -d '\n' for xargs to safely handle input.

[gemini-code-assist]

This line introduces a critical argument injection vulnerability. Piping output from rpm -qa from a potentially untrusted /sysroot into xargs rpm -e without proper sanitization can allow an attacker to inject malicious flags, potentially causing rpm -e to operate on the host's root filesystem and delete critical packages. Additionally, xargs without -d '\n' can mishandle package names with spaces or special characters. While defining rpm options in a variable could improve readability, addressing the security vulnerability is paramount. The suggested fix includes using -- to terminate options for rpm -e and xargs -d '\n' to safely handle input.

Suggested change

	rpm -qa --root=/sysroot --dbpath=/usr/lib/sysimage/rpm | xargs -r rpm -e --root=/sysroot --dbpath=/usr/lib/sysimage/rpm
	rpm -qa --root=/sysroot --dbpath=/usr/lib/sysimage/rpm | xargs -r -d '\n' rpm -e --root=/sysroot --dbpath=/usr/lib/sysimage/rpm --

[henrywang]

Failure has been fixed by PR #1937