Matthias Saou wrote:
Jeff Johnson wrote :
%post chattr +i `rpm -ql name`
should make the package non-upgradeable no matter what.
Nice one, "bulldozer style". Never thought of it before :-)
You miss the point.
There is simply no way for rpm (or any rpmlib based tool) to guarantee package non-upgradeability reliably.
There are side effects, not only from opaque scripts, but also from system administrators, and from
selinux policy, and more, that are not represented in any metadata that rpm has access to,
that are necessary to make a package -- and all the package contents -- non-upgradeable.
Meanwhile, it's kinda pointless to attempt to mark a package non-upgradeable imho *without*
a bulldozer and more to provide the strongest possible guarantee reliably.
Sure, can be done, but is trivially subverted. In fact, there's almost certainly gonna have to be
Yet Another Option to rpm to disable (or otherwise manage) packaging mistakes from
an advisory
Autoupgrade: no
marker in packaging.
I question whether it's worth the complexity cost in rpm.
I hope that clarifies.
73 de Jeff
