On Thu, 15 Feb 2007 12:17:29 +0100, Ralf Corsepius wrote:
> > > > My issue is: IMO, the default settings rpmbuild uses, must be safe
> > > > against arbitrary users running rpmbuild in a multi user environment.
> > > > [...]
> > >
> > > Just to also mention that (for the record) that the scenario you mention
> > > here has happened in real life for me and a colleague. Without knowing,
> > > we were building the same SRPM on a test-build machine separately, and
> > > things got really weird. My colleague spent quite a while trying to fix
> > > the problem from her side, because she didn't know the possible problem
> > > with the build root. It was a core package.
> >
> > Funny.
>
> Not funny - Limitations/defects/bugs in rpm.
>
> We actually are playing with symptoms, because nobody wants to fix the
> cause.
So what? It cannot be fixed at the spec-file level. But it can be fixed
with global defaults, with per user rpmbuild trees. The /usr/src/redhat
tree is crap. It is beyond my comprehension why it still exists and
why it encourages users to run rpmbuild as root.
> > Because by default you can only build as superuser, since it
> > needs write-access to /usr/src/redhat/. As soon as you set up a
> > local ~/.rpmmacros, you can define %_buildroot and point it to
> > a private location. Problem solved. For example:
> >
> > %_topdir %(echo $HOME)/tmp/rpm
> > %_tmppath %{_topdir}/tmp
> > %_buildroot %{_tmppath}/%{name}-%{version}-root
>
> Yes, this is the traditional argument against using a fixed buildroot.
> (IIRC, Thias or Axel came up with it, when this topic came up ca 1/2 a
> year ago).
It predates that discussion *by far*.
As why changes to global configuration defaults have never found their way
into RPM, I can only guess. Perhaps it is in bugzilla as one of the many
WONTFIX tickets. For a long period of time, bug reports and feature
requests have not been taken seriously, users and packagers have been
burnt and have learnt to work around deficiencies.
"mktemp" in the spec file BuildRoot tag is getting far too annoying,
especially since I do not like anything in my spec file which is not used
during my local test-builds, and because failure conditions are not dealt
with. I don't know yet what's necessary to block it from becoming
mandatory, but it's ridiculous, giving the fact that it will return a
fresh tmp dir with every invocation of rpmbuild.
--
fedora-extras-list mailing list
fedora-extras-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-extras-list
