We voted today on
"Build scripts of packages (%prep, %build, %install and %check) may
only alter files (create, modify, delete) under %{buildroot},
%{_builddir} and valid temporary locations like /tmp, /var/tmp (or
$TMPDIR or %{_tmppath} as set by the rpmbuild process).
Further clarification: That should hold true irrespective of the
builder's uid"
But after thinking about it I'm not quite happy now. Since we go into
details naming what the build scripts are, we should make clear
that they are not equal in what they may or may not do. For example
%{buildroot} should only be modified by %install, not %prep/%build and
%check.
How about extending the rule and having a root/non-root rule, too,
e.g.
o Package builds should yield the same results irrespective of the
packaging process' uid/gid, for example builds under root and
non-root users should behave the same.
o Build scripts of packages (%prep, %build, %install and %check) may
only alter files (create, modify, delete) under %{buildroot},
%{_builddir} and valid temporary locations like /tmp, /var/tmp (or
$TMPDIR or %{_tmppath} as set by the rpmbuild process).
%{buildroot} should only be allowed to be altered in %install
scripts.
Note I: The first part of this rule is automatically
fulfilled for typical non-user build process uids but the packager
should not rely on that, since users may rebuild the src.rpm under
root
Note II: As a consequence $HOME and similar parts of the filesystem
are not to be used directly. Of course some of the allowed write
spaces like the builddir, buildroot or $TMPDIR may have been placed
under $HOME, so indirectly a user may be writing under $HOME, but
direct access to parts under $HOME are strictly forbidden.
Note III: Cheating with relative paths (".." escapes) grants you a
ticket to packaging hell.
--
Axel.Thimm at ATrpms.net
Attachment:
pgpVCGFkmKj1l.pgp
Description: PGP signature
-- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
