On Tue, 2005-06-07 at 11:43 +0200, Nicolas Mailhot wrote:
> On Mar 7 juin 2005 11:16, Marco Colombo a �it :
> > On Tue, 2005-06-07 at 02:02 -0600, Bob Proulx wrote:
> >> Frank W. Miller wrote:
> >> > Here's my current spec file:
> >> >
> > [...]
> >>
> >> %install
> >> rm -rf $RPM_BUILD_ROOT
> >> install -o 0 -g 0 -s -v -m 755 sip $RPM_BUILD_ROOT%{_bindir}/sip
> >> install -o 0 -g 0 -v -m 644 ring.wav
> >> $RPM_BUILD_ROOT%{_sysconfdir}/sip/ring.wav
> >
> > It's useless to specify permission modes and ownership at %install time.
> > This again forces the build process to be executed as root. The right
> > place to specify them is in the %files section:
>
> In fact at %install time you're supposed to make sure the buildroot can
> not be modified by another user before packaging and that it doesn't
> contain binaries with funny permissions (when the build fails the
> buildroot is often left quite a long time on the system for analysis)
>
> So you do need to take care of ownership and permissions, but its a very
> different set from the ones you put in %files
If you live in a hostile environment, make your buildroot in $HOME/tmp,
which is likely to be already protected, instead of /var/tmp. Actually,
setting %_tmppath in .rpmmacros could be a good idea, so that you can
leave the .spec unchanged (and other tmp files will be created in your
home tmp as well).
Building in /var/tmp but having to closely review your %install scripts
to pay attention to permissions because of a hostile environment doesn't
make much sense to me. You'll have to do that for every .spec you build
from!
.TM.
--
____/ ____/ /
/ / / Marco Colombo
___/ ___ / / Technical Manager
/ / / ESI s.r.l.
_____/ _____/ _/ Colombo@xxxxxx
