Marco Colombo wrote: > If you live in a hostile environment, make your buildroot in $HOME/tmp, > which is likely to be already protected, instead of /var/tmp. Both /tmp and /var/tmp will be protected with the +t bit. > Actually, setting %_tmppath in .rpmmacros could be a good idea, so > that you can leave the .spec unchanged (and other tmp files will be > created in your home tmp as well). That is fine. That is the whole point of using a configurable macro. > Building in /var/tmp but having to closely review your %install scripts > to pay attention to permissions because of a hostile environment doesn't > make much sense to me. You'll have to do that for every .spec you build > from! If you work in a hostile environment then of course you need to take extra care. But by default with +t set on /var/tmp and a "normal" umask of 022 then other users will not be able to mess with your buildroot. Bob
