Dear all, due to the recent xz-utils supply chain problem, we looked into modifying the rpmbuild tool to fail the build if relevant files are modified during the '%check' phase. We found a similar request in github: https://github.com/rpm-software-management/rpm/issues/3010 Is there any discussion about what approach to follow, and how to close the identified gap? Instead of jailing the process, we wondered whether hashing and validating the existing files might be a viable, and more easy to provide, building block. We provided a very simple and incomplete proof of concept, which works for small packages: https://github.com/rpm-software-management/rpm/pull/3039 Best, Norbert Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879 _______________________________________________ Rpm-list mailing list Rpm-list@xxxxxxxxxxxxx http://lists.rpm.org/mailman/listinfo/rpm-list
