RPM and tarballs
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Tue May 8 18:47:30 UTC 2007
Tony Nelson wrote:
> At 1:13 PM -0500 5/8/07, Mikkel L. Ellertson wrote:
>> Tony Nelson wrote:
>>> At 10:39 AM -0500 5/8/07, Mikkel L. Ellertson wrote:
>>> ...
>>>> In the long run, I feel it is worth the extra effort to build an RPM
>>>> for the tarball package. It makes managing the packages on your
>>>> system easier. That is what packaging systems were designed for in
>>>> the first place.
>>> ISTM that a tool could make a reasonable RPM from a tarball, as long as the
>>> tarball doesn't have an install script, as all that is needed is the list
>>> of files. Checkinstall is more dynamic and dangerous than just looking at
>>> the output of tar -t, in order to be able to handle install scripts. Are
>>> there tools to make RPMs from tarballs that I haven't found?
>>>
>>> For that matter, RPM could install tarballs directly, if given an install
>>> root. RPM could even usually tell when a file conflict could be treated as
>>> a config file and do the .rpmnew or .rpmsave thing. Perhaps in the history
>>> of RPM there is a reason this did not happen, or existed and was removed?
>> As far as RPM installing from source,
> ...
>
> You are the first to mention "source". We're talking about /installing/ a
> tarball, not /building/ from a tarball.
>
The thread started with building/installing from a source tarball. I
guess I missed where we shifted to talking about binary tarballs.
They are not used too often, so you should specify that you are
talking about binary tarballs.
>> I am not sure that trying to build the option of installing from a
>> tarball is a good idea. Even though it would involve extra steps,
>> improving the tools that will create a .spec file from a tarball,
>> building the RPM, and then becoming root to install it still looks
>> like a better way to do it. It gives you an extra chance to look at
>> just what you are installing. (I can picture a few ways to hide
>> nasty scripts inside a make file, or in the RPM install scripts.)
>
> There is no makefile. It is a binary tarball, so make would not be
> invoked, only "cd / ; tar -xf <tarball>" (or wherever one decides to
> install it).
I fail to see any advantage of binary tarballs. You lose the
security of the RPM format. You would have to add a signature of
some type to be sure that the file isn't a fake. If you need any
scripts to go with the install, that is something else to add. I
guess I don't see the point of having rpm handle them, instead of
building a proper RPM if you want rpm to keep track of the files.
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
More information about the fedora-list
mailing list