Mock 0.8.x available

Michael E Brown Michael_E_Brown at dell.com
Sun Oct 21 22:22:58 UTC 2007


Mock users,

    I have posted a new version of mock for review and comments.

RPM download: http://linux.dell.com/libsmbios/download/mock/mock-0.8.1/
Git repository: http://linux.dell.com/git/mock-v2.git

Compatibility:
    -- Mock 0.8.x+ has been written on Fedora 7 and is intended for use
    on Fedora 7 and higher. A limited amount of testing has been done on
    FC6, so please report any FC6-specific bugs and we will make
    best-effort attempts to fix them.

    -- I have tried to maintain a high degree of compatibility with mock
    0.7 in cmdline args and 

New stuff:
    -- plugin system to better modularize things
    -- new plugins:
        -- Yum cache
        -- root cache
        -- ccache
        -- bind mount
    -- root cache (formerly called autocache) is now significantly
        smaller in size
    -- speed increases: mock 0.8 is now in almost every case minutes
        faster than 0.7, especially for multiple builds.
    -- uses python logging.py module for increased logging flexibility
    -- new command: 'mock install PACKAGE' to run a 'yum install
        PACKAGE' inside the buildroot
    -- expanded command: 'mock installdeps RPM_FILE' can now install
        deps for a local binary RPM. Formerlly, only SRPMS were
        supported.
    -- new option: "--cleanup-after" that can be used with
        "--resultdir". This will do a cleanup of the buildroot after the
        build. This is enabled by default such that any '--resultdir'
        builds will be automatically cleaned up
    -- All of the config files delivered with mock have been tested and
        should work. (The test case compiles mock using each of the
        config files delivered with mock.)
          
Changed: 
    -- cmdline requires "rebuild" argument when rebuilding srpms.
        Previously you could just pass srpm name.
    -- output has slightly changed. Mock is now slightly more verbose.
    -- formerly /dev from the host was bind-mounted into the chroot.
        This is now not enabled by default, but can be configured easily
        per-chroot using the bind plugin. See the 'defaults.cfg' files
        for config details.
    -- '-r CONFIG' option can no longer accept full config filenames
        ("config.cfg"). Leave off the '.cfg' for mock 0.8+.  Formerly,
        config ('-r' option) could be specified using either
"config.cfg" or
        "config" and mock would look for /etc/mock/config.cfg,
automatically
        adding the '.cfg', if necessary. 
    -- logs are not overwritten or truncated for --no-clean or
        --resultdir builds.

    -- cmdline options removed: 
        --autocache, --rebuild-cache: use "--enable-plugin" or
            "--disable-plugin"  instead
        --verbose, --debug, --quiet: the log files contain all the
            information. --verbose could possibly return.
        --statedir: statedir didnt have much point in life and has gone
            away

Config files:
    -- Old config files will, by and large, still work. There are
        several options in the old config files that are no longer
        applicable now that 'mock-helper' has went away. The next
        release of mock should have warnings enabled if it sees that
        your config file has obsolete options.

Internal Changes:
    -- now modularized
    -- mock-helper is gone. Instead there is a setuid-wrapper that calls
        mock.py. This vastly simplifies development.

Plugin Notes:
    -- the plugin system is somewhat rudimentary at this time. If this
    becomes something that is truly useful for out-of-tree plugins or
    third-parties, we can formalize the interface some more. As of now,
    the plugin interface should have most of the hooks to do useful
    stuff, but some other things like the 'conduit' interface that yum
    uses for plugins is not present. This would formalize the interface
    a bit more and make sure the plugins dont grope too badly into
    internals they shouldnt.

Future plans:
    -- Upstream mock git will be updated to this version next week after
        we sort out branching for the 0.7 release.
    -- This version of mock will be checked into Fedora 9 next week.
    -- yum integration: plan to try to use the yum API rather than the
        cmdline. this will enable several optimizations and speed ups
        due to not redownloading the yum metadata multiple times.
    -- config file format change: at some future point, we probably will
        switch to an .ini format config file.

SPECIAL SECURITY WARNING:

1) default /usr/bin/mock owner is root:mock with permissions 4550
(-rwsrwx---). Thus, it may only be run by the 'root' user or members of
the 'mock' group. DO NOT PUT UNTRUSTED USERS IN THE 'MOCK' GROUP!  The
current code (as well as all previous versions) has many easily-used
mechanisms that an untrusted user could use to elevate their local
privileges.  IT IS NOT THE GOAL OF THE MOCK DEVELOPERS TO MAKE MOCK A
TOOL THAT CAN BE USED BY UNTRUSTED LOCAL USERS.

2) All 'rpmbuild' commands, as well as the 'rpm' command to install and
unpack the to-be-built SRPM are run as the user running 'mock' with no
elevated privileges. These 'rpm' and 'rpmbuild' commands are run in the
chroot environment with these lower privileges. Thus, it should be
relatively safe to use mock to compile code from untrusted sources. That
being said, MOCK HAS NOT BEEN THOROUGHLY AUDITED TO GUARANTEE THE SAFETY
OF THIS.

--
Michael




More information about the Fedora-buildsys-list mailing list