RPM hacking.
Gene C.
czar at czarc.net
Wed Mar 17 15:54:35 UTC 2004
On Wednesday 17 March 2004 07:44, Matthias Saou wrote:
> Sam Varshavchik wrote :
> > Mike A. Harris writes:
> > > On Tue, 16 Mar 2004, Sam Varshavchik wrote:
> > >>I have a dim recollection of an undocumented option to rpm (now
> > >> rpmbuild) that's essentially equivalent to "-bb --short-circuit".
> > >> That is, it jumps directly to binary RPM files creation; the
> > >> installation buildroot is already assumed to exist and populated
> > >> according to whatever's in %files.
> > >>
> > >>Anyone remember what it is?
> > >
> > > Unless this has changed since times past, there is no such
> > > option. If I recall correctly, rpm very intentionally does not
> > > allow you to skip over all stages and jump directly to the file
> > > packaging stage which then writes out the final binary packages.
> >
> > Yeah and all that. This is a debugging/hacking option only.
> >
> > I managed to drudge my memory cell and remember the undocumented -bs
> > option, which creates just the .src.rpm. Now, I need to remember the
> > rest of the story___
>
> Well, it's in both "--help" output and the rpmbuild man page, which is
> pretty good exposure for an "undocumented option" ;-p
The current set of options which can be "short-circuit"'ed are fine. However,
from a security perspective, I would be very bothered by an easy method of
creating binary rpms which could not be rebuilt by the source rpm. Yes, call
me paranoid but I either use binary rpms from a source I consider to be
"trusted" to some degree or I build them myself from a src rpm. This does
not guarantee that someone couldn't slip something into a package but at
least I have some source code to look at if things act strangely.
--
Gene
More information about the fedora-devel-list
mailing list