RPM hacking.

[Gene C.]

On Wednesday 17 March 2004 07:44, Matthias Saou wrote:
> Sam Varshavchik wrote :
> > Mike A. Harris writes:
> > > On Tue, 16 Mar 2004, Sam Varshavchik wrote:
> > >>I have a dim recollection of an undocumented option to rpm (now
> > >> rpmbuild) that's essentially equivalent to "-bb --short-circuit". 
> > >> That is, it jumps directly to binary RPM files creation; the
> > >> installation buildroot is already assumed to exist and populated
> > >> according to whatever's in %files.
> > >>
> > >>Anyone remember what it is?
> > >
> > > Unless this has changed since times past, there is no such
> > > option.  If I recall correctly, rpm very intentionally does not
> > > allow you to skip over all stages and jump directly to the file
> > > packaging stage which then writes out the final binary packages.
> >
> > Yeah and all that.  This is a debugging/hacking option only.
> >
> > I managed to drudge my memory cell and remember the undocumented -bs
> > option, which creates just the .src.rpm.  Now, I need to remember the
> > rest of the story___
>
> Well, it's in both "--help" output and the rpmbuild man page, which is
> pretty good exposure for an "undocumented option" ;-p

The current set of options which can be "short-circuit"'ed are fine.  However, 
from a security perspective, I would be very bothered by an easy method of 
creating binary rpms which could not be rebuilt by the source rpm.  Yes, call 
me paranoid but I either use binary rpms from a source I consider to be 
"trusted" to some degree or I build them myself from a src rpm.  This does 
not guarantee that someone couldn't slip something into a package but at 
least I have some source code to look at if things act strangely.
-- 
Gene