Mono Package audit

Toshio Kuratomi a.badger at gmail.com
Thu Apr 10 13:41:00 UTC 2008


Nicolas Mailhot wrote:
> Le Jeu 10 avril 2008 10:40, Konrad Meyer a écrit :
> 
>> Nicolas, unless I'm mistaken, means that jpp packages delete binary
>> files
>> during the %prep stage, rather than just ignoring them during the
>> %install stage.
> 
> Yes, that's the only safe way to do it. If you still have binary blobs
> on-disk at the %build stage, there is always the risk some part of
> upstream's build system will use them without you noticing.
> 
Agreed.  Great work JPackage guys!

Talking with Jeremy on IRC last night, he suggested we add a script to 
enhance rpmbuild's %setup (post-F9) that delete's prebuilt binaries 
based on file's output.  That way it's an automatic thing that happens 
rather than something reviewers and maintainers have to notice and add 
to their spec files.  (This would be overridable in spec like debuginfo 
generation and provides/requires is.)

Does this sound good to you?  Will it conflict with the JPackage way of 
deleting things?  (I don't think rm -f will issue an error if the file 
does not exist so using rm -f BINARY should let JPackage guidelines 
coexist with an enhanced rpm.)

I wrote up the idea here but I don't know whether it will go through the 
FPC for approval, FESCo, or just be implemented in rpm:

http://fedoraproject.org/wiki/PackagingDrafts/PrebuiltBinaryCheck

-Toshio

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080410/263faa48/attachment.sig>


More information about the fedora-devel-list mailing list