Proposal: rpm-4.2.2 should refuse to build as root
Josko Plazonic
plazonic at Math.Princeton.EDU
Wed Dec 31 22:52:34 UTC 2003
Warren Togami wrote:
> This would go a long way toward discouraging the improper and
> sometimes dangerous practice of building RPMS as root.
What could help (I think a lot) is to have a sane default for %_topdir
(and some other rpm macros like %_gpg_path). Add also a script
preparing user build environment and/or more verbose error reporting by
rpm commands that care about %_topdir (when it's not there to help users
get going - though errors are probably verbose enough already for
most). Or just get rpmbuild (or rpm -Uhv src.rpm) to ask if it is ok to
create %_topdir/{SOURCES,....}.
E.g. (lame example that doesn't take in account root user,
/usr/src/redhat and many other things):
%_home_dir %(echo $HOME)
%_topdir %{_home_dir}/src
After all, I think most people begin building rpms by rebuilding or
modifying src rpms from others. If they can do that as themselves (out
of the box) they are likely to stay away from root account.
Josko P.
More information about the fedora-devel-list
mailing list