[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: No python in koji

On Sat, 18 Aug 2007 00:57:38 +0200
Axel Thimm <Axel Thimm ATrpms net> wrote:

> I think you got me there. But that just means that BRs are not to be
> macroized.

But unfortunately, as you've noticed, Rs get processed too when trying
to find BRs.  I don't know if it's possible to stop this at the rpm
level but it might be nice (:

> > > > (although isn't it fun that BuildRequires /are/ Requires in the
> > > > source rpm?)    
> > > 
> > > and you get the fact that these "Requires" are already macro
> > > expanded so no chicken/egg situation here even if the BRs had had
> > > been macroized.
> > > 
> > > So koji could do the following pseudo-code and avoid all troubles:
> > > 
> > > rpm -qRp foo-1-2.src.rpm | xargs yum --root=xxx --yes install
> > > rpmbuild --root xxx ...  
> > 
> > Where does the srpm come from?  Koji works from cvs tags to ensure
> > that what you build is actually what came from CVS, so you have to
> > construct the srpm out of the spec and sources (and oh yeah,
> > sources come from the lookaside, no trojan sources in random srpm
> > tossed in)  
> So we have trojan detection in CVS and lookaside now? ;)

Heh, well... no.  It's just slightly harder to chuck your own srpm with
your own source tarball into the build system for a "official" build.
You actually have to go through the cvs procedure where there are a few
more eyes watching.

Now, an interesting idea would be to continuously run some sort of
analyzer across the tarballs on the lookaside cache.  Would be
interesting if you could find anything there.


Jesse Keating
Fedora -- All my bits are free, are yours?

Attachment: signature.asc
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]