[Fedora-packaging] Device node packaging question

Ville Skyttä ville.skytta at iki.fi
Sat Mar 19 19:58:29 UTC 2005

tpb from Extras fails to build on FC4 due to rpmbuild 4.4 not liking the
way the device node is created.  https://bugzilla.redhat.com/151527

tpb needs the /dev/nvram node in order to function, and the users using
tpb will need to be able to read from /dev/nvram.

Opinions how to create the device node and ensure the correct
permissions?  Some approaches:

Place the device node in /etc/udev/devices, own it in the package, use
udev permissions.d for the permissions.  This is what is currently done,
but it fails due to rpmbuild no longer liking that (see the above bug
report).  And it's not that pretty anyway.  I could %ghost the node and
create it in %post, but that's even a bit uglier IMO.

How about using the /etc/udev/makedev.d functionality for creating the
node?  This has the problem that stuff in /etc/udev/permissions.d
doesn't apply to /etc/udev/makedev.d nodes (is this a bug?); instead the
node is being created with the too restrictive 0600,root,root
permissions from /etc/makedev.d/{00macros,linux-2.6.x}.  A workaround
would be to place an override in /etc/makedev.d/$something, overriding
the permissions for the nvram node in linux-2.6.x.  The MAKEDEV man page
doesn't describe how to accomplish that override or if it's possible,
but I guess naming the file something like 01-tpb-nvram would work.

The ideal way would be to create the node with restrictive permissions
as in the above, and use console.perms for granting users logged on to
the console access to the device.  However, I'm not going to do that in
the tpb package by sed'ing /etc/security/console.perms, because doing so
could have "effects" when later upgrading pam.  Instructing users to
make that modification would have essentially the same drawback.  And
console.perms.d doesn't exist :( https://bugzilla.redhat.com/135093
So, maybe suggest adding nvram to the console.perms shipped with pam?

Comments, other solutions?

More information about the Fedora-packaging mailing list