[Fedora-packaging] Refining today's "don't touch system fs" guideline

Axel Thimm Axel.Thimm at ATrpms.net
Thu Oct 12 18:20:03 UTC 2006 

We voted today on

  "Build scripts of packages (%prep, %build, %install and %check) may
   only alter files (create, modify, delete) under %{buildroot},
   %{_builddir} and valid temporary locations like /tmp, /var/tmp (or
   $TMPDIR or %{_tmppath} as set by the rpmbuild process).

  Further clarification: That should hold true irrespective of the
  builder's uid"

But after thinking about it I'm not quite happy now. Since we go into
details naming what the build scripts are, we should make clear
that they are not equal in what they may or may not do. For example
%{buildroot} should only be modified by %install, not %prep/%build and
%check.

How about extending the rule and having a root/non-root rule, too,
e.g.

o Package builds should yield the same results irrespective of the
  packaging process' uid/gid, for example builds under root and
  non-root users should behave the same.

o Build scripts of packages (%prep, %build, %install and %check) may
  only alter files (create, modify, delete) under %{buildroot},
  %{_builddir} and valid temporary locations like /tmp, /var/tmp (or
  $TMPDIR or %{_tmppath} as set by the rpmbuild process).
  %{buildroot} should only be allowed to be altered in %install
  scripts.

  Note I: The first part of this rule is automatically
  fulfilled for typical non-user build process uids but the packager
  should not rely on that, since users may rebuild the src.rpm under
  root

  Note II: As a consequence $HOME and similar parts of the filesystem
  are not to be used directly. Of course some of the allowed write
  spaces like the builddir, buildroot or $TMPDIR may have been placed
  under $HOME, so indirectly a user may be writing under $HOME, but
  direct access to parts under $HOME are strictly forbidden.

  Note III: Cheating with relative paths (".." escapes) grants you a
  ticket to packaging hell.
-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-packaging/attachments/20061012/204ec3ed/attachment.sig>

More information about the Fedora-packaging mailing list