"Mike A. Harris" wrote:
> Because I have done so for several years with no problems until
> last week when I had a "rpm --rebuild" delete several
> subdirectories on my filesystem during "%clean" stage. RPM
> should IMHO do anything it does in a chroot()'d jail. Making a
> user called "rpm" and setting up rpm to build packages as that
> user, is much safer, ESPECIALLY when constructing and debugging
> your own packages.
>
> So, yes. Security, and safety. _Even_ if you trust the
> sources. It is easy to make a mistake in a spec file and kiss
> everything goodbye.
When building as a regular user, how do you get the packages to install
files owned by root?
When I first started building packages I did it as root, then I found
out that if I "chown ivanj: -R /usr/src/redhat" I could build as ivanj
without any problems (AFAIK), until one day someone else installed one
of my packages. Then I noticed that the files it was installing were
owned by ivanj. (they didn't have a user ivanj, so it said "ivanj: no
such user", or something like that) Then I started building as root
again.
Is this solved in newer versions of rpm, or should I give rpm some other
parameters? (other than "-bb <package>")
--
Ivan Jager
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
