This type is needed to verify the primary binding signature embedded in subkey
binding signatures.
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/3051
-- Commit Summary --
* Add the Primary Binding pgp signature type
--
Yup. Note "ideally" in there - this is stuff to explore with, and indeed for
packaging hygiene reasons rather than any "security" thing.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3050#issuecomment-2065908096
You are receiving
> %install should run with a read-only build directory
I don't think this is going to work. E.g. autotoolz-based systems (something in
the autotools, automake, libconf stack) do final preparation steps in the
install target. I think this is inelegant, but not really "wrong". Old meson
versions
Closing in favor of a more generic #3050
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3010#issuecomment-2065857806
You are receiving this because you are subscribed to this thread.
Message ID:
Closed #3010 as completed.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3010#event-12533384975
You are receiving this because you are subscribed to this thread.
Message ID:
___
Rpm-maint
Ideally, the build scriptlets would be isolated from each other:
- %prep unpacks the source, and %build takes place in a separate directory
against a read-only source. Obviously not all software can be built outside the
source tree, but this would be a nice addon to vpath builds (#2985)
-
Rpm already hashes any packaged content cryptographically (SHA256 by default),
any such mechanism should utilize that to minimize the extra cost.
But this seems like a big extra cost with limited benefit, we're more
interested in *preventing* writes across the different stages.
--
Reply to
Seems I've managed to throroughly confuse myself with the recent split :joy:
So yup, we still need to support the internal parser in 4.19.x but *this*
change is not there, and while we still have openssl-related code in >= 4.20,
DSA is not part of it.
--
Reply to this email directly or view
This is not about "preventing XZ", it's just somewhat inspired by it.
I really don't know why multiple people are arguing against rpm looking to do
some extra packaging hygiene enforcement here. In a similar vein, rpm would
prefer an unwritable build directory during %install.
Hashing the