My [comment][1] in #3010 is relevant for this issue too.
[1]:
https://github.com/rpm-software-management/rpm/issues/3010#issuecomment-2060781335
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/3009#discussioncomment-9140068
You
That mock does something is not a reason to not improve rpmbuild security and
package/packaging sanity enforcement. A test-suite modifying what gets packaged
is simply *horribly wrong*, even if it's by accident. If we can catch that,
then we should. That's a no-brainer to me.
--
Reply to this
When you run rpmbuild directly I would argue that you do not care about
security already :) I guess it will be hard for rpmbuild to handle remounts for
you. While it is no brainer for Mock.
What mock will need to have in rpm implemented is:
1) rpmbuild -ba --nocheck foo.spec # this already
Opened https://github.com/rpm-software-management/rpm/issues/3010 as well.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/3009#discussioncomment-8980509
You are receiving this because you are subscribed to this thread.
Message
We've been entertaining ideas to this direction before the xz incident, eg
#2985 (for read-only source) and #2989. Read-only buildroot would be a logical
extension of this. Some of these things are stepping into "mock territory", but
then people still *do* run rpmbuild through other means as
Another option can be as simple as backing up the entire directory prior to
`%check` and use the CoW feature in xfs to optimize the operation. Then,
restore it. It may actually be a lot simpler, and would require less
permissions. It is basically the `cp -ar --reflink=always ...`
--
Reply
Is this project the right place to put this discussion and make an issue?
Should it be `mock` instead?
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/3009#discussioncomment-8977797
You are receiving this because you are
https://github.com/rpm-software-management/mock/issues/1352
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/3009#discussioncomment-8974586
You are receiving this because you are subscribed to this thread.
Message ID:
Yeah, it would be interesting for sure.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/3009#discussioncomment-8974419
You are receiving this because you are subscribed to this thread.
Message ID: