On Thu, Jan 04, 2007, Cato Christoffer Feness wrote:
> On Sunday 10 December 2006 10:47, Ralf S. Engelschall wrote:
> > In order to be committed to the OpenPKG CVS repository, the whole
> > package specification has to pass the "openpkg dev lint" command of
> > OpenPKG-CURRENT without any warnings. If you are using the "openpkg dev"
> > development environment you can just run "openpkg dev lint" to check
> > all your sources. If you don't use "openpkg dev", you can just install
> > the "openpkg-tools" package of OpenPKG-CURRENT and run the following
> > commands while staying in your package source directory: "openpkg
> > lint-spec *.spec" and "openpkg lint-rc rc.*". Before the package doesn't
> > pass the OpenPKG "lint" commands it cannot be committed at all, so
> > silently passing the "lint" commands is a prerequisite for any package
> > to become part of OpenPKG. If you need help in resolving some "lint"
> > complains, do not hesitate to tell us here. I'll try to help you to
> > resolve all the remaining issues.
>
> I've cleaned up the spec and rc files, and the lint commands no longer
> generate warnings under OpenPKG-CURRENT or OpenPKG-2.5.
>
> The binary RPM won't build on OpenPKG-CURRENT, however. It fails while
> running 'make' under the %install section, as the Munin Makefile is
> attempting to chown some directories to the user openpkg-r ( ~ l_rusr in my
> instance).
>
> The problem seems to be that /openpkg/bin/make is run by user openpkg ( ~
> l_musr) during rpm -bb, which is not privileged to do chown.
>
> During rpm -bi, make is run by root, and everything works fine. Additonally,
> everything works fine on OpenPKG-2.5.0.
>
> I could resolve this by simply abandoning the non-privileged user scheme of
> Munin, but that seems a shame from a security point of view.
>
> If you can provide me with some info on how to proceed with this, I'd be
> grateful.
The solution is that you have to disable the chown(1) call in the "make
install" step and emulate the ownership in the %files section by adding
e.g. '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/....' to the end of
the "rpmtool files" call. See lots of other OpenPKG packages (e.g.
postfix.spec) for examples. All(!) OpenPKG packages are required to
be buildable without special privileges. For the linting it is just
required that it passed OpenPKG-CURRENT as OpenPKG 2.5 is already end of
life and new packages start their life in OpenPKG-CURRENT only.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
OpenPKG http://openpkg.org
Developer Communication List openpkg-dev@openpkg.org
