Just when you thought this is not the RedHat list (in fact, I am sending these messages to the qmaildist list, but I do not know of any other subscribers there). I have an idea to make a qmail rpm that might satisfy Dan, and that would also make it possible to use stock rpm to verify the binaries. The only unsatisfying aspect is that the names of the qmail users/groups have to be fixed (but is there anybody out there who changed the default?!); but I think even that can be remedied with extra complications. Please let me know what you think. First let me remark that idedit is the binary editor Dan includes in the qmail distribution. idedit does two things: 1) Adds the qmail users/groups if they do not exist on the system. 2) Edits the appropriate binaries to specify the local uids/gids. I will call the binaries/programs that need to be treated with idedit, the bad binaries. The var-qmail package needs two binary rpms. The first one would contain the bad binaries, the second would contain the rest of var-qmail. The first rpm contains two files: a tar file containing the bad binaries and idedit, and a spec file for a further rpm (call it 1A rpm). This first rpm just installs the tar file and the spec file (the two files could have %missingok attributes). In the %post script do this -- Untar the tar file to /usr/src/redhat/SOURCES. -- Run idedit on the binaries. After this, build the 1A rpm by running rpm -bb on the spec file installed by the first rpm, and then install 1A. All 1A does is create /var/qmail/bin and put the bad binaries in there. As for the second rpm: it will install the rest of var-qmail. So you see, to verify the whole var-qmail package, you can use the second rpm and 1A. Finally, instead of 2+1 rpms, one could get away with 1. Sketch: In the %pre section the qmail/users would be added if they do not exist. In the %file section, the bad binaries along with idedit will have the directive %verify(not md5 mtime) In the %post section, run idedit on the bad binaries, and create/record md5, record mtime for the bad binaries. Finally, in a %verifyscript, check md5 and mtime for the bad binaries. My personal preference is teh 2+1 rpm version, because I just use builtin stuff from rpm and idedit. Mate
