OpenPKG Specs / annotate

openpkg/rpmpopt@0ba300bdf30a (annotated)

openpkg/rpmpopt

Mon, 20 Apr 2009 19:22:00 +0200

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Mon, 20 Apr 2009 19:22:00 +0200
changeset 178
0ba300bdf30a
child 428
f880f219c566
permissions
-rw-r--r--

Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.

michael@13 1 ##
michael@13 2 ## rpmpopt -- OpenPKG RPM POPT Configuration
michael@13 3 ## Copyright (c) 2000-2007 OpenPKG Foundation e.V. <http://openpkg.net/>
michael@13 4 ## Copyright (c) 2000-2007 Ralf S. Engelschall <http://engelschall.com/>
michael@13 5 ##
michael@13 6 ## Permission to use, copy, modify, and distribute this software for
michael@13 7 ## any purpose with or without fee is hereby granted, provided that
michael@13 8 ## the above copyright notice and this permission notice appear in all
michael@13 9 ## copies.
michael@13 10 ##
michael@13 11 ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
michael@13 12 ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
michael@13 13 ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
michael@13 14 ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
michael@13 15 ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
michael@13 16 ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
michael@13 17 ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
michael@13 18 ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
michael@13 19 ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
michael@13 20 ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
michael@13 21 ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
michael@13 22 ## SUCH DAMAGE.
michael@13 23 ##
michael@13 24 ## The purpose of this configuration file is to extend and override
michael@13 25 ## the "rpmpopt" directives in the default RPM POPT configuration with
michael@13 26 ## OpenPKG specific extensions and adjustments.
michael@13 27 ##
michael@13 28
michael@13 29 # backward compatibility for old RPM extensions
michael@13 30 rpm exec --stowaway echo "install \"openpkg-tools\" and use \"openpkg stowaway\" now please."
michael@13 31 rpm exec --makeproxy echo "install \"openpkg-tools\" and use \"openpkg makeproxy\" now please."
michael@13 32 rpm exec --fetch echo "install \"openpkg-tools\" and use \"openpkg fetch\" now please."
michael@13 33
michael@13 34 # RPM exentsion: "rpm -bs --[no]restriction"
michael@13 35 rpm alias --restriction --define "restriction yes" \
michael@13 36 --POPTdesc=$"exclude %NoSource files in .src.rpm"
michael@13 37 rpm alias --norestriction --define "restriction no" \
michael@13 38 --POPTdesc=$"include %NoSource files in .src.rpm"
michael@13 39
michael@13 40 # RPM extension: "rpm --with[out] <name>"
michael@13 41 rpm alias --with --define "with_!#:+ yes" \
michael@13 42 --POPTdesc=$"set '%option with_<name> yes'" \
michael@13 43 --POPTargs=$"<name>"
michael@13 44 rpm alias --without --define "with_!#:+ no" \
michael@13 45 --POPTdesc=$"set '%option with_<name> no'" \
michael@13 46 --POPTargs=$"<name>"
michael@13 47
michael@13 48 # RPM extension: "rpm --option <name> <value>"
michael@13 49 rpm alias --option --define "!#:+ !#:+" \
michael@13 50 --POPTdesc=$"set '%option <name> <value>'" \
michael@13 51 --POPTargs=$"<name> <value>"
michael@13 52
michael@13 53 # RPM extension: "rpm --tag <string>"
michael@13 54 rpm alias --tag --define "l_tag_fmt !#:+" \
michael@13 55 --POPTdesc=$"set 'binary package filename tag'" \
michael@13 56 --POPTargs=$"<string>"
michael@13 57
michael@13 58 # RPM extension: "rpm --db-{build,rebuild,cleanup,fixate}"
michael@13 59 rpm exec --db-build rpmdb --build \
michael@13 60 --POPTdesc=$"RPM database administration: build new database (destructive operation; you have to know what you are doing)"
michael@13 61 rpm exec --db-rebuild rpmdb --rebuild \
michael@13 62 --POPTdesc=$"RPM database administration: rebuild new from old database (upgrading operation; reasonable after upgrades or on DB corruption)"
michael@13 63 rpm exec --db-cleanup rpmdb --cleanup \
michael@13 64 --POPTdesc=$"RPM database administration: cleanup existing database (cleaning operation; reasonable after DB out-of-sync situations)"
michael@13 65 rpm exec --db-fixate rpmdb --fixate \
michael@13 66 --POPTdesc=$"RPM database administration: fixate existing database (harmless operation; for fixating files only)"
michael@13 67
michael@13 68 # RPM extension: "rpm --db-private ..."
michael@13 69 rpm alias --db-private --define "_rpmdb_private yes" \
michael@13 70 --POPTdesc=$"operate RPM database in Berkeley-DB DB_PRIVATE mode"
michael@13 71
michael@13 72 # RPM extension: "rpm --track"
michael@13 73 rpm alias --track -bt \
michael@13 74 --POPTdesc=$"run package vendor source tracking script (%track)"
michael@13 75
michael@13 76 # RPM extension: "rpm --track-dump"
michael@13 77 rpm alias --track-dump -bt --define '___track_dump yes' \
michael@13 78 --POPTdesc=$"dump the vendor source tracking script (%track)"
michael@13 79
michael@13 80 # RPM extension: "rpm --test"
michael@13 81 rpm alias --test -q --qf '%{TEST}\n' \
michael@13 82 --pipe "grep -v \(none\) | @l_prefix@/lib/openpkg/bash" \
michael@13 83 --POPTdesc=$"run package run-time test script (%test)"
michael@13 84
michael@13 85 # RPM adjustment: "rpm --setperms ..."
michael@13 86 rpm alias --setperms -q --qf \
michael@13 87 '[\[ -h %{FILENAMES:shescape} \] || chmod %7.7{FILEMODES:octal} %{FILENAMES:shescape}\n]' \
michael@13 88 --pipe "grep -v '(none)' | sed 's/chmod .../chmod /' | @l_prefix@/lib/openpkg/bash" \
michael@13 89 --POPTdesc=$"set permissions of files in a package"
michael@13 90
michael@13 91 # RPM adjustment: "rpm --setugids ..."
michael@13 92 rpm alias --setugids -q --qf \
michael@13 93 '[run %{FILEUSERNAME:shescape} %{FILEGROUPNAME:shescape} %{FILENAMES:shescape}\n]' \
michael@13 94 --pipe "(echo 'run () { chown -- \"$1\" \"$3\"; chgrp -- \"$2\" \"$3\"; }'; grep -v '(none)') | @l_prefix@/lib/openpkg/bash" \
michael@13 95 --POPTdesc=$"set user/group ownership of files in a package"
michael@13 96
michael@13 97 # RPM adjustment: improved and cleaned up "rpm -i/--info"
michael@13 98 rpmq alias --info --qf '\
michael@13 99 Name: %-25{NAME} Source RPM: %{SOURCERPM}\n\
michael@13 100 Version: %-25{VERSION} Signature: %|DSAHEADER?{dsa:%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{rsa:%{RSAHEADER:pgpsig}}:{%|SIGGPG?{gpg:%{SIGGPG:pgpsig}}:{%|SIGPGP?{pgp:%{SIGPGP:pgpsig}}:{%|SIGMD5?{md5:%{SIGMD5}}:{(none)}|}|}|}|}|\n\
michael@13 101 Release: %-25{RELEASE} Build Host: %{BUILDHOST}\n\
michael@13 102 Group: %-25{GROUP} Build System: %{ARCH}-%{OS}\n\
michael@13 103 Class: %-25{CLASS} Build Time: %{BUILDTIME:date}\n\
michael@13 104 Distrib: %-25{DISTRIBUTION} Install Time: %|INSTALLTIME?{%{INSTALLTIME:date}}:{(not installed)}|\n\
michael@13 105 License: %-25{LICENSE} Install Size: %{SIZE} bytes\n\
michael@13 106 Packager: %-25{PACKAGER} Relocations: %|PREFIXES?{[%{PREFIXES} ]}:{(not relocateable)}|\n\
michael@13 107 Vendor: %{VENDOR}\n\
michael@13 108 Summary: %{SUMMARY}\n\
michael@13 109 URL: %{URL}\n\
michael@13 110 Description:\n%{DESCRIPTION}\n\
michael@13 111 %|PROVIDENAME?{Provides:\n\
michael@13 112 [ %{PROVIDENAME} %|PROVIDEFLAGS?{%{PROVIDEFLAGS:depflags} %{PROVIDEVERSION}}:{}|\n]}:{}|\
michael@13 113 ' --POPTdesc=$"list descriptive information from package(s)"
michael@13 114

Mercurial Repository: OpenPKG Specs

Europalab SCM Repository Server

mercurial