[Rpm-maint] rpm plugins

Panu Matilainen pmatilai at laiskiainen.org
Thu Dec 19 14:50:50 UTC 2013


On 12/19/2013 04:26 PM, Mimi Zohar wrote:
> On Thu, 2013-12-19 at 15:28 +0200, Panu Matilainen wrote:
>> On 12/18/2013 08:55 PM, Mimi Zohar wrote:
>>> Hi Panu,
>>>
>>> I'm interested in using the new plugin architecture for adding
>>> 'security.ima'
>>> extended attributes.  So far, I've cloned the rpm git repo, compiled and
>>> installed it, with plugins enabled.  For the time being, I've written a
>>> test plugin.  I would have thought that the test plugin would be called,
>>> when installing an rpm, but it doesn't seem to be.
>>>
>>> I've added prints to rpmpluginsCallFsmFilePre() and
>>> rpmpluginsCallFsmFilePost()
>>> that revealed plugins->count is 0.  How do I register the plugin?  Do I
>>> need to add something to the spec file?  Any help would be much
>>> appreciated!
>>
>> You need to configure and explicitly enable plugins for them to get
>> activated. It's a bit of a mess at the moment and the details will
>> almost certainly change before becoming part of any official release,
>> but at the moment you basically need two bits of macro configuration
>> (replace "myplugin" with the name of your plugin):
>>
>> # Tell rpm where to find myplugin DSO
>> %__transaction_myplugin %{__plugindir}/myplugin.so
>>
>> # Enable the plugin (comma-separated list)
>> %__transaction_plugins myplugin
>
> Thanks!  Is there any particular place in the spec file, that these
> statements belong?

These are not spec things, they are rpm system configuration. Ie 
something to put into /usr/lib/rpm/macros.d, /etc/rpm/* or such.

>
>> The latter part is the problematic one as there's no way to just "drop
>> in" a plugin and have it work, more thoughts on the subject at least
>> here: http://lists.rpm.org/pipermail/rpm-maint/2013-March/003513.html
>
> Agreed.  Installing LSM labels shouldn't be package dependent, but
> system dependent.  Somehow the plugins need to register themselves.

Yup. It needs a mechanism similar to what is used to discover file 
attribute macros to allow drop-in enabling.

	- Panu -



More information about the Rpm-maint mailing list