[Rpm-maint] rpm plugins

Panu Matilainen pmatilai at laiskiainen.org
Thu Dec 19 17:34:27 UTC 2013


On 12/19/2013 06:37 PM, Mimi Zohar wrote:
> On Thu, 2013-12-19 at 16:50 +0200, Panu Matilainen wrote:
>> On 12/19/2013 04:26 PM, Mimi Zohar wrote:
>>> On Thu, 2013-12-19 at 15:28 +0200, Panu Matilainen wrote:
>>>> On 12/18/2013 08:55 PM, Mimi Zohar wrote:
>>>>> Hi Panu,
>>>>>
>>>>> I'm interested in using the new plugin architecture for adding
>>>>> 'security.ima'
>>>>> extended attributes.  So far, I've cloned the rpm git repo, compiled and
>>>>> installed it, with plugins enabled.  For the time being, I've written a
>>>>> test plugin.  I would have thought that the test plugin would be called,
>>>>> when installing an rpm, but it doesn't seem to be.
>>>>>
>>>>> I've added prints to rpmpluginsCallFsmFilePre() and
>>>>> rpmpluginsCallFsmFilePost()
>>>>> that revealed plugins->count is 0.  How do I register the plugin?  Do I
>>>>> need to add something to the spec file?  Any help would be much
>>>>> appreciated!
>>>>
>>>> You need to configure and explicitly enable plugins for them to get
>>>> activated. It's a bit of a mess at the moment and the details will
>>>> almost certainly change before becoming part of any official release,
>>>> but at the moment you basically need two bits of macro configuration
>>>> (replace "myplugin" with the name of your plugin):
>>>>
>>>> # Tell rpm where to find myplugin DSO
>>>> %__transaction_myplugin %{__plugindir}/myplugin.so
>>>>
>>>> # Enable the plugin (comma-separated list)
>>>> %__transaction_plugins myplugin
      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>>>
>>> Thanks!  Is there any particular place in the spec file, that these
>>> statements belong?
>>
>> These are not spec things, they are rpm system configuration. Ie
>> something to put into /usr/lib/rpm/macros.d, /etc/rpm/* or such.
>
> 'make install' automatically adds the lines
> to /usr/local/lib/rpm/macros.
> As the plugin count is still 0, I must be missing something.
>
> #------------------------------------------------------------------------------
> # Collection specific macros
> %__plugindir            %{_libdir}/rpm-plugins
> %__collection_font      %{__plugindir}/exec.so /usr/bin/fc-cache
> %__collection_java      %{__plugindir}/exec.so /usr/bin/rebuild-gcj-db
> %__collection_sepolicy          %{__plugindir}/sepolicy.so
> %__collection_sepolicy_flags    1
>
> # Transaction plugin macros
> %__transaction_systemd_inhibit  %{__plugindir}/systemd_inhibit.so
> %__transaction_ima              %{__plugindir}/ima.so
> %__transaction_selinux          %{__plugindir}/selinux.so
> %__transaction_syslog           %{__plugindir}/syslog.so

That's the first part of the required configuration. As explained in the 
earlier mail, to actually *enable* any plugins you need to explicitly 
enable by listing them in %__transaction_plugins macro. So to enable the 
"ima" plugin you'll need to set this someplace:

%__transaction_plugins ima

"make install" does not enable any plugins, at least currently, partly 
because of the issues with manipulating the __transaction_plugins list.

	- Panu -



More information about the Rpm-maint mailing list