[Rpm-maint] rpm plugins
Mimi Zohar
zohar at linux.vnet.ibm.com
Thu Dec 19 18:17:28 UTC 2013
On Thu, 2013-12-19 at 19:34 +0200, Panu Matilainen wrote:
> On 12/19/2013 06:37 PM, Mimi Zohar wrote:
> > On Thu, 2013-12-19 at 16:50 +0200, Panu Matilainen wrote:
> >> On 12/19/2013 04:26 PM, Mimi Zohar wrote:
> >>> On Thu, 2013-12-19 at 15:28 +0200, Panu Matilainen wrote:
> >>>> On 12/18/2013 08:55 PM, Mimi Zohar wrote:
> >>>>> Hi Panu,
> >>>>>
> >>>>> I'm interested in using the new plugin architecture for adding
> >>>>> 'security.ima'
> >>>>> extended attributes. So far, I've cloned the rpm git repo, compiled and
> >>>>> installed it, with plugins enabled. For the time being, I've written a
> >>>>> test plugin. I would have thought that the test plugin would be called,
> >>>>> when installing an rpm, but it doesn't seem to be.
> >>>>>
> >>>>> I've added prints to rpmpluginsCallFsmFilePre() and
> >>>>> rpmpluginsCallFsmFilePost()
> >>>>> that revealed plugins->count is 0. How do I register the plugin? Do I
> >>>>> need to add something to the spec file? Any help would be much
> >>>>> appreciated!
> >>>>
> >>>> You need to configure and explicitly enable plugins for them to get
> >>>> activated. It's a bit of a mess at the moment and the details will
> >>>> almost certainly change before becoming part of any official release,
> >>>> but at the moment you basically need two bits of macro configuration
> >>>> (replace "myplugin" with the name of your plugin):
> >>>>
> >>>> # Tell rpm where to find myplugin DSO
> >>>> %__transaction_myplugin %{__plugindir}/myplugin.so
> >>>>
> >>>> # Enable the plugin (comma-separated list)
> >>>> %__transaction_plugins myplugin
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> >>>
> >>> Thanks! Is there any particular place in the spec file, that these
> >>> statements belong?
> >>
> >> These are not spec things, they are rpm system configuration. Ie
> >> something to put into /usr/lib/rpm/macros.d, /etc/rpm/* or such.
> >
> > 'make install' automatically adds the lines
> > to /usr/local/lib/rpm/macros.
> > As the plugin count is still 0, I must be missing something.
> >
> > #------------------------------------------------------------------------------
> > # Collection specific macros
> > %__plugindir %{_libdir}/rpm-plugins
> > %__collection_font %{__plugindir}/exec.so /usr/bin/fc-cache
> > %__collection_java %{__plugindir}/exec.so /usr/bin/rebuild-gcj-db
> > %__collection_sepolicy %{__plugindir}/sepolicy.so
> > %__collection_sepolicy_flags 1
> >
> > # Transaction plugin macros
> > %__transaction_systemd_inhibit %{__plugindir}/systemd_inhibit.so
> > %__transaction_ima %{__plugindir}/ima.so
> > %__transaction_selinux %{__plugindir}/selinux.so
> > %__transaction_syslog %{__plugindir}/syslog.so
>
> That's the first part of the required configuration. As explained in the
> earlier mail, to actually *enable* any plugins you need to explicitly
> enable by listing them in %__transaction_plugins macro. So to enable the
> "ima" plugin you'll need to set this someplace:
>
> %__transaction_plugins ima
>
> "make install" does not enable any plugins, at least currently, partly
> because of the issues with manipulating the __transaction_plugins list.
Creating "/usr/local/etc/rpm/macros.plugins" resolved the problem.
Multiple plugins, including my test plugin, are now being installed.
# cat /usr/local/etc/rpm/macros.plugins
%__transaction_plugins syslog,selinux,test
thanks!
Mimi
More information about the Rpm-maint
mailing list