[Rpm-maint] [rpm-software-management/rpm] spec file preprocessing on rpm level (#1472)

Demi Marie Obenour notifications at github.com
Fri Jan 28 16:49:36 UTC 2022


> > If this is to be integrated into RPM, it needs to have clear semantics and escaping rules, and those rules need to be compatible with those of RPM. Code generators targeting RPM already know to escape % wherever it appears. It should also be opt-in.
> 
> I think semantics should be quite clear - everything inside `{{{ <x> }}}` is passed to bash interpreter and stdout of the executed command(s) replaces the `{{{ <x> }}}`. preproc allows you to specify libraries of functions (macros) that should be available inside `{{{ }}}` tags through `-s` param. You can pass everything that is to be find in a certain dir (so basically when user installs certain package with preproc macros - they would become immediately available to rpm). You can make a certain variable shared across all subsequent `{{{ }}}` tags by exporting it (e.g. `{{{ export FOO=bar }}}` - this can be used to maintain state between the tags)

Consider a tool that generates changelogs from user-provided input.  Changelogs are not executable in any way, so even if they come from untrusted sources, it should be sufficient to ensure they are properly escaped, well-formed, and only contain printable ASCII.  A preprocessor like you mentioned breaks this assumption.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1472#issuecomment-1024411987
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/1472/1024411987 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220128/529fde42/attachment-0001.html>


More information about the Rpm-maint mailing list