[Rpm-maint] [rpm-software-management/rpm] RFE: allow clamping username and permissions for source RPMs (Issue #2604)
Neil Hanlon
notifications at github.com
Fri Aug 4 11:04:09 UTC 2023
when building a source RPM, the username and filesystem permissions from the build host are preserved and end up propagating to a machine you extract them onto, e.g.. To be able to reproduce SRPMs, we should have predictable conventions for the permissions and ownership of files.
The idea we have come up with in the reproducibility hackfest was to adopt a git-style model of permission storage, i.e., dropping most information about the unix permissions. This model also just makes more sense, overall, for what source RPMS are.
Additionally, it would be useful to clamp the ownership of the files to root:root--though this will necessitate ensuring that the applications which work with RPM input/output respect this clamping and change the permissions if a user extracts or installs it. (Namely, we don't want a user to install an RPM with files they cannot touch or see)
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2604
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/2604 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230804/b5c75bcc/attachment.html>
More information about the Rpm-maint
mailing list