[Rpm-maint] [rpm-software-management/rpm] RFE: ensure unwritable buildroot during %check (Issue #3010)

Dmitry Mikhirev notifications at github.com
Thu Apr 18 14:24:30 UTC 2024


There are simpler ways to ensure that `%check` stage does not affect files in the build directory. E.g. we could use an overlayed filesystem (overlayfs, aufs etc.) to mount an empty directory on top of the build directory before executing `%check` but use the original build directory for `%install`. This will have much lower overhead than hashing, but this is unportable between different OSes and will add new dependencies. And I still think this does not solve the real issue because altering binaries will remain possible at `%build` and `%install` stages. A completely different approach is required to avoid this.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3010#issuecomment-2064001168
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/3010/2064001168 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240418/788696a5/attachment.html>


More information about the Rpm-maint mailing list