RPM Community Forums

Mailing List Message of <rpm-users>

Re: Glibc %post

From: Jeff Johnson <n3npq@mac.com>
Date: Sat 19 Jun 2010 - 16:48:08 CEST
Message-id: <01469FB6-FC94-41FF-A0B2-3F0BDB353783@mac.com>

On Jun 19, 2010, at 10:36 AM, Eric MSP Veith wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Friday 18 June 2010, Jeff Johnson <n3npq@mac.com> wrote:
>>> - ---%<---
>>> %post -p <lua>
>>> os.execute("/sbin/ldconfig")
>>> - --->%---
>> 
>> Oooh, nicely done! That's so much easier than the
>> insanity within the statically linked glibc %post
>> that is traditionally used.
> 
> I just ate my own dog food and upgraded glibc-2.7 to eglibc-2.11 on my 
> workstation while KDE and everything was running. It worked! :-)
> 
>> FWIW, all scriptlet bodies are macro expanded so this SHOULD work:
>> - ---%<---
>> %post -p <lua>
>> os.execute("%{__ldconfig}")
>> - --->%---
> 
> I'll try it out at another occasion. My TODO file holds the bare-metal 
> buildroot thingy as next priority item. Btw, I added my package building key 
> to keys.rpm5.org. Now that it's there, will RPM5 > 5.1.9 automatically check 
> for the key whenever it encounters signed packages?
> 

The HKP retrieval is automated in rpm-5.3.1, not earlier.

(aside)
Well all versions of RPM back to rpm-4.4.2 have been able to
fetch pubkeys from HKP servers.

What is different in 5.3.1 is
    1) pubkeys are validated by verifying pubkey signatures, invalid/unsigned
	pubkeys are rejected.
    2) expired/revoked pubkeys (and signatures) are handled
    3) the bandwidth usage (and network outages) and other
	mysteries of automating pubkey retrieval are more carefully handled.'
	E.g. a pubkey retrieval will be attempted _EXACTLY once,
    4) issues of persistence and "trust" and
	    Do you really want to import a pubkey from blah-blah(yN)?
	are avoided by using pubkeys ephemerally, i.e. they retrieved
	pubkeys are _ONLY_ used by RPM to verify integrity while installing,
	no other usage for what are, in fact, P-U-B-L-I-C keys, not
	the PIN to your bank account, or other more serious security matters.

>> Congrats seem to be in order. Congrats!
> 
> Thanks! Dunno whether I can still "lose". I hope for a good evaluation. :-)
> 

Good luck!

73 de Jeff
Received on Sat Jun 19 16:48:29 2010
Driven by Jeff Johnson and the RPM project team.
Hosted by OpenPKG and Ralf S. Engelschall.
Powered by FreeBSD and OpenPKG.