RPM Community Forums

Mailing List Message of <rpm-users>

Re: rpm on OSX Lion

From: Jeffrey Johnson <n3npq@me.com>
Date: Mon 26 Mar 2012 - 16:52:21 CEST
Message-id: <43F23054-A152-40A8-A247-01ACA1BEC940@me.com>

On Mar 26, 2012, at 4:31 AM, Henri Gomez wrote:

> I can't access cvs from my corporate network right now.
> 
> Did there is nightly tar balls available somewhere ?
> 

Nope: rpm-5.4 releases are time based and monthly.
Last 2 months have been more often while I assess
what "features" are interesting of current development.

> PS: It will be great to get source as regular tar ball, .src.rpm is
> not convenient when you don't have RPM installed (even if we could
> still use cpio tricks)
> 

There's no possibility of pleasing everyone.

Meanwhile running a shell script to extract a tarball (there may be several)
from a digitally signed container, with a detached signature,
which can be automatically verified (at build, not unpacking, time) with
a probe dependency  like
	BuildRequires: signature(%SOURCEn}
or
	BuildRequires: digest(%SOURCEn) = 1234...
with a "known good" build recipe and list of configuration macros used during the
build, is rather powerful functionality that tar/cpio distribution
simply cannot match.

Meanwhile rpm2cpio.sh and rpm-5.4.7-0.201203*.src.rpm should
get you get fixed up.

73 de Jeff

> 2012/3/26 Jeffrey Johnson <n3npq@me.com>:
>> 
>> On Mar 25, 2012, at 6:06 PM, Anders F Björklund wrote:
>> 
>>> Jeffrey Johnson wrote:
>>> 
>>>>> Adding a "rpm54" port would be the most straight-forward way to include it.
>>>>> I'll see what I can do about it, should be a copy of the existing "rpm52"…
>>>>> 
>>>> 
>>>> I'd be a bit lazy about rpm54 which is quite "active" atm. Meanwhile,
>>>> rpm-5.3.11++ is "production" and "stable" and all that good stuff.
>>> 
>>> Added both, "rpm53" 5.3.11-20110602 and "rpm54" 5.4.7-20120302.
>>> 
>>> The .src.rpm format is somewhat troublesome to port, but bundled
>>> rpm2cpio.sh and extracted the tarball in a post-extract {} step.
>>> 
>> 
>> For you -- in particular -- I'll start distributing tar balls again.
>> 
>> The goal is to illustrate the benefits of *.src.rpm's because:
>>        1) there's a non-repudiable signature on the *.src.rpm and
>>        (when I work carefully) a detached signature with verification.
>>        2) there are several components collected with the build recipe
>>        3) the macros used for the build (I only do rpmbuild -bs) are in the SRPM.
>>        4) there are (rather nominal) build metrics and --short-circuit "cheater" detection.
>> 
>> I.e. distributing through a *.src.rpm is actually quietly doing WYSIWYG
>> subliminal advertising of @rpm5.org warez.
>> 
>> But if it gets to be too big a hassle, I'll pop out the tar ball and included
>> detached signature whenever you wish.
>> 
>> 73 de Jeff______________________________________________________________________
>> RPM Package Manager                                    http://rpm5.org
>> User Communication List                             rpm-users@rpm5.org
> ______________________________________________________________________
> RPM Package Manager                                    http://rpm5.org
> User Communication List                             rpm-users@rpm5.org
Received on Mon Mar 26 16:52:38 2012
Driven by Jeff Johnson and the RPM project team.
Hosted by OpenPKG and Ralf S. Engelschall.
Powered by FreeBSD and OpenPKG.