PackagingDraft/ScriptletsWriteDirs

From FedoraProject

Jump to: navigation, search

It only makes sense to populate %buildroot during install, as we're already asking %install and %clean to prune the %buildroot.

Furthermore abusing the %buildroot during %prep and %build may have issues with stepped rpmbuilds ("short-circuited") and a non-deterministic choice in the buildroot (e.g. one that contains a random component).

Scriplets are only allowed to write in certain directories (current)

Build scripts of packages (%prep, %build, %install and %check) may only alter files (create, modify, delete) under %{buildroot}, %{_builddir} and valid temporary locations like /tmp, /var/tmp (or $TMPDIR or %{_tmppath} as set by the rpmbuild process).

Further clarification: That should hold true irrespective of the builder's uid

Scriplets are only allowed to write in certain directories (proposed)

Build scripts of packages (%prep, %build, %install, %check and %clean) may only alter files (create, modify, delete) under %{buildroot}, %{_builddir} and valid temporary locations like /tmp, /var/tmp (or $TMPDIR or %{_tmppath} as set by the rpmbuild process) according to the following matrix

/tmp, /var/tmp, $TMPDIR, %{_tmppath}  %{_builddir}  %{buildroot}
%prep yes yes no
%build yes yes no
%install yes yes yes
%check yes yes no
%clean yes yes yes

Further clarification: That should hold true irrespective of the builder's uid.