proposed mock changes (diff)

Michael_E_Brown at Dell.com Michael_E_Brown at Dell.com
Mon Jul 17 16:52:35 UTC 2006


I am leaving for OLS 2006 and wont be able to do any review for the next
week.

I just caught up on the rpmlint discussion, and have a few concerns. 
	-- Security of installing just-built RPM
	-- Can rpmlint just be done outside of mock (using mock chroot,
for example)? Why do we have to extend mock for this?

--
Michael 

> -----Original Message-----
> From: fedora-buildsys-list-bounces at redhat.com 
> [mailto:fedora-buildsys-list-bounces at redhat.com] On Behalf Of 
> Clark Williams
> Sent: Monday, July 17, 2006 10:29 AM
> To: Discussion of Fedora build system
> Subject: proposed mock changes (diff)
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello all,
> 
> I was poking around in the mock source last week and did some 
> minor refactoring, a couple of name-changes and tried out the 
> rpmlint request. Attached below is a CVS diff of my mock.py 
> with the head of CVS. Please review and comment. A quick 
> summary of the changes:
> 
> 1. Changed version to 0.7.
> 2. Added code to avoid exec'ing mount for proc, sys, and 
> dev/pts if we've already done it 3. Oh yeah, added /sys to 
> chroot mount 4. Refactoring: renamed _mount to _mountall, 
> created _mount routine that is called by _mountall 5. Renamed 
> _umount_by_file to _umountall 6. Added code to run rpmlint 7. 
> Added elevate/drop around raw chroot command
> 
> I'd especially like some thought on #7, since any time you 
> elevate and drop you can introduce a security hole and I 
> freely admit that I'm not always thinking security first.
> 
> If I don't get any push-back (or if I do and then get things 
> resolved), I'll commit these later this week.
> 
> Clark
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.4 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> 
> iD8DBQFEu6y9Hyuj/+TTEp0RAgumAJ9STO3Qc/7Ca4xYNdIAifcKs4oPvACgqpDD
> zOm5eNJ1Gwsgc4KqhS8WW0s=
> =0mBy
> -----END PGP SIGNATURE-----
> 
> 




More information about the buildsys mailing list