Proposal: rpm-4.2.2 should refuse to build as root

Warren Togami warren at togami.com
Wed Dec 31 12:42:00 UTC 2003 

Proposal
========
rpm-4.2.2 in rawhide and all future versions should refuse to install 
SRPMS & build packages as root by default.  Optionally add a .rpmmacro 
option to re-enable it, but only mention that option for advanced users 
on rpm.org to really discourage its use.

This would go a long way toward discouraging the improper and sometimes 
dangerous practice of building RPMS as root.  By breaking this improper 
practice, this also encourages upstream projects to fix their broken 
Makefiles to easily allow installation into a different DESTDIR [1]. 
Many repositories out there also have simply broken packages due to 
laziness [2], and they too would eventually be forced into correctness 
by this rule.  Note that fakeroot [3] seems to solve this problem, it is 
looked upon unfavorably as being suitable for use in Fedora, as it is 
only a poor excuse that further encourages improper upstream Makefiles.

[ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != / ] && rm -rf $RPM_BUILD_ROOT
This would also completely solve this silly urban legend surrounding 
this ugly construct found within many spec files.  If users cannot build 
as root, then BuildRoot being equal to "/" (which is incredibly unlikely 
to begin with) cannot destroy their system.

It is also exceedingly simple to begin using a non-root RPM build 
environment if the user is pointed to proper documentation.  Thus 
something like the following error message should display when rpmbuild 
refuses to work:

========================================================================
ERROR: rpmbuild should not run as root for security reasons.  All proper 
RPM packages should be buildable as non-root users.  If your rpmbuild 
fails as a non-root user, then it is usually a Makefile or packaging bug 
that needs to be corrected.

http://www.rpm.org/rpmbuild-nonroot
Please read this page for HOWTO easily setup your non-root rpmbuild 
environment, and tips for fixing typical Makefiles and specs to properly 
work in such non-root environments.
========================================================================

The webpage can contain Russ Herrold's script, installable within 
fedora-rpmdevtools, and equivalent packages for other distributions.

Sane idea?

Warren Togami
warren at togami.com


[1]
Broken Makefile examples
http://www.inter7.com/vpopmail.html
http://www.rhyolite.com/anti-spam/dcc/

[2]
Lazy, improper, but popular packages example
http://www.qmailtoaster.com/

[3]
fakeroot discussion at fedora.us
http://www.fedora.us/pipermail/fedora-devel/2003-December/002439.html
http://www.fedora.us/pipermail/fedora-devel/2003-December/002440.html
http://www.fedora.us/pipermail/fedora-devel/2003-December/002443.html

More information about the devel mailing list