[Fedora-packaging] port opening and PATH modification in rpm spec file
John Dennis
jdennis at redhat.com
Wed Mar 24 11:45:49 UTC 2010
On 03/24/2010 06:47 AM, Jon Stanley wrote:
> 2010/3/23<MGandra at diskeeper.com>:
>
>> 2. Need to open a port so that our program can use it to send and
>> receive data. This also should be done from RPM while installing.
>
> Keep in mind that in the Fedora buildsystem, there will be no network
> access allowed during the build process - this defeats the purpose of
> reproducible builds if you go grab bits during the build process. I
> also agree with Manuel, you do not want to mess with iptables during
> the install - the chances for breaking something are extremely high.
The general philosophy is that installing an RPM is about laying the
bits down on disk. Small modifications to system configuration are
permitted such as adding a necessary user id. However installing an RPM
should not in most cases start services or turn on features. Think about
the case where someone installs a whole bunch of RPM's just to have them
available (yes people do this) and it would be surprising to discover
their system was now highly modified running all sorts of things, their
firewall and other security features silently modified from their
expectation, that's not a good thing.
Instead it's better for a package to install a setup script and a README
which describes what someone needs to do to activate the features in the
package. This way modifying the system configuration is an active
explicit step performed by the person administering the system.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the packaging
mailing list