Re: RPM and tarballs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tony Nelson wrote:
> At 1:13 PM -0500 5/8/07, Mikkel L. Ellertson wrote:
>> Tony Nelson wrote:
>>> At 10:39 AM -0500 5/8/07, Mikkel L. Ellertson wrote:
>>>  ...
>>>> In the long run, I feel it is worth the extra effort to build an RPM
>>>> for the tarball package. It makes managing the packages on your
>>>> system easier. That is what packaging systems were designed for in
>>>> the first place.
>>> ISTM that a tool could make a reasonable RPM from a tarball, as long as the
>>> tarball doesn't have an install script, as all that is needed is the list
>>> of files.  Checkinstall is more dynamic and dangerous than just looking at
>>> the output of tar -t, in order to be able to handle install scripts.  Are
>>> there tools to make RPMs from tarballs that I haven't found?
>>>
>>> For that matter, RPM could install tarballs directly, if given an install
>>> root.  RPM could even usually tell when a file conflict could be treated as
>>> a config file and do the .rpmnew or .rpmsave thing.  Perhaps in the history
>>> of RPM there is a reason this did not happen, or existed and was removed?
>> As far as RPM installing from source,
>  ...
> 
> You are the first to mention "source".  We're talking about /installing/ a
> tarball, not /building/ from a tarball.
> 
The thread started with building/installing from a source tarball. I
guess I missed where we shifted to talking about binary tarballs.
They are not used too often, so you should specify that you are
talking about binary tarballs.

>> I am not sure that trying to build the option of installing from a
>> tarball is a good idea. Even though it would involve extra steps,
>> improving the tools that will create a .spec file from a tarball,
>> building the RPM, and then becoming root to install it still looks
>> like a better way to do it. It gives you an extra chance to look at
>> just what you are installing. (I can picture a few ways to hide
>> nasty scripts inside a make file, or in the RPM install scripts.)
> 
> There is no makefile.  It is a binary tarball, so make would not be
> invoked, only "cd / ; tar -xf <tarball>" (or wherever one decides to
> install it).
I fail to see any advantage of binary tarballs. You lose the
security of the RPM format. You would have to add a signature of
some type to be sure that the file isn't a fake. If you need any
scripts to go with the install, that is something else to add. I
guess I don't see the point of having rpm handle them, instead of
building a proper RPM if you want rpm to keep track of the files.

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux