From smoogen lanl.gov Sun Sep 21 19:07:25 2003 <br>
Date: Sat, 20 Sep 2003 22:08:40 -0600 (MDT) <br>
From: Stephen Smoogen &lt;smoogen lanl.gov&gt; <br>
Reply-To: rpm-list redhat.com <br>
To: rpm-list redhat.com <br>
Cc: bernholdtde ornl.gov <br>
Subject: rh-rpm]  Re: Are "user space" RPMs possible? <br>
 <br>
 <br>
If I am understanding your questions correctly.. it is answerable in a 
couple of parts: <br>
 <br>
1) Users building their own RPMS can do so by having a .rpmmacros file. 
Here is mine <br>
 <br>
<listing>
[smoogen smoogen1 smoogen]$ less .rpmmacros
#
# A standardized .rpmmacros file to allow for development in directories
# other than /usr/src/redhat/. Only override specific directories,
# distribution and packager. Keep compiler and such to default.
#
 
%_topdir        /home/smoogen/LANL_RPM_DVL/
%vendor         SmoogeSpace
%distribution   Smoogen Linux 1.x (RHL 7.1/7.2/7.3)
%packager       "Stephen J Smoogen (smoogen -at- lanl.gov)"
#%define __os_install_post %{nil}
</listing>
 <br>
Inside of LANL_RPM_DVL, I created a RPMS/i386, SRPMS, SPECS, SOURCES, 
and BUILD directories. <br>
 <br>
2) By making sure that your RPMS are as relocatable as possible you then
can have the users install the packages in another area that they
control. It would probably be safer for a developer to initialize their
own database and then install the packages there for testing. <br>
 <br>
3) Do not take the easy way out and set rpm setuid (I speak of this from
cleaning up too many machines where people did). RPM-intall is not code
meant to be run by anyone other than root and has probably never had the
security audit that a setuid code should have. Even if the code was 
perfectly secure it would not be safe. There is nothing in it that would 
check for a %pre, %post, etc that does a '/bin/rm -rf /' or replacing 
/etc/passwd or a billion other things.  <br>
 <br>
On Sat, 20 Sep 2003 bernholdtde ornl.gov wrote: <br>
 <br>
&gt; I'm involved in a project that's looking for a convenient way to <br>
 <br>
 <br>
--  <br>
<listing>
Stephen John Smoogen            smoogen lanl.gov
Los Alamos National Labrador  CCN-5 Sched 5/40  PH: 5-8058
Ta-03 SM-261  MailStop P208 DP 17U  Los Alamos, NM 87545
-- So shines a good deed in a weary world. = Willy Wonka --
</listing>
 <br>
_______________________________________________ <br>
Rpm-list mailing list <br>
Rpm-list redhat.com <br>
https://www.redhat./mailman/listinfo/rpm-list <br>
 <br>
<SCRIPT language="Javascript">
<!--

// FILE ARCHIVED ON 20070205235309 AND RETRIEVED FROM THE
// INTERNET ARCHIVE ON 20081202182131.
// JAVASCRIPT APPENDED BY WAYBACK MACHINE, COPYRIGHT INTERNET ARCHIVE.
// ALL OTHER CONTENT MAY ALSO BE PROTECTED BY COPYRIGHT (17 U.S.C.
// SECTION 108(a)(3)).

   var sWayBackCGI = "http://web.archive.org/web/20070205235309/";

   function xResolveUrl(url) {
      var image = new Image();
      image.src = url;
      return image.src;
   }
   function xLateUrl(aCollection, sProp) {
      var i = 0;
      for(i = 0; i < aCollection.length; i++) {
         var url = aCollection[i][sProp];         if (typeof(url) == "string") { 
          if (url.indexOf("mailto:") == -1 &&
             url.indexOf("javascript:") == -1
             && url.length > 0) {
            if(url.indexOf("http") != 0) {
                url = xResolveUrl(url);
            }
            url = url.replace('.way_back_stub','');
            aCollection[i][sProp] = sWayBackCGI + url;
         }
         }
      }
   }

   xLateUrl(document.getElementsByTagName("IMG"),"src");
   xLateUrl(document.getElementsByTagName("A"),"href");
   xLateUrl(document.getElementsByTagName("AREA"),"href");
   xLateUrl(document.getElementsByTagName("OBJECT"),"codebase");
   xLateUrl(document.getElementsByTagName("OBJECT"),"data");
   xLateUrl(document.getElementsByTagName("APPLET"),"codebase");
   xLateUrl(document.getElementsByTagName("APPLET"),"archive");
   xLateUrl(document.getElementsByTagName("EMBED"),"src");
   xLateUrl(document.getElementsByTagName("BODY"),"background");
   xLateUrl(document.getElementsByTagName("TD"),"background");
   xLateUrl(document.getElementsByTagName("INPUT"),"src");
   var forms = document.getElementsByTagName("FORM");
   if (forms) {
       var j = 0;
       for (j = 0; j < forms.length; j++) {
              f = forms[j];
              if (typeof(f.action)  == "string") {
                 if(typeof(f.method)  == "string") {
                     if(typeof(f.method) != "post") {
                        f.action = sWayBackCGI + f.action;
                     }
                  }
              }
        }
    }


//-->
</SCRIPT>