On Mar 26, 2012, at 4:31 AM, Henri Gomez wrote:
> I can't access cvs from my corporate network right now.
>
> Did there is nightly tar balls available somewhere ?
>
Nope: rpm-5.4 releases are time based and monthly.
Last 2 months have been more often while I assess
what "features" are interesting of current development.
> PS: It will be great to get source as regular tar ball, .src.rpm is
> not convenient when you don't have RPM installed (even if we could
> still use cpio tricks)
>
There's no possibility of pleasing everyone.
Meanwhile running a shell script to extract a tarball (there may be several)
from a digitally signed container, with a detached signature,
which can be automatically verified (at build, not unpacking, time) with
a probe dependency like
BuildRequires: signature(%SOURCEn}
or
BuildRequires: digest(%SOURCEn) = 1234...
with a "known good" build recipe and list of configuration macros used during
the
build, is rather powerful functionality that tar/cpio distribution
simply cannot match.
Meanwhile rpm2cpio.sh and rpm-5.4.7-0.201203*.src.rpm should
get you get fixed up.
73 de Jeff
> 2012/3/26 Jeffrey Johnson <n3...@me.com>:
>>
>> On Mar 25, 2012, at 6:06 PM, Anders F Björklund wrote:
>>
>>> Jeffrey Johnson wrote:
>>>
>>>>> Adding a "rpm54" port would be the most straight-forward way to include
>>>>> it.
>>>>> I'll see what I can do about it, should be a copy of the existing "rpm52"…
>>>>>
>>>>
>>>> I'd be a bit lazy about rpm54 which is quite "active" atm. Meanwhile,
>>>> rpm-5.3.11++ is "production" and "stable" and all that good stuff.
>>>
>>> Added both, "rpm53" 5.3.11-20110602 and "rpm54" 5.4.7-20120302.
>>>
>>> The .src.rpm format is somewhat troublesome to port, but bundled
>>> rpm2cpio.sh and extracted the tarball in a post-extract {} step.
>>>
>>
>> For you -- in particular -- I'll start distributing tar balls again.
>>
>> The goal is to illustrate the benefits of *.src.rpm's because:
>> 1) there's a non-repudiable signature on the *.src.rpm and
>> (when I work carefully) a detached signature with verification.
>> 2) there are several components collected with the build recipe
>> 3) the macros used for the build (I only do rpmbuild -bs) are in the
>> SRPM.
>> 4) there are (rather nominal) build metrics and --short-circuit
>> "cheater" detection.
>>
>> I.e. distributing through a *.src.rpm is actually quietly doing WYSIWYG
>> subliminal advertising of @rpm5.org warez.
>>
>> But if it gets to be too big a hassle, I'll pop out the tar ball and included
>> detached signature whenever you wish.
>>
>> 73 de
>> Jeff______________________________________________________________________
>> RPM Package Manager http://rpm5.org
>> User Communication List rpm-users@rpm5.org
> ______________________________________________________________________
> RPM Package Manager http://rpm5.org
> User Communication List rpm-users@rpm5.org
______________________________________________________________________
RPM Package Manager http://rpm5.org
User Communication List rpm-users@rpm5.org
