Re: [Rpm-maint] [rpm-software-management/rpm] Implement configurable, mandatory signature/digest verify level for rpm -K (ac280c4)
Congratulations on a nice job! I could quibble with details and approach, but replacing the insanity of "best effort" verification with a configurable policy driven mechanism is a HGE amount of work. Been there, done that ;-) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/commit/ac280c42e3071cf46f3c4ea5fba2244c89a5cea9#commitcomment-28774565___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RFC: rpmlib efi provides (#438)
There is (perhaps) a way to use the context of the dependency assertion resolution to choose between two means of dependency resolution: 1) a namespace encapsulated virtual provide (think: Provides: system(EFI) in some package) 2) a Boolean valued dependency probe function (think: your implementation that tests if a path is a directory) And then use the virtual provide when dealing with added/removed packages but otherwise use the Boolean valued probe function. Disclaimer: I'd need to diddle a bit of code to see whether the above complexity might address the major complaint against runtime/dynamic/probe dependencies as described previously. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/438#issuecomment-385098028___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RFC: rpmlib efi provides (#438)
The problem with probes (like your patch) is that RPM is attempting to run a dependency assertion checker whose values are known at the end of an installation, not at the beginning, by also checking added packages. Since a /sys path is dependent on both a kernel capability as well as the mount being performed, and there are no details contained in added package metadata to help resolve the probe dependency, there likely would need to be disablers on the probe namespace when rpmtsCheck() is called to permit, say, the transition from a non-uefi -> a uefi based system that contained a probe dependency. I personally do not think that the inability to resolve a probe dependency against added packages or depsolver metadata as the sine qua non, but YMMV. The point has been brought up in the past however. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/438#issuecomment-385044068___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RFC: rpmlib efi provides (#438)
See the cpuinfo() (which parses /proc/cpuinfo) or the sysconf() (which can detect whether NPTL is used) namespaces as example probes in RPM5. There is also a class of probes implemented as RWX() letter combinations as a thin wrapper onto access(2) calls on a path that would work for "system(UEFI)" probes as well. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/438#issuecomment-385027027___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RFC: rpmlib efi provides (#438)
You are asking about how file dependencies work? The requirement I suggested would be matched by an explicit Provides:, (not a path), in a kernel package that is capable of uefi? That "works" (in the sense that it is all that RPM4 has ever done, matching R <-> P assertions contained in packages). The patch is for a runtime probe however, and really needs to be done more generally, and not by polluting the rpmlib() code and namespace. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/438#issuecomment-385022297___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RFC: rpmlib efi provides (#438)
How will that work? Is there some mechanism I haven't seen that makes kernel filesystems work as file provides? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/438#issuecomment-384979282___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
