Re: [libvirt] [Guidelines Change] Changes to the Packaging Guidelines
things we should be thinking about: On 04/12/2012 02:57 PM, Tom Callaway wrote:
Here is the latest set of changes to the Fedora Packaging Guidelines:
---
Packages which have SysV initscripts that contain 'non-standard service commands' (commands besides start, stop, reload, restart, or try-restart) must convert those commands into standalone helper scripts. Systemd does not support non-standard unit commands.
I think libvirt-guests falls into this category.
---
The guidelines relating to PIE and Hardened Packages were updated. Now, if your package meets the following critera you MUST enable the PIE compiler flags:
* Your package is long running. This means it's likely to be started and keep running until the machine is rebooted, not start on demand and quit on idle.
* Your package has suid binaries, or binaries with capabilities.
* Your package runs as root.
libvirtd definitely qualifies as one of these packages needing PIE compilation in our libvirt.spec file.
---
Rules involving appropriate scripting within Fedora Package spec files were added to the Guidelines:
https://fedoraproject.org/wiki/Packaging:Guidelines#Scripting_inside_of_spec...
Don't know if any of these changes impact us, but can't hurt to audit it. Plus, we still haven't converted our mingw specfile over to the mingw64 toolchain. Anyone up for some specfile maintenance? -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
On Thu, Apr 12, 2012 at 03:13:13PM -0600, Eric Blake wrote:
things we should be thinking about:
On 04/12/2012 02:57 PM, Tom Callaway wrote:
Here is the latest set of changes to the Fedora Packaging Guidelines:
---
Packages which have SysV initscripts that contain 'non-standard service commands' (commands besides start, stop, reload, restart, or try-restart) must convert those commands into standalone helper scripts. Systemd does not support non-standard unit commands.
I think libvirt-guests falls into this category.
---
The guidelines relating to PIE and Hardened Packages were updated. Now, if your package meets the following critera you MUST enable the PIE compiler flags:
* Your package is long running. This means it's likely to be started and keep running until the machine is rebooted, not start on demand and quit on idle.
* Your package has suid binaries, or binaries with capabilities.
* Your package runs as root.
libvirtd definitely qualifies as one of these packages needing PIE compilation in our libvirt.spec file.
We should make sure libvirt always uses these PIE flags, avoiding the need for the RPM macro
Plus, we still haven't converted our mingw specfile over to the mingw64 toolchain. Anyone up for some specfile maintenance?
That's waiting on other Fedora maintainers to port over things we depend on. Once they're ported, I'll update libvirt Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
participants (2)
-
Daniel P. Berrange -
Eric Blake