[lug] Fedora SRPM Practices

Kevin Fenzi kevin at scrye.com
Thu Nov 7 14:46:33 MST 2013 

On Wed, 6 Nov 2013 07:09:28 +0000 (UTC)
stimits at comcast.net wrote:

> I was originally only looking at the source used to compile a dynamic
> library to compare it to the devel headers (they seem to have
> accidentally mixed lib and header definitions incorrectly by mixing
> prior and newer API versions), but now I'm even more curious about
> mock rather than my original problem. I'm in need of setting up a
> good environment for long term use, including cross-compiling and
> packaging for different architectures, so mock intrigues me. 

It's pretty handy. The prime use case for it is building packages in a
clean env, but people use it for other things as well. 

> I looked at these links, which probably mix two sets of instructions
> and examples:
> http://fedoraproject.org/wiki/Projects/Mock#Security_Considerations
> https://fedoraproject.org/wiki/Using_Mock_to_test_package_builds?rd=Extras/MockTricks
> 
> Seems the SRPM I'm working with wants the user "mockbuild", but the
> first link above has "adduser -m -G mock build", which means that
> those instructions instead want a user named "build", a member of
> "mock" group (in addition to the regular group for "build" user).
> Similar but different names, "mock" and "mockbuild". So between the
> "mockbuild" user the SRPM wants, and those web pages based on the
> mock utility, these are the users and groups involved: two users
> listed: (1) mock, and (2) mockbuild, and three groups: (1) mock, (2)
> build, and (3) mockbuild

It's just an example yeah... 

The srpm has mockbuild in it, but it shouldn't care if there's no
local mockbuild user, it will just unpack it as your user. 

You could just add your user to the mock group and be done with it if
you like. The only reason you might need to do that even is that the
mock group controls what unpriv users can run mock. 
 
> Should just the user "mockbuild" with group "mockbuild" be enough?

Sure. Although if they aren't in the mock group you may be asked for
the root pw or the like to run it. 

> Seems like some of the information was about "typical" ways to go
> about using mock, while the SRPM itself used "mockbuild". I'm
> thinking it would be ok to remove user "mock" and group "build", but
> hate to just cut those out when there may be some subtle purpose
> behind it which I missed. During install of an SRPM from the official
> fedora repositories, would I typically be expected to run into many
> different build users, even if the mock utility were used in
> creation? 

No. mockbuild is the standard non priv user setup. Thats all you should
see, but really as noted it doesn't matter. It's just an arbitrary
unpriv user owning the files in the src.rpm. If you unpack them as your
local unpriv user, they will be owned by that user. 

kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20131107/503225b3/attachment.pgp>

More information about the LUG mailing list