[Distutils] Finding dependencies and Limiting download

Fri Mar 17 10:39:24 CET 2006

Yes, you could do that in the %post section where post installation
script can be put. It's executed as root so it can do rm -rf / 
if needed.

> This is not  
> very clean -- I don't know which if any package is allowed to ultimately 
> delete that file.  

All packages are installed as root. So any package could do that. 
There where the trust comes into picture. I trust fedoraproject.org
as my OS supplier and they digitally sign every package, so it's unlikely
that any package would behave badly in my system.

> With some post-install hooks you could just create  
> the file, and delete when there's nothing left in the package.  This 
> would have to be handled for every packaging system.  But there's only a 
> couple anyone uses.

First, doing so would never be accepted in most Linux distrubtions and
it would never pass their QA examination.

It would break the package checksums. If I would like to check that
'what is wrong in that software' and would run 

$ rpm -V postfix
S.5....T. c /etc/postfix/main.cf

And I can see that that file's size, md5sum and time differes, but 
it doesn't matter as it is a condifuration file. If that would have
listed other files, I would have removed and reinstalled it to fix 
it. 

It would also break file listing done with rpm -q -l <package>.

Screwing the RPM database from a kitchen door will screw the
package metadata and ruin the whole purpose of using RPM.

So, deleting files from the package bookeeping would flag the 
file missing and create an error.

I think that there is something wrong in the installation if 
it overwrites each other's files during the process.

BR,

Tuju

- -- 
Ajatteleva ihminen tarvitsee unta.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFEGoPUQnPP29fw0xMRAohpAJwPdBcPkc1cohf+W0oXEcKKqhRHSACcDO3w
KwJgoVrYabii6SctDZuF2XU=
=XrO4
-----END PGP SIGNATURE-----