Now that we have a solid tool for Rust crate packaging, it'd be great if COPR could actually build crate RPMs in the same manner that we can for Python modules from PyPI or Ruby modules from RubyGems.
It'd be nicer if it worked the same way the RubyGem and PyPI implementations do, and I'm not sure it's a good idea to allow custom scripts like that. Wouldn't that be a security risk?
The custom script is run on temporary VM (not shared among users).
Note that rpmbuild -bs *.spec also can execute "custom" script through
%(...) macros.. so no difference from py2rpm, etc.. Yes, you are able to
break your own build machine in copr in the worst case.
I am all for native support. But first we have to resolve how to get notifications from upstram. We have support for upstream monitoring, which we prefer, but this currently emits only messages for registred projects. We are waiting for support non-registered projects, which is prommised "soon" for quite long time :(
Original issue: https://pagure.io/copr/copr/issue/246 Opened: 2018-02-23 13:17:18 Opened by: ngompa
Now that we have a solid tool for Rust crate packaging, it'd be great if COPR could actually build crate RPMs in the same manner that we can for Python modules from PyPI or Ruby modules from RubyGems.
praiskup commented at 2018-02-23 14:34:23:
+1, though see https://praiskup.fedorapeople.org/Screenshot_20180124_184936.png from #185, with the next release it should be trivial to hire rust2rpm:
praiskup commented at 2018-02-23 14:43:26:
Seems to be ready-for-testing on dev instance: http://copr-fe-dev.cloud.fedoraproject.org/coprs/ngompa/snapcore-el7/add_build_custom/
ngompa commented at 2018-02-23 22:37:12:
It'd be nicer if it worked the same way the RubyGem and PyPI implementations do, and I'm not sure it's a good idea to allow custom scripts like that. Wouldn't that be a security risk?
praiskup commented at 2018-02-24 08:06:57:
The custom script is run on temporary VM (not shared among users). Note that
rpmbuild -bs *.spec
also can execute "custom" script through%(...)
macros.. so no difference from py2rpm, etc.. Yes, you are able to break your own build machine in copr in the worst case.praiskup commented at 2018-02-24 08:25:21:
Of course it would be better to have native support for other stacks, I'm just pointing out a work-around.
msuchy commented at 2018-02-27 16:00:10:
I am all for native support. But first we have to resolve how to get notifications from upstram. We have support for upstream monitoring, which we prefer, but this currently emits only messages for registred projects. We are waiting for support non-registered projects, which is prommised "soon" for quite long time :(
praiskup commented at 2020-06-22 09:40:21:
Duplicate #154