Red Hat Bugzilla – Bug 6346
RFE: rpm should try to download missing source files
Last modified: 2007-04-18 12:24:07 EDT
Currently (version 3.0.2) rpm prints an error message and quits when it is asked to build a package and one of the source or patch files is missing. It would be really nice if when the source/patch file is specified using the full URL, then instead of printing an error message, rpm would ask if the missing file should be downloaded. This would enable faster building of the new versions of packages - when the source location is specified correctly (using %{version} macro if necessary), you would only need to update the version field in the spec file and run "rpm -ba" and the new sources would be dowloaded by rpm automatically.
This problem will be addressed after rpm-4.0 is released.
Changing component
Automatic source/patch downloads aren't what's needed, but rather an integrated, network aware, rpm build environment that can download configuration, spec files, components, build system assignments, and post build disposition.
Any chance this can be reopened? While a fully integrated environment is great, inplementing just this one feature will make things better for people. After all, the rpm inself is capable of downloading and installing packages straight off ftp/http - why not add the same thing to rpmbuild? Also, the source location is often specified with the help of macros - so downloading manually is not too convenient and any "external" tool will need to be able to understand rpm macros (at least in some limited way), while rpmbuild already knows what the location is and just needs to be able to download the file.
can't the same functionality be faked with a really crafty %eval? %define mysource1 http://www.some.net/path/to/file.tgz SOURCE1: %mysource1 %define source1good %( [ ! -f %{S:1} ] && wget -q --dir %_sourcedir %{mysource1} || : ) admittedly, that hack is just that, but a corrected version of the above may bring you short-term bliss.
A couple comments on the proposal: 1. the concept of 'prompting' within an RPM family tool, is outside of the design space of RPM. It should not happen for htat reason alone. 2. The issue of an automatic, or unattended download, using wget, or otherwise, is full of security issues -- Monkey-in-the-Middle attacks, with compromised DNS, faked CA, compromised remote (or MitM made) archives, and the sort appear to be unsolveable absent finding a method to find, and on an automated basis, trusting a signed md5sum hash against the expected value. Obviously the md5sum cannot be carried within the Source url, as it is produced externally and after a tarball is rolled. Several approaches have emerged -- PDR, mezzanine, the cAos buildsystem, and the pre- and post-RH fedora variants. These seem closer to the 'correct' space for such approaches to be applied.