[arch-general] RPM Question

Lew Wolfgang wolfgang at sweet-haven.com
Sun Oct 3 14:47:19 EDT 2010

  On 10/03/2010 11:07 AM, Cédric Girard wrote:
> On Sun, Oct 3, 2010 at 6:00 PM, Lew Wolfgang<wolfgang at sweet-haven.com>wrote:
>>   On 10/02/2010 06:10 PM, Steven Susbauer wrote:
>>> On 10/2/2010 7:41 PM, Lew Wolfgang wrote:
>>>> It works on all the major distros but fails to install
>>>> on Arch due to an RPM dependency. Their install script just fails saying
>>>> it can't find rpm. The script contains much ugliness and is McAfee
>>>> proprietary, so I doubt hacking it will be productive.
>>>> So the question is: can Arch be configured/tricked into an rpm install?
>>> Does their installer actually require use rpm to install, or just wants
>>> rpm to be there? Most distros allow you to install rpm, Arch is no different
>>> except it is in aur:
>>> aur/rpm 5.2.1-1 (153)
>>>     The RedHat Package Manager.  Don't use it instead of Arch's 'pacman'.
>>> If it actually uses rpm for the process, this is probably not the
>>> solution. Two package managers at once is not a good thing.
>> I spent some time last night pulling the .sh file apart.  It's a script
>> that unzips a binary that unpacks two rpm files (9-MB), one 32-bit ELF
>> program (8.9-MB), two cryptographic keys and an xml file.  The script then
>> calls rpm to install the two rpm files, which contain tons of 32-bit system
>> libraries.  These libraries have the same names as regular system libs, like
>> libc, libm, libresolv and libcrypt.  This all makes me very nervous!  Arch
>> not using rpm may be a blessing in disguise, I'm going to see if I can get a
>> waiver to not install this McAfee root-kit.
>> Thanks for the help,
>> Lew
> Can't you try to install only the program itself without these libraries ?
> The libraries could be installable using pacman.

It installs a whole hierarchy in /opt, which is where its many libraries end up.  It 
also has its own ldconfig, so it looks like it sets up its own insular runtime 
environment.  It installs hooks in /etc/init.d for boot-time starting.  Since this is 
a security package, I wouldn't be surprised if it did some kind of a trip-wire 
process to thwart tampering.  It certainly uses pki keys to communicate with its 
"mother ship".    As you can probably see, I'm trying to talk myself out of working 
on this too much.   I could also try making a tarball of /opt/McAfee on a RPM-ed host 
where the package successfully installed itself, then port the start script to 
/etc/rc.d.  I'm thinking my time might be better spend on getting a waiver for not 
installing the mess.

Thanks for the suggestion, Cédric


More information about the arch-general mailing list