1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 10/22/2013 03:08 PM, Allan Wegan wrote: |
5 |
>> When you emerge something with a bazillion files, the install |
6 |
>> wrapper (and thus the python interpreter) get launched that many |
7 |
>> times. It's the startup time that kills it. |
8 |
> |
9 |
> Should that PAX markings not only be neccessary for a few |
10 |
> hand-selected binaries that refuse to work with secure-by-default |
11 |
> settings? I remember setting PAX-markings by hand (a year or so |
12 |
> ago) for a few binaries that would else crash with Grsec loglines. |
13 |
> I did not had the impression, that there are much of them (that |
14 |
> where mostly games, i admit). |
15 |
|
16 |
Yes, and it should be possible to "write down" which binaries got |
17 |
pax-marked, and only use the python install wrapper for those |
18 |
particular files. |
19 |
|
20 |
But, there is an underlying problem that it would be nice to solve at |
21 |
the same time. It should be possible to set any sort of xattrs (not |
22 |
just PAX!) in an ebuild and have them correctly copied to the live |
23 |
filesystem during an emerge. For this to work, we have to handle the |
24 |
case where a developer (or an upstream makefile) calls setfattr |
25 |
manually on some files. When FEATURES="xattr" is set, portage uses the |
26 |
wrapper to install /every/ file, ostensibly for this case. |
27 |
|
28 |
The other way to handle it would be to check whether or not some file |
29 |
has xattrs, and use the regular 'install' if it doesn't. But how do |
30 |
you implement that? You'd either have to hack portage, or write some |
31 |
sort of wrapper... |
32 |
|
33 |
There's already a hack in portage to support xattrs, so maybe that |
34 |
would work, who knows. I'm in over my head here. |
35 |
|
36 |
|
37 |
-----BEGIN PGP SIGNATURE----- |
38 |
Version: GnuPG v2.0.20 (GNU/Linux) |
39 |
|
40 |
iQIcBAEBAgAGBQJSZtRsAAoJEBxJck0inpOiz7AQAJIW8wrNorRl8YOjAOlTpoq/ |
41 |
rerZ2IIpyYYg6uB9fotEcJYtmiinClX4Yf3crl2tyqLZLlQJUFrIM+A90LdNAdXY |
42 |
wYbf5R9HpMxhNsTVKb4sP/ErZzktVOf26kyjzPlql+P/ICk0NYO+YgAswJI4b5L9 |
43 |
trVuraFPwPQGEDDEq5Ep8+9Mm6rBgAj95HlZHIChKVR0zB7jKL372z3QemeFS1sO |
44 |
Hc7YDZvlwb1U9Ab/EK7qy1aqTZg6Zrzn/wslyZo+tpnJ+aCJENXGDXWh678LDDTP |
45 |
BnKXsTjNkMXs+fmRfkL2ivIJNs8dYIlcTZ4rBotdBgXQ+fusRuyKXQe3CbyjMzjV |
46 |
7V8s+aMj31QN29MbQ33zDIEdDyuhulXv4SpxZQfYyRn7ZBdmz2AxSABySQA7DzvJ |
47 |
OVwe6jRd7Zm272STBj0Agnf2ct6F0KRsC+gPl2COY9y+sV90BzquCsDYB4Z6ybX4 |
48 |
6Ttl/oAxVYjWZNu669TFxeiiga0FhjLVOTvaCJdXrva97iZsssjJFPJcCVSx/IKQ |
49 |
gu2WbZDX5yx0/TYNRIrqZ8MDB49sCMSLktvjJoOoEydaBDCv6X3y+zvVuR/OCElV |
50 |
DHdNRi25shztbQTZamgQdQLKOluTEPZ4gkAKH5jUHrg70cfQMG1HXMZFqC64aSi8 |
51 |
lUkJE3WYhuXJX9S6RvDE |
52 |
=G/D/ |
53 |
-----END PGP SIGNATURE----- |