Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: "Petteri Räty" <betelgeuse@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] how to handle sensitive files when generating binary packages
Date: Wed, 20 Jun 2007 20:22:29
Message-Id: 46798B9C.2080505@gentoo.org
In Reply to: Re: [gentoo-dev] how to handle sensitive files when generating binary packages by Mike Frysinger
1 Mike Frysinger kirjoitti:
2 > On Wednesday 20 June 2007, Marius Mauch wrote:
3 >> Mike Frysinger <vapier@g.o> wrote:
4 >>> mayhaps we need a new function to be run in src_install() to label
5 >>> files as "sensitive" ... so baselayout would do:
6 >>> esosensitive /etc/{fstab,group,passwd,shadow}
7 >>> and then we expand the format of CONTENTS in the vdb:
8 >>> priv /etc/fstab <hash> <mtime>
9 >> And what would be phase 2 of that? Just having a new filetype
10 >> in CONTENTS doesn't accomplish anything by itself ...
11 >
12 > updating any tool that creates binary packages from the live $ROOT of course
13 > silly billy
14 >
15 > current behavior:
16 > # quickpkg baselayout
17 > * Building package for sys-apps/baselayout-1.12.10-r4
18 > * Packages now in '/usr/portage/pacakges':
19 > * sys-apps/baselayout-1.12.10-r4: 307K
20 >
21 > proposed new behavior (exact output here is not part of the discussion so dont
22 > nit pick it):
23 > # quickpkg baselayout
24 > * Building package for sys-apps/baselayout-1.12.10-r4
25 > * Skipping sensitive file: /etc/passwd
26 > * Skipping sensitive file: /etc/shadow
27 > * Skipping sensitive file: /etc/group
28 > * Packages now in '/usr/portage/pacakges':
29 > * sys-apps/baselayout-1.12.10-r4: 307K
30 > # quickpkg --iamsensitive baselayout
31 > * Building package for sys-apps/baselayout-1.12.10-r4
32 > * Including sensitive file: /etc/passwd
33 > * Including sensitive file: /etc/shadow
34 > * Including sensitive file: /etc/group
35 > * Packages now in '/usr/portage/pacakges':
36 > * sys-apps/baselayout-1.12.10-r4: 307K
37 > -mike
38
39 It would probably be prudent to have pristine versions of the files
40 installed on the system (optional) so that you can actually create
41 binary packages with all the files.
42
43 Regards,
44 Petteri

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-dev] how to handle sensitive files when generating binary packages Mike Frysinger <vapier@g.o>
Re: [gentoo-dev] how to handle sensitive files when generating binary packages "William L. Thomson Jr." <wltjr@g.o>
Report Message
Find on MARC Find on Google Groups