1 |
On Mon, 8 Sep 2003 02:08:51 +0000 |
2 |
Jan Krueger <jk@×××××××××××.net> wrote: |
3 |
|
4 |
> On Sunday 07 September 2003 23:41, Jon Portnoy wrote: |
5 |
> > You haven't explained why it's not sufficient. |
6 |
> Read again. |
7 |
> |
8 |
> > > Again examples from the actual tree, so you can try yourself: |
9 |
> > > 1. emerge ezmlm and emerge ezmlm-idx |
10 |
> > > providing slightly different funtionality they will overwrite each |
11 |
> > > other(instead of blocking each other) |
12 |
> > |
13 |
> > Bug. Is it filed? |
14 |
> Bug in portage! portage is the one that allows such integrity mess. |
15 |
|
16 |
I vote for the "bug in ebuild". In a recent thread [1] I've posted the |
17 |
results of a "search for files that belongs to several packages" on my |
18 |
system, and it's true that there are many such packages (nothing to |
19 |
worry about in general though). I think what lacks to gentoo developers |
20 |
(please devs, correct me if I'm wrong) is control mechanism do detect |
21 |
this kind of overwrites: they don't have all portage packages installed |
22 |
on their computer, and even if it was the case, portage does makes much |
23 |
noise about overwritings. Hence they don't detect this kind of bugs, but |
24 |
they are still package specific. |
25 |
|
26 |
Now, to improve this situation I imagine a kind of database of the |
27 |
different pkg-ver contents. When a dev tests a new ebuild for foo/bar, |
28 |
he could check against this base that the content of his package won't |
29 |
conflict with any other already existing package but other versions of |
30 |
foo/bar (idealy in the same slot). If there are conflicts, then he could |
31 |
add some blocking dependencies, or rename the files, or decide to accept |
32 |
the overwrite, and then submit the definitive content of his package |
33 |
to the database. |
34 |
|
35 |
I think in the above mentioned thread, somebody also suggested that |
36 |
overwritten files (excluding updates) should be archived by portage |
37 |
for safety (or at the contrary that they should not be merged and would |
38 |
require the user to explicitly make the overwriting). The idea sounds |
39 |
good, but his redundant with the above mentioned package content |
40 |
checking. I don't know what would be the best. I think this second one |
41 |
is closer to the behavior you expect, but I fear the "yet another task |
42 |
for emerge" effect which may compromise its speed. And I fear "user |
43 |
bugs": so many people forget to etc-update after a baselayout upgrade |
44 |
and then complain, so please, don't give them a "bin-update". |
45 |
|
46 |
And all this things may be useful from a quality point of view, but |
47 |
should not be consider as some "security" measures. Overwriting are |
48 |
often not needed for malicious code be executed by root: puting a file |
49 |
with the right name in another place of the path (or a library |
50 |
in /usr/local/lib for instance) will often be enough. We are back to the |
51 |
'trust ebuilds and devs' situation. |
52 |
|
53 |
Now about config files: sure things may be done differently, with maybe |
54 |
a little more control for the user. But in ebuilds I've read so far, |
55 |
postint commands that modify config files are really not harmful. Who |
56 |
want to manage by hand scrollkeeper entries or this kind of things? If |
57 |
you have examples of existing ebuilds with post_install commands that |
58 |
doesn't feet your needs, I'm sure bug reports will be welcome. |
59 |
|
60 |
> changeconf phph.ini "line to add to phpini" |
61 |
|
62 |
Can be done in src_install: read it, modify it, write it. You will |
63 |
have access to anything you really need (grep, sed, etc.), and user will |
64 |
have to accept the file with etc-update/dispatch-conf. But again, if it |
65 |
may be justified for php.ini, it is not for an xml catalog or other |
66 |
ugly things like this, and there the postinst commands are really |
67 |
handier. |
68 |
|
69 |
|
70 |
[1] http://article.gmane.org/gmane.linux.gentoo.devel/11630 |
71 |
|
72 |
-- |
73 |
TGL. |
74 |
|
75 |
-- |
76 |
gentoo-dev@g.o mailing list |