Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Mike Frysinger <vapier@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] how to handle sensitive files when generating binary packages
Date: Wed, 20 Jun 2007 20:34:05
Message-Id: 200706201627.27790.vapier@gentoo.org
In Reply to: Re: [gentoo-dev] how to handle sensitive files when generating binary packages by "Petteri Räty"
1 On Wednesday 20 June 2007, Petteri Räty wrote:
2 > Mike Frysinger kirjoitti:
3 > > On Wednesday 20 June 2007, Marius Mauch wrote:
4 > >> Mike Frysinger <vapier@g.o> wrote:
5 > >>> mayhaps we need a new function to be run in src_install() to label
6 > >>> files as "sensitive" ... so baselayout would do:
7 > >>> esosensitive /etc/{fstab,group,passwd,shadow}
8 > >>> and then we expand the format of CONTENTS in the vdb:
9 > >>> priv /etc/fstab <hash> <mtime>
10 > >>
11 > >> And what would be phase 2 of that? Just having a new filetype
12 > >> in CONTENTS doesn't accomplish anything by itself ...
13 > >
14 > > updating any tool that creates binary packages from the live $ROOT of
15 > > course silly billy
16 > >
17 > > current behavior:
18 > > # quickpkg baselayout
19 > > * Building package for sys-apps/baselayout-1.12.10-r4
20 > > * Packages now in '/usr/portage/pacakges':
21 > > * sys-apps/baselayout-1.12.10-r4: 307K
22 > >
23 > > proposed new behavior (exact output here is not part of the discussion so
24 > > dont nit pick it):
25 > > # quickpkg baselayout
26 > > * Building package for sys-apps/baselayout-1.12.10-r4
27 > > * Skipping sensitive file: /etc/passwd
28 > > * Skipping sensitive file: /etc/shadow
29 > > * Skipping sensitive file: /etc/group
30 > > * Packages now in '/usr/portage/pacakges':
31 > > * sys-apps/baselayout-1.12.10-r4: 307K
32 > > # quickpkg --iamsensitive baselayout
33 > > * Building package for sys-apps/baselayout-1.12.10-r4
34 > > * Including sensitive file: /etc/passwd
35 > > * Including sensitive file: /etc/shadow
36 > > * Including sensitive file: /etc/group
37 > > * Packages now in '/usr/portage/pacakges':
38 > > * sys-apps/baselayout-1.12.10-r4: 307K
39 >
40 > It would probably be prudent to have pristine versions of the files
41 > installed on the system (optional) so that you can actually create
42 > binary packages with all the files.
43
44 being able to generate binary packages that actually reflect the live $ROOT is
45 desirable
46 -mike

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-dev] how to handle sensitive files when generating binary packages Ciaran McCreesh <ciaranm@×××××××.org>
Report Message
Find on MARC Find on Google Groups