1 |
And a slightly improved patch that will make silly sounds and prompt for |
2 |
user interaction before installing said code. |
3 |
http://dev.gentoo.org/~solar/ebuild-flawfinder.diff |
4 |
But from what I've seen in the last few mins of playing with this code |
5 |
is that we will end up with alot of false postives. bin86 triggers at |
6 |
level 5 about chmod vs fchmod but psmisc seems clean. |
7 |
|
8 |
|
9 |
On Fri, 2003-09-05 at 21:39, Jan Krueger wrote: |
10 |
> On Friday 05 September 2003 22:47, Ned Ludd wrote: |
11 |
> > On Fri, 2003-09-05 at 16:25, Jan Krueger wrote: |
12 |
> > |
13 |
> > I don't think the idea is bad in anyway at all, yes it will be very time |
14 |
> > consuming and yes a few of us would actually like to use such a thing. |
15 |
> > flawfinder would of been ideal for such a thing as its python based and |
16 |
> > all, but would need some major testing. I'm attaching a small patch for |
17 |
> > your ebuild.sh that should do exactly what your looking for. Note: |
18 |
> > flawfinder must be located in /usr/bin and "flawfinder" must be found in |
19 |
> > your features. |
20 |
> > |
21 |
> > Perhaps you would like to begin/finish coding this feature. :) |
22 |
> |
23 |
> Yes. Thank you for your positive feedback, especially the patch. |
24 |
> I felt a little bit lost in /usr/lib/portage. Your words and patch just |
25 |
> motivated me to go ahead :) |
26 |
> |
27 |
> > What I make of all this is sounds like we need need some portage hooks |
28 |
> > for users. |
29 |
> Yes, thats it. Leaves room open for whatever. |
30 |
> Somehow one could see src_compile and the other existing functions as already |
31 |
> existing hooks, abstracting a little bit. Lets rename "hooks" into "modules" |
32 |
> This would leave a directory, lets say /usr/lib/portage/modules.d, that would |
33 |
> be very similar to /etc/init.d in fact: |
34 |
> scripts that do something and have dependencies on each other: |
35 |
> src_install.sh: |
36 |
> depend() { |
37 |
> need src_compile |
38 |
> } |
39 |
> src-compile.sh: |
40 |
> depend() { |
41 |
> need src_unpack |
42 |
> } |
43 |
> ... |
44 |
> |
45 |
> flawfinder.sh { |
46 |
> depend() { |
47 |
> need src_unpack |
48 |
> before src_compile |
49 |
> } |
50 |
> |
51 |
> This would give an before unseen flexibility to ports (just like our machine |
52 |
> startup-processes differ and still all machines come up (most of them) and |
53 |
> provide a wide variety of services :) without touching portage itself (as we |
54 |
> dont touch init) |
55 |
> |
56 |
> one could do: |
57 |
> # portage-module add flawfinder need src_unpack before src_compile |
58 |
> |
59 |
> and if one doesnt want stripped binaries because he/she loves debugging |
60 |
> # portage-module remove strip |
61 |
> |
62 |
> Jan |
63 |
> |
64 |
> |
65 |
> -- |
66 |
> gentoo-hardened@g.o mailing list |
67 |
-- |
68 |
RSA key ID 2BC75196 http://keyserver.net |
69 |
Gentoo Linux Developer (Hardened) http://dev.gentoo.org/~solar |