| 1 |
And a slightly improved patch that will make silly sounds and prompt for |
| 2 |
user interaction before installing said code. |
| 3 |
http://dev.gentoo.org/~solar/ebuild-flawfinder.diff |
| 4 |
But from what I've seen in the last few mins of playing with this code |
| 5 |
is that we will end up with alot of false postives. bin86 triggers at |
| 6 |
level 5 about chmod vs fchmod but psmisc seems clean. |
| 7 |
|
| 8 |
|
| 9 |
On Fri, 2003-09-05 at 21:39, Jan Krueger wrote: |
| 10 |
> On Friday 05 September 2003 22:47, Ned Ludd wrote: |
| 11 |
> > On Fri, 2003-09-05 at 16:25, Jan Krueger wrote: |
| 12 |
> > |
| 13 |
> > I don't think the idea is bad in anyway at all, yes it will be very time |
| 14 |
> > consuming and yes a few of us would actually like to use such a thing. |
| 15 |
> > flawfinder would of been ideal for such a thing as its python based and |
| 16 |
> > all, but would need some major testing. I'm attaching a small patch for |
| 17 |
> > your ebuild.sh that should do exactly what your looking for. Note: |
| 18 |
> > flawfinder must be located in /usr/bin and "flawfinder" must be found in |
| 19 |
> > your features. |
| 20 |
> > |
| 21 |
> > Perhaps you would like to begin/finish coding this feature. :) |
| 22 |
> |
| 23 |
> Yes. Thank you for your positive feedback, especially the patch. |
| 24 |
> I felt a little bit lost in /usr/lib/portage. Your words and patch just |
| 25 |
> motivated me to go ahead :) |
| 26 |
> |
| 27 |
> > What I make of all this is sounds like we need need some portage hooks |
| 28 |
> > for users. |
| 29 |
> Yes, thats it. Leaves room open for whatever. |
| 30 |
> Somehow one could see src_compile and the other existing functions as already |
| 31 |
> existing hooks, abstracting a little bit. Lets rename "hooks" into "modules" |
| 32 |
> This would leave a directory, lets say /usr/lib/portage/modules.d, that would |
| 33 |
> be very similar to /etc/init.d in fact: |
| 34 |
> scripts that do something and have dependencies on each other: |
| 35 |
> src_install.sh: |
| 36 |
> depend() { |
| 37 |
> need src_compile |
| 38 |
> } |
| 39 |
> src-compile.sh: |
| 40 |
> depend() { |
| 41 |
> need src_unpack |
| 42 |
> } |
| 43 |
> ... |
| 44 |
> |
| 45 |
> flawfinder.sh { |
| 46 |
> depend() { |
| 47 |
> need src_unpack |
| 48 |
> before src_compile |
| 49 |
> } |
| 50 |
> |
| 51 |
> This would give an before unseen flexibility to ports (just like our machine |
| 52 |
> startup-processes differ and still all machines come up (most of them) and |
| 53 |
> provide a wide variety of services :) without touching portage itself (as we |
| 54 |
> dont touch init) |
| 55 |
> |
| 56 |
> one could do: |
| 57 |
> # portage-module add flawfinder need src_unpack before src_compile |
| 58 |
> |
| 59 |
> and if one doesnt want stripped binaries because he/she loves debugging |
| 60 |
> # portage-module remove strip |
| 61 |
> |
| 62 |
> Jan |
| 63 |
> |
| 64 |
> |
| 65 |
> -- |
| 66 |
> gentoo-hardened@g.o mailing list |
| 67 |
-- |
| 68 |
RSA key ID 2BC75196 http://keyserver.net |
| 69 |
Gentoo Linux Developer (Hardened) http://dev.gentoo.org/~solar |
Archives