| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 10/22/2013 03:08 PM, Allan Wegan wrote: |
| 5 |
>> When you emerge something with a bazillion files, the install |
| 6 |
>> wrapper (and thus the python interpreter) get launched that many |
| 7 |
>> times. It's the startup time that kills it. |
| 8 |
> |
| 9 |
> Should that PAX markings not only be neccessary for a few |
| 10 |
> hand-selected binaries that refuse to work with secure-by-default |
| 11 |
> settings? I remember setting PAX-markings by hand (a year or so |
| 12 |
> ago) for a few binaries that would else crash with Grsec loglines. |
| 13 |
> I did not had the impression, that there are much of them (that |
| 14 |
> where mostly games, i admit). |
| 15 |
|
| 16 |
Yes, and it should be possible to "write down" which binaries got |
| 17 |
pax-marked, and only use the python install wrapper for those |
| 18 |
particular files. |
| 19 |
|
| 20 |
But, there is an underlying problem that it would be nice to solve at |
| 21 |
the same time. It should be possible to set any sort of xattrs (not |
| 22 |
just PAX!) in an ebuild and have them correctly copied to the live |
| 23 |
filesystem during an emerge. For this to work, we have to handle the |
| 24 |
case where a developer (or an upstream makefile) calls setfattr |
| 25 |
manually on some files. When FEATURES="xattr" is set, portage uses the |
| 26 |
wrapper to install /every/ file, ostensibly for this case. |
| 27 |
|
| 28 |
The other way to handle it would be to check whether or not some file |
| 29 |
has xattrs, and use the regular 'install' if it doesn't. But how do |
| 30 |
you implement that? You'd either have to hack portage, or write some |
| 31 |
sort of wrapper... |
| 32 |
|
| 33 |
There's already a hack in portage to support xattrs, so maybe that |
| 34 |
would work, who knows. I'm in over my head here. |
| 35 |
|
| 36 |
|
| 37 |
-----BEGIN PGP SIGNATURE----- |
| 38 |
Version: GnuPG v2.0.20 (GNU/Linux) |
| 39 |
|
| 40 |
iQIcBAEBAgAGBQJSZtRsAAoJEBxJck0inpOiz7AQAJIW8wrNorRl8YOjAOlTpoq/ |
| 41 |
rerZ2IIpyYYg6uB9fotEcJYtmiinClX4Yf3crl2tyqLZLlQJUFrIM+A90LdNAdXY |
| 42 |
wYbf5R9HpMxhNsTVKb4sP/ErZzktVOf26kyjzPlql+P/ICk0NYO+YgAswJI4b5L9 |
| 43 |
trVuraFPwPQGEDDEq5Ep8+9Mm6rBgAj95HlZHIChKVR0zB7jKL372z3QemeFS1sO |
| 44 |
Hc7YDZvlwb1U9Ab/EK7qy1aqTZg6Zrzn/wslyZo+tpnJ+aCJENXGDXWh678LDDTP |
| 45 |
BnKXsTjNkMXs+fmRfkL2ivIJNs8dYIlcTZ4rBotdBgXQ+fusRuyKXQe3CbyjMzjV |
| 46 |
7V8s+aMj31QN29MbQ33zDIEdDyuhulXv4SpxZQfYyRn7ZBdmz2AxSABySQA7DzvJ |
| 47 |
OVwe6jRd7Zm272STBj0Agnf2ct6F0KRsC+gPl2COY9y+sV90BzquCsDYB4Z6ybX4 |
| 48 |
6Ttl/oAxVYjWZNu669TFxeiiga0FhjLVOTvaCJdXrva97iZsssjJFPJcCVSx/IKQ |
| 49 |
gu2WbZDX5yx0/TYNRIrqZ8MDB49sCMSLktvjJoOoEydaBDCv6X3y+zvVuR/OCElV |
| 50 |
DHdNRi25shztbQTZamgQdQLKOluTEPZ4gkAKH5jUHrg70cfQMG1HXMZFqC64aSi8 |
| 51 |
lUkJE3WYhuXJX9S6RvDE |
| 52 |
=G/D/ |
| 53 |
-----END PGP SIGNATURE----- |
Archives