1 |
On Mon, 2021-09-27 at 12:49 +0200, Ulrich Mueller wrote: |
2 |
> > > > > > On Sun, 26 Sep 2021, Michał Górny wrote: |
3 |
> |
4 |
> > Symlinking FILESDIR into the work tree has the unintended |
5 |
> > consequence |
6 |
> > of preserving all original file metadata, including system-specific |
7 |
> > ACLs |
8 |
> > and so on. When these files are installed, this could lead to |
9 |
> > unintentionally copying this metadata to the system and/or binary |
10 |
> > packages. |
11 |
> |
12 |
> > Let's copy all files instead and drop metadata in the process. |
13 |
> > Since |
14 |
> > FILESDIR is expected to be small by design, this shouldn't cause any |
15 |
> > major trouble. It is also easier and less likely to cause |
16 |
> > regressions |
17 |
> > than making sure stuff is not preserved when installing. |
18 |
> |
19 |
> > Unfortunately, a similar problem applies to DISTDIR. However, |
20 |
> > installing files from DISTDIR is rarer than from FILESDIR, so I |
21 |
> > guess |
22 |
> > we'll cross that bridge when we get to it. |
23 |
> |
24 |
> Sorry for the late reply, but this looks like the wrong solution to |
25 |
> me. |
26 |
> |
27 |
> Looking at the installation helpers (doins, doexe, etc.), they don't |
28 |
> preserve the normal permission bits, but reset them to a defined |
29 |
> state. |
30 |
> So why would they preserve xattrs? |
31 |
> |
32 |
> I don't see anything in PMS that would mandate that behaviour (on the |
33 |
> contrary, in section 13.3.1 there is "Other file attributes may be |
34 |
> discarded"). How do the other package managers handle this? |
35 |
|
36 |
Yes, I agree this is the wrong long-term solution but it's a fix that |
37 |
works today and shouldn't cause regressions. |
38 |
|
39 |
I'd like to revisit how files are installed long-term but this requires |
40 |
more time, and most importantly making sure we won't accidentally break |
41 |
stuff. I'd like to establish whether we have any ebuilds relying e.g. |
42 |
on caps or ACLs being preserved from src_install(), and get alternative |
43 |
solutions to that first (fcaps.eclass-alike?). |
44 |
|
45 |
Apparently PaX will also require special fixes but I'm not sure if it's |
46 |
worth fixing at this point. |
47 |
|
48 |
-- |
49 |
Best regards, |
50 |
Michał Górny |