[gentoo-dev] pkg_setup() and sandbox

[gentoo-dev] pkg_setup() and sandbox

[Georgi Georgiev]

[-- Attachment #1: Type: text/plain, Size: 1062 bytes --]

Should pkg_setup() be run in a sandbox?

The current reasons to not have it sandboxed include:

- ebuilds need to add users
- ... (any others?)

So, would it make sense to sandbox pkg_setup() and only unmask the
passwd files needed for adding users? enewuser & friends can be made to
unmask those locations on demand, thus making the transition painless.

What other reasons are there for having pkg_setup() outside the sandbox?

As to why I'm asking -- this[1] abolition of an ebuild made its way on
the qmail mailing list and I was shocked that it does not die in the
first place.

Disclamer: Exercise great caution with the following link. Only read one
line at a time or you may be overwhelmed. Take a break every 10 lines or
so. Have a sedative handy.

[1] http://briandowney.net/?page=linux&section=gentooebuilds&ebuild=netqmail

-- 
/\   Georgi Georgiev   /\ To think contrary to one's era is heroism.   /\
\/    chutz@gg3.net    \/ But to speak against it is madness. --       \/
/\  +81(90)2877-8845   /\ Eugene Ionesco                               /\

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] pkg_setup() and sandbox

[Brian Harring]

[-- Attachment #1: Type: text/plain, Size: 1073 bytes --]

On Fri, Sep 23, 2005 at 09:47:17AM +0900, Georgi Georgiev wrote:
> Should pkg_setup() be run in a sandbox?
> 
> The current reasons to not have it sandboxed include:
> 
> - ebuilds need to add users
> - ... (any others?)
> 
> So, would it make sense to sandbox pkg_setup() and only unmask the
> passwd files needed for adding users? enewuser & friends can be made to
> unmask those locations on demand, thus making the transition painless.
> 
> What other reasons are there for having pkg_setup() outside the sandbox?

Historical mostly I would expect.
portage-2.1 actually deprived the setup phase already btw (no, that's 
not standard, I just decided to do it and it hasn't been reverted 
yet).  Works fairly well 'cept for enew* and friends.

> As to why I'm asking -- this[1] abolition of an ebuild made its way on
> the qmail mailing list and I was shocked that it does not die in the
> first place.
See glep27.

My thoughts on it is to bind the EUSERS/EGROUPS 
to eapi1, and phase out enew* calls when EAPI=1 rather then EAPI=0.

~harring

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] pkg_setup() and sandbox

[Rumen Yotov]

[-- Attachment #1: Type: text/plain, Size: 1362 bytes --]

On Fri, 23 Sep 2005 09:47:17 +0900
Georgi Georgiev <chutz@gg3.net> wrote:

> Should pkg_setup() be run in a sandbox?
> 
> The current reasons to not have it sandboxed include:
> 
> - ebuilds need to add users
> - ... (any others?)
> 
> So, would it make sense to sandbox pkg_setup() and only unmask the
> passwd files needed for adding users? enewuser & friends can be made
> to unmask those locations on demand, thus making the transition
> painless.
> 
> What other reasons are there for having pkg_setup() outside the
> sandbox?
> 
> As to why I'm asking -- this[1] abolition of an ebuild made its way on
> the qmail mailing list and I was shocked that it does not die in the
> first place.
> 
> Disclamer: Exercise great caution with the following link. Only read
> one line at a time or you may be overwhelmed. Take a break every 10
> lines or so. Have a sedative handy.
> 
> [1]
> http://briandowney.net/?page=linux&section=gentooebuilds&ebuild=netqmail
> 
Hi,
Also quite messed up my system, while trying out netqmail-1.05.ebuild
(BUG-106642).
Still another issue, is there a way to use an "epatch" after which it's
known you'll have an error, which later is fixed by another patch.
IMHO it's easier just to fix the patch (if possible).
Same problem (with pkg_setup() pkg_*) exists with this ebuild too.
Thanks. Rumen

[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-dev] pkg_setup() and sandbox

[Paul de Vrieze]

[-- Attachment #1: Type: text/plain, Size: 756 bytes --]

On Friday 23 September 2005 02:47, Georgi Georgiev wrote:
> Disclamer: Exercise great caution with the following link. Only read
> one line at a time or you may be overwhelmed. Take a break every 10
> lines or so. Have a sedative handy.
>
> [1]
> http://briandowney.net/?page=linux&section=gentooebuilds&ebuild=netqmail

Are you sure this ebuild isn't actually one of Jeff K. [1]? I don't think 
he understood anything of it. The location of the source when building 
really doesn't matter. Having daemontools shared neither. In short, seems 
to be an ebuild written by Jeff.

Paul

[1] http://www.catb.org/~esr/jargon/html/J/Jeff-K-.html

-- 
Paul de Vrieze
Gentoo Developer
Mail: pauldv@gentoo.org
Homepage: http://www.devrieze.net

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] pkg_setup() and sandbox

[Mike Frysinger]

On Thursday 22 September 2005 08:47 pm, Georgi Georgiev wrote:
> enewuser & friends can be made to
> unmask those locations on demand, thus making the transition painless.

enew{user,group} already disable/reenable sandbox if required
-mike
-- 
gentoo-dev@gentoo.org mailing list

keeping epatch from aborting (was Re: [gentoo-dev] pkg_setup() and sandbox)

[Mike Frysinger]

On Friday 23 September 2005 02:57 am, Rumen Yotov wrote:
> Still another issue, is there a way to use an "epatch" after which it's
> known you'll have an error, which later is fixed by another patch.

no, and that behavior will probably never be added to epatch

> IMHO it's easier just to fix the patch (if possible).

so fix the patch ?  write it a different way ?  combine the patches ?
-mike
-- 
gentoo-dev@gentoo.org mailing list