From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1I16Nd-0006WT-CT for garchives@archives.gentoo.org; Wed, 20 Jun 2007 20:02:17 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l5KK0Kci031646; Wed, 20 Jun 2007 20:00:20 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l5KJvLjL026214 for ; Wed, 20 Jun 2007 19:57:22 GMT Received: from ip6-localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 6FD1964F31 for ; Wed, 20 Jun 2007 19:57:20 +0000 (UTC) From: Mike Frysinger Organization: wh0rd.org To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] how to handle sensitive files when generating binary packages Date: Wed, 20 Jun 2007 15:57:56 -0400 User-Agent: KMail/1.9.7 References: <200706200047.04951.vapier@gentoo.org> <20070620124925.e0e7280f.genone@gentoo.org> In-Reply-To: <20070620124925.e0e7280f.genone@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3546287.ZLHAzX8Mq1"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200706201557.56872.vapier@gentoo.org> X-Archives-Salt: ec49bcd0-a369-4ca6-9bb5-b910f1dfccf1 X-Archives-Hash: fb1fa47cb63accd37ac59a34ec8f467d --nextPart3546287.ZLHAzX8Mq1 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 20 June 2007, Marius Mauch wrote: > Mike Frysinger wrote: > > mayhaps we need a new function to be run in src_install() to label > > files as "sensitive" ... so baselayout would do: > > esosensitive /etc/{fstab,group,passwd,shadow} > > and then we expand the format of CONTENTS in the vdb: > > priv /etc/fstab > > And what would be phase 2 of that? Just having a new filetype > in CONTENTS doesn't accomplish anything by itself ... updating any tool that creates binary packages from the live $ROOT of cours= e=20 silly billy current behavior: # quickpkg baselayout * Building package for sys-apps/baselayout-1.12.10-r4 * Packages now in '/usr/portage/pacakges': * sys-apps/baselayout-1.12.10-r4: 307K proposed new behavior (exact output here is not part of the discussion so d= ont=20 nit pick it): # quickpkg baselayout * Building package for sys-apps/baselayout-1.12.10-r4 * Skipping sensitive file: /etc/passwd * Skipping sensitive file: /etc/shadow * Skipping sensitive file: /etc/group * Packages now in '/usr/portage/pacakges': * sys-apps/baselayout-1.12.10-r4: 307K # quickpkg --iamsensitive baselayout * Building package for sys-apps/baselayout-1.12.10-r4 * Including sensitive file: /etc/passwd * Including sensitive file: /etc/shadow * Including sensitive file: /etc/group * Packages now in '/usr/portage/pacakges': * sys-apps/baselayout-1.12.10-r4: 307K =2Dmike --nextPart3546287.ZLHAzX8Mq1 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUARnmGxEFjO5/oN/WBAQKmkQ//fFbHq5+D2S4XSUUzuhxMfnPaPZpxDYOR rt9+crOTEVPjF88Lh6usgglvKRabnTZMhsm7pdereWRqqQ+6XePZzH3CbBlc+dm/ nZXO+ULcviASZ1PAv+0BovzDjzQ2VVbYktqXaS6sp95DCtwm0DwAWhYRGC9qrNF0 IaPfG54Zprozsx2kmMIN66DCmZFU27u1oEro5DEKHc5/s8yA/hbyP1Ache8H14pK K1W2plwSF8hmdHKEPEBOBtg/Me6Mijz8oMRXDJeTXjhTKRS7m8LJctTHurA2jxDF tjIpOFu9yLQgPc5PrOQ0TOa2Ks3LlQHaxMXRRXx7BcEQeJjbs+KaN/Yc59UNU3DS H9UxEJX+krMGKVPaPwbkB3qbZQWQ34LKcrgpwGPn/eAUyufOfn94h4pOnbalDVa/ xkmr1nXt4Hg+tlNrd/k4l4uorFS2azEvBZdwhLPjU3lw6J/0T9wNI3byMyWhNYoJ takO/kCYYqgcHkO6GBr9C2NqVj4mc0D8zSFdUiVNupcN6ekyeAcCaUyGYbgZIRiM 3cpKFDPtzjQRY4k5CyL0g1jahBlqAq+iKA2kau7JgldbcKG+pfUmdQNBTSKD+8QW i+tRU0v6Hmx5T4E5WtbiVFXzOV3TC0fj95zFefj+IntkwFhdg2PrGR3fqvKxdvWz m+pMleXtNk8= =woNS -----END PGP SIGNATURE----- --nextPart3546287.ZLHAzX8Mq1-- -- gentoo-dev@gentoo.org mailing list