From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1I16sP-0003uL-DY for garchives@archives.gentoo.org; Wed, 20 Jun 2007 20:34:05 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l5KKW6hX002914; Wed, 20 Jun 2007 20:32:07 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l5KKQpWW026641 for ; Wed, 20 Jun 2007 20:26:52 GMT Received: from ip6-localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id DFE00653DB for ; Wed, 20 Jun 2007 20:26:50 +0000 (UTC) From: Mike Frysinger Organization: wh0rd.org To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] how to handle sensitive files when generating binary packages Date: Wed, 20 Jun 2007 16:27:27 -0400 User-Agent: KMail/1.9.7 References: <200706200047.04951.vapier@gentoo.org> <200706201557.56872.vapier@gentoo.org> <46798B9C.2080505@gentoo.org> In-Reply-To: <46798B9C.2080505@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2559976.VyuSnDNQj6"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200706201627.27790.vapier@gentoo.org> X-Archives-Salt: 6bc8e966-ad90-406f-8611-3d1c5eede760 X-Archives-Hash: eb589ec0b64159a1ff8cfc8adca1b59d --nextPart2559976.VyuSnDNQj6 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 20 June 2007, Petteri R=E4ty wrote: > Mike Frysinger kirjoitti: > > On Wednesday 20 June 2007, Marius Mauch wrote: > >> Mike Frysinger wrote: > >>> mayhaps we need a new function to be run in src_install() to label > >>> files as "sensitive" ... so baselayout would do: > >>> esosensitive /etc/{fstab,group,passwd,shadow} > >>> and then we expand the format of CONTENTS in the vdb: > >>> priv /etc/fstab > >> > >> And what would be phase 2 of that? Just having a new filetype > >> in CONTENTS doesn't accomplish anything by itself ... > > > > updating any tool that creates binary packages from the live $ROOT of > > course silly billy > > > > current behavior: > > # quickpkg baselayout > > * Building package for sys-apps/baselayout-1.12.10-r4 > > * Packages now in '/usr/portage/pacakges': > > * sys-apps/baselayout-1.12.10-r4: 307K > > > > proposed new behavior (exact output here is not part of the discussion = so > > dont nit pick it): > > # quickpkg baselayout > > * Building package for sys-apps/baselayout-1.12.10-r4 > > * Skipping sensitive file: /etc/passwd > > * Skipping sensitive file: /etc/shadow > > * Skipping sensitive file: /etc/group > > * Packages now in '/usr/portage/pacakges': > > * sys-apps/baselayout-1.12.10-r4: 307K > > # quickpkg --iamsensitive baselayout > > * Building package for sys-apps/baselayout-1.12.10-r4 > > * Including sensitive file: /etc/passwd > > * Including sensitive file: /etc/shadow > > * Including sensitive file: /etc/group > > * Packages now in '/usr/portage/pacakges': > > * sys-apps/baselayout-1.12.10-r4: 307K > > It would probably be prudent to have pristine versions of the files > installed on the system (optional) so that you can actually create > binary packages with all the files. being able to generate binary packages that actually reflect the live $ROOT= is=20 desirable =2Dmike --nextPart2559976.VyuSnDNQj6 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (GNU/Linux) iQIVAwUARnmNr0FjO5/oN/WBAQJMMxAAhKBwQhRetOz9Y7dknr4NWrJ+ty9lqe7d EwqzArzqlX5pxm8EG3Q0OZ8uP2mXJOfozgsb5lsjYVMhAr51AE1G6ob7+t069Dku x//pUA3xe/Ie/THpkNTE2zXg8gkqvbHu3fP9aMOe4BgcOZvBcpchebQP6VR1+eVp M/ECrJB9nM4TtaIq7c0kcEiSXqHkIjxWB5Eqxf5c/eZJrfvbXkrIHwnrPI56dmi2 BdLkt0JP2TKOS1fvH+wCaCdnQVhmfV+BLm0OZvSwOvbv8un+c0VpNYSW7by4vqmc nt9gOO3jH8aSgkIA3/tMRQP37r4QiwoXpFMoFYMv981THTzqNhlVJHWt4iX6OxbD qJuCUnfrygnaadcr4mxblyj8Yvfmgzn8xmXYdQ1HInP/iL/uPwWpvpRpMdI2tiRa nTG4wS9H9A5M6OzjCAZZ6sblvED9L5UdjwZ3tIFdiAX2XRn4dCtveeo51uVPhUwa RAVGpEPRc3I+YwaDXvIjxC7c07qB9rnNcAOW8ivK/6rZLMFioc0DYt5SvJ7ikAwC 1nRpwY27yGp+GH6mrWPYQVNJbHtVuV4VMkFCxlbR5y7DO90p/0MSox/HNqIeLI6D fEDLmG5HrqCBnl/GRlfqtqlOBBFW/32CUFXkQilFCjW4Y1bmz18Hfh/cr3gbBmJS qIjW8lVM1Fc= =+k6t -----END PGP SIGNATURE----- --nextPart2559976.VyuSnDNQj6-- -- gentoo-dev@gentoo.org mailing list