On Wednesday 20 June 2007, Ned Ludd wrote: > On Wed, 2007-06-20 at 15:57 -0400, Mike Frysinger wrote: > > On Wednesday 20 June 2007, Marius Mauch wrote: > > > Mike Frysinger wrote: > > > > mayhaps we need a new function to be run in src_install() to label > > > > files as "sensitive" ... so baselayout would do: > > > > esosensitive /etc/{fstab,group,passwd,shadow} > > > > and then we expand the format of CONTENTS in the vdb: > > > > priv /etc/fstab > > > > > > And what would be phase 2 of that? Just having a new filetype > > > in CONTENTS doesn't accomplish anything by itself ... > > > > updating any tool that creates binary packages from the live $ROOT of > > course silly billy > > > > current behavior: > > # quickpkg baselayout > > * Building package for sys-apps/baselayout-1.12.10-r4 > > * Packages now in '/usr/portage/pacakges': > > * sys-apps/baselayout-1.12.10-r4: 307K > > > > proposed new behavior (exact output here is not part of the discussion so > > dont nit pick it): > > # quickpkg baselayout > > * Building package for sys-apps/baselayout-1.12.10-r4 > > * Skipping sensitive file: /etc/passwd > > * Skipping sensitive file: /etc/shadow > > * Skipping sensitive file: /etc/group > > * Packages now in '/usr/portage/pacakges': > > * sys-apps/baselayout-1.12.10-r4: 307K > > # quickpkg --iamsensitive baselayout > > * Building package for sys-apps/baselayout-1.12.10-r4 > > * Including sensitive file: /etc/passwd > > * Including sensitive file: /etc/shadow > > * Including sensitive file: /etc/group > > * Packages now in '/usr/portage/pacakges': > > * sys-apps/baselayout-1.12.10-r4: 307K > > Suggestion: > If you go down this "sensitive" route. please ensure that the > generated.tbz2 is mode 600 to prevent exposing this sensitive > data more than need be. that's a different bug which is already being addressed (and which lead me down this line of thinking in the first place) ... -mike