From: "Petteri Räty" <betelgeuse@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] how to handle sensitive files when generating binary packages
Date: Wed, 20 Jun 2007 23:18:36 +0300 [thread overview]
Message-ID: <46798B9C.2080505@gentoo.org> (raw)
In-Reply-To: <200706201557.56872.vapier@gentoo.org>
[-- Attachment #1: Type: text/plain, Size: 1755 bytes --]
Mike Frysinger kirjoitti:
> On Wednesday 20 June 2007, Marius Mauch wrote:
>> Mike Frysinger <vapier@gentoo.org> wrote:
>>> mayhaps we need a new function to be run in src_install() to label
>>> files as "sensitive" ... so baselayout would do:
>>> esosensitive /etc/{fstab,group,passwd,shadow}
>>> and then we expand the format of CONTENTS in the vdb:
>>> priv /etc/fstab <hash> <mtime>
>> And what would be phase 2 of that? Just having a new filetype
>> in CONTENTS doesn't accomplish anything by itself ...
>
> updating any tool that creates binary packages from the live $ROOT of course
> silly billy
>
> current behavior:
> # quickpkg baselayout
> * Building package for sys-apps/baselayout-1.12.10-r4
> * Packages now in '/usr/portage/pacakges':
> * sys-apps/baselayout-1.12.10-r4: 307K
>
> proposed new behavior (exact output here is not part of the discussion so dont
> nit pick it):
> # quickpkg baselayout
> * Building package for sys-apps/baselayout-1.12.10-r4
> * Skipping sensitive file: /etc/passwd
> * Skipping sensitive file: /etc/shadow
> * Skipping sensitive file: /etc/group
> * Packages now in '/usr/portage/pacakges':
> * sys-apps/baselayout-1.12.10-r4: 307K
> # quickpkg --iamsensitive baselayout
> * Building package for sys-apps/baselayout-1.12.10-r4
> * Including sensitive file: /etc/passwd
> * Including sensitive file: /etc/shadow
> * Including sensitive file: /etc/group
> * Packages now in '/usr/portage/pacakges':
> * sys-apps/baselayout-1.12.10-r4: 307K
> -mike
It would probably be prudent to have pristine versions of the files
installed on the system (optional) so that you can actually create
binary packages with all the files.
Regards,
Petteri
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]
next prev parent reply other threads:[~2007-06-20 20:22 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-20 4:47 [gentoo-dev] how to handle sensitive files when generating binary packages Mike Frysinger
2007-06-20 10:45 ` Andrew Gaffney
2007-06-20 10:49 ` Marius Mauch
2007-06-20 11:54 ` [gentoo-dev] VDB Changes (Was Re: how to handle sensitive files when generating binary packages) Steve Long
2007-06-20 19:57 ` [gentoo-dev] how to handle sensitive files when generating binary packages Mike Frysinger
2007-06-20 20:18 ` Petteri Räty [this message]
2007-06-20 20:27 ` Mike Frysinger
2007-06-20 20:35 ` Ciaran McCreesh
2007-06-20 20:48 ` Olivier Crête
2007-06-20 20:55 ` Ciaran McCreesh
2007-06-20 20:54 ` Mike Frysinger
2007-06-20 21:01 ` Ciaran McCreesh
2007-06-20 21:19 ` Mike Frysinger
2007-06-20 21:22 ` Ciaran McCreesh
2007-06-20 21:38 ` Mike Frysinger
2007-06-20 21:48 ` Ciaran McCreesh
2007-06-20 21:59 ` Mike Frysinger
2007-06-20 22:02 ` Olivier Crête
2007-06-20 22:28 ` Mike Frysinger
2007-06-20 22:41 ` Olivier Crête
2007-06-20 22:50 ` Mike Frysinger
2007-06-20 23:11 ` Chris Gianelloni
2007-06-20 23:44 ` Mike Frysinger
2007-06-20 22:31 ` Chris Gianelloni
2007-06-20 22:35 ` Ciaran McCreesh
2007-06-20 22:49 ` Luca Barbato
2007-06-20 23:08 ` Chris Gianelloni
2007-06-20 23:12 ` Daniel Ostrow
2007-06-20 23:51 ` [gentoo-dev] " Steve Long
2007-06-20 23:18 ` [gentoo-dev] " Ciaran McCreesh
2007-06-21 7:57 ` Tobias Klausmann
2007-06-20 22:58 ` Jan Kundrát
2007-06-20 21:04 ` William L. Thomson Jr.
2007-06-20 21:11 ` Ned Ludd
2007-06-20 21:38 ` Mike Frysinger
2007-06-20 13:04 ` Olivier Crête
2007-06-20 13:15 ` Matthias Schwarzott
2007-06-20 15:43 ` [gentoo-dev] " Duncan
2007-06-20 16:44 ` [gentoo-dev] " Marius Mauch
2007-06-20 20:07 ` Mike Frysinger
2007-06-20 20:12 ` Ciaran McCreesh
2007-06-20 20:19 ` Andrew Gaffney
2007-06-20 20:25 ` Ciaran McCreesh
2007-06-20 20:53 ` Andrew Gaffney
2007-06-20 21:09 ` William L. Thomson Jr.
2007-06-21 1:38 ` [gentoo-dev] User warnings (Was Re: how to handle sensitive files when generating binary packages) Steve Long
2007-06-21 1:42 ` [gentoo-dev] Re: how to handle sensitive files when generating binary packages Steve Long
2007-06-21 0:13 ` [gentoo-dev] " Josh Saddler
2007-06-21 2:24 ` Mike Frysinger
2007-06-21 3:04 ` Mike Frysinger
2007-06-21 3:18 ` Josh Saddler
2007-06-21 6:11 ` Ned Ludd
2007-06-21 6:23 ` Vlastimil Babka
2007-06-21 6:17 ` Vlastimil Babka
2007-06-22 6:24 ` Mike Frysinger
2007-06-20 20:26 ` Mike Frysinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46798B9C.2080505@gentoo.org \
--to=betelgeuse@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox