From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1I16hB-0003EP-Dp for garchives@archives.gentoo.org; Wed, 20 Jun 2007 20:22:29 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l5KKKlbo020689; Wed, 20 Jun 2007 20:20:47 GMT Received: from smtp-3.tky.hut.fi (smtp03.tky.fi [82.130.63.73]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l5KKIhEJ018265 for ; Wed, 20 Jun 2007 20:18:43 GMT Received: from [82.130.46.218] ([82.130.46.218]) by smtp-3.tky.hut.fi (SMSSMTP 4.1.9.35) with SMTP id M2007062023184218377 for ; Wed, 20 Jun 2007 23:18:42 +0300 Message-ID: <46798B9C.2080505@gentoo.org> Date: Wed, 20 Jun 2007 23:18:36 +0300 From: =?UTF-8?B?UGV0dGVyaSBSw6R0eQ==?= User-Agent: Thunderbird 2.0.0.4 (X11/20070620) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] how to handle sensitive files when generating binary packages References: <200706200047.04951.vapier@gentoo.org> <20070620124925.e0e7280f.genone@gentoo.org> <200706201557.56872.vapier@gentoo.org> In-Reply-To: <200706201557.56872.vapier@gentoo.org> X-Enigmail-Version: 0.95.1 OpenPGP: url=http://users.tkk.fi/~praty/public.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigBE7CCD09D30D4A48B9123549" X-Archives-Salt: c6cfe034-2385-4ec4-9001-baf1c01bac14 X-Archives-Hash: 8940f40321a0ca1f59f8c2e42e3e8966 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigBE7CCD09D30D4A48B9123549 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Mike Frysinger kirjoitti: > On Wednesday 20 June 2007, Marius Mauch wrote: >> Mike Frysinger wrote: >>> mayhaps we need a new function to be run in src_install() to label >>> files as "sensitive" ... so baselayout would do: >>> esosensitive /etc/{fstab,group,passwd,shadow} >>> and then we expand the format of CONTENTS in the vdb: >>> priv /etc/fstab >> And what would be phase 2 of that? Just having a new filetype >> in CONTENTS doesn't accomplish anything by itself ... >=20 > updating any tool that creates binary packages from the live $ROOT of c= ourse=20 > silly billy >=20 > current behavior: > # quickpkg baselayout > * Building package for sys-apps/baselayout-1.12.10-r4 > * Packages now in '/usr/portage/pacakges': > * sys-apps/baselayout-1.12.10-r4: 307K >=20 > proposed new behavior (exact output here is not part of the discussion = so dont=20 > nit pick it): > # quickpkg baselayout > * Building package for sys-apps/baselayout-1.12.10-r4 > * Skipping sensitive file: /etc/passwd > * Skipping sensitive file: /etc/shadow > * Skipping sensitive file: /etc/group > * Packages now in '/usr/portage/pacakges': > * sys-apps/baselayout-1.12.10-r4: 307K > # quickpkg --iamsensitive baselayout > * Building package for sys-apps/baselayout-1.12.10-r4 > * Including sensitive file: /etc/passwd > * Including sensitive file: /etc/shadow > * Including sensitive file: /etc/group > * Packages now in '/usr/portage/pacakges': > * sys-apps/baselayout-1.12.10-r4: 307K > -mike It would probably be prudent to have pristine versions of the files installed on the system (optional) so that you can actually create binary packages with all the files. Regards, Petteri --------------enigBE7CCD09D30D4A48B9123549 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGeYufcxLzpIGCsLQRArunAKCW+woZGxVTFbHJjJXkNav7yGEICwCdH5wq ttKEu7pkuLfyHYrZOrGMh/4= =aegk -----END PGP SIGNATURE----- --------------enigBE7CCD09D30D4A48B9123549-- -- gentoo-dev@gentoo.org mailing list