From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1I13O7-0003YK-Ud for garchives@archives.gentoo.org; Wed, 20 Jun 2007 16:50:36 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l5KGmLJP024622; Wed, 20 Jun 2007 16:48:21 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l5KGiD6o017984 for ; Wed, 20 Jun 2007 16:44:13 GMT Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 901AF64893 for ; Wed, 20 Jun 2007 16:44:12 +0000 (UTC) X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Score: 0.503 X-Spam-Level: X-Spam-Status: No, score=0.503 required=5.5 tests=[AWL=-0.750, RCVD_NUMERIC_HELO=1.253] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f9zOEghV045u for ; Wed, 20 Jun 2007 16:44:04 +0000 (UTC) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id BD7AFBCD66 for ; Wed, 20 Jun 2007 12:20:42 +0000 (UTC) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1I0yyF-0007dM-AW for gentoo-dev@gentoo.org; Wed, 20 Jun 2007 14:07:35 +0200 Received: from 81.5.170.119 ([81.5.170.119]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 20 Jun 2007 14:07:35 +0200 Received: from slong by 81.5.170.119 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 20 Jun 2007 14:07:35 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-dev@lists.gentoo.org From: Steve Long Subject: [gentoo-dev] VDB Changes (Was Re: how to handle sensitive files when generating binary packages) Date: Wed, 20 Jun 2007 12:54:24 +0100 Message-ID: References: <200706200047.04951.vapier@gentoo.org> <20070620124925.e0e7280f.genone@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7Bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: 81.5.170.119 User-Agent: KNode/0.10.4 Sender: news X-Archives-Salt: 7a507e8e-a4bc-4559-9284-075ed14b704c X-Archives-Hash: e3a215282b67b539840f7108191e6a4e Marius Mauch wrote: > Mike Frysinger wrote: >> mayhaps we need a new function to be run in src_install() to label >> files as "sensitive" ... so baselayout would do: >> esosensitive /etc/{fstab,group,passwd,shadow} >> and then we expand the format of CONTENTS in the vdb: >> priv /etc/fstab > > And what would be phase 2 of that? Just having a new filetype > in CONTENTS doesn't accomplish anything by itself ... > I imagine the tools need updating to deal with that (especially quickpkg etc.) Of course this needs to be tested thoroughly from a security pov, and admins may well decide they don't like the idea (after all a professional is going to have their own backup procedures in place already.) If you're adding a priv field, tho, you might as well make it a generic attributes field imo. Not sure what uses you can come up with, but rcs integration springs to mind. On a wider note, how difficult are these sorts of changes to implement? Only we were discussing a satisfiedBy addition to refine system updates on #-portage (something to do with slots, unversioned deps and --depclean, but I couldn't really follow it all) and that would require change in vdb as well, which I was told needed an EAPI bump. So, if y'all are discussing vdb changes for EAPI=1 (which aiui is needed yesterday ;) I for one would love to know what other changes devs would like to see. -- gentoo-dev@gentoo.org mailing list