control: tag -1 +pending Hi,
Thank you very much for this bug repport. Sometimes I do install random package in order to add support for those in cruft, but I'm not really interrested in trying out SElinux myself. Most of your proposed changes are already implemented: https://github.com/a-detiste/cruft/commits/master > policycoreutils.explain > =========================================== > #!/bin/sh > echo /etc/selinux/config > echo /usr/sbin/load_policy I tend to avoid extra simple "explain" scripts like this one and instead use a filter. Reason: avoid starting yet an extra sub-shell to run a two-lines script. > selinux-policy-default.explain > =========================================== > #!/usr/bin/env python3 I do tend to use Python3 as my language of choice; but I inherited cruft from someone else and for now the current dependencies are bash + perl and I don't want to add other ones if possible. > print('/etc/selinux/default/contexts/files/file_contexts') > print('/etc/selinux/default/contexts/files/file_contexts.bin') > print('/etc/selinux/default/contexts/files/file_contexts.homedirs') > print('/etc/selinux/default/contexts/files/file_contexts.homedirs.bin') > print('/etc/selinux/default/seusers') I already translated all these print() lines into a filter. > pattern = re.compile('^(\d+)\s+([a-z0-9_]+)\s+(pp|cil)\s*(disabled)?$') > cp = subprocess.run(['/usr/sbin/semodule', '--list-modules=full', > '--store', 'default'], stdout=subprocess.PIPE, > stderr=subprocess.STDOUT, universal_newlines=True, check=True) > for line in cp.stdout.splitlines(): Please rewrite this in bash or perl & I'll upload a new version. > apt-listchanges.filter > =========================================== > /usr/share/apt-listchanges/__pycache__ > /usr/share/apt-listchanges/__pycache__/*.pyc I never see these .pyc files because I don't use cruft that much anymore, but my own cruft-ng rewrite; which has a special heuristic for those. https://github.com/a-detiste/cruft-ng/commit/789a2c26f9b9b2a8d46186be3981165be0154f74 Reason of rewrite: mostly everything run in a single C++ process instead of runnign hundreds of shell scripts => much faster. (but not yet feature-complete versus old cruft) > /var/lib/apt/listchanges.db This was already there. https://github.com/a-detiste/cruft/blame/master/filters-unex/apt-listchanges > ---- missing: dpkg ---- > # i do not know why they are mssing, reinstalling libglib2.0-0 > # gcc bugs? > does not help > /usr/lib/x86_64-linux-gnu/gio > /usr/lib/x86_64-linux-gnu/gio/modules Sometimes packages have those weird bugs. Sometimes I like to spend hours trying to figure out why... sometimes not. > ---- unexplained: / ---- > # i think these two are from the installation process? > /etc/apt/apt.conf.d/00CDMountPoint > /etc/apt/apt.conf.d/00trustcdrom I guess most people would rather delete these files after seeing those once in cruft report. Mine were from 2002. > # my custom configuration files > /etc/apt/apt.conf.d/01aptcacher > /etc/apt/apt.conf.d/10periodic You can also deploy those with a custom .deb accross all your hosts, then they doesn't come up anymore. Example: https://github.com/a-detiste/detiste > # apt listchanges conf, should be handled by explain script? > /etc/apt/listchanges.conf It's already there too (?!) Maybe cruft thinks apt-listchanges is not installed while it really is ?! > # do not know what do to about these two > > /tmp/systemd-private-7b3b2461cf5840c8986a3827beef6b31-systemd-timesyncd.service-l1BCT8 > > /tmp/systemd-private-7b3b2461cf5840c8986a3827beef6b31-systemd-timesyncd.service-l1BCT8/tmp I'd just wholy ignore /tmp (& /run, & /home too). That's what cruft-ng does. > # stamp file from apt.daily script, should be handled by filter? > /var/lib/apt/periodic/clean-stamp Thanks, added Alexandre Detiste
signature.asc
Description: This is a digitally signed message part.
