On Tue, 2016-05-10 at 16:41 -0400, Stefan Berger wrote: > The following patch adds support for the tar pax extended header to the tar > parser so that tar files with pax extended headers containing Linux extended > attributes can be processed by dpkg. Essentially the pax extended header > contains key value pairs that describe file attributes. More information > about the format can be found here: > > http://pubs.opengroup.org/onlinepubs/009695299/utilities/pax.html#tag_04_100_13_03 > > We are particularly interested in the security.ima extended attribute, > which, if available, contains a signature for the following file in the tar > and which we then write as a Linux extended attribute into the filesystem. > > We are adding this type of support also to libarchive so that reprepro can > process Debian packages with pax extended headers. Further, we are extending > apt with pax extended header processing support as well.
(CC'ing Niels and Andrew) Support for including security.ima xattrs in Debian packages (Bug#766267 ) required debhelper scripts. With the following two kernel patches, GNU tar works without any other changes. Should we update the original request or open a new one for adding pax support instead? 05d1a71 ima: add support for creating files using the mknodat syscall 42a4c60 ima: fix ima_inode_post_setattr thanks, Mimi
