Hi Niels, thanks for reaching out.
On Sat, Nov 18, 2023 at 05:13:44PM +0100, Niels Thykier wrote: > * Should the snippet use dpkg-statoverride instead of a chmod? > (If dpkg-statoverride is used, how will this interact with the next > bullet?) I don't think dpkg-statoverride can do capabilities so we couldn't track that anyway. Also note that dpkg-statoverride needs a bit of attention when it comes to /usr-merge (DEP17 P5) while the snippet will probably just work. > * Should the snippet use $DPKG_ROOT for the CMD even though setcap > would presumably have to be run from the HOST system? The commands should be used from the build system (i.e. without DPKG_ROOT). We expect that if DPKG_ROOT is being used, it is being used for all operations on the chroot and that packages are never upgraded (i.e. we're always in a kind of bootstrap setting). On the flip side, the paths to be operated on would benefit from being prefixed by DPKG_ROOT. > PS: I am also happy to receive suggestions for how to integrate this better > with dpkg. My understanding though is that it will come with the dpkg > manifest format, so I assumed the package helper just had to do some > maintscript glue for now. I also hope that we have more fundamental dpkg support for this before too long. Helmut
