Dear mentors, I am looking for a sponsor for my package "fsprotect". In this message there is also a summary of everything that was discussed in this list.
* Package name : fsprotect Version : 1.0.2 Upstream Author : Stefanos Harhalakis <v...@v13.gr> (me) * URL : http://www.v13.gr/proj/fsprotect/ * License : GPL Section : admin It builds these binary packages: fsprotect - Helper scripts to make filesystems immutable The package appears to be lintian clean (with an override, but see bellow). Description: ------------ fsprotect is a set of scripts that make immutable the root and other filesystems. Using aufs they pack a tmpfs filesystem and the filesystem forcing changes to be written to the tmpfs. The root filesystem is protected by an initramfs script. Other filesystems are protected by an init script. All protected filesystems become read-only ensuring their immutability even on power-offs. This can be used for public computers to prevent damage or changes. It is ideal for: * Public computers. It keeps all files intact, no matter what the user does. * Testing. i.e. KDE3 -> KDE4 or etch -> lenny upgrades * Security (also requires adequate paranoia) Fsprotect can be seen as an opensource alternative to deepfreeze for linux. Example usage: -------------- * apt-get install aufs-modules-2.6-amd64 fsprotect * read /usr/share/doc/fsprotect/README.Debian and/or /usr/share/doc/fsprotect/fsprotect.pdf.gz * add line "fsprotect=1000M" to /boot/grub/menu.lst as a kernel parameter * run "update-grub" * possible modify /etc/default/fsprotect to include a line like: PROTECT="/var=1000M /home=2000M" * reboot At this point you can do rm -rf /bin/* -or- upgrade to KDE4 -or- do "apt-get dist-upgrade -t unstable" -or- perform whatever destructive action you never dared to (except messing with the partitions and doing raw writes on block devices). To check that the filesystems are actually protected, just run 'is_aufs / && echo "OK"' After rebooting, the system will be in the same condition as when it was before the fsprotect installation. Debian native: -------------- fsprotect is 100% tied to a distribution. It cannot be an independent program that is packaged for debian or other distributions. The core functionality is provided by one init script and one initramfs script/hook and those are depending very much to the distribution. I.e the init script must run immediately after the filesystems are mounted and before anything else is ran. fsprotect cannot be practically spliced to .orig and .diff. There is no clear distinction between what will go in debian/ and what will be left out. Attempting to make it a non-native package will result in a package that does one or more of the following: a) includes debian specific scripts outside of debian/ b) contains debian specific scripts in .orig.tar.gz c) uploads a new .orig.tar.gz when other debian packages change The source code is small and the most part of it is inside debian/. The output of the du is: $ du -sk fsprotect/* 264 fsprotect/debian 156 fsprotect/doc 56 fsprotect/initramfs-tools 20 fsprotect/lib 20 fsprotect/sbin while doc/ contains debian-specific documentation in pdf form. NMUs may use versions like "1.0.2+nmu1" Lintian overrides: ------------------ fsprotect overrides the "virtual-package-depends-without-real-package-depends" lintian warning. This is done because it depends on aufs modules which are provided as debian packages and it isn't a good idea (or even possible) to depend on packages like this one: aufs-modules-2.6.29-v2-v (which for example, is the module compiled for the custom kernel of my system). I've made fsprotect depend on aufs-modules which is provided my aufs-modules-* packages. In general, it isn't possible to depend on a specific modules version. Changes: -------- fsprotect used to create the directory /fsprotect upon installation. This is no longer happening. The directory is created in the volatile space whenever fsprotect is active. This means that such a directory will never be written in the disk and will never be visible when fsprotect isn't active. The package can be found on mentors.debian.net: - URL: http://mentors.debian.net/debian/pool/main/f/fsprotect - Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free - dget http://mentors.debian.net/debian/pool/main/f/fsprotect/fsprotect_1.0.2.dsc I would be glad if someone uploaded this package for me. Kind regards Stefanos Harhalakis -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
