On Wed, 2007-06-20 at 15:57 -0400, Mike Frysinger wrote:
> On Wednesday 20 June 2007, Marius Mauch wrote:
> > Mike Frysinger <[EMAIL PROTECTED]> wrote:
> > > mayhaps we need a new function to be run in src_install() to label
> > > files as "sensitive" ... so baselayout would do:
> > > esosensitive /etc/{fstab,group,passwd,shadow}
> > > and then we expand the format of CONTENTS in the vdb:
> > > priv /etc/fstab <hash> <mtime>
> >
> > And what would be phase 2 of that? Just having a new filetype
> > in CONTENTS doesn't accomplish anything by itself ...
>
> updating any tool that creates binary packages from the live $ROOT of course
> silly billy
>
> current behavior:
> # quickpkg baselayout
> * Building package for sys-apps/baselayout-1.12.10-r4
> * Packages now in '/usr/portage/pacakges':
> * sys-apps/baselayout-1.12.10-r4: 307K
>
> proposed new behavior (exact output here is not part of the discussion so
> dont
> nit pick it):
> # quickpkg baselayout
> * Building package for sys-apps/baselayout-1.12.10-r4
> * Skipping sensitive file: /etc/passwd
> * Skipping sensitive file: /etc/shadow
> * Skipping sensitive file: /etc/group
> * Packages now in '/usr/portage/pacakges':
> * sys-apps/baselayout-1.12.10-r4: 307K
> # quickpkg --iamsensitive baselayout
> * Building package for sys-apps/baselayout-1.12.10-r4
> * Including sensitive file: /etc/passwd
> * Including sensitive file: /etc/shadow
> * Including sensitive file: /etc/group
> * Packages now in '/usr/portage/pacakges':
> * sys-apps/baselayout-1.12.10-r4: 307K
Suggestion:
If you go down this "sensitive" route. please ensure that the
generated.tbz2 is mode 600 to prevent exposing this sensitive
data more than need be.
--
Ned Ludd <[EMAIL PROTECTED]>
Gentoo Linux
--
[EMAIL PROTECTED] mailing list
