Onward branch

Chris Buxton cbuxton at menandmice.com
Wed Sep 17 06:57:40 PDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sep 17, 2008, at 12:20 AM, Jan Dvorak wrote:
> On Wednesday 17 September 2008 04:20:56 Robert Connolly wrote:
>> On Monday September 15 2008 03:17:04 am Jan Dvorak wrote:
>>>> The more_control_and_pkg_man.txt hint system is tedious, but it
>>>> identifies every problem with filesystem permissions and packages,
>>>> for us. It's a big helper.
>>>
>>> Nope, it's totall overkill. You never ever run a program under a
>>> package user. The only reason for them is to install files safely,
>>> which can be done without polluting your passwd and group files and
>>> making all *nix people around scream with horror after looking at  
>>> `ls
>>> -l` output.
>>
>> An alternative would be two users, an owner (user-1) of most of the
>> filesystem (/usr, /lib, /bin), and a build user (user-2). The two  
>> users
>> are in the same group. user-2 has write permission on /usr, and can
>> install there, but can't overwrite user-1's files. After an install,
>> the new files have their ownership changed from user-2 to user-1, and
>> group-write removed. This keeps packages from overwriting  
>> eachother, an
>> installed-files list can be made for each package before (or during)
>> ownership change, and it only involves two users.
>
> This sounds like package users simplified enough to be usable. If  
> you want
> to maintain which package installed the particular file, you can  
> always
> enable user_xattr and use extended attributes instead.
>
> But still, the de-facto standard out there is to install as  
> unprivileged
> user elsewhere, create package and then merge it into the system.  
> Glibc,
> gcc, binutils, probably all other GNU packages in the book can be
> installed like this without any modifications.
>
> Other acceptable approach would be the installing packages to separate
> directories. It would require a bit of scripting, but in the end, you
> would install to a dedicated g+w,o+t directory and use a script to  
> chown
> package, symlink selected files to /usr and run some specialized  
> thingies
> like install-info...

The extended attributes idea sounds interesting, combined with the  
liberal use of 'make DESTDIR=blah install'. I don't personally like  
the idea of using package directories, although it might turn out to  
be the most useful method - add a version number and you have the  
ability to keep an old version around when upgrading.

Chris Buxton
Professional Services
Men & Mice

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkjRDNQACgkQ0p/8Jp6Boi16QgCcDJ+eQzpHhgRWFK9lEDi6u0qE
hXAAoJxFmi7x3Jed0StoJKKtiOdxbwh9
=O91Z
-----END PGP SIGNATURE-----



More information about the hlfs-dev mailing list