tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: handling of new user/group additions in binary packages is broken



At Thu, 28 May 2009 11:06:38 +0200, Joerg Sonnenberger 
<joerg%britannica.bec.de@localhost> wrote:
Subject: Re: handling of new user/group additions in binary packages is broken
> 
> On Wed, May 27, 2009 at 09:50:06PM -0400, Greg A. Woods wrote:
> > Handling of new user/group additions from binary packages is broken
> > w.r.t. the file ownerships given within binary archives, and it is
> > effectively broken in its design.
> 
> It is not. There was an ommission in the original pkg_install-renovation
> merge that had the extraction of ownership disabled (I forgot why),
> otherwise it just works with new enough pkg_install.

Hmmm....  at first I was about to say "Extraction of ownership IDs from
the tar file _is_ the problem."

However upon examining current code, which is newer than what's in any
existing NetBSD release (except the very recent pkgsrc-2009Q1 I see), it
seems you've effectively implemented the hack I described.  Hopefully
use of pkgsrc-2009Q1 requires use of the pkg_install it includes.  :-)

Perhaps the fact this bug is fixed due to the design change of being
able to run the INSTALL script before extracting the rest of the package
files could also be noted in the documentation about the
pkg_install-renovation changes?

What do you think of the idea of using the MTREE file to carry ownership
(and permission) information instead of just leaving it to the archive
header alone?  The reason being that doing so leaves a record of the
intended and necessary file ownerships on the target system in order to
allow for proper audits of package file ownerships (including the
ability to audit which IDs belong to, and/or are required by, each
package), as well as even allowing the local administrator the ability
to renumber IDs and fix package ownerships without having to fully
re-install all packages from scratch.  I realize this means adding an
additional burden on package module maintainers, but I think it may be a
valuable enough addition to be worthwhile.  I know this is one of the
major things I've always found to be lacking in pkgsrc (even without
considering use of binary packages), and it's always been frustrating
because I know pkg_install had a viable solution waiting in the wings
all along -- it just needs to be used!

-- 
                                                Greg A. Woods
                                                Planix, Inc.

<woods%planix.com@localhost>       +1 416 218-0099        http://www.planix.com/

Attachment: pgpBPba2hCI6w.pgp
Description: PGP signature



Home | Main Index | Thread Index | Old Index