At Thu, 28 May 2009 11:06:38 +0200, Joerg Sonnenberger <joerg%britannica.bec.de@localhost> wrote: Subject: Re: handling of new user/group additions in binary packages is broken > > On Wed, May 27, 2009 at 09:50:06PM -0400, Greg A. Woods wrote: > > Handling of new user/group additions from binary packages is broken > > w.r.t. the file ownerships given within binary archives, and it is > > effectively broken in its design. > > It is not. There was an ommission in the original pkg_install-renovation > merge that had the extraction of ownership disabled (I forgot why), > otherwise it just works with new enough pkg_install. Hmmm.... at first I was about to say "Extraction of ownership IDs from the tar file _is_ the problem." However upon examining current code, which is newer than what's in any existing NetBSD release (except the very recent pkgsrc-2009Q1 I see), it seems you've effectively implemented the hack I described. Hopefully use of pkgsrc-2009Q1 requires use of the pkg_install it includes. :-) Perhaps the fact this bug is fixed due to the design change of being able to run the INSTALL script before extracting the rest of the package files could also be noted in the documentation about the pkg_install-renovation changes? What do you think of the idea of using the MTREE file to carry ownership (and permission) information instead of just leaving it to the archive header alone? The reason being that doing so leaves a record of the intended and necessary file ownerships on the target system in order to allow for proper audits of package file ownerships (including the ability to audit which IDs belong to, and/or are required by, each package), as well as even allowing the local administrator the ability to renumber IDs and fix package ownerships without having to fully re-install all packages from scratch. I realize this means adding an additional burden on package module maintainers, but I think it may be a valuable enough addition to be worthwhile. I know this is one of the major things I've always found to be lacking in pkgsrc (even without considering use of binary packages), and it's always been frustrating because I know pkg_install had a viable solution waiting in the wings all along -- it just needs to be used! -- Greg A. Woods Planix, Inc. <woods%planix.com@localhost> +1 416 218-0099 http://www.planix.com/
Attachment:
pgpBPba2hCI6w.pgp
Description: PGP signature