Re: RFS: fsprotect (try #3)

To: v13@v13.gr
Cc: debian-mentors@lists.debian.org
Subject: Re: RFS: fsprotect (try #3)
From: LI Daobing <lidaobing@debian.org>
Date: Sun, 3 May 2009 11:24:15 +0800
Message-id: <[🔎] 8eae5a660905022024h76a61de8n324d1985b3685cc@mail.gmail.com>
In-reply-to: <8eae5a660904280518u7a14829br3fe4af54d4c5d104@mail.gmail.com>
References: <200904272234.07736.v13@v13.gr> <8eae5a660904280518u7a14829br3fe4af54d4c5d104@mail.gmail.com>

Hello,

On Tue, Apr 28, 2009 at 20:18, LI Daobing <lidaobing@debian.org> wrote:
> Hello,
>
> 2009/4/28 Stefanos Harhalakis <v13@v13.gr>:
>> Dear mentors,
>>
>> I am looking for a sponsor for my package "fsprotect". In this message there
>> is also a summary of everything that was discussed in this list.
>>
>> * Package name    : fsprotect
>>  Version         : 1.0.2
>>  Upstream Author : Stefanos Harhalakis <v13@v13.gr> (me)
>> * URL             : http://www.v13.gr/proj/fsprotect/
>> * License         : GPL
>>  Section         : admin
>>
>> It builds these binary packages:
>> fsprotect  - Helper scripts to make filesystems immutable
>>
>> The package appears to be lintian clean (with an override, but see bellow).
>>
>> Description:
>> ------------
>> fsprotect is a set of scripts that make immutable the root and other
>> filesystems. Using aufs they pack a tmpfs filesystem and the filesystem
>> forcing changes to be written to the tmpfs.
>>
>> The root filesystem is protected by an initramfs script. Other filesystems
>> are protected by an init script. All protected filesystems become read-only
>> ensuring their immutability even on power-offs.
>>
>> This can be used for public computers to prevent damage or changes.
>>
>> It is ideal for:
>> * Public computers. It keeps all files intact, no matter what the user does.
>> * Testing. i.e. KDE3 -> KDE4 or etch -> lenny upgrades
>> * Security (also requires adequate paranoia)
>>
>> Fsprotect can be seen as an opensource alternative to deepfreeze for linux.
>>
>> Example usage:
>> --------------
>> * apt-get install aufs-modules-2.6-amd64 fsprotect
>> * read /usr/share/doc/fsprotect/README.Debian   and/or
>> /usr/share/doc/fsprotect/fsprotect.pdf.gz
>> * add line "fsprotect=1000M" to /boot/grub/menu.lst as a kernel parameter
>> * run "update-grub"
>> * possible modify /etc/default/fsprotect to include a line like:
>> PROTECT="/var=1000M /home=2000M"
>> * reboot
>>
>> At this point you can do rm -rf /bin/* -or- upgrade to KDE4 -or- do
>> "apt-get dist-upgrade -t unstable" -or- perform whatever destructive action
>> you never dared to (except messing with the partitions and doing raw writes on
>> block devices). To check that the filesystems are actually protected, just run
>> 'is_aufs / && echo "OK"'
>>
>> After rebooting, the system will be in the same condition as when it was
>> before the fsprotect installation.
>>
>> Debian native:
>> --------------
>> fsprotect is 100% tied to a distribution. It cannot be an independent program
>> that is packaged for debian or other distributions. The core functionality is
>> provided by one init script and one initramfs script/hook and those are
>> depending very much to the distribution. I.e the init script must run
>> immediately after the filesystems are mounted and before anything else is
>> ran.
>>
>> fsprotect cannot be practically spliced to .orig and .diff. There is no clear
>> distinction between what will go in debian/ and what will be left out.
>> Attempting to make it a non-native package will result in a package that does
>> one or more of the following:
>>
>> a) includes debian specific scripts outside of debian/
>> b) contains debian specific scripts in .orig.tar.gz
>> c) uploads a new .orig.tar.gz when other debian packages change
>>
>>  The source code is small and the most part of it is inside debian/.
>> The output of the du is:
>>
>> $ du -sk fsprotect/*
>> 264     fsprotect/debian
>> 156     fsprotect/doc
>> 56      fsprotect/initramfs-tools
>> 20      fsprotect/lib
>> 20      fsprotect/sbin
>>
>> while doc/ contains debian-specific documentation in pdf form.
>>
>> NMUs may use versions like "1.0.2+nmu1"
>>
>> Lintian overrides:
>> ------------------
>> fsprotect overrides the "virtual-package-depends-without-real-package-depends"
>> lintian warning. This is done because it depends on aufs modules which are
>> provided as debian packages and it isn't a good idea (or even possible) to
>> depend on packages like this one: aufs-modules-2.6.29-v2-v (which for example,
>> is the module compiled for the custom kernel of my system). I've made
>> fsprotect depend on aufs-modules which is provided my aufs-modules-* packages.
>>
>> In general, it isn't possible to depend on a specific modules version.
>>
>> Changes:
>> --------
>> fsprotect used to create the directory /fsprotect upon installation. This is
>> no longer happening. The directory is created in the volatile space whenever
>> fsprotect is active. This means that such a directory will never be written in
>> the disk and will never be visible when fsprotect isn't active.
>>
>>
>> The package can be found on mentors.debian.net:
>> - URL: http://mentors.debian.net/debian/pool/main/f/fsprotect
>> - Source repository: deb-src http://mentors.debian.net/debian unstable main
>> contrib non-free
>> - dget
>> http://mentors.debian.net/debian/pool/main/f/fsprotect/fsprotect_1.0.2.dsc
>>
>>
>> I would be glad if someone uploaded this package for me.
>>
> sounds OK for me, anyone can have a double check?
>
uploaded


-- 
Best Regards
LI Daobing

Reply to:

Prev by Date: Re: On the quest for automated QA checks (was: Re: RFS: mpview)
Next by Date: Re: RFS: boats
Previous by thread: Regarding icons (was: Re: RFS: udav)
Next by thread: Re: RFS: boats
Index(es):
- Date
- Thread