[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: Package build automation tools (debmake replacement?)


>>"Andy" == Andy Mortimer <andy.mortimer@poboxes.com> writes:

	I have incorporated the changes suggested about the direction
 of this effort, and have addressed some of the concerns in the
 document just posted. These are just clarifications that  are not
 there in my previous postings ..

>> 15. The utilities/helper tools should be limited in their actions
>> (preferably limited to only modifying files in one directory? And
>> possibly subdirectories thereof Under no circumstance should they
>> modify anything outside the Debian subdirectory except possibly
>> /tmp No mucking in system directories

Andy> Yes, but are you saying you want to enforce this in some way? Or
Andy> just that this is how it should be?

	I was saying that this should be a design requirement. I don't
 think thr package can police itself effectively.

>> 16. There should be a no exec option, which should not require
>> super user privilege to execute

Andy> Can we not have a `dummy build' option, which allows a package
Andy> build as non-root, but creates a non-installable package, but
Andy> one which can be unpacked with dpkg-deb and poked around with a
Andy> bit?
	The problem here is mostly other programs that mey be run as
 part of a build process, like chowns and chmods in the rules file,
 and dpkg-* programs that expect to be run as root. This is quite a
 large mouthful to bite off ...

>> 17. If at all possible, the commands to be run should also be
>> available statically (that is, in a file somewhere), and not only
>> available inside an executable image.

Andy> Um ... you mean, if the commands to run are a shell script, you
Andy> want another copy with no executable bit? ;) I don't really
Andy> understand this.

	I have seen shell scripts, and make files (Imake Makefiles, fr
 example), perl scripts, etc, that are as obfuscated with case
 statements and macros and functiona calls as any obfuscated C winner
 (perl wins any such contest hands down), that I want to know
 *exactly* what commands that script runs.


 Sex is like air.  It's only a big deal if you can't get any.
Manoj Srivastava               <url:mailto:srivasta@acm.org>
Mobile, Alabama USA            <url:http://www.datasync.com/%7Esrivasta/>

Reply to: