[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: new features in dpkg 1.7.1



Wichert Akkerman wrote:
> We need to have an upgrade path from suidmanager to statoverrides. At
> this moment we don't have that yet; I'm considering adding some magic to
> dpkg 1.7.2 to make it convert the settings from suidmanager into
> statoverides and ake dpkg conflict with suidmanager. Packages will need
> to be updates to use dpkg-statoverride instead in their maintainer
> scripts.

Once we have this upgrade path, dh_suidregister will be phased out. I'm
not quite sure how to do it though. consider this situation:

* package foo contains suid binary bar
* foo calls suidregister in its postinst to register bar and make it
  suid
* local admin has used suidregister to override permissions so bar is
  not suid
* a new foo is built, that does not use suidregister. So bar is shipped
  suid in the package
* the admin upgrades to this package, without upgrading dpkg first. So
  a new bar is installed, and suidregister is not called, so it is left
  suid. Their local suid.conf changes are ignored.

Not good, and I can't see a good fix, except to make the new version of
foo also call suidregister in its postinst.

> dpkg-shlibdeps has been partially reimplemented and should work a lot
> better new, albeit more slowly. The new code uses objdump instead of ldd
> to generate dependencies which gives you a much more accurate
> representation of what is really needed, and also fixes probems with
> needing to set LD_LIBRARY_PATH or fakeroot interfering. This does mean
> that maintainers will need to use dpkg-shlibdeps for both libraries and
> executables now.

dh_shlibdeps has always called it on binaries. Hasn't dpkg-shlibdeps
always been meant to be used that way? I released a new debhelper
today that phases out the LD_LIBRARY_PATH hack (it depends on the new
dpkg-dev of course).

> This trick is no longer needed now: dpkg-deb reorders the files when
> it creates a package so the maintainer no longer needs to take care
> of this himself.

dh_movefiles no longer does such ordering in the debhelper I released
today.

-- 
see shy jo



Reply to: