[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Looking for apt-get internals guide

This one time, at band camp, Matt Zimmerman said:
> On Thu, Nov 06, 2003 at 06:31:44PM -0500, Stephen Gran wrote:
> > > On Thu, Nov 06, 2003 at 04:46:39PM -0500, Stephen Gran wrote: But,
> > > I don't see why you should need to hook into apt at all in order
> > > to do what you want.  If the files you change are conffiles, your
> > > changes should be preserved, and if they aren't conffiles, you can
> > > divert them.
> > 
> > Many of the files we're shipping modify files that may or may not be
> > on the system - for instance, we might not ship a box with ftp or
> > dhcp daemons installed, but only later get requests for them.  If I
> > can make this hook into apt, it will automagically apply the patches
> > to the conffiles, add the extra logcheck ignore lines, and set up
> > firewall rules for us.  Writing the script that does the actual work
> > is easy - hooking into apt is the hard part (at least for me) so
> > that's why I asked.
> > 
> > Thanks for your suggestion - it looks like a good starting point.
> I would split up your package into packages which represent the
> different pieces of software that they are modifying (and have them
> depend on what they need to work) rather than doing the work
> conditionally.

That is a possibility, but as there's generally not more than a half
dozen files per real package, it seems like needless package clutter.
Will think about it.

> logcheck seems like a bad example.  For logcheck, you only need to
> supply a file with patterns in it; this makes no difference whether a
> package is installed or not.

logcheck is, it's true, largely irrelevant - I like the idea more than I
care about the overhead.

> Likewise, adding firewall rules happens at boot time or when a network
> interface is brought up, not when a package is installed by apt.

iptables at least is more dynamic than that - you can add and delete
rules on the fly.  If we install a new network service, we want it open
(at least initially, maybe permanently) to only a few addresses.  So the
firewall scripts open up that port for those addresses.  I'm not trying
to do a vast amount of work here - but if I can do something once that
will save me repetition, it's worth it to me.

|   ,''`.					     Stephen Gran |
|  : :' :					 sgran@debian.org |
|  `. `'			Debian user, admin, and developer |
|    `-					    http://www.debian.org |

Attachment: pgpHJCe0nCL13.pgp
Description: PGP signature

Reply to: