Re: Looking for apt-get internals guide

To: debian-devel <debian-devel@lists.debian.org>
Subject: Re: Looking for apt-get internals guide
From: Stephen Gran <sgran@debian.org>
Date: Thu, 6 Nov 2003 22:51:19 -0500
Message-id: <[🔎] 20031107035119.GA8559@hadrian>
Mail-followup-to: debian-devel <debian-devel@lists.debian.org>
In-reply-to: <[🔎] 20031107002718.GX9377@dijkstra.csh.rit.edu>
References: <20031106214639.GA5622@hadrian> <20031106230222.GU9377@dijkstra.csh.rit.edu> <[🔎] 20031106233144.GA6776@hadrian> <[🔎] 20031107002718.GX9377@dijkstra.csh.rit.edu>

This one time, at band camp, Matt Zimmerman said:
> On Thu, Nov 06, 2003 at 06:31:44PM -0500, Stephen Gran wrote:
> 
> > > On Thu, Nov 06, 2003 at 04:46:39PM -0500, Stephen Gran wrote: But,
> > > I don't see why you should need to hook into apt at all in order
> > > to do what you want.  If the files you change are conffiles, your
> > > changes should be preserved, and if they aren't conffiles, you can
> > > divert them.
> > 
> > Many of the files we're shipping modify files that may or may not be
> > on the system - for instance, we might not ship a box with ftp or
> > dhcp daemons installed, but only later get requests for them.  If I
> > can make this hook into apt, it will automagically apply the patches
> > to the conffiles, add the extra logcheck ignore lines, and set up
> > firewall rules for us.  Writing the script that does the actual work
> > is easy - hooking into apt is the hard part (at least for me) so
> > that's why I asked.
> > 
> > Thanks for your suggestion - it looks like a good starting point.
> 
> I would split up your package into packages which represent the
> different pieces of software that they are modifying (and have them
> depend on what they need to work) rather than doing the work
> conditionally.

That is a possibility, but as there's generally not more than a half
dozen files per real package, it seems like needless package clutter.
Will think about it.

> logcheck seems like a bad example.  For logcheck, you only need to
> supply a file with patterns in it; this makes no difference whether a
> package is installed or not.

logcheck is, it's true, largely irrelevant - I like the idea more than I
care about the overhead.

> Likewise, adding firewall rules happens at boot time or when a network
> interface is brought up, not when a package is installed by apt.

iptables at least is more dynamic than that - you can add and delete
rules on the fly.  If we install a new network service, we want it open
(at least initially, maybe permanently) to only a few addresses.  So the
firewall scripts open up that port for those addresses.  I'm not trying
to do a vast amount of work here - but if I can do something once that
will save me repetition, it's worth it to me.

-- 
 -----------------------------------------------------------------
|   ,''`.					     Stephen Gran |
|  : :' :					 sgran@debian.org |
|  `. `'			Debian user, admin, and developer |
|    `-					    http://www.debian.org |
 -----------------------------------------------------------------

Attachment: pgpHJCe0nCL13.pgp
Description: PGP signature

Reply to:

References:
- Re: Looking for apt-get internals guide
  - From: Stephen Gran <sgran@debian.org>
- Re: Looking for apt-get internals guide
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: Changes in t1lib.
Next by Date: Re: rename linux-kernel-headers to system-headers
Previous by thread: Re: Looking for apt-get internals guide
Next by thread: Bug#219507: ITP: gtkscintilla2 -- Gtk-2 wrappers for the Scintilla source editing components
Index(es):
- Date
- Thread