Scribit Michelle Konzack dies 25/04/2007 hora 20:44: > > I think you're targetting the wrong layer of the system. If many > > packages contain so much sensitive data, it would be easier to > > encrypt a tarball or part of a FS where packages are read. > The packages are in general on the Server! Could you be more precise? First ISTR you talked about a CD with sensitive data. Now there's a package server. The two scenario are completely different, and call for completely different protection schemes, I'd say. > > As far as D-I is concerned, you could probably easily add a udeb to > > deal with decrypting and unpacking of that senstive part, and leave > > apt and dpkg untouched. > You mean, put the crypred tarball into the DEB? No. I mean you could have an encrypted tarball on the debian installer CD, and that tarball could be unpacked by a compononent of the installer. The debian packages in the tarball would then be reachable by apt and dpkg in a totally normal way (you could either add another source or use some union FS). > > On the other hand, if not all the Debian package is sensitive, you > > better be encrypting data inside it, and have the application or an > > helper decrypt it when needed, maybe in maintainer scripts. > I was trying this too, but Sometimes I get conflicts with Packages > containing the same files. Then your files are probably at the wrong place, and the packages probably aren't FHS compliant. Correct them before "enhancing" dpkg to work around the issue. Quickly, Pierre -- nowhere.man@levallois.eu.org OpenPGP 0xD9D50D8A
Attachment:
signature.asc
Description: Digital signature