On 10/05/2017 05:01 AM, Paul Wise wrote: > A better place to put isa-support might be in an apt plugin that > detects packages being installed that declare for example CPU-Flags: > SSE4.1 and prevents installing them unless in a chroot (for d-i or > debootstraps) and has an option to disable that blockage. Zero idea if > apt has a hook that could be used for this. I think that's a very important observation. I don't think you can necessarily conclude that the system where the package is initially installed is the system were the code is executed. In many kinds of image-based environments the machines the image is shipped to have very likely a different instruction capability than the machine where the image is built on. You argued in #873733[1] that you'd rather see the package installation fail. I see the appeal of that, especially to alert the admin. But there needs to be some kind of switch to flip to ignore these. Right now it seems that switch is IGNORE_ISA in the environment. But given the attempts to get a cleaner environment for dpkg, I'm not sure that's the best file. I.e. it'd be better to also have a flag file. As a side note I'm also amazed that there's literally a uuencoded blob in the preinst that contains binary code that is unpacked and executed, just like any malware would do. :) Kind regards Philipp Kern [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873733
Attachment:
signature.asc
Description: OpenPGP digital signature