Re: [PATCH] Support for PAX extended header and Linux extended attributes
On Tue, 2016-05-10 at 16:41 -0400, Stefan Berger wrote:
> The following patch adds support for the tar pax extended header to the tar
> parser so that tar files with pax extended headers containing Linux extended
> attributes can be processed by dpkg. Essentially the pax extended header
> contains key value pairs that describe file attributes. More information
> about the format can be found here:
>
> http://pubs.opengroup.org/onlinepubs/009695299/utilities/pax.html#tag_04_100_13_03
>
> We are particularly interested in the security.ima extended attribute,
> which, if available, contains a signature for the following file in the tar
> and which we then write as a Linux extended attribute into the filesystem.
>
> We are adding this type of support also to libarchive so that reprepro can
> process Debian packages with pax extended headers. Further, we are extending
> apt with pax extended header processing support as well.
(CC'ing Niels and Andrew)
Support for including security.ima xattrs in Debian packages (Bug#766267
) required debhelper scripts. With the following two kernel patches,
GNU tar works without any other changes. Should we update the original
request or open a new one for adding pax support instead?
05d1a71 ima: add support for creating files using the mknodat syscall
42a4c60 ima: fix ima_inode_post_setattr
thanks,
Mimi
Reply to: