[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [PATCH] Support for PAX extended header and Linux extended attributes

On Tue, 2016-05-10 at 16:41 -0400, Stefan Berger wrote:
> The following patch adds support for the tar pax extended header to the tar
> parser so that tar files with pax extended headers containing Linux extended
> attributes can be processed by dpkg. Essentially the pax extended header
> contains key value pairs that describe file attributes. More information
> about the format can be found here:
> http://pubs.opengroup.org/onlinepubs/009695299/utilities/pax.html#tag_04_100_13_03
> We are particularly interested in the security.ima extended attribute,
> which, if available, contains a signature for the following file in the tar
> and which we then write as a Linux extended attribute into the filesystem.
> We are adding this type of support also to libarchive so that reprepro can
> process Debian packages with pax extended headers. Further, we are extending
> apt with pax extended header processing support as well.

(CC'ing Niels and Andrew)

Support for including security.ima xattrs in Debian packages (Bug#766267
) required debhelper scripts.  With the following two kernel patches,
GNU tar works without any other changes.  Should we update the original
request or open a new one for adding pax support instead?

05d1a71 ima: add support for creating files using the mknodat syscall
42a4c60 ima: fix ima_inode_post_setattr



Reply to: