Re: Proper way to do setcap in maintscript
Hi Niels,
thanks for reaching out.
On Sat, Nov 18, 2023 at 05:13:44PM +0100, Niels Thykier wrote:
> * Should the snippet use dpkg-statoverride instead of a chmod?
> (If dpkg-statoverride is used, how will this interact with the next
> bullet?)
I don't think dpkg-statoverride can do capabilities so we couldn't track
that anyway. Also note that dpkg-statoverride needs a bit of attention
when it comes to /usr-merge (DEP17 P5) while the snippet will probably
just work.
> * Should the snippet use $DPKG_ROOT for the CMD even though setcap
> would presumably have to be run from the HOST system?
The commands should be used from the build system (i.e. without
DPKG_ROOT). We expect that if DPKG_ROOT is being used, it is being used
for all operations on the chroot and that packages are never upgraded
(i.e. we're always in a kind of bootstrap setting).
On the flip side, the paths to be operated on would benefit from being
prefixed by DPKG_ROOT.
> PS: I am also happy to receive suggestions for how to integrate this better
> with dpkg. My understanding though is that it will come with the dpkg
> manifest format, so I assumed the package helper just had to do some
> maintscript glue for now.
I also hope that we have more fundamental dpkg support for this before
too long.
Helmut
Reply to: