[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proper way to do setcap in maintscript



Hi Niels,

thanks for reaching out.

On Sat, Nov 18, 2023 at 05:13:44PM +0100, Niels Thykier wrote:
>  * Should the snippet use dpkg-statoverride instead of a chmod?
>    (If dpkg-statoverride is used, how will this interact with the next
>     bullet?)

I don't think dpkg-statoverride can do capabilities so we couldn't track
that anyway. Also note that dpkg-statoverride needs a bit of attention
when it comes to /usr-merge (DEP17 P5) while the snippet will probably
just work.

>  * Should the snippet use $DPKG_ROOT for the CMD even though setcap
>    would presumably have to be run from the HOST system?

The commands should be used from the build system (i.e. without
DPKG_ROOT). We expect that if DPKG_ROOT is being used, it is being used
for all operations on the chroot and that packages are never upgraded
(i.e. we're always in a kind of bootstrap setting).

On the flip side, the paths to be operated on would benefit from being
prefixed by DPKG_ROOT.

> PS: I am also happy to receive suggestions for how to integrate this better
> with dpkg. My understanding though is that it will come with the dpkg
> manifest format, so I assumed the package helper just had to do some
> maintscript glue for now.

I also hope that we have more fundamental dpkg support for this before
too long.

Helmut


Reply to: