Re: RFS: fsprotect (try #3)

To: v13@v13.gr
Cc: debian-mentors@lists.debian.org
Subject: Re: RFS: fsprotect (try #3)
From: LI Daobing <lidaobing@debian.org>
Date: Tue, 28 Apr 2009 20:18:02 +0800
Message-id: <8eae5a660904280518u7a14829br3fe4af54d4c5d104@mail.gmail.com>
In-reply-to: <200904272234.07736.v13@v13.gr>
References: <200904272234.07736.v13@v13.gr>

Hello,

2009/4/28 Stefanos Harhalakis <v13@v13.gr>:
> Dear mentors,
>
> I am looking for a sponsor for my package "fsprotect". In this message there
> is also a summary of everything that was discussed in this list.
>
> * Package name    : fsprotect
>  Version         : 1.0.2
>  Upstream Author : Stefanos Harhalakis <v13@v13.gr> (me)
> * URL             : http://www.v13.gr/proj/fsprotect/
> * License         : GPL
>  Section         : admin
>
> It builds these binary packages:
> fsprotect  - Helper scripts to make filesystems immutable
>
> The package appears to be lintian clean (with an override, but see bellow).
>
> Description:
> ------------
> fsprotect is a set of scripts that make immutable the root and other
> filesystems. Using aufs they pack a tmpfs filesystem and the filesystem
> forcing changes to be written to the tmpfs.
>
> The root filesystem is protected by an initramfs script. Other filesystems
> are protected by an init script. All protected filesystems become read-only
> ensuring their immutability even on power-offs.
>
> This can be used for public computers to prevent damage or changes.
>
> It is ideal for:
> * Public computers. It keeps all files intact, no matter what the user does.
> * Testing. i.e. KDE3 -> KDE4 or etch -> lenny upgrades
> * Security (also requires adequate paranoia)
>
> Fsprotect can be seen as an opensource alternative to deepfreeze for linux.
>
> Example usage:
> --------------
> * apt-get install aufs-modules-2.6-amd64 fsprotect
> * read /usr/share/doc/fsprotect/README.Debian   and/or
> /usr/share/doc/fsprotect/fsprotect.pdf.gz
> * add line "fsprotect=1000M" to /boot/grub/menu.lst as a kernel parameter
> * run "update-grub"
> * possible modify /etc/default/fsprotect to include a line like:
> PROTECT="/var=1000M /home=2000M"
> * reboot
>
> At this point you can do rm -rf /bin/* -or- upgrade to KDE4 -or- do
> "apt-get dist-upgrade -t unstable" -or- perform whatever destructive action
> you never dared to (except messing with the partitions and doing raw writes on
> block devices). To check that the filesystems are actually protected, just run
> 'is_aufs / && echo "OK"'
>
> After rebooting, the system will be in the same condition as when it was
> before the fsprotect installation.
>
> Debian native:
> --------------
> fsprotect is 100% tied to a distribution. It cannot be an independent program
> that is packaged for debian or other distributions. The core functionality is
> provided by one init script and one initramfs script/hook and those are
> depending very much to the distribution. I.e the init script must run
> immediately after the filesystems are mounted and before anything else is
> ran.
>
> fsprotect cannot be practically spliced to .orig and .diff. There is no clear
> distinction between what will go in debian/ and what will be left out.
> Attempting to make it a non-native package will result in a package that does
> one or more of the following:
>
> a) includes debian specific scripts outside of debian/
> b) contains debian specific scripts in .orig.tar.gz
> c) uploads a new .orig.tar.gz when other debian packages change
>
>  The source code is small and the most part of it is inside debian/.
> The output of the du is:
>
> $ du -sk fsprotect/*
> 264     fsprotect/debian
> 156     fsprotect/doc
> 56      fsprotect/initramfs-tools
> 20      fsprotect/lib
> 20      fsprotect/sbin
>
> while doc/ contains debian-specific documentation in pdf form.
>
> NMUs may use versions like "1.0.2+nmu1"
>
> Lintian overrides:
> ------------------
> fsprotect overrides the "virtual-package-depends-without-real-package-depends"
> lintian warning. This is done because it depends on aufs modules which are
> provided as debian packages and it isn't a good idea (or even possible) to
> depend on packages like this one: aufs-modules-2.6.29-v2-v (which for example,
> is the module compiled for the custom kernel of my system). I've made
> fsprotect depend on aufs-modules which is provided my aufs-modules-* packages.
>
> In general, it isn't possible to depend on a specific modules version.
>
> Changes:
> --------
> fsprotect used to create the directory /fsprotect upon installation. This is
> no longer happening. The directory is created in the volatile space whenever
> fsprotect is active. This means that such a directory will never be written in
> the disk and will never be visible when fsprotect isn't active.
>
>
> The package can be found on mentors.debian.net:
> - URL: http://mentors.debian.net/debian/pool/main/f/fsprotect
> - Source repository: deb-src http://mentors.debian.net/debian unstable main
> contrib non-free
> - dget
> http://mentors.debian.net/debian/pool/main/f/fsprotect/fsprotect_1.0.2.dsc
>
>
> I would be glad if someone uploaded this package for me.
>
sounds OK for me, anyone can have a double check?

thanks.


-- 
Best Regards
LI Daobing

Reply to:

References:
- RFS: fsprotect (try #3)
  - From: Stefanos Harhalakis <v13@v13.gr>

Prev by Date: Re: RFS: boats
Next by Date: Re: RFS: gnome-inm-forecast (updated package)
Previous by thread: RFS: fsprotect (try #3)
Next by thread: How to give lesstif2 some attention?
Index(es):
- Date
- Thread