[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Dependency hell



On Mon, 12 Apr 2004 03:12, Panu Matilainen <pmatilai welho com> wrote:
> > If we are going to have apt as a recommended program or if we have some
> > setup with yum or up2date whereby one program gets the files and another
> > does the install (similar to the apt-get/dpkg) then we could write policy
> > to support/enforce that distinction.
>
> Note that apt-rpm by default doesn't use external rpm binary to do the
> installation anymore, it uses rpmlib for the job (but can be reverted to
> the old behavior with a config option). So in that mode it requires all
> the rights rpm itself has.

This isn't a problem.  apt uses helper programs to do the actual download 
which can be run in a context that has no privs to do the actual 
installation.  The rpmlib code called by the main apt process can verify the 
integrity of the downloaded file.

Hmm, does rpmlib deal with the case of a .rpm file being signed, but then 
being replaced between signature check and installation?

> The other parts like download, uncompress etc which run as separate
> processes could well be restricted much more and I'm in fact planning to
> write such a policy for apt just (if only to teach myself selinux).

That's great!

> > However I expect apt to be phased out, so it's probably not worth doing.
>
> I don't see it going away anytime soon.

So we will have both apt and yum doing much the same thing?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]