Dependency hell
Russell Coker
russell at coker.com.au
Mon Apr 12 06:56:00 UTC 2004
On Mon, 12 Apr 2004 03:12, Panu Matilainen <pmatilai at welho.com> wrote:
> > If we are going to have apt as a recommended program or if we have some
> > setup with yum or up2date whereby one program gets the files and another
> > does the install (similar to the apt-get/dpkg) then we could write policy
> > to support/enforce that distinction.
>
> Note that apt-rpm by default doesn't use external rpm binary to do the
> installation anymore, it uses rpmlib for the job (but can be reverted to
> the old behavior with a config option). So in that mode it requires all
> the rights rpm itself has.
This isn't a problem. apt uses helper programs to do the actual download
which can be run in a context that has no privs to do the actual
installation. The rpmlib code called by the main apt process can verify the
integrity of the downloaded file.
Hmm, does rpmlib deal with the case of a .rpm file being signed, but then
being replaced between signature check and installation?
> The other parts like download, uncompress etc which run as separate
> processes could well be restricted much more and I'm in fact planning to
> write such a policy for apt just (if only to teach myself selinux).
That's great!
> > However I expect apt to be phased out, so it's probably not worth doing.
>
> I don't see it going away anytime soon.
So we will have both apt and yum doing much the same thing?
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the devel
mailing list