On Sun, 2006-07-16 at 18:13 +0400, Anton wrote:
On Sun, Jul 16, 2006 at 07:10:02PM +0200, Mark Rosenstand wrote:
On Sat, 2006-07-15 at 02:17 +0400, Anton wrote:
This patch adds -i (--ignore-perms) option to pkgadd, which makes possible to not bother user with permissions conflicts.
To be really useful, prt-get must be modified. Say, /etc/prt-get.conf will look like: trusted-prtdir /usr/ports/core trusted-prtdir /usr/ports/opt prtdir /usr/ports/contrib
Which means, that prt-get will pass -i option to all packages built from core and opt. And will not pass -i to packages from contrib.
Personally I'm more afraid of directories having unsafe (or too strict) permissions by accident. The solutions I see is to either detect a conflict or reject the directory and update rejmerge to handle it.
It's impossible for now, as we have one reject directory for all packages. This would possible if we introduce /var/lib/pkg/rejected/packageA/, /var/lib/pkg/rejected/packageB/, ...
But I don't really like that idea.
I suspect that this is an issue in theory only. pkgadd already warns when rejecting files, meaning the user should run rejmerge ASAP. It's possible (but unlikely) that the same directory will get rejected from different packages, but the overwrite in /var/lib/pkg/rejected don't really cause any trouble. (Hey, this is how it works now, except the stuff is merged directly to our filesystems without any warnings!)
Johannes and I already discussed the usefulness of something like the "trusted" feature, only with post-install scripts in mind :)
Then I'd like we can choose to what we trust: post-install and/or permissions changes. Maybe some kind of flags:
prtdir +! /usr/ports/core prtdir ! /usr/ports/opt prtdir /usr/ports/contrib
+ is "I trust you to run post-install" ! is "I trust you to pass -i option"
This seems overly complicated and cryptic to me. I think we'd be better off changing the config file format completely, like: [core] directory /usr/ports/core run-scripts yes [contrib] directory /usr/ports/contrib run-scripts no Since it scales so much better (when we want feature Z, we won't have to add yet another weird, non-logical character.)