python3.2+ compiled files

Jeff Johnson n3npq at mac.com
Sat Apr 9 23:09:54 CEST 2011 

On Apr 9, 2011, at 4:52 PM, Tomasz Pala wrote:

> On Sat, Apr 09, 2011 at 16:32:01 -0400, Jeff Johnson wrote:
> 
>>> And I've shown that this "way" is wrong - having xattrs outside package
>>> manager is bad design per se.
>> 
>> You WILL have users using python eggs, and there WILL be a window
>> installing content outside of package management.
> 
> And how is this related to storing xattrs?

Its related to SELinux security labeling. To
ensure consistency, a label MUST be attached everywhere.

This was initially done by RPM. But "package management" does
not include home directories and other places where "windows"
lurk.

> 
> [...]
>> None of the above involves rpm "package management" installing xattr's.
> 
> Exactly - so don't throw me with arguments I do not care at all. I say
> rpm should handle xattrs, nothing more.
> 

And I'm not disagreeing. How rpm should handle xattr's like
that capabilities you want is a whole different matter.

Attaching Yet Another per-file tag everywhere just to set
a capaibility for, say, ping and perhaps 100-300 other
files (there's often > 1M, try "rpm -qal | wc -l")
is a fairly expensive undertaking.

And its quite silly to have _EVERY_ file have an attached (and
usually empty/missing) capability when the right approach
is to run a short list of paths that *do* need a capability attached.

(the above is wrto what is implemented @rpm.org)

>> And none of the above precludes rpm from attaching xattr's where it makes sense.
>> This thread started -- not about secuirity -- but how to handle
>> *.pyo side effects.
> 
> I have no idea and I really do not care a bit. What I do know is that
> application level is less important than system level, and the latter
> requires xattrs in modern package management system.
> How do we use them THEN, it's another issue.
> 

Well if you don't care abt *.pyo side effects, you're in the wrong thread.

>> SO get rid of SUID.
> 
> I can't - rpm doesn't support xattrs (or it's so top secret you can't
> tell me how to do this).
> 

Bullshit: rpm.org supports capabilities, and I just outlined what @rpm5.org
is going to do. What PLD does with RPM is entirely up to PLD, rpm-4.5 has
no upgrade path, discussed at length repeatedly with both arekm and glenn.

>> What SUID has to do with "package management" of
>> *.pyo side-effects isn't clear.
> 
> Did I mention some pyo somewhere?
> 

You're in the wrong thread. It really doesn't matter what you mentioned.

>>> So how can I store these caps in rpm? Or force rpm not to overwrite
>>> these set by me in filesystem (manually or by other tool)?
>> 
>> How does rpm store data in an rpmdb? You look at the schema,
>> you create records conistent with the schema, and you write
>> tools to make that happen for other data.
> 
> Thanks, that really helps. You could just write 'create your own package
> manager'.
> 

What do you think python eggs and ruby gems are if not "packages"?

>> Reasoning from "RPM has a database" -> "All content MUST be delivered
>> in *.rpm packages" -> "I want to remove SUID's!" is rather muddled.
> 
> No. "RPM delivers content with SUIDs instead of ACLs/caps" -> "RPM
> should be fixed to handle xattrs".
> 

At this point, all I can say is
	Patches cheerfully accepted.
I personally can't justify adding Yet Another per-file tag, but
if that's what you want, I can/will add *exactly* what is at
rpm.org under a vendor-peculier #ifdef.

>> And this thread started (see Subject:) with
>> 
>> 	What should be done with python's Newer! Better! Bestest!
>> 	convention for storing compiled *.pyo files?
>> 
>> not anything else.
> 
> It started like this, I've added something else. That is how discussions
> work, subject doesn't have to be fixed as nobody has to stick the first mail
> only.
> 

What do you think about radiation leakage in JA? Does that concern you or not?

I kinda prefer Hillary over Obama: chicks in charge! Are there any females in
positions of power in Poland? I just heard about MAM in France, she's cool!

Yep, its all discussion, isn't it?


>> And all I wished to point out is the (rather flawed imho) reasoning
>> that led to putting *.pyo files into *.rpm packages so that
>> SELinux trolls could pretend to a solution based on security tags
>> instantiated in xattr's.
> 
> Maybe, don't know, don't care, won't argue.
> 

I've tried repeatedly to avoid argument:
	Patches cheerfully accepted.
if you want to remove SUID's and use capabilities instead.

hth

73 de Jeff
> -- 
> Tomasz Pala <gotar at pld-linux.org>
> _______________________________________________
> pld-devel-en mailing list
> pld-devel-en at lists.pld-linux.org
> http://lists.pld-linux.org/mailman/listinfo/pld-devel-en

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4645 bytes
Desc: not available
URL: </mailman/pipermail/pld-devel-en/attachments/20110409/327b6177/attachment.p7s>

More information about the pld-devel-en mailing list