python3.2+ compiled files

Tomasz Pala gotar at polanet.pl
Sun Apr 10 01:38:55 CEST 2011


On Sat, Apr 09, 2011 at 19:05:33 -0400, Jeff Johnson wrote:

> FOr a distro containing >1M files, empty string tags require (at least) '\0'.
> 
> But ~1Mb (for a 1M file distro) additional info is moderately significant. Go look at
> 	ls -al /var/lib/rpm/Packages
> run
> 	rpm -qal | wc -l
> and then add that number of bytes for an empty tag.

It's 0.3% in my case.

> Then also add that to download times,

You must be kidding - downloading 1 MB more considering entire distro is
nothing.

> and space on RO media.
>
> Already all strings are saved in rpmdb indices without trailing '\0'
> in order to save several megabytes of space.

Looking for a real savings?

~:  grep install_langs /etc/rpm/*
/etc/rpm/macros:%_install_langs pl_PL
~:  LANG=pt_BR rpm -qi alsa-lib
Bibliotecas para o ALSA. Esse pacote é necessário para rodar programas
Linux queusam o driver de som ALSA.

It would be sufficient to have some rpmdb postprocessing tools to remove
descriptions or changelogs from database, especially for RO medias where
no rollbacks would ever be required.

>> There are patches - in rpm.org as you know.
> 
> I'm well aware of what is @rpm.org even if you are not.

Maybe I'm not - how does it even matter?

> You claimed that rpm was preventing you from remoing SUID.

Yeah - %caps() was added in 4.6 and we got 4.5 here in PLD.

> I'm also aware that Fedora tried removing SUID, and has packaged
> with capabilities. *shrug*

Are you aware that SUID (and superuser at all) could be disabled on
destination host? Thus it's not required to actually remove this bit in
package, The Point is to supply proper xattrs and leave user a choice.

> There's lots of ways to run a command against 100-300 files to
> add capabilities "securely", without raciness, and without
> getting "package management" involved.

Assuming this "way" can undo transaction (full rollback) in context of
privilidged process. How to setcap setcap binary after upgrade?

> SInce you are adding a capabity,
> it just means that the file will be installed in unprivlieged
> capabilty-free mode until the capability is added, just like SUID's.

Unless one wokes up with no privilidged apps in system.

> And ultimately, neither @rpm5.org or @rpm.org code is in use by PLD,
> so it matters about as muct as radiation damage and chicks in charge
> discussions.

Eventually one of these will be used, but I doubt PLD is used in nuclear
installations or by chicks in charge.

-- 
Tomasz Pala <gotar at pld-linux.org>


More information about the pld-devel-en mailing list