On Mon, Apr 28, 2014 at 05:15:59PM +0000, Colin Walters wrote: > On Mon, Apr 28, 2014 at 12:45 PM, Tomasz Torcz > <tomek@xxxxxxxxxxxxxx> wrote: > > > > Risking being totally offtopic, but would TCB solve all most of > >this issues? > >www.openwall.com/tcb/ or > >http://www.openwall.com/presentations/Owl/mgp00020.html > > It helps a little, but the problem here is not exactly about the > underlying data format, but more about the merge/upgrade logic, > which TCB by itself doesn't quite solve. > > We would still need logic somewhere (likely ostree), like today how > it lives in RPM %post scripts to check whether users exist, and if > not create them. The binding between that logic and how the files > get created on disk is the hard problem. I think it would be better if we could declaratively say which user accounts an RPM needs, and RPM can add or remove users from the system based on this. eg. Apache httpd.spec would contain just: %user apache %group apache (This applies to many other current uses of %post, such as enabling services or running ldconfig.) Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
