On Mon, Aug 31, 2020 at 02:44:12PM +0000, Holger Levsen wrote: > On Thu, Aug 27, 2020 at 04:25:56PM +0200, Guillem Jover wrote: > > I think ideally > > this would be using a system pathname and be part of a package that gets > > then listed in the .buildinfo files. > > I cannot comment on this except to say that I'd wish for some more pragmatism > :(
It's not something that I run myself, but I believe https://tracker.debian.org/pkg/policy-rcd-declarative is a good solution to this: install that package, then instead of dropping that file into /usr/local/sbin/policy-rc.d, do echo ".* .* deny" > /etc/service-policy.d/00-buildd-deny-all That turns a non-dpkg tracked binary into a non-dpkg tracked conffile, which I suppose it's a good compromise. Improvement would be to ship that single conffile in a separate package (which, IMHO, src:policy-rcd-declarative could do, i.e. provide a "policy-rcd-declarative-deny-all" binary; or do fancy things with a debconf option sbuild-craetechroot could inject but that would be too dirty for me). -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. More about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature