This one time, at band camp, Matt Zimmerman said: > On Thu, Nov 06, 2003 at 06:31:44PM -0500, Stephen Gran wrote: > > > > On Thu, Nov 06, 2003 at 04:46:39PM -0500, Stephen Gran wrote: But, > > > I don't see why you should need to hook into apt at all in order > > > to do what you want. If the files you change are conffiles, your > > > changes should be preserved, and if they aren't conffiles, you can > > > divert them. > > > > Many of the files we're shipping modify files that may or may not be > > on the system - for instance, we might not ship a box with ftp or > > dhcp daemons installed, but only later get requests for them. If I > > can make this hook into apt, it will automagically apply the patches > > to the conffiles, add the extra logcheck ignore lines, and set up > > firewall rules for us. Writing the script that does the actual work > > is easy - hooking into apt is the hard part (at least for me) so > > that's why I asked. > > > > Thanks for your suggestion - it looks like a good starting point. > > I would split up your package into packages which represent the > different pieces of software that they are modifying (and have them > depend on what they need to work) rather than doing the work > conditionally.
That is a possibility, but as there's generally not more than a half dozen files per real package, it seems like needless package clutter. Will think about it. > logcheck seems like a bad example. For logcheck, you only need to > supply a file with patterns in it; this makes no difference whether a > package is installed or not. logcheck is, it's true, largely irrelevant - I like the idea more than I care about the overhead. > Likewise, adding firewall rules happens at boot time or when a network > interface is brought up, not when a package is installed by apt. iptables at least is more dynamic than that - you can add and delete rules on the fly. If we install a new network service, we want it open (at least initially, maybe permanently) to only a few addresses. So the firewall scripts open up that port for those addresses. I'm not trying to do a vast amount of work here - but if I can do something once that will save me repetition, it's worth it to me. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
pgps48jsnwdRw.pgp
Description: PGP signature
