In article <[EMAIL PROTECTED]>,
Jordan Hubbard <[EMAIL PROTECTED]> wrote:
> > I think that we can do a lot with cvsupd. I've used cvsupd to grab
> > binaries on an experimental basis and it seems to work great. I've
>
> Hmmm. Does cvsupd also move a target out of the way if it already
> exists and it's in the process of replacing it? What if the target is
> chflag'd but can be unprotected at the current security level?
>
> What I'm trying to say is that if you have "/sbin/init" and cvsupd is
> about to replace it, I would expect the steps to be something like
> this:
>
> Receive new init as /sbin/init.${pid} (or something)
> |
> |<--------------------------------------------+
> | Yes |Yes
> \/ No | No
> Mv /sbin/init.${pid} /sbin/init --> chflags noschg /sbin/init --> Fail
> |
> | Yes
> \/
> Done
>
> If cvsupd does that or can be gimmicked to do that (add
> --potentially-hose-me flag? ;) then I'd say it's a serious
> contender for being part of a binary update process.
Hmmm ... how can we find out what CVSup does? ... Hmmmm ... :-)
It does exactly what you say you want it to do. The sequence goes
something like this:
- receive new file into a temp file
- verify its MD5 signature
- clear the flags of the target file to 0
- atomically rename() the temp file to the target name
- set the flags of the target to whatever they are supposed to be
John
--
John Polstra [EMAIL PROTECTED]
John D. Polstra & Co., Inc. Seattle, Washington USA
"Disappointment is a good sign of basic intelligence." -- Chögyam Trungpa
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
