On 30/04/12 11:47, Michał Górny wrote: > On Mon, 30 Apr 2012 11:40:26 +0200 > Krzysztof Pawlik <nelch...@gentoo.org> wrote: > >> On 30/04/12 11:30, Michał Górny wrote: >>> On Mon, 30 Apr 2012 10:24:58 +0200 >>> Krzysztof Pawlik <nelch...@gentoo.org> wrote: >>> >>>> On 30/04/12 08:57, Michał Górny wrote: >>>>> Hello, >>>>> >>>>> Since lately Gentoo devs force you to replace collision-protect >>>>> with protect-owned [1] and sometimes packages just spit out files >>>>> randomly on the filesystem due to random errors, I thought it may >>>>> be a good idea to provide a new feature limiting the locations >>>>> where packages can install. >>>> >>>> You're not forced to do anything. >>> >>> I am not? How come random ebuilds die in pkg_pretend() for me then? >>> >>>> >>>>> In order to do that, we should first compose a complete >>>>> include/exclude list where packages can install. I'd suggest the >>>>> following: >>>>> >>>>> + /bin >>>>> + /boot (but maybe just subdirectories so packages can't overwrite >>>>> kernels?) >>>>> [potentially + /dev? but that's useful only when tmpfs isn't >>>>> mounted] >>>>> + /etc >>>>> + /lib, /lib32, /lib64 >>>>> + /opt >>>>> + /sbin >>>>> [potentially + /service for ugly daemontools] >>>>> + /usr >>>>> + /var >>>>> - /usr/local >>>>> - /usr/portage >>>>> >>>>> What are your thoughts on this? >>>>> >>>>> [1]:https://bugs.gentoo.org/show_bug.cgi?id=410691#c4 >>>> >>>> I think it's feature creep - you can just set >>>> INSTALL_MASK="/usr/local /usr/portage", no need for new features. >>>> >>>> PS. I (and few other folks) don't have /usr/portage. >>> >>> INSTALL_MASK won't make committing such an ebuild a fatal error. It >>> will just hide problems. >> >> How would your proposed feature prevent ebuilds that install >> something to /usr/local from being committed? > > If we enable this by default, devs will get errors for that.
Could it be added instead to repoman? I'm testing all ebuilds before committing
like this:
$ ebuild xhtml2pdf-0.0.3.ebuild manifest clean install
repoman could look at build.log or ${D} and warn if it can't do those checks.
>> Other valid case are private repos - I have a few ebuilds that
>> install stuff to /<some_random_dir> (proprietary stuff).
>
> Feel free to disable it. That's what FEATURES are for.
Yes, I could.
--
Krzysztof Pawlik <nelchael at gentoo.org> key id: 0xF6A80E46
desktop-misc, java, vim, kernel, python, apache...
signature.asc
Description: OpenPGP digital signature
