On Wed, Aug 13, 2008 at 09:12:01AM +0200, Aniruddha wrote:
On Tue, 2008-08-12 at 20:25 -0400, Joey Hess wrote:
martin f krafft wrote:
If these examples didn't make sense to someone, don't install third party
packages from untrusted sources, no matter how much checking you do..
I'm not
On Wed, Aug 13, 2008 at 09:08:07AM +0200, Aniruddha wrote:
On Tue, 2008-08-12 at 20:44 -0300, martin f krafft wrote:
also sprach Aniruddha [EMAIL PROTECTED] [2008.08.12.2023 -0300]:
If I understand your correctly I can install deb from any 3rd party
provider without fear of b0rking my
On Tue, 2008-08-12 at 20:44 -0300, martin f krafft wrote:
also sprach Aniruddha [EMAIL PROTECTED] [2008.08.12.2023 -0300]:
If I understand your correctly I can install deb from any 3rd party
provider without fear of b0rking my system. If this is true I don't
understand why you warn
On Tue, 2008-08-12 at 20:25 -0400, Joey Hess wrote:
martin f krafft wrote:
If these examples didn't make sense to someone, don't install third party
packages from untrusted sources, no matter how much checking you do..
I'm not worried about purposeful malicious intent (otherwise I would
just
On Wed, Aug 13, 2008 at 09:12:01AM +0200, Aniruddha wrote:
On Tue, 2008-08-12 at 20:25 -0400, Joey Hess wrote:
martin f krafft wrote:
If these examples didn't make sense to someone, don't install third party
packages from untrusted sources, no matter how much checking you do..
I'm not
On Wed, Aug 13, 2008 at 09:12:01AM +0200, Aniruddha wrote:
I'm not worried about purposeful malicious intent (otherwise I would
just use a chroot). I want to prevent an accidentally badly build deb
from wrecking my system.
Seiously, this is going 'round-and'round. The true answer was
On Wed, 2008-08-13 at 23:50 +0900, Osamu Aoki wrote:
PS: Please remember that installing package created by someone is giving
packager a full root authority of your machine.
Thanks for the tips and for helping me to remind the dangers ^^ .
--
Regards,
Aniruddha
--
To UNSUBSCRIBE,
On Wed, 2008-08-13 at 12:01 -0400, Steve C. Lamb wrote:
On Wed, Aug 13, 2008 at 09:12:01AM +0200, Aniruddha wrote:
I'm not worried about purposeful malicious intent (otherwise I would
just use a chroot). I want to prevent an accidentally badly build deb
from wrecking my system.
On Wed, 2008-08-13 at 09:08 +0200, Aniruddha wrote:
Thanks, I'm beginning to understand now. To make it more concrete I've
written down what I think is the correct procedure to check deb files:
1) Run 'dpkg-deb -e *.deb' and read postinst, postrm, preinst, prerm to
check if it contains the
the contents of the deb with deb-view prior to installing
2 And/or install the 3rd party deb in a Debian chroot
I wonder, are there more solutions? (I would love to be able to install
a deb as a local user). What about my solutions? Will they work? What is
the best way to manage 3rd party debs? Thanks
On Tue, Aug 12, 2008 at 06:46:51PM +0200, Aniruddha wrote:
They can overwrite existing (core) system files and possibly cause other
harm.
No, they can't. Not without your expressed consent...
[EMAIL PROTECTED]:~} dpkg --force-help
dpkg forcing options - control behaviour when problems
On Tue, 2008-08-12 at 12:52 -0400, Steve C. Lamb wrote:
On Tue, Aug 12, 2008 at 06:46:51PM +0200, Aniruddha wrote:
They can overwrite existing (core) system files and possibly cause other
harm.
No, they can't. Not without your expressed consent...
[EMAIL PROTECTED]:~} dpkg
On Tue, 12 Aug 2008 12:52:07 -0400, Steve C. Lamb [EMAIL PROTECTED] said:
On Tue, Aug 12, 2008 at 06:46:51PM +0200, Aniruddha wrote:
They can overwrite existing (core) system files and possibly cause
other harm.
No, they can't. Not without your expressed consent...
[...]
They can't, if
On Tue, 2008-08-12 at 14:41 -0400, Hubert Chathi wrote:
No, they can't. Not without your expressed consent...
[...]
They can't, if they just use the normal Debian archive contents.
However, packages can do all sorts of things via installation scripts.
Then again, the package could
Aniruddha wrote:
On Tue, 2008-08-12 at 14:41 -0400, Hubert Chathi wrote:
No, they can't. Not without your expressed consent...
[...]
They can't, if they just use the normal Debian archive contents.
However, packages can do all sorts of things via installation scripts.
Then again, the
On Tue, 2008-08-12 at 22:49 +0300, Eugene V. Lyubimkin wrote:
If 3rd party deb doesn't contain 'Replaces' field, dpkg will refuse any try
to break any
file owned by existing packages.
That sounds good, but what about a deb created by checkinstall?
According to Martin Krafft this can still
Aniruddha wrote:
On Tue, 2008-08-12 at 22:49 +0300, Eugene V. Lyubimkin wrote:
If 3rd party deb doesn't contain 'Replaces' field, dpkg will refuse any try
to break any
file owned by existing packages.
That sounds good, but what about a deb created by checkinstall?
According to Martin
also sprach Aniruddha [EMAIL PROTECTED] [2008.08.12.1742 -0300]:
On Tue, 2008-08-12 at 22:49 +0300, Eugene V. Lyubimkin wrote:
If 3rd party deb doesn't contain 'Replaces' field, dpkg will
refuse any try to break any file owned by existing packages.
That sounds good, but what about a deb
On Tue, 2008-08-12 at 18:04 -0300, martin f krafft wrote:
If a checkinstall created package somehow modifies a file (like
/etc/passwd) during the installation, then that file will be removed
when the package is deinstalled. I think that was the only real
problem with checkinstall.
If you
also sprach Aniruddha [EMAIL PROTECTED] [2008.08.12.1931 -0300]:
If you don't mind I quote from your own book ^^
checkinstall is limited in what it can do. To be precise, the
packages it creates can only install files, and checkinstall
does not care where it installs them. You can
On Tue, 2008-08-12 at 19:39 -0300, martin f krafft wrote:
also sprach Aniruddha [EMAIL PROTECTED] [2008.08.12.1931 -0300]:
If you don't mind I quote from your own book ^^
checkinstall is limited in what it can do. To be precise, the
packages it creates can only install files, and
also sprach Aniruddha [EMAIL PROTECTED] [2008.08.12.1958 -0300]:
I don't know how the debs are packaged, for all I know they can
wreck my system. Or are are there safety features in place that
prevents that from happening?
dpkg will prevent them from overwriting files by other packages.
I
On Tue, 2008-08-12 at 20:05 -0300, martin f krafft wrote:
also sprach Aniruddha [EMAIL PROTECTED] [2008.08.12.1958 -0300]:
I don't know how the debs are packaged, for all I know they can
wreck my system. Or are are there safety features in place that
prevents that from happening?
dpkg
also sprach Aniruddha [EMAIL PROTECTED] [2008.08.12.2023 -0300]:
If I understand your correctly I can install deb from any 3rd party provider
without fear of b0rking my system. If this is true I don't understand why you
warn
against checkinstall.
checkinstall is used to create deb files
On 08/12/2008 03:42 PM, Aniruddha wrote:
On Tue, 2008-08-12 at 22:49 +0300, Eugene V. Lyubimkin wrote:
If 3rd party deb doesn't contain 'Replaces' field, dpkg will refuse any try to
break any
file owned by existing packages.
That sounds good, but what about a deb created by checkinstall?
martin f krafft wrote:
If you install a third party deb, you should inspect its contents
exactly to make sure it doesn't touch files in /etc. Also check the
hooks. If there are no problems, then it's probably safe.
Did you know that dpkg will not install /var/lib/dpkg/info/* if it's in
the
26 matches
Mail list logo