Debian Bug report logs - #823945
apt: support for PAX extended header and Linux extended attributes

Reply or subscribe to this bug.

Display info messages

Message #5 received at [email protected] (full text, mbox, reply):

From: David Kalnischkies <[email protected]>

To: [email protected]

Subject: apt: support for PAX extended header and Linux extended attributes

Date: Tue, 10 May 2016 18:15:53 +0200

[Message part 1 (text/plain, inline)]

Package: apt
Version: 1.2.11
Severity: wishlist
Tags: patch
Control: submitter -1 [email protected]
X-Debbugs-CC: Stefan Berger <[email protected]>, [email protected]

(recording in the BTS for tracking, inline full-copy of
https://lists.debian.org/deity/2016/05/msg00034.html follows,
comments after that)

On Tue, May 10, 2016 at 09:52:18AM -0400, Stefan Berger wrote:
> The following patch adds support for the tar pax extended header to the tar
> parser so that tar files with pax extended headers containing Linux extended
> attributes can be processed by apt. Essentially the pax extended header
> contains key value pairs that describe file attributes. More information
> about the format can be found here:
> 
> http://pubs.opengroup.org/onlinepubs/009695299/utilities/pax.html#tag_04_100_13_03
> 
> We are particularly interested in the security.ima extended attribute,
> which, if available, contains a signature for the following file in the tar
> and which we then write as a Linux extended attribute into the filesystem.
> 
> We are adding this type of support also to libarchive so that reprepro can
> process Debian packages with pax extended headers. Further, we are extending
> dpkg with pax extended header processing support as well.
> 
> Regards,
>     Stefan
> 
> 
> Stefan Berger (1):
>   Implement support for PAX Extended Header
> 
>  apt-inst/contrib/extracttar.cc | 170 ++++++++++++++++++++++++++++++++++++++++-
>  apt-inst/contrib/extracttar.h  |  39 +++++++++-
>  2 files changed, 207 insertions(+), 2 deletions(-)

Hi,

the patch looks about right – some things I would write differently,
namely taking advantage of c++11 and such and cppcheck has some
suggestions (which are basically "complains" about the used c89 style),
too, but nothing major which would prevent me from applying it [after
this casual look]. (A testcase would be nice through). Thanks a lot!


I would very much prefer support to land in dpkg before applying it in
apt through as our tar extraction is 'just' there for apt-ftparchive and
apt-extracttemplates, so not used 'much' (so I have less qualms about
applying 'any' 'random' patch to it – all relative of course as this is
still code run on most Debian systems, but not as critical as other
parts) while extraction is a bread-and-butter thing for dpkg and gets
hence a much better look from someone who actually works with tar much.

So: please go ahead with extending dpkg – apt will follow suit then!


Best regards

David Kalnischkies

[0001-Implement-support-for-PAX-Extended-Header.patch (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.