Package: apt
Version: 1.2.11
Severity: wishlist
Tags: patch
Control: submitter -1 [email protected]
X-Debbugs-CC: Stefan Berger <[email protected]>, [email protected]
(recording in the BTS for tracking, inline full-copy of
https://lists.debian.org/deity/2016/05/msg00034.html follows,
comments after that)
On Tue, May 10, 2016 at 09:52:18AM -0400, Stefan Berger wrote:
> The following patch adds support for the tar pax extended header to the tar
> parser so that tar files with pax extended headers containing Linux extended
> attributes can be processed by apt. Essentially the pax extended header
> contains key value pairs that describe file attributes. More information
> about the format can be found here:
>
> http://pubs.opengroup.org/onlinepubs/009695299/utilities/pax.html#tag_04_100_13_03
>
> We are particularly interested in the security.ima extended attribute,
> which, if available, contains a signature for the following file in the tar
> and which we then write as a Linux extended attribute into the filesystem.
>
> We are adding this type of support also to libarchive so that reprepro can
> process Debian packages with pax extended headers. Further, we are extending
> dpkg with pax extended header processing support as well.
>
> Regards,
> Stefan
>
>
> Stefan Berger (1):
> Implement support for PAX Extended Header
>
> apt-inst/contrib/extracttar.cc | 170 ++++++++++++++++++++++++++++++++++++++++-
> apt-inst/contrib/extracttar.h | 39 +++++++++-
> 2 files changed, 207 insertions(+), 2 deletions(-)
Hi,
the patch looks about right – some things I would write differently,
namely taking advantage of c++11 and such and cppcheck has some
suggestions (which are basically "complains" about the used c89 style),
too, but nothing major which would prevent me from applying it [after
this casual look]. (A testcase would be nice through). Thanks a lot!
I would very much prefer support to land in dpkg before applying it in
apt through as our tar extraction is 'just' there for apt-ftparchive and
apt-extracttemplates, so not used 'much' (so I have less qualms about
applying 'any' 'random' patch to it – all relative of course as this is
still code run on most Debian systems, but not as critical as other
parts) while extraction is a bread-and-butter thing for dpkg and gets
hence a much better look from someone who actually works with tar much.
So: please go ahead with extending dpkg – apt will follow suit then!
Best regards
David Kalnischkies