[csw-maintainers] package hooks (update)

Ben Walton bwalton at opencsw.org
Fri Jul 3 02:43:36 CEST 2009 

Excerpts from Philip Brown's message of Thu Jul 02 18:04:45 -0400 2009:

> Dont depend on files that are living raw in /var/tmp.
> It's a security hole.

Yes, I thought of this on the train ride home.

> I dont think you should be using files to pass around arguments at
> all.  particularly something as trivial as "a list of affected
> packages".  I think you shoudl have the list of packages, just be
> passed as the argument list.

Ok.  I was thinking along the lines of overflowing ARG_MAX, but upon
inspection Solaris (32/64 bit -> 1048320/2096640) uses a huge value
compared to Linux (131072).  This is no longer a concern for me.

I do wonder though whether passing all packages as arguments is the
way to go.  If it was decided to add more information later (version
numbers or something), using the argument list would be more limiting
than a file-based approach.  Would passing lines on stdin be a better
method?

The spec could define: each line of stdin should be word split on
whitespace (to match the catalog delimitter).  The first word is the
package being acted on.  Hook scripts should ignore anything beyond
the first word.

This would be more flexible in terms of future expansion.  The same
could be done with command line arguments, but I think stdin works
better for this.

[No changes to the doc have been made in this area yet.]

> Additional comment:
> you need to explicitly define behaviour of install vs update.
> that is to say, you need to specify whether update hooks will be called
> IN ADDITION TO, or INSTEAD OF, install and/or remove hooks.

<snip>
Proposed Per-package Hooks:

install

This hook should bracket any action that will involve a pkgadd without
a preceeding pkgrm.

update

This hook should bracket any action that will involve a pkgrm followed
immediately by a pkgadd for the same package.
</snip>

That's the existing text (with s/update/upgrade/).  Not clear enough?
I understand what you're asking, but in my mind those definitions are
clear.  If I'm adding a package that doesn't exist (pkgadd without a
preceeding pkgrm), the install hook gets called.  If I'm adding a
package and I already have a current version (meaning I do pkgrm then
pkgadd), I do update (which I've renamed upgrade, since I feel that's
a better term than update).

There is no distinction between batchinstall or batchupgrade if that's
what you were asking.  We could note the difference by adding a
batchupgrade hook if you think that's worthwhile.  I'm not sure it is,
but it wouldn't necessarily hurt either.

> hay waitaminute, you dont have remove hooks.

> well actually you mention them in one section, but not in another section.
> Missing from the "Proposed Per-package Hooks" section

See purge (per-package) and batchremove (batch).  I used purge since
that's the term Dago proposed in his mail the other day.  Now that
remove has become batchremove, purge could be remove...Actually, I've
now made this change, since I think it is better language.  [I had
also incorrectly listed pre/post remove instead of pre/post purge in
one section, so that may be part of this problem/comment.]

Getting closer...

Thanks
-Ben
-- 
Ben Walton
Systems Programmer - CHASS
University of Toronto
C:416.407.5610 | W:416.978.4302

GPG Key Id: 8E89F6D2; Key Server: pgp.mit.edu
Contact me to arrange for a CAcert assurance meeting.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.opencsw.org/pipermail/maintainers/attachments/20090702/2c23d734/attachment-0002.asc>

More information about the maintainers mailing list