On Wed, Mar 07, 2012 at 12:07:21PM +0100, Adrian Schröter wrote:
Am Mittwoch, 7. März 2012, 07:52:01 schrieb Helio Chissini de Castro:
Hello
On Wednesday 07 March 2012 09:43:08 Adrian Schröter wrote:
Am Dienstag, 6. März 2012, 08:17:27 schrieb Helio Chissini de Castro:
...
I'm open to opinions, ideas of how far we can go, improve the script and if maybe we can adapt this to upstream in future.
Having a first look, it seems you do not install VMINSTALL packages, but do install all packages in preinstall phase.
Fr the first test, i ignored VMINSTALL, since we're using only chroot based installs, but as soon this progress, of course VMINSTALL will be put in the lop. Is just i just not handled that yet
Also, are you sure that debootstrap is really never executing scripts during this phase ? I doubt that. But when it is executing scripts this approach is actually a security problem, because you can take over the worker. debootstrap is an old reliable tool in debian, andd is a single shell script that can easily been read. I understand your security concerns, but debootstrap puts everything inside chroot from doenloaded packages and then i return the control for init_buildsystem.
chroot is not enough to be secure.
What Adrian means that it's ok to use debootstrap *after* the preinstall phase, thus in the virtual machine. It mustn't be done outside the virtual machine for security reasons. Cheers, Michael. -- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Jeff Hawn, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org