Date: Thu, 15 Oct 2020 04:43:46 -0400 From: George Saylor <george.saylor@hardenedbsd.org> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: Baptiste Daroussin <bapt@freebsd.org>, pkg@freebsd.org, HardenedBSD Developers <dev@hardenedbsd.org> Subject: Re: Filesystem extended attributes support Message-ID: <CAJywZcCTgzqxcw0=6zBPzEUw-O1bHkDXW=kPCROtn3jPdvoMgQ@mail.gmail.com> In-Reply-To: <CAExMvsn2UzSN_wLCdHBSOQ15cWDPP6BXBybTw=b=wYyCVyPb-w@mail.gmail.com> References: <20200704141345.xwdf2ckxak2hfpkh@mutt-hbsd> <20200704201100.lkcde42gtlgspwpr@ivaldir.net> <CAExMvsn2UzSN_wLCdHBSOQ15cWDPP6BXBybTw=b=wYyCVyPb-w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
That is great news all. On Wed, Oct 14, 2020, 2:55 PM Shawn Webb <shawn.webb@hardenedbsd.org> wrote: > On Sat, Jul 4, 2020 at 8:11 PM Baptiste Daroussin <bapt@freebsd.org> > wrote: > > > On Sat, Jul 04, 2020 at 10:13:45AM -0400, Shawn Webb wrote: > > > Hey FreeBSD pkg(8) developers, > > > > > > Attached is a patch that implements filesystem extended attributes > > > support. Only the system namespace is supported. In case the patch > > > gets scrubbed from this email, I've posted it here: > > > https://gist.github.com/d0b4653bc5942dbcdcd1db877d37c2dc > > > > > > Anyone who wants to write unit tests is welcomed to do so. > > > > > > This patch to pkg does depend on a separate patch to libarchive: > > > https://github.com/libarchive/libarchive/pull/1409 > > > > > > HardenedBSD has a separate patch to tmpfs that enables incredibly > > > basic extended attribute support. The tmpfs patch is only needed for > > > those who use tmpfs with poudriere. > > > > > > And finally, another patch to the jails subsystem that allows a > > > privileged user within a jail to set system namespace filesystem > > > extended attributes (disabled by default) is needed for poudriere > > > users. > > > > > > The patch to tmpfs and jails is not included here as they are > > > tangential. > > > > Thank you for the patch at quick glance it looks fine to me. I would have > > obviously to wait for libarchive to merge the patch first to be able to > > test it > > and do a proper review at the time. > > > > Don't hesitate to ping me again if you see no progress with libarchive > has > > merged the said patch. > > > > I would have to rework it a bit probably: > > - Add a configure detection of the fact libarchive does or not have the > > necessary support > > - Add regression tests to ensure I don't break this in the future. > > - Maybe add an option to enable/disable it via pkg.conf (not sure yet > about > > that ;)) > > Following up: libarchive merged in the patch. > > https://github.com/libarchive/libarchive/pull/1409 > > Thanks, > > Shawn Webb > Cofounder / Security Engineer > HardenedBSD > > GPG Key ID: 0xFF2E67A277F8E1FA > GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 > > https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc > a > > On Sat, Jul 4, 2020 at 8:11 PM Baptiste Daroussin <bapt@freebsd.org> > wrote: > >> On Sat, Jul 04, 2020 at 10:13:45AM -0400, Shawn Webb wrote: >> > Hey FreeBSD pkg(8) developers, >> > >> > Attached is a patch that implements filesystem extended attributes >> > support. Only the system namespace is supported. In case the patch >> > gets scrubbed from this email, I've posted it here: >> > https://gist.github.com/d0b4653bc5942dbcdcd1db877d37c2dc >> > >> > Anyone who wants to write unit tests is welcomed to do so. >> > >> > This patch to pkg does depend on a separate patch to libarchive: >> > https://github.com/libarchive/libarchive/pull/1409 >> > >> > HardenedBSD has a separate patch to tmpfs that enables incredibly >> > basic extended attribute support. The tmpfs patch is only needed for >> > those who use tmpfs with poudriere. >> > >> > And finally, another patch to the jails subsystem that allows a >> > privileged user within a jail to set system namespace filesystem >> > extended attributes (disabled by default) is needed for poudriere >> > users. >> > >> > The patch to tmpfs and jails is not included here as they are >> > tangential. >> >> Thank you for the patch at quick glance it looks fine to me. I would have >> obviously to wait for libarchive to merge the patch first to be able to >> test it >> and do a proper review at the time. >> >> Don't hesitate to ping me again if you see no progress with libarchive has >> merged the said patch. >> >> I would have to rework it a bit probably: >> - Add a configure detection of the fact libarchive does or not have the >> ?? necessary support >> - Add regression tests to ensure I don't break this in the future. >> - Maybe add an option to enable/disable it via pkg.conf (not sure yet >> about >> that ;)) >> >> Best regards, >> Bapt >> >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJywZcCTgzqxcw0=6zBPzEUw-O1bHkDXW=kPCROtn3jPdvoMgQ>