Re: [Bastille-linux-discuss] Re: 2.0.0 prerelease
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
From: Sweth C. <bas...@as...> - 2002-06-21 17:45:51
|
On Fri, Jun 21, 2002 at 10:23:00AM -0700, Jay Beale wrote: > Anyway, packaging TK in this way would be hell. The sucker's big. Not hell technically, just in terms of bandwidth. So we put up big flashing <blink>-tagged warnings that it's large. Most people won't need to download the full version; for the ones who do, they won't be using up any more bandwidth than they would downloading Bastille and one of the Tk modules. > So, do we build our own library RPM's from CPAN. No. We simply include a script in the installer for the "full" version that drops an unpackaged copy of Tk _et al_ into our Bastille-specific module directory. > Errr.... Somebody else want to weigh in here? > > What about package conflicts with their current versions. I mean, we'll > have to make sure that our local copies are referenced first in their > @INC path. But this whole discussion is mostly because we wanted to > stop mucking with @INC, right? No. What we wanted to do was not muck with @INC all over the place, and manually to boot. What do you think that the "use lib" pragma does? It basically just does an unshift of the directory in question onto the beginning of @INC. That's it's entire purpose in life--to be an easy way to specify a directory that contains known-good modules that should be used in preference to existing system copies. We "use lib $install_root/lib", and if the person has installed the full version, then they use our known-good Tk module in preference of any on the system; otherwise, it's assumed that they have Tk properly installed, and if they don't, the bastille wrapper script should tell them that it couldn't be found, give them some tips on setting @INC if they think that it _is_ installed, and point them to the full version if they just want to play it safe. Heck, we could make it even easier by also publishing a separate wrapper for just the Tk portion of the full version of Bastille, which would be run from the top of $install_root and which would drop Tk into the $install_root/lib directory; that way, if someone has already tried the light version and had it hork on them, they just download the Tk add-on, cd into $install_root, run the Tk installer, and they're good to go. > Ummmm, what directory would be better than /usr/lib? > > Do you think we should move to /usr/local for Bastille stuff? It's irrelevant what "we" do, because each sysadmin will have their own convention. We need to be flexible. (On any of my boxes, though, Bastille is always hacked to go into /usr/local/share/bastille or /opt/bastille before installation.) > Note that if we do, we have to make sure to add our /usr/local/sbin to > root's PATH. Why? -- Sweth. -- Sweth Chandramouli Idiopathic Systems Consulting sv...@id... http://www.idiopathic.net/ |