Bug #10659
Wrap executables in a cleaner, safer and more consistent manner
Start date:
2015-11-24
Due date:
% Done:
0%
Description
When wrapping executables (for various reasons, e.g. torsocks
ifying them) we do various stuff like:
- patch
.application
files’Exec
field - put wrappers for e.g.
/usr/bin/$X
in/usr/local/bin/$X
and rely on the wrapped one being picked due to the$PATH
ordering dpkg-divert
to.orig
in the same path
and similar. Wouldn’t a cleaner way be to:
For executable with path $EXE
(e.g. /usr/bin/pidgin
), dpkg-divert
it to /usr/local/lib/wrapped/$EXE
(e.g. /usr/local/lib/wrapped/usr/bin/pidgin
), and then put the wrapper in $EXE
. Then we have these improvements/advantages:
- a standard, consistent way of doing this! Less surprises!
- we don’t rely on something as brittle as
$PATH
ordering - in fact, the
$PATH
situation is identical as if we didn’t wrap (and the wrapped executable is not in it) - no need to touch
.application
files
Subtasks
History
#1 Updated by anonym 2015-11-24 05:49:07
- Assignee changed from anonym to intrigeri
- QA Check set to Info Needed
From the top of your head, how much AppArmor-related trouble (or improvements!) would this approach imply?
#2 Updated by intrigeri 2015-11-24 06:06:51
- Assignee changed from intrigeri to anonym
- QA Check changed from Info Needed to Dev Needed
> From the top of your head, how much AppArmor-related trouble (or improvements!) would this approach imply?
I don’t remember, please test.