Bug #10659

Wrap executables in a cleaner, safer and more consistent manner

Added by anonym 2015-11-24 05:48:21 . Updated 2015-11-24 06:06:51 .

Status:
Confirmed
Priority:
Normal
Assignee:
anonym
Category:
Target version:
Start date:
2015-11-24
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

When wrapping executables (for various reasons, e.g. torsocksifying them) we do various stuff like:

  • patch .application files’ Exec field
  • put wrappers for e.g. /usr/bin/$X in /usr/local/bin/$X and rely on the wrapped one being picked due to the $PATH ordering
  • dpkg-divert to .orig in the same path

and similar. Wouldn’t a cleaner way be to:

For executable with path $EXE (e.g. /usr/bin/pidgin), dpkg-divert it to /usr/local/lib/wrapped/$EXE (e.g. /usr/local/lib/wrapped/usr/bin/pidgin), and then put the wrapper in $EXE. Then we have these improvements/advantages:

  • a standard, consistent way of doing this! Less surprises!
  • we don’t rely on something as brittle as $PATH ordering
  • in fact, the $PATH situation is identical as if we didn’t wrap (and the wrapped executable is not in it)
  • no need to touch .application files

Subtasks

History

#1 Updated by anonym 2015-11-24 05:49:07

  • Assignee changed from anonym to intrigeri
  • QA Check set to Info Needed

From the top of your head, how much AppArmor-related trouble (or improvements!) would this approach imply?

#2 Updated by intrigeri 2015-11-24 06:06:51

  • Assignee changed from intrigeri to anonym
  • QA Check changed from Info Needed to Dev Needed

> From the top of your head, how much AppArmor-related trouble (or improvements!) would this approach imply?

I don’t remember, please test.