[arch-general] [pacman-dev] Privilege separation in the pacman downloader (Was: Pacman Database Signatures)

Eli Schwartz eschwartz at archlinux.org
Fri Feb 7 01:14:58 UTC 2020


On 2/4/20 11:08 PM, Eli Schwartz wrote:
> Since I'm unfamiliar with apt and other tools, what exactly do they do?
> Given pacman/apt/your-choice-of-package-manager must somehow write to a
> cachedir, e.g. /var/cache/pacman/pkg, it would need a dedicated download
> user, which would then exclusively hold ownership of the cachedir.
> 
> pacman is one big binary at the moment, it doesn't fork+exec to run
> collections of binaries implementing different parts of the package
> manager (which is actually a plus when it comes to speed), so this might
> entail major re-architecturing of that part of pacman. Doing it for
> external XferCommand programs could be a start.
> 
> Is this a topic you're interested in exploring?

I've opened a feature request for this:
https://bugs.archlinux.org/task/65401

-- 
Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20200206/284cbf1d/attachment.sig>


More information about the arch-general mailing list