New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create and install dependency manifests #230

Closed
wants to merge 2 commits into
base: master
from

Conversation

Projects
None yet
2 participants
@jpakkane
Member

jpakkane commented Aug 17, 2015

A common problem when embedding sources is that you can't tell for any given executable what libraries it has. It might have an insecure version of OpenSSL, for example. This MR adds a dependency manifest, which lists each internally used dependency and its version. With this information it is easy to find executables that have unsafe dependencies and prevent them from running.

The format of the file is not final, more of a suggestion to get the ball rolling.

@ignatenkobrain

This comment has been minimized.

Show comment
Hide comment
@ignatenkobrain

ignatenkobrain Aug 17, 2015

Member

Why we really want to instal json to the system?

Member

ignatenkobrain commented Aug 17, 2015

Why we really want to instal json to the system?

@jpakkane

This comment has been minimized.

Show comment
Hide comment
@jpakkane

jpakkane Aug 17, 2015

Member

For distro packaging we wouldn't. That's why they are not installed by default.

This is for xdg-app applications and the like that embed their dependencies. This allows a distro security system to inspect the dependencies against a blacklist and block the app from running if it has vulnerable parts.

Member

jpakkane commented Aug 17, 2015

For distro packaging we wouldn't. That's why they are not installed by default.

This is for xdg-app applications and the like that embed their dependencies. This allows a distro security system to inspect the dependencies against a blacklist and block the app from running if it has vulnerable parts.

outdir = libdir
outdir = self.target_install_dir(t)
if isinstance(t, build.Executable) and self.build.install_dependency_manifests:
mf_src = self.get_target_filename(t) + '.dependencies.json'

This comment has been minimized.

@ignatenkobrain

ignatenkobrain Aug 18, 2015

Member

why not '%s.dependencies.json' % self.get_target_filename(t)? Let's use this for all string operations.

@ignatenkobrain

ignatenkobrain Aug 18, 2015

Member

why not '%s.dependencies.json' % self.get_target_filename(t)? Let's use this for all string operations.

@jpakkane

This comment has been minimized.

Show comment
Hide comment
@jpakkane

jpakkane Aug 22, 2015

Member

This has been superseded.

Member

jpakkane commented Aug 22, 2015

This has been superseded.

@jpakkane jpakkane closed this Aug 22, 2015

@jpakkane jpakkane deleted the depmanifest branch Dec 20, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment