On Thu, 2006-10-19 at 22:02 +0200, Pierre Schmitz wrote: > I got some time to think about how I could create a central package-database. > My problem is the parsing of the PKGBUILDs. Writing my own parser is a lot of > work because it has to be a nearly complete bash-interpreter. Some PKGBUILDs > inclide for-loops or even sed-commands in its header. > > Using bash to do this (like you are doing it) will solve this. But this is a > security-nightmere: We are fetching Bash-Scripts from another Server ans > execute them without ans limitations? Well even the official > archlinux.org-site is doing this; but I think this is a risk. (Esspecially > when Parsing AUR-PKGBUILDs) > > How can we solve this? > > * We may ask Judd to publish the db of archlinux.org > * We run the parser in a vm or chroot > * We do not care about security ;-) > * We wrote our own Parser which will not work with every PKGBUILD out there > > What do you think? Any better ideas to solve this? > >
You can launch script in a chroot environnement. So most of security problems could be solved. I was thinking this days to build automatically a binary aur repository with this system. What do you think about it ? - b -- Arch Linux FR, website for french speaking user of Arch Linux. http://www.archlinuxfr.org _______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
