On Sun, Aug 30, 2009 at 09:42:56PM +0200, Hannes von Haugwitz wrote: > Marc Haber <mh+debian-packa...@zugschlus.de> wrote: >> On a second and third though, why don't you implement this in a >> dedicated binary so that a normal update round can be like >> >> - update system >> - run aide --update >> - filter output through new program to see only changes that didn't >> come from a package >> - decide whether to cp aide.db.new to aide.db >> >> That way, the complicated stuff can be implemented, for example, in >> perl, since it is not mandatory. > > That would be an option. But I think the filter should also work for > single package installations via aptitude install or dpkg -i. So how to > implement that in an automatic way?
a single package installation doesn't create _that_ much noise, I'd handle this the same as a system update, or manually. >> Very nice. Please consider implementing this as a patch to the actual >> aide binary which can be submitted upstream. This may be a feature to >> be of big use outside Debian.. > > I can do that, but as far as I can judge the truncation of the "Detailed > changes" part has to be done further on in the cron job script. Yes, that still needs to happen in the script. > On the other hand we could modify the aide database before and after > every package change. Thereby it would be possible to also filter > removed files. This requires a new option to aide binary which > allows to partially updating the aide database from a list of files and > a way to run a program before and after every dpkg run. Is that possible? I don't know for dpkg, but apt has pre/post hooks. And I think that upstream would accept a patch to update only parts of the database, but be aware that an attacker would be able to use that function to hide his local changes as well. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org