control: tags -1 patch On Sat, Sep 05, 2020 at 11:11:22AM +0200, Mattia Rizzolo wrote: > https://tracker.debian.org/pkg/policy-rcd-declarative > is a good solution to this: install that package, then instead of > dropping that file into /usr/local/sbin/policy-rc.d, do > echo ".* .* deny" > /etc/service-policy.d/00-buildd-deny-all > > That turns a non-dpkg tracked binary into a non-dpkg tracked conffile, > which I suppose it's a good compromise.
awesome find, Mattia, thank you. I dare to tag this bug 'patch' now.
> Improvement would be to ship
> that single conffile in a separate package (which, IMHO,
> src:policy-rcd-declarative could do, i.e. provide a
> "policy-rcd-declarative-deny-all" binary; or do fancy things with a
> debconf option sbuild-createchroot could inject but that would be too
> dirty for me).
I'm tempted to clone this bug and make the clone a wishlist bug for such
a "policy-rcd-declarative-deny-all" binary. What do you think?
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
There are only two kinds of nazis: stupid ones and those without an excuse.
(Volker StrĂ¼bing)
signature.asc
Description: PGP signature
