Subject: Re: Automatic PLIST verification
To: None <>
From: Lasse Kliemann <>
List: tech-pkg
Date: 01/16/2005 19:49:23
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* Julio M. Merino Vidal writes:
> in a recent discussion in tech-pkg@ (don't remember very well which one
> it is), it was suggested that comparing the generated PLIST to the files
> that were really installed by the package could be a good idea.
> Here is a patch that does this.  For completeness, it also checks that
> no files are deleted (something that must never happen, AFAICT).

I had a similar idea recently. Since I use sepbuild-pkgsrc [1] for my bulk=
builds, I integrated the functionality there. It checks for missing files a=
well as for extra files (then it removes the extra files). The results of t=
checks are written in the log directory (located in the directory where you=
invoke sepbuild-pkgsrc) under log/xfiles.

Because of the privilege concept of sepbuild, no package can ever fool this=
check (be it unintentionally or intentionally/maliciously, e.g., through a=
trojaned distfile).


Lasse Kliemann
      private homepage:
   NO software patents:
do NOT use M$ products:

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.6 (NetBSD)