Filesystem extended attributes support

George Saylor george.saylor at hardenedbsd.org
Thu Oct 15 08:44:01 UTC 2020 

That is great news all.

On Wed, Oct 14, 2020, 2:55 PM Shawn Webb <shawn.webb at hardenedbsd.org> wrote:

> On Sat, Jul 4, 2020 at 8:11 PM Baptiste Daroussin <bapt at freebsd.org>
> wrote:
>
> > On Sat, Jul 04, 2020 at 10:13:45AM -0400, Shawn Webb wrote:
> > > Hey FreeBSD pkg(8) developers,
> > >
> > > Attached is a patch that implements filesystem extended attributes
> > > support. Only the system namespace is supported. In case the patch
> > > gets scrubbed from this email, I've posted it here:
> > > https://gist.github.com/d0b4653bc5942dbcdcd1db877d37c2dc
> > >
> > > Anyone who wants to write unit tests is welcomed to do so.
> > >
> > > This patch to pkg does depend on a separate patch to libarchive:
> > > https://github.com/libarchive/libarchive/pull/1409
> > >
> > > HardenedBSD has a separate patch to tmpfs that enables incredibly
> > > basic extended attribute support. The tmpfs patch is only needed for
> > > those who use tmpfs with poudriere.
> > >
> > > And finally, another patch to the jails subsystem that allows a
> > > privileged user within a jail to set system namespace filesystem
> > > extended attributes (disabled by default) is needed for poudriere
> > > users.
> > >
> > > The patch to tmpfs and jails is not included here as they are
> > > tangential.
> >
> > Thank you for the patch at quick glance it looks fine to me. I would have
> > obviously to wait for libarchive to merge the patch first to be able to
> > test it
> > and do a proper review at the time.
> >
> > Don't hesitate to ping me again if you see no progress with libarchive
> has
> > merged the said patch.
> >
> > I would have to rework it a bit probably:
> > - Add a configure detection of the fact libarchive does or not have the
> >   necessary support
> > - Add regression tests to ensure I don't break this in the future.
> > - Maybe add an option to enable/disable it via pkg.conf (not sure yet
> about
> > that ;))
>
> Following up: libarchive merged in the patch.
>
> https://github.com/libarchive/libarchive/pull/1409
>
> Thanks,
>
> Shawn Webb
> Cofounder / Security Engineer
> HardenedBSD
>
> GPG Key ID:          0xFF2E67A277F8E1FA
> GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9  3633 C85B 0AF8 AB23 0FB2
>
> https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
> a
>
> On Sat, Jul 4, 2020 at 8:11 PM Baptiste Daroussin <bapt at freebsd.org>
> wrote:
>
>> On Sat, Jul 04, 2020 at 10:13:45AM -0400, Shawn Webb wrote:
>> > Hey FreeBSD pkg(8) developers,
>> >
>> > Attached is a patch that implements filesystem extended attributes
>> > support. Only the system namespace is supported. In case the patch
>> > gets scrubbed from this email, I've posted it here:
>> > https://gist.github.com/d0b4653bc5942dbcdcd1db877d37c2dc
>> >
>> > Anyone who wants to write unit tests is welcomed to do so.
>> >
>> > This patch to pkg does depend on a separate patch to libarchive:
>> > https://github.com/libarchive/libarchive/pull/1409
>> >
>> > HardenedBSD has a separate patch to tmpfs that enables incredibly
>> > basic extended attribute support. The tmpfs patch is only needed for
>> > those who use tmpfs with poudriere.
>> >
>> > And finally, another patch to the jails subsystem that allows a
>> > privileged user within a jail to set system namespace filesystem
>> > extended attributes (disabled by default) is needed for poudriere
>> > users.
>> >
>> > The patch to tmpfs and jails is not included here as they are
>> > tangential.
>>
>> Thank you for the patch at quick glance it looks fine to me. I would have
>> obviously to wait for libarchive to merge the patch first to be able to
>> test it
>> and do a proper review at the time.
>>
>> Don't hesitate to ping me again if you see no progress with libarchive has
>> merged the said patch.
>>
>> I would have to rework it a bit probably:
>> - Add a configure detection of the fact libarchive does or not have the
>> ?? necessary support
>> - Add regression tests to ensure I don't break this in the future.
>> - Maybe add an option to enable/disable it via pkg.conf (not sure yet
>> about
>> that ;))
>>
>> Best regards,
>> Bapt
>>
>

More information about the freebsd-pkg mailing list