Hi,
On 10/06/2013 15:27, intrigeri wrote:
> Hi quidame,
>
>> After what, other bilibop packages perform more or less specific actions
>> to protect the content of this device from root or user mistakes.
>
> I'm interested in bilibop-rules too (more specifically, its ability to
> set the boot medium as 'system internal' for udisks). However,
> bilibop-rules depends on a newer initscripts package than what's in
> Squeeze. Unfortunately, this is still a blocker for us.
>
> Is this only because of the unconditional use of /run in some places,
> or are there other reasons for this dependency?
No other reason (as there is no initscript in my packages). This is only
for compliance with the Debian Policy 3.9.4
> How hard would it be to remove this dependency in a backport aimed at
> Squeeze?
>
> Would you be interested to do it in order to help Tails a bit?
Hmm... I think it is not the best way:
1. bilibop-rules provides other features that are absolutely not Tails
(Debian Live) related: helper scripts to manage grub device.map, or to
modify LVM config, or to make /etc/udev/rules.d/70-persistent*.rules
unpersistent... this is why bilibop-udev exists
2. the only one relevant file in bilibop-udev is 66-bilibop.rules; so it
is possible to modify it again (+2 lines), or even not install
bilibop-udev (but only bilibop-common), and add a specific rules file in
the amnesia git repository (I think in
config/chroot_local-includes/etc/udev/rules.d/). Additionally, you could
merge it with the existing 99-hide-TailsData.rules. In that case, this
could give:
============ BEGIN
# /etc/udev/rules.d/99-tails.rules
SUBSYSTEM!="block", GOTO="bilibop_end"
ACTION!="add|change", GOTO="bilibop_end"
KERNEL!="sd?*|mmcblk?*|mspblk?*", GOTO="bilibop_end"
SUBSYSTEMS=="usb|firewire|memstick|mmc", \
PROGRAM=="/lib/bilibop/test $tempnode", \
ENV{UDISKS_SYSTEM_INTERNAL}:="1", \
GROUP:="disk", \
GOTO="bilibop_disk"
GOTO="bilibop_end"
LABEL="bilibop_disk"
ENV{UDISKS_PARTITION_LABEL}=="TailsData", \
ENV{UDISKS_PRESENTATION_HIDE}:="1"
KERNEL=="sd?|mmcblk?|mspblk?", \
ENV{ID_DRIVE_DETACHABLE}:="0", \
SYMLINK+="TailsBootDev"
LABEL="bilibop_end"
============ END
(...just for a first draft on the fly; also note that /lib/bilibop/test
is a part of bilibop-common)
What do you think about that ? If needed I can help to write what you need.
Another possibility could be to kill bilibop-udev and replace it by
bilibop-live, with live-specific additional stuff (but this is not done).
cheers,
quidame
