Well, I’m no longer a virgin to the Mandriva build system. I’ve been using some tools, like iurt, on the secteam buildbox for a while now, but I’ve not had the need to use repsys or mdvsys. So I started playing with them yesterday. For starters, someone needs to make rpm-build a dependency on repsys… it doesn’t work too well without rpm-build (missing macros and such).
Anyways, this morning I lost my virginity and used repsys and mdvsys to submit a new version of AIDE to cooker. New version, and integrated the AIDE+gpg scripts from Annvix, so now AIDE is actually a good and trustworthy alternative to Tripwire.
I guess now that I’m no longer working on Annvix there are a few things I should submit so I don’t have to maintain them individually and outside of cooker/contrib. Things like exim, execline, a better runit (although Mandriva’s dietlibc is broken and runit doesn’t build under dietlibc anymore which is a real shame)… there are a few others. I’d like to submit rsec (the not-so-obnoxious alternative to msec), but somehow I think people would whine.
I’m also planning to import some stuff from Annvix that originally came from Openwall; stuff like tcb, pam_passwdqc, etc. Of course, this will involve patching glibc and shadow-utils… possibly util-linux-ng, but I don’t recall. Of course, TCB is far superior to traditional shadow passwords and completely backwards compatible (with the patches, of course). People will probably complain about that too, but whatever. The patches don’t force the use of TCB, but they do allow it to work. The patches to glibc would incorporate blowfish password support, which is important. Annvix, SUSE, and Openwall (and probably others) have had blowfish support for crypt for years. Mandriva still doesn’t. Will probably hit resistance there too, but maybe I’ll just submit it without telling anyone… that seems to be the “appropriate” way of doing things around here, right?
I also think we need to implement a spec “style” policy. Good lord our specs are disgusting. Functional, perhaps, but hideous to look at. I now remember why I spent so much time and was so anal about formatting of specs in Annvix… it sure makes life simpler when every spec you follow uses the exact same style format. I imagine Annvix wasn’t the only distro with an anal style policy on specfiles… surely others must think that consistency in formatting saves time?