blob: 82278ac38661b423607e485397d89aba61d1133a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
************
Introduction
************
Overview
===================================
Auto dependency builder is a tool for analysis files accessed during
building a package. It also can be used for buildtime and runtime dependency
analysis.
The tool can block an access to files of defined packages.
It is released under GNU GPL license.
Status
===================================
Autodep is in active developing.
Installing
===================================
.. note::
TODO: make an overlay and ebuild
Running
===================================
.. program:: autodep
.. code-block:: none
autodep [options] <command>
.. cmdoption:: --help, -h
show this help message and exit
.. cmdoption:: -b, --block
strict mode: deny all access to non-dependency packages
.. cmdoption:: --blockpkgs=PACKAGES
block an access to files from this packages
.. cmdoption:: -f , --files
show accessed files and not founded files
.. cmdoption:: -v , --verbose
show non-important packages, show unknown package and unknown stage
.. cmdoption:: -C , --nocolor
don't output color
.. cmdoption:: --hooklib
use ld_preload logging approach(default)
.. cmdoption:: --fusefs
use fuse logging approach(slow, but reliable)
Example: showfsevents.py -b lsof,cowsay emerge bash
Hooklib vs Fusefs
===================================
+------------------------------------------------+-------------+---------------+
| | Hooklib | Fusefs |
+================================================+=============+===============+
| Who can use this approach? | **Any user**| Only root |
+------------------------------------------------+-------------+---------------+
| Is approach allows blocking an access to files?| **YES** | **YES** |
+------------------------------------------------+-------------+---------------+
| Is overhead in performance big? | **NO** | YES [#f1]_ |
+------------------------------------------------+-------------+---------------+
| What events are logged? | Most [#f2]_| **ALL** |
+------------------------------------------------+-------------+---------------+
| When is it recomended to use an approach? | For analysis| For analysis |
| | of | of *runtime* |
| | *buildtime* | dependencies |
| | dependencies| |
+------------------------------------------------+-------------+---------------+
| Is any pre-requirements for using an approach? | **NO** | FUSE must be |
| | | enabled in |
| | | kernel |
+------------------------------------------------+-------------+---------------+
.. rubric:: Notes
.. [#f1] Fuse file system is slower than normal one. Program reads many files
while launching, so this will take more time than usual.
.. [#f2] Loading of dynamic libraries and direct syscalls will not be logged.
Examples
===================================
.. rubric:: 1. Get the potential dependencies of a xchat package:
.. code-block:: none
autodep emerge xchat
.. rubric:: 2. Get the potential dependencies of a xchat package, blocking
x11-misc/util-macros package:
.. code-block:: none
autodep emerge --block x11-misc/util-macros emerge xchat
.. rubric:: 3. Get the potential dependencies of a xchat package, and show files
accessed:
.. code-block:: none
autodep --files emerge xchat
.. rubric:: 4. Get the runtime dependencies of a xchat and show files
accessed:
.. code-block:: none
autodep --fusefs --files xchat
Indices and tables
==================
* :ref:`genindex`
* :ref:`modindex`
* :ref:`search`
|