On Wed, 2007-06-13 at 21:55 +0200, Marc Weber wrote:
[..] 4) use dpkg to install necessary debian packages
5) Use the gentoo portage sandbox ( thus generate a gentoo package for each documention package (will work on gentoo only )
The gentoo sandbox program does not mean one has to generate gentoo packages. It's a fairly self contained program. Note that the sandbox is not a chroot jail. It's kind of a supervisor for child processes that enforces a policy (given in a config file) for access to the file system. The gentoo package builder tool uses that to allow a build process to have read only access to the entire file system and write access to just the build directory (and sub-directories). As I understand it, it works using the linux kernel's ptrace mechanism to intercept and check syscalls against the security policy. I'm sure sandbox works on any linux system, not just gentoo, so it might be a good solution for HaskageDB. I expect it'd use more or less the same kind of security policy that the gentoo package build tools use, ie read only to the whole system and read/write for the specific build directory (and directory where the installed image/docs is put). Duncan