From: Dario Niedermann on 14 Jul 2010 19:46 Jim Diamond <Jim.Diamond(a)deleteme.AcadiaU.ca> wrote: > I'm really sort of curious here about what you think the installer > should do. That is, how does it know that a package is broken? In > your case, I guess it could have some logic that dictates what the > permissions of some well-known system directories are, and not allow > them to change as a result of installing a package. There are two solutions that I personally deem appropriate: 1. the simpler solution: installpkg knows a list of untouchable system directories; these will never be extracted from the tarballs, only their contents will; 2. the more radical solution, which I favour: installpkg checks the contents of the tar package, takes note of which items are existing directories and does not extract those from the tarball (again, only their contents are extracted). This ensures permissions on existing directories are never touched by installpkg. In my implementation, installpkg will likely use 'tar tf' and 'sed' to build a sanitized bill of materials, which will then be passed to tar using the '-T' flag. > Also, while it would be possible to look at the tar file and peruse > the directory permissions, Slackware packages can also have scripts. > Do you think it is feasible to try to get the installer to examine > every script to ensure a "broken" package won't cause problems? Scripts are a whole different issue. I don't think there's a realistic way for the package installer to ensure they won't wreak havoc. -- > head -n1 /etc/*-{version,release} && uname -moprs Slackware 12.2.0 Linux 2.6.27.31-smp i686 AMD Turion(tm) 64 Mobile Technology MK-36 GNU/Linux
From: Keith Keller on 14 Jul 2010 21:52 On 2010-07-14, Dario Niedermann <M8R-cthw2f(a)spamherelots.com> wrote: > > Scripts are a whole different issue. I don't think there's a realistic > way for the package installer to ensure they won't wreak havoc. OMG installpkg is severely b0rken we need to fix it immediately or the four horsemen will slay us all!!!!!~~~ --keith -- kkeller-usenet(a)wombat.san-francisco.ca.us (try just my userid to email me) AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt see X- headers for PGP signature information
From: Michael Black on 14 Jul 2010 23:56 On Wed, 14 Jul 2010, Keith Keller wrote: > On 2010-07-14, Dario Niedermann <M8R-cthw2f(a)spamherelots.com> wrote: >> >> Scripts are a whole different issue. I don't think there's a realistic >> way for the package installer to ensure they won't wreak havoc. > > OMG installpkg is severely b0rken we need to fix it immediately or the > four horsemen will slay us all!!!!!~~~ > We've had ample warning. Didn't ANC used to tell us we needed to use "getslack"? Oops, he wanted us to use something else. It was someone else recently who miswrote and made it sound like "getslack" was a new installer. The problem is, I'm not longer sure if we're being revisited by old posters under a new guise, or if they all naturally sound the same. Michael
From: Sylvain Robitaille on 15 Jul 2010 01:16 Keith Keller wrote: > If Robby asks, I hope you'll offer to help. :) If he asks, certainly I'd be willing to help. I have a sense from his message, though, that it wouldn't be needed anyway. -- ---------------------------------------------------------------------- Sylvain Robitaille syl(a)encs.concordia.ca Systems analyst / AITS Concordia University Faculty of Engineering and Computer Science Montreal, Quebec, Canada ----------------------------------------------------------------------
From: Sylvain Robitaille on 15 Jul 2010 01:26
Dario Niedermann wrote: >> To be fair, the suggestion to set the umask in the SlackBuild scripts >> was a good one, and would help avoid this problem in the future. > > No it wasn't and no it wouldn't. Actually, yes it was, and it most certainly would. That was the point. > It's just a quick hack to avoid fixing installpkg to make it handle > broken packages gracefully. No. It's called fixing a problem at its source. If you can avoid building broken packages in the first place, the situation you encountered wouldn't happen. As I said repeatedly: you're barking up the wrong tree. What you encountered was the result of a broken package, not any fault of installpkg. Fix the problem, not the symptom. > The truth is, you're too much of a retard to realize that a package > installer that's so fussy as to require the user to become root in a > specific way rather than another would be pathetic even for 1992. Again, it's not the package installer that has that requirement. It's the package build script, with which you built the package that the installer installed. The package installer only needs euid=0 to do what it does, and you can get that any number of ways, including those recommended by the SlackBuilds.org people. -- ---------------------------------------------------------------------- Sylvain Robitaille syl(a)encs.concordia.ca Systems analyst / AITS Concordia University Faculty of Engineering and Computer Science Montreal, Quebec, Canada ---------------------------------------------------------------------- |