From: Dario Niedermann on
Jim Diamond <Jim.Diamond(a)deleteme.AcadiaU.ca> wrote:

> I'm really sort of curious here about what you think the installer
> should do. That is, how does it know that a package is broken? In
> your case, I guess it could have some logic that dictates what the
> permissions of some well-known system directories are, and not allow
> them to change as a result of installing a package.

There are two solutions that I personally deem appropriate:

1. the simpler solution: installpkg knows a list of untouchable system
directories; these will never be extracted from the tarballs, only
their contents will;

2. the more radical solution, which I favour: installpkg checks the
contents of the tar package, takes note of which items are existing
directories and does not extract those from the tarball (again, only
their contents are extracted). This ensures permissions on existing
directories are never touched by installpkg.

In my implementation, installpkg will likely use 'tar tf' and 'sed' to
build a sanitized bill of materials, which will then be passed to tar
using the '-T' flag.

> Also, while it would be possible to look at the tar file and peruse
> the directory permissions, Slackware packages can also have scripts.
> Do you think it is feasible to try to get the installer to examine
> every script to ensure a "broken" package won't cause problems?

Scripts are a whole different issue. I don't think there's a realistic
way for the package installer to ensure they won't wreak havoc.


--
> head -n1 /etc/*-{version,release} && uname -moprs
Slackware 12.2.0
Linux 2.6.27.31-smp i686 AMD Turion(tm) 64 Mobile Technology MK-36 GNU/Linux
From: Keith Keller on
On 2010-07-14, Dario Niedermann <M8R-cthw2f(a)spamherelots.com> wrote:
>
> Scripts are a whole different issue. I don't think there's a realistic
> way for the package installer to ensure they won't wreak havoc.

OMG installpkg is severely b0rken we need to fix it immediately or the
four horsemen will slay us all!!!!!~~~

--keith

--
kkeller-usenet(a)wombat.san-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://www.therockgarden.ca/aolsfaq.txt
see X- headers for PGP signature information

From: Michael Black on
On Wed, 14 Jul 2010, Keith Keller wrote:

> On 2010-07-14, Dario Niedermann <M8R-cthw2f(a)spamherelots.com> wrote:
>>
>> Scripts are a whole different issue. I don't think there's a realistic
>> way for the package installer to ensure they won't wreak havoc.
>
> OMG installpkg is severely b0rken we need to fix it immediately or the
> four horsemen will slay us all!!!!!~~~
>
We've had ample warning. Didn't ANC used to tell us we needed to
use "getslack"?

Oops, he wanted us to use something else. It was someone else recently
who miswrote and made it sound like "getslack" was a new installer.

The problem is, I'm not longer sure if we're being revisited by old
posters under a new guise, or if they all naturally sound the same.

Michael

From: Sylvain Robitaille on
Keith Keller wrote:

> If Robby asks, I hope you'll offer to help. :)

If he asks, certainly I'd be willing to help. I have a sense from his
message, though, that it wouldn't be needed anyway.

--
----------------------------------------------------------------------
Sylvain Robitaille syl(a)encs.concordia.ca

Systems analyst / AITS Concordia University
Faculty of Engineering and Computer Science Montreal, Quebec, Canada
----------------------------------------------------------------------
From: Sylvain Robitaille on
Dario Niedermann wrote:

>> To be fair, the suggestion to set the umask in the SlackBuild scripts
>> was a good one, and would help avoid this problem in the future.
>
> No it wasn't and no it wouldn't.

Actually, yes it was, and it most certainly would. That was the point.

> It's just a quick hack to avoid fixing installpkg to make it handle
> broken packages gracefully.

No. It's called fixing a problem at its source. If you can avoid
building broken packages in the first place, the situation you
encountered wouldn't happen. As I said repeatedly: you're barking up
the wrong tree. What you encountered was the result of a broken
package, not any fault of installpkg. Fix the problem, not the symptom.

> The truth is, you're too much of a retard to realize that a package
> installer that's so fussy as to require the user to become root in a
> specific way rather than another would be pathetic even for 1992.

Again, it's not the package installer that has that requirement. It's
the package build script, with which you built the package that the
installer installed. The package installer only needs euid=0 to do what
it does, and you can get that any number of ways, including those
recommended by the SlackBuilds.org people.

--
----------------------------------------------------------------------
Sylvain Robitaille syl(a)encs.concordia.ca

Systems analyst / AITS Concordia University
Faculty of Engineering and Computer Science Montreal, Quebec, Canada
----------------------------------------------------------------------