On Tue, 23 Apr 2013 17:48:52 +0100 Chris Rees <[email protected]> wrote:
> On 13 April 2013 21:01, Michael Gmelin <[email protected]> wrote: > > On Wed, 10 Apr 2013 13:56:32 +0200 > > Michael Gmelin <[email protected]> wrote: > > > >> On Wed, 10 Apr 2013 09:02:29 +0100 > >> Chris Rees <[email protected]> wrote: > >> > >> > On 10 April 2013 07:13, Baptiste Daroussin <[email protected]> > >> > wrote: > >> > > On Tue, Apr 09, 2013 at 08:59:50PM +0200, Michael Gmelin wrote: > >> > >> On Tue, 9 Apr 2013 19:43:15 +0100 > >> > >> Chris Rees <[email protected]> wrote: > >> > >> > >> > >> > >> > >> > > >> > >> > No, it's a bug in pkgng; it should respect @cwd. > >> > >> > > >> > > > >> > > No it is not. > >> > > > >> > > While i agree with pkgng that should repect @cwd (it surely > >> > > does) > >> > > > >> > > There is nothing written anywhere that will waranty you that > >> > > the @exec line will be parsed in order ro prepend @cwd path to > >> > > a path you provide. the only thing doing that is %D. > >> > > > >> > > A user MUST add %D and have complete path in @exec lines > >> > > > >> > > In fact in that case it works by chance becauce of how > >> > > pkg_install treat plist. > >> > > >> > Am I misunderstanding the meaning of "current working directory"? > >> > > >> > When mkdir is called, it should create the directory in @cwd. > >> > pkg_install's behaviour is correct here, and pkgng's is not. > >> > > >> > Chris > >> > >> pkg_create(1) says: > >> > >> @cwd [directory] > >> Set the internal directory pointer to point to > >> directory. All subsequent *filenames* will be assumed relative to > >> this directory. If no directory argument is given, it will set > >> the internal directory pointer to the first prefix > >> value. Note: @cd is also an alias for this command. > >> > >> but as far as the package manager is concerned, www/nginx-dist is > >> an argument to mkdir in the exec call (@exec mkdir -p -m 755 > >> www/nginx-dist) and not a filename. > >> > >> Also the porters handbook uses %D in all its examples, but offers > >> no explicit explanation. > >> > >> That said, the way pkg_add is implemented, it changes to > >> directories as a side effect of using its PUSHOUT macro in > >> usr.sbin/pkg_install/add/extract.c (I only glanced at that, but > >> that seems to be the reason why this is happening). So commands get > >> executed within `pwd` == @cwd. > >> > >> So there is definitely a backwards compatibility problem for the > >> sheer reason of that "it worked before". I don't thing pkg should > >> adopt this behavior (it seems like a bad idea long term), but it > >> should detect it somehow. A simple approach to detect this could > >> be chdiring to /var/empty in pkg before executing the call so it > >> will fail in case the path used within @exec is relative. > >> > >> Cheers, > >> Michael > >> > > > > So what now? Is anybody looking into this? Should I open a PR for > > nginx and supply a patch that fixes this (theoretically it should > > be applied despite the port freeze, since it's a build problem). > > Please do open a PR if you haven't already. Done, http://www.freebsd.org/cgi/query-pr.cgi?pr=178123 > > > Regarding pkgng: Will anybody consider implementing automatic > > checks to prevent something like this from happening (e.g. the > > simplistic approach I suggested). Even if the files wouldn't be > > left behind, the fact that something gets touched in pwd is really > > bad - as an admin it should be safe to assume that I can start pkg > > from any directory without altering it state (and be it > > temporarily). > > I think a patch to portlint wouldn't go amiss. > > Feel up to the challenge? I won't touch portlint, but I implemented a small patch to pkg that will mitigate some of the bad effects in an extremely trivial way, so in the example at hand, instead of creating files/directories in whichever pwd you started pkg from, it will show now: pkg add /tmp/nginx-1.2.7_1,1.txz Installing nginx-1.2.7_1,1...===> Creating users and/or groups. Using existing group 'www'. Using existing user 'www'. mkdir: www: Operation not permitted chmod: www/nginx-dist: No such file or directory done So: a) You don't write files in a possibly very inappropriate/dangerous place b) Due to the error messages you might become aware that there's something wrong I'll send the patch to Baptiste (Cc you) off list. Cheers, Michael > > Chris -- Michael Gmelin _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[email protected]"
