Date: Thu, 25 Apr 2013 14:30:11 +0200 From: Baptiste Daroussin <bapt@freebsd.org> To: Michael Gmelin <freebsd@grem.de> Cc: Chris Rees <utisoft@gmail.com>, FreeBSD Mailing List <freebsd-ports@freebsd.org> Subject: Re: www/nginx pkg-plist + pkgng (detectable?) Message-ID: <20130425123011.GB50182@ithaqua.etoilebsd.net> In-Reply-To: <20130425050553.0778bb95@bsd64.grem.de> References: <20130330142320.38010126@bsd64.grem.de> <20130408103118.67ea695a@bsd64.grem.de> <CADLo838OFhmA6AQNuHPjP=Kfw9Co9vWh3XqxrFkEH-dgb81pzA@mail.gmail.com> <20130409205950.677a6812@bsd64.grem.de> <20130410061331.GA74304@ithaqua.etoilebsd.net> <CADLo839mvnemkWaKz4wbHZChQWSj0%2BtVgBOwTLuW12mGf0Of2g@mail.gmail.com> <20130410135632.0971caef@bsd64.grem.de> <20130413220152.51ef2cb3@bsd64.grem.de> <CADLo83-W%2BitL818qJ01isNWduVfJ5WSir37OszcVqoAVZGpeqQ@mail.gmail.com> <20130425050553.0778bb95@bsd64.grem.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--98e8jtXdkpgskNou Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 25, 2013 at 05:05:53AM +0200, Michael Gmelin wrote: > On Tue, 23 Apr 2013 17:48:52 +0100 > Chris Rees <utisoft@gmail.com> wrote: >=20 > > On 13 April 2013 21:01, Michael Gmelin <freebsd@grem.de> wrote: > > > On Wed, 10 Apr 2013 13:56:32 +0200 > > > Michael Gmelin <freebsd@grem.de> wrote: > > > > > >> On Wed, 10 Apr 2013 09:02:29 +0100 > > >> Chris Rees <utisoft@gmail.com> wrote: > > >> > > >> > On 10 April 2013 07:13, Baptiste Daroussin <bapt@freebsd.org> > > >> > wrote: > > >> > > On Tue, Apr 09, 2013 at 08:59:50PM +0200, Michael Gmelin wrote: > > >> > >> On Tue, 9 Apr 2013 19:43:15 +0100 > > >> > >> Chris Rees <utisoft@gmail.com> wrote: > > >> > >> > > >> > >> > > >> > >> > > > >> > >> > No, it's a bug in pkgng; it should respect @cwd. > > >> > >> > > > >> > > > > >> > > No it is not. > > >> > > > > >> > > While i agree with pkgng that should repect @cwd (it surely > > >> > > does) > > >> > > > > >> > > There is nothing written anywhere that will waranty you that > > >> > > the @exec line will be parsed in order ro prepend @cwd path to > > >> > > a path you provide. the only thing doing that is %D. > > >> > > > > >> > > A user MUST add %D and have complete path in @exec lines > > >> > > > > >> > > In fact in that case it works by chance becauce of how > > >> > > pkg_install treat plist. > > >> > > > >> > Am I misunderstanding the meaning of "current working directory"? > > >> > > > >> > When mkdir is called, it should create the directory in @cwd. > > >> > pkg_install's behaviour is correct here, and pkgng's is not. > > >> > > > >> > Chris > > >> > > >> pkg_create(1) says: > > >> > > >> @cwd [directory] > > >> Set the internal directory pointer to point to > > >> directory. All subsequent *filenames* will be assumed relative to > > >> this directory. If no directory argument is given, it will set > > >> the internal directory pointer to the first prefix > > >> value. Note: @cd is also an alias for this command. > > >> > > >> but as far as the package manager is concerned, www/nginx-dist is > > >> an argument to mkdir in the exec call (@exec mkdir -p -m 755 > > >> www/nginx-dist) and not a filename. > > >> > > >> Also the porters handbook uses %D in all its examples, but offers > > >> no explicit explanation. > > >> > > >> That said, the way pkg_add is implemented, it changes to > > >> directories as a side effect of using its PUSHOUT macro in > > >> usr.sbin/pkg_install/add/extract.c (I only glanced at that, but > > >> that seems to be the reason why this is happening). So commands get > > >> executed within `pwd` =3D=3D @cwd. > > >> > > >> So there is definitely a backwards compatibility problem for the > > >> sheer reason of that "it worked before". I don't thing pkg should > > >> adopt this behavior (it seems like a bad idea long term), but it > > >> should detect it somehow. A simple approach to detect this could > > >> be chdiring to /var/empty in pkg before executing the call so it > > >> will fail in case the path used within @exec is relative. > > >> > > >> Cheers, > > >> Michael > > >> > > > > > > So what now? Is anybody looking into this? Should I open a PR for > > > nginx and supply a patch that fixes this (theoretically it should > > > be applied despite the port freeze, since it's a build problem). > >=20 > > Please do open a PR if you haven't already. >=20 > Done, http://www.freebsd.org/cgi/query-pr.cgi?pr=3D178123 >=20 > >=20 > > > Regarding pkgng: Will anybody consider implementing automatic > > > checks to prevent something like this from happening (e.g. the > > > simplistic approach I suggested). Even if the files wouldn't be > > > left behind, the fact that something gets touched in pwd is really > > > bad - as an admin it should be safe to assume that I can start pkg > > > from any directory without altering it state (and be it > > > temporarily). > >=20 > > I think a patch to portlint wouldn't go amiss. > >=20 > > Feel up to the challenge? >=20 > I won't touch portlint, but I implemented a small patch to pkg that > will mitigate some of the bad effects in an extremely trivial way, so > in the example at hand, instead of creating files/directories in > whichever pwd you started pkg from, it will show now: >=20 > pkg add /tmp/nginx-1.2.7_1,1.txz > Installing nginx-1.2.7_1,1...=3D=3D=3D> Creating users and/or groups. > Using existing group 'www'. > Using existing user 'www'. > mkdir: www: Operation not permitted > chmod: www/nginx-dist: No such file or directory > done >=20 > So: > a) You don't write files in a possibly very inappropriate/dangerous > place > b) Due to the error messages you might become aware that there's > something wrong >=20 > I'll send the patch to Baptiste (Cc you) off list. >=20 We already have a fix in pkgng now :) thanks, Bapt --98e8jtXdkpgskNou Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlF5IdMACgkQ8kTtMUmk6EyU5ACfXvGRfY6QtbJ7PLjBFpSq0ZW7 ZVUAoJIyvxaKYcEV7mtpoY/3Q8Nlh5uu =+Kyq -----END PGP SIGNATURE----- --98e8jtXdkpgskNou--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130425123011.GB50182>