From owner-freebsd-ports@FreeBSD.ORG Thu Apr 25 12:30:22 2013 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 61FDCBBE for ; Thu, 25 Apr 2013 12:30:22 +0000 (UTC) (envelope-from baptiste.daroussin@gmail.com) Received: from mail-ee0-f46.google.com (mail-ee0-f46.google.com [74.125.83.46]) by mx1.freebsd.org (Postfix) with ESMTP id E76591189 for ; Thu, 25 Apr 2013 12:30:21 +0000 (UTC) Received: by mail-ee0-f46.google.com with SMTP id c13so1260061eek.33 for ; Thu, 25 Apr 2013 05:30:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:sender:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=Wq98VoaEIE1ajOIkn4zeapSM9NCEENindlllhVmDA4E=; b=qS8G8XPUc4JzuL9hCv6qeq5mm/YuAHh+7PoH00/CDwuXFWVVERnfHHHKQnuSy30zqr fzgH3jr0RsrpWLg/Iu4mW8pvDoKB/nTdYEP/th+Nov9Fb2Dq+nz2deHSgwGRv3Rpg5Pc F8HPEnwFOg7febgnqzsYfV2+fL4mHzZHhpZEsTyUZTU8JIpwLjhWtNrxqOH2ZsVJ7SLM 48TqPWKZKKCMtNN+zVfHUPIPdNng7BCebMNVIDUGzbsPJnR5eVZ/AibxpAGEH0jRp4wx GEy3ddCxpon3omMpvIehUFn/zwo8YDMyVaAP8oytXNizVR1BVhhp7nUfCefm3vTu4UB5 8FMg== X-Received: by 10.14.104.6 with SMTP id h6mr30356662eeg.5.1366893015161; Thu, 25 Apr 2013 05:30:15 -0700 (PDT) Received: from ithaqua.etoilebsd.net (ithaqua.etoilebsd.net. [37.59.37.188]) by mx.google.com with ESMTPSA id w51sm10089014eev.13.2013.04.25.05.30.13 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 25 Apr 2013 05:30:14 -0700 (PDT) Sender: Baptiste Daroussin Date: Thu, 25 Apr 2013 14:30:11 +0200 From: Baptiste Daroussin To: Michael Gmelin Subject: Re: www/nginx pkg-plist + pkgng (detectable?) Message-ID: <20130425123011.GB50182@ithaqua.etoilebsd.net> References: <20130330142320.38010126@bsd64.grem.de> <20130408103118.67ea695a@bsd64.grem.de> <20130409205950.677a6812@bsd64.grem.de> <20130410061331.GA74304@ithaqua.etoilebsd.net> <20130410135632.0971caef@bsd64.grem.de> <20130413220152.51ef2cb3@bsd64.grem.de> <20130425050553.0778bb95@bsd64.grem.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="98e8jtXdkpgskNou" Content-Disposition: inline In-Reply-To: <20130425050553.0778bb95@bsd64.grem.de> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Chris Rees , FreeBSD Mailing List X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Apr 2013 12:30:22 -0000 --98e8jtXdkpgskNou Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 25, 2013 at 05:05:53AM +0200, Michael Gmelin wrote: > On Tue, 23 Apr 2013 17:48:52 +0100 > Chris Rees wrote: >=20 > > On 13 April 2013 21:01, Michael Gmelin wrote: > > > On Wed, 10 Apr 2013 13:56:32 +0200 > > > Michael Gmelin wrote: > > > > > >> On Wed, 10 Apr 2013 09:02:29 +0100 > > >> Chris Rees wrote: > > >> > > >> > On 10 April 2013 07:13, Baptiste Daroussin > > >> > wrote: > > >> > > On Tue, Apr 09, 2013 at 08:59:50PM +0200, Michael Gmelin wrote: > > >> > >> On Tue, 9 Apr 2013 19:43:15 +0100 > > >> > >> Chris Rees wrote: > > >> > >> > > >> > >> > > >> > >> > > > >> > >> > No, it's a bug in pkgng; it should respect @cwd. > > >> > >> > > > >> > > > > >> > > No it is not. > > >> > > > > >> > > While i agree with pkgng that should repect @cwd (it surely > > >> > > does) > > >> > > > > >> > > There is nothing written anywhere that will waranty you that > > >> > > the @exec line will be parsed in order ro prepend @cwd path to > > >> > > a path you provide. the only thing doing that is %D. > > >> > > > > >> > > A user MUST add %D and have complete path in @exec lines > > >> > > > > >> > > In fact in that case it works by chance becauce of how > > >> > > pkg_install treat plist. > > >> > > > >> > Am I misunderstanding the meaning of "current working directory"? > > >> > > > >> > When mkdir is called, it should create the directory in @cwd. > > >> > pkg_install's behaviour is correct here, and pkgng's is not. > > >> > > > >> > Chris > > >> > > >> pkg_create(1) says: > > >> > > >> @cwd [directory] > > >> Set the internal directory pointer to point to > > >> directory. All subsequent *filenames* will be assumed relative to > > >> this directory. If no directory argument is given, it will set > > >> the internal directory pointer to the first prefix > > >> value. Note: @cd is also an alias for this command. > > >> > > >> but as far as the package manager is concerned, www/nginx-dist is > > >> an argument to mkdir in the exec call (@exec mkdir -p -m 755 > > >> www/nginx-dist) and not a filename. > > >> > > >> Also the porters handbook uses %D in all its examples, but offers > > >> no explicit explanation. > > >> > > >> That said, the way pkg_add is implemented, it changes to > > >> directories as a side effect of using its PUSHOUT macro in > > >> usr.sbin/pkg_install/add/extract.c (I only glanced at that, but > > >> that seems to be the reason why this is happening). So commands get > > >> executed within `pwd` =3D=3D @cwd. > > >> > > >> So there is definitely a backwards compatibility problem for the > > >> sheer reason of that "it worked before". I don't thing pkg should > > >> adopt this behavior (it seems like a bad idea long term), but it > > >> should detect it somehow. A simple approach to detect this could > > >> be chdiring to /var/empty in pkg before executing the call so it > > >> will fail in case the path used within @exec is relative. > > >> > > >> Cheers, > > >> Michael > > >> > > > > > > So what now? Is anybody looking into this? Should I open a PR for > > > nginx and supply a patch that fixes this (theoretically it should > > > be applied despite the port freeze, since it's a build problem). > >=20 > > Please do open a PR if you haven't already. >=20 > Done, http://www.freebsd.org/cgi/query-pr.cgi?pr=3D178123 >=20 > >=20 > > > Regarding pkgng: Will anybody consider implementing automatic > > > checks to prevent something like this from happening (e.g. the > > > simplistic approach I suggested). Even if the files wouldn't be > > > left behind, the fact that something gets touched in pwd is really > > > bad - as an admin it should be safe to assume that I can start pkg > > > from any directory without altering it state (and be it > > > temporarily). > >=20 > > I think a patch to portlint wouldn't go amiss. > >=20 > > Feel up to the challenge? >=20 > I won't touch portlint, but I implemented a small patch to pkg that > will mitigate some of the bad effects in an extremely trivial way, so > in the example at hand, instead of creating files/directories in > whichever pwd you started pkg from, it will show now: >=20 > pkg add /tmp/nginx-1.2.7_1,1.txz > Installing nginx-1.2.7_1,1...=3D=3D=3D> Creating users and/or groups. > Using existing group 'www'. > Using existing user 'www'. > mkdir: www: Operation not permitted > chmod: www/nginx-dist: No such file or directory > done >=20 > So: > a) You don't write files in a possibly very inappropriate/dangerous > place > b) Due to the error messages you might become aware that there's > something wrong >=20 > I'll send the patch to Baptiste (Cc you) off list. >=20 We already have a fix in pkgng now :) thanks, Bapt --98e8jtXdkpgskNou Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlF5IdMACgkQ8kTtMUmk6EyU5ACfXvGRfY6QtbJ7PLjBFpSq0ZW7 ZVUAoJIyvxaKYcEV7mtpoY/3Q8Nlh5uu =+Kyq -----END PGP SIGNATURE----- --98e8jtXdkpgskNou--