From nobody Wed Dec 18 13:54:25 2024
X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YCwCR1yctz5hN6L
	for <freebsd-arch@mlmmj.nyi.freebsd.org>; Wed, 18 Dec 2024 13:54:27 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4YCwCR1Grqz4H8W;
	Wed, 18 Dec 2024 13:54:27 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1734530067;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=HClYIuflGrTrFIEsKii0rjN2rfcZCpKlAUiePSKMcAs=;
	b=FTBMnm5VnarFHXdQnH4z/pzYk/J5KwsyYR8zgm1I1RfRYA1Mg5SjJNQ2orA1l+EdcJBHMQ
	Q8Mk0gQXsF4myXAyQnehrILi32v8nGhUKu3b0np6VbxhC1hjr5rknaz5dhGucVfp6s5xIl
	OAh/1cUPMdY0zBV6vU+xrA9v4K0v/2J6s5ndhKiDEukKkju1rMuB5Ceru3pauV4ho4W9oK
	CbqygapYse6SJbiwNZKm2E5jCObbUlnplxEvwFEJAPC52Ak0BiEHF4IZNnELqmJntrFydM
	cHTQUoYvUcBqUp2LFpmE24qZNc92gDx8CbKGAw5WNf5tbwqKnslb1bU1htjYFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1734530067;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=HClYIuflGrTrFIEsKii0rjN2rfcZCpKlAUiePSKMcAs=;
	b=XwVEJxdd3cZ32e4YOnaHLOPO25Dwfdpb4nQ9B99Nex7XIYb/QIbL3/4uXuQ4CNAT3LPJa2
	h81INtbu4P76nx26b6G6nmFaLOelnDQhRAYZ2MHe9UCpTIBv0kghDWepifPWjU6K2MfXbN
	P0HQf3i6/TwF0gk3gLIfl1VlzCnOu6sypIBTcJ0/lXhjBQvsox84t6nYf+QAXtEGMBRWNU
	JEMeW8tjRxMUdKqB4eETE5xB5/LQMW0va2X+EISGyCoSTFaVq6G8BjWBpwORbwKP6wBgvr
	srpDXvI4HVof446969RhFj4oBE28QrQT4LT5vp9nNShecRM6vyPL//X1CZaGxg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734530067; a=rsa-sha256; cv=none;
	b=Xvg2hhPuqBCjWlLcXnxNN1plRlfNZJLbDR1O3FdRTzuXI6KiHoG7FRci5F5h59n1SX7znP
	RdUHfuRZ127UvNVQOSPVqXsjKOXa48SYDZjnOZ4fvHlxnN/D/0gcCxoO7CpO+U2mL4P2Es
	PEkJJSDwsxjQMrDfbsIgwuQVJYcBDR5kVTrKNaNQ18RkvWJZou8Bbc8SYD4fuCE+w/g3x6
	pw/cDU/LpWYkAwOPwob60iDyDJmCJ2JpoTYwDBgLhaj8mY1oAgmL7R2ynmy3cHGbBogZ6L
	VWpl28FrfYYeb7Ah7YbCRE+m/g6fiR2c6G3jdcGRFsqP8hm4pUWPQRTY9Nik0w==
Received: from [10.9.4.95] (unknown [209.182.120.176])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: kevans/mail)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4YCwCQ6HPQz1CmC;
	Wed, 18 Dec 2024 13:54:26 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
Message-ID: <a68ad507-bffd-4780-9ebf-a44c3a40ccb4@FreeBSD.org>
Date: Wed, 18 Dec 2024 07:54:25 -0600
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-arch
List-Help: <mailto:freebsd-arch+help@freebsd.org>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Subscribe: <mailto:freebsd-arch+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-arch+unsubscribe@freebsd.org>
Sender: owner-freebsd-arch@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Removing shar(1)
To: Tomek CEDRO <tomek@cedro.info>
Cc: freebsd-arch@freebsd.org
References: <0d63a94d-2773-4efd-b789-0b753ab38b91@FreeBSD.org>
 <CAFYkXj=o_1+fwLQi-6D4X2PanAZoYkMc6Wh=cBCJ=zj4ygH07A@mail.gmail.com>
Content-Language: en-US
From: Kyle Evans <kevans@FreeBSD.org>
In-Reply-To: <CAFYkXj=o_1+fwLQi-6D4X2PanAZoYkMc6Wh=cBCJ=zj4ygH07A@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

On 12/18/24 07:47, Tomek CEDRO wrote:
> On Wed, Dec 18, 2024 at 3:27 AM Kyle Evans <kevans@freebsd.org> wrote:
>> Hi,
>> I was reminded the other day that shar(1) exists, though it's use is no
>> longer recommended in ports.  The same functionality can be found in
>> tar(1) instead, so I think we should deorbit /usr/bin/shar and stop
>> promoting it entirely.  sh(1) archives are really problematic from a
>> user standpoint for at least one reason best explained by the manpage:
>>    It is easy to insert trojan horses into shar files.  It is strongly
>>    recommended that all shell archive files be examined before running
>>    them through sh(1).  Archives produced using this implementation of
>>    shar may be easily examined with the command:
>>         egrep -av '^[X#]' shar.file
>> It's hard to advocate for their use in good conscience, much like it's
>> hard to advocate curl|sh pipes.
>> Review: https://reviews.freebsd.org/D48130
>> Thanks,
>> Kyle Evans
> 
> Hey there Kyle :-) Removing tools completely is not a good choice, but
> moving them from base to ports in case someone needs to use them for
> any reason would be a better choice? :-)
> 

That is traditionally how we handle these things, yes.

> There are still lots of installers using shar like approach, or even
> worse things like feeding shell scripts directly from a remote url
> (i.e. brew installer on macos).
> 

The install side doesn't need shar(1), the result is an archive that is 
to be executed by /bin/sh.  The generation side needs shar(1), and we 
also have tar(1) for that (which can generate shar-cives).

Thanks,

Kyle Evans