www/nginx pkg-plist + pkgng (detectable?)

Chris Rees utisoft at gmail.com
Tue Apr 23 16:49:23 UTC 2013 

On 13 April 2013 21:01, Michael Gmelin <freebsd at grem.de> wrote:
> On Wed, 10 Apr 2013 13:56:32 +0200
> Michael Gmelin <freebsd at grem.de> wrote:
>
>> On Wed, 10 Apr 2013 09:02:29 +0100
>> Chris Rees <utisoft at gmail.com> wrote:
>>
>> > On 10 April 2013 07:13, Baptiste Daroussin <bapt at freebsd.org> wrote:
>> > > On Tue, Apr 09, 2013 at 08:59:50PM +0200, Michael Gmelin wrote:
>> > >> On Tue, 9 Apr 2013 19:43:15 +0100
>> > >> Chris Rees <utisoft at gmail.com> wrote:
>> > >>
>> > >>
>> > >> >
>> > >> > No, it's a bug in pkgng; it should respect @cwd.
>> > >> >
>> > >
>> > > No it is not.
>> > >
>> > > While i agree with pkgng that should repect @cwd (it surely does)
>> > >
>> > > There is nothing written anywhere that will waranty you that the
>> > > @exec line will be parsed in order ro prepend @cwd path to a path
>> > > you provide. the only thing doing that is %D.
>> > >
>> > > A user MUST add %D and have complete path in @exec lines
>> > >
>> > > In fact in that case it works by chance becauce of how pkg_install
>> > > treat plist.
>> >
>> > Am I misunderstanding the meaning of "current working directory"?
>> >
>> > When mkdir is called, it should create the directory in @cwd.
>> > pkg_install's behaviour is correct here, and pkgng's is not.
>> >
>> > Chris
>>
>> pkg_create(1) says:
>>
>> @cwd [directory]
>>              Set the internal directory pointer to point to directory.
>>              All subsequent *filenames* will be assumed relative to
>> this directory. If no directory argument is given, it will set
>>              the internal directory pointer to the first prefix value.
>>              Note: @cd is also an alias for this command.
>>
>> but as far as the package manager is concerned, www/nginx-dist is an
>> argument to mkdir in the exec call (@exec mkdir -p -m 755
>> www/nginx-dist) and not a filename.
>>
>> Also the porters handbook uses %D in all its examples, but offers no
>> explicit explanation.
>>
>> That said, the way pkg_add is implemented, it changes to directories
>> as a side effect of using its PUSHOUT macro in
>> usr.sbin/pkg_install/add/extract.c (I only glanced at that, but that
>> seems to be the reason why this is happening). So commands get
>> executed within `pwd` == @cwd.
>>
>> So there is definitely a backwards compatibility problem for the sheer
>> reason of that "it worked before". I don't thing pkg should adopt this
>> behavior (it seems like a bad idea long term), but it should detect it
>> somehow. A simple approach to detect this could be chdiring
>> to /var/empty in pkg before executing the call so it will fail in case
>> the path used within @exec is relative.
>>
>> Cheers,
>> Michael
>>
>
> So what now? Is anybody looking into this? Should I open a PR for nginx
> and supply a patch that fixes this (theoretically it should be applied
> despite the port freeze, since it's a build problem).

Please do open a PR if you haven't already.

> Regarding pkgng: Will anybody consider implementing automatic checks to
> prevent something like this from happening (e.g. the simplistic
> approach I suggested). Even if the files wouldn't be left behind, the
> fact that something gets touched in pwd is really bad - as an admin it
> should be safe to assume that I can start pkg from any directory
> without altering it state (and be it temporarily).

I think a patch to portlint wouldn't go amiss.

Feel up to the challenge?

Chris

More information about the freebsd-ports mailing list