Mailinglist Archive: opensuse-packaging (105 mails)
| < Previous | Next > |
Re: [opensuse-packaging] rpmlint and /usr/bin/env
- From: Dirk Mueller <dmueller@xxxxxxx>
- Date: Thu, 31 May 2007 12:29:29 +0200
- Message-id: <200705311229.29810.dmueller@xxxxxxx>
On Thursday, 31. May 2007, Stephan Kulow wrote:
> Because /usr/bin/env takes the user's path into account and as such
> makes the script unpredictable - and less secure.
Actually, the answer is twofold:
a) it was for testing purposes and is currently still in the rpmlint package
b) the main reason is that correct file-requires are not added to the package.
e.g if your script starts with "#!/usr/bin/env python", then /usr/bin/env
will be required while actually /usr/bin/python should have been required.
Debian for example goes down the long and ugly road of patching each and every
script that contains /usr/bin/env - for the reason that coolo gave you.
> I suggest we create a rpm macro to replace /usr/bin/env <ARG> with the
> correct path to ARG though as this might be a common task in quite some
> packages.
I agree, many packages are affected, and I was trying to look into fixing the
rpm magic. But not enough time yet.
Greetings,
Dirk
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-packaging+help@xxxxxxxxxxxx
> Because /usr/bin/env takes the user's path into account and as such
> makes the script unpredictable - and less secure.
Actually, the answer is twofold:
a) it was for testing purposes and is currently still in the rpmlint package
b) the main reason is that correct file-requires are not added to the package.
e.g if your script starts with "#!/usr/bin/env python", then /usr/bin/env
will be required while actually /usr/bin/python should have been required.
Debian for example goes down the long and ugly road of patching each and every
script that contains /usr/bin/env - for the reason that coolo gave you.
> I suggest we create a rpm macro to replace /usr/bin/env <ARG> with the
> correct path to ARG though as this might be a common task in quite some
> packages.
I agree, many packages are affected, and I was trying to look into fixing the
rpm magic. But not enough time yet.
Greetings,
Dirk
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-packaging+help@xxxxxxxxxxxx
| < Previous | Next > |