Please do. I would also recommend a *thorough* review for the whole script.
Checking the source further didn't instill confidence, for example it
happily does
rm -rf ${MADDE_PATH}/bin
without ever checking if MADDE_PATH is empty (this runs as root...). Yes,
there are different checks in place so it takes a perfect storm for this to
cause damage, but why not play it safe ? In other news, I'm trying to file a
bug report but the SDK installer seems to lack a component in the bugzilla
(or at least I can't quite find it)... Meta-bug time !
Attila
On Fri, Mar 25, 2011 at 8:54 PM, Foster, Dawn M <[email protected]>wrote:
>
> On Mar 25, 2011, at 11:31 AM, Attila Csipa wrote:
>
> > Warning. Agitated rant ahead.
> >
> >
> > In a moment of Friday afternoon boredom following a tweet about a certain
> competition I decided to check out the state of the 'official' offering and
> got the Linux install from
> http://appdeveloper.intel.com/en-us/meego-sdk-suite. Smallish thing, an
> installer I think to myself, okay... Are you sure ? Of course I'm sure. It
> says it wants sudo and stuff... well, okay, I would have preferred to do the
> apt-getting myself if that's what it does anyway... I know, what kind of
> idiot sudos some random installer from the Internet... Well, I did happen to
> have a previous install on my otherwise bog-standard Lucid hack-machine and
> the installer happily offers to remove 6-7 packages from that. Says continue
> with existing not recommended, well, okay, then proceed with remove... And
> yes, I know, that's a double fail, I asked for it (cue laugh). As it turns
> out, the eager beaver installer apt-get bloody *force* removed pretty much
> all of my Kubuntu install, all the way down to kdm. WTF ? But you said just
> 6-7 packages... (haha, sucker !). But a fail is a fail only if you don't
> learn from it, so let's see what we can learn from this incident (apart from
> saying 'no thanks' to stupid sudo-requiring installers even if they come
> from official sources). Checking out the installer script you can see what
> caused the meltdown:
> >
> > echo " MeeGo SDK components found."
> > echo $PKGS
> > setFontColor "red"
> > echo -e " The following packages are installed and will be uninstalled\n"
> \
> > "prior to installing the MeeGo SDK:"
> > echo " $PKGS"
> > setFontColor "blue"
> > echo -e " Would you like to uninstall all previously " \
> > "installed MeeGo SDK components now?\n" \
> > "\t(u)ninstall now\n" \
> > "\t(s)kip uninstall and proceed (not recommended)\n" \
> > "\t(e)xit installation"
> > read -p " Select option (u/s/e): "
> > setFontColor "default"
> > if [ "$REPLY" == "u" ] && [ "$REPLY" != "U" ]; then
> > if [ "$OS" == "Ubuntu" ]; then
> > apt-get autoremove -y $PKGS \ (is this safe / necessary ?)
> >
> > I don't know who asked that there, but let me answer. I don't know if
> it's necessary, but it's VERY not safe (I'll refrain from using derogatory
> terms this time). You display the packages YOU want to uninstall and then
> tell apt to remove whatever IT thinks is right (along with, you know,
> dependencies). What the frack happened to apt-get --just-print (dry-run) and
> then proceeding ? And I thought the QtSDK is sometimes a bit rough around
> the edges and people are sometimes too heavy criticizing error-prone SDK
> setups... but that's peanuts compared to this monster-fail, seeing apt kill
> your install was not a pleasant sight (now I know how people accidentlaly
> typing rm -rf / feel). Not. Frackin'. Funny. At. All. Sorry about the
> agitated mail, now I have the weekend fun of a devel machine to setup,
> instead of doing something productive like the initial idea from an hour ago
> of publishing something to AppUp developer challenge by using the official
> tools in the process. I guess you can call that learning the hard way. End
> of rant. And have a nice day.
> >
>
> I'm looking into this now to get that installer pulled off of the website
> and fixed.
>
> Dawn
>
>
_______________________________________________
MeeGo-dev mailing list
[email protected]
http://lists.meego.com/listinfo/meego-dev
http://wiki.meego.com/Mailing_list_guidelines
