Re: PATH contains at build time

2016-02-03 Thread Zbigniew Jędrzejewski-Szmek 
On Wed, Feb 03, 2016 at 09:44:21AM -0500, Stephen Gallagher wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On 02/03/2016 09:35 AM, Petr Pisar wrote:
> > On 2016-02-02, Florian Weimer  wrote:
> >> May packages assume that /usr/sbin is on PATH when they are built?
> >> 
> >> If you need a program which is currently only in /usr/sbin, should a 
> >> package use an absolute path, or reset PATH to include /usr/sbin?
> >> 
> > When I was small, I was tought that sbin is for programs executed by 
> > superuser, therefore only root user's login shell adds sbin into PATH.
> > 
> > Thus the question boils down to: What user does build the package?
> > 
> > But I can forsee the answer for `Does Fedora support building packages as 
> > non-root?' The answer is `defined by koji^Wimplementation'. So does not 
> > have answer.
> > 
> > I would call the programs by absolute path.
> > 
> 
> Koji/mock will only build as a non-root user.
> That said, we have a specific RPM macro for this: %{_sbindir}, which should be
> used for calling sbin binaries. (Ditto %{_bindir} for /usr/bin binaries).

Please don't. /usr/bin and /usr/sbin have been in both root's and
normal users' path for ages now. Path setting is decentralized, at
least util-linux [1], systemd, and gdm set it, and they all include
both /usr/sbin and /usr/bin in path for users. Mock shells have it.
If /usr/sbin was removed from users' path, too many things would
break, and it's never going to happen. The only reason that /usr/bin
and /usr/sbin are still separate is consolehelper.

Using %{_sbindir} is just busywork. It is safe it too asume that is
$PATH.

Zbyszek

[1] c.f. https://bugzilla.redhat.com/show_bug.cgi?id=1251320
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org

Re: PATH contains at build time

2016-02-03 Thread Stephen Gallagher 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02/03/2016 09:35 AM, Petr Pisar wrote:
> On 2016-02-02, Florian Weimer  wrote:
>> May packages assume that /usr/sbin is on PATH when they are built?
>> 
>> If you need a program which is currently only in /usr/sbin, should a 
>> package use an absolute path, or reset PATH to include /usr/sbin?
>> 
> When I was small, I was tought that sbin is for programs executed by 
> superuser, therefore only root user's login shell adds sbin into PATH.
> 
> Thus the question boils down to: What user does build the package?
> 
> But I can forsee the answer for `Does Fedora support building packages as 
> non-root?' The answer is `defined by koji^Wimplementation'. So does not 
> have answer.
> 
> I would call the programs by absolute path.
> 

Koji/mock will only build as a non-root user.
That said, we have a specific RPM macro for this: %{_sbindir}, which should be
used for calling sbin binaries. (Ditto %{_bindir} for /usr/bin binaries).
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iEYEARECAAYFAlayEkAACgkQeiVVYja6o6Nv6ACgnWLvpEdcKuYp5pDeWuJR4BYF
QDoAn02L/4yozYcgP3CcCcxPD9YI9v/n
=sEB5
-END PGP SIGNATURE-
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org

Re: PATH contains at build time

2016-02-03 Thread Ian Malone 
On 3 February 2016 at 14:35, Petr Pisar  wrote:
> On 2016-02-02, Florian Weimer  wrote:
>> May packages assume that /usr/sbin is on PATH when they are built?
>>
>> If you need a program which is currently only in /usr/sbin, should a
>> package use an absolute path, or reset PATH to include /usr/sbin?
>>
> When I was small, I was tought that sbin is for programs executed by
> superuser, therefore only root user's login shell adds sbin into PATH.
>
> Thus the question boils down to: What user does build the package?
>
> But I can forsee the answer for `Does Fedora support building packages as
> non-root?' The answer is `defined by koji^Wimplementation'. So does not
> have answer.
>

On what architecture is root required to build packages? I thought a
build user was recommended?

-- 
imalone
http://ibmalone.blogspot.co.uk
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org

Re: PATH contains at build time

2016-02-03 Thread Petr Pisar 
On 2016-02-02, Florian Weimer  wrote:
> May packages assume that /usr/sbin is on PATH when they are built?
>
> If you need a program which is currently only in /usr/sbin, should a
> package use an absolute path, or reset PATH to include /usr/sbin?
>
When I was small, I was tought that sbin is for programs executed by
superuser, therefore only root user's login shell adds sbin into PATH.

Thus the question boils down to: What user does build the package?

But I can forsee the answer for `Does Fedora support building packages as
non-root?' The answer is `defined by koji^Wimplementation'. So does not
have answer.

I would call the programs by absolute path.

-- Petr
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org

Re: PATH contains at build time

2016-02-03 Thread Zbigniew Jędrzejewski-Szmek 
On Wed, Feb 03, 2016 at 11:09:48AM -0500, Matthew Miller wrote:
> On Wed, Feb 03, 2016 at 03:12:17PM +, Zbigniew Jędrzejewski-Szmek wrote:
> > Using %{_sbindir} is just busywork. It is safe it too asume that is
> > $PATH.
> 
> I sadly agree. Ship sailed for fixing this about a decade ago. It'd be
> a nice usability enhancement to get programs which are not intended to
> be run by humans out of $PATH, but I don't think it'd be worth the
> churn to do it.

It is still possible, by keeping various things in /usr/lib or
/usr/libexec. E.g. systemd does this to a large extent with a bunch of
binaries in /usr/lib/systemd.

The difference between /bin and /sbin was more about admin/non-admin
stuff, but with policykit and capabilities and whatnot things have become
so blurred that this distinction doesn't make much sense anymore.

Zbyszek
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org

Re: PATH contains at build time

2016-02-03 Thread Matthew Miller 
On Wed, Feb 03, 2016 at 03:12:17PM +, Zbigniew Jędrzejewski-Szmek wrote:
> Using %{_sbindir} is just busywork. It is safe it too asume that is
> $PATH.

I sadly agree. Ship sailed for fixing this about a decade ago. It'd be
a nice usability enhancement to get programs which are not intended to
be run by humans out of $PATH, but I don't think it'd be worth the
churn to do it.
 
-- 
Matthew Miller

Fedora Project Leader
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org

PATH contains at build time

2016-02-02 Thread Florian Weimer 
May packages assume that /usr/sbin is on PATH when they are built?

If you need a program which is currently only in /usr/sbin, should a
package use an absolute path, or reset PATH to include /usr/sbin?

Thanks,
Florian
--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org