Re: PATH contains at build time
On Wed, Feb 03, 2016 at 09:44:21AM -0500, Stephen Gallagher wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 02/03/2016 09:35 AM, Petr Pisar wrote: > > On 2016-02-02, Florian Weimerwrote: > >> May packages assume that /usr/sbin is on PATH when they are built? > >> > >> If you need a program which is currently only in /usr/sbin, should a > >> package use an absolute path, or reset PATH to include /usr/sbin? > >> > > When I was small, I was tought that sbin is for programs executed by > > superuser, therefore only root user's login shell adds sbin into PATH. > > > > Thus the question boils down to: What user does build the package? > > > > But I can forsee the answer for `Does Fedora support building packages as > > non-root?' The answer is `defined by koji^Wimplementation'. So does not > > have answer. > > > > I would call the programs by absolute path. > > > > Koji/mock will only build as a non-root user. > That said, we have a specific RPM macro for this: %{_sbindir}, which should be > used for calling sbin binaries. (Ditto %{_bindir} for /usr/bin binaries). Please don't. /usr/bin and /usr/sbin have been in both root's and normal users' path for ages now. Path setting is decentralized, at least util-linux [1], systemd, and gdm set it, and they all include both /usr/sbin and /usr/bin in path for users. Mock shells have it. If /usr/sbin was removed from users' path, too many things would break, and it's never going to happen. The only reason that /usr/bin and /usr/sbin are still separate is consolehelper. Using %{_sbindir} is just busywork. It is safe it too asume that is $PATH. Zbyszek [1] c.f. https://bugzilla.redhat.com/show_bug.cgi?id=1251320 -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
Re: PATH contains at build time
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/03/2016 09:35 AM, Petr Pisar wrote: > On 2016-02-02, Florian Weimerwrote: >> May packages assume that /usr/sbin is on PATH when they are built? >> >> If you need a program which is currently only in /usr/sbin, should a >> package use an absolute path, or reset PATH to include /usr/sbin? >> > When I was small, I was tought that sbin is for programs executed by > superuser, therefore only root user's login shell adds sbin into PATH. > > Thus the question boils down to: What user does build the package? > > But I can forsee the answer for `Does Fedora support building packages as > non-root?' The answer is `defined by koji^Wimplementation'. So does not > have answer. > > I would call the programs by absolute path. > Koji/mock will only build as a non-root user. That said, we have a specific RPM macro for this: %{_sbindir}, which should be used for calling sbin binaries. (Ditto %{_bindir} for /usr/bin binaries). -BEGIN PGP SIGNATURE- Version: GnuPG v2 iEYEARECAAYFAlayEkAACgkQeiVVYja6o6Nv6ACgnWLvpEdcKuYp5pDeWuJR4BYF QDoAn02L/4yozYcgP3CcCcxPD9YI9v/n =sEB5 -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
Re: PATH contains at build time
On 3 February 2016 at 14:35, Petr Pisarwrote: > On 2016-02-02, Florian Weimer wrote: >> May packages assume that /usr/sbin is on PATH when they are built? >> >> If you need a program which is currently only in /usr/sbin, should a >> package use an absolute path, or reset PATH to include /usr/sbin? >> > When I was small, I was tought that sbin is for programs executed by > superuser, therefore only root user's login shell adds sbin into PATH. > > Thus the question boils down to: What user does build the package? > > But I can forsee the answer for `Does Fedora support building packages as > non-root?' The answer is `defined by koji^Wimplementation'. So does not > have answer. > On what architecture is root required to build packages? I thought a build user was recommended? -- imalone http://ibmalone.blogspot.co.uk -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
Re: PATH contains at build time
On 2016-02-02, Florian Weimerwrote: > May packages assume that /usr/sbin is on PATH when they are built? > > If you need a program which is currently only in /usr/sbin, should a > package use an absolute path, or reset PATH to include /usr/sbin? > When I was small, I was tought that sbin is for programs executed by superuser, therefore only root user's login shell adds sbin into PATH. Thus the question boils down to: What user does build the package? But I can forsee the answer for `Does Fedora support building packages as non-root?' The answer is `defined by koji^Wimplementation'. So does not have answer. I would call the programs by absolute path. -- Petr -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
Re: PATH contains at build time
On Wed, Feb 03, 2016 at 11:09:48AM -0500, Matthew Miller wrote: > On Wed, Feb 03, 2016 at 03:12:17PM +, Zbigniew Jędrzejewski-Szmek wrote: > > Using %{_sbindir} is just busywork. It is safe it too asume that is > > $PATH. > > I sadly agree. Ship sailed for fixing this about a decade ago. It'd be > a nice usability enhancement to get programs which are not intended to > be run by humans out of $PATH, but I don't think it'd be worth the > churn to do it. It is still possible, by keeping various things in /usr/lib or /usr/libexec. E.g. systemd does this to a large extent with a bunch of binaries in /usr/lib/systemd. The difference between /bin and /sbin was more about admin/non-admin stuff, but with policykit and capabilities and whatnot things have become so blurred that this distinction doesn't make much sense anymore. Zbyszek -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
Re: PATH contains at build time
On Wed, Feb 03, 2016 at 03:12:17PM +, Zbigniew Jędrzejewski-Szmek wrote: > Using %{_sbindir} is just busywork. It is safe it too asume that is > $PATH. I sadly agree. Ship sailed for fixing this about a decade ago. It'd be a nice usability enhancement to get programs which are not intended to be run by humans out of $PATH, but I don't think it'd be worth the churn to do it. -- Matthew MillerFedora Project Leader -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
PATH contains at build time
May packages assume that /usr/sbin is on PATH when they are built? If you need a program which is currently only in /usr/sbin, should a package use an absolute path, or reset PATH to include /usr/sbin? Thanks, Florian -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org