[Fink-devel] CVS Unstable Access Request
Hi, I maintain a number of packages in unstable. Unfortunately I don't have CVS access to the unstable branch, even though I am listed as a "packager". Could someone give me access to the unstable part of the tree? There doesn't seem to be any other convenient mechanism for updating packages. My SF username is "ashley-y". -- Ashley Yakeley, Seattle WA --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fink-devel
[Fink-devel] Re: Safety
In article <[EMAIL PROTECTED]>, Martin Costabel <[EMAIL PROTECTED]> wrote: > How to do the validation? Ask the user about each file outside of /sw? > For all 7790 of them in the case of xfree86? Or do it automatically by > including a list of all files in the package description, as RPM or > darwinports are doing it? There would be no asking the user. Fink would simply refuse to install the packages if validation fails. A list of directories (and files) in the .info would suffice. For instance, for xfree86-rootless-threaded that would be just /usr/X11R6 /Applications/XDarwin.app I think there's the assumption with fink that the packages will all get installed in %p. I'd like to see that checked, with packages that make an exception marked somehow. -- Ashley Yakeley, Seattle WA --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
[Fink-devel] Re: Safety
In article <[EMAIL PROTECTED]>, Corrin Lakeland <[EMAIL PROTECTED]> wrote: > However, running fink without root really isn't that hard. Yeah, I wrote a FAQ about that over a year ago. Of course you have an updated hack. Begin Forwarded Message Date:2001-10-18 21:08 From: Ashley Yakeley, [EMAIL PROTECTED] To: Fink-Developers List, [EMAIL PROTECTED] Subject: [Fink-devel] Running Fink Non-Root FAQ Running Fink Non-Root FAQ 1. What's that? By hacking fink, you can get it to build packages non-root. You then install packages as root (or non-root, see #5). 2. Why might I want to do that? Well, build scripts are long and complicated, and sometimes bad stuff can sneak in. I've discovered a number of bugs doing this, mostly scripts that install directly into the fink directory (%p), rather than the destination directory (%i). More specific reasons include: a. you want to make sure your fink package doesn't do bad things at build time b. you want to keep tight control of your system and don't trust build scripts not to do stuff like put files in the wrong place, muck about with NetInfo, etc. 3. Why might I want to not do that? a. Some packages won't build, perhaps because they do a 'chown'. Mysql, for instance. b. All your files will be installed owned by the building user, rather than root. This means the building user inappropriately has the right to fiddle with the files. c. If you install packages as root, you can't auto-install dependent packages when building non-root. d. It's a hack, it's not officially supported. 4. How do I do it? Edit the main fink script, e.g. $ pico `which fink` Find these two lines: # are we root? if ($> != 0) { Edit the second line like this: # are we root? if (0) { That's it! Fink will now run non-root, but should also work exactly the same when running root. You might want to create a special user just for building. 5. Can I set up my fink directory so I can also install non-root? Probably, but packages that do stuff such as edit the NetInfo database will have to be installed as root. 6. How do I rebuild a package without reinstalling it? Do 'fink rebuild' non-root and ignore the error when it tries to reinstall it. 7. How might this situation be improved in the future? If fink can run under fakeroot, it should be able to do everything it needs to do without being able to do anything it shouldn't do (more or less). Unfortunately, fakeroot has not yet been ported to Darwin. I tried a while ago, but ran up against differing semaphore models. But if you know about that sort of thing, you should have a go... -- Ashley Yakeley, Seattle WA ___ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel - End Forwarded Message - -- Ashley Yakeley, Seattle WA --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
[Fink-devel] Re: Safety
In article <[EMAIL PROTECTED]>, Martin Costabel <[EMAIL PROTECTED]> wrote: > > 1. Have fink build as non-root. However, to do this properly I think > > this requires the use of fakeroot. If anyone wants to port fakeroot, > > they'd be doing the fink community an enormous favour. > > Probably, but this wouldn't have helped here. The catastrophe happens > when the package is installed by dpkg, not when it is built. Right. But if I were wondering about fink accidentally causing serious system damage, I would have guessed the build process. If anyone does manage to port fakeroot, fink should certainly use it. > > 2. After the dpkg is built, fink should check it to make sure that all > > the files are within %p (or within other directories somehow explicitly > > mentioned in the .info file). > > I would rather hope that in future the kind of error that happened here > will somehow get detected by human eyes before it can do much > destruction. I would regret it if my oversight were the reason for the > introduction of some heavy bureaucracy into fink that would be useful > only in extremely exceptional cases. I really see this as a simple sanity check on the dpkg. There are very few packages that install outside of %p and no other package info files need be affected. -- Ashley Yakeley, Seattle WA --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
[Fink-devel] Safety
I wrote: > When I installed lcms 1.09-1, it overwrote my /usr/bin directory with a > file, making my system non-bootable. Note my fink dir is > "/usr/local/finksw". ... ><http://sourceforge.net/tracker/index.php?func=detail&aid=678560&group_i d=17203&atid=117203> I've been thinking about how to prevent this sort of thing happening in the future. Two things occur to me: 1. Have fink build as non-root. However, to do this properly I think this requires the use of fakeroot. If anyone wants to port fakeroot, they'd be doing the fink community an enormous favour. 2. After the dpkg is built, fink should check it to make sure that all the files are within %p (or within other directories somehow explicitly mentioned in the .info file). The point is not to be secure against malicious packages, but to be safer against accidental errors. -- Ashley Yakeley, Seattle WA --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
[Fink-devel] lcms 1.09-1 install destroys /usr/bin directory
When I installed lcms 1.09-1, it overwrote my /usr/bin directory with a file, making my system non-bootable. Note my fink dir is "/usr/local/finksw". $ dpkg --contents /usr/local/finksw/fink/dists/unstable/main/binary-darwin-powerpc/graphics /lcms_1.09-1_darwin-powerpc.deb ... -rwxr-xr-x root/wheel 473332 2003-01-31 18:03:03 ./usr/bin ... Bug report here: <http://sourceforge.net/tracker/index.php?func=detail&aid=678560&group_id =17203&atid=117203> -- Ashley Yakeley, Seattle WA --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel