Re: [gentoo-dev] [PATCH 1/7] multibuild: introduce a generic framework for custom phase functions.
On Sun, 10 Mar 2013, Michał Górny wrote: +DEPEND==app-shells/bash-4.2 + Why is this needed? Ulrich
Re: [gentoo-dev] [PATCH 1/7] multibuild: introduce a generic framework for custom phase functions.
On Sun, 10 Mar 2013, Ulrich Mueller wrote:
On Sun, 10 Mar 2013, Michał Górny wrote:
+DEPEND==app-shells/bash-4.2
+
Why is this needed?
Seems it's because of this:
+declare -g -A _MULTIBUILD_EXPORTED_PHASES || die
+local p
+for p; do
+_MULTIBUILD_EXPORTED_PHASES[${p}]=${ECLASS}_${p}
+done
Associative arrays are not supported in bash 3.2, so they must not be
used in EAPIs 0 to 5.
Ulrich
Re: [gentoo-dev] [PATCH 1/7] multibuild: introduce a generic framework for custom phase functions.
On Sun, 10 Mar 2013 13:16:46 +0100
Ulrich Mueller u...@gentoo.org wrote:
On Sun, 10 Mar 2013, Ulrich Mueller wrote:
On Sun, 10 Mar 2013, Michał Górny wrote:
+DEPEND==app-shells/bash-4.2
+
Why is this needed?
Seems it's because of this:
+ declare -g -A _MULTIBUILD_EXPORTED_PHASES || die
+ local p
+ for p; do
+ _MULTIBUILD_EXPORTED_PHASES[${p}]=${ECLASS}_${p}
+ done
Associative arrays are not supported in bash 3.2, so they must not be
used in EAPIs 0 to 5.
A dependency upon a newer bash doesn't guarantee that the package
mangler will use that bash.
--
Ciaran McCreesh
signature.asc
Description: PGP signature
Re: [gentoo-dev] [PATCH 1/7] multibuild: introduce a generic framework for custom phase functions.
On Sun, 10 Mar 2013 12:18:25 +
Ciaran McCreesh ciaran.mccre...@googlemail.com wrote:
On Sun, 10 Mar 2013 13:16:46 +0100
Ulrich Mueller u...@gentoo.org wrote:
On Sun, 10 Mar 2013, Ulrich Mueller wrote:
On Sun, 10 Mar 2013, Michał Górny wrote:
+DEPEND==app-shells/bash-4.2
+
Why is this needed?
Seems it's because of this:
+declare -g -A _MULTIBUILD_EXPORTED_PHASES || die
+local p
+for p; do
+_MULTIBUILD_EXPORTED_PHASES[${p}]=${ECLASS}_${p}
+done
Associative arrays are not supported in bash 3.2, so they must not be
used in EAPIs 0 to 5.
A dependency upon a newer bash doesn't guarantee that the package
mangler will use that bash.
Yep. That's why the non-quoted fragment has a safety check and dies if
it doesn't.
--
Best regards,
Michał Górny
signature.asc
Description: PGP signature
Re: [gentoo-dev] [PATCH 1/7] multibuild: introduce a generic framework for custom phase functions.
On Sun, 10 Mar 2013, Michał Górny wrote: Yep. That's why the non-quoted fragment has a safety check and dies if it doesn't. It doesn't matter if there's a safety check. Bash 4 features are simply not allowed in the tree. Ulrich
Re: [gentoo-dev] [PATCH 1/7] multibuild: introduce a generic framework for custom phase functions.
On Sun, 10 Mar 2013 14:44:42 +0100 Ulrich Mueller u...@gentoo.org wrote: On Sun, 10 Mar 2013, Michał Górny wrote: Yep. That's why the non-quoted fragment has a safety check and dies if it doesn't. It doesn't matter if there's a safety check. Bash 4 features are simply not allowed in the tree. Is there a technical reason for that? As far as I understand it, the method used in the ebuild should guarantee that in the worst case user would have to restart emerge once. Well, unless we're talking about a theoretical package mangler which intentionally uses internal, old version of bash to prove the point. -- Best regards, Michał Górny signature.asc Description: PGP signature
Re: [gentoo-dev] [PATCH 1/7] multibuild: introduce a generic framework for custom phase functions.
On Sun, 10 Mar 2013 14:48:06 +0100 Michał Górny mgo...@gentoo.org wrote: Well, unless we're talking about a theoretical package mangler which intentionally uses internal, old version of bash to prove the point. That's a good idea, maybe we'll do that. Sounds like a good way of doing better input validation. Perhaps we could patch our internal bash to make it easier to catch certain other errors too. -- Ciaran McCreesh signature.asc Description: PGP signature
Re: [gentoo-dev] [PATCH 1/7] multibuild: introduce a generic framework for custom phase functions.
On Sun, 10 Mar 2013 15:26:29 + Ciaran McCreesh ciaran.mccre...@googlemail.com wrote: On Sun, 10 Mar 2013 14:48:06 +0100 Michał Górny mgo...@gentoo.org wrote: Well, unless we're talking about a theoretical package mangler which intentionally uses internal, old version of bash to prove the point. That's a good idea, maybe we'll do that. Sounds like a good way of doing better input validation. Perhaps we could patch our internal bash to make it easier to catch certain other errors too. Please don't forget to bundle a few rootkits inside, so your users won't have to wait for security issues to be found in the ye ol' bash version you'll use. -- Best regards, Michał Górny signature.asc Description: PGP signature
Re: [gentoo-dev] [PATCH 1/7] multibuild: introduce a generic framework for custom phase functions.
On Sun, 10 Mar 2013 16:46:41 +0100 Michał Górny mgo...@gentoo.org wrote: On Sun, 10 Mar 2013 15:26:29 + Ciaran McCreesh ciaran.mccre...@googlemail.com wrote: On Sun, 10 Mar 2013 14:48:06 +0100 Michał Górny mgo...@gentoo.org wrote: Well, unless we're talking about a theoretical package mangler which intentionally uses internal, old version of bash to prove the point. That's a good idea, maybe we'll do that. Sounds like a good way of doing better input validation. Perhaps we could patch our internal bash to make it easier to catch certain other errors too. Please don't forget to bundle a few rootkits inside, so your users won't have to wait for security issues to be found in the ye ol' bash version you'll use. You mean, in the bash that will be being run as root, that is accessible exclusively to packages, all of which are allowed to run things as root, install set*id binaries, etc? -- Ciaran McCreesh signature.asc Description: PGP signature
