Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Mon, 13 Nov 2006 11:17:37 +0500 Anatoly Shipitsin [EMAIL PROTECTED] wrote: Okey. I'm remove all get editor from runtime enviroment EDITOR and disable --with-editor. The run emerge fcron. I'm got: checking for vi... no configure: error: Cannot determine path to vi: try option --with-editor=PATH Ah, so this happens when no package provides $(which vi)? Then we should default to something that is universally available. But i'm can't get editor from runtime. How emerge obtain right editor ? --with-editor=/bin/nano would do fine. I already CC'd bsd@ on the bug to figure out if nano is part of their defaults, but it probably does not matter because BSD does have $(which vi) AFAIK. If this is really too much trouble we could perhaps have it default to --with-editor=$(which less)? ;-) Kind regards, JeR -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Monday 13 November 2006 20:21, Jeroen Roovers wrote: --with-editor=/bin/nano would do fine. I already CC'd bsd@ on the bug to figure out if nano is part of their defaults, but it probably does not matter because BSD does have $(which vi) AFAIK. We are Gentoo in that regard, we don't install nvi by default, although the 6.1 stage comes with vim. The 6.2 stages (and anything that will come in the future) are built with catalyst exactly as the Linux stages are, which means that we have whatever is defined in the base profile (default: nano). -- Diego Flameeyes Pettenò - http://farragut.flameeyes.is-a-geek.org/ Gentoo/Alt lead, Gentoo/FreeBSD, Video, Sound, ALSA, PAM, KDE, CJK, Ruby ... pgpejc6KABljt.pgp Description: PGP signature
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
Ah, so this happens when no package provides $(which vi)? Then weshould default to something that is universally available. Check fcron configure.in. Configure get editor from enviroment parameter EDITOR it not set by default vi. --with-editor=/bin/nano would do fine. I already CC'd bsd@ on the bugto figure out if nano is part of their defaults, but it probably doesnot matter because BSD does have $(which vi) AFAIK.This solution used in sudo. But with fcron we need set DEPEND app-editors/nano instead virtual/editor If this is really too much trouble we could perhaps have it default to--with-editor=$(which less)? ;-) it's really much trouble. Without editor fcron ebuild will broken.
[gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
Hello. Anatoly raised really important concern and currently I've started to think about fix. One possible solution requires virtual/editor to suite glep 37 and thus affects many packages. So... wondering why this change was not done I'd like to discuss the problem on the list. Problem: There are programs (fcrontab, visudo, vipw and etc.) which require default editor to work. To select editor they use these two steps: 1.) take editor name from environment (EDITOR or VISUAL vars) 2.) if there is not editor use defined at build time compiled in default The problem is that both of methods suck in some special situations which, of course, happen in Gentoo with its extreme configurability. Currently it is impossible to specify build time dependency reliably for virtual/editor: most of packages either use nano or vi (either trough ./configure option or #define in sources) but in the system without nano or vi this package either not emerges [1,2] or fails to work[3,4] (yes... if EDITOR is not set). But EDITOR *is not* set when program is started from sudo because sudo for security reasons drops environment (are there any other cases when environment is dropped?). Well. One possible answer that this is not a problem: build time dependencies are weird, always set EDITOR and never run such programs from sudo because this allows to do everything with the system. But I'd like to point at two points: firstly, some users use sudo just to avoid logging in as root and, secondly, upstream consider compiled in defaults to work. Thus IMO this is a problem. The possible solution is to add virtual/editor ebuild which will besides enumerating all virtual providers install /usr/bin/editor program. This will be a simple wrapper (bash) script which will use EDITOR environment variable to start editor, in case environment variable does not exist use EDITOR from /etc/rc.conf and as the last resolve just issue error message identifying possible ways to setup editor. All programs that use compiled in default editor should use this wrapper script. This will solve ambiguity of build time dependency and allow to use sudo reliably. While I continue playing in my overlay I'd like to know if there are any problems with this solution? Currently this change seems to satisfy KISS concept and fix some problems... thus should be implemented. I'll wait for some time and open two trackers one for virtual/editor providers another for virtual/editor build time dependency users and then add virtual/editor ebuild, remove PROVIDErs and continue working on packages that use compiled in editor defaults. References: [1] https://bugs.gentoo.org/show_bug.cgi?id=124904 [2] https://bugs.gentoo.org/show_bug.cgi?id=94771 [3] https://bugs.gentoo.org/show_bug.cgi?id=149376 [4] https://bugs.gentoo.org/show_bug.cgi?id=149339 Thank you for your time, Peter. signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On 11/12/06, Peter Volkov (pva) [EMAIL PROTECTED] wrote: The possible solution is to add virtual/editor ebuild this is a horrible idea why not modify sudo to not filter the EDITOR env var then there is no more problem -mike -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Sun, Nov 12, 2006 at 04:34:25AM -0500, Mike Frysinger wrote: On 11/12/06, Peter Volkov (pva) [EMAIL PROTECTED] wrote: The possible solution is to add virtual/editor ebuild this is a horrible idea why not modify sudo to not filter the EDITOR env var then there is no more problem Except for a gaping security hole. -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On 11/12/06, Harald van Dijk [EMAIL PROTECTED] wrote: On Sun, Nov 12, 2006 at 04:34:25AM -0500, Mike Frysinger wrote: On 11/12/06, Peter Volkov (pva) [EMAIL PROTECTED] wrote: The possible solution is to add virtual/editor ebuild this is a horrible idea why not modify sudo to not filter the EDITOR env var then there is no more problem Except for a gaping security hole. pulling a ciaranm here huh ? if a guy has access to `sudo`, then having a modified environment isnt going to make much difference -mike -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
why not modify sudo to not filter the EDITOR env var then there is no more problem no, there is a very valid reason why sudo filters the EDITOR env var. sudo should probably be fixed to (re)set the EDITOR variable to a 'safe' systemwide default, instead of stripping it completely. is there a list of sudo 'safe' EDITORs somewhere? bangert pgpzezmkmrGXW.pgp Description: PGP signature
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Sun, Nov 12, 2006 at 04:56:33AM -0500, Mike Frysinger wrote: On 11/12/06, Harald van Dijk [EMAIL PROTECTED] wrote: On Sun, Nov 12, 2006 at 04:34:25AM -0500, Mike Frysinger wrote: On 11/12/06, Peter Volkov (pva) [EMAIL PROTECTED] wrote: The possible solution is to add virtual/editor ebuild this is a horrible idea why not modify sudo to not filter the EDITOR env var then there is no more problem Except for a gaping security hole. pulling a ciaranm here huh ? if a guy has access to `sudo`, then having a modified environment isnt going to make much difference sudo can be configured to only allow access to a select few applications. Allowing arbitrary EDITOR settings completely bypasses this. -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On 2006-11-12 at 04:34 -0500, Mike Frysinger wrote: why not modify sudo to not filter the EDITOR env var then there is no more problem Considering that this is the only situation where environment is dropped... yes this fixes sudo problem. The other possible solution is: #!/bin/bash export EDITOR=/usr/bin/editor /usr/bin/fcrontab -e BUT. 1. upstream uses this in the code. Then to avoid mess and unify approach we should remove all such things from the code itself. In other cases this will stay as a bug in gentoo. 2. And I see possibility to write secure editor, which will write only in predefined locations. Use of such editor became possible only through clumsy wrapper scripts (like above) if we chose to force people never to use built in defaults. And in anyway we need solution to make things more predictable. Peter. signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On 11/12/06, Thilo Bangert [EMAIL PROTECTED] wrote: is there a list of sudo 'safe' EDITORs somewhere? then we end up with having to maintain a list of safe EDITORs and dealing with people who want to edit their own favorite editor the sudo file has the ability to specify editor's, so why not tell people to change their sudo config file ? -mike -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Sun, 2006-11-12 at 05:26 -0500, Mike Frysinger wrote: then we end up with having to maintain a list of safe EDITORs and dealing with people who want to edit their own favorite editor the sudo file has the ability to specify editor's, so why not tell people to change their sudo config file ? How? May be I'm wrong, but: Defaults editor=/usr/bin/vim, !env_editor is only to use this list with visudo. And does not prevents sudo from removing EDITOR from environment. Or did you mean something else? Also from man sudoers: The default is the path to vi on your system. Should we drop this from sources then? Or leave this broken on systems with only nano installed? Peter. signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
then we end up with having to maintain a list of safe EDITORs anddealing with people who want to edit their own favorite editor the sudo file has the ability to specify editor's, so why not tellpeople to change their sudo config file ?It's not automatic.Other way is remove virtual/editor. And set depend to nano. But i'm think its bad idea.
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On 11/12/06, Peter Volkov (pva) [EMAIL PROTECTED] wrote: And does not prevents sudo from removing EDITOR from environment. in the example usages you cited, people where using `sudo` to just avoid running `su -` first ... in other words, their sudo was unlimited ... updating the sudoers file to allow EDITOR via env_keep would work fine for them in that scenario, running any app via EDITOR is not a concern as they already have the ability to run any command -mike -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Sun, Nov 12, 2006 at 12:27:12PM +0300, Peter Volkov (pva) wrote: work[3,4] (yes... if EDITOR is not set). But EDITOR *is not* set when program is started from sudo because sudo for security reasons drops environment (are there any other cases when environment is dropped?). You can set `Defaults env_keep=EDITOR` in your sudoers file if you want, or what I do is `Defaults:%wheel !env_reset`, to allow users in group wheel to use sudo without the environment being scrubbed. Thanks, Tavis. -- - [EMAIL PROTECTED] | finger me for my pgp key. --- pgpDWFMPiMc5m.pgp Description: PGP signature
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Sun, 2006-11-12 at 05:54 -0500, Mike Frysinger wrote: in the example usages you cited, people where using `sudo` to just avoid running `su -` first ... in other words, their sudo was unlimited ... updating the sudoers file to allow EDITOR via env_keep would work fine for them in that scenario, running any app via EDITOR is not a concern as they already have the ability to run any command That is right. And I've already raised concerns about this approach in my mail: http://thread.gmane.org/gmane.linux.gentoo.devel/44218/focus=44238 And that is not an answer on question I've asked in this sub-thread: Do you know any way *how* to specify safe editors list inside sudoers? I've spent some time and did not found how can I force sudo to edit files with only known editors inside EDITOR. env_keep just keep env variable and does not allow to specify safe editors list. I suppose that this is impossible. Or... what do you mean by that: the sudo file has the ability to specify editor's, so why not tell people to change their sudo config file ? English is not my native language thus may be I just misunderstood your idea here. Sorry. Peter. signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Sun, 2006-11-12 at 11:06 +, Tavis Ormandy wrote: You can set `Defaults env_keep=EDITOR` in your sudoers file if you want, or what I do is `Defaults:%wheel !env_reset`, to allow users in group wheel to use sudo without the environment being scrubbed. Of course I know about that. And I hope we continue this discussion starting with this mail: http://thread.gmane.org/gmane.linux.gentoo.devel/44218/focus=44238 But to restate the question raised in that mail I'll repeat: Should we remove built in editors from packages or how should we set defaults without keeping them broken? Peter. signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
Peter Volkov (pva) wrote: Or... what do you mean by that: the sudo file has the ability to specify editor's, so why not tell people to change their sudo config file ? English is not my native language thus may be I just misunderstood your idea here. Sorry. ...that the people should specify their allowed/preferred value of $EDITOR inside the sudo's configuration file, I guess. Cheers, -jkt -- cd /local/pub more beer /dev/mouth signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Sun, Nov 12, 2006 at 02:32:56PM +0300, Peter Volkov (pva) wrote: On Sun, 2006-11-12 at 11:06 +, Tavis Ormandy wrote: You can set `Defaults env_keep=EDITOR` in your sudoers file if you want, or what I do is `Defaults:%wheel !env_reset`, to allow users in group wheel to use sudo without the environment being scrubbed. Of course I know about that. So please explain what the problem is with sudo, I maintain the ebuild so need to know. The only `hardcoded` editor is the fallback editor for visudo, which can be set with the editor default in sudoers. -- - [EMAIL PROTECTED] | finger me for my pgp key. --- pgpzCIUSMY81F.pgp Description: PGP signature
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Sun, Nov 12, 2006 at 04:30:48PM +0500, Anatoly Shipitsin wrote: You can set `Defaults env_keep=EDITOR` in your sudoers file if you want, or what I do is `Defaults:%wheel !env_reset`, to allow users in group wheel to use sudo without the environment being scrubbed. Ok. How you plan set default editor at emerge sudo fcron ? This question is nonsensical. I guess you dont understand what sudo does, it's too complicated to explain here, you should consult the documentation. Thanks, Tavis. -- - [EMAIL PROTECTED] | finger me for my pgp key. --- pgpqa4Dw1oWQs.pgp Description: PGP signature
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Sun, 2006-11-12 at 12:15 +, Tavis Ormandy wrote: The only `hardcoded` editor is the fallback editor for visudo And this is the problem I'm talking about. I do not see any reasons to keep this not working fallback. There are parts of code that just do not work in Gentoo. which can be set with the editor default in sudoers. That's good. But some packages (I'm talking about practically *all* crontab, vipw, vigr and may be other applications) do not have such configuration file to configure that default editor. And IMO configuration file should change *sane* defaults but I do not think nano is sane default ;) Thus I suggested either remove non working fallback in packages (patching sources) or fix unpredictable and non-working fallback by adding some sane default (that was /usr/bin/editor in my initial mail). In other cases current behavior is a bug (some part of program is not working as intended by upstream). And note suggested trivial fix as a side effect makes virtual/editor conform glep 37 (also good). Hope I've made points a bit clearer. Peter. signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
This question is nonsensical. I guess you dont understand what sudodoes, it's too complicated to explain here, you should consult the documentation.I'm told about emerge package not runtime. May you don't understand me.Check sudo-1.6.8_p9-r2.ebuildIn DEPEND we see virtual/editor butin configure --with-editor=/bin/nano But virtual/editor can provide by vi nano etc editor. You think its right? DEPEND set virtual/editor but configure use nano as hardcoded editor.I'm think if we set hardcoded editor nano at configure in sudo,ebuild its should DEPEND at nano editor not virtual/editor.
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Sun, Nov 12, 2006 at 04:21:21PM +0300, Peter Volkov (pva) wrote: On Sun, 2006-11-12 at 12:15 +, Tavis Ormandy wrote: The only `hardcoded` editor is the fallback editor for visudo And this is the problem I'm talking about. I do not see any reasons to keep this not working fallback. There are parts of code that just do not work in Gentoo. Talking specifically about sudo, I think you're making a big deal out of a very minor thing, primarily because I cannot think of a sane example of when $EDITOR and $VISUAL are not set and visudo (which requires an interactive editor) would be invoked. If you can give some examples, maybe I would understand. which can be set with the editor default in sudoers. That's good. But some packages (I'm talking about practically *all* crontab, vipw, vigr and may be other applications) do not have such configuration file to configure that default editor. I dont have much of an opinion on these things, although I think expecting /bin/vi to be an screen oriented interactive editor (not nescessarily vi) should be a sane assumption, and if it isnt, that is the real bug. And IMO configuration file should change *sane* defaults but I do not think nano is sane default ;) I really hate nano and pico, I cannot understand how people use them, it isnt the default because I'm a closet pico fan, I can assure you :) sudo's default fallback is /bin/vi, but I received some bugs about this several years ago, and after some discussion on -dev, we decided that nano should take this place. Things have changed since then, nano used to be `special` in that we could make assumptions about it, maybe i'll change it back to /bin/vi, but I dont think it matters much. -- - [EMAIL PROTECTED] | finger me for my pgp key. --- pgptPg17Nfsxg.pgp Description: PGP signature
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
Talking specifically about sudo, I think you're making a big deal out ofa very minor thing, primarily because I cannot think of a sane example of when $EDITOR and $VISUAL are not set and visudo (which requires aninteractive editor) would be invoked.It's problem exist for any package use configure for set default editor.If i'm not use nano (see sudo ebuild) and not set EDITOR i'm got bug. I dont have much of an opinion on these things, although I thinkexpecting /bin/vi to be an screen oriented interactive editor (not nescessarily vi) should be a sane assumption, and if it isnt, that isthe real bug.Okey. Then remove DEPEND virtual/editor from sudo and other package with hardcoded default editor. Set instead right editor. For example nano or vi. Or set USE flag for switch. I really hate nano and pico, I cannot understand how people use them, itisnt the default because I'm a closet pico fan, I can assure you :) Gentoo contains same editors provided virtual/editor. We got two ways. Create virtual-editor package wrapper or remove provide virtual-editor. sudo's default fallback is /bin/vi, but I received some bugs about thisseveral years ago, and after some discussion on -dev, we decided thatnano should take this place. Things have changed since then, nano used to be `special` in that we could make assumptions about it, maybe i'llchange it back to /bin/vi, but I dont think it matters much.Set any editor but set right depend not virtual/editor.
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Sun, Nov 12, 2006 at 06:21:56PM +0500, Anatoly Shipitsin wrote: This question is nonsensical. I guess you dont understand what sudo does, it's too complicated to explain here, you should consult the documentation. I'm told about emerge package not runtime. May you don't understand me. I understand just fine. Check sudo-1.6.8_p9-r2.ebuild In DEPEND we see virtual/editor but in configure --with-editor=/bin/nano But virtual/editor can provide by vi nano etc editor. You think its right? DEPEND set virtual/editor but configure use nano as hardcoded editor. Yes, I think it's right. That option doesnt do what you think it does. I'm think if we set hardcoded editor nano at configure in sudo,ebuild its should DEPEND at nano editor not virtual/editor. Then you would be wrong. Thanks, Tavis. -- - [EMAIL PROTECTED] | finger me for my pgp key. --- pgpEWevr0GoEV.pgp Description: PGP signature
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
Check sudo-1.6.8_p9-r2.ebuild In DEPEND we see virtual/editor but in configure --with-editor=/bin/nano But virtual/editor can provide by vi nano etc editor. You think its right? DEPEND set virtual/editor but configure use nano as hardcoded editor. Yes, I think it's right. That option doesnt do what you think it does.What this option does ? I'm think if we set hardcoded editor nano at configure in sudo,ebuild its should DEPEND at nano editor not virtual/editor.Then you would be wrong.Use abstract depend provide by same packages and set hardcoded depend provided by one package (nano) is right?
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Sun, Nov 12, 2006 at 08:38:52PM +0500, Anatoly Shipitsin wrote: I'm think if we set hardcoded editor nano at configure in sudo,ebuild its should DEPEND at nano editor not virtual/editor. Then you would be wrong. Use abstract depend provide by same packages and set hardcoded depend provided by one package (nano) is right? No, is not right. -- - [EMAIL PROTECTED] | finger me for my pgp key. --- pgpk0QoKktqA4.pgp Description: PGP signature
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Sun, Nov 12, 2006 at 08:17:18PM +0500, Anatoly Shipitsin wrote: Talking specifically about sudo, I think you're making a big deal out of a very minor thing, primarily because I cannot think of a sane example of when $EDITOR and $VISUAL are not set and visudo (which requires an interactive editor) would be invoked. It's problem exist for any package use configure for set default editor. If i'm not use nano (see sudo ebuild) and not set EDITOR i'm got bug. Doctor, it hurts when I do this I dont have much of an opinion on these things, although I think expecting /bin/vi to be an screen oriented interactive editor (not nescessarily vi) should be a sane assumption, and if it isnt, that is the real bug. Okey. Then remove DEPEND virtual/editor from sudo and other package with hardcoded default editor. It isnt hardcoded, it's configurable. Set instead right editor. For example nano or vi. Or set USE flag for switch. No, you set the correct editor, I dont know which one you use. Thanks, Tavis. -- - [EMAIL PROTECTED] | finger me for my pgp key. --- pgp5euCruBi9f.pgp Description: PGP signature
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
Use abstract depend provide by same packages and set hardcoded depend provided by one package (nano) is right?No, is not right.But why it's not need change? I'm talk not only sudo.
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
Doctor, it hurts when I do thisvery funny :) It isnt hardcoded, it's configurable.If this not hardcoded. I'm think use this at new fcron ebuild. This really close problem bug #149376 ;) No, you set the correct editor, I dont know which one you use. I'm told about ebuild. I'm can use virtual/editor and then set nano as editor in fcron.ebuild ?If not, we need provide virtual-editor.ebuild with wrapper.
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Sun, Nov 12, 2006 at 08:59:03PM +0500, Anatoly Shipitsin wrote: Use abstract depend provide by same packages and set hardcoded depend provided by one package (nano) is right? No, is not right. But why it's not need change? I'm talk not only sudo. I dont know about the other packages, I'm only talking about sudo. Although I do think you're making a big fuss over a tiny cosmetic issue. Thanks, Tavis. -- - [EMAIL PROTECTED] | finger me for my pgp key. --- pgpf6BvIwPm4N.pgp Description: PGP signature
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
Although I do think you're making a big fuss over a tiny cosmeticissue. This changes need not for sudo. It's need for fcron. And probaly any package use define editor on configuration stage.
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Sun, 12 Nov 2006 21:57:07 +0500 Anatoly Shipitsin [EMAIL PROTECTED] wrote: Although I do think you're making a big fuss over a tiny cosmetic issue. This changes need not for sudo. It's need for fcron. And probaly any package use define editor on configuration stage. No, it's not needed for fcron at all, and I already explained why in [1]. Progressing through [2-4] I thought the fcron issue might have been fixed, but the virtual/editor discussion had started by then and I decided I had nothing more to add. Again: fcron builds and works fine without at all setting ./configure --with-editor= and the ebuild should not set that option at all. Problem solved. Kind regards, JeR [1] https://bugs.gentoo.org/show_bug.cgi?id=149376#c15 (don't set --with-editor in the ebuild and just let it default to /usr/bin/vi, which is only used if your env doesn't have EDITOR set to something useful) [2] https://bugs.gentoo.org/show_bug.cgi?id=149376#c17 (where I explained that bug #65263 fixed the wrong problem) [3] https://bugs.gentoo.org/show_bug.cgi?id=149376#c19 (where I suggested setting it to something proper and available on hopefully every system, like --with-editor=/bin/nano) [4] https://bugs.gentoo.org/show_bug.cgi?id=149376#c22 (where I continued to argue this approach and CC'd bsd@ to get their view) -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
No, it's not needed for fcron at all, and I already explained why in[1]. Progressing through [2-4] I thought the fcron issue might have been fixed, but the virtual/editor discussion had started by then and Idecided I had nothing more to add. Again: fcron builds and works finewithout at all setting ./configure --with-editor= and the ebuild should not set that option at all. Problem solved.Without --with-editor fcrom configure get editor from enviroment parameter EDITOR. This is wrong see bug 149376.
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Mon, 13 Nov 2006 09:20:09 +0500 Anatoly Shipitsin [EMAIL PROTECTED] wrote: Without --with-editor fcrom configure get editor from enviroment parameter EDITOR. This is wrong see bug 149376. You mean I ought to go read the bug I referred to a few times in the message you are responding to? I did. In fact, I wrote a lot of the comments there. I am CC'd on that bug. I even recorded the original complaint on that bug stating that the ebuild should not rely on the environment to find a value for EDITOR. I might say I care about the issue. :) As I recorded on that bug, fcron's build system sets it to a default of /usr/bin/vi unless you set the --with-editor option. There's nothing wrong with that. It just means that running crontab will fail if you do not set EDITOR after it installs, which is what /etc/rc.conf sets to a system-wide default. fcron *always* uses EDITOR from the environment when running crontab, no matter what you pass to --with-editor at configure time. Consider it a feature. Anyway, all this is already documented on the bug you mentioned. I do not see any need to cover this ground again and again. A simple ./configure --help should really help you find out why not setting --with-editor fixes the problem I brought up on that bug, which then got turned into this huge kludge (virtual/editor) to fix a cosmetic problem, IMHO. Kind regards, JeR -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
On Sunday 12 November 2006 06:29, Peter Volkov (pva) wrote: On Sun, 2006-11-12 at 05:54 -0500, Mike Frysinger wrote: in the example usages you cited, people where using `sudo` to just avoid running `su -` first ... in other words, their sudo was unlimited ... updating the sudoers file to allow EDITOR via env_keep would work fine for them in that scenario, running any app via EDITOR is not a concern as they already have the ability to run any command That is right. And I've already raised concerns about this approach in my mail: http://thread.gmane.org/gmane.linux.gentoo.devel/44218/focus=44238 i dont see you discussing this approach at all Do you know any way *how* to specify safe editors list inside sudoers? trying to maintain such a list is pointless as there will always be someone who likes to use some editor which is not specified in the list ... to answer your question though, i dont believe there is a way in sudoers to say this env var may only contain XXX list of values I've spent some time and did not found how can I force sudo to edit files with only known editors inside EDITOR. env_keep just keep env variable and does not allow to specify safe editors list. I suppose that this is impossible. i think you're confusing situations here ... trying to edit files should be done with `sudo -e` as that will use the user's EDITOR env var ... running `sudo crontab -e` is a different scenario as only crontab knows about the editing as it happens indirectly if you have the ability to edit root's crontab however, then you have full access to the machine ... that means you should be using env_keep in the sudoers file for the EDITOR var -mike pgpZfG2vBdUev.pgp Description: PGP signature
Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)
You mean I ought to go read the bug I referred to a few times in themessage you are responding to? I did. In fact, I wrote a lot of the comments there. I am CC'd on that bug. I even recorded the originalcomplaint on that bug stating that the ebuild should not rely on theenvironment to find a value for EDITOR. I might say I care about theissue. :) Okey. I'm remove all get editor from runtime enviroment EDITOR and disable --with-editor. The run emerge fcron. I'm got:checking for vi... noconfigure: error:Cannot determine path to vi: try option --with-editor=PATH But i'm can't get editor from runtime. How emerge obtain right editor ?As I recorded on that bug, fcron's build system sets it to a default of /usr/bin/vi unless you set the --with-editor option. There's nothingwrong with that. It just means that running crontab will fail if you donot set EDITOR after it installs, which is what /etc/rc.conf sets to a system-wide default.Can i'm use solution from sudo package ? fcron *always* uses EDITOR from the environment when running crontab, nomatter what you pass to --with-editor at configure time. Consider it afeature.I'm know! If this broke at configure run without this :( Anyway, all this is already documented on the bug you mentioned. I donot see any need to cover this ground again and again. A simple ./configure --help should really help you find out why notsetting --with-editor fixes the problem I brought up on that bug, whichthen got turned into this huge kludge (virtual/editor) to fix acosmetic problem, IMHO. Remove --with-editor not fix it. For this it need set enviroment paramenter EDITOR. How resolve this problem. I'm not get any solution.