From: Mark Hatle <mark.hatle@windriver.com>
To: Phil Blundell <pb@pbcl.net>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH V3 3/3] bash: add pkg_postrm to remove the entry in /etc/shells
Date: Fri, 18 Oct 2013 12:00:15 -0500 [thread overview]
Message-ID: <5261691F.3090803@windriver.com> (raw)
In-Reply-To: <1382109492.529.12.camel@phil-desktop.brightsign>
On 10/18/13 10:18 AM, Phil Blundell wrote:
> On Fri, 2013-10-18 at 10:12 -0500, Mark Hatle wrote:
>> On 10/18/13 9:59 AM, Phil Blundell wrote:
>>> On Fri, 2013-10-18 at 19:11 +0800, Ming Liu wrote:
>>>> pkg_postinst_${PN} () {
>>>> - touch $D${sysconfdir}/shells
>>>> - grep -q "bin/bash" $D${sysconfdir}/shells || echo /bin/bash >> $D${sysconfdir}/shells
>>>> - grep -q "bin/sh" $D${sysconfdir}/shells || echo /bin/sh >> $D${sysconfdir}/shells
>>>> + if [ ! -f $D${sysconfdir}/shells ]; then
>>
>> One note with the above check. Whichever package is responsible for providing
>> the 'shells' file needs to be installed -first-. So anything that manipulates
>> the 'shells' file will need an RDEPENDS on that package.
>
> Isn't the whole point of the check above that it now creates /etc/shells
> if it didn't exist already?
Situation bash has dep on base-files:
base-files package gets install (creates basic /etc/shells)
bash gets installed (checks for /etc/shells, adds /bin/bash)
Alternative situation:
bash has no dep on base-files:
bash gets installed (checks for /etc/shells, doesn't exist)
base-files gets installed (creates basic /etc/shells)
> That said, though, I'm still not entirely convinced that having
> semi-random packages create a file that isn't mentioned in either FILES
I don't want it to create the file, that is the wrong behavior. The -package-
needs to depend on the package that provides the base configuration for the
system. -something- has to create the file, or be installed first.
> or CONFFILES is a very good thing. I'm also not totally clear on what
> exactly the problem is that this set of patches is trying to solve: the
> original commit message says that having nonexistent files named
> in /etc/shells is "unreasonable" but doesn't provide any supporting
> evidence for that assertion.
The original problem is that /etc/shells contains too much "crap", and we've got
customers saying "hey you are opening up potential security holes by having
things in there that are not valid." (Beyond the file being sloppy)
So we would prefer that a minimal file exist, and then entries for valid shells
be added dynamically to the system, only if the packages that provide them are
supported.
--Mark
> p.
>
>
next prev parent reply other threads:[~2013-10-18 17:00 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-18 11:11 [PATCH V3 1/3] base-files: move shells generating process to pkg_postinst Ming Liu
2013-10-18 11:11 ` [PATCH V3 2/3] screen: add pkg_postinst to register entry to /etc/shells Ming Liu
2013-10-18 11:11 ` [PATCH V3 3/3] bash: add pkg_postrm to remove the entry in /etc/shells Ming Liu
2013-10-18 14:59 ` Phil Blundell
2013-10-18 15:12 ` Mark Hatle
2013-10-18 15:18 ` Phil Blundell
2013-10-18 17:00 ` Mark Hatle [this message]
2013-10-20 5:50 ` Ming Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5261691F.3090803@windriver.com \
--to=mark.hatle@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=pb@pbcl.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox