Casper Ti. Vector wrote on Wed, Mar 27, 2024 at 08:37:46PM +0800:
> On Wed, Mar 27, 2024 at 07:43:24PM +0900, Dominique Martinet wrote:
> > You should never need sudo in the install section of a spec file --
> > you install to %{buildroot}, not directly to the system's bin/lib
> > directories!
>
> It is moving files *into* %{buildroot}, not *out of*. The converse
> is done in the `build' section.
I have no idea what it's doing in the hidden fn-builds script, but from
what's in the spec file it is using sudo to run chmod on system
directories and make them owned by the building user before actually
running make install without DESTDIR, which I'll repeat is installing
stuff in the systems directories and should never be needed;
if something in skaware does not support DESTDIR that should be fixed
but given alpine packages build just fine I don't expect any such
problem, and such trick is just bad practice.
Also, if I'm reading this correctly it actually make /usr/bin 777
because of flawed logic (stat -c %a /bin instead of %{_bin} (= /usr/bin);
given /bin is normally a symlink to /usr/bin that stat will return 777
and the later chmod to "restore" the mode will corrupt it), so anyone
running this will have opened their system for being taken over
(and it possibly also doesn't chown back to root? But hopefully it's
only ever been run in throw-away containers so nobody would notice
anyway..)
Anyway, I don't care if people shoot themselves in the foot, even if
they're just running a script given by a stranger without checking what
it does, I won't reply to this thread any further.
--
Dominique Martinet | Asmadeus
Received on Wed Mar 27 2024 - 19:58:24 CET