tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: www/serf install permissions fix

"J. Lewis Muir" <> writes:

> Here's a patch to make EXTRACT_USING default to pax on Darwin:
> diff --git a/mk/defaults/mk.conf b/mk/defaults/mk.conf
> index e656f0b..1856dca 100644
> --- a/mk/defaults/mk.conf
> +++ b/mk/defaults/mk.conf
> @@ -525,10 +525,14 @@ PATCH_FUZZ_FACTOR?= -F0
>  # Possible: any combination of packages
>  # Default: not set
> +.if ${OPSYS} == "Darwin"
> +.else
>  EXTRACT_USING?= nbtar
> +.endif
>  # Use the specified tool to extract tar/ustar archives.
>  # Possible: bsdtar, gtar, nbtar, pax
> -# Default: nbtar
> +# Default: pax on Darwin; nbtar on all other operating systems
>  # Perform a checksum at "make fetch" time.  If the checksum doesn't

Generally I would expect to see OS-specific variables in the per-OS
config file, in mk/platform/

But, I'm feeling that I don't quite grasp enough details.

You've shown that the native Mac /usr/bin/tar creates writable files.
We more or less agree that this is wrong, but tar is no longer specified
by POSIX.  (POSIX does specify pax, which I see you note below.)

> where it says in the extract phase section about the EXTRACT_USING
> variable:
>   This variable can be set to bsdtar, gtar, nbtar (which is the default
>   value), pax, or an absolute pathname pointing to the command with
>   which tar archives should be extracted.  It is preferred to choose
>   bsdtar over gtar if NetBSD's pax-as-tar is not good enough.

pkgsrc distinguishes between a user-settable variable, a
package-settable variable, and more or less per-OS infrastructure.
EXTRACT_USING seems to be for pkgsrc makefiles.

I think the real problem is that the Mac tar is broken and we need to
avoid using it.

You could try commenting out the TOOLS_PLATFORM.tar line in
mk/tools/, and see what happens.

> (If pax could be the default on all operating systems, then that would
> be a simpler change and a simpler change to document. pax is part of
> POSIX.1-2008 [1], whereas tar is not.  But I didn't want to change the
> default on all operating systems since I didn't know what the fallout
> might be from that.)
> [1]

That seems preferable.

One suggestion is that if you wrote a test for writable files as a
PKG_DEVELOPER test, we could fine out how widespread this is.
On NetBSD 7, www/serf unpacks without writable files, both as a regular
user and as root.  That's using /bin/tar, which is the same binary as
pax an cpio.

Sorry this is hard, but you've raised a messy issue (which is good...).

Attachment: signature.asc
Description: PGP signature

Home | Main Index | Thread Index | Old Index