[OE-core] [PATCH V3 3/3] bash: add pkg_postrm to remove the entry in /etc/shells
Mark Hatle
mark.hatle at windriver.com
Fri Oct 18 17:00:15 UTC 2013
On 10/18/13 10:18 AM, Phil Blundell wrote:
> On Fri, 2013-10-18 at 10:12 -0500, Mark Hatle wrote:
>> On 10/18/13 9:59 AM, Phil Blundell wrote:
>>> On Fri, 2013-10-18 at 19:11 +0800, Ming Liu wrote:
>>>> pkg_postinst_${PN} () {
>>>> - touch $D${sysconfdir}/shells
>>>> - grep -q "bin/bash" $D${sysconfdir}/shells || echo /bin/bash >> $D${sysconfdir}/shells
>>>> - grep -q "bin/sh" $D${sysconfdir}/shells || echo /bin/sh >> $D${sysconfdir}/shells
>>>> + if [ ! -f $D${sysconfdir}/shells ]; then
>>
>> One note with the above check. Whichever package is responsible for providing
>> the 'shells' file needs to be installed -first-. So anything that manipulates
>> the 'shells' file will need an RDEPENDS on that package.
>
> Isn't the whole point of the check above that it now creates /etc/shells
> if it didn't exist already?
Situation bash has dep on base-files:
base-files package gets install (creates basic /etc/shells)
bash gets installed (checks for /etc/shells, adds /bin/bash)
Alternative situation:
bash has no dep on base-files:
bash gets installed (checks for /etc/shells, doesn't exist)
base-files gets installed (creates basic /etc/shells)
> That said, though, I'm still not entirely convinced that having
> semi-random packages create a file that isn't mentioned in either FILES
I don't want it to create the file, that is the wrong behavior. The -package-
needs to depend on the package that provides the base configuration for the
system. -something- has to create the file, or be installed first.
> or CONFFILES is a very good thing. I'm also not totally clear on what
> exactly the problem is that this set of patches is trying to solve: the
> original commit message says that having nonexistent files named
> in /etc/shells is "unreasonable" but doesn't provide any supporting
> evidence for that assertion.
The original problem is that /etc/shells contains too much "crap", and we've got
customers saying "hey you are opening up potential security holes by having
things in there that are not valid." (Beyond the file being sloppy)
So we would prefer that a minimal file exist, and then entries for valid shells
be added dynamically to the system, only if the packages that provide them are
supported.
--Mark
> p.
>
>
More information about the Openembedded-core
mailing list