[buildd-tools-devel] Bug#591010: 1.15.8.{0, 1} behaviour change: dpkg-buildpackage -r no longer supports absolute paths, breaks sbuild
Jonathan Nieder
jrnieder at gmail.com
Fri Jul 30 23:32:04 UTC 2010
severity 591010 normal
quit
Modestas Vainius wrote:
> I do believe that dpkg-buildpackage
> should be changed to support absolute paths for -r again (what's the point not
> to, they are more secure anyway?) and thus save sbuild users (buildd admins and
> poor DDs) some time debugging and changing configuration.
I agree; that is a good reason to fix this in dpkg.
However, I think sbuild is buggy here: it is friendlier to allow a
command to be overridden by putting a better version in /usr/local/bin/
(as policy §6.1 hints).
In other words, how about something vaguely like this patch? (not tested)
diff --git a/bin/check-old-builds b/bin/check-old-builds
index 12306f7..2f0144d 100755
--- a/bin/check-old-builds
+++ b/bin/check-old-builds
@@ -33,7 +33,7 @@ sub parse_date ($);
my $reported_file = "$HOME/lib/reported-old-builds";
my $list_cmd = "wanna-build --list=building -v";
my $report_days = 10;
-my $mailprog = "/usr/sbin/sendmail";
+my $mailprog = "sendmail";
chomp( my $mailname = `cat /etc/mailname` || `hostname` );
my $sender = $ENV{'LOGNAME'} || (getpwuid($<))[0];
diff --git a/bin/sbuild-adduser b/bin/sbuild-adduser
index 2ebb597..6aa4d00 100755
--- a/bin/sbuild-adduser
+++ b/bin/sbuild-adduser
@@ -41,7 +41,7 @@ foreach (@ARGV) {
my $user = getpwnam($_);
if (defined $user) {
- $status += system("/usr/sbin/adduser", "$_", "sbuild");
+ $status += system("adduser", "$_", "sbuild");
} else {
print STDERR "W: User \"$_\" does not exist\n";
$status++;
diff --git a/bin/sbuild-createchroot b/bin/sbuild-createchroot
index 985128c..d9b090a 100755
--- a/bin/sbuild-createchroot
+++ b/bin/sbuild-createchroot
@@ -195,7 +195,7 @@ if ($conf->get('VERBOSE')) {
# Run debootstrap with specified options.
if (!$conf->get('SETUP_ONLY')) {
- !system("/usr/sbin/debootstrap", @args) or die "E: Error running debootstrap";
+ !system("debootstrap", @args) or die "E: Error running debootstrap";
}
# Set up minimal /etc/hosts.
diff --git a/bin/sbuild-debuild b/bin/sbuild-debuild
index e54ddfd..6f0a703 100644
--- a/bin/sbuild-debuild
+++ b/bin/sbuild-debuild
@@ -222,7 +222,7 @@ sub detect_arch {
$arch_opt =~ s/--arch=// if ($arch_opt);
# Determine the arch using dpkg-architecture
- my $dpkg_arch_command = '/usr/bin/dpkg-architecture -qDEB_HOST_ARCH';
+ my $dpkg_arch_command = 'dpkg-architecture -qDEB_HOST_ARCH';
$dpkg_arch_command .= " -a$arch_opt" if ($arch_opt);
# Grab the architecture and return it. We discard output from STDERR
@@ -246,7 +246,7 @@ sub detect_package_and_version {
open($output, '<', $build_input);
} else {
# Grab the output from dpkg-parsechangelog
- my $dpkg_parsechangelog = '/usr/bin/dpkg-parsechangelog';
+ my $dpkg_parsechangelog = 'dpkg-parsechangelog';
open($output, '-|', $dpkg_parsechangelog);
}
@@ -346,7 +346,7 @@ sub process_package {
if ($build_input !~ /.*\.dsc$/) {
chdir($build_input);
print "Running dpkg-buildpackage.\n";
- system('/usr/bin/dpkg-buildpackage',
+ system('dpkg-buildpackage',
@{$conf->get('DPKG_BUILDPACKAGE_OPTS')});
if (($? >> 8) != 0) {
print "Running dpkg-buildpckage failed: $?";
@@ -361,7 +361,7 @@ sub process_package {
chdir(dirname($dsc));
print "Running sbuild.\n";
- system('/usr/bin/sbuild', @{$conf->get('SBUILD_OPTS')}, $dsc);
+ system('sbuild', @{$conf->get('SBUILD_OPTS')}, $dsc);
if (($? >> 8) != 0) {
print "Running sbuild failed: $?";
chdir($currentdir);
@@ -372,9 +372,10 @@ sub process_package {
$returnval = 0 unless process_commands("pre_lintian_commands", $dsc,
$source_changes, $bin_changes);
- if ((!$conf->get('NO_LINTIAN')) && (-x '/usr/bin/lintian')) {
+ if ((!$conf->get('NO_LINTIAN')) &&
+ (system("which lintian >/dev/null") == 0)) {
print "Running lintian.\n";
- system('/usr/bin/lintian', @{$conf->get('LINTIAN_OPTS')}, $bin_changes);
+ system('lintian', @{$conf->get('LINTIAN_OPTS')}, $bin_changes);
if (($? >> 8) != 0) {
print "Running lintian failed: $?";
chdir($currentdir);
diff --git a/bin/wanna-build-merge-packages b/bin/wanna-build-merge-packages
index f7503b8..d61c1a0 100755
--- a/bin/wanna-build-merge-packages
+++ b/bin/wanna-build-merge-packages
@@ -148,7 +148,7 @@ chdir( "/" ) or die "chdir /: $!\n";
system "rm", "-rf", $tmpdir and die "rm -rf $tmpdir error status $?";
system "buildd-addpkg", "--clean"
- if -x "/usr/bin/buildd-addpkg";
+ if system("which buildd-addpkg >/dev/null") == 0;
exit( 0 );
diff --git a/configure.ac b/configure.ac
index 0ac8d48..5eb386e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -84,35 +84,35 @@ if test "$enable_debug" = "yes"; then
fi
# Checks for programs.
-AC_PATH_PROG([APT_CACHE], [apt-cache])
-AC_PATH_PROG([APTITUDE], [aptitude])
-AC_PATH_PROG([APT_GET], [apt-get])
-AC_PATH_PROG([CHMOD], [chmod])
-AC_PATH_PROG([DATE], [date])
-AC_PATH_PROG([DCMD], [dcmd])
-AC_PATH_PROG([DF], [df])
-AC_PATH_PROG([DPKG], [dpkg])
-AC_PATH_PROG([DPKG_ARCHITECTURE], [dpkg-architecture])
-AC_PATH_PROG([DPKG_BUILDPACKAGE], [dpkg-buildpackage])
-AC_PATH_PROG([DPKG_PARSECHANGELOG], [dpkg-parsechangelog])
-AC_PATH_PROG([DPKG_SOURCE], [dpkg-source])
-AC_PATH_PROG([DU], [du])
-AC_PATH_PROG([FAKEROOT], [fakeroot])
-AC_PATH_PROG([FIND], [find])
-AC_PATH_PROG([GPG], [gpg])
-AC_PATH_PROG([HOSTNAME], [hostname])
-AC_PATH_PROG([MAN], [man])
-AC_PATH_PROG([MD5SUM], [md5sum])
-AC_PATH_PROG([PGP], [pgp])
-AC_PATH_PROG([PS], [ps])
-AC_PATH_PROG([RM], [rm])
-AC_PATH_PROG([SCHROOT], [schroot])
-AC_PATH_PROG([SENDMAIL], [sendmail], [/usr/sbin/sendmail], [$PATH:/sbin:/usr/sbin])
-AC_PATH_PROG([SSH], [ssh])
-AC_PATH_PROG([SUDO], [sudo])
-AC_PATH_PROG([SU], [su])
-AC_PATH_PROG([TEMPFILE], [tempfile])
-AC_PATH_PROG([XARGS], [xargs])
+AC_CHECK_PROG([APT_CACHE], [apt-cache], [apt-cache])
+AC_CHECK_PROG([APTITUDE], [aptitude], [aptitude])
+AC_CHECK_PROG([APT_GET], [apt-get], [apt-get])
+AC_CHECK_PROG([CHMOD], [chmod], [chmod])
+AC_CHECK_PROG([DATE], [date], [date])
+AC_CHECK_PROG([DCMD], [dcmd], [dcmd])
+AC_CHECK_PROG([DF], [df], [df])
+AC_CHECK_PROG([DPKG], [dpkg], [dpkg])
+AC_CHECK_PROG([DPKG_ARCHITECTURE], [dpkg-architecture], [dpkg-architecture])
+AC_CHECK_PROG([DPKG_BUILDPACKAGE], [dpkg-buildpackage], [dpkg-buildpackage])
+AC_CHECK_PROG([DPKG_PARSECHANGELOG], [dpkg-parsechangelog], [dpkg-parsechangelog])
+AC_CHECK_PROG([DPKG_SOURCE], [dpkg-source], [dpkg-source])
+AC_CHECK_PROG([DU], [du], [du])
+AC_CHECK_PROG([FAKEROOT], [fakeroot], [fakeroot])
+AC_CHECK_PROG([FIND], [find], [find])
+AC_CHECK_PROG([GPG], [gpg], [gpg])
+AC_CHECK_PROG([HOSTNAME], [hostname], [hostname])
+AC_CHECK_PROG([MAN], [man], [man])
+AC_CHECK_PROG([MD5SUM], [md5sum], [md5sum])
+AC_CHECK_PROG([PGP], [pgp], [pg])
+AC_CHECK_PROG([PS], [ps], [ps])
+AC_CHECK_PROG([RM], [rm], [rm])
+AC_CHECK_PROG([SCHROOT], [schroot], [schroot])
+AC_CHECK_PROG([SENDMAIL], [sendmail], [sendmail],, [$PATH:/sbin:/usr/sbin])
+AC_CHECK_PROG([SSH], [ssh], [ssh])
+AC_CHECK_PROG([SUDO], [sudo], [sudo])
+AC_CHECK_PROG([SU], [su], [su])
+AC_CHECK_PROG([TEMPFILE], [tempfile], [tempfile])
+AC_CHECK_PROG([XARGS], [xargs], [xargs])
dnl Set PACKAGE_LOCALE_DIR in config.h
AH_TEMPLATE(PACKAGE_LOCALE_DIR, [Package locale directory])
diff --git a/debian/rules b/debian/rules
index 55561ff..fcd65a9 100755
--- a/debian/rules
+++ b/debian/rules
@@ -13,11 +13,7 @@ debian/build/config.status: configure
--host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \
--prefix=/usr --sysconfdir=/etc --libexecdir=/usr/share \
--localstatedir=/var --mandir=\$${prefix}/share/man \
- DCMD=/usr/bin/dcmd \
- SCHROOT=/usr/bin/schroot \
- SSH=/usr/bin/ssh \
- SUDO=/usr/bin/sudo \
- APTITUDE=/usr/bin/aptitude
+ DCMD=dcmd SCHROOT=schroot SSH=ssh SUDO=sudo APTITUDE=aptitude
build: debian/build/config.status debian/build-stamp
debian/build-stamp: debian/build/config.status
diff --git a/etc/buildd.conf b/etc/buildd.conf
index d8b133c..c43c51a 100644
--- a/etc/buildd.conf
+++ b/etc/buildd.conf
@@ -29,7 +29,7 @@
# is running locally, set $wanna_build_ssh_host to an empty string.
# SSH program
-#$ssh = "/usr/bin/ssh";
+#$ssh = "ssh";
# nice level to run sbuild. Dedicated build daemons should not be
# niced.
diff --git a/etc/sbuild.conf b/etc/sbuild.conf
index bec9677..b8f2243 100644
--- a/etc/sbuild.conf
+++ b/etc/sbuild.conf
@@ -107,7 +107,7 @@
#$chroot = 'unstable-powerpc-sbuild';
# Script to run prior to a build. The default is to not run any setup script.
-#$chroot_setup_script='/usr/local/bin/chroot-setup'
+#$chroot_setup_script='chroot-setup'
# When to purge the build directory afterwards; possible values are "never",
# "successful", and "always". "always" is the default.
@@ -281,30 +281,30 @@
##
# Program to mail log files.
-#$mailprog = "/usr/sbin/sendmail";
+#$mailprog = "sendmail";
# dpkg binary.
-#$dpkg = "/usr/bin/dpkg";
+#$dpkg = "dpkg";
# su binary.
-#$su = "/bin/su";
+#$su = "su";
# schroot binary.
-#$schroot = "/usr/bin/schroot";
+#$schroot = "schroot";
# schroot options; see schroot(1).
#$schroot_options = ['-q'];
# sudo binary.
-#$sudo = "/usr/bin/sudo";
+#$sudo = "sudo";
# fakeroot command. Set to be fakeroot by default, but sudo is
# typically used on systems without fakeroot.
-#$fakeroot = "/usr/bin/fakeroot";
+#$fakeroot = "fakeroot";
# apt-get binary.
-#$apt_get = "/usr/bin/apt-get";
+#$apt_get = "apt-get";
# apt-cache binary.
-#$apt_cache = "/usr/bin/apt-cache";
+#$apt_cache = "apt-cache";
# dpkg-source binary.
-#$dpkg_source = "/usr/bin/dpkg-source";
+#$dpkg_source = "dpkg-source";
# dcmd binary.
-#$dcmd = "/usr/bin/dcmd";
+#$dcmd = "dcmd";
# md5sum binary
-#$md5sum = "/usr/bin/md5sum";
+#$md5sum = "md5sum";
# don't remove this, Perl needs it:
diff --git a/lib/Buildd.pm b/lib/Buildd.pm
index 5b656fb..830789d 100644
--- a/lib/Buildd.pm
+++ b/lib/Buildd.pm
@@ -160,8 +160,8 @@ sub ll_send_mail ($$) {
$text =~ s/^\.$/../mg;
local $SIG{'PIPE'} = 'IGNORE';
- if (!open( MAIL, "|/usr/sbin/sendmail -oem '$to'" )) {
- print STDERR "Could not open pipe to /usr/sbin/sendmail: $!\n";
+ if (!open( MAIL, "|sendmail -oem '$to'" )) {
+ print STDERR "Could not open pipe to sendmail: $!\n";
return 0;
}
print MAIL $text;
diff --git a/lib/Buildd/Conf.pm b/lib/Buildd/Conf.pm
index b0e3eea..0ff1f1c 100644
--- a/lib/Buildd/Conf.pm
+++ b/lib/Buildd/Conf.pm
@@ -57,7 +57,7 @@ sub init_allowed_keys {
if !defined($program) || !$program;
die "$key binary '$program' does not exist or is not executable"
- if !-x $program;
+ if system("sh", "-c", 'which "$@" >/dev/null', "sh", $program) != 0;
};
my $validate_directory = sub {
diff --git a/lib/Sbuild.pm b/lib/Sbuild.pm
index ebec301..28183ef 100644
--- a/lib/Sbuild.pm
+++ b/lib/Sbuild.pm
@@ -393,7 +393,7 @@ sub help_text ($$) {
my $section = shift;
my $page = shift;
- system("/usr/bin/man", "$section", "$page");
+ system("man", "$section", "$page");
exit 0;
}
diff --git a/lib/Sbuild/ChrootPlain.pm b/lib/Sbuild/ChrootPlain.pm
index 04de392..150c427 100644
--- a/lib/Sbuild/ChrootPlain.pm
+++ b/lib/Sbuild/ChrootPlain.pm
@@ -120,7 +120,7 @@ sub get_command_internal {
}
}
- @cmdline = ('/usr/sbin/chroot', $self->get('Location'),
+ @cmdline = ('chroot', $self->get('Location'),
$self->get_conf('SU'), '-p', "$user", '-s',
$Sbuild::Sysconfig::programs{'SHELL'}, '-c',
"cd '$dir' && $shellcommand");
diff --git a/lib/Sbuild/ChrootSetup.pm b/lib/Sbuild/ChrootSetup.pm
index f0664a1..8106d74 100644
--- a/lib/Sbuild/ChrootSetup.pm
+++ b/lib/Sbuild/ChrootSetup.pm
@@ -133,7 +133,7 @@ sub basesetup ($$) {
# This will require root privileges. However, this should
# only get run at initial chroot setup time.
my $groupfile = $session->get('Location') . "/etc/group";
- system '/bin/sh', '-c', "getent group sbuild >> $groupfile";
+ system 'sh', '-c', "getent group sbuild >> $groupfile";
if ($?) {
print STDERR "E: Failed to create group sbuild\n";
return $?
@@ -141,7 +141,7 @@ sub basesetup ($$) {
}
$session->run_command(
- { COMMAND => ['/bin/sh', '-c',
+ { COMMAND => ['sh', '-c',
'set -e; if [ ! -d /build ] ; then mkdir -m 0775 /build; fi'],
USER => 'root',
DIR => '/' });
@@ -171,7 +171,7 @@ sub basesetup ($$) {
}
$session->run_command(
- { COMMAND => ['/bin/sh', '-c',
+ { COMMAND => ['sh', '-c',
'set -e; if [ ! -d /var/lib/sbuild ] ; then mkdir -m 2770 /var/lib/sbuild; fi'],
USER => 'root',
DIR => '/' });
@@ -181,7 +181,7 @@ sub basesetup ($$) {
}
$session->run_command(
- { COMMAND => ['/bin/sh', '-c',
+ { COMMAND => ['sh', '-c',
'set -e; if [ ! -d /var/lib/sbuild/srcdep-lock ] ; then mkdir -m 2770 /var/lib/sbuild/srcdep-lock; fi'],
USER => 'root',
DIR => '/' });
@@ -210,7 +210,7 @@ sub basesetup ($$) {
# Set up debconf selections.
my $pipe = $session->pipe_command(
- { COMMAND => ['/usr/bin/debconf-set-selections'],
+ { COMMAND => ['debconf-set-selections'],
PIPE => 'out',
USER => 'root',
CHROOT => 1,
diff --git a/lib/Sbuild/ChrootSudo.pm b/lib/Sbuild/ChrootSudo.pm
index fa8a34a..6f44a80 100644
--- a/lib/Sbuild/ChrootSudo.pm
+++ b/lib/Sbuild/ChrootSudo.pm
@@ -121,7 +121,7 @@ sub get_command_internal {
}
}
- @cmdline = ($self->get_conf('SUDO'), '/usr/sbin/chroot', $self->get('Location'),
+ @cmdline = ($self->get_conf('SUDO'), 'chroot', $self->get('Location'),
$self->get_conf('SU'), '-p', "$user", '-s',
$Sbuild::Sysconfig::programs{'SHELL'}, '-c',
"cd '$dir' && $shellcommand");
diff --git a/lib/Sbuild/Conf.pm b/lib/Sbuild/Conf.pm
index 3003290..df925d5 100644
--- a/lib/Sbuild/Conf.pm
+++ b/lib/Sbuild/Conf.pm
@@ -56,7 +56,7 @@ sub init_allowed_keys {
if !defined($program) || !$program;
die "$key binary '$program' does not exist or is not executable"
- if !-x $program;
+ if system("sh", "-c", 'which "$@" >/dev/null', "sh", $program) != 0;
};
my $validate_directory = sub {
diff --git a/lib/Sbuild/ConfBase.pm b/lib/Sbuild/ConfBase.pm
index fa3d1a7..c43f272 100644
--- a/lib/Sbuild/ConfBase.pm
+++ b/lib/Sbuild/ConfBase.pm
@@ -50,7 +50,7 @@ sub init_allowed_keys {
if !defined($program);
die "$key binary $program does not exist or is not executable"
- if !-x $program;
+ if system("sh", "-c", 'which "$@" >/dev/null', "sh", $program) != 0;
};
my $validate_directory = sub {
diff --git a/lib/Sbuild/Utility.pm b/lib/Sbuild/Utility.pm
index 49a6d16..d1dc683 100644
--- a/lib/Sbuild/Utility.pm
+++ b/lib/Sbuild/Utility.pm
@@ -310,7 +310,7 @@ sub _get_proxy {
my $proxy;
# Attempt to acquire a proxy URL from apt-config.
- if (open(my $apt_config_output, '-|', '/usr/bin/apt-config dump')) {
+ if (open(my $apt_config_output, '-|', 'apt-config dump')) {
foreach my $tmp (<$apt_config_output>) {
if ($tmp =~ m/^.*Acquire::http::Proxy\s+/) {
$proxy = $tmp;
diff --git a/lib/WannaBuild/Database.pm b/lib/WannaBuild/Database.pm
index 66513cf..21e2e37 100644
--- a/lib/WannaBuild/Database.pm
+++ b/lib/WannaBuild/Database.pm
@@ -340,8 +340,7 @@ sub process {
last if ! -e $tmpfile;
}
$self->get('Current Database')->dump($tmpfile);
- my $editor = $ENV{'VISUAL'} ||
- "/usr/bin/sensible-editor";
+ my $editor = $ENV{'VISUAL'} || "sensible-editor";
system "$editor $tmpfile";
$self->get('Current Database')->clear(); # clear all current contents
$self->get('Current Database')->restore($tmpfile);
diff --git a/lib/WannaBuild/Mail.pm b/lib/WannaBuild/Mail.pm
index e1c7a5a..7db5cf4 100644
--- a/lib/WannaBuild/Mail.pm
+++ b/lib/WannaBuild/Mail.pm
@@ -50,12 +50,11 @@ sub new {
sub run {
my $self = shift;
- $main::tempfile = "/bin/tempfile";
- $main::wanna_build = -f "/usr/local/bin/wanna-build" ?
- "/usr/local/bin/wanna-build" : "/usr/bin/wanna-build";
- $main::pgp = "/usr/bin/pgp";
- $main::gpg = "/usr/bin/gpg";
- $main::sendmail = "/usr/sbin/sendmail";
+ $main::tempfile = "tempfile";
+ $main::wanna_build = "wanna-build";
+ $main::pgp = "pgp";
+ $main::gpg = "gpg";
+ $main::sendmail = "sendmail";
$main::libdir = "/var/lib/wanna-build";
$main::pgp_keyring = "$main::libdir/mail-keyring.pgp";
$main::gpg_keyring = "$main::libdir/mail-keyring.gpg";
@@ -328,7 +327,8 @@ sub pgp_check {
}
$stat = 1;
- if (-x $main::pgp && -f $main::pgp_keyring) {
+ if (system("sh", "-c", 'which "$@" >/dev/null', "sh", $main::pgp) == 0 &&
+ -f $main::pgp_keyring) {
if (!open( PIPE, "$main::pgp -f +batchmode +verbose=0 ".
"+pubring=$main::pgp_keyring <'$file' 2>&1 >/dev/null |" )) {
$self->fatal( "Can't open pipe to $main::pgp: $!" );
@@ -341,7 +341,9 @@ sub pgp_check {
$found = 1 if !$stat || $output =~ /^(good|bad) signature from/im
}
- if (!$found && -x $main::gpg && -f $main::gpg_keyring) {
+ if (!$found &&
+ system("sh", "-c", 'which "$@" >/dev/null', "sh", $main::gpg) == 0 &&
+ -f $main::gpg_keyring) {
if (!open( PIPE, "$main::gpg --no-options --batch ".
"--no-default-keyring --keyring $main::gpg_keyring ".
" --verify '$file' 2>&1 |" )) {
--
More information about the Buildd-tools-devel
mailing list