1 |
On Thu, 23 Mar 2017 22:37:49 +0100 |
2 |
Alexis Ballier <aballier@g.o> wrote: |
3 |
> On Thu, 23 Mar 2017 20:30:40 +0000 |
4 |
> Ciaran McCreesh <ciaran.mccreesh@××××××××××.com> wrote: |
5 |
> > On Thu, 23 Mar 2017 21:22:54 +0100 |
6 |
> > Alexis Ballier <aballier@g.o> wrote: |
7 |
> > > Indeed, according to pms.git commit log, the rule was laxed |
8 |
> > > because it was clearly an oversight in EAPI6 [1] and was the |
9 |
> > > standard behavior in previous EAPIs. But in the same commit, an |
10 |
> > > "harmless note" was added that "Ebuilds must not access the |
11 |
> > > directory in global scope." in addition to the "May or may not |
12 |
> > > exist" statement and "Not necessarily present when installing |
13 |
> > > from a binary package" footnote. Please explain how this last |
14 |
> > > addition is not a backwards-breaking change. PMS is not a tool to |
15 |
> > > push your personal agenda of cleaning up the deve^^err tree. |
16 |
> > |
17 |
> > The original wording should probably have been something like "may |
18 |
> > or may not exist, so ebuilds MUST NOT go poking around for it", but |
19 |
> > the original wording was written assuming reasonable behaviour from |
20 |
> > developers, and we deliberately chose not to go the SHALL, MUST NOT |
21 |
> > route because of the added cost of developing a specification that's |
22 |
> > safe from hostile implementers. |
23 |
> |
24 |
> "reasonable" is not something that can be reasonably defined :) |
25 |
|
26 |
There's a fairly good rule of thumb: is anyone else already doing this |
27 |
horrible new thing you're about to add to the tree? If not, it's |
28 |
probably not reasonable. |
29 |
|
30 |
> after a few dozens of emails, what i understand of the issue is: |
31 |
> autoconf assumes either the eblit stuff is in the environment, or |
32 |
> FILESDIR variable is empty or points to its files dir; this might be |
33 |
> borderline but definitely not hostile. |
34 |
|
35 |
No, the issue is that eblits are a dodgy mechanism that go beyond what |
36 |
ebuilds are supposed to do and that cause problems for package |
37 |
manglers. When we're working with a general purpose shell underneath, |
38 |
it's very hard to write a specification that can preemptively forbid |
39 |
every kind of perverse mess any developer can come up with, |
40 |
particularly when the developer starts looking for loopholes like |
41 |
claiming it's OK to try to access a directory which is defined as |
42 |
potentially not existing when the clear intent of the specification is |
43 |
that "the directory isn't guaranteed to be there so don't try to use |
44 |
it for anything". |
45 |
|
46 |
> this breaks in the (hypothetical?) case where the package is installed |
47 |
> from a binpkg *and* the binpkg format does not include the whole |
48 |
> environment but rather a verbatim copy of the ebuild and its |
49 |
> eclasses(*). |
50 |
> |
51 |
> (*) not sure how that can even work with env saving between phases but |
52 |
> that's not the point |
53 |
|
54 |
It can't, so that weird hypothetical is irrelevant. But more to the |
55 |
point, we're only wondering about these weird hypothetical situations |
56 |
because someone felt the need to make everyone's life a misery by |
57 |
putting some special snowflake code in the tree. |
58 |
|
59 |
-- |
60 |
Ciaran McCreesh |