[gentoo-pms] Write to filesystem in pkg_* phases

[gentoo-pms] Write to filesystem in pkg_* phases

[Ulrich Mueller]

[-- Attachment #1: Type: text/plain, Size: 1109 bytes --]

This topic was already discussed in -dev some time ago [1], but went
nowhere at the time. Now it came up again in bug 469210 [2].
(Ironically, checking for a particular kernel configuration is the
example mentioned in the spec for pkg_pretend.)

We say in Table 11.1 [3] that T and TMPDIR (and HOME) are legal in all
phases and must be "the location of a usable temporary directory". At
the same time, we say in the spec for pkg_* phases that they "must not
write to the filesystem" [4], or that they "must not write outside of
the directories specified by the ROOT and D environment variables" [5]
which effectively forbids writing to the ${T} etc. directories.

What is the purpose of this restriction? From above mentioned bug I
conclude that neither Portage nor Paludis enforce it.

Ulrich


[1] https://archives.gentoo.org/gentoo-dev/msg_ea6dce57c39ff597afdca7ba74f7cc73.xml
[2] https://bugs.gentoo.org/show_bug.cgi?id=469210
[3] http://dev.gentoo.org/~ulm/pms/5/pms.html#x1-118002
[4] http://dev.gentoo.org/~ulm/pms/5/pms.html#x1-960009.1.2
[5] http://dev.gentoo.org/~ulm/pms/5/pms.html#x1-1040009.1.10

[-- Attachment #2: Type: application/pgp-signature, Size: 490 bytes --]

Re: [gentoo-pms] Write to filesystem in pkg_* phases

[Ciaran McCreesh]

[-- Attachment #1: Type: text/plain, Size: 1024 bytes --]

On Mon, 2 Jun 2014 11:42:07 +0200
Ulrich Mueller <ulm@gentoo.org> wrote:
> This topic was already discussed in -dev some time ago [1], but went
> nowhere at the time. Now it came up again in bug 469210 [2].
> (Ironically, checking for a particular kernel configuration is the
> example mentioned in the spec for pkg_pretend.)

That's not ironic! It's not the spec's fault that people write lousy
eclasses.

> We say in Table 11.1 [3] that T and TMPDIR (and HOME) are legal in all
> phases and must be "the location of a usable temporary directory". At
> the same time, we say in the spec for pkg_* phases that they "must not
> write to the filesystem" [4], or that they "must not write outside of
> the directories specified by the ROOT and D environment variables" [5]
> which effectively forbids writing to the ${T} etc. directories.

The point of them pointing to a usable directory is just to avoid
problems with things that break if the variable is empty or set to
nonsense.

-- 
Ciaran McCreesh

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-pms] Write to filesystem in pkg_* phases

[Ulrich Mueller]

[-- Attachment #1: Type: text/plain, Size: 799 bytes --]

>>>>> On Mon, 2 Jun 2014, Ciaran McCreesh wrote:

> On Mon, 2 Jun 2014 11:42:07 +0200
> Ulrich Mueller <ulm@gentoo.org> wrote:
>> We say in Table 11.1 [3] that T and TMPDIR (and HOME) are legal in all
>> phases and must be "the location of a usable temporary directory". At
>> the same time, we say in the spec for pkg_* phases that they "must not
>> write to the filesystem" [4], or that they "must not write outside of
>> the directories specified by the ROOT and D environment variables" [5]
>> which effectively forbids writing to the ${T} etc. directories.

> The point of them pointing to a usable directory is just to avoid
> problems with things that break if the variable is empty or set to
> nonsense.

Yeah, but what is the point of restricting writes if the directory is
usable?

Ulrich

[-- Attachment #2: Type: application/pgp-signature, Size: 490 bytes --]

Re: [gentoo-pms] Write to filesystem in pkg_* phases

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 1607 bytes --]

Dnia 2014-06-02, o godz. 15:47:04
Ciaran McCreesh <ciaran.mccreesh@googlemail.com> napisał(a):

> On Mon, 2 Jun 2014 11:42:07 +0200
> Ulrich Mueller <ulm@gentoo.org> wrote:
> > This topic was already discussed in -dev some time ago [1], but went
> > nowhere at the time. Now it came up again in bug 469210 [2].
> > (Ironically, checking for a particular kernel configuration is the
> > example mentioned in the spec for pkg_pretend.)  
> 
> That's not ironic! It's not the spec's fault that people write lousy
> eclasses.

It is the spec's fault when it sets stupid and mismatched
requirements. As long as we don't restrict pkg_* phases from calling
external tools, prohibiting writes to temporary directory is just
pointless. Every semi-sane system has a writable temporary directory
that can be used freely by random programs, and so shall ebuild
environment have.

As for pkg_pretend(), I don't have a strong opinion whether it should
be added to use external tools. However, prohibiting that would limit
its use a lot. As for remaining pkg_*() phases, I think such
prohibition would simply make the phases purposeless.

As for ${T}, I consider it simply a convenient directory which ebuild
can use for temporary files without needing to care about unique names
and cleaning up afterwards. Prohibiting writes there during
pkg_pretend() would be a minor inconvenience but may save the effort of
preparing a separate temporary directory before build/install starts.
However, I don't think the confusion caused by it outweighs the benefit.

-- 
Best regards,
Michał Górny

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 949 bytes --]

Re: [gentoo-pms] Write to filesystem in pkg_* phases

[Ciaran McCreesh]

[-- Attachment #1: Type: text/plain, Size: 934 bytes --]

On Sun, 15 Jun 2014 09:53:02 +0200
Michał Górny <mgorny@gentoo.org> wrote:
> It is the spec's fault when it sets stupid and mismatched
> requirements. As long as we don't restrict pkg_* phases from calling
> external tools, prohibiting writes to temporary directory is just
> pointless. Every semi-sane system has a writable temporary directory
> that can be used freely by random programs, and so shall ebuild
> environment have.

But ${T} has to point somewhere special...

> As for pkg_pretend(), I don't have a strong opinion whether it should
> be added to use external tools. However, prohibiting that would limit
> its use a lot. As for remaining pkg_*() phases, I think such
> prohibition would simply make the phases purposeless.

But it can't rely upon external tools being present, and if they are
present, they can't be relied upon to work (have their dependencies
installed).

-- 
Ciaran McCreesh

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-pms] Write to filesystem in pkg_* phases

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 1276 bytes --]

Dnia 2014-06-15, o godz. 14:45:07
Ciaran McCreesh <ciaran.mccreesh@googlemail.com> napisał(a):

> On Sun, 15 Jun 2014 09:53:02 +0200
> Michał Górny <mgorny@gentoo.org> wrote:
> > It is the spec's fault when it sets stupid and mismatched
> > requirements. As long as we don't restrict pkg_* phases from calling
> > external tools, prohibiting writes to temporary directory is just
> > pointless. Every semi-sane system has a writable temporary directory
> > that can be used freely by random programs, and so shall ebuild
> > environment have.
> 
> But ${T} has to point somewhere special...

But ${TMPDIR} doesn't.

> > As for pkg_pretend(), I don't have a strong opinion whether it should
> > be added to use external tools. However, prohibiting that would limit
> > its use a lot. As for remaining pkg_*() phases, I think such
> > prohibition would simply make the phases purposeless.
> 
> But it can't rely upon external tools being present, and if they are
> present, they can't be relied upon to work (have their dependencies
> installed).

It can rely on base system tools being present since that's what PMS
requires. It relies on bash being present in particular, and bash can
use temporarily files too.

-- 
Best regards,
Michał Górny

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 949 bytes --]

[gentoo-pms] [PATCH] Re: Write to filesystem in pkg_* phases

[Ulrich Mueller]

[-- Attachment #1: Type: text/plain, Size: 3628 bytes --]

>>>>> On Mon, 02 Jun 2014, Ulrich Mueller wrote:

> This topic was already discussed in -dev some time ago [1], but went
> nowhere at the time. Now it came up again in bug 469210 [2].
> (Ironically, checking for a particular kernel configuration is the
> example mentioned in the spec for pkg_pretend.)

> We say in Table 11.1 [3] that T and TMPDIR (and HOME) are legal in all
> phases and must be "the location of a usable temporary directory". At
> the same time, we say in the spec for pkg_* phases that they "must not
> write to the filesystem" [4], or that they "must not write outside of
> the directories specified by the ROOT and D environment variables" [5]
> which effectively forbids writing to the ${T} etc. directories.

> What is the purpose of this restriction? From above mentioned bug I
> conclude that neither Portage nor Paludis enforce it.

Coming back to this. As I have been told, the same is true for Pkgcore.
So, find a patch included below. Please review.

Ulrich

> [1] https://archives.gentoo.org/gentoo-dev/msg_ea6dce57c39ff597afdca7ba74f7cc73.xml
> [2] https://bugs.gentoo.org/show_bug.cgi?id=469210
> [3] http://dev.gentoo.org/~ulm/pms/5/pms.html#x1-118002
> [4] http://dev.gentoo.org/~ulm/pms/5/pms.html#x1-960009.1.2
> [5] http://dev.gentoo.org/~ulm/pms/5/pms.html#x1-1040009.1.10

From 00cc505965ff8d3cb4d71b4e6eee76168f37d642 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ulrich=20M=C3=BCller?= <ulm@gentoo.org>
Date: Thu, 25 Jun 2020 20:38:51 +0200
Subject: [PATCH] ebuild-functions.tex: Phase functions can write to temporary
 dirs.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

All package managers support that functions like pkg_pretend() write
to temporary directories T, TMPDIR and HOME. This is also used in the
tree, see for example bug 469210. Update the spec to match this.

Signed-off-by: Ulrich Müller <ulm@gentoo.org>
---
 ebuild-functions.tex | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/ebuild-functions.tex b/ebuild-functions.tex
index 4a13db6..3935800 100644
--- a/ebuild-functions.tex
+++ b/ebuild-functions.tex
@@ -6,11 +6,12 @@
 The following is a list of functions that an ebuild, or eclass, may define, and which will be called
 by the package manager as part of the build and/or install process. In all cases the package manager
 must provide a default implementation of these functions; unless otherwise stated this must be a
-no-op. Most functions must assume only that they have write access to the package's working
-directory (the \t{WORKDIR} environment variable; see section~\ref{sec:ebuild-env-vars}), and the
-temporary directory \t{T}; exceptions are noted below. All functions may assume that they have read
-access to all system libraries, binaries and configuration files that are accessible to normal
-users.
+no-op. All functions may assume that they have read access to all system libraries, binaries and
+configuration files that are accessible to normal users, as well as write access to the temporary
+directories specified by the \t{T}, \t{TMPDIR} and \t{HOME} environment variables
+(see section~\ref{sec:ebuild-env-vars}). Most functions must assume only that they have additional
+write access to the package's working directory (the \t{WORKDIR} environment variable); exceptions
+are noted below.
 
 The environment for functions run outside of the build sequence (that is, \t{pkg_config},
 \t{pkg_info}, \t{pkg_prerm} and \t{pkg_postrm}) must be the environment used for the build of the
-- 
2.27.0

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 507 bytes --]

Re: [gentoo-pms] [PATCH] Re: Write to filesystem in pkg_* phases

[Ulrich Mueller]

[-- Attachment #1: Type: text/plain, Size: 1006 bytes --]

>>>>> On Fri, 26 Jun 2020, Ulrich Mueller wrote:

>> This topic was already discussed in -dev some time ago [1], but went
>> nowhere at the time. Now it came up again in bug 469210 [2].
>> (Ironically, checking for a particular kernel configuration is the
>> example mentioned in the spec for pkg_pretend.)

>> We say in Table 11.1 [3] that T and TMPDIR (and HOME) are legal in all
>> phases and must be "the location of a usable temporary directory". At
>> the same time, we say in the spec for pkg_* phases that they "must not
>> write to the filesystem" [4], or that they "must not write outside of
>> the directories specified by the ROOT and D environment variables" [5]
>> which effectively forbids writing to the ${T} etc. directories.

>> What is the purpose of this restriction? From above mentioned bug I
>> conclude that neither Portage nor Paludis enforce it.

> Coming back to this. As I have been told, the same is true for Pkgcore.
> So, find a patch included below. Please review.

Pushed.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 507 bytes --]