severity 591010 normal quit Modestas Vainius wrote:
> I do believe that dpkg-buildpackage > should be changed to support absolute paths for -r again (what's the point not > to, they are more secure anyway?) and thus save sbuild users (buildd admins > and > poor DDs) some time debugging and changing configuration. I agree; that is a good reason to fix this in dpkg. However, I think sbuild is buggy here: it is friendlier to allow a command to be overridden by putting a better version in /usr/local/bin/ (as policy ยง6.1 hints). In other words, how about something vaguely like this patch? (not tested) diff --git a/bin/check-old-builds b/bin/check-old-builds index 12306f7..2f0144d 100755 --- a/bin/check-old-builds +++ b/bin/check-old-builds @@ -33,7 +33,7 @@ sub parse_date ($); my $reported_file = "$HOME/lib/reported-old-builds"; my $list_cmd = "wanna-build --list=building -v"; my $report_days = 10; -my $mailprog = "/usr/sbin/sendmail"; +my $mailprog = "sendmail"; chomp( my $mailname = `cat /etc/mailname` || `hostname` ); my $sender = $ENV{'LOGNAME'} || (getpwuid($<))[0]; diff --git a/bin/sbuild-adduser b/bin/sbuild-adduser index 2ebb597..6aa4d00 100755 --- a/bin/sbuild-adduser +++ b/bin/sbuild-adduser @@ -41,7 +41,7 @@ foreach (@ARGV) { my $user = getpwnam($_); if (defined $user) { - $status += system("/usr/sbin/adduser", "$_", "sbuild"); + $status += system("adduser", "$_", "sbuild"); } else { print STDERR "W: User \"$_\" does not exist\n"; $status++; diff --git a/bin/sbuild-createchroot b/bin/sbuild-createchroot index 985128c..d9b090a 100755 --- a/bin/sbuild-createchroot +++ b/bin/sbuild-createchroot @@ -195,7 +195,7 @@ if ($conf->get('VERBOSE')) { # Run debootstrap with specified options. if (!$conf->get('SETUP_ONLY')) { - !system("/usr/sbin/debootstrap", @args) or die "E: Error running debootstrap"; + !system("debootstrap", @args) or die "E: Error running debootstrap"; } # Set up minimal /etc/hosts. diff --git a/bin/sbuild-debuild b/bin/sbuild-debuild index e54ddfd..6f0a703 100644 --- a/bin/sbuild-debuild +++ b/bin/sbuild-debuild @@ -222,7 +222,7 @@ sub detect_arch { $arch_opt =~ s/--arch=// if ($arch_opt); # Determine the arch using dpkg-architecture - my $dpkg_arch_command = '/usr/bin/dpkg-architecture -qDEB_HOST_ARCH'; + my $dpkg_arch_command = 'dpkg-architecture -qDEB_HOST_ARCH'; $dpkg_arch_command .= " -a$arch_opt" if ($arch_opt); # Grab the architecture and return it. We discard output from STDERR @@ -246,7 +246,7 @@ sub detect_package_and_version { open($output, '<', $build_input); } else { # Grab the output from dpkg-parsechangelog - my $dpkg_parsechangelog = '/usr/bin/dpkg-parsechangelog'; + my $dpkg_parsechangelog = 'dpkg-parsechangelog'; open($output, '-|', $dpkg_parsechangelog); } @@ -346,7 +346,7 @@ sub process_package { if ($build_input !~ /.*\.dsc$/) { chdir($build_input); print "Running dpkg-buildpackage.\n"; - system('/usr/bin/dpkg-buildpackage', + system('dpkg-buildpackage', @{$conf->get('DPKG_BUILDPACKAGE_OPTS')}); if (($? >> 8) != 0) { print "Running dpkg-buildpckage failed: $?"; @@ -361,7 +361,7 @@ sub process_package { chdir(dirname($dsc)); print "Running sbuild.\n"; - system('/usr/bin/sbuild', @{$conf->get('SBUILD_OPTS')}, $dsc); + system('sbuild', @{$conf->get('SBUILD_OPTS')}, $dsc); if (($? >> 8) != 0) { print "Running sbuild failed: $?"; chdir($currentdir); @@ -372,9 +372,10 @@ sub process_package { $returnval = 0 unless process_commands("pre_lintian_commands", $dsc, $source_changes, $bin_changes); - if ((!$conf->get('NO_LINTIAN')) && (-x '/usr/bin/lintian')) { + if ((!$conf->get('NO_LINTIAN')) && + (system("which lintian >/dev/null") == 0)) { print "Running lintian.\n"; - system('/usr/bin/lintian', @{$conf->get('LINTIAN_OPTS')}, $bin_changes); + system('lintian', @{$conf->get('LINTIAN_OPTS')}, $bin_changes); if (($? >> 8) != 0) { print "Running lintian failed: $?"; chdir($currentdir); diff --git a/bin/wanna-build-merge-packages b/bin/wanna-build-merge-packages index f7503b8..d61c1a0 100755 --- a/bin/wanna-build-merge-packages +++ b/bin/wanna-build-merge-packages @@ -148,7 +148,7 @@ chdir( "/" ) or die "chdir /: $!\n"; system "rm", "-rf", $tmpdir and die "rm -rf $tmpdir error status $?"; system "buildd-addpkg", "--clean" - if -x "/usr/bin/buildd-addpkg"; + if system("which buildd-addpkg >/dev/null") == 0; exit( 0 ); diff --git a/configure.ac b/configure.ac index 0ac8d48..5eb386e 100644 --- a/configure.ac +++ b/configure.ac @@ -84,35 +84,35 @@ if test "$enable_debug" = "yes"; then fi # Checks for programs. -AC_PATH_PROG([APT_CACHE], [apt-cache]) -AC_PATH_PROG([APTITUDE], [aptitude]) -AC_PATH_PROG([APT_GET], [apt-get]) -AC_PATH_PROG([CHMOD], [chmod]) -AC_PATH_PROG([DATE], [date]) -AC_PATH_PROG([DCMD], [dcmd]) -AC_PATH_PROG([DF], [df]) -AC_PATH_PROG([DPKG], [dpkg]) -AC_PATH_PROG([DPKG_ARCHITECTURE], [dpkg-architecture]) -AC_PATH_PROG([DPKG_BUILDPACKAGE], [dpkg-buildpackage]) -AC_PATH_PROG([DPKG_PARSECHANGELOG], [dpkg-parsechangelog]) -AC_PATH_PROG([DPKG_SOURCE], [dpkg-source]) -AC_PATH_PROG([DU], [du]) -AC_PATH_PROG([FAKEROOT], [fakeroot]) -AC_PATH_PROG([FIND], [find]) -AC_PATH_PROG([GPG], [gpg]) -AC_PATH_PROG([HOSTNAME], [hostname]) -AC_PATH_PROG([MAN], [man]) -AC_PATH_PROG([MD5SUM], [md5sum]) -AC_PATH_PROG([PGP], [pgp]) -AC_PATH_PROG([PS], [ps]) -AC_PATH_PROG([RM], [rm]) -AC_PATH_PROG([SCHROOT], [schroot]) -AC_PATH_PROG([SENDMAIL], [sendmail], [/usr/sbin/sendmail], [$PATH:/sbin:/usr/sbin]) -AC_PATH_PROG([SSH], [ssh]) -AC_PATH_PROG([SUDO], [sudo]) -AC_PATH_PROG([SU], [su]) -AC_PATH_PROG([TEMPFILE], [tempfile]) -AC_PATH_PROG([XARGS], [xargs]) +AC_CHECK_PROG([APT_CACHE], [apt-cache], [apt-cache]) +AC_CHECK_PROG([APTITUDE], [aptitude], [aptitude]) +AC_CHECK_PROG([APT_GET], [apt-get], [apt-get]) +AC_CHECK_PROG([CHMOD], [chmod], [chmod]) +AC_CHECK_PROG([DATE], [date], [date]) +AC_CHECK_PROG([DCMD], [dcmd], [dcmd]) +AC_CHECK_PROG([DF], [df], [df]) +AC_CHECK_PROG([DPKG], [dpkg], [dpkg]) +AC_CHECK_PROG([DPKG_ARCHITECTURE], [dpkg-architecture], [dpkg-architecture]) +AC_CHECK_PROG([DPKG_BUILDPACKAGE], [dpkg-buildpackage], [dpkg-buildpackage]) +AC_CHECK_PROG([DPKG_PARSECHANGELOG], [dpkg-parsechangelog], [dpkg-parsechangelog]) +AC_CHECK_PROG([DPKG_SOURCE], [dpkg-source], [dpkg-source]) +AC_CHECK_PROG([DU], [du], [du]) +AC_CHECK_PROG([FAKEROOT], [fakeroot], [fakeroot]) +AC_CHECK_PROG([FIND], [find], [find]) +AC_CHECK_PROG([GPG], [gpg], [gpg]) +AC_CHECK_PROG([HOSTNAME], [hostname], [hostname]) +AC_CHECK_PROG([MAN], [man], [man]) +AC_CHECK_PROG([MD5SUM], [md5sum], [md5sum]) +AC_CHECK_PROG([PGP], [pgp], [pg]) +AC_CHECK_PROG([PS], [ps], [ps]) +AC_CHECK_PROG([RM], [rm], [rm]) +AC_CHECK_PROG([SCHROOT], [schroot], [schroot]) +AC_CHECK_PROG([SENDMAIL], [sendmail], [sendmail],, [$PATH:/sbin:/usr/sbin]) +AC_CHECK_PROG([SSH], [ssh], [ssh]) +AC_CHECK_PROG([SUDO], [sudo], [sudo]) +AC_CHECK_PROG([SU], [su], [su]) +AC_CHECK_PROG([TEMPFILE], [tempfile], [tempfile]) +AC_CHECK_PROG([XARGS], [xargs], [xargs]) dnl Set PACKAGE_LOCALE_DIR in config.h AH_TEMPLATE(PACKAGE_LOCALE_DIR, [Package locale directory]) diff --git a/debian/rules b/debian/rules index 55561ff..fcd65a9 100755 --- a/debian/rules +++ b/debian/rules @@ -13,11 +13,7 @@ debian/build/config.status: configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \ --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/share \ --localstatedir=/var --mandir=\$${prefix}/share/man \ - DCMD=/usr/bin/dcmd \ - SCHROOT=/usr/bin/schroot \ - SSH=/usr/bin/ssh \ - SUDO=/usr/bin/sudo \ - APTITUDE=/usr/bin/aptitude + DCMD=dcmd SCHROOT=schroot SSH=ssh SUDO=sudo APTITUDE=aptitude build: debian/build/config.status debian/build-stamp debian/build-stamp: debian/build/config.status diff --git a/etc/buildd.conf b/etc/buildd.conf index d8b133c..c43c51a 100644 --- a/etc/buildd.conf +++ b/etc/buildd.conf @@ -29,7 +29,7 @@ # is running locally, set $wanna_build_ssh_host to an empty string. # SSH program -#$ssh = "/usr/bin/ssh"; +#$ssh = "ssh"; # nice level to run sbuild. Dedicated build daemons should not be # niced. diff --git a/etc/sbuild.conf b/etc/sbuild.conf index bec9677..b8f2243 100644 --- a/etc/sbuild.conf +++ b/etc/sbuild.conf @@ -107,7 +107,7 @@ #$chroot = 'unstable-powerpc-sbuild'; # Script to run prior to a build. The default is to not run any setup script. -#$chroot_setup_script='/usr/local/bin/chroot-setup' +#$chroot_setup_script='chroot-setup' # When to purge the build directory afterwards; possible values are "never", # "successful", and "always". "always" is the default. @@ -281,30 +281,30 @@ ## # Program to mail log files. -#$mailprog = "/usr/sbin/sendmail"; +#$mailprog = "sendmail"; # dpkg binary. -#$dpkg = "/usr/bin/dpkg"; +#$dpkg = "dpkg"; # su binary. -#$su = "/bin/su"; +#$su = "su"; # schroot binary. -#$schroot = "/usr/bin/schroot"; +#$schroot = "schroot"; # schroot options; see schroot(1). #$schroot_options = ['-q']; # sudo binary. -#$sudo = "/usr/bin/sudo"; +#$sudo = "sudo"; # fakeroot command. Set to be fakeroot by default, but sudo is # typically used on systems without fakeroot. -#$fakeroot = "/usr/bin/fakeroot"; +#$fakeroot = "fakeroot"; # apt-get binary. -#$apt_get = "/usr/bin/apt-get"; +#$apt_get = "apt-get"; # apt-cache binary. -#$apt_cache = "/usr/bin/apt-cache"; +#$apt_cache = "apt-cache"; # dpkg-source binary. -#$dpkg_source = "/usr/bin/dpkg-source"; +#$dpkg_source = "dpkg-source"; # dcmd binary. -#$dcmd = "/usr/bin/dcmd"; +#$dcmd = "dcmd"; # md5sum binary -#$md5sum = "/usr/bin/md5sum"; +#$md5sum = "md5sum"; # don't remove this, Perl needs it: diff --git a/lib/Buildd.pm b/lib/Buildd.pm index 5b656fb..830789d 100644 --- a/lib/Buildd.pm +++ b/lib/Buildd.pm @@ -160,8 +160,8 @@ sub ll_send_mail ($$) { $text =~ s/^\.$/../mg; local $SIG{'PIPE'} = 'IGNORE'; - if (!open( MAIL, "|/usr/sbin/sendmail -oem '$to'" )) { - print STDERR "Could not open pipe to /usr/sbin/sendmail: $!\n"; + if (!open( MAIL, "|sendmail -oem '$to'" )) { + print STDERR "Could not open pipe to sendmail: $!\n"; return 0; } print MAIL $text; diff --git a/lib/Buildd/Conf.pm b/lib/Buildd/Conf.pm index b0e3eea..0ff1f1c 100644 --- a/lib/Buildd/Conf.pm +++ b/lib/Buildd/Conf.pm @@ -57,7 +57,7 @@ sub init_allowed_keys { if !defined($program) || !$program; die "$key binary '$program' does not exist or is not executable" - if !-x $program; + if system("sh", "-c", 'which "$@" >/dev/null', "sh", $program) != 0; }; my $validate_directory = sub { diff --git a/lib/Sbuild.pm b/lib/Sbuild.pm index ebec301..28183ef 100644 --- a/lib/Sbuild.pm +++ b/lib/Sbuild.pm @@ -393,7 +393,7 @@ sub help_text ($$) { my $section = shift; my $page = shift; - system("/usr/bin/man", "$section", "$page"); + system("man", "$section", "$page"); exit 0; } diff --git a/lib/Sbuild/ChrootPlain.pm b/lib/Sbuild/ChrootPlain.pm index 04de392..150c427 100644 --- a/lib/Sbuild/ChrootPlain.pm +++ b/lib/Sbuild/ChrootPlain.pm @@ -120,7 +120,7 @@ sub get_command_internal { } } - @cmdline = ('/usr/sbin/chroot', $self->get('Location'), + @cmdline = ('chroot', $self->get('Location'), $self->get_conf('SU'), '-p', "$user", '-s', $Sbuild::Sysconfig::programs{'SHELL'}, '-c', "cd '$dir' && $shellcommand"); diff --git a/lib/Sbuild/ChrootSetup.pm b/lib/Sbuild/ChrootSetup.pm index f0664a1..8106d74 100644 --- a/lib/Sbuild/ChrootSetup.pm +++ b/lib/Sbuild/ChrootSetup.pm @@ -133,7 +133,7 @@ sub basesetup ($$) { # This will require root privileges. However, this should # only get run at initial chroot setup time. my $groupfile = $session->get('Location') . "/etc/group"; - system '/bin/sh', '-c', "getent group sbuild >> $groupfile"; + system 'sh', '-c', "getent group sbuild >> $groupfile"; if ($?) { print STDERR "E: Failed to create group sbuild\n"; return $? @@ -141,7 +141,7 @@ sub basesetup ($$) { } $session->run_command( - { COMMAND => ['/bin/sh', '-c', + { COMMAND => ['sh', '-c', 'set -e; if [ ! -d /build ] ; then mkdir -m 0775 /build; fi'], USER => 'root', DIR => '/' }); @@ -171,7 +171,7 @@ sub basesetup ($$) { } $session->run_command( - { COMMAND => ['/bin/sh', '-c', + { COMMAND => ['sh', '-c', 'set -e; if [ ! -d /var/lib/sbuild ] ; then mkdir -m 2770 /var/lib/sbuild; fi'], USER => 'root', DIR => '/' }); @@ -181,7 +181,7 @@ sub basesetup ($$) { } $session->run_command( - { COMMAND => ['/bin/sh', '-c', + { COMMAND => ['sh', '-c', 'set -e; if [ ! -d /var/lib/sbuild/srcdep-lock ] ; then mkdir -m 2770 /var/lib/sbuild/srcdep-lock; fi'], USER => 'root', DIR => '/' }); @@ -210,7 +210,7 @@ sub basesetup ($$) { # Set up debconf selections. my $pipe = $session->pipe_command( - { COMMAND => ['/usr/bin/debconf-set-selections'], + { COMMAND => ['debconf-set-selections'], PIPE => 'out', USER => 'root', CHROOT => 1, diff --git a/lib/Sbuild/ChrootSudo.pm b/lib/Sbuild/ChrootSudo.pm index fa8a34a..6f44a80 100644 --- a/lib/Sbuild/ChrootSudo.pm +++ b/lib/Sbuild/ChrootSudo.pm @@ -121,7 +121,7 @@ sub get_command_internal { } } - @cmdline = ($self->get_conf('SUDO'), '/usr/sbin/chroot', $self->get('Location'), + @cmdline = ($self->get_conf('SUDO'), 'chroot', $self->get('Location'), $self->get_conf('SU'), '-p', "$user", '-s', $Sbuild::Sysconfig::programs{'SHELL'}, '-c', "cd '$dir' && $shellcommand"); diff --git a/lib/Sbuild/Conf.pm b/lib/Sbuild/Conf.pm index 3003290..df925d5 100644 --- a/lib/Sbuild/Conf.pm +++ b/lib/Sbuild/Conf.pm @@ -56,7 +56,7 @@ sub init_allowed_keys { if !defined($program) || !$program; die "$key binary '$program' does not exist or is not executable" - if !-x $program; + if system("sh", "-c", 'which "$@" >/dev/null', "sh", $program) != 0; }; my $validate_directory = sub { diff --git a/lib/Sbuild/ConfBase.pm b/lib/Sbuild/ConfBase.pm index fa3d1a7..c43f272 100644 --- a/lib/Sbuild/ConfBase.pm +++ b/lib/Sbuild/ConfBase.pm @@ -50,7 +50,7 @@ sub init_allowed_keys { if !defined($program); die "$key binary $program does not exist or is not executable" - if !-x $program; + if system("sh", "-c", 'which "$@" >/dev/null', "sh", $program) != 0; }; my $validate_directory = sub { diff --git a/lib/Sbuild/Utility.pm b/lib/Sbuild/Utility.pm index 49a6d16..d1dc683 100644 --- a/lib/Sbuild/Utility.pm +++ b/lib/Sbuild/Utility.pm @@ -310,7 +310,7 @@ sub _get_proxy { my $proxy; # Attempt to acquire a proxy URL from apt-config. - if (open(my $apt_config_output, '-|', '/usr/bin/apt-config dump')) { + if (open(my $apt_config_output, '-|', 'apt-config dump')) { foreach my $tmp (<$apt_config_output>) { if ($tmp =~ m/^.*Acquire::http::Proxy\s+/) { $proxy = $tmp; diff --git a/lib/WannaBuild/Database.pm b/lib/WannaBuild/Database.pm index 66513cf..21e2e37 100644 --- a/lib/WannaBuild/Database.pm +++ b/lib/WannaBuild/Database.pm @@ -340,8 +340,7 @@ sub process { last if ! -e $tmpfile; } $self->get('Current Database')->dump($tmpfile); - my $editor = $ENV{'VISUAL'} || - "/usr/bin/sensible-editor"; + my $editor = $ENV{'VISUAL'} || "sensible-editor"; system "$editor $tmpfile"; $self->get('Current Database')->clear(); # clear all current contents $self->get('Current Database')->restore($tmpfile); diff --git a/lib/WannaBuild/Mail.pm b/lib/WannaBuild/Mail.pm index e1c7a5a..7db5cf4 100644 --- a/lib/WannaBuild/Mail.pm +++ b/lib/WannaBuild/Mail.pm @@ -50,12 +50,11 @@ sub new { sub run { my $self = shift; - $main::tempfile = "/bin/tempfile"; - $main::wanna_build = -f "/usr/local/bin/wanna-build" ? - "/usr/local/bin/wanna-build" : "/usr/bin/wanna-build"; - $main::pgp = "/usr/bin/pgp"; - $main::gpg = "/usr/bin/gpg"; - $main::sendmail = "/usr/sbin/sendmail"; + $main::tempfile = "tempfile"; + $main::wanna_build = "wanna-build"; + $main::pgp = "pgp"; + $main::gpg = "gpg"; + $main::sendmail = "sendmail"; $main::libdir = "/var/lib/wanna-build"; $main::pgp_keyring = "$main::libdir/mail-keyring.pgp"; $main::gpg_keyring = "$main::libdir/mail-keyring.gpg"; @@ -328,7 +327,8 @@ sub pgp_check { } $stat = 1; - if (-x $main::pgp && -f $main::pgp_keyring) { + if (system("sh", "-c", 'which "$@" >/dev/null', "sh", $main::pgp) == 0 && + -f $main::pgp_keyring) { if (!open( PIPE, "$main::pgp -f +batchmode +verbose=0 ". "+pubring=$main::pgp_keyring <'$file' 2>&1 >/dev/null |" )) { $self->fatal( "Can't open pipe to $main::pgp: $!" ); @@ -341,7 +341,9 @@ sub pgp_check { $found = 1 if !$stat || $output =~ /^(good|bad) signature from/im } - if (!$found && -x $main::gpg && -f $main::gpg_keyring) { + if (!$found && + system("sh", "-c", 'which "$@" >/dev/null', "sh", $main::gpg) == 0 && + -f $main::gpg_keyring) { if (!open( PIPE, "$main::gpg --no-options --batch ". "--no-default-keyring --keyring $main::gpg_keyring ". " --verify '$file' 2>&1 |" )) { -- -- To UNSUBSCRIBE, email to debian-dpkg-bugs-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org