On 3 March 2006 at 23:17, José Matos wrote: | On 03/03/06, José Matos <[EMAIL PROTECTED]> wrote: | > Hi, | > in Fedora Extras we build R packages to a temporary directory. The | > relevant section in | > the spec file is this: | > | > %build | > cd ..; R CMD INSTALL %{packname} -l %{buildroot}%{_libdir}/R/library | > | > It works. :-) | > | > We noticed one problem though (I will assume working on ix86 here) the | > temporary build path is saved in | > /usr/lib/R/library/*/Meta/hsearch.rds, i.e. for each package. | | Searching a little bit more I see that Peter Daalgard came to the | same conclusion one month ago: | https://stat.ethz.ch/pipermail/r-help/2006-February/086069.html
And I guess you also saw that he called that harmless, right? We have building packages like this 'forever' under Debian and yet to have a problem with it: [EMAIL PROTECTED]:~> strings /usr/lib/R/site-library/*/Meta/*.rds | grep -c buildd 5154 That 5154 occurrences of the string buildd showing that the package was built in a Debian autobuilder. | > To see this is enough to run strings over these file. | > | > Is this a security concern? Does R uses this path in any way? Why would this have security implications? As others have said, the main thing is $R_HOME set in the R shell script (and now to a lesser extent the locations for the doc/, include/, and share/ directories which are allowed to be somewhere other than directly under $R_HOME if you so desire [ and we do, slowly, as there may be advantages to eventual convergence towards Linux FHS standards ] ). | > In case the answer is yes, it is safe to run sed over this file and do | > a textual replacement? I'd treat that as an empirical exercise :) Maybe you can even cook up a patch that may one day make it into being called by 'make install' ? Dirk -- Hell, there are no rules here - we're trying to accomplish something. -- Thomas A. Edison ______________________________________________ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel