Casper Ti. Vector wrote on Wed, Mar 27, 2024 at 08:37:46PM +0800: > On Wed, Mar 27, 2024 at 07:43:24PM +0900, Dominique Martinet wrote: > > You should never need sudo in the install section of a spec file -- > > you install to %{buildroot}, not directly to the system's bin/lib > > directories! > > It is moving files *into* %{buildroot}, not *out of*. The converse > is done in the `build' section.
I have no idea what it's doing in the hidden fn-builds script, but from what's in the spec file it is using sudo to run chmod on system directories and make them owned by the building user before actually running make install without DESTDIR, which I'll repeat is installing stuff in the systems directories and should never be needed; if something in skaware does not support DESTDIR that should be fixed but given alpine packages build just fine I don't expect any such problem, and such trick is just bad practice. Also, if I'm reading this correctly it actually make /usr/bin 777 because of flawed logic (stat -c %a /bin instead of %{_bin} (= /usr/bin); given /bin is normally a symlink to /usr/bin that stat will return 777 and the later chmod to "restore" the mode will corrupt it), so anyone running this will have opened their system for being taken over (and it possibly also doesn't chown back to root? But hopefully it's only ever been run in throw-away containers so nobody would notice anyway..) Anyway, I don't care if people shoot themselves in the foot, even if they're just running a script given by a stranger without checking what it does, I won't reply to this thread any further. -- Dominique Martinet | Asmadeus