Re: How to become very unpopular. (or:) A scary story.
On Sat, 18 Aug 2001, Thomas Hood wrote:
> > On Thu, Aug 16, 2001 at 10:53:31PM +0300, Richard Braakman wrote:
> > > On Thu, Aug 16, 2001 at 01:56:02PM -0400, Thomas Hood wrote:
> > > > 3. Add a space after "ROOTDIR=/"
> > > > 4. Release to unwary users
> > >
> > > An easy way to prevent problems of this sort is to specify all directory
> > > variables without trailing slashes. This makes using them more natural, too.
> > > Example:
> > >
> > > > ROOTDIR=
> > > > LIBDIR=$(ROOTDIR)/usr/lib
> > > >
> > > > install:
> > > > mkdir $(LIBDIR)/foo
> > > > cp -p lib/foo* $(LIBDIR)/foo/
> > > >
> > > > uninstall:
> > > > rm -rf $(LIBDIR)
> > also notice that this example will rm -rf /usr/lib ;-)
> Yes, the line should have been "rm -rf $(LIBDIR)foo". Obviously
> I didn't test my code very well. ;) But the error just amplifies
> my point. We run these developer-provided scripts as root, and even
> in the absence of malicious intent it is possible for little mistakes
> to creep in that can cause an great deal of damage.
I never run things as root. fakeroot is a great tool.
If a package doesn't support DESTDIR(or some other means of altnernate
installation dir support), I seriously consider NOT packaging it. If the
software is cool enough, however, I generally try to patch it to support
DESTDIR. But then, if it is cool enough, why weren't the authors capable of
adding DESTDIR support themselves?