On ma, 2011-04-04 at 19:43 +0100, Roger Leigh wrote:
> Regarding the root shell issue, I wouldn't have an issue with it
> being /bin/sh. The admin is always free to chsh it to the shell
> of their choice.
We could even have d-i set the root shell to bash if it installs bash.
Or have bash do it always, even, if root's shell is /bin/sh.
> [Slightly related: it would be nice if d-i could default to
> password-free locked root account for wheezy, i.e. sudo by default,
> which would partly mitigate the issue by not requiring the use of a
> root shell for most uses of the root account.]
+1
> However, there have got to be hundreds of packages using bash
> without a dependency. Do we have any information on the
> affected packages (i.e. all those with a #!/bin/bash shebang in any
> provided executable scripts)?
I happened to have access to a idle-ish fastish machine with a fresh-ish
Debian mirror, so I wrote a script to unpack all binaries (for sid/main
amd64), and then another script to grep for bash scripts (actually a
pair of scripts). With these scripts, I got a list of files that start
with #!/bin/bash. There are 1783 files in the list, in 543 packages.
The list is 128 kilobytes long, so I don't attach it. I've put it on the
web at http://files.liw.fi/temp/bash.list for anyone who wants a look. I
have attached the scripts to make it easier for others to re-run them if
they wish.
Changing 543 packages to add a bash dependency does sound like a lot,
but it should be doable.
* We can add a lintian warning, which helps catch such things in
the future.
* We can perhaps change debhelper to automatically add the
dependency, if it is missing. Since most packages use debhelper,
this might transition most of the packages automatically.
* Or we might do a more traditional transition, with an MBF now,
and a targeted NMU campaign in six months, for any packages that
still remain.
I think this would be a nice thing to do, especially from the point of
view of embedded systems, and other systems with no interactive use, but
limited resources.
--
Blog/wiki/website hosting with ikiwiki (free for free software):
http://www.branchable.com/
Attachment:
unpack-debian-binaries
Description: application/shellscript
Attachment:
find-bash-scripts
Description: application/shellscript
Attachment:
isbash
Description: application/shellscript