[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Introducing rlintian ("restricted lintian")

On 2013-04-21 19:03, Russ Allbery wrote:
> Niels Thykier <niels@thykier.net> writes:
> 
>> I propose we include a new frontend, rlintian (or some other name).  Its
>> sole purpose would be to provide people with an honest chance of using
>> Lintian "right" in these cases.  I have attached a prototype of such a
>> frontend.
> 
> I think this is a great idea, and the prototype that you provided looks
> good to me on a quick glance.  (Alas, still little time to look more
> deeply.)
> 

Thanks, I did notice a mistake in handling the handling of --keep-env
(documented as a comma-separated list, but was used as single
variables[1]).  Attached is the patch for it.

> Separately (and compatibly), I do think it would be very worthwhile to get
> all of Lintian to run in taint mode, but that's a much bigger project.
> 

I know it would be the "right thing to do", but I have to admit it
sounds like a lot of work.

~Niels

[1] To reproduce the issue try:

 $ rlintian --debug-setup --keep-env TMPDIR,DEB_VENDOR -- \
           --profile '{VENDOR}/my-profile' -- \
           some-file.changes

and look at the list of ENV variables.



--- rlintian-orig	2013-04-21 19:16:53.241659890 +0200
+++ frontend/rlintian	2013-04-21 19:16:07.610875588 +0200
@@ -39,6 +39,7 @@
 my @DEFAULT_LINTIAN_OPTIONS = qw(
     --no-user-dirs
 );
+# Default ENV keep whitelist
 my @ENV_WHITELIST = qw();
 my %ENV_SET = (
     'PATH'  => '/bin:/usr/bin',
@@ -54,6 +55,8 @@
 );
 my @LINTIAN_OPTIONS;
 my @LINTIAN_FILE_ARGS;
+# default whitelist + args from --keep-env
+my @ENV_KEEP = @ENV_WHITELIST;
 
 $0 = basename($0);
 
@@ -113,7 +116,10 @@
 
 # Purge impurities from our environment.
 my %copy = %ENV_SET;
-for my $env (@ENV_WHITELIST, @{ $opt->keep_env }) {
+for my $list (@{ $opt->keep_env }) {
+    push(@ENV_KEEP, split(',', $list));
+}
+for my $env (@ENV_KEEP) {
     $copy{$env} = untaint($ENV{$env}) if exists $ENV{$env};
 }
 %ENV = %copy;
@@ -135,7 +141,7 @@
 sub debug_setup {
     my $full_lint_cmd = join(' ', $opt->lintian_cmd, @LINTIAN_OPTIONS,
                              '--', @LINTIAN_FILE_ARGS);
-    my @user_env = sort(@ENV_WHITELIST, keys(%ENV_SET), @{ $opt->keep_env });
+    my @user_env = sort(@ENV_KEEP, keys(%ENV_SET));
     print "Setup information:\n\n";
     print " * Current Lintian command line:\n";
     print "     $full_lint_cmd\n\n";
@@ -187,10 +193,10 @@
     my $ok = 1;
     for my $filename (@LINTIAN_FILE_ARGS) {
         if (! -f $filename) {
-            print STDERR "$filename is not a file!\n";
+            print STDERR "$filename is not a file\n";
             $ok = 0;
         } elsif ($filename !~ m{ \. (?: u?deb|dsc|changes ) $}xsm) {
-            print STDERR "$filename has unknown extension type\n";
+            print STDERR "$filename has unknown file extension.\n";
             $ok = 0;
         }
     }
Reply to: