Re: Bug#388399: FTBFS problems on alpha, mips[el]: Please help debugging
Frank Küster wrote:
> [Summary for the buildd people: We still need your help]
> Steve Langasek <email@example.com> wrote:
> > But if the package build requires access to $HOME/.texmf-var, that's still a
> > bug that should be fixed;
> No it doesn't require that. Only if there is a $HOME directory, and it
> is writable, then it is used. Otherwise /tmp/texfonts is used
> > Anyway, here's how I *am* able to reproduce the bug:
> No, that's not the same bug.
> > sudo mkdir -p /tmp/texfonts/source/jknappen/ec
> > sudo mkdir -p /tmp/texfonts/tfm/jknappen/ec
> > make -C docs/psdoc
> > So somewhere, there is a very, very wrong assumption that it's ok to use a
> > fixed, user-invariant path under /tmp for writing out fonts.
> I do not think that this is a bug, and anyway it's unrelated to the
> FTBFS problem. Previously fonts were created below /var, but this was
> regarded as a security risk because users would be able to completely
> fill up /var. Now the font cache is in the users' directories, and only
> as a fallback it is in /tmp/texfonts.
So, if I understand that correctly, the bug was fixed by running mktexmf
as non-root, and the change of the cache location is only a collateral.
> This was particularly designed
> for machines like buildds, where $HOME might be nonexistent or
> unwritable. I think it was even discussed on -devel, but maybe not the
> details. Why should it be more wrong to use a user-invariant path in
> /tmp than a user-invariant path in /var?
Because /var isn't a free-for-all scratch space like /tmp.
> Note that we cannot use
> directories created with mktemp or so, because it's not possible to pass
> on the directory name from the process that creates the dir, to the one
> that creates the font and to the one that uses it.
> If the admin chooses to create an empty /tmp/texfonts hierarchy without
> write access for users that need the font cache, that's equivalent to
> him creating an empty /var/cache/fonts/... without users having write
> access, in the old setup. You're allowed to shoot yourself into the
AFAIU any user on the system could create /tmp/texfonts and break
mktexmf that way.