Bug#845715: Required targets must not write outside of the source package tree
On Sat, Nov 03, 2018 at 01:07:49PM -0700, Russ Allbery wrote:
> Sean Whitton <spwhitton@spwhitton.name> writes:
>
> > I reformatted and wordsmithed josch's patch, second it myself, and am
> > seeking further seconds.
>
> > Given that whole archive rebuilds with use sbuild and already catch
> > packages that violate this requirement, making this change would not
> > declare any packages buggy that would not already be considered buggy,
> > so we can make it right away.
>
> Excellent! This has been a long-standing issue, and it's great to finally
> get this into Policy.
>
> One minor wording nit, seconded either way:
>
> > +Required targets must not attempt to write outside of the unpacked
> > +source package tree. An exception to this rule is the use of
> > +``TMPDIR`` (or ``/tmp`` if that is not set) which is permitted as long
> > +as temporary files are deleted by the end of the target, and not
> > +reused by subsequent execution of the target. This restriction is
>
> How about:
>
> As an exception, required targets may write to the directory specified
> by the ``TMPDIR`` environment variable (or ``/tmp`` if that is not
> set), provided that files created in that directory are deleted before
> the target completes and are not reused by subsequent executions of
> the target.
>
> This explicitly states that this is an environment variable and makes it
> clear that it refers to a directory.
I may be wrong but I expect that a lot of packages targets leaves stray
files and directory in /tmp (that are created by mktemp but not removed)
but not reused, and also that some of them fail to honor TMPDIR.
Do we have some data about this ?
Cheers,
--
Bill. <ballombe@debian.org>
Imagine a large red swirl here.
Reply to: