rpms/tetex-font-cm-lgc/devel tetex-font-cm-lgc.spec,1.7,1.8
Paul Howarth
paul at city-fan.org
Wed Nov 2 14:26:43 UTC 2005
On Wed, 2005-11-02 at 14:48 +0200, Sarantis Paskalis wrote:
> On Wed, Nov 02, 2005 at 01:20:35PM +0100, Ralf Corsepius wrote:
> > On Wed, 2005-11-02 at 13:42 +0200, Sarantis Paskalis wrote:
> > > On Wed, Nov 02, 2005 at 12:15:19PM +0100, Ralf Corsepius wrote:
> > > > On Wed, 2005-11-02 at 05:59 -0500, Sarantis Paskalis wrote:
> > > > > - /usr/bin/updmap-sys --quiet --nohash --outputdir %{texmf}/dvips/config --disable cm-lgc.map
> > > > > + updmap-sys --quiet --nohash --disable %{texpkg}.map
> > > > > fi
> > > > > +texhash
> > > > Why did you replace /usr/bin/updmap-sys with updmap-sys?
> > > >
> > > > To me, this is a regression.
> > >
> > > I tend to agree with the comment in
> > > http://www.redhat.com/archives/fedora-extras-list/2005-October/msg00593.html
> >
> > You are running programs in %post and %postun scriptlets. Just stick a
> > broken or malicious program somewhere into path, and you are breaking
> > the user's system.
>
> You have a point that these operations are not so much protected as
> others in the main building procedure. However, you would need a
> malicious program before (not anywhere) the valid one in the
> administrator's path (not just any user's).
>
> I will revert the change (readd the /usr/bin), but I think we should
> have guidelines for these issues such as:
>
> - If the spec file contains commands in the building stage
> (%prep, %build, %install), then use the plain command name, i.e. foo
> instead of /usr/bin/foo
>
> - If the spec file contains commands in the installation/removal
> stage, i.e. user run scriptlets (%pre, %preun, %post, %postun),
> then use the absolute command path, i.e. /usr/bin/foo
>
> What do you think?
I think the full command path should be used everywhere. Whilst this
will make no difference in the Extras build system, it's worth
remembering that people will download the SRPMs and build them manually
for a bunch of different reasons (e.g. building for a different distro
such as CentOS, building with different --with options etc.) and that
specifying full paths will result in more consistent results in such
cases where people might have other versions of commands installed
earlier in their own PATH.
Paul.
--
Paul Howarth <paul at city-fan.org>
More information about the fedora-extras-list
mailing list