Date: Sun, 13 Oct 2013 16:30:26 +0200 From: "Peter Looyenga" <pl@catslair.org> To: "'Baptiste Daroussin'" <bapt@FreeBSD.org> Cc: freebsd-ports@freebsd.org Subject: RE: stagedir vs. jail Message-ID: <003401cec820$c2bbcf80$48336e80$@catslair.org> In-Reply-To: <20131013115031.GF91605@ithaqua.etoilebsd.net> References: <20131013105853.GA63463@doom-labs.net> <20131013115031.GF91605@ithaqua.etoilebsd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 13, 2013 at 12:58:53PM +0200, Ekkehard Gehm wrote: > Nope that doesn't work as there is no way to globally disable staging, > if you add NO_STAGE in make.conf all you end up with is a messed package db, if > you are very very lucky it might sometime work. I know this method is frowned upon because it's not a method which was intended to be used by end users, but I have to disagree with you here: this setting seems to work flawlessly in disabling staging. In my situation I'm using a /tmp directory which has the exec flag disabled in order to prevent escalation whenever a customer website uses scripts which aren't as secured as they (c/sh)ould have been. At the very least it blocks 3rd parties from having an easy place to execute their stuff. Ever since staging was introduced I've been having issues where installations or upgrades stopping somewhere near the end and gave an error that the script couldn't execute ./INSTALL. It took me a while but I traced it back to the use of the pkg_add command; apparently it's used to install the created package but without pointing it to a dedicated temporary directory, thus pkg_add defaults to using either /var/tmp or /tmp. Both of which have exec disabled on my system, and so the installation fails. Needless to say but as soon as I specify NO_STAGING on the commandline or in make.conf (which I've been using during upgrade sessions from FreeBSD 9.1 to 9.2 where I rebuild some ports to be sure everything kept working optimally) the whole installation process seems to resort to the previous situation and I get no errors regarding ./INSTALL which can't be executed. Using portmaster or the pkg_info / pkg_version tools also don't show any problems with my package database. Though I could imagine things to be different when using pkgng, I haven't experimented much with that as of yet. As said; I realize that this may not have been intended and it may be ill advised, but at this point this surely seems to be a very effective way to turn staging off. Right now the new stating process gives me more bother than advantages unfortunately. I can understand the theoretical advantages, but fact of the matter is that those don't apply on my situation. With kind regards, Peter -- .\\ S/MIME public key: http://www.catslair.org/pubkey.crt +- My semi-private Root CA: http://ssl.losoco.nl/losoco.crt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003401cec820$c2bbcf80$48336e80$>