From owner-freebsd-ports@FreeBSD.ORG Sat Aug 25 01:36:23 2012 Return-Path: Delivered-To: ports@FreeBSD.org Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by hub.freebsd.org (Postfix) with ESMTP id 7634D106564A; Sat, 25 Aug 2012 01:36:23 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 3103A14D94D; Sat, 25 Aug 2012 01:36:23 +0000 (UTC) Message-ID: <50382C15.5050209@FreeBSD.org> Date: Fri, 24 Aug 2012 18:36:21 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: Glen Barber References: <97612B57-1255-4BB3-A6D3-FC74324C6D67@FreeBSD.org> <20120824081543.GB2998@ithaqua.etoilebsd.net> <50380269.6020003@FreeBSD.org> <67BB0A66-A9D2-4257-A91E-C249B8076A87@gmail.com> <20120825003346.GA1345@glenbarber.us> In-Reply-To: <20120825003346.GA1345@glenbarber.us> X-Enigmail-Version: 1.4.3 OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Jonathan Anderson , ports@FreeBSD.org, Baptiste Daroussin , current@FreeBSD.org, Steve Wills Subject: Re: pkgng suggestion: renaming /usr/sbin/pkg to /usr/sbin/pkg-bootstrap X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Aug 2012 01:36:23 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 8/24/2012 5:33 PM, Glen Barber wrote: > On Sat, Aug 25, 2012 at 01:25:15AM +0100, Jonathan Anderson wrote: >> On 24 Aug 2012, at 23:38, Doug Barton wrote: >>> Let me rephrase that more simply ... very few users are ever going to >>> need the bootstrapping tool that will be in the base. >> > > So, then they won't use it. I fail to see the problem here. That's because you're not paying attention. :) Which comes first in your PATH, /usr/sbin, or /usr/local/sbin? Which comes first in the default PATH? What Baptiste said is that the way /usr/sbin/pkg works is to take arguments handed to it and pass them through to /usr/local/sbin/pkg. That means that every user who has their PATH configured in the default manner (which is what every security text on Unix has recommended for 30 years) will be using /usr/sbin/pkg every time they type the pkg command. >> But surely the whole point of pkgng is that people *will* use pkg >> as the default method of acquiring third-party software, so they'll >> want to "pkg install foo" and have it Just Work. To say either "you >> must download the ports tree in order to use binary packages" or >> "you must use pkg_add to install pkg" seems to miss the point... >> > > /usr/sbin/pkg installs /usr/local/sbin/pkg without requiring the Ports > Collection to be available locally. It does much more than that. Go read the code. As to the security related problems, they should be obvious. Having 1 binary that is always executed to pass arguments to another binary at minimum doubles your attack surface. Given what /usr/sbin/pkg does, it more than doubles it. Not to mention the flat out wrong-headed design of having a binary that will be run as root whose primary purpose is to pass arguments to another binary. The reason this defeats the purpose of putting pkg in the ports tree is that if there is a bug in /usr/sbin/pkg (which of course, there will be) then it has to be fixed in the base, with all of the consequent drama and delays that this will entail. If there is a bug in /usr/local/bin/pkg, it gets fixed in the ports tree and instantly updated, which is part of the virtue of having it in the ports tree in the first place. Given that if we do the rollout properly the bootstrap function will be limited to a very small percentage of users, it makes sense to split that function out into a separate, limited binary; and not pollute the pkg stream with extra cruft it does not need. > What I would like to know, is why all the anti-progress emails[1] have > to wait until the Last Minute(tm) when information on pkgng availability > has been available for quite some time now. First off, I resent being told that because I'm raising legitimate issues with something that I am being "obstructionist," or "anti-progress." And my concerns are certainly not "last minute." I've been raising concerns about pkg since day 1, and given that there is still no coherent, comprehensive project plan about the migration it's not at all surprising that others are also starting to discover daemons in the details. It's also part and parcel of life in an open source project. Most people don't pay attention about most things until they feel that it will be affecting them. This is doubly true in open source. Given how well-known this issue is, it should be planned for in any kind of big project such as this. It's probably also worth mentioning that there are only so many hours in the day, so one has to prioritize. Doug - -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (MingW32) iQEcBAEBCAAGBQJQOCwUAAoJEFzGhvEaGryEcpgH/2CAPBCldr7HlTjIzErqtbTO S0ZaI0RabwEk85+HuFCmBLTbdKqVjGYcLqIbz7l6wOa20N1rPARtBDy5DkrMrL6s 5YAgWiZ43FyKQ4826VDVBvhPqxXMD0O+sETs2kskFUkV73u/r1/8EpfZgwCDk9F9 G8hqMVTRyoWgoh1HIaBba5/m4D7+UGPYE2w8M3QAGSULePYJLgaRdu+jd2aNBrJD NFjY4lyLbitbIH1/fYHDR90KqlBVP6vr+bWUvdoHFJQ0W0HQw7wMtamo418SlORI qfTaoHL4sA1sggHrlUVvxjgWbAtIcYT2F3K+u34yTaWAoqxoN9pzRy3GWXyFRzM= =PNr3 -----END PGP SIGNATURE-----