1

[alpine-devel] [PATCH] testing/unix-privesc-check: new aport

Fabio Aires
Details
Message ID
<1417030419-19458-1-git-send-email-fabioaires.web@gmail.com>
Sender timestamp
1417030419
DKIM signature
missing
Download raw message
Patch: +51 -0
---
 testing/unix-privesc-check-svn/APKBUILD | 51 +++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 testing/unix-privesc-check-svn/APKBUILD

diff --git a/testing/unix-privesc-check-svn/APKBUILD b/testing/unix-privesc-check-svn/APKBUILD
new file mode 100644
index 0000000..672dfaa
--- /dev/null
+++ b/testing/unix-privesc-check-svn/APKBUILD
@@ -0,0 +1,51 @@
+# Contributor: Fabio Aires <fabioaires.web@gmail.com>
+# Maintainer: Fabio Aires <fabioaires.web@gmail.com>
+
+_pkgname="unix-privesc-check"
+pkgname="$_pkgname-svn"
+pkgver=362
+pkgrel=1
+pkgdesc="Shell script to check for simple privilege escalation vectors on Unix systems."
+url="https://aur.archlinux.org/packages/unix-privesc-check-svn/"
+arch="noarch"
+license="GPL2"
+depends=""
+depends_dev="subversion"
+makedepends="$depends_dev"
+install=""
+subpackages=""
+source="https://aur.archlinux.org/packages/un/$pkgname/$pkgname.tar.gz"
+
+_builddir="$srcdir/$pkgname"
+prepare() {
+	local i
+	cd "$_builddir"
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
+}
+
+build() {
+	cd "$_builddir"
+	svn co http://$_pkgname.googlecode.com/svn/trunk
+}
+
+package() {
+	cd "$_builddir"
+
+	touch files_cache.temp
+	touch privileged_cache.temp 
+  	
+	install -d "$pkgdir"/usr/bin
+	install -d "$pkgdir"/usr/share/$_pkgname		
+	install -Dm0755 $_pkgname.sh "$pkgdir"/usr/bin/$_pkgname
+	install -Dm0666 files_cache.temp "$pkgdir"/usr/share/$_pkgname
+	install -Dm0666 privileged_cache.temp "$pkgdir"/usr/share/$_pkgname
+	cp -r trunk/* "$pkgdir"/usr/share/$_pkgname
+}
+
+md5sums="6a3a3d7e37cbcd434f05a4b980e558bf  unix-privesc-check-svn.tar.gz"
+sha256sums="6c0c14cb9fae6c65efaf3b3bebe1fb1555900a0ddffa9cc7645278cd9941dc7f  unix-privesc-check-svn.tar.gz"
+sha512sums="039328039c06be9f909dd2b938d075705f402d75b830a179731c480851dee319dfd677fe5863c860b182458f52972a40a3b699e004958c78158c06763c9d5bd8  unix-privesc-check-svn.tar.gz"
-- 
1.8.2.3



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Natanael Copa
Details
Message ID
<20141127134914.1ae958cf@ncopa-desktop.alpinelinux.org>
In-Reply-To
<1417030419-19458-1-git-send-email-fabioaires.web@gmail.com> (view parent)
Sender timestamp
1417092554
DKIM signature
missing
Download raw message
On Wed, 26 Nov 2014 19:33:39 +0000
Fabio Aires <fabioaires.web@gmail.com> wrote:

> ---
>  testing/unix-privesc-check-svn/APKBUILD | 51 +++++++++++++++++++++++++++++++++
>  1 file changed, 51 insertions(+)
>  create mode 100644 testing/unix-privesc-check-svn/APKBUILD
> 
> diff --git a/testing/unix-privesc-check-svn/APKBUILD b/testing/unix-privesc-check-svn/APKBUILD
> new file mode 100644
> index 0000000..672dfaa
> --- /dev/null
> +++ b/testing/unix-privesc-check-svn/APKBUILD
> @@ -0,0 +1,51 @@
> +# Contributor: Fabio Aires <fabioaires.web@gmail.com>
> +# Maintainer: Fabio Aires <fabioaires.web@gmail.com>
> +
> +_pkgname="unix-privesc-check"
> +pkgname="$_pkgname-svn"
> +pkgver=362
> +pkgrel=1

unlike archlinux, we start pkgrel from 0.

> +pkgdesc="Shell script to check for simple privilege escalation vectors on Unix systems."
> +url="https://aur.archlinux.org/packages/unix-privesc-check-svn/"
> +arch="noarch"
> +license="GPL2"
> +depends=""
> +depends_dev="subversion"
> +makedepends="$depends_dev"
> +install=""
> +subpackages=""
> +source="https://aur.archlinux.org/packages/un/$pkgname/$pkgname.tar.gz"

...

> +
> +build() {
> +	cd "$_builddir"
> +	svn co http://$_pkgname.googlecode.com/svn/trunk

I am not really happy with this. Lets imagine that in 1 year ahead of
time, a user reports a bug. To be able to reproduce, a developer checks
out the affected revision from aports git and rebuilds it. But guess
what, he does not get same version as user reporting the problem,
instead he gets todays svn.

Also, we normally don't want provide 2 years support for a random
development revision. Instead we want upstream maintainer make a proper
release and we ship that. If upstream don't want support a release, why
should we do it?

If we want support a random svn revision anyway, then we should make a
release tarball of it and upload it some place. In other words, we will
be doing a release for upstream. (again, if upstream don't want take
responsability for their own code, why would we want do that?)

So I'd file a bug upstream, asking them to create a release.

If they reject make release, and you still want do it for them, then
I'd recommend using pkgver=0_svn362 and either use the archlinux
tarball that you fetch with $source or have svn to check out the exact
revision/tag instead of just grabbing current trunk.

-nc



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---