Subject: pkg/34816: pkgtools/pkg_chk-1.82 uses /tmp unconditionally for scratch
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <jbernard@mines.edu>
List: pkgsrc-bugs
Date: 10/14/2006 19:20:02
>Number: 34816
>Category: pkg
>Synopsis: pkgtools/pkg_chk-1.82 uses /tmp unconditionally for scratch
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Sat Oct 14 19:20:02 +0000 2006
>Originator: Jim Bernard
>Release: NetBSD 4.99.2
>Organization:
>Environment:
System: NetBSD 4.99.2 #0: Sat Sep 16 12:17:30 MDT 2006 i386
Architecture: i386
Machine: i386
>Description:
The pkg_chk shell script unconditionally puts its scratch
directory under /tmp and sets TMPDIR to the directory created.
This can lead to filling of the file system containing /tmp
when installing large package trees, and externally setting
TMPDIR doesn't help.
While I'm here: I noticed that pkg_chk executes pkg_add,
pkg_delete, and pkg_info as arguments to /usr/bin/env, but
/usr/bin/env is given no flags, nor any environment variables
to set, and the programs are specified by full path names,
such as "/usr/bin/env /usr/sbin/pkg_add ...". That would seem
to make the use of /usr/bin/env superfluous. Perhaps the intent
was to execute the version of (e.g.) pkg_add in the location where
the shell would find it in $PATH. If so, then it's appropriate
to use just (e.g.) "/usr/bin/env pkg_add ..." without the path
prefix to pkg_add.
>How-To-Repeat:
Run pkg_chk with TMPDIR set to, say, /var/tmp, and notice that
the temporary directory it creates is in /tmp. Or just read
the script.
>Fix:
Here's a candidate patch.
--- /usr/pkg/sbin/pkg_chk 2006-10-14 09:57:23.000000000 -0600
+++ ./pkg_chk 2006-10-14 12:50:20.000000000 -0600
@@ -86,12 +86,12 @@
done
}
cleanup_and_exit()
{
- rm -f $TMPFILE
- rmdir $TMPDIR
+ rm -f $PKG_CHK_TMPFILE
+ rmdir $PKG_TMPDIR
exit "$@"
}
delete_pkgs()
{
@@ -246,13 +246,13 @@
${PKG_INFO} -. -q -b $PACKAGES/$PKGNAME$PKG_SUFX | ${GREP} .
return
fi
# Unfortunately pkgsrc always outputs to a file, but it does helpfully
# allows # us to specify the name
- rm -f $TMPFILE
- ${MAKE} _BUILD_VERSION_FILE=$TMPFILE $TMPFILE
- cat $TMPFILE
+ rm -f $PKG_CHK_TMPFILE
+ ${MAKE} _BUILD_VERSION_FILE=$PKG_CHK_TMPFILE $PKG_CHK_TMPFILE
+ cat $PKG_CHK_TMPFILE
}
list_packages()
{
# DEPCHECKLIST contains packages for which binary packages are known to
@@ -666,12 +666,12 @@
if [ $# != 0 ];then
usage "Additional argument ($*) given"
fi
-TMPDIR=`mktemp -d /tmp/${0##*/}.XXXXXX`
-TMPFILE=$TMPDIR/tmp
+export PKG_TMPDIR=`mktemp -d ${PKG_TMPDIR:-${TMPDIR:-/tmp}}/${0##*/}.XXXXXX`
+PKG_CHK_TMPFILE=$PKG_TMPDIR/tmp
# Hide PKG_PATH to avoid breakage in 'make' calls
saved_PKG_PATH=$PKG_PATH
unset PKG_PATH || true