Clay Caviness
2013-Jul-15 16:38 UTC
[Puppet Users] facter 1.6.18 tarball has a dangerous mac preflight script
The facter 1.6.18 tarball has many issues. First, the
ext/osx/createpackage.sh script still uses packagemaker, which is
deprecated. And even if it used that, there are a few references to files
in the now-deleted conf/osx/ directory.
So it''s pretty difficult to create a Mac pkg from this, but after some
tweaking of the createpackage.sh script, I managed to do it! I ran the
package it created, and noticed the preflight script was taking a looooong
time to run. I looked at it, and ...
Well, here is the last two lines of the preflight as shipped in the tarball:
$ tail -2 ext/osx/preflight
# remove old doc files
/bin/rm -Rf "${3}/"
Pop quiz for everyone: what could go wrong here? I''ll give a hint, when
installing a Mac package, $3 is set to the path of the target install
volume.
Looking at the source in git, I''m not sure how this preflight got into
this
state; all the packaging stuff is currently a mess (both facter and puppet
are still using the long-deprecated packagemaker tool, among other issues).
Anyway, thankfully I caught this before it killed my local home, but I did
have to re-image.
(Filed http://projects.puppetlabs.com/issues/21760 with the contents of
this email, as well.)
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
Matthaus Owens
2013-Jul-15 16:59 UTC
Re: [Puppet Users] facter 1.6.18 tarball has a dangerous mac preflight script
Clay, I''ve opened a pull to address this issue. We have long since stopped using the createpackage.sh task internally for building apple packages and instead use our shared rake tasks. Specifically, `rake package:bootstrap` followed by `rake package:apple` is how we build packages internally for release. On Mon, Jul 15, 2013 at 9:38 AM, Clay Caviness <ccaviness@gmail.com> wrote:> The facter 1.6.18 tarball has many issues. First, the > ext/osx/createpackage.sh script still uses packagemaker, which is > deprecated. And even if it used that, there are a few references to files in > the now-deleted conf/osx/ directory. > > So it''s pretty difficult to create a Mac pkg from this, but after some > tweaking of the createpackage.sh script, I managed to do it! I ran the > package it created, and noticed the preflight script was taking a looooong > time to run. I looked at it, and ... > > Well, here is the last two lines of the preflight as shipped in the tarball: > $ tail -2 ext/osx/preflight > # remove old doc files > /bin/rm -Rf "${3}/" > > Pop quiz for everyone: what could go wrong here? I''ll give a hint, when > installing a Mac package, $3 is set to the path of the target install > volume. > > Looking at the source in git, I''m not sure how this preflight got into this > state; all the packaging stuff is currently a mess (both facter and puppet > are still using the long-deprecated packagemaker tool, among other issues). > > Anyway, thankfully I caught this before it killed my local home, but I did > have to re-image. > > (Filed http://projects.puppetlabs.com/issues/21760 with the contents of this > email, as well.) > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscribe@googlegroups.com. > To post to this group, send email to puppet-users@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-users. > For more options, visit https://groups.google.com/groups/opt_out. > >-- Matthaus Owens Release Manager, Puppet Labs Join us at PuppetConf 2013, August 22-23 in San Francisco - http://bit.ly/pupconf13 Register now and take advantage of the Early Bird discount - save 25%! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.