On 12/19/2017 10:23 PM, Gary E. Miller via devel wrote:
>> F) .pth file in /usr/.../pythonX.Y/-packages
>
> Uh, no. I looked at this some more. That first ... can only be lib,
> lib32 or lib64. Waf can not write there, Python only looks there.
Agreed. We can either tell the user to write t
On Tue, Dec 19, 2017 at 04:17:07AM -0800, Hal Murray via devel wrote:
> I can't find an useful error message. Where am I supposed to look?
>
>
> Your pipeline has failed.
> ...
> Commit: e869f3ce ( https://gitlab.com/NTPsec/ntpsec/commit/e869f3ce9c2c6221cee
> ca1b0d8f7b5559f4dd9dc )
> ...
> Pipe
On Tue, Dec 19, 2017 at 08:23:08PM -0800, Gary E. Miller via devel wrote:
> Also, remember that we have the contraint where the user may have all four
> of these installed:
>
> /usr, /usr/lib, ~user, gitclone. If you have a .pth, then you can no
> longer use waf to run regression tests on the gi
On Tue, Dec 19, 2017 at 09:00:48PM -0600, Richard Laager via devel wrote:
> On 12/19/2017 07:50 PM, Gary E. Miller via devel wrote:
>
> I think we're on the same page.
>
> > I) waf could install a file in /usr/local/etc to tell ntpsec Python
> > programs where to look.
>
> How does the utility k
Yo Richard!
On Tue, 19 Dec 2017 21:00:48 -0600
Richard Laager wrote:
> On 12/19/2017 07:50 PM, Gary E. Miller via devel wrote:
>
> I think we're on the same page.
>
> > I) waf could install a file in /usr/local/etc to tell ntpsec Python
> > programs where to look.
>
> How does the utility k
On Wed, Dec 06, 2017 at 02:49:07PM -0500, Eric S. Raymond wrote:
> Matthew Selsky via devel :
> > On Wed, Dec 06, 2017 at 12:25:14PM -0500, Eric S. Raymond via devel wrote:
> >
> > > I have a different plan. I always write doc patches as part of my
> > > change commits; my discipline is to preven
On 12/19/2017 07:50 PM, Gary E. Miller via devel wrote:
I think we're on the same page.
> I) waf could install a file in /usr/local/etc to tell ntpsec Python
> programs where to look.
How does the utility know to look in /usr/local/etc? If we have to put
the PREFIX into the utility, this is a mo
Yo All!
To follow up to my recent post:
> > F) If the user unsets PYTHONPATH in their environment and creates
> > /usr/lib/pythonX.Y/site-packages/local.pth with the contents (no
> > quotes) "/usr/local/pythonX.Y/site-packages/ntp", NTPsec's python
> > utilities will then work.
>
> Maybe. Not
Yo Richard!
On Tue, 19 Dec 2017 18:42:52 -0600
Richard Laager wrote:
> On 12/19/2017 06:30 PM, Gary E. Miller via devel wrote:
> > On Tue, 19 Dec 2017 18:22:11 -0600
> > Richard Laager wrote:
> >
> >> On 12/19/2017 05:48 PM, Gary E. Miller via devel wrote:
> >>> I never, ever, ever, consid
On 12/19/2017 06:30 PM, Gary E. Miller via devel wrote:
> On Tue, 19 Dec 2017 18:22:11 -0600
> Richard Laager wrote:
>
>> On 12/19/2017 05:48 PM, Gary E. Miller via devel wrote:
>>> I never, ever, ever, considered PYTHONPATH == sys.path.
>>
>> Do you agree that sys.path is the authoritative lis
Yo Richard!
On Tue, 19 Dec 2017 18:22:11 -0600
Richard Laager wrote:
> On 12/19/2017 05:48 PM, Gary E. Miller via devel wrote:
> > I never, ever, ever, considered PYTHONPATH == sys.path.
>
> Do you agree that sys.path is the authoritative list of directories
> that are actually searched at ru
On 12/19/2017 05:48 PM, Gary E. Miller via devel wrote:
> I never, ever, ever, considered PYTHONPATH == sys.path.
Do you agree that sys.path is the authoritative list of directories that
are actually searched at run-time, by the python interpreter?
--
Richard
signature.asc
Description: OpenPG
Yo Richard!
On Tue, 19 Dec 2017 17:43:40 -0600
Richard Laager wrote:
> On 12/19/2017 02:53 PM, Gary E. Miller via devel wrote:
> > On Tue, 19 Dec 2017 00:26:47 -0600
> > Richard Laager wrote:
> >
> >> On 12/18/2017 09:10 PM, Gary E. Miller via devel wrote:
> >>> On Fri, 8 Dec 2017 22:34:46
On 12/19/2017 02:53 PM, Gary E. Miller via devel wrote:
> On Tue, 19 Dec 2017 00:26:47 -0600
> Richard Laager wrote:
>
>> On 12/18/2017 09:10 PM, Gary E. Miller via devel wrote:
>>> On Fri, 8 Dec 2017 22:34:46 -0600
>>> Richard Laager wrote:
When you say PYTHONPATH, do you mean:
Yo Richard!
On Tue, 19 Dec 2017 17:26:53 -0600
Richard Laager wrote:
> On 12/19/2017 02:38 PM, Gary E. Miller via devel wrote:
> > #1 `./waf configure --prefix=/usr` is a system install.
>
> > #3 `./waf configure --prefix=/home/...` is a user install.
>
> >> Package builds are:
> >> ./wa
On 12/19/2017 02:38 PM, Gary E. Miller via devel wrote:
> #1 `./waf configure --prefix=/usr` is a system install.
> #3 `./waf configure --prefix=/home/...` is a user install.
>> Package builds are:
>> ./waf configure --prefix=/usr
>> ./waf install --destdir=some_tmp_path
> Yup, that is a #3.
Yo Richard!
On Tue, 19 Dec 2017 00:26:47 -0600
Richard Laager wrote:
> On 12/18/2017 09:10 PM, Gary E. Miller via devel wrote:
> > On Fri, 8 Dec 2017 22:34:46 -0600
> > Richard Laager wrote:
> >> When you say PYTHONPATH, do you mean:
> >>
> >> 1) "a custom directory set in the environment var
Yo Richard!
On Tue, 19 Dec 2017 14:03:07 -0600
Richard Laager wrote:
> On 12/19/2017 01:50 PM, Gary E. Miller via devel wrote:
> > I'm confused. To me, if you use --prefix, or DESTDIR, then you are
> > explicitly NOT doing a system install. A system install MUST go
> > in /usr, per the FHS, an
On 12/19/2017 01:42 PM, Hal Murray via devel wrote:
> My notes in ntpd.c at ENABLE_EARLY_DROPROOT say it doesn't work with SHM or
> NetBSD. Can we fix the SHM stuff? I've long been scheming on making the
> ntpd side of SHM read-only but that won't be a quick fix.
> Richard: Have you tried earl
On 12/19/2017 01:50 PM, Gary E. Miller via devel wrote:
> I'm confused. To me, if you use --prefix, or DESTDIR, then you are
> explicitly NOT doing a system install. A system install MUST go
> in /usr, per the FHS, and your DESTDIR is preventing that. So now
> you are a #3.
I, and probably Achi
Yo Achim!
On Tue, 19 Dec 2017 11:19:00 +0100
Achim Gratz via devel wrote:
> Gary E. Miller via devel writes:
> > Whoa! Hold up right there. waf has absolutely nothing to do with
> > #1 above in any binary distro. To prepare a package for a binary
> > distro the maintainer actually does a #3,
> The question by Richard still stands, though: we should not do anything as
> root that can be done with lesser privileges, so why not defer reading the
> drift file until after we've dropped root? That would be vastly preferrable
> to any of the other workarounds discussed.
The original idea
Hal Murray via devel writes:
> I'm not following what you are trying to describe.
>
> If a bad guy can set things up so the write to a file does something nasty,
> can't they just do the nasty stuff directly?
The point is that they can sometimes do even more nasty things,
privilege escalation so
I can't find an useful error message. Where am I supposed to look?
Your pipeline has failed.
...
Commit: e869f3ce ( https://gitlab.com/NTPsec/ntpsec/commit/e869f3ce9c2c6221cee
ca1b0d8f7b5559f4dd9dc )
...
Pipeline #15285363 ( https://gitlab.com/NTPsec/ntpsec/pipelines/15285363 )
triggered by Hal
> That's not a fix, that's creating a latent security problem with clobbering
> a file name that's known in advance so you can plant things under that name
> and have it overwrite a different file that you normally wouldn't be able to
> access.
I'm not following what you are trying to describe.
Hal Murray via devel writes:
> I just pushed a fix for Issue #409. The drift file now gets created with the
> normal protection modes rather than 600 so apparmor should be happy when
> reading it as root during startup. (Unless you have a non-standard default
> mode. ...)
That's not a fix, t
I just pushed a fix for Issue #409. The drift file now gets created with the
normal protection modes rather than 600 so apparmor should be happy when
reading it as root during startup. (Unless you have a non-standard default
mode. ...)
I also added a few more uses of uptime_t and removed se
Gary E. Miller via devel writes:
> Whoa! Hold up right there. waf has absolutely nothing to do with
> #1 above in any binary distro. To prepare a package for a binary distro
> the maintainer actually does a #3, then puts the binaries, man pages,
> config files, etc. into a distro spacific packag
28 matches
Mail list logo
