[Slackbuilds-users] Fwd: Re: slackbuild script dangers [volkerdi at slackware.com]
Robby Workman
rworkman at slackbuilds.org
Sun Nov 5 15:17:24 UTC 2006
Mark Flacy wrote:
>
> You might find the attached email interesting. I intend to modify any scripts which I write according to Pat's response.
As Eric Hameleers incicated, we have two measures in place to
prevent modifying the ownership/permissions of /tmp:
1. Build in a subdirectory of /tmp: TMP=${TMP:-/tmp/SBo}
2. Use of command || exit 1 in numerous places to cause
the script to exit if something doesn't occur correctly.
As Martin suggested, some of his (and other) scripts also use
the 'set -e' parameter, which accomplishes the same thing as
command || exit 1 for the most part.
We implemented these things early in the project's life, mainly
because I and several others had experienced those same problems
in /tmp. Of course, there is a third good solution as well:
don't build packages on a production box - have a second box
set up for development purposes only, use a qemu image, and/or
use a chroot environment on your production box.
Thanks for the information and support, Mark; we appreciate it!
:-)
RW
--
http://slackbuilds.org
More information about the Slackbuilds-users
mailing list