doc/patchqueue/lib-fixup.mdwn


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

I'm using Ikiwiki on a box where I don't have root access, so I install all of my Perl modules in `~/lib`. The `ikiwiki.in` script is ran in Taint mode, which means that it ignores the contents of `$ENV{PERL5LIB}`. The result is that the current versions of the pre-requisite modules I've installed in `~/lib` are ignored by `./make`, which uses the outdated, and therefore incompatible versions, from the system-wide `@INC`... ;-)

I imagine that there's a clean and elegant solution to this, but the hack I'm currently using is to have `./make` alter `ikiwki.in` before it's run, by inserting `use lib ...` lines for each of the directories in `$ENV{PERL5LIB}`. Again, this is clearly ugly, but it allows me to run `./make`, so I'm submitting it FWIW.

> I don't like this patch because it's not expected that an environment
> variable will stick around outside the shell that it's set in. It could
> lead to suprising behavior if PERL5LIB happened to be set during build,
> and it's even possible for it to lead to security issues, imagine if I
> accidentially built the debian package of ikiwiki with PERL5LIB set --
> then it would be hardcoded to look in /home/joey for libraries, which
> someone with a "joey" account elsewhere could use to exploit it.
>
> You could remove the taint switch locally, it's very unlikely to find
> tainting problems that nobody else has noticed. --[[Joey]]

<pre> 
Index: Makefile.PL
===================================================================
--- Makefile.PL (revision 2630)
+++ Makefile.PL (working copy)
@@ -24,6 +24,7 @@
 )
 
 extra_build:
+       LANG=C ./lib-fixup.pl ikiwiki.in
        LANG=C ./ikiwiki.in doc html --templatedir=templates \
                --underlaydir=basewiki \
                --wikiname="ikiwiki" --verbose --no-rcs \
Index: lib-fixup.pl
===================================================================
--- lib-fixup.pl        (revision 0)
+++ lib-fixup.pl        (revision 0)
@@ -0,0 +1,9 @@
+#!/usr/bin/perl -i.bak -p
+use strict;
+use warnings;
+my @dirs = $ENV{PERL5LIB} =~ /:/ ? split /:/, $ENV{PERL5LIB} : $ENV{PERL5LIB};
+if (@dirs) {
+    my $libs = join('', map { " use lib '$_';\n" } @dirs);
+    s/(use IkiWiki;)/$libs$1/;
+}
+ 

Property changes on: lib-fixup.pl
___________________________________________________________________
Name: svn:executable
   + *

</pre>