From unknown Sat Jun 14 03:52:02 2025 X-Loop: help-debbugs@gnu.org Subject: bug#47735: Non-absolute paths in mariadb scripts Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 12 Apr 2021 20:15:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 47735 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 47735@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.161825846320059 (code B ref -1); Mon, 12 Apr 2021 20:15:01 +0000 Received: (at submit) by debbugs.gnu.org; 12 Apr 2021 20:14:23 +0000 Received: from localhost ([127.0.0.1]:58170 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lW2wx-0005DT-6Z for submit@debbugs.gnu.org; Mon, 12 Apr 2021 16:14:23 -0400 Received: from lists.gnu.org ([209.51.188.17]:59556) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lW2wv-0005DM-IZ for submit@debbugs.gnu.org; Mon, 12 Apr 2021 16:14:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39598) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lW2wv-0001nD-Bc for bug-guix@gnu.org; Mon, 12 Apr 2021 16:14:21 -0400 Received: from xavier.telenet-ops.be ([2a02:1800:120:4::f00:14]:37634) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lW2wt-0005T2-E4 for bug-guix@gnu.org; Mon, 12 Apr 2021 16:14:21 -0400 Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by xavier.telenet-ops.be with bizsmtp id rwEG2400S0mfAB401wEGRi; Mon, 12 Apr 2021 22:14:16 +0200 Message-ID: From: Maxime Devos Date: Mon, 12 Apr 2021 22:14:16 +0200 Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-EegobTzlmbDqCRqsfaYf" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1618258456; bh=mNTmoCYrIN1cAeh8K7E3BHvKEJExOC6nU21dJOlmbQo=; h=Subject:From:To:Date; b=jTjjtwa/4k++SMuxFnINzdQ77DZzMAKG+BIbnPAYwJLcnu3FNBDgcoVucQq5vwdAk F0F5BQeW7BgKgXEaqsWzKeCruTccueEG9h7/l2MjkiAjE7DWqoxhRA2A1zGjFsWmMj 3QHM7SVN4Rrdyk7zCCXhMy4D03aJZT1k3uqyDkJqv4hsFDwUcxnfuJ3DVfcsf1nyMr 6niZwI6cRyO7+sqCWQvBtyouX+ROfpO3QbyWBasjaArNADXmoJFptOQlpf/3pQYgYr axiJMAP7aK+smT2AH21TbRRc2w7vebWMpgiuC3MOhx6fZm/YAHQAQ9WXYmawQDrOok HzqXHgzEirasA== Received-SPF: pass client-ip=2a02:1800:120:4::f00:14; envelope-from=maximedevos@telenet.be; helo=xavier.telenet-ops.be X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.2 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --=-EegobTzlmbDqCRqsfaYf Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Guix, As part of , it was discovered some shell scripts in the mariadb package (e.g. wsrep_sst_rsync) refer to programs *not* by absolute name. These programs come from iproute, coreutils, gawk, grep and mariadb itself. It seems some substitutions are in order. Some complications: some of these scripts are only required in certain configurations. It's not ideal to increase the closure with rsync and xbcrypt if they turn out not to be needed ... Greetings, Maxime. --=-EegobTzlmbDqCRqsfaYf Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYHSqGBccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7hX3AQDeBnZe95sKlbpKLS6EtqEDd3Aa KKy8baX0K9iusuh4AAEAzxLq5i8ZHn7zV0SaV9sFE188ldDxCTNPqxHEgETuoQ8= =V7yO -----END PGP SIGNATURE----- --=-EegobTzlmbDqCRqsfaYf-- From unknown Sat Jun 14 03:52:02 2025 X-Loop: help-debbugs@gnu.org Subject: bug#47735: Non-absolute paths in mariadb scripts Resent-From: david larsson Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 13 Apr 2021 18:42:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 47735 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Maxime Devos Cc: 47735@debbugs.gnu.org, bug-Guix Received: via spool by 47735-submit@debbugs.gnu.org id=B47735.161833931214865 (code B ref 47735); Tue, 13 Apr 2021 18:42:02 +0000 Received: (at 47735) by debbugs.gnu.org; 13 Apr 2021 18:41:52 +0000 Received: from localhost ([127.0.0.1]:60819 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lWNyy-0003rf-2n for submit@debbugs.gnu.org; Tue, 13 Apr 2021 14:41:52 -0400 Received: from server0.selfhosted.xyz ([217.64.149.7]:39150) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lWNyv-0003rQ-F8 for 47735@debbugs.gnu.org; Tue, 13 Apr 2021 14:41:50 -0400 Received: from server0.selfhosted.xyz (localhost [127.0.0.1]) by server0.selfhosted.xyz (Postfix) with ESMTP id C7CA71D15C60; Tue, 13 Apr 2021 20:41:33 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=selfhosted.xyz; s=dkim; t=1618339302; bh=FtmwfpSpAXA0kvcLGTfqE/iW6+64gj4fyT6eFmMWhSI=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=Q6BCfUWFFIdtQvByE388VVaDjMx0LrCXEf7gSDHgQYKuNqUFf7bM7KzSsDF5VAp6/ Rq5ib2ObiwW0GSQt2mf6++798weFjEnq7sZmCkxfcONXgcgq7Xh84pmjUVqs1AnCwN q0ahJ5IDijBSgFU90r2OjwAUFzik+MWzYOmZadPyDUJYrRYxbDbExQqmVFgGSYjFEQ Wn0mz3Cn16IlN7INsACafFUAHoZdc5OvFPseeEA5cYFoRi/0Rfg31lki4WiyPD159J ryOrH8R5THqxGWS3UpQ67/gPitVBotTh8/uCFAp20EsyAFfjtYSjDPJ7Pi8pVW9uFX GyMq2nku121Hg== X-Fuglu-Suspect: 2a2cd577818a469ab945e7015b41b046 X-Fuglu-Spamstatus: NO Received: from webmail.selfhosted.xyz (office.selfhosted.xyz [192.168.1.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: mail@selfhosted.xyz) by server0.selfhosted.xyz (Postfix) with ESMTPSA; Tue, 13 Apr 2021 20:41:33 +0200 (CEST) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Tue, 13 Apr 2021 20:41:33 +0200 From: david larsson In-Reply-To: References: Message-ID: X-Sender: david.larsson@selfhosted.xyz X-Spam-Score: 0.2 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.8 (/) On 2021-04-12 22:14, Maxime Devos wrote: > Hi Guix, > > As part of , it was discovered > some shell scripts in the mariadb package (e.g. wsrep_sst_rsync) > refer to programs *not* by absolute name. > > These programs come from iproute, coreutils, gawk, grep > and mariadb itself. It seems some substitutions are in order. > > Some complications: > some of these scripts are only required in certain configurations. > It's not ideal to increase the closure with rsync and xbcrypt if > they turn out not to be needed ... > > Greetings, > Maxime. Adding to this, so far we've we discussed possible fixes: 1. Absolutize all invocations in the sripts using (substitute* procedure. - drawback: maintenance hassle. 2. Adding (define %default-environment-variables to the mysql-service and append this to the list-argument of the #:environment-variables keyword in the make-forkexec-constructor procedure. - drawback: doesn't actually fix the mysql package, just the service. 3. Adding a line: "PATH=::" in the scripts. - Not the most elegant solution, but possibly the best one; not too much maintenance and actually fixes both the package and the service. - drawback: It would also increase the closure size of the mysql package. Security issues? Another option, perhaps, would be to have a mysql-minimal package (as the package is today) and a regular mysql package ("mysql-full" with the increase closure size), and you can use whichever package you need in the mysql-service. I don't know which solution I would vote for... Best regards, David L