Bug 174884 - Useless debuginfo package, buildroot traces in installed files
Useless debuginfo package, buildroot traces in installed files
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: R-mAr (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: José Matos
Fedora Extras Quality Assurance
:
Depends On:
Blocks: FE5Target
  Show dependency treegraph
 
Reported: 2005-12-03 07:35 EST by Ville Skyttä
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 1.1-4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-05 05:55:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ville Skyttä 2005-12-03 07:35:34 EST
R-mAr produces an empty, useless debuginfo package; if that's expected, adding a
%define debug_package %{nil} would get rid of it.


Also, some of the installed files contain buildroot traces, which generally may
cause security problems.  I don't know a thing about R, so I don't know if
that's the case.  You can reproduce this by installing the fedora-rpmdevtools
package and making sure your ~/.rpmmacros has /usr/lib/rpm/check-buildroot in
%__arch_install_post (see also fedora-buildrpmtree).

+ /usr/lib/rpm/check-buildroot
Binary file
/var/tmp/R-mAr-1.1-3-buildroot-scop/usr/lib/R/library/mAr/Meta/hsearch.rds matches
Found '/var/tmp/R-mAr-1.1-3-buildroot-scop' in installed files; aborting
error: Bad exit status from /var/tmp/rpm-tmp.73072 (%install)
Comment 1 José Matos 2006-02-16 05:38:10 EST
(In reply to comment #0) 
> R-mAr produces an empty, useless debuginfo package; if that's expected, 
adding a 
> %define debug_package %{nil} would get rid of it. 
 
  I am surprised as well. :-) 
  I did not expect this to happen. :-) 
 
> Also, some of the installed files contain buildroot traces, which generally 
may 
> cause security problems.  I don't know a thing about R, so I don't know if 
> that's the case.  You can reproduce this by installing the 
fedora-rpmdevtools 
> package and making sure your ~/.rpmmacros has /usr/lib/rpm/check-buildroot 
in 
> %__arch_install_post (see also fedora-buildrpmtree). 
>  
> + /usr/lib/rpm/check-buildroot 
> Binary file 
> /var/tmp/R-mAr-1.1-3-buildroot-scop/usr/lib/R/library/mAr/Meta/hsearch.rds 
matches 
> Found '/var/tmp/R-mAr-1.1-3-buildroot-scop' in installed files; aborting 
> error: Bad exit status from /var/tmp/rpm-tmp.73072 (%install) 
 
  Thanks for the tip. I will examine it further to determine if this is 
"feature" of this R-package or if it happens for other R packages, since 
I intend to submit more like this for review in Extras. 
Comment 2 José Matos 2006-03-03 14:51:36 EST
 (In reply to comment #0) 
> R-mAr produces an empty, useless debuginfo package; if that's expected, 
adding a 
> %define debug_package %{nil} would get rid of it. 
 
  Done in 1.1-4 already built. 
 
> Also, some of the installed files contain buildroot traces, which generally 
may 
> cause security problems.  I don't know a thing about R, so I don't know if 
> that's the case.  You can reproduce this by installing the 
fedora-rpmdevtools 
> package and making sure your ~/.rpmmacros has /usr/lib/rpm/check-buildroot 
in 
> %__arch_install_post (see also fedora-buildrpmtree). 
>  
> + /usr/lib/rpm/check-buildroot 
> Binary file 
> /var/tmp/R-mAr-1.1-3-buildroot-scop/usr/lib/R/library/mAr/Meta/hsearch.rds 
matches 
> Found '/var/tmp/R-mAr-1.1-3-buildroot-scop' in installed files; aborting 
> error: Bad exit status from /var/tmp/rpm-tmp.73072 (%install) 
 
This happens for every R package and it is a consequence of the way as R  
installs its packages. This is an upstream issue and it is not related with 
FE packaging. 
Comment 3 Ville Skyttä 2006-03-03 15:01:18 EST
(In reply to comment #2)

> > Found '/var/tmp/R-mAr-1.1-3-buildroot-scop' in installed files; aborting 
> > error: Bad exit status from /var/tmp/rpm-tmp.73072 (%install) 
>  
> This happens for every R package and it is a consequence of the way as R  
> installs its packages. This is an upstream issue and it is not related with 
> FE packaging. 

Does that mean that it's harmless, or does R potentially do something funny with
the paths, like load modules or something from those dirs?  Loading them from
/var/tmp would be a big security hole.
Comment 4 José Matos 2006-03-03 18:14:22 EST
As far as I understand there is not any problem: 
https://stat.ethz.ch/pipermail/r-help/2006-February/086069.html 
 
I have asked this question in R-devel as it seems that all rpms, and I would 
expect debian as well, suffer from this. 
 
Comment 5 Ville Skyttä 2006-03-04 03:36:41 EST
If they are truely harmless, we should add an exception for the relevant files
(*.rds ?) to /usr/lib/rpm/check-buildroot like there already exists for *.pyo,
*.pyc, *.elc and .packlist.  But that requires a definitive confirmation from
someone who can say with confidence that it's the right thing to do.
Comment 6 José Matos 2006-03-08 05:05:31 EST
They are harmless, see http://thread.gmane.org/gmane.comp.lang.r.devel/7069 
 
FWIW I intend to answer some of those messages. :-) 
 
It looks like that that problem will go away in the next release that should 
be release soon (a couple of months). So I propose to ignore this for the 
moment, since as soon as the new version is released all packages will be 
rebuild. 
 
Is this OK with you? 
Comment 7 Ville Skyttä 2006-03-08 13:19:07 EST
Yep, works for me.

Note You need to log in before you can comment on or make changes to this bug.