174884 – Useless debuginfo package, buildroot traces in installed files

Bug 174884 - Useless debuginfo package, buildroot traces in installed files

Summary: Useless debuginfo package, buildroot traces in installed files

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	R-mAr
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	José Matos
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	FE5Target
TreeView+	depends on / blocked

Reported:	2005-12-03 12:35 UTC by Ville Skyttä
Modified:	2007-11-30 22:11 UTC (History)
CC List:	1 user (show)
Fixed In Version:	1.1-4
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-04-05 09:55:59 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Ville Skyttä 2005-12-03 12:35:34 UTC

R-mAr produces an empty, useless debuginfo package; if that's expected, adding a
%define debug_package %{nil} would get rid of it.


Also, some of the installed files contain buildroot traces, which generally may
cause security problems.  I don't know a thing about R, so I don't know if
that's the case.  You can reproduce this by installing the fedora-rpmdevtools
package and making sure your ~/.rpmmacros has /usr/lib/rpm/check-buildroot in
%__arch_install_post (see also fedora-buildrpmtree).

+ /usr/lib/rpm/check-buildroot
Binary file
/var/tmp/R-mAr-1.1-3-buildroot-scop/usr/lib/R/library/mAr/Meta/hsearch.rds matches
Found '/var/tmp/R-mAr-1.1-3-buildroot-scop' in installed files; aborting
error: Bad exit status from /var/tmp/rpm-tmp.73072 (%install)

Comment 1 José Matos 2006-02-16 10:38:10 UTC

(In reply to comment #0) 
> R-mAr produces an empty, useless debuginfo package; if that's expected, 
adding a 
> %define debug_package %{nil} would get rid of it. 
 
  I am surprised as well. :-) 
  I did not expect this to happen. :-) 
 
> Also, some of the installed files contain buildroot traces, which generally 
may 
> cause security problems.  I don't know a thing about R, so I don't know if 
> that's the case.  You can reproduce this by installing the 
fedora-rpmdevtools 
> package and making sure your ~/.rpmmacros has /usr/lib/rpm/check-buildroot 
in 
> %__arch_install_post (see also fedora-buildrpmtree). 
>  
> + /usr/lib/rpm/check-buildroot 
> Binary file 
> /var/tmp/R-mAr-1.1-3-buildroot-scop/usr/lib/R/library/mAr/Meta/hsearch.rds 
matches 
> Found '/var/tmp/R-mAr-1.1-3-buildroot-scop' in installed files; aborting 
> error: Bad exit status from /var/tmp/rpm-tmp.73072 (%install) 
 
  Thanks for the tip. I will examine it further to determine if this is 
"feature" of this R-package or if it happens for other R packages, since 
I intend to submit more like this for review in Extras.

Comment 2 José Matos 2006-03-03 19:51:36 UTC

 (In reply to comment #0) 
> R-mAr produces an empty, useless debuginfo package; if that's expected, 
adding a 
> %define debug_package %{nil} would get rid of it. 
 
  Done in 1.1-4 already built. 
 
> Also, some of the installed files contain buildroot traces, which generally 
may 
> cause security problems.  I don't know a thing about R, so I don't know if 
> that's the case.  You can reproduce this by installing the 
fedora-rpmdevtools 
> package and making sure your ~/.rpmmacros has /usr/lib/rpm/check-buildroot 
in 
> %__arch_install_post (see also fedora-buildrpmtree). 
>  
> + /usr/lib/rpm/check-buildroot 
> Binary file 
> /var/tmp/R-mAr-1.1-3-buildroot-scop/usr/lib/R/library/mAr/Meta/hsearch.rds 
matches 
> Found '/var/tmp/R-mAr-1.1-3-buildroot-scop' in installed files; aborting 
> error: Bad exit status from /var/tmp/rpm-tmp.73072 (%install) 
 
This happens for every R package and it is a consequence of the way as R  
installs its packages. This is an upstream issue and it is not related with 
FE packaging.

Comment 3 Ville Skyttä 2006-03-03 20:01:18 UTC

(In reply to comment #2)

> > Found '/var/tmp/R-mAr-1.1-3-buildroot-scop' in installed files; aborting 
> > error: Bad exit status from /var/tmp/rpm-tmp.73072 (%install) 
>  
> This happens for every R package and it is a consequence of the way as R  
> installs its packages. This is an upstream issue and it is not related with 
> FE packaging. 

Does that mean that it's harmless, or does R potentially do something funny with
the paths, like load modules or something from those dirs?  Loading them from
/var/tmp would be a big security hole.

Comment 4 José Matos 2006-03-03 23:14:22 UTC

As far as I understand there is not any problem: 
https://stat.ethz.ch/pipermail/r-help/2006-February/086069.html 
 
I have asked this question in R-devel as it seems that all rpms, and I would 
expect debian as well, suffer from this.

Comment 5 Ville Skyttä 2006-03-04 08:36:41 UTC

If they are truely harmless, we should add an exception for the relevant files
(*.rds ?) to /usr/lib/rpm/check-buildroot like there already exists for *.pyo,
*.pyc, *.elc and .packlist.  But that requires a definitive confirmation from
someone who can say with confidence that it's the right thing to do.

Comment 6 José Matos 2006-03-08 10:05:31 UTC

They are harmless, see http://thread.gmane.org/gmane.comp.lang.r.devel/7069 
 
FWIW I intend to answer some of those messages. :-) 
 
It looks like that that problem will go away in the next release that should 
be release soon (a couple of months). So I propose to ignore this for the 
moment, since as soon as the new version is released all packages will be 
rebuild. 
 
Is this OK with you?

Comment 7 Ville Skyttä 2006-03-08 18:19:07 UTC

Yep, works for me.

Note You need to log in before you can comment on or make changes to this bug.