You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The underlying cause of Issue fink/fink-distributions#745 was installation of a .deb that was built with a fink prefix that wasn't the same as the one the local system had. We've always known .deb aren't portable, and have a user-facing alert if they try to enable bindist with a non-default prefix, as they would wind up downloading incompatible .deb. However, now we have legacy /sw and new /opt/sw in the wild. The Debian toolchain doesn't seem to notice, it simply creates the "wrong" hierarchy (files out-of-prefix) and the status indicates they are installed.
This is a feature-request for a way to catch this incompatibility at the point a .deb is being installed.
'fink validate' complains if a .deb is mis-rooted. Or else a scaled-down variant of that could check for just this situation. I assume it should be merely a user confirmation (users might really have .deb that install funky third-party stuff in other places) not a prohibition?
However, installation happens via dpkg, and can be called directly using that tool or apt-get, so having it happen during 'fink install ...' leaves a pretty large hole. Should dpkg itself look for this situation, for example, requiring confirmation in he event "no file in .deb matches ./%p/{bin,include,lib,share,opt}"? That would require at least one file in a standard location, even if the .deb has all sorts of funny things for other reasons.
Brainstorming another idea is to have Fink::VirtPackage provide a 'fink-prefix-$P' package, where $P is a packagename-sanitized version of %p, and then all .deb be encoded with that in their Depends list. So dpkg will automatically refuse to install a .deb if the $P in it does not match the current fink. That would only solve it going forward (all existing .deb would still be unprotected) and also create yet a different .deb variant of the same %n-%v-%r (user support chaos).
The text was updated successfully, but these errors were encountered:
The dpkg-wrappers are an existing hack in dpkg that could be used as a checkpoint (including with user-confirmation interactivity for confirmation/override?). It would have to be in postinst, which is conceptually "too late" and doesn't provide a complete unwind if we need to abort, but is the first point at which the dpkg scripts have access to the package's file-list.
The underlying cause of Issue fink/fink-distributions#745 was installation of a .deb that was built with a fink prefix that wasn't the same as the one the local system had. We've always known .deb aren't portable, and have a user-facing alert if they try to enable bindist with a non-default prefix, as they would wind up downloading incompatible .deb. However, now we have legacy /sw and new /opt/sw in the wild. The Debian toolchain doesn't seem to notice, it simply creates the "wrong" hierarchy (files out-of-prefix) and the status indicates they are installed.
This is a feature-request for a way to catch this incompatibility at the point a .deb is being installed.
'fink validate' complains if a .deb is mis-rooted. Or else a scaled-down variant of that could check for just this situation. I assume it should be merely a user confirmation (users might really have .deb that install funky third-party stuff in other places) not a prohibition?
However, installation happens via dpkg, and can be called directly using that tool or apt-get, so having it happen during 'fink install ...' leaves a pretty large hole. Should dpkg itself look for this situation, for example, requiring confirmation in he event "no file in .deb matches ./%p/{bin,include,lib,share,opt}"? That would require at least one file in a standard location, even if the .deb has all sorts of funny things for other reasons.
Brainstorming another idea is to have Fink::VirtPackage provide a 'fink-prefix-$P' package, where $P is a packagename-sanitized version of %p, and then all .deb be encoded with that in their Depends list. So dpkg will automatically refuse to install a .deb if the $P in it does not match the current fink. That would only solve it going forward (all existing .deb would still be unprotected) and also create yet a different .deb variant of the same %n-%v-%r (user support chaos).
The text was updated successfully, but these errors were encountered: