Non-absolute paths in mariadb scripts

  • Open
  • quality assurance status badge
Details
2 participants
  • david larsson
  • Maxime Devos
Owner
unassigned
Submitted by
Maxime Devos
Severity
normal
M
M
Maxime Devos wrote on 12 Apr 2021 22:14
(address . bug-guix@gnu.org)
a16c3d4697c41b88b62d36ca2c2dc5e5e65c09c9.camel@telenet.be
Hi Guix,

As part of https://issues.guix.gnu.org/47704, it was discovered
some shell scripts in the mariadb package (e.g. wsrep_sst_rsync)
refer to programs *not* by absolute name.

These programs come from iproute, coreutils, gawk, grep
and mariadb itself. It seems some substitutions are in order.

Some complications:
some of these scripts are only required in certain configurations.
It's not ideal to increase the closure with rsync and xbcrypt if
they turn out not to be needed ...

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYHSqGBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7hX3AQDeBnZe95sKlbpKLS6EtqEDd3Aa
KKy8baX0K9iusuh4AAEAzxLq5i8ZHn7zV0SaV9sFE188ldDxCTNPqxHEgETuoQ8=
=V7yO
-----END PGP SIGNATURE-----


D
D
david larsson wrote on 13 Apr 2021 20:41
(name . Maxime Devos)(address . maximedevos@telenet.be)
a308c8f9d7d6bd986e173bc24fa822b0@selfhosted.xyz
On 2021-04-12 22:14, Maxime Devos wrote:
Toggle quote (17 lines)
> Hi Guix,
>
> As part of <https://issues.guix.gnu.org/47704>, it was discovered
> some shell scripts in the mariadb package (e.g. wsrep_sst_rsync)
> refer to programs *not* by absolute name.
>
> These programs come from iproute, coreutils, gawk, grep
> and mariadb itself. It seems some substitutions are in order.
>
> Some complications:
> some of these scripts are only required in certain configurations.
> It's not ideal to increase the closure with rsync and xbcrypt if
> they turn out not to be needed ...
>
> Greetings,
> Maxime.

Adding to this, so far we've we discussed possible fixes:

1. Absolutize all invocations in the sripts using (substitute*
procedure.
- drawback: maintenance hassle.

2. Adding (define %default-environment-variables to the mysql-service
and append this to the list-argument of the #:environment-variables
keyword in the make-forkexec-constructor procedure.
- drawback: doesn't actually fix the mysql package, just the service.

3. Adding a line:
"PATH=<absolute-path-to-awk>:<absolute-path-to-grep>:<etc..>" in the
scripts.
- Not the most elegant solution, but possibly the best one; not too
much maintenance and actually fixes both the package and the service.
- drawback: It would also increase the closure size of the mysql
package. Security issues?

Another option, perhaps, would be to have a mysql-minimal package (as
the package is today) and a regular mysql package ("mysql-full" with the
increase closure size), and you can use whichever package you need in
the mysql-service.

I don't know which solution I would vote for...

Best regards,
David L
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 47735@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 47735
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch