X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/f66649bca45e2c7120ea7c7f4d0f7f61f85ce01f..11ac8f5e18bb18ddb86b47844e10f22e554bb4e7:/doc/patchqueue/lib-fixup.mdwn?ds=sidebyside
diff --git a/doc/patchqueue/lib-fixup.mdwn b/doc/patchqueue/lib-fixup.mdwn
index 0739c2115..bdf8566d8 100644
--- a/doc/patchqueue/lib-fixup.mdwn
+++ b/doc/patchqueue/lib-fixup.mdwn
@@ -2,37 +2,46 @@ I'm using Ikiwiki on a box where I don't have root access, so I install all of m
I imagine that there's a clean and elegant solution to this, but the hack I'm currently using is to have `./make` alter `ikiwki.in` before it's run, by inserting `use lib ...` lines for each of the directories in `$ENV{PERL5LIB}`. Again, this is clearly ugly, but it allows me to run `./make`, so I'm submitting it FWIW.
-
-Index: Makefile.PL
-===================================================================
---- Makefile.PL (revision 2630)
-+++ Makefile.PL (working copy)
-@@ -24,6 +24,7 @@
- )
-
- extra_build:
-+ LANG=C ./lib-fixup.pl ikiwiki.in
- LANG=C ./ikiwiki.in doc html --templatedir=templates \
- --underlaydir=basewiki \
- --wikiname="ikiwiki" --verbose --no-rcs \
-Index: lib-fixup.pl
-===================================================================
---- lib-fixup.pl (revision 0)
-+++ lib-fixup.pl (revision 0)
-@@ -0,0 +1,9 @@
-+#!/usr/bin/perl -i.bak -p
-+use strict;
-+use warnings;
-+my @dirs = $ENV{PERL5LIB} =~ /:/ ? split /:/, $ENV{PERL5LIB} : $ENV{PERL5LIB};
-+if (@dirs) {
-+ my $libs = join('', map { " use lib '$_';\n" } @dirs);
-+ s/(use IkiWiki;)/$libs$1/;
-+}
-+
+> I don't like this patch because it's not expected that an environment
+> variable will stick around outside the shell that it's set in. It could
+> lead to suprising behavior if PERL5LIB happened to be set during build,
+> and it's even possible for it to lead to security issues, imagine if I
+> accidentially built the debian package of ikiwiki with PERL5LIB set --
+> then it would be hardcoded to look in /home/joey for libraries, which
+> someone with a "joey" account elsewhere could use to exploit it.
+>
+> You could remove the taint switch locally, it's very unlikely to find
+> tainting problems that nobody else has noticed. --[[Joey]]
+
+>> I completely understand rejecting this patch, but would you accept one to automate the removal of -T as a `make` option, then? I was trying to install Ikiwiki on a very popular
+>> web host, and the aforementioned issue took quite a while to debug; I imagine many people would have simply given up. -- Ben
-Property changes on: lib-fixup.pl
-___________________________________________________________________
-Name: svn:executable
- + *
+>>> Well, the problem with an option is finding the option before you give
+>>> up. Maybe an option and adding some docs to the [[setup]] or [[tips]] page
+>>> about how to use ikiwiki with $BIG_HOSTING_PROVIDER, that can mention
+>>> the option. --[[Joey]]
-
\ No newline at end of file
+>>>> I was going to write a guide for shared hosting setup anyway, so that sounds great. My `make`-fu is weak, so I don't know the Right Way to add an extra option, but here's a patch for removing the -T flag. -- Ben
+
+
+Index: pm_filter
+===================================================================
+--- pm_filter (revision 2644)
++++ pm_filter (working copy)
+@@ -4,6 +4,7 @@
+ $prefix=shift;
+ $ver=shift;
+ $libdir=shift;
++ $notaint=shift;
+ }
+
+ if (/INSTALLDIR_AUTOREPLACE/) {
+@@ -19,4 +20,7 @@
+ else {
+ $_="use lib '$libdir';\n";
+ }
++}
++elsif ($. == 1 && $notaint && m{^(#!/usr/bin/perl) -T$}) {
++ $_=qq{$1\n};
+ }
+