[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] tools: Use -s for python shebangs
commit 9c0061825143716c61622966e76983886ef59361 Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> AuthorDate: Tue Mar 14 10:53:51 2023 +0000 Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CommitDate: Fri Mar 17 10:44:16 2023 +0000 tools: Use -s for python shebangs This is mandated by the Fedora packaging guidelines because it is a security vulnerability otherwise in suid scripts. While Xen doesn't have suid scripts, it's a very good idea generally because it prevents the users local python environment interfering from system packaged scripts. pygrub is the odd-script-out, being installed by distutils rather than manually with INSTALL_PYTHON_PROG. distutils has no nice way of editing the shebang, so arrange to use INSTALL_PYTHON_PROG for pygrub too. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Acked-by: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx> --- tools/Rules.mk | 2 +- tools/pygrub/Makefile | 4 +++- tools/pygrub/setup.py | 1 - 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/tools/Rules.mk b/tools/Rules.mk index 6e135387bd..18cf83f5be 100644 --- a/tools/Rules.mk +++ b/tools/Rules.mk @@ -179,7 +179,7 @@ CFLAGS += $(CFLAGS-y) CFLAGS += $(EXTRA_CFLAGS_XEN_TOOLS) INSTALL_PYTHON_PROG = \ - $(XEN_ROOT)/tools/python/install-wrap "$(PYTHON_PATH)" $(INSTALL_PROG) + $(XEN_ROOT)/tools/python/install-wrap "$(PYTHON_PATH) -s" $(INSTALL_PROG) %.opic: %.c $(CC) $(CPPFLAGS) -DPIC $(CFLAGS) $(CFLAGS_$*.opic) -fPIC -c -o $@ $< $(APPEND_CFLAGS) diff --git a/tools/pygrub/Makefile b/tools/pygrub/Makefile index 29ad051321..4963bc89c6 100644 --- a/tools/pygrub/Makefile +++ b/tools/pygrub/Makefile @@ -18,8 +18,10 @@ build: .PHONY: install install: all $(INSTALL_DIR) $(DESTDIR)/$(bindir) + $(INSTALL_DIR) $(DESTDIR)/$(LIBEXEC_BIN) $(setup.py) install --record $(INSTALL_LOG) $(PYTHON_PREFIX_ARG) \ - --root="$(DESTDIR)" --install-scripts=$(LIBEXEC_BIN) --force + --root="$(DESTDIR)" --force + $(INSTALL_PYTHON_PROG) src/pygrub $(DESTDIR)/$(LIBEXEC_BIN)/pygrub set -e; if [ $(bindir) != $(LIBEXEC_BIN) -a \ "`readlink -f $(DESTDIR)/$(bindir)`" != \ "`readlink -f $(LIBEXEC_BIN)`" ]; then \ diff --git a/tools/pygrub/setup.py b/tools/pygrub/setup.py index 0e4e3d02d3..502aa4df2d 100644 --- a/tools/pygrub/setup.py +++ b/tools/pygrub/setup.py @@ -23,7 +23,6 @@ setup(name='pygrub', author_email='katzj@xxxxxxxxxx', license='GPL', package_dir={'grub': 'src', 'fsimage': 'src'}, - scripts = ["src/pygrub"], packages=pkgs, ext_modules = [ xenfsimage ] ) -- generated by git-patchbot for /home/xen/git/xen.git#master
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |