fletcher / MultiMarkdown-4

This project is now deprecated. Please use MultiMarkdown-6 instead!
https://github.com/fletcher/MultiMarkdown-5
Other
307 stars 59 forks source link

Add support for "make DESTDIR=..." for packagers #88

Closed tangledhelix closed 10 years ago

tangledhelix commented 10 years ago

This commit adds support for using DESTDIR, which is used by software packagers when building RPMs and other packages. When DESTDIR is set, it is used as a prefix for the install path, but when unset, the software installs to the system path (in this case, /usr/local/bin).

Example usage taken from an RPM spec file:

make install DESTDIR=%{buildroot}

This is important when packaging because you need to install the output to a contained area in order to build a clean package from it, rather than install onto the system and then attempt to pick the files back out to package them.

fletcher commented 10 years ago

It makes me a bit nervous to include the "-p" argument to mkdir under all circumstances. I understand why it might be convenient when using DESTDIR, but I worry about any potential security issues it might open up?

What about making this a separate recipe in the Makefile?

tangledhelix commented 10 years ago

I don't see how mkdir -p introduces a security issue, but if you're really uncomfortable with it, using a different target should satisfy packager needs (as long as your README makes note of it so packagers know about it).

Actually, your existing Makefile has a bug: if the system has no /usr/local, such as a stock minimal CentOS install, then the mkdir to create /usr/local/bin will fail. That scenario is exactly what mkdir -p is meant to address.

fletcher commented 10 years ago

That's exactly why I'm nervous about -p. It allows creation of arbitrarily deep paths without a robust system to ensure safe permissions and ownership.

I have neither the time nor desire to worry too much about the security details across all OS versions.

I'm not saying this is unsafe. I'm saying that the more complex it gets, the less confident I am that it is completely safe.

Requiring the user to ensure a certain folder exists isn't bad in my mind. Hence the absence of -p.

For your purposes I can understand wanting -p. That's why I am suggesting that they be different recipes.

Sent from my iPhone

On Oct 29, 2014, at 10:00 AM, Dan Lowe notifications@github.com wrote:

I don't see how mkdir -p introduces a security issue, but if you're really uncomfortable with it, using a different target should satisfy packager needs (as long as your README makes note of it so packagers know about it).

Actually, your existing Makefile has a bug: if the system has no /usr/local, such as a stock minimal CentOS install, then the mkdir to create /usr/local/bin will fail. That scenario is exactly what mkdir -p is meant to address.

— Reply to this email directly or view it on GitHub.

tangledhelix commented 10 years ago

OK... sorry about so many commits on this, I'm apparently out of practice with Git since I use Subversion at work. My attempt to squash somehow made even more commits. In any case, what's currently here as far as the file diff for Makefile will, I think, fit more with what you were thinking?

fletcher commented 10 years ago

I made the edits manually to clean up the commit chain. Thanks for submitting this!