Open BanzaiMan opened 9 years ago
capnproto, libcapnp, libcapnp-dev
does not appear to a package name on which our automation process can handle.
APT packag request should be made for exactly one package, according to the form specified in https://github.com/travis-ci/apt-package-whitelist#package-approval-process.
If the source package of your requested package contains other related packages, you do not have to open another one for those. (When in doubt, do.)
Ran tests and found setuid bits by purely textual search. Further analysis is required.
If these are found to be benign, add:
libcapnp-0.5.2 libcapnp-dev capnproto
See https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/72553063.
BTW, hi @BanzaiMan , I think we met at PyCon last year. (I'm also the person who was using Travis-CI to do Debian package test builds last year.)
Anyway Cap'n Proto is one of the open source projects my company (sandstorm.io) makes, so I'm happy to speak up that it's benign. I'm also curious what benign means in this context, I admit! Let me or @kentonv (the main author of Cap'n Proto) know if you have any questions.
Cheerio,
Asheesh.
I guess the question here is -- what is the string setUid
doing in the source code?
I presume you're concerned about the use of the setuid()
system call and/or setuid-root binaries.
Anyway, in this case:
c++/src/capnp/compiler/grammar.capnp
specifies the grammar of the cap'n proto
language, and ./capnproto-0.5.2/src/capnp/compiler/grammar.capnp.h
is part of the result of converting that file to C++, andDeclaration:id::UID
is a name for the unique ID of a protocol in the cap'n proto
language, andinline void Declaration::Id::Builder::setUid
is a function used to store the unique ID (aka UID) in a C++ object - a setter function for a field called UID
.It has nothing to do with setuid(2)
, the system call.
Let me know if this addresses the concerns you might have about the string setuid
appearing in the source tree. Cheers.
UPDATE: Slightly fixed my explanation - before, I said it was used in parsing, but it's not used in parsing.
I'm going to re-run the test, so that we can create a PR.
Great, thanks!
_This is an automated comment._
Ran tests and found setuid bits by purely textual search. Further analysis is required.
If these are found to be benign, examine http://github.com/travis-ci/apt-package-whitelist/tree/test-apt-package-whitelist-360 and its PR.
Packages found: libcapnp-0.5.2 libcapnp-dev capnproto
See https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/73920799 for details.
+1 for this addition. Is there anything holding up #690?
+1
Ping on this. The setUid
function is not related to setuid(2)
.
This is an automated comment.
Ran tests, but could not found source package. Either the source package for capnproto does not exist, or the package needs an APT source. If you wish to add an APT source, please follow the directions on https://github.com/travis-ci/apt-source-whitelist#source-approval-process. Build results: https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/440489745.
This replaces travis-ci/travis-ci#3447.
The original text by @bozaro follows
When using Cap'n Proto in my project, I need the capnp command in the command line which is available via installing these packages in ubuntu. Please whitelist these packages so they can be installed.