APT whitelist request for capnproto

travis-ci / apt-package-safelist

Safelist of apt packages approved for build environments with restricted sudo

MIT License

109 stars 86 forks source link

APT whitelist request for capnproto #360

Open BanzaiMan opened 9 years ago

BanzaiMan commented 9 years ago

This replaces travis-ci/travis-ci#3447.

The original text by @bozaro follows

When using Cap'n Proto in my project, I need the capnp command in the command line which is available via installing these packages in ubuntu. Please whitelist these packages so they can be installed.

BanzaiMan commented 9 years ago

capnproto, libcapnp, libcapnp-dev does not appear to a package name on which our automation process can handle.

APT packag request should be made for exactly one package, according to the form specified in https://github.com/travis-ci/apt-package-whitelist#package-approval-process.

If the source package of your requested package contains other related packages, you do not have to open another one for those. (When in doubt, do.)

BanzaiMan commented 9 years ago

Ran tests and found setuid bits by purely textual search. Further analysis is required.

If these are found to be benign, add:

libcapnp-0.5.2 libcapnp-dev capnproto

See https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/72553063.

paulproteus commented 9 years ago

BTW, hi @BanzaiMan , I think we met at PyCon last year. (I'm also the person who was using Travis-CI to do Debian package test builds last year.)

Anyway Cap'n Proto is one of the open source projects my company (sandstorm.io) makes, so I'm happy to speak up that it's benign. I'm also curious what benign means in this context, I admit! Let me or @kentonv (the main author of Cap'n Proto) know if you have any questions.

Cheerio,

Asheesh.

paulproteus commented 9 years ago

I guess the question here is -- what is the string setUid doing in the source code?

I presume you're concerned about the use of the setuid() system call and/or setuid-root binaries.

Anyway, in this case:

c++/src/capnp/compiler/grammar.capnp specifies the grammar of the cap'n proto language, and
./capnproto-0.5.2/src/capnp/compiler/grammar.capnp.h is part of the result of converting that file to C++, and
Declaration:id::UID is a name for the unique ID of a protocol in the cap'n proto language, and
inline void Declaration::Id::Builder::setUid is a function used to store the unique ID (aka UID) in a C++ object - a setter function for a field called UID.

It has nothing to do with setuid(2), the system call.

Let me know if this addresses the concerns you might have about the string setuid appearing in the source tree. Cheers.

UPDATE: Slightly fixed my explanation - before, I said it was used in parsing, but it's not used in parsing.

BanzaiMan commented 8 years ago

I'm going to re-run the test, so that we can create a PR.

paulproteus commented 8 years ago

Great, thanks!

travisbot commented 8 years ago

_This is an automated comment._

Ran tests and found setuid bits by purely textual search. Further analysis is required.

If these are found to be benign, examine http://github.com/travis-ci/apt-package-whitelist/tree/test-apt-package-whitelist-360 and its PR.

Packages found: libcapnp-0.5.2 libcapnp-dev capnproto

See https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/73920799 for details.

scottpurdy commented 8 years ago

+1 for this addition. Is there anything holding up #690?

jedisct1 commented 8 years ago

habnabit commented 7 years ago

Ping on this. The setUid function is not related to setuid(2).

travisbot commented 5 years ago

This is an automated comment.

Ran tests, but could not found source package. Either the source package for capnproto does not exist, or the package needs an APT source. If you wish to add an APT source, please follow the directions on https://github.com/travis-ci/apt-source-whitelist#source-approval-process. Build results: https://travis-ci.org/travis-ci/apt-whitelist-checker/builds/440489745.