Re: rpms/tetex-font-cm-lgc/devel tetex-font-cm-lgc.spec,1.7,1.8

[Sarantis Paskalis <sarantis cnl di uoa gr>]

On Wed, Nov 02, 2005 at 01:20:35PM +0100, Ralf Corsepius wrote:
> On Wed, 2005-11-02 at 13:42 +0200, Sarantis Paskalis wrote:
> > On Wed, Nov 02, 2005 at 12:15:19PM +0100, Ralf Corsepius wrote:
> > > On Wed, 2005-11-02 at 05:59 -0500, Sarantis Paskalis wrote:
> > > > -  /usr/bin/updmap-sys --quiet --nohash --outputdir %{texmf}/dvips/config --disable cm-lgc.map
> > > > +  updmap-sys --quiet --nohash --disable %{texpkg}.map
> > > >  fi
> > > > +texhash
> > > Why did you replace /usr/bin/updmap-sys with updmap-sys?
> > > 
> > > To me, this is a regression.
> > 
> > I tend to agree with the comment in
> > http://www.redhat.com/archives/fedora-extras-list/2005-October/msg00593.html
> 
> You are running programs in %post and %postun scriptlets. Just stick a
> broken or malicious program somewhere into path, and you are breaking
> the user's system.

You have a point that these operations are not so much protected as
others in the main building procedure.  However, you would need a
malicious program before (not anywhere) the valid one in the
administrator's path (not just any user's).

I will revert the change (readd the /usr/bin), but I think we should
have guidelines for these issues such as:

- If the spec file contains commands in the building stage
(%prep, %build, %install), then use the plain command name, i.e. foo
instead of /usr/bin/foo

- If the spec file contains commands in the installation/removal
stage, i.e. user run scriptlets (%pre, %preun, %post, %postun),
then use the absolute command path, i.e. /usr/bin/foo

What do you think?

-- Sarantis