View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0005352 | GNUnet | build process | public | 2018-06-14 20:37 | 2019-04-07 14:49 |
Reporter | nikita | Assigned To | Christian Grothoff | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | Git master | ||||
Target Version | 0.11.3 | Fixed in Version | 0.11.3 | ||
Summary | 0005352: iptables is hardcoded. let's pick its location up at configure time. | ||||
Description | Unless someone beats me in it, this is a bug report for myself as one of many issues to fix-up to get GNUnet working properly on Guix. Also, assuming hardcoded locations is bad. Unless we don't already scan for iptables, let's scan for iptables in the configure phase of the build process and use that location for the iptables binary. more info: iptables exists in my profile (in other words: the visible $PATH). This is straight from HEAD commit. -------------------------------------------------------------------------------- abyayala$ egrep -nr "iptables" src/dns/gnunet-helper-dns.c:99:static const char *sbin_iptables; src/dns/gnunet-helper-dns.c:715: * 6: skip sysctl, routing and iptables setup ("0") src/dns/gnunet-helper-dns.c:719: * 3 iptables not executable src/dns/gnunet-helper-dns.c:769: if (0 == access ("/sbin/iptables", X_OK)) src/dns/gnunet-helper-dns.c:770: sbin_iptables = "/sbin/iptables"; src/dns/gnunet-helper-dns.c:771: else if (0 == access ("/usr/sbin/iptables", X_OK)) src/dns/gnunet-helper-dns.c:772: sbin_iptables = "/usr/sbin/iptables"; src/dns/gnunet-helper-dns.c:776: "Fatal: executable iptables not found in approved directories: %s\n", src/dns/gnunet-helper-dns.c:954: "iptables", "-m", "owner", "-t", "mangle", "-I", "OUTPUT", "1", "-p", src/dns/gnunet-helper-dns.c:958: if (0 != fork_and_exec (sbin_iptables, mangle_args)) src/dns/gnunet-helper-dns.c:976: "iptables", "-t", "mangle", "-I", "OUTPUT", "2", "-p", src/dns/gnunet-helper-dns.c:981: if (0 != fork_and_exec (sbin_iptables, mark_args)) src/dns/gnunet-helper-dns.c:1137: "iptables", "-t", "mangle", "-D", "OUTPUT", "-p", "udp", src/dns/gnunet-helper-dns.c:1140: if (0 != fork_and_exec (sbin_iptables, mark_clean_args)) src/dns/gnunet-helper-dns.c:1160: "iptables", "-m", "owner", "-t", "mangle", "-D", "OUTPUT", "-p", "udp", src/dns/gnunet-helper-dns.c:1164: if (0 != fork_and_exec (sbin_iptables, mangle_clean_args)) src/dns/test_gnunet_dns.sh:29:if ! iptables -t mangle --list &> /dev/null src/dns/test_gnunet_dns.sh:31: echo "This test requires iptables with 'mangle' support. Skipping." src/exit/gnunet-helper-exit.c:73: * Path to 'iptables' binary. src/exit/gnunet-helper-exit.c:75:static const char *sbin_iptables; src/exit/gnunet-helper-exit.c:671: if (0 == access ("/sbin/iptables", X_OK)) src/exit/gnunet-helper-exit.c:672: sbin_iptables = "/sbin/iptables"; src/exit/gnunet-helper-exit.c:673: else if (0 == access ("/usr/sbin/iptables", X_OK)) src/exit/gnunet-helper-exit.c:674: sbin_iptables = "/usr/sbin/iptables"; src/exit/gnunet-helper-exit.c:678: "Fatal: executable iptables not found in approved directories: %s\n", src/exit/gnunet-helper-exit.c:761: char *const iptables_args[] = src/exit/gnunet-helper-exit.c:763: "iptables", "-t", "nat", "-A", "POSTROUTING", "-o", argv[2], "-j", "MASQUERADE", NULL src/exit/gnunet-helper-exit.c:765: if (0 != fork_and_exec (sbin_iptables, src/exit/gnunet-helper-exit.c:766: iptables_args)) README:421:# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 1080 README:425:# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 4433 contrib/apparmor/gnunet-helper-dns:31: /usr/lib/iptables/libxt_MARK.so mr, contrib/apparmor/gnunet-helper-dns:32: /usr/lib/iptables/libxt_owner.so mr, contrib/apparmor/gnunet-helper-dns:33: /usr/lib/iptables/libxt_standard.so mr, contrib/apparmor/gnunet-helper-dns:34: /usr/lib/iptables/libxt_udp.so mr, doc/documentation/chapters/user.texi:3154:make the necessary changes to your firewall (@code{iptables}) rules. doc/documentation/chapters/developer.texi:7979:iptables -t mangle -I OUTPUT 1 -p udp --sport $LOCALPORT --dport 53 \ doc/documentation/chapters/developer.texi:7980:-j ACCEPT iptables -t mangle -I OUTPUT 2 -p udp --dport 53 -j MARK \ | ||||
Tags | No tags attached. | ||||
|
Same issue applies to ifconfig in os_network.c. |
|
configure should check (and allow user to override), but C code should have hard-coded paths as fallbacks. |
|
I guess override is possible in configure by setting PATH. So this should be addressed now. |
|
No, this is not done, we still check hardcoded paths. Please read the code. |
|
We should probably include another check where @iptables@ is replaced with sed and fallback is to check the hardcoded locations. |
|
Imo this is not RC anymore, as packagers can patch it and no one has complained before except for myself. |
|
I'd do a patch post-release and whoever wants it can cherry-pick it. |
|
Do we have to fix this? Unless this is false memory, iptables is only used for the dns-helper which we want to get rid of anyway. So it's just work spend for edge cases, which will eventually disappear. |
|
Well, the gnunet-helper-exit still seems to have /sbin/iptables and /usr/sbin/iptables in the code, and that one will NOT be changed. Ditto for the "ipconfig" in os_network.c. So now that we do have the configure.ac checks, it would certainly make sense to at least change those two. |
|
Implemented in 53969c9d9..c0d08bbde |
Date Modified | Username | Field | Change |
---|---|---|---|
2018-06-14 20:37 | nikita | New Issue | |
2018-06-23 15:38 | dvn | Assigned To | => dvn |
2018-06-23 15:38 | dvn | Status | new => assigned |
2018-06-23 15:39 | Christian Grothoff | Note Added: 0013057 | |
2018-06-23 15:40 | Christian Grothoff | Note Added: 0013058 | |
2018-06-27 21:54 | Christian Grothoff | Note Added: 0013093 | |
2018-06-27 21:54 | Christian Grothoff | Status | assigned => resolved |
2018-06-27 21:54 | Christian Grothoff | Resolution | open => fixed |
2018-06-27 21:54 | Christian Grothoff | Fixed in Version | => 0.11.0 |
2019-02-28 11:17 | Christian Grothoff | Status | resolved => closed |
2019-02-28 11:19 | nikita | Assigned To | dvn => Christian Grothoff |
2019-02-28 11:19 | nikita | Status | closed => feedback |
2019-02-28 11:19 | nikita | Resolution | fixed => reopened |
2019-02-28 11:19 | nikita | Note Added: 0014096 | |
2019-02-28 11:21 | Christian Grothoff | Fixed in Version | 0.11.0 => |
2019-02-28 11:21 | Christian Grothoff | Target Version | 0.11.0 => 0.11.1 |
2019-02-28 11:22 | Christian Grothoff | Assigned To | Christian Grothoff => |
2019-02-28 11:26 | nikita | Note Added: 0014097 | |
2019-02-28 11:26 | nikita | Status | feedback => new |
2019-02-28 11:26 | nikita | Assigned To | => nikita |
2019-02-28 11:26 | nikita | Status | new => assigned |
2019-02-28 11:28 | nikita | Note Added: 0014098 | |
2019-02-28 11:29 | nikita | Note Added: 0014099 | |
2019-02-28 11:31 | nikita | Assigned To | nikita => |
2019-03-23 11:32 | nikita | Note Added: 0014237 | |
2019-03-23 11:33 | nikita | Assigned To | => Christian Grothoff |
2019-03-23 11:33 | nikita | Status | assigned => feedback |
2019-04-03 12:15 | Christian Grothoff | Target Version | 0.11.1 => 0.11.2 |
2019-04-04 12:44 | Christian Grothoff | Target Version | 0.11.2 => 0.11.3 |
2019-04-05 23:18 | Christian Grothoff | Note Added: 0014260 | |
2019-04-05 23:40 | Christian Grothoff | Status | feedback => resolved |
2019-04-05 23:40 | Christian Grothoff | Resolution | reopened => fixed |
2019-04-05 23:40 | Christian Grothoff | Fixed in Version | => 0.11.3 |
2019-04-05 23:40 | Christian Grothoff | Note Added: 0014261 | |
2019-04-07 14:49 | Christian Grothoff | Status | resolved => closed |