After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 669470 - doesn't contain source for waf binary code
doesn't contain source for waf binary code
Status: RESOLVED FIXED
Product: hamster-applet
Classification: Deprecated
Component: general
unspecified
Other Linux
: Normal normal
: ---
Assigned To: hamster-applet-maint
hamster-applet-maint
Depends on:
Blocks:
 
 
Reported: 2012-02-06 12:09 UTC by Michael Biebl
Modified: 2012-02-10 20:29 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Michael Biebl 2012-02-06 12:09:24 UTC
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654474

hamster-applet uses the waf build system. The ./waf python script contains a binary blob which is basically a mangled .bz2 tarball that is unpacked at runtime and contains further python scripts.
It is impossible to inspect the sources without actually executing the ./waf binary which potentially runs untrusted code. It is also not easily possible to modify the python scripts and regenerate ./waf.
As a result, the Debian ftp-masters filed a RC bug against the hamster-applet package (and other packages using waf) as they don't consider that acceptable for the Debian archive [1]

A possible solution would be to ship the unpacked sources (basically waf-light + waflib/ directory). The Debian wiki [2] contains further instructions how that can be done.
It would be great if hamster-applet would ship those sources unpacked.
While I had a look at this issue, I noticed that the include waf binary is rather old (dated May 2010), so this might be a good occasion to also update the build system to the latest upstream release.



[1] http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=ftpmaster@debian.org;tag=waf-unpack
[2] http://wiki.debian.org/UnpackWaf
Comment 1 Toms Bauģis 2012-02-10 20:29:28 UTC
thanks for the report!

fix pushed to master:

http://git.gnome.org/browse/hamster-applet/commit/?id=7ed5e3c383ddc134163b6864bfa5644489aa72bf


so essentially just unpacked the waf and added waflib (wafadmin at that time) to the sources.

i don't see any upsides from upgrading so not doing that right now