* Allow setting NOTAINT=1 when building the wiki to remove taint checking

  flags, which can be useful on some hosting providers.

3 files changed, 6 insertions, 48 deletions

diff --git a/debian/changelog b/debian/changelog
index 277245a27..2e5f1b990 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,8 +6,10 @@ ikiwiki (1.44) UNRELEASED; urgency=low
     issues. Since there is not yet a license for the actual OpenID logo, this
     file is currently a blank image. Users who want to can copy
     http://openid.net/login-bg.gif into their wiki.
+  * Allow setting NOTAINT=1 when building the wiki to remove taint checking
+    flags, which can be useful on some hosting providers.
 
- -- Joey Hess <joeyh@debian.org>  Mon, 19 Feb 2007 18:34:58 -0500
+ -- Joey Hess <joeyh@debian.org>  Mon, 19 Feb 2007 20:08:24 -0500
 
 ikiwiki (1.43) unstable; urgency=low
 
diff --git a/doc/patchqueue/lib-fixup.mdwn b/doc/patchqueue/lib-fixup.mdwn
deleted file mode 100644
index bdf8566d8..000000000
--- a/doc/patchqueue/lib-fixup.mdwn
+++ /dev/null
@@ -1,47 +0,0 @@
-I'm using Ikiwiki on a box where I don't have root access, so I install all of my Perl modules in `~/lib`. The `ikiwiki.in` script is ran in Taint mode, which means that it ignores the contents of `$ENV{PERL5LIB}`. The result is that the current versions of the pre-requisite modules I've installed in `~/lib` are ignored by `./make`, which uses the outdated, and therefore incompatible versions, from the system-wide `@INC`... ;-)
-
-I imagine that there's a clean and elegant solution to this, but the hack I'm currently using is to have `./make` alter `ikiwki.in` before it's run, by inserting `use lib ...` lines for each of the directories in `$ENV{PERL5LIB}`. Again, this is clearly ugly, but it allows me to run `./make`, so I'm submitting it FWIW.
-
-> I don't like this patch because it's not expected that an environment
-> variable will stick around outside the shell that it's set in. It could
-> lead to suprising behavior if PERL5LIB happened to be set during build,
-> and it's even possible for it to lead to security issues, imagine if I
-> accidentially built the debian package of ikiwiki with PERL5LIB set --
-> then it would be hardcoded to look in /home/joey for libraries, which
-> someone with a "joey" account elsewhere could use to exploit it.
->
-> You could remove the taint switch locally, it's very unlikely to find
-> tainting problems that nobody else has noticed. --[[Joey]]
-
->> I completely understand rejecting this patch, but would you accept one to automate the removal of -T as a `make` option, then? I was trying to install Ikiwiki on a very popular
->> web host, and the aforementioned issue took quite a while to debug; I imagine many people would have simply given up. -- Ben
-
->>> Well, the problem with an option is finding the option before you give
->>> up. Maybe an option and adding some docs to the [[setup]] or [[tips]] page
->>> about how to use ikiwiki with $BIG_HOSTING_PROVIDER, that can mention
->>> the option. --[[Joey]]
-
->>>> I was going to write a guide for shared hosting setup anyway, so that sounds great. My `make`-fu is weak, so I don't know the Right Way to add an extra option, but here's a patch for removing the -T flag. -- Ben
-
-<pre>
-Index: pm_filter
-===================================================================
---- pm_filter   (revision 2644)
-+++ pm_filter   (working copy)
-@@ -4,6 +4,7 @@
-        $prefix=shift;
-        $ver=shift;
-        $libdir=shift;
-+       $notaint=shift;
- }
- 
- if (/INSTALLDIR_AUTOREPLACE/) {
-@@ -19,4 +20,7 @@
-        else {
-                $_="use lib '$libdir';\n";
-        }
-+} 
-+elsif ($. == 1 && $notaint && m{^(#!/usr/bin/perl) -T$}) {
-+    $_=qq{$1\n};
- }
-</pre>
diff --git a/pm_filter b/pm_filter
index f61e7810b..a80ce04f0 100755
--- a/pm_filter
+++ b/pm_filter
@@ -20,3 +20,6 @@ elsif (/^use lib/) {
 		$_="use lib '$libdir';\n";
 	}
 }
+elsif ($. == 1 && $ENV{NOTAINT} && m{^(#!/usr/bin/perl) -T$}) {
+	$_=qq{$1\n};
+}