[Bro-Dev] #442: Hardcode Python path
Bro Tracker
bro at tracker.bro-ids.org
Wed May 25 13:06:32 PDT 2011
#442: Hardcode Python path
-------------------------+--------------------
Reporter: robin | Owner: jsiwek
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: BroControl | Version:
Resolution: | Keywords:
-------------------------+--------------------
Comment (by jsiwek):
Here's Craig's response that convinced me of taking the approach he
proposed:
{{{
>> BroControl currently uses `#! /usr/bin/env` to find the Python
>> binary at runtime. Craig suggested this instead:
>
> Craig, can you explain more about what the problem was in this ticket?
> I didn't understand how configuring the python shebang to a full path at
build time was better than using the env shebang.
If you use env, you'll pick up whatever version of python is first on
the path instead of the version that was first on the path when broctl
was built. This will be different for different users and can result in
unexpected results and possible brokenness.
The specific python binary path should be considered part of the broctl
config so that the package builder is able to control it by setting the
path when building broctl. Also, the end user only as to have broctl on
his path to be able to run it.
For example on FreeBSD, /usr/local/bin is not on the default path; the
default path is used at bootup so if broctl doesn't have the path built
in, it can't find python when it's run from a rc.d script. You could add
/usr/local/bin to the path but that won't be right 100% of the time for
all installations.
> If an absolute path to a python interpreter is set in the shebang
> at configure/build time, then to change the python interpreter that
> is used, the user has to either (1) edit the script(s) or (2)
> re-configure/build/install broctl. These seem like the more
> "difficult" options to me.
(How often does this actually happen?)
Editing the scripts seems wrong; if you later rebuild (say to install a
newer version) your changes will get over written.
The binary executable is part of the broctl configuration so having to
re-configure/build/install broctl to use a different python sounds
completely reasonable to me.
From my perspective, the inconvenience of rebuilding broctl seems minor
compared to having different users picking up different versions of
python.
Finally, some folks consider it a security issue to use #!/usr/bin/env
}}}
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/442#comment:2>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list