[aur-general] Package proprietary softwares with hard-coded paths within /usr/local?

Chi-Hsuan Yen yan12125 at gmail.com
Tue Aug 8 14:38:57 UTC 2017 

On Tue, Aug 8, 2017 at 11:13 AM, KY Chou <forendef2846 at gmail.com> wrote:
> That's a great solution!
> But it doesn't have to be the same length actually.
> A shorter path with padded 0x00s should also work fine.
>
> On Mon, Aug 7, 2017 at 3:16 AM, Chi-Hsuan Yen via aur-general
> <aur-general at archlinux.org> wrote:
>>
>> On Mon, Aug 7, 2017 at 2:35 AM, Eli Schwartz <eschwartz at archlinux.org>
>> wrote:
>> > On 08/06/2017 08:21 AM, Chi-Hsuan Yen via aur-general wrote:
>> >> Hello Arch enthusiasts,
>> >>
>> >> I'd like to create a package for Pulse Connect Secure, a popular VPN
>> >> software. Current PKGBUILD can be found at [1]. That package works
>> >> fine, but it conflicts with Arch's packaging guideline. [2]
>> >>
>> >> "Packages should never be installed to /usr/local"
>> >>
>> >> The reason I put files in /usr/local is that file paths are apparently
>> >> hard-coded. Specifically, the VPN frontend (pulseUi) loads assets from
>> >> /usr/local/pulse/html, and then it invokes /usr/local/pulse/pulsesvc
>> >> to actually connects to VPN.
>> >>
>> >> Is there a workaround for this?
>> >
>> > Not much you can do with software which encodes violations of packaging
>> > guidelines in its proprietary binaries. Depending on where the
>> > information is stored, you might be able to patch it...
>> >
>> > /usr/local/pulse *gags*
>> >
>> > If software insists on being installed to
>> > "/completely/arbitrary/directory" then you either package it anyway or
>> > you don't. But I suppose you could try asking them to install it in /opt
>> > instead.
>> >
>> > --
>> > Eli Schwartz
>> >
>>
>> Aha, didn't think of patching. That simple "fix" works! Many thanks!
>> The key is that the path before and after should have the same length.
>> [1]
>>
>> Best,
>>
>> Yen Chi Hsuan
>>
>> [1]
>> https://github.com/yan12125/aur/commit/0588f70772fae8bd84f87e56015bdc87a6729d90#diff-62ac6814f4207a45189d3491ca4e38f3R28
>
>

Tailing null bytes sounds absolutely interesting. But I get no luck
for this package. There's a line in the offensive binary:

file:////\x0/usr/local/pulse/\x0/html/

(\x0 indicates a null byte)

I tried several combinations:

file:////\x0/opt/pulse/\x0\x0\x0\x0\x0\x0\x0/html/
file:////\x0/opt/pulse//html/\x0\x0\x0\x0\x0\x0\x0
file:////\x0/opt/pulse/\x0/html/\x0\x0\x0\x0\x0\x0

Some doesn't run, and others uses a wrong path:

(pulseUi:1501): Gtk-WARNING **: Error loading icon from file '/opt/pulse/':
        Image file '/opt/pulse/' contains no data

or

(pulseUi:9589): Gtk-WARNING **: Error loading icon from file
'/opt/pulse//html//html/images/Pulse-Secure128x128.png':
        Failed to open file
'/opt/pulse//html//html/images/Pulse-Secure128x128.png': No such file
or directory

I think sticking to same-size patching is simpler :)

Best,

Yen Chi Hsuan

More information about the aur-general mailing list