Installed tcl/tkConfig.sh

[Randy McMurchy]

Ag pointed out in BLFS-Dev that the installed tcl/tkConfig.sh files contain references to the initial build directory. Alexander pointed out that it could lead to exploitation of the system.

The discussion on BLFS-Dev contains several "fixes" for the issue. This ticket is just a reminder that we need to implement it in the book once it is decided which "fix" to use.

[Ag. Hatzimanikas]

Preferred solution so far at:

​http://linuxfromscratch.org/pipermail/blfs-dev/2008-March/018447.html

sed -i \
    -e "s@^\(TCL_SRC_DIR='\).*@\1/usr/include'@" \
    -e "/TC_B/s@='\(-L\)\?.*unix@='\1/usr/lib@" \
    -e "/SEARCH/s/=.*/=''/" \
    tclConfig.sh
sed -i \    
    -e "s@^\(TK_SRC_DIR='\).*@\1/usr/include'@" \
    -e "/TK_B/s@='\(-L\)\?.*unix@='\1/usr/lib@" \
    -e "/SEARCH/s/=.*/=''/" \
    tkConfig.sh

Those seds are going to be applied after make and before the installation. There are already comments in the xml pages with text explaining the issue, that are going to be used again.

[Ag. Hatzimanikas]

Fixed in r7318.

Thanks to all who contributed input to fix this mess.

[Randy McMurchy]

I don't think the sed is doing what Ag wants it to. I tested twice.

Reopening the ticket.

[Ag. Hatzimanikas]

Yes It was a copy/paste from the original post to blfs-dev mailing list, where there was a typo at the first place, sorry.

Many thanks Randy for the testing. To be honest, I also wanted to say "I owe you a favor" but I thought it twice, so only the "thanks" for the moment. :)