Package Details: brscan4 0.4.5_1-1

Git Clone URL: https://aur.archlinux.org/brscan4.git (read-only)
Package Base: brscan4
Description: SANE drivers from Brother for brscan4 compatible models
Upstream URL: http://support.brother.com
Keywords: printer
Licenses: GPL, custom:brother
Submitter: Harey
Maintainer: Harey
Last Packager: Harey
Votes: 94
Popularity: 1.687763
First Submitted: 2011-08-01 08:43
Last Updated: 2018-07-29 09:06

Latest Comments

1 2 3 4 5 6 ... Next › Last »

Harey commented on 2018-07-29 09:07

@marcin: changed that back, thanks. Learned: never rely on anything :(

marcin commented on 2018-07-29 03:16

Was getting this error:

curl: (51) SSL: no alternative certificate subject name matches target host name 'www.brother.com' ==> ERROR: Failure while downloading https://www.brother.com/agreement/English_sane/agree.html

I downloaded the brscan4:

git clone https://aur.archlinux.org/brscan4.git

and then manually edited PKGBUILD to have http instead of https for two brother links there.

And then manually build and install the packakage

makepkg -si

Harey commented on 2018-07-27 12:35

@lordbalmung: Done. Thank you for the hint. Did not change the pkgver though because it does not change the package itself.

lordbalmung commented on 2018-07-25 23:38

Can you please modify the source to https instead of http? brother seems to release the rpm in https as well.

egrupled commented on 2018-07-13 15:47

@Harey: it still blocks executing binary files. To be clear: noexec flag isn't defense against malicious PKGBUILD. It's a coincidence that it can break building in circumstances as described below. What I'm advocating here is to prevent that accidental breakage.

Harey commented on 2018-07-13 14:20

Just out of curiosity: what is the sense in this if a malicious PKGBUILD can circumvent it with a - agreed - trivial change?

egrupled commented on 2018-07-13 11:59

@ettavolt: You're partially right :)

If the files were simply copied to chroot dir it will work as files can have executable bit (x) on noexec filesystem - it's just not effective.

The problem is that in Archlinux chroot they're bind mounted, see https://git.archlinux.org/devtools.git/tree/makechrootpkg.in#n419 . That means original mount point flags like noexec are inherited and the build will fail.

So in this example mounting /home (or /var or whatever) with noexec will even break building in clean chroot (assuming /home is where you downloaded PKGBUILD). That's why using ./some-script is harmful in PKGBUILD.

ettavolt commented on 2018-07-13 05:43

Even if the files are copied from noexec FS into clean chroot for that kind of build, they'll miss the flag, won't they?

egrupled commented on 2018-07-12 14:55

@ettavolt: It's not about BUILDDIR (which is set to /tmp as default) directory where packages are being built. It's about SRCDEST (which defaults to dir where PKGBUILD is stored).

If you download brscan4 snapshot to /home mounted with noexec it will still break building in /tmp mounted with default flags. That's because files (like mk-udev-rules) from /home will be symlinked to /tmp. That's the essence of this issue.

Luckily this problem goes away with a trivial change :)

ettavolt commented on 2018-07-12 14:43

To quote the wiki:

the most restrictive … without losing functionality

Particularly, noexec on /tmp is said

breaks compiling packages and various other things

Also, many other packages execute some script as a part of build process. sane itself uses a built undistributed binary to write udev rules.