Description
The way the build toolchain is installed is just INSANE.
Puppet 3.x and root required, are you serious?
It's okay if people need to install some prerequisites, but this should not involve automagic execution of lines deeply hidden like this:
'/bin/bash -c "wget http://www.scala-lang.org/files/archive/scala-2.10.3.deb ; dpkg -x ./scala-2.10.3.deb /"'
This is SILLY
Note that "dpkg -x" EXTRACTS the contents of this UNSIGNED package to the ROOT FOLDER. Instead of actually installing the package in a way that it could be cleanly uninstalled afterwards; without executing installation scripts, but also without any signature checking. In other words, this is a security issue during build. It's NOT EVEN https, yet GPG signed.
This is a very SILLY idea
No wonder the Linux distributions don't adopt the packages into the distributions. This build process is an ugly collection of hacks!
This should be deleted, and completely rewritten from scratch, sorry to be so blunt.
Attachments
Issue Links
- is related to
-
BIGTOP-1830 Move apache-forrest installation from bigtop_toolchain to pig compile
- Resolved