From: Yaroslav Halchenko <yoh@onerussian.com>
To: Michal Marek <mmarek@suse.cz>
Cc: linux-kbuild@vger.kernel.org
Subject: Re: doesn't fix for paranoid umask while 'make deb-pkg'
Date: Wed, 28 Oct 2015 08:35:21 -0400 [thread overview]
Message-ID: <20151028123521.GU7844@onerussian.com> (raw)
In-Reply-To: <56309E75.4070107@suse.cz>
On Wed, 28 Oct 2015, Michal Marek wrote:
> Dne 27.10.2015 v 17:55 Yaroslav Halchenko napsal(a):
> > $> ls -l /usr/include/linux/ | head
> > total 3424
> > -rw------- 1 root root 7319 Oct 27 11:20 a.out.h
> > -rw------- 1 root root 3670 Oct 27 11:20 acct.h
> > -rw------- 1 root root 1077 Oct 27 11:20 adb.h
> > -rw------- 1 root root 873 Oct 27 11:20 adfs_fs.h
> > -rw------- 1 root root 1481 Oct 27 11:20 affs_hardblocks.h
> > -rw------- 1 root root 3920 Oct 27 11:20 agpgart.h
> > ...
> > So I guess there should be somewhere explicit chmod'ing. My umask is
> > 077.
> Well, you set umask 077, so nobody will be able to steal your precious
> headers...
when they are in my $HOME that indeed should be the case -- my headers are only
for me to enjoy!
It is another deal when I am building a package -- pkg building
infrastructure should guarantee correct permissions. Here is e.g. what
debhelper (predominant package building tool in Debian) does so my personal
umask preferences do not render generated packages unusable.
$> dpkg -L debhelper | xargs grep chmod 2>/dev/null
/usr/bin/dh: chmod 4755 debian/foo/usr/bin/foo
/usr/bin/dh:Adding to the example above, suppose you need to chmod a file, but only
/usr/bin/dh: chmod 4755 debian/foo/usr/bin/foo
/usr/bin/dh_bugfiles: chmod 0755, $dir;
/usr/bin/dh_bugfiles: chmod 0755, "$dir/script";
/usr/bin/dh_compress: xargs(\@f,"chmod","a-x");
/usr/bin/dh_fixperms: "2>/dev/null | xargs -0r chmod go=rX,u+rw,a-s");
/usr/bin/dh_fixperms: "| xargs -0r chmod 0644");
/usr/bin/dh_fixperms: "| xargs -0r chmod 0755");
/usr/bin/dh_fixperms: "$find_options -print0 2>/dev/null | xargs -0r chmod 0644");
/usr/bin/dh_fixperms: "2>/dev/null | xargs -0r chmod 0644");
/usr/bin/dh_fixperms: "2>/dev/null | xargs -0r chmod 0644");
/usr/bin/dh_fixperms: "2>/dev/null | xargs -0r chmod a-X");
/usr/bin/dh_fixperms: "| xargs -0r chmod 0644");
/usr/bin/dh_fixperms: "| xargs -0r chmod a+x");
/usr/bin/dh_fixperms: "2>/dev/null | xargs -0r chmod uga-w");
/usr/bin/dh_fixperms: "2>/dev/null | xargs -0r chmod 644");
/usr/bin/dh_fixperms: doit('chmod', '0755', "$tmp/usr/share/bug/$package/script");
/usr/bin/dh_fixperms: doit('chmod', '0755', "$tmp/usr/share/bug/$package");
/usr/bin/dh_fixperms: "2>/dev/null | xargs -0r chmod 0644");
/usr/bin/dh_fixperms: "2>/dev/null | xargs -0r chmod 0440");
/usr/bin/dh_gencontrol: doit("chmod","0644","${ddeb_tmp}/DEBIAN/control");
/usr/bin/dh_gencontrol: # This chmod is only necessary if the user sets the umask to
/usr/bin/dh_gencontrol: doit("chmod","0644","$tmp/DEBIAN/control");
/usr/bin/dh_installchangelogs: doit("chmod","644","$base/changelog");
/usr/bin/dh_installdeb: doit("chmod","0644","$tmp/DEBIAN/conffiles");
/usr/bin/dh_installdocs: doit("chmod","-R","go=rX","$tmp/usr/share/doc");
/usr/bin/dh_installdocs: doit("chmod","-R","u+rw","$tmp/usr/share/doc");
/usr/bin/dh_installinfo: doit("chmod","-R", "go=rX","$tmp/usr/share/info/");
/usr/bin/dh_installinfo: doit("chmod","-R", "u+rw","$tmp/usr/share/info/");
/usr/bin/dh_installman: doit "chmod", 644, $tmp;
/usr/bin/dh_makeshlibs: doit("chmod","0644","$tmp/DEBIAN/shlibs");
/usr/bin/dh_md5sums: doit("chmod", "0644", "$tmp/DEBIAN/md5sums");
/usr/bin/dh_md5sums: doit('chmod', '0644', "${ddeb_tmp}/DEBIAN/md5sums");
/usr/bin/dh_strip: doit("chmod", "0644", $debug_path);
/usr/bin/dh_suidregister: doit("chmod","a-s","$tmp/$file");
/usr/share/debhelper/autoscripts/postinst-menu-method: chmod a+x $inst
/usr/share/debhelper/autoscripts/postinst-suid: chmod #PERMS# /#FILE#
/usr/share/debhelper/autoscripts/postinst-usrlocal: chmod "$mode" "$dir"
/usr/share/debhelper/autoscripts/postrm-menu-method:if [ "$1" = "remove" ] && [ -f "$inst" ]; then chmod a-x $inst ; fi
/usr/share/perl5/Debian/Debhelper/Dh_Lib.pm: doit("chmod","0755","$tmp/DEBIAN/$script");
/usr/share/perl5/Debian/Debhelper/Dh_Lib.pm: doit("chmod","0755","$tmp/DEBIAN/$script");
/usr/share/perl5/Debian/Debhelper/Dh_Lib.pm: chmod($mode, $tfd) || error("cannot chmod $target: $!");
--
Yaroslav O. Halchenko
Center for Open Neuroscience http://centerforopenneuroscience.org
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419
WWW: http://www.linkedin.com/in/yarik
prev parent reply other threads:[~2015-10-28 12:35 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-27 16:55 doesn't fix for paranoid umask while 'make deb-pkg' Yaroslav Halchenko
2015-10-28 10:07 ` Michal Marek
2015-10-28 12:35 ` Yaroslav Halchenko [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151028123521.GU7844@onerussian.com \
--to=yoh@onerussian.com \
--cc=linux-kbuild@vger.kernel.org \
--cc=mmarek@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).