Date: Sat, 13 Nov 2010 19:42:16 -0700 From: John Hein <jhein@symmetricom.com> To: FreeBSD-gnats-submit@freebsd.org Cc: python@freebsd.org Subject: [patch] fix installed permissions for lang/python27 Message-ID: <19679.19592.137826.440864@gossamer.timing.com>
next in thread | raw e-mail | index | archive | help
>Submitter-Id: current-users
>Originator: John Hein
>Organization:
>Confidential: no <FreeBSD PRs are public data>
>Synopsis: [patch] fix installed permissions for lang/python27
>Severity: non-critical
>Priority: low
>Category: ports
>Class: update
>Release:
>Environment:
>Description:
The distribution tarball for python 2.7 has permission bits for 'others'
set to 0 for the entire tarball.
During install, lang/python27 copies Tools and Demo (using tar) to the installed
prefix. Because of the tarball permissions, this renders them readable only by
the installer (usually uid 0) or members of the installer's group (usually gid 0).
Furthermore, the tar during post-install does not use --no-same-owner,
so the installed files are owned by the builder, which often is not
root. If using INSTALL_AS_USER, this doesn't matter. But if not
using INSTALL_AS_USER (which is more common), then the common
'make && sudo make install' sequence (or some similar equivalent) will
cause the files to be writable by the building user.
While this probably doesn't matter that much (that just means the
build user will be able to write to files that were installed by root,
and more than likely the build user is trusted), it's more correct to
have them owned by the installer (usually uid 0).
The --no-same-owner fix should also be applied to lang/python2X (where
X < 7) as well.
The distribution tarball fix is not necessary for python26 (I didn't
look further back than that) which has more normal permissions in its
distribution tarball.
>How-To-Repeat:
>Fix:
Fix permissions of extracted tarball for pieces that are copied
during post-inastll.
Use tar --no-same-owner during post-install to ensure copied files
are owned by install user.
--- Makefile.orig 2010-09-05 18:25:04.000000000 -0600
+++ Makefile 2010-11-13 19:39:03.000000000 -0700
@@ -146,6 +146,13 @@
CONFIGURE_ARGS+= --with-fpectl
.endif
+post-extract:
+# The distribution tarball for python 2.7 has permission bits for 'others'
+# set to 0. Later during install, we copy Tools and Demo to the installed
+# prefix, so set them right here.
+ ${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo -type d | ${XARGS} ${CHMOD} a+rx
+ ${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo -type f | ${XARGS} ${CHMOD} a+r
+
pre-patch:
${CP} -r ${PATCH_WRKSRC}/Lib/plat-freebsd8 \
${PATCH_WRKSRC}/Lib/plat-freebsd9
@@ -260,12 +267,12 @@
.if !defined(NOPORTDATA)
@${MKDIR} ${DATADIR}
@cd ${PYTHON_WRKSRC}; ${TAR} -cf - Tools | \
- (cd ${DATADIR}; ${TAR} -xf -)
+ (cd ${DATADIR}; ${TAR} --no-same-owner -xf -)
.endif
.if !defined(NOPORTEXAMPLES)
@${MKDIR} ${EXAMPLESDIR}
@cd ${PYTHON_WRKSRC}/Demo; ${TAR} -cf - * | \
- (cd ${EXAMPLESDIR}; ${TAR} -xf -)
+ (cd ${EXAMPLESDIR}; ${TAR} --no-same-owner -xf -)
.endif
@${CAT} ${PKGMESSAGE}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19679.19592.137826.440864>