From owner-freebsd-ruby@FreeBSD.ORG Tue Jun 7 18:31:23 2011 Return-Path: Delivered-To: ruby@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C800106566B for ; Tue, 7 Jun 2011 18:31:23 +0000 (UTC) (envelope-from freebsdlists-ruby@chillibear.com) Received: from mail.sundive.org (mail.sundive.org [212.13.197.214]) by mx1.freebsd.org (Postfix) with ESMTP id C62F38FC15 for ; Tue, 7 Jun 2011 18:31:22 +0000 (UTC) Received: from [46.208.32.91] (helo=[192.168.0.44]) by sundive.org with esmtpsa (TLSv1:DES-CBC3-SHA:168) (Exim 4.72 (FreeBSD)) (envelope-from ) id 1QU159-000FRE-Hh; Tue, 07 Jun 2011 19:32:53 +0100 User-Agent: Microsoft-Entourage/12.29.0.110113 Date: Tue, 07 Jun 2011 19:31:13 +0100 From: Eric To: Romain =?ISO-8859-1?B?VGFydGnocmU=?= , Message-ID: Thread-Topic: Fixing gem files permissions Thread-Index: AcwlQRRDRqP5Kw3g1kqWed8yZMBk4w== In-Reply-To: <20110606160931.GA17343@blogreen.org> Mime-version: 1.0 Content-type: text/plain; charset="ISO-8859-1" Content-transfer-encoding: quoted-printable X-Spam_score: -2.9 X-Spam_score_int: -28 X-Spam_bar: -- X-Spam: No X-bounce-key: sundive.org-1; freebsdlists-ruby@chillibear.com; 1307471574; 7ced5612; Cc: Subject: Re: Fixing gem files permissions X-BeenThere: freebsd-ruby@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: FreeBSD-specific Ruby discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jun 2011 18:31:23 -0000 > From: Romain Tarti=E8re > I would like to know if there is some 'standard' way for the rubygems-* > ports for fixing wrong files permissions. Not that I'm personally aware of, but other more experienced people on this list may know better. > It appears that > getopt-declare (not in the ports tree, it's a dependency of another port > I would like to push) install files in a weird fashion: >=20 > ------------------------------8<--------------------------- > =3D=3D=3D> SECURITY REPORT: > This port has installed the following world-writable files/director= ies. > /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.= 29/ge > topt-declare.gemspec > /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.= 29/sa > mples/cmdline_singles.rb > /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.= 29/sa > mples/cmdline_array.rb > /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.= 29/sa > mples/cmdline_usage.rb > /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.= 29/te > st/test_cmdline_parameters.rb > /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.= 29/RE > ADME.txt > [...] > ------------------------------8<--------------------------- >=20 > My current workaround is: >=20 > ------------------------------8<--------------------------- > post-install: > @${FIND} ${PREFIX}/${GEM_LIB_DIR} -type f -exec ${CHMOD} 444 '{}' = ';' > ------------------------------8<--------------------------- >=20 > I am not really happy with this. Is there a better way to fix this? I don't think there is an easy place other than the post-install target where you can 'patch' gems since the other stages of the port build process do little for a gem, given it's mainly a wrapper for the gem installer itself. I remember had to do similar things with a couple of gems I use personally (can't remember if I've submitted those as ports yet). The only thing I'd say is to restrict your 'fix' to just those files your 'getopt-declare' gem installs rather than make all the contents of the Gem lib dir 444 and potentially cause a headache somewhere else. So something more like (I not= e from a quick glance in my own Gem libs that they tend to be root/wheel and 644) post-install: @${FIND} ${PREFIX}/${GEM_LIB_DIR}/${PORTNAME}-${PORTVERSION} -type f -exe= c ${CHMOD} 644 '{}' ';' I'd also pop a comment in the Makefile so someone following knows why you'v= e done it. =20 > I am not used with Ruby gems packaging, and I would like to be sure that > this is a problem that should be signaled upstream before acting: is it? I've never looked at the Gem internals to see how it determines file permissions of those files it installs, but given it *appears* to be a bug you'd do well to flag it to upstream and see what they say. Regards Eric