From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Nov 14 02:50:08 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B69A71065672 for ; Sun, 14 Nov 2010 02:50:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 75E578FC16 for ; Sun, 14 Nov 2010 02:50:08 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oAE2o8Tb086329 for ; Sun, 14 Nov 2010 02:50:08 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oAE2o8xf086328; Sun, 14 Nov 2010 02:50:08 GMT (envelope-from gnats) Resent-Date: Sun, 14 Nov 2010 02:50:08 GMT Resent-Message-Id: <201011140250.oAE2o8xf086328@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, John Hein Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E2C21106566B; Sun, 14 Nov 2010 02:42:23 +0000 (UTC) (envelope-from jhein@gossamer.timing.com) Received: from mout.perfora.net (mout.perfora.net [74.208.4.195]) by mx1.freebsd.org (Postfix) with ESMTP id B0C6A8FC13; Sun, 14 Nov 2010 02:42:23 +0000 (UTC) Received: from gossamer.timing.com ([206.168.13.144]) by mrelay.perfora.net (node=mrus4) with ESMTP (Nemesis) id 0LtZUK-1OYSdw3zCW-010mpQ; Sat, 13 Nov 2010 21:42:20 -0500 Message-Id: <19679.19592.137826.440864@gossamer.timing.com> Date: Sat, 13 Nov 2010 19:42:16 -0700 From: John Hein To: FreeBSD-gnats-submit@FreeBSD.org Cc: python@FreeBSD.org Subject: ports/152224: [patch] fix installed permissions for lang/python27 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2010 02:50:08 -0000 >Number: 152224 >Category: ports >Synopsis: [patch] fix installed permissions for lang/python27 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sun Nov 14 02:50:08 UTC 2010 >Closed-Date: >Last-Modified: >Originator: John Hein >Release: >Organization: >Environment: >Description: The distribution tarball for python 2.7 has permission bits for 'others' set to 0 for the entire tarball. During install, lang/python27 copies Tools and Demo (using tar) to the installed prefix. Because of the tarball permissions, this renders them readable only by the installer (usually uid 0) or members of the installer's group (usually gid 0). Furthermore, the tar during post-install does not use --no-same-owner, so the installed files are owned by the builder, which often is not root. If using INSTALL_AS_USER, this doesn't matter. But if not using INSTALL_AS_USER (which is more common), then the common 'make && sudo make install' sequence (or some similar equivalent) will cause the files to be writable by the building user. While this probably doesn't matter that much (that just means the build user will be able to write to files that were installed by root, and more than likely the build user is trusted), it's more correct to have them owned by the installer (usually uid 0). The --no-same-owner fix should also be applied to lang/python2X (where X < 7) as well. The distribution tarball fix is not necessary for python26 (I didn't look further back than that) which has more normal permissions in its distribution tarball. >How-To-Repeat: >Fix: Fix permissions of extracted tarball for pieces that are copied during post-inastll. Use tar --no-same-owner during post-install to ensure copied files are owned by install user. --- Makefile.orig 2010-09-05 18:25:04.000000000 -0600 +++ Makefile 2010-11-13 19:39:03.000000000 -0700 @@ -146,6 +146,13 @@ CONFIGURE_ARGS+= --with-fpectl .endif +post-extract: +# The distribution tarball for python 2.7 has permission bits for 'others' +# set to 0. Later during install, we copy Tools and Demo to the installed +# prefix, so set them right here. + ${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo -type d | ${XARGS} ${CHMOD} a+rx + ${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo -type f | ${XARGS} ${CHMOD} a+r + pre-patch: ${CP} -r ${PATCH_WRKSRC}/Lib/plat-freebsd8 \ ${PATCH_WRKSRC}/Lib/plat-freebsd9 @@ -260,12 +267,12 @@ .if !defined(NOPORTDATA) @${MKDIR} ${DATADIR} @cd ${PYTHON_WRKSRC}; ${TAR} -cf - Tools | \ - (cd ${DATADIR}; ${TAR} -xf -) + (cd ${DATADIR}; ${TAR} --no-same-owner -xf -) .endif .if !defined(NOPORTEXAMPLES) @${MKDIR} ${EXAMPLESDIR} @cd ${PYTHON_WRKSRC}/Demo; ${TAR} -cf - * | \ - (cd ${EXAMPLESDIR}; ${TAR} -xf -) + (cd ${EXAMPLESDIR}; ${TAR} --no-same-owner -xf -) .endif @${CAT} ${PKGMESSAGE} >Release-Note: >Audit-Trail: >Unformatted: