From owner-freebsd-ports-bugs@FreeBSD.ORG  Sun Nov 14 02:50:08 2010
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B69A71065672
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Sun, 14 Nov 2010 02:50:08 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 75E578FC16
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Sun, 14 Nov 2010 02:50:08 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oAE2o8Tb086329
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Sun, 14 Nov 2010 02:50:08 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oAE2o8xf086328;
	Sun, 14 Nov 2010 02:50:08 GMT (envelope-from gnats)
Resent-Date: Sun, 14 Nov 2010 02:50:08 GMT
Resent-Message-Id: <201011140250.oAE2o8xf086328@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	John Hein <jhein@symmetricom.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E2C21106566B;
	Sun, 14 Nov 2010 02:42:23 +0000 (UTC)
	(envelope-from jhein@gossamer.timing.com)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.195])
	by mx1.freebsd.org (Postfix) with ESMTP id B0C6A8FC13;
	Sun, 14 Nov 2010 02:42:23 +0000 (UTC)
Received: from gossamer.timing.com ([206.168.13.144])
	by mrelay.perfora.net (node=mrus4) with ESMTP (Nemesis)
	id 0LtZUK-1OYSdw3zCW-010mpQ; Sat, 13 Nov 2010 21:42:20 -0500
Message-Id: <19679.19592.137826.440864@gossamer.timing.com>
Date: Sat, 13 Nov 2010 19:42:16 -0700
From: John Hein <jhein@symmetricom.com>
To: FreeBSD-gnats-submit@FreeBSD.org
Cc: python@FreeBSD.org
Subject: ports/152224: [patch] fix installed permissions for lang/python27
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Nov 2010 02:50:08 -0000


>Number:         152224
>Category:       ports
>Synopsis:       [patch] fix installed permissions for lang/python27
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 14 02:50:08 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     John Hein
>Release:        
>Organization:
>Environment:


>Description:

The distribution tarball for python 2.7 has permission bits for 'others'
set to 0 for the entire tarball.

During install, lang/python27 copies Tools and Demo (using tar) to the installed
prefix.  Because of the tarball permissions, this renders them readable only by
the installer (usually uid 0) or members of the installer's group (usually gid 0).

Furthermore, the tar during post-install does not use --no-same-owner,
so the installed files are owned by the builder, which often is not
root.  If using INSTALL_AS_USER, this doesn't matter.  But if not
using INSTALL_AS_USER (which is more common), then the common
'make && sudo make install' sequence (or some similar equivalent) will
cause the files to be writable by the building user.

While this probably doesn't matter that much (that just means the
build user will be able to write to files that were installed by root,
and more than likely the build user is trusted), it's more correct to
have them owned by the installer (usually uid 0).

The --no-same-owner fix should also be applied to lang/python2X (where
X < 7) as well.

The distribution tarball fix is not necessary for python26 (I didn't
look further back than that) which has more normal permissions in its
distribution tarball.


>How-To-Repeat:
>Fix:

Fix permissions of extracted tarball for pieces that are copied
during post-inastll.

Use tar --no-same-owner during post-install to ensure copied files
are owned by install user.

--- Makefile.orig	2010-09-05 18:25:04.000000000 -0600
+++ Makefile	2010-11-13 19:39:03.000000000 -0700
@@ -146,6 +146,13 @@
 CONFIGURE_ARGS+=	--with-fpectl
 .endif
 
+post-extract:
+# The distribution tarball for python 2.7 has permission bits for 'others'
+# set to 0.  Later during install, we copy Tools and Demo to the installed
+# prefix, so set them right here.
+	${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo -type d | ${XARGS} ${CHMOD} a+rx
+	${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo -type f | ${XARGS} ${CHMOD} a+r
+
 pre-patch:
 	${CP} -r ${PATCH_WRKSRC}/Lib/plat-freebsd8 \
 		${PATCH_WRKSRC}/Lib/plat-freebsd9
@@ -260,12 +267,12 @@
 .if !defined(NOPORTDATA)
 	@${MKDIR} ${DATADIR}
 	@cd ${PYTHON_WRKSRC}; ${TAR} -cf - Tools | \
-		(cd ${DATADIR}; ${TAR} -xf -)
+		(cd ${DATADIR}; ${TAR} --no-same-owner -xf -)
 .endif
 .if !defined(NOPORTEXAMPLES)
 	@${MKDIR} ${EXAMPLESDIR}
 	@cd ${PYTHON_WRKSRC}/Demo; ${TAR} -cf - * | \
-		(cd ${EXAMPLESDIR}; ${TAR} -xf -)
+		(cd ${EXAMPLESDIR}; ${TAR} --no-same-owner -xf -)
 .endif
 
 	@${CAT} ${PKGMESSAGE}

>Release-Note:
>Audit-Trail:
>Unformatted: