Date: Tue, 07 Jun 2011 19:31:13 +0100 From: Eric <freebsdlists-ruby@chillibear.com> To: Romain =?ISO-8859-1?B?VGFydGnocmU=?= <romain@FreeBSD.org>, <ruby@freebsd.org> Subject: Re: Fixing gem files permissions Message-ID: <CA142D01.1F5AD%freebsdlists-ruby@chillibear.com> In-Reply-To: <20110606160931.GA17343@blogreen.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: Romain Tarti=E8re <romain@FreeBSD.org> > I would like to know if there is some 'standard' way for the rubygems-* > ports for fixing wrong files permissions. Not that I'm personally aware of, but other more experienced people on this list may know better. > It appears that > getopt-declare (not in the ports tree, it's a dependency of another port > I would like to push) install files in a weird fashion: >=20 > ------------------------------8<--------------------------- > =3D=3D=3D> SECURITY REPORT: > This port has installed the following world-writable files/director= ies. > /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.= 29/ge > topt-declare.gemspec > /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.= 29/sa > mples/cmdline_singles.rb > /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.= 29/sa > mples/cmdline_array.rb > /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.= 29/sa > mples/cmdline_usage.rb > /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.= 29/te > st/test_cmdline_parameters.rb > /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.= 29/RE > ADME.txt > [...] > ------------------------------8<--------------------------- >=20 > My current workaround is: >=20 > ------------------------------8<--------------------------- > post-install: > @${FIND} ${PREFIX}/${GEM_LIB_DIR} -type f -exec ${CHMOD} 444 '{}' = ';' > ------------------------------8<--------------------------- >=20 > I am not really happy with this. Is there a better way to fix this? I don't think there is an easy place other than the post-install target where you can 'patch' gems since the other stages of the port build process do little for a gem, given it's mainly a wrapper for the gem installer itself. I remember had to do similar things with a couple of gems I use personally (can't remember if I've submitted those as ports yet). The only thing I'd say is to restrict your 'fix' to just those files your 'getopt-declare' gem installs rather than make all the contents of the Gem lib dir 444 and potentially cause a headache somewhere else. So something more like (I not= e from a quick glance in my own Gem libs that they tend to be root/wheel and 644) post-install: @${FIND} ${PREFIX}/${GEM_LIB_DIR}/${PORTNAME}-${PORTVERSION} -type f -exe= c ${CHMOD} 644 '{}' ';' I'd also pop a comment in the Makefile so someone following knows why you'v= e done it. =20 > I am not used with Ruby gems packaging, and I would like to be sure that > this is a problem that should be signaled upstream before acting: is it? I've never looked at the Gem internals to see how it determines file permissions of those files it installs, but given it *appears* to be a bug you'd do well to flag it to upstream and see what they say. Regards Eric
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA142D01.1F5AD%freebsdlists-ruby>