* Using ``chmod'' in build phases
@ 2018-01-02 14:36 Alex Vong
2018-01-02 16:28 ` ng0
2018-01-04 8:33 ` Mark H Weaver
0 siblings, 2 replies; 5+ messages in thread
From: Alex Vong @ 2018-01-02 14:36 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1: Type: text/plain, Size: 11799 bytes --]
Hello,
Running ``LC_ALL=C grep -r chmod'' on ``guix/gnu/packages'', gives the
following result. As you can see, various modes are used, such as 644,
755, 555, 666, 777, 664. Do we have a guide on which mode should be
prefered? I personally always used 644 for non-executable files, and 755
for directories and executable files. Any idea?
networking.scm: (chmod "." #o755)
commencement.scm: (chmod program #o555))
Binary file admin.go matches
Binary file fpga.go matches
mail.scm: (chmod "mb2md" #o555))
Binary file ssh.go matches
Binary file package-management.go matches
irc.scm: (("/bin/chmod") "chmod")
irc.scm: ;; Furthermore bsdinstalls has a reference to /etc/chmod here, which
irc.scm: (("/bin/chmod") "chmod")
patches/libbase-use-own-logging.patch: // We do an explicit fchmod here because we assume that the caller really
patches/libbase-use-own-logging.patch: if (fchmod(fd, mode) == -1) {
patches/libbase-use-own-logging.patch:- ALOGE("android::WriteStringToFile fchmod failed: %s", strerror(errno));
patches/libbase-use-own-logging.patch:+ PLOG(ERROR) << "android::WriteStringToFile fchmod failed";
patches/findutils-localstatedir.patch: chmod +x $@
patches/nss-pkgconfig.patch:+ chmod 0644 nss.pc
patches/nss-pkgconfig.patch:+ chmod 0755 nss-config
patches/4store-fix-buildsystem.patch:! chmod 1777 $(DESTDIR)@FS_STORE_ROOT@
patches/cdrtools-3.01-mkisofs-isoinfo.patch:- fchmodat(AT_FDCWD, fname, fstat_buf.st_mode, AT_SYMLINK_NOFOLLOW);
patches/cdrtools-3.01-mkisofs-isoinfo.patch:+ fchmodat(AT_FDCWD, fname, fstat_buf.st_mode, AT_SYMLINK_NOFOLLOW);
patches/tcsh-fix-autotest.patch: chmod a+x args.sh
patches/tcsh-fix-autotest.patch:-chmod a+x script.sh subdir/script.sh
patches/tcsh-fix-autotest.patch:+#chmod a+x script.sh subdir/script.sh
patches/perl-file-path-CVE-2017-6512.patch:https://anonscm.debian.org/cgit/perl/perl.git/diff/debian/patches/fixes/file_path_chmod_race.diff?id=e7b50f8fb6413f8ddfbbfda2d531615fb029e2d3
patches/perl-file-path-CVE-2017-6512.patch:Subject: Prevent directory chmod race attack.
patches/perl-file-path-CVE-2017-6512.patch:CVE-2017-6512 is a race condition attack where the chmod() of directories
patches/perl-file-path-CVE-2017-6512.patch:the directory-permission loosening logic to systems where fchmod() is
patches/perl-file-path-CVE-2017-6512.patch:Patch-Name: fixes/file_path_chmod_race.diff
patches/perl-file-path-CVE-2017-6512.patch:- or chmod( $nperm, $root )
patches/perl-file-path-CVE-2017-6512.patch:+ # This uses fchmod to avoid traversing outside of the proper
patches/perl-file-path-CVE-2017-6512.patch:+ or eval { chmod( $nperm, $root_fh ) }
patches/perl-file-path-CVE-2017-6512.patch:+my $fchmod_supported = 0;
patches/perl-file-path-CVE-2017-6512.patch:+ eval { $fchmod_supported = chmod( $perm, $fh); };
patches/perl-file-path-CVE-2017-6512.patch:+ skip "fchmod of directories not supported on this platform", 3 unless $fchmod_supported;
patches/perl-file-path-CVE-2017-6512.patch: # http://perldoc.perl.org/perlport.html#chmod
patches/perl-file-path-CVE-2017-6512.patch: skip "Windows chmod test skipped", $skip_count
patches/perl-file-path-CVE-2017-6512.patch:+ skip "fchmod() on directories is not supported on this platform", $skip_count
patches/perl-file-path-CVE-2017-6512.patch:+ unless $fchmod_supported;
patches/perl-file-path-CVE-2017-6512.patch:- $dir = catdir($tmp_base, 'chmod_test');
patches/perl-file-path-CVE-2017-6512.patch:+ $dir = catdir($tmp_base, sprintf("chmod_test%04o", $input));
patches/portmidi-modular-build.patch:- COMMAND chmod +x pmdefaults/pmdefaults
patches/byobu-writable-status.patch:+ chmod +w "$BYOBU_CONFIG_DIR/$f"
patches/proot-test-fhs.patch:@@ -34,7 +34,7 @@ chmod +x ${ROOTFS}/${TMP_ABS}
patches/rsync-CVE-2017-17434-pt2.patch: extern struct chmod_mode_struct *daemon_chmod_modes;
Binary file tex.go matches
Binary file networking.go matches
virtualization.scm: (chmod "samba-wrapper" #o755)
Binary file graphviz.go matches
tex.scm: "batchmode; "
tex.scm: "batchmode; "
tex.scm: "batchmode; "
tex.scm: (and (zero? (system* "luatex" "-ini" "-interaction=batchmode"
tex.scm: (zero? (system* "tex" "-ini" "-interaction=batchmode"
tex.scm: (zero? (system* "latex" "-ini" "-interaction=batchmode"
tex.scm: (zero? (system* format "-ini" "-interaction=batchmode"
tex.scm: (zero? (system* "luatex" "-ini" "-interaction=batchmode"
tex.scm: "batchmode; "
tex.scm: "batchmode; "
Binary file autotools.go matches
ssh.scm: (chmod (string-append (assoc-ref outputs "out")
Binary file python.go matches
Binary file maths.go matches
cups.scm: (for-each (lambda (file) (chmod file #o644))
cups.scm: (for-each (lambda (file) (chmod file #o644))
axoloti.scm: (chmod target #o555))
python.scm: (chmod file #o755))
python.scm: (chmod new #o755)
Binary file wget.go matches
Binary file bioinformatics.go matches
kodi.scm: (("autoreconf -vif") "chmod -R u+w ."))
Binary file perl.go matches
c.scm: (chmod port #o777)))
Binary file axoloti.go matches
Binary file ocaml.go matches
ocaml.scm: (chmod "src/strings.ml" #o600)
conkeror.scm: (chmod launcher #o555)))))))
Binary file java.go matches
Binary file emacs.go matches
text-editors.scm: (zero? (system* "chmod" "-R" "u+w" "../test")))))))
nvi.scm: (chmod "configure" #o0755)))))
disk.scm: (chmod exe #o555)
Binary file backup.go matches
Binary file music.go matches
audio.scm: (chmod file #o644))
music.scm: (chmod (string-append out "/share/Aria/Documentation") #o555)
music.scm: (chmod (string-append out "/share/Aria/score") #o555)
music.scm: (chmod (string-append bin "/tuxguitar") #o555)
music.scm: (for-each (cut chmod <> #o644)
Binary file zile.go matches
emacs.scm: (chmod exwm-executable #o555)
emacs.scm: (chmod exwm-executable #o555)
perl.scm: (chmod dso #o755))
perl.scm: (chmod "blib/arch/auto/Digest/MD5/MD5.so" #o755))))))
Binary file bootstrap.go matches
tls.scm: (chmod file #o644))
certs.scm: (chmod "certdata2pem.py" #o555)
java.scm: (chmod target #o755)
java.scm: (chmod (string-append bin tool) #o755))
java.scm: (chmod target #o755)
java.scm: (string-append line "; chmod -R u+w $(BOOT_DIR)")))
java.scm: (zero? (system* "chmod" "-R" "u+w" "openjdk"))
java.scm: (("/bin/chmod") (which "chmod")))
java.scm: ;; The cacerts files we are going to overwrite are chmod'ed as
java.scm: (chmod (string-append (assoc-ref outputs "out")
java.scm: (chmod (string-append (assoc-ref outputs "jdk")
java.scm: (chmod (string-append bin "/antlr3") #o755))))
java.scm: (chmod (string-append bin "/antlr3") #o755)
java.scm: (chmod (string-append bin "/antlr3") #o755))))
java.scm: (chmod (string-append bin "/mvel2") #o755))
backup.scm: (chmod target-file-location #o755)
Binary file c.go matches
linux.scm: (chmod ".config" #o666))
linux.scm: (chmod file #o666))
linux.scm: (chmod "e2fsck" #o555))))))
linux.scm: (chmod "zerofree" #o555)
linux.scm: (chmod file #o755))
linux.scm: (chmod target #o555)))))
Binary file kodi.go matches
Binary file monitoring.go matches
Binary file virtualization.go matches
Binary file audio.go matches
Binary file certs.go matches
fpga.scm: (zero? (system* "chmod" "+w" "abc/abc")))))
Binary file tls.go matches
package-management.scm: (chmod po #o666))
Binary file text-editors.go matches
Binary file commencement.go matches
uml.scm: (chmod wrapper #o555))
Binary file disk.go matches
Binary file graphics.go matches
graphviz.scm: (chmod "test/boolean/test.sh" #o777))
web.scm: (chmod "woof" #o555))
Binary file netpbm.go matches
bootloaders.scm: (zero? (system* "chmod" "a+w" "utils/isohybrid.in"))))
Binary file uml.go matches
bootstrap.scm: (chmod bin-dir #o755)
bootstrap.scm: (chmod guile #o555)
bootstrap.scm: (chmod bin-dir #o555))))))
bootstrap.scm: (chmod "bin" #o755)
bootstrap.scm: (chmod "bin" #o555)
bootstrap.scm: (chmod "lib" #o755)
bootstrap.scm: (chmod "." #o755)
bootstrap.scm: (chmod "gcc" #o555))))))
engineering.scm: (chmod (string-append out "/bin/" script) #o555)))
Binary file conkeror.go matches
Binary file bootstrap/x86_64-linux/mkdir matches
Binary file bootstrap/armhf-linux/mkdir matches
Binary file bootstrap/i686-linux/mkdir matches
Binary file bootstrap/mips64el-linux/mkdir matches
Binary file bootstrap/aarch64-linux/mkdir matches
Binary file readline.go matches
Binary file games.go matches
Binary file irc.go matches
readline.scm: (for-each (lambda (f) (chmod f #o755))
readline.scm: (for-each (lambda (f) (chmod f #o644))
wget.scm: (chmod file #o755))
games.scm: (chmod (string-append bin "/roguebox-adventures") #o555)
games.scm: (chmod port #o777)))))
games.scm: (chmod "redeclipse_linux" #o555)
games.scm: (chmod "redeclipse_server_linux" #o555)))
games.scm: (chmod higan #o555)
games.scm: (chmod prog #o755)
games.scm: (chmod wrapper #o555)
zile.scm: (chmod file #o755))
lisp.scm: (chmod wrapper #o755))
lisp.scm: (chmod script #o755)
Binary file base.go matches
Binary file cups.go matches
bioinformatics.scm: (chmod wrapper #o555)))))))
bioinformatics.scm: (chmod (string-append target "GESS.py") #o555)
bioinformatics.scm: (chmod "_pytadbit/_version.py" #o664)
bioinformatics.scm: (chmod "README.rst" #o664)
autotools.scm: (chmod (string-append bin "/autoconf") #o555)))))))
Binary file nvi.go matches
monitoring.scm: (("chmod g\\+s.*" all)
Binary file web.go matches
version-control.scm: (chmod new #o555))
admin.scm: (chmod "bind/bind.tar.gz" #o644)
Binary file linux.go matches
graphics.scm: (chmod "brdf" #o555))))))))
Binary file bootloaders.go matches
Binary file version-control.go matches
base.scm: (chmod ld #o555)
Binary file mail.go matches
netpbm.scm: (chmod "config.mk" #o664)
simulation.scm: ;; 'chmod' step is needed before running the applications. For
simulation.scm: ;; $ chmod -R u+w .
Binary file lisp.go matches
maths.scm: (chmod "src/maxima" #o555)
maths.scm: (chmod wrapper #o555))))
Binary file engineering.go matches
Cheers,
Alex
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Using ``chmod'' in build phases
2018-01-02 14:36 Using ``chmod'' in build phases Alex Vong
@ 2018-01-02 16:28 ` ng0
2018-01-04 13:05 ` Alex Vong
2018-01-04 8:33 ` Mark H Weaver
1 sibling, 1 reply; 5+ messages in thread
From: ng0 @ 2018-01-02 16:28 UTC (permalink / raw)
To: Alex Vong; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 12708 bytes --]
Alex Vong transcribed 12K bytes:
> Hello,
>
> Running ``LC_ALL=C grep -r chmod'' on ``guix/gnu/packages'', gives the
> following result. As you can see, various modes are used, such as 644,
> 755, 555, 666, 777, 664.
> Do we have a guide on which mode should be
> prefered?
As far as I know we don't have such a guide. If someone would write one,
it should go into the Contributing chapter imo.
> I personally always used 644 for non-executable files, and 755
> for directories and executable files. Any idea?
>
>
> networking.scm: (chmod "." #o755)
> commencement.scm: (chmod program #o555))
> Binary file admin.go matches
> Binary file fpga.go matches
> mail.scm: (chmod "mb2md" #o555))
> Binary file ssh.go matches
> Binary file package-management.go matches
> irc.scm: (("/bin/chmod") "chmod")
> irc.scm: ;; Furthermore bsdinstalls has a reference to /etc/chmod here, which
> irc.scm: (("/bin/chmod") "chmod")
> patches/libbase-use-own-logging.patch: // We do an explicit fchmod here because we assume that the caller really
> patches/libbase-use-own-logging.patch: if (fchmod(fd, mode) == -1) {
> patches/libbase-use-own-logging.patch:- ALOGE("android::WriteStringToFile fchmod failed: %s", strerror(errno));
> patches/libbase-use-own-logging.patch:+ PLOG(ERROR) << "android::WriteStringToFile fchmod failed";
> patches/findutils-localstatedir.patch: chmod +x $@
> patches/nss-pkgconfig.patch:+ chmod 0644 nss.pc
> patches/nss-pkgconfig.patch:+ chmod 0755 nss-config
> patches/4store-fix-buildsystem.patch:! chmod 1777 $(DESTDIR)@FS_STORE_ROOT@
> patches/cdrtools-3.01-mkisofs-isoinfo.patch:- fchmodat(AT_FDCWD, fname, fstat_buf.st_mode, AT_SYMLINK_NOFOLLOW);
> patches/cdrtools-3.01-mkisofs-isoinfo.patch:+ fchmodat(AT_FDCWD, fname, fstat_buf.st_mode, AT_SYMLINK_NOFOLLOW);
> patches/tcsh-fix-autotest.patch: chmod a+x args.sh
> patches/tcsh-fix-autotest.patch:-chmod a+x script.sh subdir/script.sh
> patches/tcsh-fix-autotest.patch:+#chmod a+x script.sh subdir/script.sh
> patches/perl-file-path-CVE-2017-6512.patch:https://anonscm.debian.org/cgit/perl/perl.git/diff/debian/patches/fixes/file_path_chmod_race.diff?id=e7b50f8fb6413f8ddfbbfda2d531615fb029e2d3
> patches/perl-file-path-CVE-2017-6512.patch:Subject: Prevent directory chmod race attack.
> patches/perl-file-path-CVE-2017-6512.patch:CVE-2017-6512 is a race condition attack where the chmod() of directories
> patches/perl-file-path-CVE-2017-6512.patch:the directory-permission loosening logic to systems where fchmod() is
> patches/perl-file-path-CVE-2017-6512.patch:Patch-Name: fixes/file_path_chmod_race.diff
> patches/perl-file-path-CVE-2017-6512.patch:- or chmod( $nperm, $root )
> patches/perl-file-path-CVE-2017-6512.patch:+ # This uses fchmod to avoid traversing outside of the proper
> patches/perl-file-path-CVE-2017-6512.patch:+ or eval { chmod( $nperm, $root_fh ) }
> patches/perl-file-path-CVE-2017-6512.patch:+my $fchmod_supported = 0;
> patches/perl-file-path-CVE-2017-6512.patch:+ eval { $fchmod_supported = chmod( $perm, $fh); };
> patches/perl-file-path-CVE-2017-6512.patch:+ skip "fchmod of directories not supported on this platform", 3 unless $fchmod_supported;
> patches/perl-file-path-CVE-2017-6512.patch: # http://perldoc.perl.org/perlport.html#chmod
> patches/perl-file-path-CVE-2017-6512.patch: skip "Windows chmod test skipped", $skip_count
> patches/perl-file-path-CVE-2017-6512.patch:+ skip "fchmod() on directories is not supported on this platform", $skip_count
> patches/perl-file-path-CVE-2017-6512.patch:+ unless $fchmod_supported;
> patches/perl-file-path-CVE-2017-6512.patch:- $dir = catdir($tmp_base, 'chmod_test');
> patches/perl-file-path-CVE-2017-6512.patch:+ $dir = catdir($tmp_base, sprintf("chmod_test%04o", $input));
> patches/portmidi-modular-build.patch:- COMMAND chmod +x pmdefaults/pmdefaults
> patches/byobu-writable-status.patch:+ chmod +w "$BYOBU_CONFIG_DIR/$f"
> patches/proot-test-fhs.patch:@@ -34,7 +34,7 @@ chmod +x ${ROOTFS}/${TMP_ABS}
> patches/rsync-CVE-2017-17434-pt2.patch: extern struct chmod_mode_struct *daemon_chmod_modes;
> Binary file tex.go matches
> Binary file networking.go matches
> virtualization.scm: (chmod "samba-wrapper" #o755)
> Binary file graphviz.go matches
> tex.scm: "batchmode; "
> tex.scm: "batchmode; "
> tex.scm: "batchmode; "
> tex.scm: (and (zero? (system* "luatex" "-ini" "-interaction=batchmode"
> tex.scm: (zero? (system* "tex" "-ini" "-interaction=batchmode"
> tex.scm: (zero? (system* "latex" "-ini" "-interaction=batchmode"
> tex.scm: (zero? (system* format "-ini" "-interaction=batchmode"
> tex.scm: (zero? (system* "luatex" "-ini" "-interaction=batchmode"
> tex.scm: "batchmode; "
> tex.scm: "batchmode; "
> Binary file autotools.go matches
> ssh.scm: (chmod (string-append (assoc-ref outputs "out")
> Binary file python.go matches
> Binary file maths.go matches
> cups.scm: (for-each (lambda (file) (chmod file #o644))
> cups.scm: (for-each (lambda (file) (chmod file #o644))
> axoloti.scm: (chmod target #o555))
> python.scm: (chmod file #o755))
> python.scm: (chmod new #o755)
> Binary file wget.go matches
> Binary file bioinformatics.go matches
> kodi.scm: (("autoreconf -vif") "chmod -R u+w ."))
> Binary file perl.go matches
> c.scm: (chmod port #o777)))
> Binary file axoloti.go matches
> Binary file ocaml.go matches
> ocaml.scm: (chmod "src/strings.ml" #o600)
> conkeror.scm: (chmod launcher #o555)))))))
> Binary file java.go matches
> Binary file emacs.go matches
> text-editors.scm: (zero? (system* "chmod" "-R" "u+w" "../test")))))))
> nvi.scm: (chmod "configure" #o0755)))))
> disk.scm: (chmod exe #o555)
> Binary file backup.go matches
> Binary file music.go matches
> audio.scm: (chmod file #o644))
> music.scm: (chmod (string-append out "/share/Aria/Documentation") #o555)
> music.scm: (chmod (string-append out "/share/Aria/score") #o555)
> music.scm: (chmod (string-append bin "/tuxguitar") #o555)
> music.scm: (for-each (cut chmod <> #o644)
> Binary file zile.go matches
> emacs.scm: (chmod exwm-executable #o555)
> emacs.scm: (chmod exwm-executable #o555)
> perl.scm: (chmod dso #o755))
> perl.scm: (chmod "blib/arch/auto/Digest/MD5/MD5.so" #o755))))))
> Binary file bootstrap.go matches
> tls.scm: (chmod file #o644))
> certs.scm: (chmod "certdata2pem.py" #o555)
> java.scm: (chmod target #o755)
> java.scm: (chmod (string-append bin tool) #o755))
> java.scm: (chmod target #o755)
> java.scm: (string-append line "; chmod -R u+w $(BOOT_DIR)")))
> java.scm: (zero? (system* "chmod" "-R" "u+w" "openjdk"))
> java.scm: (("/bin/chmod") (which "chmod")))
> java.scm: ;; The cacerts files we are going to overwrite are chmod'ed as
> java.scm: (chmod (string-append (assoc-ref outputs "out")
> java.scm: (chmod (string-append (assoc-ref outputs "jdk")
> java.scm: (chmod (string-append bin "/antlr3") #o755))))
> java.scm: (chmod (string-append bin "/antlr3") #o755)
> java.scm: (chmod (string-append bin "/antlr3") #o755))))
> java.scm: (chmod (string-append bin "/mvel2") #o755))
> backup.scm: (chmod target-file-location #o755)
> Binary file c.go matches
> linux.scm: (chmod ".config" #o666))
> linux.scm: (chmod file #o666))
> linux.scm: (chmod "e2fsck" #o555))))))
> linux.scm: (chmod "zerofree" #o555)
> linux.scm: (chmod file #o755))
> linux.scm: (chmod target #o555)))))
> Binary file kodi.go matches
> Binary file monitoring.go matches
> Binary file virtualization.go matches
> Binary file audio.go matches
> Binary file certs.go matches
> fpga.scm: (zero? (system* "chmod" "+w" "abc/abc")))))
> Binary file tls.go matches
> package-management.scm: (chmod po #o666))
> Binary file text-editors.go matches
> Binary file commencement.go matches
> uml.scm: (chmod wrapper #o555))
> Binary file disk.go matches
> Binary file graphics.go matches
> graphviz.scm: (chmod "test/boolean/test.sh" #o777))
> web.scm: (chmod "woof" #o555))
> Binary file netpbm.go matches
> bootloaders.scm: (zero? (system* "chmod" "a+w" "utils/isohybrid.in"))))
> Binary file uml.go matches
> bootstrap.scm: (chmod bin-dir #o755)
> bootstrap.scm: (chmod guile #o555)
> bootstrap.scm: (chmod bin-dir #o555))))))
> bootstrap.scm: (chmod "bin" #o755)
> bootstrap.scm: (chmod "bin" #o555)
> bootstrap.scm: (chmod "lib" #o755)
> bootstrap.scm: (chmod "." #o755)
> bootstrap.scm: (chmod "gcc" #o555))))))
> engineering.scm: (chmod (string-append out "/bin/" script) #o555)))
> Binary file conkeror.go matches
> Binary file bootstrap/x86_64-linux/mkdir matches
> Binary file bootstrap/armhf-linux/mkdir matches
> Binary file bootstrap/i686-linux/mkdir matches
> Binary file bootstrap/mips64el-linux/mkdir matches
> Binary file bootstrap/aarch64-linux/mkdir matches
> Binary file readline.go matches
> Binary file games.go matches
> Binary file irc.go matches
> readline.scm: (for-each (lambda (f) (chmod f #o755))
> readline.scm: (for-each (lambda (f) (chmod f #o644))
> wget.scm: (chmod file #o755))
> games.scm: (chmod (string-append bin "/roguebox-adventures") #o555)
> games.scm: (chmod port #o777)))))
> games.scm: (chmod "redeclipse_linux" #o555)
> games.scm: (chmod "redeclipse_server_linux" #o555)))
> games.scm: (chmod higan #o555)
> games.scm: (chmod prog #o755)
> games.scm: (chmod wrapper #o555)
> zile.scm: (chmod file #o755))
> lisp.scm: (chmod wrapper #o755))
> lisp.scm: (chmod script #o755)
> Binary file base.go matches
> Binary file cups.go matches
> bioinformatics.scm: (chmod wrapper #o555)))))))
> bioinformatics.scm: (chmod (string-append target "GESS.py") #o555)
> bioinformatics.scm: (chmod "_pytadbit/_version.py" #o664)
> bioinformatics.scm: (chmod "README.rst" #o664)
> autotools.scm: (chmod (string-append bin "/autoconf") #o555)))))))
> Binary file nvi.go matches
> monitoring.scm: (("chmod g\\+s.*" all)
> Binary file web.go matches
> version-control.scm: (chmod new #o555))
> admin.scm: (chmod "bind/bind.tar.gz" #o644)
> Binary file linux.go matches
> graphics.scm: (chmod "brdf" #o555))))))))
> Binary file bootloaders.go matches
> Binary file version-control.go matches
> base.scm: (chmod ld #o555)
> Binary file mail.go matches
> netpbm.scm: (chmod "config.mk" #o664)
> simulation.scm: ;; 'chmod' step is needed before running the applications. For
> simulation.scm: ;; $ chmod -R u+w .
> Binary file lisp.go matches
> maths.scm: (chmod "src/maxima" #o555)
> maths.scm: (chmod wrapper #o555))))
> Binary file engineering.go matches
>
>
> Cheers,
> Alex
--
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys
WWW: https://n0.is
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Using ``chmod'' in build phases
2018-01-02 14:36 Using ``chmod'' in build phases Alex Vong
2018-01-02 16:28 ` ng0
@ 2018-01-04 8:33 ` Mark H Weaver
2018-01-04 18:06 ` Alex Vong
1 sibling, 1 reply; 5+ messages in thread
From: Mark H Weaver @ 2018-01-04 8:33 UTC (permalink / raw)
To: Alex Vong; +Cc: guix-devel
Alex Vong <alexvong1995@gmail.com> writes:
> Running ``LC_ALL=C grep -r chmod'' on ``guix/gnu/packages'', gives the
> following result. As you can see, various modes are used, such as 644,
> 755, 555, 666, 777, 664. Do we have a guide on which mode should be
> prefered? I personally always used 644 for non-executable files, and 755
> for directories and executable files. Any idea?
I agree that it would be good to have some guidelines for this, and for
most purposes, I agree that 644 and 755 are good choices. In some
cases, it might make more sense to use 444 or 555. It's probably
inadvisable to use 666 or 777.
However, it should be noted that when files are added to the store,
their modes are canonicalized to one of only two possible values: 444
and 555. Directories in the store always have mode 555. In the NAR
format, there's only one permission bit (executable) stored per file,
and none for directories. For details, see section 5.2.1 (File system
objects) in the Eelco Dolstra's thesis "The Purely Functional Software
Deployment Model".
Mark
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Using ``chmod'' in build phases
2018-01-02 16:28 ` ng0
@ 2018-01-04 13:05 ` Alex Vong
0 siblings, 0 replies; 5+ messages in thread
From: Alex Vong @ 2018-01-04 13:05 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1: Type: text/plain, Size: 12649 bytes --]
ng0 <ng0@n0.is> writes:
> Alex Vong transcribed 12K bytes:
>> Hello,
>>
>> Running ``LC_ALL=C grep -r chmod'' on ``guix/gnu/packages'', gives the
>> following result. As you can see, various modes are used, such as 644,
>> 755, 555, 666, 777, 664.
>
>> Do we have a guide on which mode should be
>> prefered?
>
> As far as I know we don't have such a guide. If someone would write one,
> it should go into the Contributing chapter imo.
>
Agree, we should add it to the manual after we have a consensus.
>> I personally always used 644 for non-executable files, and 755
>> for directories and executable files. Any idea?
>>
>>
>> networking.scm: (chmod "." #o755)
>> commencement.scm: (chmod program #o555))
>> Binary file admin.go matches
>> Binary file fpga.go matches
>> mail.scm: (chmod "mb2md" #o555))
>> Binary file ssh.go matches
>> Binary file package-management.go matches
>> irc.scm: (("/bin/chmod") "chmod")
>> irc.scm: ;; Furthermore bsdinstalls has a reference to /etc/chmod
>> here, which
>> irc.scm: (("/bin/chmod") "chmod")
>> patches/libbase-use-own-logging.patch: // We do an explicit fchmod
>> here because we assume that the caller really
>> patches/libbase-use-own-logging.patch: if (fchmod(fd, mode) == -1) {
>> patches/libbase-use-own-logging.patch:-
>> ALOGE("android::WriteStringToFile fchmod failed: %s",
>> strerror(errno));
>> patches/libbase-use-own-logging.patch:+ PLOG(ERROR) <<
>> "android::WriteStringToFile fchmod failed";
>> patches/findutils-localstatedir.patch: chmod +x $@
>> patches/nss-pkgconfig.patch:+ chmod 0644 nss.pc
>> patches/nss-pkgconfig.patch:+ chmod 0755 nss-config
>> patches/4store-fix-buildsystem.patch:! chmod 1777
>> $(DESTDIR)@FS_STORE_ROOT@
>> patches/cdrtools-3.01-mkisofs-isoinfo.patch:- fchmodat(AT_FDCWD,
>> fname, fstat_buf.st_mode, AT_SYMLINK_NOFOLLOW);
>> patches/cdrtools-3.01-mkisofs-isoinfo.patch:+ fchmodat(AT_FDCWD,
>> fname, fstat_buf.st_mode, AT_SYMLINK_NOFOLLOW);
>> patches/tcsh-fix-autotest.patch: chmod a+x args.sh
>> patches/tcsh-fix-autotest.patch:-chmod a+x script.sh subdir/script.sh
>> patches/tcsh-fix-autotest.patch:+#chmod a+x script.sh subdir/script.sh
>> patches/perl-file-path-CVE-2017-6512.patch:https://anonscm.debian.org/cgit/perl/perl.git/diff/debian/patches/fixes/file_path_chmod_race.diff?id=e7b50f8fb6413f8ddfbbfda2d531615fb029e2d3
>> patches/perl-file-path-CVE-2017-6512.patch:Subject: Prevent
>> directory chmod race attack.
>> patches/perl-file-path-CVE-2017-6512.patch:CVE-2017-6512 is a race
>> condition attack where the chmod() of directories
>> patches/perl-file-path-CVE-2017-6512.patch:the directory-permission
>> loosening logic to systems where fchmod() is
>> patches/perl-file-path-CVE-2017-6512.patch:Patch-Name:
>> fixes/file_path_chmod_race.diff
>> patches/perl-file-path-CVE-2017-6512.patch:- or chmod( $nperm, $root
>> )
>> patches/perl-file-path-CVE-2017-6512.patch:+ # This uses fchmod to
>> avoid traversing outside of the proper
>> patches/perl-file-path-CVE-2017-6512.patch:+ or eval { chmod(
>> $nperm, $root_fh ) }
>> patches/perl-file-path-CVE-2017-6512.patch:+my $fchmod_supported = 0;
>> patches/perl-file-path-CVE-2017-6512.patch:+ eval {
>> $fchmod_supported = chmod( $perm, $fh); };
>> patches/perl-file-path-CVE-2017-6512.patch:+ skip "fchmod of
>> directories not supported on this platform", 3 unless
>> $fchmod_supported;
>> patches/perl-file-path-CVE-2017-6512.patch: #
>> http://perldoc.perl.org/perlport.html#chmod
>> patches/perl-file-path-CVE-2017-6512.patch: skip "Windows chmod test
>> skipped", $skip_count
>> patches/perl-file-path-CVE-2017-6512.patch:+ skip "fchmod() on
>> directories is not supported on this platform", $skip_count
>> patches/perl-file-path-CVE-2017-6512.patch:+ unless $fchmod_supported;
>> patches/perl-file-path-CVE-2017-6512.patch:- $dir =
>> catdir($tmp_base, 'chmod_test');
>> patches/perl-file-path-CVE-2017-6512.patch:+ $dir =
>> catdir($tmp_base, sprintf("chmod_test%04o", $input));
>> patches/portmidi-modular-build.patch:- COMMAND chmod +x
>> pmdefaults/pmdefaults
>> patches/byobu-writable-status.patch:+ chmod +w "$BYOBU_CONFIG_DIR/$f"
>> patches/proot-test-fhs.patch:@@ -34,7 +34,7 @@ chmod +x ${ROOTFS}/${TMP_ABS}
>> patches/rsync-CVE-2017-17434-pt2.patch: extern struct
>> chmod_mode_struct *daemon_chmod_modes;
>> Binary file tex.go matches
>> Binary file networking.go matches
>> virtualization.scm: (chmod "samba-wrapper" #o755)
>> Binary file graphviz.go matches
>> tex.scm: "batchmode; "
>> tex.scm: "batchmode; "
>> tex.scm: "batchmode; "
>> tex.scm: (and (zero? (system* "luatex" "-ini"
>> "-interaction=batchmode"
>> tex.scm: (zero? (system* "tex" "-ini" "-interaction=batchmode"
>> tex.scm: (zero? (system* "latex" "-ini" "-interaction=batchmode"
>> tex.scm: (zero? (system* format "-ini" "-interaction=batchmode"
>> tex.scm: (zero? (system* "luatex" "-ini" "-interaction=batchmode"
>> tex.scm: "batchmode; "
>> tex.scm: "batchmode; "
>> Binary file autotools.go matches
>> ssh.scm: (chmod (string-append (assoc-ref outputs "out")
>> Binary file python.go matches
>> Binary file maths.go matches
>> cups.scm: (for-each (lambda (file) (chmod file #o644))
>> cups.scm: (for-each (lambda (file) (chmod file #o644))
>> axoloti.scm: (chmod target #o555))
>> python.scm: (chmod file #o755))
>> python.scm: (chmod new #o755)
>> Binary file wget.go matches
>> Binary file bioinformatics.go matches
>> kodi.scm: (("autoreconf -vif") "chmod -R u+w ."))
>> Binary file perl.go matches
>> c.scm: (chmod port #o777)))
>> Binary file axoloti.go matches
>> Binary file ocaml.go matches
>> ocaml.scm: (chmod "src/strings.ml" #o600)
>> conkeror.scm: (chmod launcher #o555)))))))
>> Binary file java.go matches
>> Binary file emacs.go matches
>> text-editors.scm: (zero? (system* "chmod" "-R" "u+w"
>> "../test")))))))
>> nvi.scm: (chmod "configure" #o0755)))))
>> disk.scm: (chmod exe #o555)
>> Binary file backup.go matches
>> Binary file music.go matches
>> audio.scm: (chmod file #o644))
>> music.scm: (chmod (string-append out "/share/Aria/Documentation")
>> #o555)
>> music.scm: (chmod (string-append out "/share/Aria/score") #o555)
>> music.scm: (chmod (string-append bin "/tuxguitar") #o555)
>> music.scm: (for-each (cut chmod <> #o644)
>> Binary file zile.go matches
>> emacs.scm: (chmod exwm-executable #o555)
>> emacs.scm: (chmod exwm-executable #o555)
>> perl.scm: (chmod dso #o755))
>> perl.scm: (chmod "blib/arch/auto/Digest/MD5/MD5.so" #o755))))))
>> Binary file bootstrap.go matches
>> tls.scm: (chmod file #o644))
>> certs.scm: (chmod "certdata2pem.py" #o555)
>> java.scm: (chmod target #o755)
>> java.scm: (chmod (string-append bin tool) #o755))
>> java.scm: (chmod target #o755)
>> java.scm: (string-append line "; chmod -R u+w $(BOOT_DIR)")))
>> java.scm: (zero? (system* "chmod" "-R" "u+w" "openjdk"))
>> java.scm: (("/bin/chmod") (which "chmod")))
>> java.scm: ;; The cacerts files we are going to overwrite are
>> chmod'ed as
>> java.scm: (chmod (string-append (assoc-ref outputs "out")
>> java.scm: (chmod (string-append (assoc-ref outputs "jdk")
>> java.scm: (chmod (string-append bin "/antlr3") #o755))))
>> java.scm: (chmod (string-append bin "/antlr3") #o755)
>> java.scm: (chmod (string-append bin "/antlr3") #o755))))
>> java.scm: (chmod (string-append bin "/mvel2") #o755))
>> backup.scm: (chmod target-file-location #o755)
>> Binary file c.go matches
>> linux.scm: (chmod ".config" #o666))
>> linux.scm: (chmod file #o666))
>> linux.scm: (chmod "e2fsck" #o555))))))
>> linux.scm: (chmod "zerofree" #o555)
>> linux.scm: (chmod file #o755))
>> linux.scm: (chmod target #o555)))))
>> Binary file kodi.go matches
>> Binary file monitoring.go matches
>> Binary file virtualization.go matches
>> Binary file audio.go matches
>> Binary file certs.go matches
>> fpga.scm: (zero? (system* "chmod" "+w" "abc/abc")))))
>> Binary file tls.go matches
>> package-management.scm: (chmod po #o666))
>> Binary file text-editors.go matches
>> Binary file commencement.go matches
>> uml.scm: (chmod wrapper #o555))
>> Binary file disk.go matches
>> Binary file graphics.go matches
>> graphviz.scm: (chmod "test/boolean/test.sh" #o777))
>> web.scm: (chmod "woof" #o555))
>> Binary file netpbm.go matches
>> bootloaders.scm: (zero? (system* "chmod" "a+w"
>> "utils/isohybrid.in"))))
>> Binary file uml.go matches
>> bootstrap.scm: (chmod bin-dir #o755)
>> bootstrap.scm: (chmod guile #o555)
>> bootstrap.scm: (chmod bin-dir #o555))))))
>> bootstrap.scm: (chmod "bin" #o755)
>> bootstrap.scm: (chmod "bin" #o555)
>> bootstrap.scm: (chmod "lib" #o755)
>> bootstrap.scm: (chmod "." #o755)
>> bootstrap.scm: (chmod "gcc" #o555))))))
>> engineering.scm: (chmod (string-append out "/bin/" script) #o555)))
>> Binary file conkeror.go matches
>> Binary file bootstrap/x86_64-linux/mkdir matches
>> Binary file bootstrap/armhf-linux/mkdir matches
>> Binary file bootstrap/i686-linux/mkdir matches
>> Binary file bootstrap/mips64el-linux/mkdir matches
>> Binary file bootstrap/aarch64-linux/mkdir matches
>> Binary file readline.go matches
>> Binary file games.go matches
>> Binary file irc.go matches
>> readline.scm: (for-each (lambda (f) (chmod f #o755))
>> readline.scm: (for-each (lambda (f) (chmod f #o644))
>> wget.scm: (chmod file #o755))
>> games.scm: (chmod (string-append bin "/roguebox-adventures") #o555)
>> games.scm: (chmod port #o777)))))
>> games.scm: (chmod "redeclipse_linux" #o555)
>> games.scm: (chmod "redeclipse_server_linux" #o555)))
>> games.scm: (chmod higan #o555)
>> games.scm: (chmod prog #o755)
>> games.scm: (chmod wrapper #o555)
>> zile.scm: (chmod file #o755))
>> lisp.scm: (chmod wrapper #o755))
>> lisp.scm: (chmod script #o755)
>> Binary file base.go matches
>> Binary file cups.go matches
>> bioinformatics.scm: (chmod wrapper #o555)))))))
>> bioinformatics.scm: (chmod (string-append target "GESS.py") #o555)
>> bioinformatics.scm: (chmod "_pytadbit/_version.py" #o664)
>> bioinformatics.scm: (chmod "README.rst" #o664)
>> autotools.scm: (chmod (string-append bin "/autoconf") #o555)))))))
>> Binary file nvi.go matches
>> monitoring.scm: (("chmod g\\+s.*" all)
>> Binary file web.go matches
>> version-control.scm: (chmod new #o555))
>> admin.scm: (chmod "bind/bind.tar.gz" #o644)
>> Binary file linux.go matches
>> graphics.scm: (chmod "brdf" #o555))))))))
>> Binary file bootloaders.go matches
>> Binary file version-control.go matches
>> base.scm: (chmod ld #o555)
>> Binary file mail.go matches
>> netpbm.scm: (chmod "config.mk" #o664)
>> simulation.scm: ;; 'chmod' step is needed before running the
>> applications. For
>> simulation.scm: ;; $ chmod -R u+w .
>> Binary file lisp.go matches
>> maths.scm: (chmod "src/maxima" #o555)
>> maths.scm: (chmod wrapper #o555))))
>> Binary file engineering.go matches
>>
>>
>> Cheers,
>> Alex
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Using ``chmod'' in build phases
2018-01-04 8:33 ` Mark H Weaver
@ 2018-01-04 18:06 ` Alex Vong
0 siblings, 0 replies; 5+ messages in thread
From: Alex Vong @ 2018-01-04 18:06 UTC (permalink / raw)
To: Mark H Weaver; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 1251 bytes --]
Mark H Weaver <mhw@netris.org> writes:
> Alex Vong <alexvong1995@gmail.com> writes:
>
>> Running ``LC_ALL=C grep -r chmod'' on ``guix/gnu/packages'', gives the
>> following result. As you can see, various modes are used, such as 644,
>> 755, 555, 666, 777, 664. Do we have a guide on which mode should be
>> prefered? I personally always used 644 for non-executable files, and 755
>> for directories and executable files. Any idea?
>
> I agree that it would be good to have some guidelines for this, and for
> most purposes, I agree that 644 and 755 are good choices. In some
> cases, it might make more sense to use 444 or 555. It's probably
> inadvisable to use 666 or 777.
>
> However, it should be noted that when files are added to the store,
> their modes are canonicalized to one of only two possible values: 444
> and 555. Directories in the store always have mode 555. In the NAR
> format, there's only one permission bit (executable) stored per file,
> and none for directories. For details, see section 5.2.1 (File system
> objects) in the Eelco Dolstra's thesis "The Purely Functional Software
> Deployment Model".
>
I see, so this is merely a stylish issue. It will not affected how the
files are stored in the store.
> Mark
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-01-04 18:07 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-02 14:36 Using ``chmod'' in build phases Alex Vong
2018-01-02 16:28 ` ng0
2018-01-04 13:05 ` Alex Vong
2018-01-04 8:33 ` Mark H Weaver
2018-01-04 18:06 ` Alex Vong
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).