From: ng0 <ng0@n0.is>
To: Alex Vong <alexvong1995@gmail.com>
Cc: guix-devel@gnu.org
Subject: Re: Using ``chmod'' in build phases
Date: Tue, 2 Jan 2018 16:28:02 +0000 [thread overview]
Message-ID: <20180102162802.5kgpmhboqewhptjx@abyayala> (raw)
In-Reply-To: <87h8s42uqs.fsf@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 12708 bytes --]
Alex Vong transcribed 12K bytes:
> Hello,
>
> Running ``LC_ALL=C grep -r chmod'' on ``guix/gnu/packages'', gives the
> following result. As you can see, various modes are used, such as 644,
> 755, 555, 666, 777, 664.
> Do we have a guide on which mode should be
> prefered?
As far as I know we don't have such a guide. If someone would write one,
it should go into the Contributing chapter imo.
> I personally always used 644 for non-executable files, and 755
> for directories and executable files. Any idea?
>
>
> networking.scm: (chmod "." #o755)
> commencement.scm: (chmod program #o555))
> Binary file admin.go matches
> Binary file fpga.go matches
> mail.scm: (chmod "mb2md" #o555))
> Binary file ssh.go matches
> Binary file package-management.go matches
> irc.scm: (("/bin/chmod") "chmod")
> irc.scm: ;; Furthermore bsdinstalls has a reference to /etc/chmod here, which
> irc.scm: (("/bin/chmod") "chmod")
> patches/libbase-use-own-logging.patch: // We do an explicit fchmod here because we assume that the caller really
> patches/libbase-use-own-logging.patch: if (fchmod(fd, mode) == -1) {
> patches/libbase-use-own-logging.patch:- ALOGE("android::WriteStringToFile fchmod failed: %s", strerror(errno));
> patches/libbase-use-own-logging.patch:+ PLOG(ERROR) << "android::WriteStringToFile fchmod failed";
> patches/findutils-localstatedir.patch: chmod +x $@
> patches/nss-pkgconfig.patch:+ chmod 0644 nss.pc
> patches/nss-pkgconfig.patch:+ chmod 0755 nss-config
> patches/4store-fix-buildsystem.patch:! chmod 1777 $(DESTDIR)@FS_STORE_ROOT@
> patches/cdrtools-3.01-mkisofs-isoinfo.patch:- fchmodat(AT_FDCWD, fname, fstat_buf.st_mode, AT_SYMLINK_NOFOLLOW);
> patches/cdrtools-3.01-mkisofs-isoinfo.patch:+ fchmodat(AT_FDCWD, fname, fstat_buf.st_mode, AT_SYMLINK_NOFOLLOW);
> patches/tcsh-fix-autotest.patch: chmod a+x args.sh
> patches/tcsh-fix-autotest.patch:-chmod a+x script.sh subdir/script.sh
> patches/tcsh-fix-autotest.patch:+#chmod a+x script.sh subdir/script.sh
> patches/perl-file-path-CVE-2017-6512.patch:https://anonscm.debian.org/cgit/perl/perl.git/diff/debian/patches/fixes/file_path_chmod_race.diff?id=e7b50f8fb6413f8ddfbbfda2d531615fb029e2d3
> patches/perl-file-path-CVE-2017-6512.patch:Subject: Prevent directory chmod race attack.
> patches/perl-file-path-CVE-2017-6512.patch:CVE-2017-6512 is a race condition attack where the chmod() of directories
> patches/perl-file-path-CVE-2017-6512.patch:the directory-permission loosening logic to systems where fchmod() is
> patches/perl-file-path-CVE-2017-6512.patch:Patch-Name: fixes/file_path_chmod_race.diff
> patches/perl-file-path-CVE-2017-6512.patch:- or chmod( $nperm, $root )
> patches/perl-file-path-CVE-2017-6512.patch:+ # This uses fchmod to avoid traversing outside of the proper
> patches/perl-file-path-CVE-2017-6512.patch:+ or eval { chmod( $nperm, $root_fh ) }
> patches/perl-file-path-CVE-2017-6512.patch:+my $fchmod_supported = 0;
> patches/perl-file-path-CVE-2017-6512.patch:+ eval { $fchmod_supported = chmod( $perm, $fh); };
> patches/perl-file-path-CVE-2017-6512.patch:+ skip "fchmod of directories not supported on this platform", 3 unless $fchmod_supported;
> patches/perl-file-path-CVE-2017-6512.patch: # http://perldoc.perl.org/perlport.html#chmod
> patches/perl-file-path-CVE-2017-6512.patch: skip "Windows chmod test skipped", $skip_count
> patches/perl-file-path-CVE-2017-6512.patch:+ skip "fchmod() on directories is not supported on this platform", $skip_count
> patches/perl-file-path-CVE-2017-6512.patch:+ unless $fchmod_supported;
> patches/perl-file-path-CVE-2017-6512.patch:- $dir = catdir($tmp_base, 'chmod_test');
> patches/perl-file-path-CVE-2017-6512.patch:+ $dir = catdir($tmp_base, sprintf("chmod_test%04o", $input));
> patches/portmidi-modular-build.patch:- COMMAND chmod +x pmdefaults/pmdefaults
> patches/byobu-writable-status.patch:+ chmod +w "$BYOBU_CONFIG_DIR/$f"
> patches/proot-test-fhs.patch:@@ -34,7 +34,7 @@ chmod +x ${ROOTFS}/${TMP_ABS}
> patches/rsync-CVE-2017-17434-pt2.patch: extern struct chmod_mode_struct *daemon_chmod_modes;
> Binary file tex.go matches
> Binary file networking.go matches
> virtualization.scm: (chmod "samba-wrapper" #o755)
> Binary file graphviz.go matches
> tex.scm: "batchmode; "
> tex.scm: "batchmode; "
> tex.scm: "batchmode; "
> tex.scm: (and (zero? (system* "luatex" "-ini" "-interaction=batchmode"
> tex.scm: (zero? (system* "tex" "-ini" "-interaction=batchmode"
> tex.scm: (zero? (system* "latex" "-ini" "-interaction=batchmode"
> tex.scm: (zero? (system* format "-ini" "-interaction=batchmode"
> tex.scm: (zero? (system* "luatex" "-ini" "-interaction=batchmode"
> tex.scm: "batchmode; "
> tex.scm: "batchmode; "
> Binary file autotools.go matches
> ssh.scm: (chmod (string-append (assoc-ref outputs "out")
> Binary file python.go matches
> Binary file maths.go matches
> cups.scm: (for-each (lambda (file) (chmod file #o644))
> cups.scm: (for-each (lambda (file) (chmod file #o644))
> axoloti.scm: (chmod target #o555))
> python.scm: (chmod file #o755))
> python.scm: (chmod new #o755)
> Binary file wget.go matches
> Binary file bioinformatics.go matches
> kodi.scm: (("autoreconf -vif") "chmod -R u+w ."))
> Binary file perl.go matches
> c.scm: (chmod port #o777)))
> Binary file axoloti.go matches
> Binary file ocaml.go matches
> ocaml.scm: (chmod "src/strings.ml" #o600)
> conkeror.scm: (chmod launcher #o555)))))))
> Binary file java.go matches
> Binary file emacs.go matches
> text-editors.scm: (zero? (system* "chmod" "-R" "u+w" "../test")))))))
> nvi.scm: (chmod "configure" #o0755)))))
> disk.scm: (chmod exe #o555)
> Binary file backup.go matches
> Binary file music.go matches
> audio.scm: (chmod file #o644))
> music.scm: (chmod (string-append out "/share/Aria/Documentation") #o555)
> music.scm: (chmod (string-append out "/share/Aria/score") #o555)
> music.scm: (chmod (string-append bin "/tuxguitar") #o555)
> music.scm: (for-each (cut chmod <> #o644)
> Binary file zile.go matches
> emacs.scm: (chmod exwm-executable #o555)
> emacs.scm: (chmod exwm-executable #o555)
> perl.scm: (chmod dso #o755))
> perl.scm: (chmod "blib/arch/auto/Digest/MD5/MD5.so" #o755))))))
> Binary file bootstrap.go matches
> tls.scm: (chmod file #o644))
> certs.scm: (chmod "certdata2pem.py" #o555)
> java.scm: (chmod target #o755)
> java.scm: (chmod (string-append bin tool) #o755))
> java.scm: (chmod target #o755)
> java.scm: (string-append line "; chmod -R u+w $(BOOT_DIR)")))
> java.scm: (zero? (system* "chmod" "-R" "u+w" "openjdk"))
> java.scm: (("/bin/chmod") (which "chmod")))
> java.scm: ;; The cacerts files we are going to overwrite are chmod'ed as
> java.scm: (chmod (string-append (assoc-ref outputs "out")
> java.scm: (chmod (string-append (assoc-ref outputs "jdk")
> java.scm: (chmod (string-append bin "/antlr3") #o755))))
> java.scm: (chmod (string-append bin "/antlr3") #o755)
> java.scm: (chmod (string-append bin "/antlr3") #o755))))
> java.scm: (chmod (string-append bin "/mvel2") #o755))
> backup.scm: (chmod target-file-location #o755)
> Binary file c.go matches
> linux.scm: (chmod ".config" #o666))
> linux.scm: (chmod file #o666))
> linux.scm: (chmod "e2fsck" #o555))))))
> linux.scm: (chmod "zerofree" #o555)
> linux.scm: (chmod file #o755))
> linux.scm: (chmod target #o555)))))
> Binary file kodi.go matches
> Binary file monitoring.go matches
> Binary file virtualization.go matches
> Binary file audio.go matches
> Binary file certs.go matches
> fpga.scm: (zero? (system* "chmod" "+w" "abc/abc")))))
> Binary file tls.go matches
> package-management.scm: (chmod po #o666))
> Binary file text-editors.go matches
> Binary file commencement.go matches
> uml.scm: (chmod wrapper #o555))
> Binary file disk.go matches
> Binary file graphics.go matches
> graphviz.scm: (chmod "test/boolean/test.sh" #o777))
> web.scm: (chmod "woof" #o555))
> Binary file netpbm.go matches
> bootloaders.scm: (zero? (system* "chmod" "a+w" "utils/isohybrid.in"))))
> Binary file uml.go matches
> bootstrap.scm: (chmod bin-dir #o755)
> bootstrap.scm: (chmod guile #o555)
> bootstrap.scm: (chmod bin-dir #o555))))))
> bootstrap.scm: (chmod "bin" #o755)
> bootstrap.scm: (chmod "bin" #o555)
> bootstrap.scm: (chmod "lib" #o755)
> bootstrap.scm: (chmod "." #o755)
> bootstrap.scm: (chmod "gcc" #o555))))))
> engineering.scm: (chmod (string-append out "/bin/" script) #o555)))
> Binary file conkeror.go matches
> Binary file bootstrap/x86_64-linux/mkdir matches
> Binary file bootstrap/armhf-linux/mkdir matches
> Binary file bootstrap/i686-linux/mkdir matches
> Binary file bootstrap/mips64el-linux/mkdir matches
> Binary file bootstrap/aarch64-linux/mkdir matches
> Binary file readline.go matches
> Binary file games.go matches
> Binary file irc.go matches
> readline.scm: (for-each (lambda (f) (chmod f #o755))
> readline.scm: (for-each (lambda (f) (chmod f #o644))
> wget.scm: (chmod file #o755))
> games.scm: (chmod (string-append bin "/roguebox-adventures") #o555)
> games.scm: (chmod port #o777)))))
> games.scm: (chmod "redeclipse_linux" #o555)
> games.scm: (chmod "redeclipse_server_linux" #o555)))
> games.scm: (chmod higan #o555)
> games.scm: (chmod prog #o755)
> games.scm: (chmod wrapper #o555)
> zile.scm: (chmod file #o755))
> lisp.scm: (chmod wrapper #o755))
> lisp.scm: (chmod script #o755)
> Binary file base.go matches
> Binary file cups.go matches
> bioinformatics.scm: (chmod wrapper #o555)))))))
> bioinformatics.scm: (chmod (string-append target "GESS.py") #o555)
> bioinformatics.scm: (chmod "_pytadbit/_version.py" #o664)
> bioinformatics.scm: (chmod "README.rst" #o664)
> autotools.scm: (chmod (string-append bin "/autoconf") #o555)))))))
> Binary file nvi.go matches
> monitoring.scm: (("chmod g\\+s.*" all)
> Binary file web.go matches
> version-control.scm: (chmod new #o555))
> admin.scm: (chmod "bind/bind.tar.gz" #o644)
> Binary file linux.go matches
> graphics.scm: (chmod "brdf" #o555))))))))
> Binary file bootloaders.go matches
> Binary file version-control.go matches
> base.scm: (chmod ld #o555)
> Binary file mail.go matches
> netpbm.scm: (chmod "config.mk" #o664)
> simulation.scm: ;; 'chmod' step is needed before running the applications. For
> simulation.scm: ;; $ chmod -R u+w .
> Binary file lisp.go matches
> maths.scm: (chmod "src/maxima" #o555)
> maths.scm: (chmod wrapper #o555))))
> Binary file engineering.go matches
>
>
> Cheers,
> Alex
--
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys
WWW: https://n0.is
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2018-01-02 16:28 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-02 14:36 Using ``chmod'' in build phases Alex Vong
2018-01-02 16:28 ` ng0 [this message]
2018-01-04 13:05 ` Alex Vong
2018-01-04 8:33 ` Mark H Weaver
2018-01-04 18:06 ` Alex Vong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180102162802.5kgpmhboqewhptjx@abyayala \
--to=ng0@n0.is \
--cc=alexvong1995@gmail.com \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.