From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alex Vong Subject: Re: Using ``chmod'' in build phases Date: Thu, 04 Jan 2018 21:05:23 +0800 Message-ID: <87d12p3hbg.fsf@gmail.com> References: <87h8s42uqs.fsf@gmail.com> <20180102162802.5kgpmhboqewhptjx@abyayala> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:35729) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eX5DR-0000Pe-9o for guix-devel@gnu.org; Thu, 04 Jan 2018 08:05:54 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eX5DJ-0007iz-Oy for guix-devel@gnu.org; Thu, 04 Jan 2018 08:05:49 -0500 Received: from mail-pl0-x22b.google.com ([2607:f8b0:400e:c01::22b]:41867) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eX5DJ-0007gP-2K for guix-devel@gnu.org; Thu, 04 Jan 2018 08:05:41 -0500 Received: by mail-pl0-x22b.google.com with SMTP id g2so994709pli.8 for ; Thu, 04 Jan 2018 05:05:40 -0800 (PST) In-Reply-To: <20180102162802.5kgpmhboqewhptjx@abyayala> (ng0@n0.is's message of "Tue, 2 Jan 2018 16:28:02 +0000") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable ng0 writes: > Alex Vong transcribed 12K bytes: >> Hello, >>=20 >> Running ``LC_ALL=3DC grep -r chmod'' on ``guix/gnu/packages'', gives the >> following result. As you can see, various modes are used, such as 644, >> 755, 555, 666, 777, 664. > >> Do we have a guide on which mode should be >> prefered? > > As far as I know we don't have such a guide. If someone would write one, > it should go into the Contributing chapter imo. > Agree, we should add it to the manual after we have a consensus. >> I personally always used 644 for non-executable files, and 755 >> for directories and executable files. Any idea? >>=20 >>=20 >> networking.scm: (chmod "." #o755) >> commencement.scm: (chmod program #o555)) >> Binary file admin.go matches >> Binary file fpga.go matches >> mail.scm: (chmod "mb2md" #o555)) >> Binary file ssh.go matches >> Binary file package-management.go matches >> irc.scm: (("/bin/chmod") "chmod") >> irc.scm: ;; Furthermore bsdinstalls has a reference to /etc/chmod >> here, which >> irc.scm: (("/bin/chmod") "chmod") >> patches/libbase-use-own-logging.patch: // We do an explicit fchmod >> here because we assume that the caller really >> patches/libbase-use-own-logging.patch: if (fchmod(fd, mode) =3D=3D -1)= { >> patches/libbase-use-own-logging.patch:- >> ALOGE("android::WriteStringToFile fchmod failed: %s", >> strerror(errno)); >> patches/libbase-use-own-logging.patch:+ PLOG(ERROR) << >> "android::WriteStringToFile fchmod failed"; >> patches/findutils-localstatedir.patch: chmod +x $@ >> patches/nss-pkgconfig.patch:+ chmod 0644 nss.pc >> patches/nss-pkgconfig.patch:+ chmod 0755 nss-config >> patches/4store-fix-buildsystem.patch:! chmod 1777 >> $(DESTDIR)@FS_STORE_ROOT@ >> patches/cdrtools-3.01-mkisofs-isoinfo.patch:- fchmodat(AT_FDCWD, >> fname, fstat_buf.st_mode, AT_SYMLINK_NOFOLLOW); >> patches/cdrtools-3.01-mkisofs-isoinfo.patch:+ fchmodat(AT_FDCWD, >> fname, fstat_buf.st_mode, AT_SYMLINK_NOFOLLOW); >> patches/tcsh-fix-autotest.patch: chmod a+x args.sh >> patches/tcsh-fix-autotest.patch:-chmod a+x script.sh subdir/script.sh >> patches/tcsh-fix-autotest.patch:+#chmod a+x script.sh subdir/script.sh >> patches/perl-file-path-CVE-2017-6512.patch:https://anonscm.debian.org/cg= it/perl/perl.git/diff/debian/patches/fixes/file_path_chmod_race.diff?id=3De= 7b50f8fb6413f8ddfbbfda2d531615fb029e2d3 >> patches/perl-file-path-CVE-2017-6512.patch:Subject: Prevent >> directory chmod race attack. >> patches/perl-file-path-CVE-2017-6512.patch:CVE-2017-6512 is a race >> condition attack where the chmod() of directories >> patches/perl-file-path-CVE-2017-6512.patch:the directory-permission >> loosening logic to systems where fchmod() is >> patches/perl-file-path-CVE-2017-6512.patch:Patch-Name: >> fixes/file_path_chmod_race.diff >> patches/perl-file-path-CVE-2017-6512.patch:- or chmod( $nperm, $root >> ) >> patches/perl-file-path-CVE-2017-6512.patch:+ # This uses fchmod to >> avoid traversing outside of the proper >> patches/perl-file-path-CVE-2017-6512.patch:+ or eval { chmod( >> $nperm, $root_fh ) } >> patches/perl-file-path-CVE-2017-6512.patch:+my $fchmod_supported =3D 0; >> patches/perl-file-path-CVE-2017-6512.patch:+ eval { >> $fchmod_supported =3D chmod( $perm, $fh); }; >> patches/perl-file-path-CVE-2017-6512.patch:+ skip "fchmod of >> directories not supported on this platform", 3 unless >> $fchmod_supported; >> patches/perl-file-path-CVE-2017-6512.patch: # >> http://perldoc.perl.org/perlport.html#chmod >> patches/perl-file-path-CVE-2017-6512.patch: skip "Windows chmod test >> skipped", $skip_count >> patches/perl-file-path-CVE-2017-6512.patch:+ skip "fchmod() on >> directories is not supported on this platform", $skip_count >> patches/perl-file-path-CVE-2017-6512.patch:+ unless $fchmod_suppo= rted; >> patches/perl-file-path-CVE-2017-6512.patch:- $dir =3D >> catdir($tmp_base, 'chmod_test'); >> patches/perl-file-path-CVE-2017-6512.patch:+ $dir =3D >> catdir($tmp_base, sprintf("chmod_test%04o", $input)); >> patches/portmidi-modular-build.patch:- COMMAND chmod +x >> pmdefaults/pmdefaults >> patches/byobu-writable-status.patch:+ chmod +w "$BYOBU_CONFIG_DIR/$f" >> patches/proot-test-fhs.patch:@@ -34,7 +34,7 @@ chmod +x ${ROOTFS}/${TMP_= ABS} >> patches/rsync-CVE-2017-17434-pt2.patch: extern struct >> chmod_mode_struct *daemon_chmod_modes; >> Binary file tex.go matches >> Binary file networking.go matches >> virtualization.scm: (chmod "samba-wrapper" #o755) >> Binary file graphviz.go matches >> tex.scm: "batchmode;= " >> tex.scm: "batchmode; " >> tex.scm: "batchmode;= " >> tex.scm: (and (zero? (system* "luatex" "-ini" >> "-interaction=3Dbatchmode" >> tex.scm: (zero? (system* "tex" "-ini" "-interaction=3Dbatchmode" >> tex.scm: (zero? (system* "latex" "-ini" "-interaction=3Dbatchmode" >> tex.scm: (zero? (system* format "-ini" "-interaction=3Dbatchmode" >> tex.scm: (zero? (system* "luatex" "-ini" "-interaction=3Dbatchmode" >> tex.scm: "batchmode;= " >> tex.scm: "batchmode;= " >> Binary file autotools.go matches >> ssh.scm: (chmod (string-append (assoc-ref outputs "out") >> Binary file python.go matches >> Binary file maths.go matches >> cups.scm: (for-each (lambda (file) (chmod file #o644)) >> cups.scm: (for-each (lambda (file) (chmod file #o644)) >> axoloti.scm: (chmod target #o555)) >> python.scm: (chmod file #o755)) >> python.scm: (chmod new #o755) >> Binary file wget.go matches >> Binary file bioinformatics.go matches >> kodi.scm: (("autoreconf -vif") "chmod -R u+w .")) >> Binary file perl.go matches >> c.scm: (chmod port #o777))) >> Binary file axoloti.go matches >> Binary file ocaml.go matches >> ocaml.scm: (chmod "src/strings.ml" #o600) >> conkeror.scm: (chmod launcher #o555))))))) >> Binary file java.go matches >> Binary file emacs.go matches >> text-editors.scm: (zero? (system* "chmod" "-R" "u+w" >> "../test"))))))) >> nvi.scm: (chmod "configure" #o0755))))) >> disk.scm: (chmod exe #o555) >> Binary file backup.go matches >> Binary file music.go matches >> audio.scm: (chmod file #o644)) >> music.scm: (chmod (string-append out "/share/Aria/Documentation") >> #o555) >> music.scm: (chmod (string-append out "/share/Aria/score") #o555) >> music.scm: (chmod (string-append bin "/tuxguitar") #o555) >> music.scm: (for-each (cut chmod <> #o644) >> Binary file zile.go matches >> emacs.scm: (chmod exwm-executable #o555) >> emacs.scm: (chmod exwm-executable #o555) >> perl.scm: (chmod dso #o755)) >> perl.scm: (chmod "blib/arch/auto/Digest/MD5/MD5.so" #o755)))= ))) >> Binary file bootstrap.go matches >> tls.scm: (chmod file #o644)) >> certs.scm: (chmod "certdata2pem.py" #o555) >> java.scm: (chmod target #o755) >> java.scm: (chmod (string-append bin tool) #o755)) >> java.scm: (chmod target #o755) >> java.scm: (string-append line "; chmod -R u+w $(BOOT_DIR)"))) >> java.scm: (zero? (system* "chmod" "-R" "u+w" "openjdk= ")) >> java.scm: (("/bin/chmod") (which "chmod"))) >> java.scm: ;; The cacerts files we are going to overwrite are >> chmod'ed as >> java.scm: (chmod (string-append (assoc-ref outputs "out") >> java.scm: (chmod (string-append (assoc-ref outputs "jdk") >> java.scm: (chmod (string-append bin "/antlr3") #o755)))) >> java.scm: (chmod (string-append bin "/antlr3") #o755) >> java.scm: (chmod (string-append bin "/antlr3") #o755)))) >> java.scm: (chmod (string-append bin "/mvel2") #o755)) >> backup.scm: (chmod target-file-location #o755) >> Binary file c.go matches >> linux.scm: (chmod ".config" #o666)) >> linux.scm: (chmod file #o666)) >> linux.scm: (chmod "e2fsck" #o555)))))) >> linux.scm: (chmod "zerofree" #o555) >> linux.scm: (chmod file #o755)) >> linux.scm: (chmod target #o555))))) >> Binary file kodi.go matches >> Binary file monitoring.go matches >> Binary file virtualization.go matches >> Binary file audio.go matches >> Binary file certs.go matches >> fpga.scm: (zero? (system* "chmod" "+w" "abc/abc"))))) >> Binary file tls.go matches >> package-management.scm: (chmod po #o6= 66)) >> Binary file text-editors.go matches >> Binary file commencement.go matches >> uml.scm: (chmod wrapper #o555)) >> Binary file disk.go matches >> Binary file graphics.go matches >> graphviz.scm: (chmod "test/boolean/test.sh" #o777)) >> web.scm: (chmod "woof" #o555)) >> Binary file netpbm.go matches >> bootloaders.scm: (zero? (system* "chmod" "a+w" >> "utils/isohybrid.in")))) >> Binary file uml.go matches >> bootstrap.scm: (chmod bin-dir #o755) >> bootstrap.scm: (chmod guile #o555) >> bootstrap.scm: (chmod bin-dir #o555)))))) >> bootstrap.scm: (chmod "bin" #o755) >> bootstrap.scm: (chmod "bin" #o555) >> bootstrap.scm: (chmod "lib" #o755) >> bootstrap.scm: (chmod "." #o755) >> bootstrap.scm: (chmod "gcc" #o555)))))) >> engineering.scm: (chmod (string-append out "/bin/" script) #o555))) >> Binary file conkeror.go matches >> Binary file bootstrap/x86_64-linux/mkdir matches >> Binary file bootstrap/armhf-linux/mkdir matches >> Binary file bootstrap/i686-linux/mkdir matches >> Binary file bootstrap/mips64el-linux/mkdir matches >> Binary file bootstrap/aarch64-linux/mkdir matches >> Binary file readline.go matches >> Binary file games.go matches >> Binary file irc.go matches >> readline.scm: (for-each (lambda (f) (chmod f #o755)) >> readline.scm: (for-each (lambda (f) (chmod f #o644)) >> wget.scm: (chmod file #o755)) >> games.scm: (chmod (string-append bin "/roguebox-adventures") #o555) >> games.scm: (chmod port #o777))))) >> games.scm: (chmod "redeclipse_linux" #o555) >> games.scm: (chmod "redeclipse_server_linux" #o555))) >> games.scm: (chmod higan #o555) >> games.scm: (chmod prog #o755) >> games.scm: (chmod wrapper #o555) >> zile.scm: (chmod file #o755)) >> lisp.scm: (chmod wrapper #o755)) >> lisp.scm: (chmod script #o755) >> Binary file base.go matches >> Binary file cups.go matches >> bioinformatics.scm: (chmod wrapper #o555))))))) >> bioinformatics.scm: (chmod (string-append target "GESS.py") #o555) >> bioinformatics.scm: (chmod "_pytadbit/_version.py" #o664) >> bioinformatics.scm: (chmod "README.rst" #o664) >> autotools.scm: (chmod (string-append bin "/autoconf") #o555)))= )))) >> Binary file nvi.go matches >> monitoring.scm: (("chmod g\\+s.*" all) >> Binary file web.go matches >> version-control.scm: (chmod new #o555)) >> admin.scm: (chmod "bind/bind.tar.gz" #o644) >> Binary file linux.go matches >> graphics.scm: (chmod "brdf" #o555)))))))) >> Binary file bootloaders.go matches >> Binary file version-control.go matches >> base.scm: (chmod ld #o555) >> Binary file mail.go matches >> netpbm.scm: (chmod "config.mk" #o664) >> simulation.scm: ;; 'chmod' step is needed before running the >> applications. For >> simulation.scm: ;; $ chmod -R u+w . >> Binary file lisp.go matches >> maths.scm: (chmod "src/maxima" #o555) >> maths.scm: (chmod wrapper #o555)))) >> Binary file engineering.go matches >>=20 >>=20 >> Cheers, >> Alex --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEdZDkzSn0Cycogr9IxYq4eRf1Ea4FAlpOJpQACgkQxYq4eRf1 Ea4XGhAAp2UidGUtdM9zE2t/v8s2Za1EGn5GTOO24jAbra+AKUqqLdGe5HBx2YvS Esyqh/mt6dMG8q5ODCED2FRMF9hSjKS7yrXwPbEpC0eXgS8h9oaXUzY6aUvVqF1V ehK/e6WzhCfnJoXRmPYYwinZad4KaeO5TAh6tLIfIWi7Emmb/lOvobMQ6+NjC35k AiTAjs85aIqhHDj2nnbu2rtLHcXd1YLohK7KxiQ3WVAqQfPSuRx0NiIPSWxkGJ8z SLuCR2SSVKjaf0Ojf1tx345LKfCkzF3nhpscFZG1FbK1kRnBeXUeQo3plRxO90rY tOZ/cBkXDKTr3ROJ7Wh8EOFpsDFv+GtVn4FjVRqrhPC+fL66GYUVgCCwRnCfMSqP rHZ5eSyffPwmwML1PK5M5CwKHRytRjfi5P6vvKF59uK3Y15Adx4ikeT0LgkMBnCc EOosdRwIvKi0U6ql42aqwmvpqdlBAp+iDwR68vwzz70DiF3HUy2pE6/6/7GskZpu ecc3r/1R7gHkM/HrqX/UznvvlHp5WYk+/+/2W1G03iM6pmd4uClsJiIqTv3t1duS umqqWvT5FEQ0W1rtQVYEYxLZK7ZIuYAPIJTdXPT5LYSgvuXDmMPHUPH97UyRlJHv 4nAD1MybleXvm/QVGeMjDlsyy/StvxMZyWb6oJMWtH8lykNFuKA= =9XSH -----END PGP SIGNATURE----- --=-=-=--