From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alex Vong Subject: Using ``chmod'' in build phases Date: Tue, 02 Jan 2018 22:36:11 +0800 Message-ID: <87h8s42uqs.fsf@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:33934) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eWNg1-0007b9-5q for guix-devel@gnu.org; Tue, 02 Jan 2018 09:36:27 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eWNfx-00029p-R9 for guix-devel@gnu.org; Tue, 02 Jan 2018 09:36:25 -0500 Received: from mail-pf0-x233.google.com ([2607:f8b0:400e:c00::233]:36586) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eWNfx-00029S-IZ for guix-devel@gnu.org; Tue, 02 Jan 2018 09:36:21 -0500 Received: by mail-pf0-x233.google.com with SMTP id p84so25724542pfd.3 for ; Tue, 02 Jan 2018 06:36:21 -0800 (PST) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org --=-=-= Content-Type: text/plain Hello, Running ``LC_ALL=C grep -r chmod'' on ``guix/gnu/packages'', gives the following result. As you can see, various modes are used, such as 644, 755, 555, 666, 777, 664. Do we have a guide on which mode should be prefered? I personally always used 644 for non-executable files, and 755 for directories and executable files. Any idea? networking.scm: (chmod "." #o755) commencement.scm: (chmod program #o555)) Binary file admin.go matches Binary file fpga.go matches mail.scm: (chmod "mb2md" #o555)) Binary file ssh.go matches Binary file package-management.go matches irc.scm: (("/bin/chmod") "chmod") irc.scm: ;; Furthermore bsdinstalls has a reference to /etc/chmod here, which irc.scm: (("/bin/chmod") "chmod") patches/libbase-use-own-logging.patch: // We do an explicit fchmod here because we assume that the caller really patches/libbase-use-own-logging.patch: if (fchmod(fd, mode) == -1) { patches/libbase-use-own-logging.patch:- ALOGE("android::WriteStringToFile fchmod failed: %s", strerror(errno)); patches/libbase-use-own-logging.patch:+ PLOG(ERROR) << "android::WriteStringToFile fchmod failed"; patches/findutils-localstatedir.patch: chmod +x $@ patches/nss-pkgconfig.patch:+ chmod 0644 nss.pc patches/nss-pkgconfig.patch:+ chmod 0755 nss-config patches/4store-fix-buildsystem.patch:! chmod 1777 $(DESTDIR)@FS_STORE_ROOT@ patches/cdrtools-3.01-mkisofs-isoinfo.patch:- fchmodat(AT_FDCWD, fname, fstat_buf.st_mode, AT_SYMLINK_NOFOLLOW); patches/cdrtools-3.01-mkisofs-isoinfo.patch:+ fchmodat(AT_FDCWD, fname, fstat_buf.st_mode, AT_SYMLINK_NOFOLLOW); patches/tcsh-fix-autotest.patch: chmod a+x args.sh patches/tcsh-fix-autotest.patch:-chmod a+x script.sh subdir/script.sh patches/tcsh-fix-autotest.patch:+#chmod a+x script.sh subdir/script.sh patches/perl-file-path-CVE-2017-6512.patch:https://anonscm.debian.org/cgit/perl/perl.git/diff/debian/patches/fixes/file_path_chmod_race.diff?id=e7b50f8fb6413f8ddfbbfda2d531615fb029e2d3 patches/perl-file-path-CVE-2017-6512.patch:Subject: Prevent directory chmod race attack. patches/perl-file-path-CVE-2017-6512.patch:CVE-2017-6512 is a race condition attack where the chmod() of directories patches/perl-file-path-CVE-2017-6512.patch:the directory-permission loosening logic to systems where fchmod() is patches/perl-file-path-CVE-2017-6512.patch:Patch-Name: fixes/file_path_chmod_race.diff patches/perl-file-path-CVE-2017-6512.patch:- or chmod( $nperm, $root ) patches/perl-file-path-CVE-2017-6512.patch:+ # This uses fchmod to avoid traversing outside of the proper patches/perl-file-path-CVE-2017-6512.patch:+ or eval { chmod( $nperm, $root_fh ) } patches/perl-file-path-CVE-2017-6512.patch:+my $fchmod_supported = 0; patches/perl-file-path-CVE-2017-6512.patch:+ eval { $fchmod_supported = chmod( $perm, $fh); }; patches/perl-file-path-CVE-2017-6512.patch:+ skip "fchmod of directories not supported on this platform", 3 unless $fchmod_supported; patches/perl-file-path-CVE-2017-6512.patch: # http://perldoc.perl.org/perlport.html#chmod patches/perl-file-path-CVE-2017-6512.patch: skip "Windows chmod test skipped", $skip_count patches/perl-file-path-CVE-2017-6512.patch:+ skip "fchmod() on directories is not supported on this platform", $skip_count patches/perl-file-path-CVE-2017-6512.patch:+ unless $fchmod_supported; patches/perl-file-path-CVE-2017-6512.patch:- $dir = catdir($tmp_base, 'chmod_test'); patches/perl-file-path-CVE-2017-6512.patch:+ $dir = catdir($tmp_base, sprintf("chmod_test%04o", $input)); patches/portmidi-modular-build.patch:- COMMAND chmod +x pmdefaults/pmdefaults patches/byobu-writable-status.patch:+ chmod +w "$BYOBU_CONFIG_DIR/$f" patches/proot-test-fhs.patch:@@ -34,7 +34,7 @@ chmod +x ${ROOTFS}/${TMP_ABS} patches/rsync-CVE-2017-17434-pt2.patch: extern struct chmod_mode_struct *daemon_chmod_modes; Binary file tex.go matches Binary file networking.go matches virtualization.scm: (chmod "samba-wrapper" #o755) Binary file graphviz.go matches tex.scm: "batchmode; " tex.scm: "batchmode; " tex.scm: "batchmode; " tex.scm: (and (zero? (system* "luatex" "-ini" "-interaction=batchmode" tex.scm: (zero? (system* "tex" "-ini" "-interaction=batchmode" tex.scm: (zero? (system* "latex" "-ini" "-interaction=batchmode" tex.scm: (zero? (system* format "-ini" "-interaction=batchmode" tex.scm: (zero? (system* "luatex" "-ini" "-interaction=batchmode" tex.scm: "batchmode; " tex.scm: "batchmode; " Binary file autotools.go matches ssh.scm: (chmod (string-append (assoc-ref outputs "out") Binary file python.go matches Binary file maths.go matches cups.scm: (for-each (lambda (file) (chmod file #o644)) cups.scm: (for-each (lambda (file) (chmod file #o644)) axoloti.scm: (chmod target #o555)) python.scm: (chmod file #o755)) python.scm: (chmod new #o755) Binary file wget.go matches Binary file bioinformatics.go matches kodi.scm: (("autoreconf -vif") "chmod -R u+w .")) Binary file perl.go matches c.scm: (chmod port #o777))) Binary file axoloti.go matches Binary file ocaml.go matches ocaml.scm: (chmod "src/strings.ml" #o600) conkeror.scm: (chmod launcher #o555))))))) Binary file java.go matches Binary file emacs.go matches text-editors.scm: (zero? (system* "chmod" "-R" "u+w" "../test"))))))) nvi.scm: (chmod "configure" #o0755))))) disk.scm: (chmod exe #o555) Binary file backup.go matches Binary file music.go matches audio.scm: (chmod file #o644)) music.scm: (chmod (string-append out "/share/Aria/Documentation") #o555) music.scm: (chmod (string-append out "/share/Aria/score") #o555) music.scm: (chmod (string-append bin "/tuxguitar") #o555) music.scm: (for-each (cut chmod <> #o644) Binary file zile.go matches emacs.scm: (chmod exwm-executable #o555) emacs.scm: (chmod exwm-executable #o555) perl.scm: (chmod dso #o755)) perl.scm: (chmod "blib/arch/auto/Digest/MD5/MD5.so" #o755)))))) Binary file bootstrap.go matches tls.scm: (chmod file #o644)) certs.scm: (chmod "certdata2pem.py" #o555) java.scm: (chmod target #o755) java.scm: (chmod (string-append bin tool) #o755)) java.scm: (chmod target #o755) java.scm: (string-append line "; chmod -R u+w $(BOOT_DIR)"))) java.scm: (zero? (system* "chmod" "-R" "u+w" "openjdk")) java.scm: (("/bin/chmod") (which "chmod"))) java.scm: ;; The cacerts files we are going to overwrite are chmod'ed as java.scm: (chmod (string-append (assoc-ref outputs "out") java.scm: (chmod (string-append (assoc-ref outputs "jdk") java.scm: (chmod (string-append bin "/antlr3") #o755)))) java.scm: (chmod (string-append bin "/antlr3") #o755) java.scm: (chmod (string-append bin "/antlr3") #o755)))) java.scm: (chmod (string-append bin "/mvel2") #o755)) backup.scm: (chmod target-file-location #o755) Binary file c.go matches linux.scm: (chmod ".config" #o666)) linux.scm: (chmod file #o666)) linux.scm: (chmod "e2fsck" #o555)))))) linux.scm: (chmod "zerofree" #o555) linux.scm: (chmod file #o755)) linux.scm: (chmod target #o555))))) Binary file kodi.go matches Binary file monitoring.go matches Binary file virtualization.go matches Binary file audio.go matches Binary file certs.go matches fpga.scm: (zero? (system* "chmod" "+w" "abc/abc"))))) Binary file tls.go matches package-management.scm: (chmod po #o666)) Binary file text-editors.go matches Binary file commencement.go matches uml.scm: (chmod wrapper #o555)) Binary file disk.go matches Binary file graphics.go matches graphviz.scm: (chmod "test/boolean/test.sh" #o777)) web.scm: (chmod "woof" #o555)) Binary file netpbm.go matches bootloaders.scm: (zero? (system* "chmod" "a+w" "utils/isohybrid.in")))) Binary file uml.go matches bootstrap.scm: (chmod bin-dir #o755) bootstrap.scm: (chmod guile #o555) bootstrap.scm: (chmod bin-dir #o555)))))) bootstrap.scm: (chmod "bin" #o755) bootstrap.scm: (chmod "bin" #o555) bootstrap.scm: (chmod "lib" #o755) bootstrap.scm: (chmod "." #o755) bootstrap.scm: (chmod "gcc" #o555)))))) engineering.scm: (chmod (string-append out "/bin/" script) #o555))) Binary file conkeror.go matches Binary file bootstrap/x86_64-linux/mkdir matches Binary file bootstrap/armhf-linux/mkdir matches Binary file bootstrap/i686-linux/mkdir matches Binary file bootstrap/mips64el-linux/mkdir matches Binary file bootstrap/aarch64-linux/mkdir matches Binary file readline.go matches Binary file games.go matches Binary file irc.go matches readline.scm: (for-each (lambda (f) (chmod f #o755)) readline.scm: (for-each (lambda (f) (chmod f #o644)) wget.scm: (chmod file #o755)) games.scm: (chmod (string-append bin "/roguebox-adventures") #o555) games.scm: (chmod port #o777))))) games.scm: (chmod "redeclipse_linux" #o555) games.scm: (chmod "redeclipse_server_linux" #o555))) games.scm: (chmod higan #o555) games.scm: (chmod prog #o755) games.scm: (chmod wrapper #o555) zile.scm: (chmod file #o755)) lisp.scm: (chmod wrapper #o755)) lisp.scm: (chmod script #o755) Binary file base.go matches Binary file cups.go matches bioinformatics.scm: (chmod wrapper #o555))))))) bioinformatics.scm: (chmod (string-append target "GESS.py") #o555) bioinformatics.scm: (chmod "_pytadbit/_version.py" #o664) bioinformatics.scm: (chmod "README.rst" #o664) autotools.scm: (chmod (string-append bin "/autoconf") #o555))))))) Binary file nvi.go matches monitoring.scm: (("chmod g\\+s.*" all) Binary file web.go matches version-control.scm: (chmod new #o555)) admin.scm: (chmod "bind/bind.tar.gz" #o644) Binary file linux.go matches graphics.scm: (chmod "brdf" #o555)))))))) Binary file bootloaders.go matches Binary file version-control.go matches base.scm: (chmod ld #o555) Binary file mail.go matches netpbm.scm: (chmod "config.mk" #o664) simulation.scm: ;; 'chmod' step is needed before running the applications. For simulation.scm: ;; $ chmod -R u+w . Binary file lisp.go matches maths.scm: (chmod "src/maxima" #o555) maths.scm: (chmod wrapper #o555)))) Binary file engineering.go matches Cheers, Alex --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEdZDkzSn0Cycogr9IxYq4eRf1Ea4FAlpLmNwACgkQxYq4eRf1 Ea6TPhAAmH1rs05llagAMjHXhG6Wc5qr53IRnjrryJFJsuaXVzEn0+aRnkFt6J7p AimZDhpl1cC0DPj9M+4P73xWaMEpuUJi5bFTvHgLUlzU9jgUYhi3s4EzLOg3HtRk FFQXt2poIEdZu6s5AtfhmmWRlJTaCiYCb5h9+KuvATflpk9g3xKQ/hy1rdSQa71o pyjrVNA1cydqX6s7rumiPWCoXKtspV7eZKvPnUv39WpcgU8ojqb8xvTxVqt8VMKG OTkasUU0iwVQJaGfjSx5FV4gplxPDUETYQxaHioiqQ+5R7b9ibqwLVin4RaRQX36 FxwXKQuCpGjkcs779d7/nhJ87QAdFK/BY/kDMZ4Kq7R0ZFu2aHMRkR86TzLPHw27 e6u+dO0dG4xn7dMF+th38DsWHEgadfawS7UhNjF5Fdjcg/Jm9ThIrHuPkiawJiZP 2nK7o7QsjMgUd7U83n3J/efsHIIFAeJ1dPErA4jtse70VwlDTcwBBeu3iLnWrsZC 568nizIB3J+ZmRMvKpEewhFiwUu9OnbBGBZ9d7S0fro1geZGq5N4fIlxHWgS9L9J sCWGZ/kf9yIvcP8JOHbuj+R605J4xhY4zgPcPq7J858inHzPOsbNbo5VwCkcpsIy cdhxqcz12QyWW8YuQbQ69skMUAjbo2SbEfioFA89HPuEHhc9OTA= =89rZ -----END PGP SIGNATURE----- --=-=-=--