pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Question about PKG_DEVELOPER and math/py-scipy
Hi Greg and Makoto,
Thank you for the information.
Permissions of archived files are all "-rwxrwxrwx".
---------------------------------------------------------------------------
# tar tzvf /usr/pkgsrc/distfiles/scipy-1.6.0.tar.gz | head
drwxrwxrwx 0 treddy treddy 0 Dec 31 07:11 scipy-1.6.0/
-rwxrwxrwx 0 treddy treddy 40 Dec 31 07:01 scipy-1.6.0/.coveragerc
-rwxrwxrwx 0 treddy treddy 14420 Feb 14 2020 scipy-1.6.0/HACKING.rst.txt
-rwxrwxrwx 0 treddy treddy 7069 Dec 4 09:52 scipy-1.6.0/INSTALL.rst.txt
-rwxrwxrwx 0 treddy treddy 12650 Dec 31 07:11 scipy-1.6.0/LICENSE.txt
-rwxrwxrwx 0 treddy treddy 945 Feb 14 2020 scipy-1.6.0/MANIFEST.in
-rwxrwxrwx 0 treddy treddy 2130 Dec 31 07:11 scipy-1.6.0/PKG-INFO
-rwxrwxrwx 0 treddy treddy 2682 May 22 2020 scipy-1.6.0/README.rst
drwxrwxrwx 0 treddy treddy 0 Dec 31 07:11 scipy-1.6.0/benchmarks/
-rwxrwxrwx 0 treddy treddy 3235 Nov 5 13:02
scipy-1.6.0/benchmarks/README.rst
---------------------------------------------------------------------------
It seems that adding following to Makefile fixes the problem.
---------------------------------------------------------------------------
# for changing permission of extracted files from -rwxrwxrwx to -rwxr-xr-x
EXTRACT_OPTS_TAR+= --no-same-permissions
---------------------------------------------------------------------------
thank you again,
Daisuke
On Fri, 8 Jan 2021 at 21:52, Greg Troxel <gdt%lexort.com@localhost> wrote:
>
>
> Kinoshita Daisuke <kinoshita%astro.ncu.edu.tw@localhost> writes:
>
> > ---------------------------------------------------------------------------
> > warning: /data0/netbsd/pkgsrc/current/pkgsrc/math/py-scipy/work/.destdir/usr/pkg/lib/python3.9/site-packages/scipy/stats/tests/test_stats.py:
> > group-writable file.
>
> I find often that this is related to strangeness on using various
> unpacking programs on the distribution tarball, and perhaps
> disagreements about the format of metadata. I would suggest looking at
> the distfile with various programs, and see what EXTRACT_USING ends up
> being. Sometimes the distfile is in a format supported only by some of
> tar/pax/gtar/bsdtar/etc.
>
> If the distfile really has files with group/other write permissions,
> then it might be necesssary to fix those after unpacking. But probably
> if so you should report a bug upstream, as that creates a window when an
> attacker could change one of the files.
>
>
>
>
Home |
Main Index |
Thread Index |
Old Index