Fwd: : devel/py-mercurial breakage by extension.mk patch

To: tech-pkg%NetBSD.org@localhost
Subject: Fwd: : devel/py-mercurial breakage by extension.mk patch
From: Richard PALO <richard%netbsd.org@localhost>
Date: Mon, 23 May 2016 19:18:02 +0200

as wiz@ requested, there is still a hole with the recent lang/python/extension.mk patch
to get over protection issues with python packages.

I'm currently proposing the following update:
> Index: extension.mk
> ===================================================================
> RCS file: /cvsroot/pkgsrc/lang/python/extension.mk,v
> retrieving revision 1.45
> diff -u -r1.45 extension.mk
> --- extension.mk	21 May 2016 05:22:40 -0000	1.45
> +++ extension.mk	23 May 2016 16:59:50 -0000
> @@ -28,11 +28,7 @@
>  PYSETUPTESTARGS?=	#empty
>  PYSETUPSUBDIR?=		#empty
>  
> -post-install:	fixup-python-writeable-source
> -.PHONY:	fixup-python-writeable-source
> -fixup-python-writeable-source:
> -	${FIND} ${DESTDIR} -type f \( -perm -g+w -o -perm -o+w \) \
> -	    -exec ${CHMOD} go-w '{}' +
> +CHECK_PERMS_AUTOFIX=	yes	# fixup most mode related warnings/errors
>  
>  do-build:
>  	(cd ${WRKSRC}/${PYSETUPSUBDIR} && ${SETENV} ${MAKE_ENV} ${PYTHONBIN} \
> @@ -47,6 +43,12 @@
>  	 ${PYSETUP} ${PYSETUPARGS} ${PYSETUPTESTTARGET} ${PYSETUPTESTARGS})
>  .endif
>  
> +privileged-install-hook:	fixup-egg-info
> +.PHONY:	fixup-egg-info
> +fixup-egg-info:	# ensure egg-info directory contents are always 644
> +	${FIND} ${DESTDIR}${PREFIX}/${PYSITELIB}/${EGG_INFODIR} -type f \
> +	    -exec ${CHMOD} ${SHAREMODE} '{}' +
> +
>  .endif
>  
>  # PY_NO_EGG suppress the installation of the egg info file (and

which gets the large majority of cases fixed 'automagically'

The questions marks are:
1. it it preferable to *always* make the package do the fixups
   instead of setting CHECK_PERMS_AUTOFIX=yes in extensions.mk

2. with respect to 'privileged-install-hook', this avoids accidental
   blocking *any* python module build due to, e.g., 600 mode files
   in $LOCALBASE/lib/pythonX.X/site-packages/*egg-info/ 

   perhaps there is a better target for 2, but using 'post-install'
   does not work as many modules don't deliver their egg-info
   directories directly, they are generated during install 
   via setuptools typically.

out of recent experience I feel more strongly about 2 than about 1
since there are still cases that may need to be dealt with
(example is cacerts.txt in www/py-httplib2)

but 1 is nice too as the fixup is generally done for the most part,
left to the developer to report upstream (beware of eggs in the face=)

thanks in advance for thoughtful suggestions.
-- 
Richard PALO

Follow-Ups:
- Re: Fwd: : devel/py-mercurial breakage by extension.mk patch
  - From: Richard PALO

Prev by Date: daily pkgsrc CVS update output
Next by Date: daily pkgsrc CVS update output
Previous by Thread: New pkgsrc-security key
Next by Thread: Re: Fwd: : devel/py-mercurial breakage by extension.mk patch
Indexes:

Home | Main Index | Thread Index | Old Index