Re: www/serf install permissions fix

["J. Lewis Muir" <jlmuir%imca-cat.org@localhost>]

On 04/05, J. Lewis Muir wrote:
> 1. It checks for group- or world-writable files.  If it should only
>    check for world-writable files, obviously it's trivial to change it
>    to do that.

I've decided that checking for group-writable files is too strict.
I just tried to build devel/protobuf and came across two packages
that have distfiles with group-writable files: www/libuv and
devel/googletest.  If that's at all indicative of what's out there, I
suspect a full bulk build would have a terrible time.  So, I've updated
the patch to only check for world-writable files.  The updated patch is
below.

Thanks,

Lewis

diff --git a/mk/check/bsd.check.mk b/mk/check/bsd.check.mk
index 8db4197e4b1..925b79819d7 100644
--- a/mk/check/bsd.check.mk
+++ b/mk/check/bsd.check.mk
@@ -5,6 +5,9 @@
 #
 # There are some predefined hooks where checks can be added:
 #
+# post-extract-checks-hook
+#	Is run after extracting the package distfiles.
+#
 # pre-configure-checks-hook
 #	Is run before configuring the package.
 #
@@ -25,6 +28,7 @@
 #    check-interpreter, check-shlibs, check-vulnerable, check-wrkref
 #
 
+.include "check-distfile-perms.mk"
 .include "check-files.mk"
 .include "check-headers.mk"
 .include "check-interpreter.mk"
@@ -36,6 +40,7 @@
 .include "check-wrkref.mk"
 .include "check-fakehome.mk"
 
+post-extract-checks-hook \
 pre-configure-checks-hook \
 pre-build-checks-hook: .PHONY
 	@${DO_NADA}
diff --git a/mk/check/check-distfile-perms.mk b/mk/check/check-distfile-perms.mk
new file mode 100644
index 00000000000..b7ffdd2e430
--- /dev/null
+++ b/mk/check/check-distfile-perms.mk
@@ -0,0 +1,52 @@
+# $NetBSD$
+#
+# This file checks that extracted files are not world-writable.
+#
+# User-settable variables:
+#
+# CHECK_DISTFILE_PERMS
+#	Specifies whether the check should be run at all.
+#
+#	Possible values: yes, no.
+#
+#	Default value: yes for PKG_DEVELOPER, no otherwise.
+#
+# Package-settable variables:
+#
+
+_VARGROUPS+=					check-distfile-perms
+_USER_VARS.check-distfile-perms=		CHECK_DISTFILE_PERMS
+
+.if ${PKG_DEVELOPER:Uno} != "no"
+CHECK_DISTFILE_PERMS?=				yes
+.else
+CHECK_DISTFILE_PERMS?=				no
+.endif
+
+.if ${CHECK_DISTFILE_PERMS:M[Yy][Ee][Ss]}
+post-extract-checks-hook: _check-distfile-perms
+.endif
+
+_CHECK_DISTFILE_PERMS_QUOTED_EXTRACT_DIRS=	# empty
+.for f in ${EXTRACT_ONLY}
+_CHECK_DISTFILE_PERMS_QUOTED_EXTRACT_DIRS+=	${EXTRACT_DIR.${f}:Q}
+.endfor
+
+_check-distfile-perms: .PHONY
+	@${STEP_MSG} "Checking for world-writable extracted files"
+	${RUN} 								\
+	ok=yes; 							\
+	for each in ${_CHECK_DISTFILE_PERMS_QUOTED_EXTRACT_DIRS}; do 	\
+		cd ${WRKDIR:Q} &&					\
+		if find "$$each" -perm -o=w | grep . > /dev/null; then	\
+			ok=no;						\
+			break;						\
+		fi;							\
+	done;								\
+	[ $$ok = yes ] && exit 0;					\
+	${ERROR_MSG} "[check-distfile-perms.mk] world-writable files:";	\
+	for each in ${_CHECK_DISTFILE_PERMS_QUOTED_EXTRACT_DIRS}; do	\
+		cd ${WRKDIR:Q} &&					\
+		find "$$each" -perm -o=w | sed  's/^/	/';		\
+	done;								\
+	exit 1
diff --git a/mk/extract/extract.mk b/mk/extract/extract.mk
index f23b7efaae0..f5ee3ea0fc0 100644
--- a/mk/extract/extract.mk
+++ b/mk/extract/extract.mk
@@ -105,6 +105,7 @@ _REAL_EXTRACT_TARGETS+=	extract-dir
 _REAL_EXTRACT_TARGETS+=	pre-extract
 _REAL_EXTRACT_TARGETS+=	do-extract
 _REAL_EXTRACT_TARGETS+=	post-extract
+_REAL_EXTRACT_TARGETS+=	post-extract-checks-hook
 _REAL_EXTRACT_TARGETS+=	extract-cookie
 _REAL_EXTRACT_TARGETS+=	error-check