Re: www/serf install permissions fix

To: Greg Troxel <gdt%lexort.com@localhost>
Subject: Re: www/serf install permissions fix
From: "J. Lewis Muir" <jlmuir%imca-cat.org@localhost>
Date: Thu, 18 May 2017 15:08:43 -0500

On 04/13, J. Lewis Muir wrote:
> On 04/05, J. Lewis Muir wrote:
> > 1. It checks for group- or world-writable files.  If it should only
> >    check for world-writable files, obviously it's trivial to change it
> >    to do that.
> 
> I've decided that checking for group-writable files is too strict.
> I just tried to build devel/protobuf and came across two packages
> that have distfiles with group-writable files: www/libuv and
> devel/googletest.  If that's at all indicative of what's out there, I
> suspect a full bulk build would have a terrible time.  So, I've updated
> the patch to only check for world-writable files.  The updated patch is
> below.

Hi, Greg.

I've found that symlinks in distfiles can result in false-positives
since a symlink may have all mode bits set, but POSIX says the
bits should be ignored.  So, I've updated the patch again,
this time to ignore symlinks.  The patch--against the previous
mk/check/check-distfile-perms.mk--is below.

BTW, is this still likely to make it into the tree, or has support for
the idea faded?  I initial wrote it because you suggested it would be
good.  But if it's a dead thing, then I won't bother keeping it going.
Joerg has commented in [1]:

  Frankly, I don't care about writeable distfiles. If you share your
  system with other users, use a top-level directory that is only
  executable by your user. Everything else is already handled by
  checkperms, even if the result might get ignored.

Thanks,

Lewis

[1] https://mail-index.netbsd.org/tech-pkg/2017/04/13/msg018040.html

diff --git a/mk/check/check-distfile-perms.mk b/mk/check/check-distfile-perms.mk
index b7ffdd2e430..10eee34e537 100644
--- a/mk/check/check-distfile-perms.mk
+++ b/mk/check/check-distfile-perms.mk
@@ -38,7 +38,8 @@ _check-distfile-perms: .PHONY
 	ok=yes; 							\
 	for each in ${_CHECK_DISTFILE_PERMS_QUOTED_EXTRACT_DIRS}; do 	\
 		cd ${WRKDIR:Q} &&					\
-		if find "$$each" -perm -o=w | grep . > /dev/null; then	\
+		if find "$$each" -perm -o=w -not -type l |		\
+				grep . > /dev/null; then		\
 			ok=no;						\
 			break;						\
 		fi;							\
@@ -47,6 +48,7 @@ _check-distfile-perms: .PHONY
 	${ERROR_MSG} "[check-distfile-perms.mk] world-writable files:";	\
 	for each in ${_CHECK_DISTFILE_PERMS_QUOTED_EXTRACT_DIRS}; do	\
 		cd ${WRKDIR:Q} &&					\
-		find "$$each" -perm -o=w | sed  's/^/	/';		\
+		find "$$each" -perm -o=w -not -type l |			\
+			sed  's/^/	/';				\
 	done;								\
 	exit 1

Follow-Ups:
- Re: www/serf install permissions fix
  - From: J. Lewis Muir

References:
- Re: www/serf install permissions fix
  - From: Greg Troxel
- Re: www/serf install permissions fix
  - From: J. Lewis Muir
- Re: www/serf install permissions fix
  - From: Greg Troxel
- Re: www/serf install permissions fix
  - From: J. Lewis Muir
- Re: www/serf install permissions fix
  - From: J. Lewis Muir
- Re: www/serf install permissions fix
  - From: Greg Troxel
- Re: www/serf install permissions fix
  - From: J. Lewis Muir
- Re: www/serf install permissions fix
  - From: Greg Troxel
- Re: www/serf install permissions fix
  - From: J. Lewis Muir
- Re: www/serf install permissions fix
  - From: J. Lewis Muir

Prev by Date: Re: pkg_add and TLS
Next by Date: daily pkgsrc CVS update output
Previous by Thread: Re: www/serf install permissions fix
Next by Thread: Re: www/serf install permissions fix
Indexes:

Home | Main Index | Thread Index | Old Index