Bug 152224 - [patch] fix installed permissions for lang/python27
Summary: [patch] fix installed permissions for lang/python27
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-python (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-11-14 02:50 UTC by John Hein
Modified: 2012-06-14 07:10 UTC (History)
1 user (show)

See Also:

Attachments
file.diff (1.02 KB, patch)
2010-11-14 02:50 UTC, John Hein 		no flags Details | Diff
p (1.22 KB, text/plain)
2010-11-14 22:19 UTC, John Hein 		no flags Details
p (1.16 KB, text/plain)
2010-11-15 18:21 UTC, John Hein 		no flags Details
p (1.16 KB, text/plain)
2010-11-29 00:23 UTC, John Hein 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Hein 2010-11-14 02:50:08 UTC 
The distribution tarball for python 2.7 has permission bits for 'others'
set to 0 for the entire tarball.

During install, lang/python27 copies Tools and Demo (using tar) to the installed
prefix.  Because of the tarball permissions, this renders them readable only by
the installer (usually uid 0) or members of the installer's group (usually gid 0).

Furthermore, the tar during post-install does not use --no-same-owner,
so the installed files are owned by the builder, which often is not
root.  If using INSTALL_AS_USER, this doesn't matter.  But if not
using INSTALL_AS_USER (which is more common), then the common
'make && sudo make install' sequence (or some similar equivalent) will
cause the files to be writable by the building user.

While this probably doesn't matter that much (that just means the
build user will be able to write to files that were installed by root,
and more than likely the build user is trusted), it's more correct to
have them owned by the installer (usually uid 0).

The --no-same-owner fix should also be applied to lang/python2X (where
X < 7) as well.

The distribution tarball fix is not necessary for python26 (I didn't
look further back than that) which has more normal permissions in its
distribution tarball.

Fix: Fix permissions of extracted tarball for pieces that are copied
during post-inastll.

Use tar --no-same-owner during post-install to ensure copied files
are owned by install user.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2010-11-14 02:50:15 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->freebsd-python

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 swell.k 2010-11-14 04:04:09 UTC 
John Hein <jhein@symmetricom.com> writes:

[...]
> Fix permissions of extracted tarball for pieces that are copied
> during post-inastll.
>
> Use tar --no-same-owner during post-install to ensure copied files
> are owned by install user.

I'm not sure `--no-same-owner' is available on 6.x, better use `-o'.

> +post-extract:
> +# The distribution tarball for python 2.7 has permission bits for 'others'
> +# set to 0.  Later during install, we copy Tools and Demo to the installed
> +# prefix, so set them right here.
> +	${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo -type d | ${XARGS} ${CHMOD} a+rx
> +	${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo -type f | ${XARGS} ${CHMOD} a+r
> +

This can be reduced to one command

  ${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo \
              -type d -exec ${CHMOD} a+rx {} + \
          -or -type f -exec ${CHMOD} a+r  {} +
Comment 3 John Hein 2010-11-14 22:19:33 UTC 
John Hein wrote at 10:49 MST on Nov 14, 2010:
 > Anonymous wrote at 07:04 +0300 on Nov 14, 2010:
 >  > John Hein <jhein@symmetricom.com> writes:
 >  > 
 >  > [...]
 >  > > Fix permissions of extracted tarball for pieces that are copied
 >  > > during post-inastll.
 >  > >
 >  > > Use tar --no-same-owner during post-install to ensure copied files
 >  > > are owned by install user.
 >  > 
 >  > I'm not sure `--no-same-owner' is available on 6.x, better use `-o'.

Yes, I checked tar compatibility.
--no-same-owner is available... in gnu tar available in
6.x's base or a port and if someone has installed bsdtar from ports.
bsd.port.mk uses it, too.


 >  > > +post-extract:
 >  > > +# The distribution tarball for python 2.7 has permission bits for 'others'
 >  > > +# set to 0.  Later during install, we copy Tools and Demo to the installed
 >  > > +# prefix, so set them right here.
 >  > > +	${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo -type d | ${XARGS} ${CHMOD} a+rx
 >  > > +	${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo -type f | ${XARGS} ${CHMOD} a+r
 >  > > +
 >  > 
 >  > This can be reduced to one command
 >  > 
 >  >   ${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo \
 >  >               -type d -exec ${CHMOD} a+rx {} + \
 >  >           -or -type f -exec ${CHMOD} a+r  {} +

Indeed, good idea... updated patch:
Comment 4 olli 2010-11-15 17:35:40 UTC 
Anonymous <swell.k@gmail.com> wrote:
 > John Hein <jhein@symmetricom.com> writes:
 > > +post-extract:
 > > +# The distribution tarball for python 2.7 has permission bits for 'others'
 > > +# set to 0.  Later during install, we copy Tools and Demo to the installed
 > > +# prefix, so set them right here.
 > > +    ${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo -type d | ${XARGS} ${CHMOD} a+rx
 > > +    ${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo -type f | ${XARGS} ${CHMOD} a+r
 > > +
 >  
 >  This can be reduced to one command
 >  
 >    ${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo \
 >                -type d -exec ${CHMOD} a+rx {} + \
 >            -or -type f -exec ${CHMOD} a+r  {} +

It's unclear to me why you have to use find(1) at all.
The following simple command should work equally well:

    ${CHMOD} -R og=u-w ${WRKSRC}/Tools ${WRKSRC}/Demo

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"We, the unwilling, led by the unknowing,
are doing the impossible for the ungrateful.
We have done so much, for so long, with so little,
we are now qualified to do anything with nothing."
        -- Mother Teresa
Comment 5 John Hein 2010-11-15 18:21:06 UTC 
Oliver Fromme wrote at 18:35 +0100 on Nov 15, 2010:
 > Anonymous <swell.k@gmail.com> wrote:
 >  > John Hein <jhein@symmetricom.com> writes:
 >  > > +post-extract:
 >  > > +# The distribution tarball for python 2.7 has permission bits for 'others'
 >  > > +# set to 0.  Later during install, we copy Tools and Demo to the installed
 >  > > +# prefix, so set them right here.
 >  > > +    ${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo -type d | ${XARGS} ${CHMOD} a+rx
 >  > > +    ${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo -type f | ${XARGS} ${CHMOD} a+r
 >  > > +
 >  >  
 >  >  This can be reduced to one command
 >  >  
 >  >    ${FIND} ${WRKSRC}/Tools ${WRKSRC}/Demo \
 >  >                -type d -exec ${CHMOD} a+rx {} + \
 >  >            -or -type f -exec ${CHMOD} a+r  {} +
 > 
 > It's unclear to me why you have to use find(1) at all.
 > The following simple command should work equally well:
 > 
 >     ${CHMOD} -R og=u-w ${WRKSRC}/Tools ${WRKSRC}/Demo

Yes, that's better still and will work fine since the user bits are
good in the tarball.  Updated patch (with a fix for the path, too)...
Comment 6 John Hein 2010-11-29 00:23:48 UTC 
This patch is still needed for python 2.7.1

The 2.7.1 distribution tarball doesn't have 'other' permissions set,
so the post-extract is still needed.

The second part that uses --no-same-owner with tar in post-install is
still needed in general to avoid having the installed files owned by
the build user.  [As described in the original report, this is needed
for at least python26 as well].
Comment 7 dfilter service freebsd_committer freebsd_triage 2012-06-14 07:03:07 UTC 
demon       2012-06-14 06:02:52 UTC

  FreeBSD ports repository

  Modified files:
    lang/python27        Makefile 
  Log:
  Fix permissions for Tools and Demo folders.
  
  PR:             152224
  Submitted by:   John Hein <jhein@symmetricom.com>
  Silence from:   python@
  
  Revision  Changes    Path
  1.189     +8 -2      ports/lang/python27/Makefile
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 8 Dmitry Sivachenko freebsd_committer freebsd_triage 2012-06-14 07:05:19 UTC 
State Changed
From-To: open->closed

Patch committed, thanks! 
(you missed -R option to chmod in your patch ;)