* [ptxdist] [PATCH] sudo: targetinstall /etc/sudoers.d with 4 digit permission @ 2020-08-18 10:35 Alexander Dahl 2020-08-19 10:47 ` Roland Hieber 2020-08-21 6:54 ` [ptxdist] [APPLIED] " Michael Olbrich 0 siblings, 2 replies; 16+ messages in thread From: Alexander Dahl @ 2020-08-18 10:35 UTC (permalink / raw) To: ptxdist When installing additional files into /etc/sudoers.d from another package, we got this error (redacted): Incompatible ownership or permissions for '/etc/sudoers.d': sudo: 0.0 755 *****: 0.0 0755 (implicit) One of these packages must be fixed! Build is successful again, if fixed in the sudo package. Signed-off-by: Alexander Dahl <ada@thorsis.com> --- Notes: Besides: how would one fix this in the other package? I have that case for another set of packages where one creates a folder with 2775 and others should copy files in it, which fails because 0755 are the implicit rights. Recreate that folder in each package? rules/sudo.make | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/sudo.make b/rules/sudo.make index 985ab8768..dd8c1bb67 100644 --- a/rules/sudo.make +++ b/rules/sudo.make @@ -133,7 +133,7 @@ $(STATEDIR)/sudo.targetinstall: ifdef PTXCONF_SUDO_INSTALL_ETC_SUDOERS @$(call install_alternative, sudo, 0, 0, 0440, /etc/sudoers, n) - @$(call install_copy, sudo, 0, 0, 755, /etc/sudoers.d) + @$(call install_copy, sudo, 0, 0, 0755, /etc/sudoers.d) endif ifdef PTXCONF_SUDO_INSTALL_VISUDO -- 2.27.0 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [ptxdist] [PATCH] sudo: targetinstall /etc/sudoers.d with 4 digit permission 2020-08-18 10:35 [ptxdist] [PATCH] sudo: targetinstall /etc/sudoers.d with 4 digit permission Alexander Dahl @ 2020-08-19 10:47 ` Roland Hieber 2020-08-19 10:51 ` [ptxdist] [PATCH 1/2] doc: ref_make_macros: make clear that permission should be four digits Roland Hieber 2020-08-19 11:11 ` [ptxdist] [PATCH] sudo: targetinstall /etc/sudoers.d with 4 digit permission Alexander Dahl 2020-08-21 6:54 ` [ptxdist] [APPLIED] " Michael Olbrich 1 sibling, 2 replies; 16+ messages in thread From: Roland Hieber @ 2020-08-19 10:47 UTC (permalink / raw) To: Alexander Dahl; +Cc: ptxdist On Tue, Aug 18, 2020 at 12:35:32PM +0200, Alexander Dahl wrote: > When installing additional files into /etc/sudoers.d from another > package, we got this error (redacted): > > Incompatible ownership or permissions for '/etc/sudoers.d': > sudo: 0.0 755 > *****: 0.0 0755 (implicit) > > One of these packages must be fixed! > > Build is successful again, if fixed in the sudo package. > > Signed-off-by: Alexander Dahl <ada@thorsis.com> > --- > > Notes: > Besides: how would one fix this in the other package? I have that case > for another set of packages where one creates a folder with 2775 and > others should copy files in it, which fails because 0755 are the > implicit rights. Recreate that folder in each package? A start could be to grep for install_copy calls and sort them by their last parameter: git grep '$(call install_copy,' | sort -k 8 … but we still need to handle those lines which are wrapped using a \ at the end… > rules/sudo.make | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/rules/sudo.make b/rules/sudo.make > index 985ab8768..dd8c1bb67 100644 > --- a/rules/sudo.make > +++ b/rules/sudo.make > @@ -133,7 +133,7 @@ $(STATEDIR)/sudo.targetinstall: > > ifdef PTXCONF_SUDO_INSTALL_ETC_SUDOERS > @$(call install_alternative, sudo, 0, 0, 0440, /etc/sudoers, n) > - @$(call install_copy, sudo, 0, 0, 755, /etc/sudoers.d) > + @$(call install_copy, sudo, 0, 0, 0755, /etc/sudoers.d) Huh, there are a lot of other instances of install_copy where the three-digit variant is used… I guess we should fix them once for all. - Roland > endif > > ifdef PTXCONF_SUDO_INSTALL_VISUDO > -- > 2.27.0 > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > -- Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de | Steuerwalder Str. 21 | https://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 16+ messages in thread
* [ptxdist] [PATCH 1/2] doc: ref_make_macros: make clear that permission should be four digits 2020-08-19 10:47 ` Roland Hieber @ 2020-08-19 10:51 ` Roland Hieber 2020-08-19 10:51 ` [ptxdist] [PATCH 2/2] rules: explicitly specify sticky/setuid/setgid bits for install_* macros Roland Hieber 2020-08-19 10:59 ` [ptxdist] [PATCH v2 1/2] doc: ref_make_macros: make clear that permission should be four digits Roland Hieber 2020-08-19 11:11 ` [ptxdist] [PATCH] sudo: targetinstall /etc/sudoers.d with 4 digit permission Alexander Dahl 1 sibling, 2 replies; 16+ messages in thread From: Roland Hieber @ 2020-08-19 10:51 UTC (permalink / raw) To: ptxdist; +Cc: Alexander Dahl, Roland Hieber Three octal digits are not enough, we must also respect the sticky/setuid/setgid bits. Even if these are mostly implied to be 0, we should be explicit here. This should also help to prevent permission clashes when more than one packages install the same directory. Signed-off-by: Roland Hieber <rhi@pengutronix.de> --- doc/ref_make_macros.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/ref_make_macros.rst b/doc/ref_make_macros.rst index 6f056adf3e7d..ae65cb9408cf 100644 --- a/doc/ref_make_macros.rst +++ b/doc/ref_make_macros.rst @@ -173,7 +173,7 @@ Some of the parameters have fixed meanings: **<GID>** Group ID the file should use in the target's root filesystem **<permission>** - Permission (in an octal value) the file should use in the target's root filesystem + Permission (as a four-digit octal value) the file should use in the target's root filesystem The remaining parameters vary with the use case: @@ -384,7 +384,7 @@ The base parameters and their meanings: **<GID>** Group ID the file should use in the target's root filesystem **<permission>** - Permission (in an octal value) the file should use in the target's root filesystem + Permission (as a four-digit octal value) the file should use in the target's root filesystem The parameter <destination> is meant as an absolute path and filename in target's root filesystem. PTXdist searches for the source @@ -581,7 +581,7 @@ The parameters and their meanings: **<GID>** Group ID the directories and files should use in the target's root filesystem **<permission>** - Permission (as an octal value) the library should use in the target's root + Permission (as a four-digit octal value) the library should use in the target's root filesystem (mostly 0644) **<libname>** Basename of the library without any extension and path -- 2.28.0 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 16+ messages in thread
* [ptxdist] [PATCH 2/2] rules: explicitly specify sticky/setuid/setgid bits for install_* macros 2020-08-19 10:51 ` [ptxdist] [PATCH 1/2] doc: ref_make_macros: make clear that permission should be four digits Roland Hieber @ 2020-08-19 10:51 ` Roland Hieber 2020-08-19 10:55 ` Roland Hieber 2020-08-19 10:59 ` [ptxdist] [PATCH v2 1/2] doc: ref_make_macros: make clear that permission should be four digits Roland Hieber 1 sibling, 1 reply; 16+ messages in thread From: Roland Hieber @ 2020-08-19 10:51 UTC (permalink / raw) To: ptxdist; +Cc: Alexander Dahl, Roland Hieber Until now the bits were implied to be 0, but we should be specific here. All other packages already use the four-digit variant. These instances were found by using: git grep -e 'call install_\(alternative\|copy\|lib\), [^,]\+, [^,]\+, [^,]\+, [0-9][0-9][0-9][^0-9]' Signed-off-by: Roland Hieber <rhi@pengutronix.de> --- On Wed, Aug 19, 2020 at 12:47:22PM +0200, Roland Hieber wrote: > On Tue, Aug 18, 2020 at 12:35:32PM +0200, Alexander Dahl wrote: > > rules/sudo.make | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/rules/sudo.make b/rules/sudo.make > > index 985ab8768..dd8c1bb67 100644 > > --- a/rules/sudo.make > > +++ b/rules/sudo.make > > @@ -133,7 +133,7 @@ $(STATEDIR)/sudo.targetinstall: > > > > ifdef PTXCONF_SUDO_INSTALL_ETC_SUDOERS > > @$(call install_alternative, sudo, 0, 0, 0440, /etc/sudoers, n) > > - @$(call install_copy, sudo, 0, 0, 755, /etc/sudoers.d) > > + @$(call install_copy, sudo, 0, 0, 0755, /etc/sudoers.d) > > Huh, there are a lot of other instances of install_copy where the > three-digit variant is used… I guess we should fix them once for all. I just took the liberty :-) rules/busybox.make | 4 ++-- rules/cog.make | 4 ++-- rules/cups.make | 2 +- rules/flex.make | 2 +- rules/gpsd.make | 6 +++--- rules/graphene.make | 2 +- rules/gst-bayer2rgb-neon.make | 2 +- rules/gst-rtsp-server1.make | 2 +- rules/gst-validate1.make | 2 +- rules/intel-gmmlib.make | 2 +- rules/libpaper.make | 4 ++-- rules/libsrtp.make | 2 +- rules/pango.make | 2 +- rules/piglit.make | 2 +- rules/polkit.make | 2 +- rules/python.make | 6 +++--- rules/python3.make | 6 +++--- rules/sdl2-test.make | 4 ++-- rules/strongswan.make | 26 +++++++++++++------------- rules/sudo.make | 4 ++-- rules/systemd.make | 2 +- rules/templates/template-kernel-make | 2 +- rules/xorg-font-ttf-caladea.make | 4 ++-- rules/xorg-font-ttf-carlito.make | 4 ++-- 24 files changed, 49 insertions(+), 49 deletions(-) diff --git a/rules/busybox.make b/rules/busybox.make index 9870414d0b32..d5d6aa6c2e8b 100644 --- a/rules/busybox.make +++ b/rules/busybox.make @@ -112,7 +112,7 @@ ifdef PTXCONF_BUSYBOX_FEATURE_INDIVIDUAL @$(call install_lib, busybox, 0, 0, 0644, libbusybox) @cat $(BUSYBOX_PKGDIR)/etc/busybox.links | while read link; do \ - $(call install_copy, busybox, 0, 0, 755, \ + $(call install_copy, busybox, 0, 0, 0755, \ "$(BUSYBOX_PKGDIR)/usr/lib/busybox/$${link##*/}", "/usr$${link}"); \ done else @@ -125,7 +125,7 @@ ifdef PTXCONF_BUSYBOX_FEATURE_SUID_CONFIG @$(call install_alternative, busybox, 0, 0, 0644, /etc/busybox.conf) endif else - @$(call install_copy, busybox, 0, 0, 755, -, /usr/bin/busybox) + @$(call install_copy, busybox, 0, 0, 0755, -, /usr/bin/busybox) endif @cat $(BUSYBOX_PKGDIR)/etc/busybox.links | while read link; do \ case "$${link}" in \ diff --git a/rules/cog.make b/rules/cog.make index a0587a8d501a..e0e0707b647c 100644 --- a/rules/cog.make +++ b/rules/cog.make @@ -61,8 +61,8 @@ $(STATEDIR)/cog.targetinstall: @$(call install_fixup, cog,DESCRIPTION,"WPE launcher and webapp container") @$(call install_copy, cog, 0, 0, 0755, -, /usr/bin/cog) - @$(call install_lib, cog, 0, 0, 644, libcogplatform-fdo) - @$(call install_lib, cog, 0, 0, 644, libcogcore) + @$(call install_lib, cog, 0, 0, 0644, libcogplatform-fdo) + @$(call install_lib, cog, 0, 0, 0644, libcogcore) @$(call install_finish, cog) diff --git a/rules/cups.make b/rules/cups.make index 297fe37e41ce..88d7e2e86f25 100644 --- a/rules/cups.make +++ b/rules/cups.make @@ -134,7 +134,7 @@ $(STATEDIR)/cups.targetinstall: @$(call install_fixup, cups,DESCRIPTION,missing) # ----- config files, install as daemon:lp - @$(call install_copy, cups, daemon, lp, 750, /etc/cups) + @$(call install_copy, cups, daemon, lp, 0750, /etc/cups) @$(call install_alternative, cups, daemon, lp, 0640, /etc/cups/cups-files.conf) @$(call install_alternative, cups, daemon, lp, 0640, /etc/cups/cupsd.conf) @$(call install_alternative, cups, daemon, lp, 0600, /etc/cups/classes.conf) diff --git a/rules/flex.make b/rules/flex.make index 06ddd9f1c808..6bf4682a05f2 100644 --- a/rules/flex.make +++ b/rules/flex.make @@ -49,7 +49,7 @@ $(STATEDIR)/flex.targetinstall: @$(call install_fixup, flex,AUTHOR,"Marc Kleine-Budde <mkl@pengutronix.de>") @$(call install_fixup, flex,DESCRIPTION,missing) - @$(call install_lib, flex, 0, 0, 644, libfl) + @$(call install_lib, flex, 0, 0, 0644, libfl) @$(call install_finish, flex) diff --git a/rules/gpsd.make b/rules/gpsd.make index 8d14dee809dd..0bda35d91e40 100644 --- a/rules/gpsd.make +++ b/rules/gpsd.make @@ -164,19 +164,19 @@ ifdef PTXCONF_GPSD_GPSDCTL @$(call install_copy, gpsd, 0, 0, 0755, -, /usr/sbin/gpsdctl) endif ifdef PTXCONF_GPSD_SYSTEMD_UNIT - @$(call install_alternative, gpsd, 0, 0, 644, \ + @$(call install_alternative, gpsd, 0, 0, 0644, \ /usr/lib/systemd/system/gpsd.service) @$(call install_replace, gpsd, \ /usr/lib/systemd/system/gpsd.service, \ @ARGS@, $(PTXCONF_GPSD_GPSD_ARGS)) @$(call install_link, gpsd, ../gpsd.service, \ /usr/lib/systemd/system/multi-user.target.wants/gpsd.service) - @$(call install_alternative, gpsd, 0, 0, 644, \ + @$(call install_alternative, gpsd, 0, 0, 0644, \ /usr/lib/systemd/system/gpsd.socket) @$(call install_link, gpsd, ../gpsd.socket, \ /usr/lib/systemd/system/sockets.target.wants/gpsd.socket) ifdef PTXCONF_GPSD_GPSDCTL - @$(call install_alternative, gpsd, 0, 0, 644, \ + @$(call install_alternative, gpsd, 0, 0, 0644, \ /usr/lib/systemd/system/gpsdctl@.service) endif endif diff --git a/rules/graphene.make b/rules/graphene.make index 10b285d995fc..650ab1233bce 100644 --- a/rules/graphene.make +++ b/rules/graphene.make @@ -61,7 +61,7 @@ $(STATEDIR)/graphene.targetinstall: @$(call install_lib, graphene, 0, 0, 0644, libgraphene-1.0) ifdef PTXCONF_GRAPHENE_INTROSPECTION - @$(call install_copy, graphene, 0, 0, 644, -, \ + @$(call install_copy, graphene, 0, 0, 0644, -, \ /usr/lib/girepository-1.0/Graphene-1.0.typelib) endif diff --git a/rules/gst-bayer2rgb-neon.make b/rules/gst-bayer2rgb-neon.make index 4bd003161bad..d81104aa0371 100644 --- a/rules/gst-bayer2rgb-neon.make +++ b/rules/gst-bayer2rgb-neon.make @@ -49,7 +49,7 @@ $(STATEDIR)/gst-bayer2rgb-neon.targetinstall: @$(call install_fixup, gst-bayer2rgb-neon,AUTHOR,"Marian Cichy <m.cichy@pengutronix.de>") @$(call install_fixup, gst-bayer2rgb-neon,DESCRIPTION,missing) - @$(call install_lib, gst-bayer2rgb-neon, 0, 0, 644, \ + @$(call install_lib, gst-bayer2rgb-neon, 0, 0, 0644, \ gstreamer-1.0/gstbayer2rgbneon) @$(call install_finish, gst-bayer2rgb-neon) diff --git a/rules/gst-rtsp-server1.make b/rules/gst-rtsp-server1.make index bb57abd5dd4b..0bcce05322ca 100644 --- a/rules/gst-rtsp-server1.make +++ b/rules/gst-rtsp-server1.make @@ -53,7 +53,7 @@ $(STATEDIR)/gst-rtsp-server1.targetinstall: @$(call install_lib, gst-rtsp-server1, 0, 0, 0644, libgstrtspserver-1.0) @$(call install_lib, gst-rtsp-server1, 0, 0, 0644, gstreamer-1.0/libgstrtspclientsink) ifdef PTXCONF_GSTREAMER1_INTROSPECTION - @$(call install_copy, gst-rtsp-server1, 0, 0, 644, -, \ + @$(call install_copy, gst-rtsp-server1, 0, 0, 0644, -, \ /usr/lib/girepository-1.0/GstRtspServer-1.0.typelib) endif diff --git a/rules/gst-validate1.make b/rules/gst-validate1.make index 41887f014a69..bfdb7efb86bd 100644 --- a/rules/gst-validate1.make +++ b/rules/gst-validate1.make @@ -89,7 +89,7 @@ $(STATEDIR)/gst-validate1.targetinstall: /usr/share/gstreamer-1.0/validate/scenarios) ifdef PTXCONF_GSTREAMER1_INTROSPECTION - @$(call install_copy, gst-validate1, 0, 0, 644, -, \ + @$(call install_copy, gst-validate1, 0, 0, 0644, -, \ /usr/lib/girepository-1.0/GstValidate-1.0.typelib) endif diff --git a/rules/intel-gmmlib.make b/rules/intel-gmmlib.make index 134efdf5d288..54c652de646a 100644 --- a/rules/intel-gmmlib.make +++ b/rules/intel-gmmlib.make @@ -48,7 +48,7 @@ $(STATEDIR)/intel-gmmlib.targetinstall: @$(call install_fixup, intel-gmmlib,AUTHOR,"Michael Olbrich <m.olbrich@pengutronix.de>") @$(call install_fixup, intel-gmmlib,DESCRIPTION,missing) - @$(call install_lib, intel-gmmlib, 0, 0, 644, libigdgmm) + @$(call install_lib, intel-gmmlib, 0, 0, 0644, libigdgmm) @$(call install_finish, intel-gmmlib) diff --git a/rules/libpaper.make b/rules/libpaper.make index b6ab2a71c9f1..ccd57cbf7d5c 100644 --- a/rules/libpaper.make +++ b/rules/libpaper.make @@ -56,10 +56,10 @@ $(STATEDIR)/libpaper.targetinstall: @$(call install_lib, libpaper, 0, 0, 0644, libpaper) ifdef PTXCONF_LIBPAPER_PAPERCONFIG - @$(call install_copy, libpaper, 0, 0, 755, -, /usr/sbin/paperconfig) + @$(call install_copy, libpaper, 0, 0, 0755, -, /usr/sbin/paperconfig) endif ifdef PTXCONF_LIBPAPER_PAPERCONF - @$(call install_copy, libpaper, 0, 0, 755, -, /usr/bin/paperconf) + @$(call install_copy, libpaper, 0, 0, 0755, -, /usr/bin/paperconf) endif @$(call install_finish, libpaper) diff --git a/rules/libsrtp.make b/rules/libsrtp.make index 85d3d5766749..d6dd1d9243dd 100644 --- a/rules/libsrtp.make +++ b/rules/libsrtp.make @@ -53,7 +53,7 @@ $(STATEDIR)/libsrtp.targetinstall: @$(call install_fixup, libsrtp,AUTHOR,"Michael Olbrich <m.olbrich@pengutronix.de>") @$(call install_fixup, libsrtp,DESCRIPTION,missing) - @$(call install_lib, libsrtp, 0, 0, 644, libsrtp2) + @$(call install_lib, libsrtp, 0, 0, 0644, libsrtp2) @$(call install_finish, libsrtp) diff --git a/rules/pango.make b/rules/pango.make index cece8ab9bf33..e6deb92c9eaf 100644 --- a/rules/pango.make +++ b/rules/pango.make @@ -52,7 +52,7 @@ $(STATEDIR)/pango.targetinstall: @$(call install_lib, pango, 0, 0, 0644, libpangoft2-1.0) @$(call install_lib, pango, 0, 0, 0644, libpangocairo-1.0) ifdef PTXCONF_PANGO_INTROSPECTION - @$(call install_copy, pango, 0, 0, 644, -, \ + @$(call install_copy, pango, 0, 0, 0644, -, \ /usr/lib/girepository-1.0/Pango-1.0.typelib) endif diff --git a/rules/piglit.make b/rules/piglit.make index 9ff721feb548..1f000cd467b0 100644 --- a/rules/piglit.make +++ b/rules/piglit.make @@ -56,7 +56,7 @@ $(STATEDIR)/piglit.targetinstall: @$(call install_fixup, piglit,AUTHOR,"Lucas Stach <l.stach@pengutronix.de>") @$(call install_fixup, piglit,DESCRIPTION,missing) - @$(call install_copy, piglit, 0, 0, 755, -, /usr/bin/piglit) + @$(call install_copy, piglit, 0, 0, 0755, -, /usr/bin/piglit) @$(call install_tree, piglit, 0, 0, -, /usr/lib/piglit, n) @$(call install_finish, piglit) diff --git a/rules/polkit.make b/rules/polkit.make index ac9b49e45ff2..4fa8d9c0edb1 100644 --- a/rules/polkit.make +++ b/rules/polkit.make @@ -101,7 +101,7 @@ endif /usr/libexec/polkit-agent-helper-1) # run-time - @$(call install_copy, polkit, 0, 0, 700, /var/lib/polkit-1) + @$(call install_copy, polkit, 0, 0, 0700, /var/lib/polkit-1) @$(call install_finish, polkit) diff --git a/rules/python.make b/rules/python.make index 61642cf14069..6bb9ae8fda46 100644 --- a/rules/python.make +++ b/rules/python.make @@ -192,12 +192,12 @@ $(STATEDIR)/python.targetinstall: $(PYTHON_SKIP_LIST) \ -a \( -name "*.so" -o -name "*.pyc" \) | \ while read file; do \ - $(call install_copy, python, 0, 0, 644, -, $${file##.}); \ + $(call install_copy, python, 0, 0, 0644, -, $${file##.}); \ done - @$(call install_copy, python, 0, 0, 755, -, /usr/bin/python$(PYTHON_MAJORMINOR)) + @$(call install_copy, python, 0, 0, 0755, -, /usr/bin/python$(PYTHON_MAJORMINOR)) @$(call install_link, python, python$(PYTHON_MAJORMINOR), /usr/bin/python2) - @$(call install_lib, python, 0, 0, 644, libpython$(PYTHON_MAJORMINOR)) + @$(call install_lib, python, 0, 0, 0644, libpython$(PYTHON_MAJORMINOR)) ifdef PTXCONF_PYTHON_SYMLINK @$(call install_link, python, python$(PYTHON_MAJORMINOR), /usr/bin/python) diff --git a/rules/python3.make b/rules/python3.make index 7cb24f0859cd..db4abd0718f9 100644 --- a/rules/python3.make +++ b/rules/python3.make @@ -164,11 +164,11 @@ $(STATEDIR)/python3.targetinstall: @$(call install_glob, python3, 0, 0, -, /usr/lib/python$(PYTHON3_MAJORMINOR), \ *.so *.pyc *.whl, */test */tests */__pycache__ $(PYTHON3_SKIP-y)) - @$(call install_copy, python3, 0, 0, 755, -, /usr/bin/python$(PYTHON3_MAJORMINOR)) + @$(call install_copy, python3, 0, 0, 0755, -, /usr/bin/python$(PYTHON3_MAJORMINOR)) @$(call install_link, python3, python$(PYTHON3_MAJORMINOR), /usr/bin/python3) - @$(call install_lib, python3, 0, 0, 644, libpython$(PYTHON3_MAJORMINOR)m) + @$(call install_lib, python3, 0, 0, 0644, libpython$(PYTHON3_MAJORMINOR)m) - @$(call install_copy, python3, 0, 0, 644, -, /usr/lib/python$(PYTHON3_MAJORMINOR)/venv/scripts/common/activate) + @$(call install_copy, python3, 0, 0, 0644, -, /usr/lib/python$(PYTHON3_MAJORMINOR)/venv/scripts/common/activate) ifdef PTXCONF_PYTHON3_SYMLINK @$(call install_link, python3, python$(PYTHON3_MAJORMINOR), /usr/bin/python) diff --git a/rules/sdl2-test.make b/rules/sdl2-test.make index 28a08dc30cea..5c92ebf6b583 100644 --- a/rules/sdl2-test.make +++ b/rules/sdl2-test.make @@ -157,11 +157,11 @@ $(STATEDIR)/sdl2-test.targetinstall: @$(call install_fixup, sdl2-test,DESCRIPTION,missing) @$(foreach file, $(SDL2_TEST_TOOLS), \ - $(call install_copy, sdl2-test, 0, 0, 755, -, \ + $(call install_copy, sdl2-test, 0, 0, 0755, -, \ /usr/bin/sdl2tests/$(file))$(ptx/nl)) @$(foreach file, $(SDL2_TEST_DATA), \ - $(call install_copy, sdl2-test, 0, 0, 644, -, \ + $(call install_copy, sdl2-test, 0, 0, 0644, -, \ /usr/bin/sdl2tests/$(file))$(ptx/nl)) @$(call install_finish, sdl2-test) diff --git a/rules/strongswan.make b/rules/strongswan.make index dddf8875474b..59de1cfdb714 100644 --- a/rules/strongswan.make +++ b/rules/strongswan.make @@ -311,19 +311,19 @@ ifdef PTXCONF_STRONGSWAN_SWANCTL @$(call install_lib, strongswan, 0, 0, 0644, libvici) @$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d) @$(call install_alternative, strongswan, 0, 0, 0644, /etc/swanctl/swanctl.conf) - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/bliss) - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/ecdsa) - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs12) - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs8) - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/private) - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/pubkey) - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/rsa) - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509) - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509aa) - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ac) - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ca) - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509crl) - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ocsp) + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/bliss) + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/ecdsa) + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/pkcs12) + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/pkcs8) + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/private) + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/pubkey) + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/rsa) + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509) + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509aa) + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509ac) + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509ca) + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509crl) + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509ocsp) endif @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts) diff --git a/rules/sudo.make b/rules/sudo.make index 985ab87683f9..eb65060a7831 100644 --- a/rules/sudo.make +++ b/rules/sudo.make @@ -133,11 +133,11 @@ $(STATEDIR)/sudo.targetinstall: ifdef PTXCONF_SUDO_INSTALL_ETC_SUDOERS @$(call install_alternative, sudo, 0, 0, 0440, /etc/sudoers, n) - @$(call install_copy, sudo, 0, 0, 755, /etc/sudoers.d) + @$(call install_copy, sudo, 0, 0, 0755, /etc/sudoers.d) endif ifdef PTXCONF_SUDO_INSTALL_VISUDO - @$(call install_copy, sudo, 0, 0, 755, -, /usr/sbin/visudo) + @$(call install_copy, sudo, 0, 0, 0755, -, /usr/sbin/visudo) endif @$(call install_finish, sudo) diff --git a/rules/systemd.make b/rules/systemd.make index 0a0f52adedfd..61e538f07bc6 100644 --- a/rules/systemd.make +++ b/rules/systemd.make @@ -344,7 +344,7 @@ $(STATEDIR)/systemd.targetinstall: @$(call install_tree, systemd, 0, 0, -, /usr/lib/systemd/system-generators/) @$(foreach helper, $(SYSTEMD_HELPER), \ - $(call install_copy, systemd, 0, 0, 755, -, \ + $(call install_copy, systemd, 0, 0, 0755, -, \ /usr/lib/systemd/$(helper));) # # configuration diff --git a/rules/templates/template-kernel-make b/rules/templates/template-kernel-make index 73b39d0db718..a1e993896183 100644 --- a/rules/templates/template-kernel-make +++ b/rules/templates/template-kernel-make @@ -74,7 +74,7 @@ endif KERNEL_@PACKAGE@_MAKE_OPT := \ $(KERNEL_@PACKAGE@_SHARED_OPT) \ - @image@ modules + $(KERNEL_@PACKAGE@_IMAGES) modules # ---------------------------------------------------------------------------- # Install diff --git a/rules/xorg-font-ttf-caladea.make b/rules/xorg-font-ttf-caladea.make index 61b22f8b5865..4d13ea88811d 100644 --- a/rules/xorg-font-ttf-caladea.make +++ b/rules/xorg-font-ttf-caladea.make @@ -56,9 +56,9 @@ $(STATEDIR)/xorg-font-ttf-caladea.targetinstall: @$(call install_fixup, xorg-font-ttf-caladea,AUTHOR,"Michael Olbrich <m.olbrich@pengutronix.de>") @$(call install_fixup, xorg-font-ttf-caladea,DESCRIPTION,missing) - @$(call install_alternative, xorg-font-ttf-caladea, 0, 0, 644, \ + @$(call install_alternative, xorg-font-ttf-caladea, 0, 0, 0644, \ /etc/fonts/conf.d/30-0-google-crosextra-caladea-fontconfig.conf) - @$(call install_alternative, xorg-font-ttf-caladea, 0, 0, 644, \ + @$(call install_alternative, xorg-font-ttf-caladea, 0, 0, 0644, \ /etc/fonts/conf.d/62-google-crosextra-caladea-fontconfig.conf) @$(call install_tree, xorg-font-ttf-caladea, 0, 0, -, /usr) diff --git a/rules/xorg-font-ttf-carlito.make b/rules/xorg-font-ttf-carlito.make index a493c03c85df..d82a0d0d7c06 100644 --- a/rules/xorg-font-ttf-carlito.make +++ b/rules/xorg-font-ttf-carlito.make @@ -56,9 +56,9 @@ $(STATEDIR)/xorg-font-ttf-carlito.targetinstall: @$(call install_fixup, xorg-font-ttf-carlito,AUTHOR,"Michael Olbrich <m.olbrich@pengutronix.de>") @$(call install_fixup, xorg-font-ttf-carlito,DESCRIPTION,missing) - @$(call install_alternative, xorg-font-ttf-carlito, 0, 0, 644, \ + @$(call install_alternative, xorg-font-ttf-carlito, 0, 0, 0644, \ /etc/fonts/conf.d/30-0-google-crosextra-carlito-fontconfig.conf) - @$(call install_alternative, xorg-font-ttf-carlito, 0, 0, 644, \ + @$(call install_alternative, xorg-font-ttf-carlito, 0, 0, 0644, \ /etc/fonts/conf.d/62-google-crosextra-carlito-fontconfig.conf) @$(call install_tree, xorg-font-ttf-carlito, 0, 0, -, /usr) -- 2.28.0 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [ptxdist] [PATCH 2/2] rules: explicitly specify sticky/setuid/setgid bits for install_* macros 2020-08-19 10:51 ` [ptxdist] [PATCH 2/2] rules: explicitly specify sticky/setuid/setgid bits for install_* macros Roland Hieber @ 2020-08-19 10:55 ` Roland Hieber 0 siblings, 0 replies; 16+ messages in thread From: Roland Hieber @ 2020-08-19 10:55 UTC (permalink / raw) To: ptxdist; +Cc: Alexander Dahl On Wed, Aug 19, 2020 at 12:51:18PM +0200, Roland Hieber wrote: > Until now the bits were implied to be 0, but we should be specific here. > All other packages already use the four-digit variant. > > These instances were found by using: > > git grep -e 'call install_\(alternative\|copy\|lib\), [^,]\+, [^,]\+, [^,]\+, [0-9][0-9][0-9][^0-9]' > > Signed-off-by: Roland Hieber <rhi@pengutronix.de> > --- > > On Wed, Aug 19, 2020 at 12:47:22PM +0200, Roland Hieber wrote: > > On Tue, Aug 18, 2020 at 12:35:32PM +0200, Alexander Dahl wrote: > > > rules/sudo.make | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/rules/sudo.make b/rules/sudo.make > > > index 985ab8768..dd8c1bb67 100644 > > > --- a/rules/sudo.make > > > +++ b/rules/sudo.make > > > @@ -133,7 +133,7 @@ $(STATEDIR)/sudo.targetinstall: > > > > > > ifdef PTXCONF_SUDO_INSTALL_ETC_SUDOERS > > > @$(call install_alternative, sudo, 0, 0, 0440, /etc/sudoers, n) > > > - @$(call install_copy, sudo, 0, 0, 755, /etc/sudoers.d) > > > + @$(call install_copy, sudo, 0, 0, 0755, /etc/sudoers.d) > > > > Huh, there are a lot of other instances of install_copy where the > > three-digit variant is used… I guess we should fix them once for all. > > I just took the liberty :-) > > > rules/busybox.make | 4 ++-- > rules/cog.make | 4 ++-- > rules/cups.make | 2 +- > rules/flex.make | 2 +- > rules/gpsd.make | 6 +++--- > rules/graphene.make | 2 +- > rules/gst-bayer2rgb-neon.make | 2 +- > rules/gst-rtsp-server1.make | 2 +- > rules/gst-validate1.make | 2 +- > rules/intel-gmmlib.make | 2 +- > rules/libpaper.make | 4 ++-- > rules/libsrtp.make | 2 +- > rules/pango.make | 2 +- > rules/piglit.make | 2 +- > rules/polkit.make | 2 +- > rules/python.make | 6 +++--- > rules/python3.make | 6 +++--- > rules/sdl2-test.make | 4 ++-- > rules/strongswan.make | 26 +++++++++++++------------- > rules/sudo.make | 4 ++-- > rules/systemd.make | 2 +- > rules/templates/template-kernel-make | 2 +- Hmm, this one was not supposed to be in there. Also I just noticed that Alex's patch was already applied, so let me rebase this. - Roland > rules/xorg-font-ttf-caladea.make | 4 ++-- > rules/xorg-font-ttf-carlito.make | 4 ++-- > 24 files changed, 49 insertions(+), 49 deletions(-) -- Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de | Steuerwalder Str. 21 | https://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 16+ messages in thread
* [ptxdist] [PATCH v2 1/2] doc: ref_make_macros: make clear that permission should be four digits 2020-08-19 10:51 ` [ptxdist] [PATCH 1/2] doc: ref_make_macros: make clear that permission should be four digits Roland Hieber 2020-08-19 10:51 ` [ptxdist] [PATCH 2/2] rules: explicitly specify sticky/setuid/setgid bits for install_* macros Roland Hieber @ 2020-08-19 10:59 ` Roland Hieber 2020-08-19 10:59 ` [ptxdist] [PATCH v2 2/2] rules: explicitly specify sticky/setuid/setgid bits for install_* macros Roland Hieber ` (2 more replies) 1 sibling, 3 replies; 16+ messages in thread From: Roland Hieber @ 2020-08-19 10:59 UTC (permalink / raw) To: ptxdist; +Cc: Roland Hieber Three octal digits are not enough, we must also respect the sticky/setuid/setgid bits. Even if these are mostly implied to be 0, we should be explicit here. This should also help to prevent permission clashes when more than one packages install the same directory. Signed-off-by: Roland Hieber <rhi@pengutronix.de> --- * v2: unchanged doc/ref_make_macros.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/ref_make_macros.rst b/doc/ref_make_macros.rst index 6f056adf3e7d..ae65cb9408cf 100644 --- a/doc/ref_make_macros.rst +++ b/doc/ref_make_macros.rst @@ -173,7 +173,7 @@ Some of the parameters have fixed meanings: **<GID>** Group ID the file should use in the target's root filesystem **<permission>** - Permission (in an octal value) the file should use in the target's root filesystem + Permission (as a four-digit octal value) the file should use in the target's root filesystem The remaining parameters vary with the use case: @@ -384,7 +384,7 @@ The base parameters and their meanings: **<GID>** Group ID the file should use in the target's root filesystem **<permission>** - Permission (in an octal value) the file should use in the target's root filesystem + Permission (as a four-digit octal value) the file should use in the target's root filesystem The parameter <destination> is meant as an absolute path and filename in target's root filesystem. PTXdist searches for the source @@ -581,7 +581,7 @@ The parameters and their meanings: **<GID>** Group ID the directories and files should use in the target's root filesystem **<permission>** - Permission (as an octal value) the library should use in the target's root + Permission (as a four-digit octal value) the library should use in the target's root filesystem (mostly 0644) **<libname>** Basename of the library without any extension and path -- 2.28.0 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 16+ messages in thread
* [ptxdist] [PATCH v2 2/2] rules: explicitly specify sticky/setuid/setgid bits for install_* macros 2020-08-19 10:59 ` [ptxdist] [PATCH v2 1/2] doc: ref_make_macros: make clear that permission should be four digits Roland Hieber @ 2020-08-19 10:59 ` Roland Hieber 2020-09-04 17:01 ` [ptxdist] [APPLIED] " Michael Olbrich 2020-08-19 11:04 ` [ptxdist] [PATCH v2 1/2] doc: ref_make_macros: make clear that permission should be four digits Alexander Dahl 2020-09-04 17:01 ` [ptxdist] [APPLIED] " Michael Olbrich 2 siblings, 1 reply; 16+ messages in thread From: Roland Hieber @ 2020-08-19 10:59 UTC (permalink / raw) To: ptxdist; +Cc: Roland Hieber Until now the bits were implied to be 0, but we should be specific here. All other packages already use the four-digit variant. These instances were found by using: git grep -e 'call install_\(alternative\|copy\|lib\), [^,]\+, [^,]\+, [^,]\+, [0-9][0-9][0-9][^0-9]' Signed-off-by: Roland Hieber <rhi@pengutronix.de> --- v2: - remove acidentally included kernel package template - rebase onto master; still one instance left in sudo.make rules/busybox.make | 4 ++-- rules/cog.make | 4 ++-- rules/cups.make | 2 +- rules/flex.make | 2 +- rules/gpsd.make | 6 +++--- rules/graphene.make | 2 +- rules/gst-bayer2rgb-neon.make | 2 +- rules/gst-rtsp-server1.make | 2 +- rules/gst-validate1.make | 2 +- rules/intel-gmmlib.make | 2 +- rules/libpaper.make | 4 ++-- rules/libsrtp.make | 2 +- rules/pango.make | 2 +- rules/piglit.make | 2 +- rules/polkit.make | 2 +- rules/python.make | 6 +++--- rules/python3.make | 6 +++--- rules/sdl2-test.make | 4 ++-- rules/strongswan.make | 26 +++++++++++++------------- rules/sudo.make | 2 +- rules/systemd.make | 2 +- rules/xorg-font-ttf-caladea.make | 4 ++-- rules/xorg-font-ttf-carlito.make | 4 ++-- 23 files changed, 47 insertions(+), 47 deletions(-) diff --git a/rules/busybox.make b/rules/busybox.make index 9870414d0b32..d5d6aa6c2e8b 100644 --- a/rules/busybox.make +++ b/rules/busybox.make @@ -112,7 +112,7 @@ ifdef PTXCONF_BUSYBOX_FEATURE_INDIVIDUAL @$(call install_lib, busybox, 0, 0, 0644, libbusybox) @cat $(BUSYBOX_PKGDIR)/etc/busybox.links | while read link; do \ - $(call install_copy, busybox, 0, 0, 755, \ + $(call install_copy, busybox, 0, 0, 0755, \ "$(BUSYBOX_PKGDIR)/usr/lib/busybox/$${link##*/}", "/usr$${link}"); \ done else @@ -125,7 +125,7 @@ ifdef PTXCONF_BUSYBOX_FEATURE_SUID_CONFIG @$(call install_alternative, busybox, 0, 0, 0644, /etc/busybox.conf) endif else - @$(call install_copy, busybox, 0, 0, 755, -, /usr/bin/busybox) + @$(call install_copy, busybox, 0, 0, 0755, -, /usr/bin/busybox) endif @cat $(BUSYBOX_PKGDIR)/etc/busybox.links | while read link; do \ case "$${link}" in \ diff --git a/rules/cog.make b/rules/cog.make index a0587a8d501a..e0e0707b647c 100644 --- a/rules/cog.make +++ b/rules/cog.make @@ -61,8 +61,8 @@ $(STATEDIR)/cog.targetinstall: @$(call install_fixup, cog,DESCRIPTION,"WPE launcher and webapp container") @$(call install_copy, cog, 0, 0, 0755, -, /usr/bin/cog) - @$(call install_lib, cog, 0, 0, 644, libcogplatform-fdo) - @$(call install_lib, cog, 0, 0, 644, libcogcore) + @$(call install_lib, cog, 0, 0, 0644, libcogplatform-fdo) + @$(call install_lib, cog, 0, 0, 0644, libcogcore) @$(call install_finish, cog) diff --git a/rules/cups.make b/rules/cups.make index 297fe37e41ce..88d7e2e86f25 100644 --- a/rules/cups.make +++ b/rules/cups.make @@ -134,7 +134,7 @@ $(STATEDIR)/cups.targetinstall: @$(call install_fixup, cups,DESCRIPTION,missing) # ----- config files, install as daemon:lp - @$(call install_copy, cups, daemon, lp, 750, /etc/cups) + @$(call install_copy, cups, daemon, lp, 0750, /etc/cups) @$(call install_alternative, cups, daemon, lp, 0640, /etc/cups/cups-files.conf) @$(call install_alternative, cups, daemon, lp, 0640, /etc/cups/cupsd.conf) @$(call install_alternative, cups, daemon, lp, 0600, /etc/cups/classes.conf) diff --git a/rules/flex.make b/rules/flex.make index 06ddd9f1c808..6bf4682a05f2 100644 --- a/rules/flex.make +++ b/rules/flex.make @@ -49,7 +49,7 @@ $(STATEDIR)/flex.targetinstall: @$(call install_fixup, flex,AUTHOR,"Marc Kleine-Budde <mkl@pengutronix.de>") @$(call install_fixup, flex,DESCRIPTION,missing) - @$(call install_lib, flex, 0, 0, 644, libfl) + @$(call install_lib, flex, 0, 0, 0644, libfl) @$(call install_finish, flex) diff --git a/rules/gpsd.make b/rules/gpsd.make index 8d14dee809dd..0bda35d91e40 100644 --- a/rules/gpsd.make +++ b/rules/gpsd.make @@ -164,19 +164,19 @@ ifdef PTXCONF_GPSD_GPSDCTL @$(call install_copy, gpsd, 0, 0, 0755, -, /usr/sbin/gpsdctl) endif ifdef PTXCONF_GPSD_SYSTEMD_UNIT - @$(call install_alternative, gpsd, 0, 0, 644, \ + @$(call install_alternative, gpsd, 0, 0, 0644, \ /usr/lib/systemd/system/gpsd.service) @$(call install_replace, gpsd, \ /usr/lib/systemd/system/gpsd.service, \ @ARGS@, $(PTXCONF_GPSD_GPSD_ARGS)) @$(call install_link, gpsd, ../gpsd.service, \ /usr/lib/systemd/system/multi-user.target.wants/gpsd.service) - @$(call install_alternative, gpsd, 0, 0, 644, \ + @$(call install_alternative, gpsd, 0, 0, 0644, \ /usr/lib/systemd/system/gpsd.socket) @$(call install_link, gpsd, ../gpsd.socket, \ /usr/lib/systemd/system/sockets.target.wants/gpsd.socket) ifdef PTXCONF_GPSD_GPSDCTL - @$(call install_alternative, gpsd, 0, 0, 644, \ + @$(call install_alternative, gpsd, 0, 0, 0644, \ /usr/lib/systemd/system/gpsdctl@.service) endif endif diff --git a/rules/graphene.make b/rules/graphene.make index 10b285d995fc..650ab1233bce 100644 --- a/rules/graphene.make +++ b/rules/graphene.make @@ -61,7 +61,7 @@ $(STATEDIR)/graphene.targetinstall: @$(call install_lib, graphene, 0, 0, 0644, libgraphene-1.0) ifdef PTXCONF_GRAPHENE_INTROSPECTION - @$(call install_copy, graphene, 0, 0, 644, -, \ + @$(call install_copy, graphene, 0, 0, 0644, -, \ /usr/lib/girepository-1.0/Graphene-1.0.typelib) endif diff --git a/rules/gst-bayer2rgb-neon.make b/rules/gst-bayer2rgb-neon.make index 4bd003161bad..d81104aa0371 100644 --- a/rules/gst-bayer2rgb-neon.make +++ b/rules/gst-bayer2rgb-neon.make @@ -49,7 +49,7 @@ $(STATEDIR)/gst-bayer2rgb-neon.targetinstall: @$(call install_fixup, gst-bayer2rgb-neon,AUTHOR,"Marian Cichy <m.cichy@pengutronix.de>") @$(call install_fixup, gst-bayer2rgb-neon,DESCRIPTION,missing) - @$(call install_lib, gst-bayer2rgb-neon, 0, 0, 644, \ + @$(call install_lib, gst-bayer2rgb-neon, 0, 0, 0644, \ gstreamer-1.0/gstbayer2rgbneon) @$(call install_finish, gst-bayer2rgb-neon) diff --git a/rules/gst-rtsp-server1.make b/rules/gst-rtsp-server1.make index bb57abd5dd4b..0bcce05322ca 100644 --- a/rules/gst-rtsp-server1.make +++ b/rules/gst-rtsp-server1.make @@ -53,7 +53,7 @@ $(STATEDIR)/gst-rtsp-server1.targetinstall: @$(call install_lib, gst-rtsp-server1, 0, 0, 0644, libgstrtspserver-1.0) @$(call install_lib, gst-rtsp-server1, 0, 0, 0644, gstreamer-1.0/libgstrtspclientsink) ifdef PTXCONF_GSTREAMER1_INTROSPECTION - @$(call install_copy, gst-rtsp-server1, 0, 0, 644, -, \ + @$(call install_copy, gst-rtsp-server1, 0, 0, 0644, -, \ /usr/lib/girepository-1.0/GstRtspServer-1.0.typelib) endif diff --git a/rules/gst-validate1.make b/rules/gst-validate1.make index 41887f014a69..bfdb7efb86bd 100644 --- a/rules/gst-validate1.make +++ b/rules/gst-validate1.make @@ -89,7 +89,7 @@ $(STATEDIR)/gst-validate1.targetinstall: /usr/share/gstreamer-1.0/validate/scenarios) ifdef PTXCONF_GSTREAMER1_INTROSPECTION - @$(call install_copy, gst-validate1, 0, 0, 644, -, \ + @$(call install_copy, gst-validate1, 0, 0, 0644, -, \ /usr/lib/girepository-1.0/GstValidate-1.0.typelib) endif diff --git a/rules/intel-gmmlib.make b/rules/intel-gmmlib.make index 134efdf5d288..54c652de646a 100644 --- a/rules/intel-gmmlib.make +++ b/rules/intel-gmmlib.make @@ -48,7 +48,7 @@ $(STATEDIR)/intel-gmmlib.targetinstall: @$(call install_fixup, intel-gmmlib,AUTHOR,"Michael Olbrich <m.olbrich@pengutronix.de>") @$(call install_fixup, intel-gmmlib,DESCRIPTION,missing) - @$(call install_lib, intel-gmmlib, 0, 0, 644, libigdgmm) + @$(call install_lib, intel-gmmlib, 0, 0, 0644, libigdgmm) @$(call install_finish, intel-gmmlib) diff --git a/rules/libpaper.make b/rules/libpaper.make index b6ab2a71c9f1..ccd57cbf7d5c 100644 --- a/rules/libpaper.make +++ b/rules/libpaper.make @@ -56,10 +56,10 @@ $(STATEDIR)/libpaper.targetinstall: @$(call install_lib, libpaper, 0, 0, 0644, libpaper) ifdef PTXCONF_LIBPAPER_PAPERCONFIG - @$(call install_copy, libpaper, 0, 0, 755, -, /usr/sbin/paperconfig) + @$(call install_copy, libpaper, 0, 0, 0755, -, /usr/sbin/paperconfig) endif ifdef PTXCONF_LIBPAPER_PAPERCONF - @$(call install_copy, libpaper, 0, 0, 755, -, /usr/bin/paperconf) + @$(call install_copy, libpaper, 0, 0, 0755, -, /usr/bin/paperconf) endif @$(call install_finish, libpaper) diff --git a/rules/libsrtp.make b/rules/libsrtp.make index 85d3d5766749..d6dd1d9243dd 100644 --- a/rules/libsrtp.make +++ b/rules/libsrtp.make @@ -53,7 +53,7 @@ $(STATEDIR)/libsrtp.targetinstall: @$(call install_fixup, libsrtp,AUTHOR,"Michael Olbrich <m.olbrich@pengutronix.de>") @$(call install_fixup, libsrtp,DESCRIPTION,missing) - @$(call install_lib, libsrtp, 0, 0, 644, libsrtp2) + @$(call install_lib, libsrtp, 0, 0, 0644, libsrtp2) @$(call install_finish, libsrtp) diff --git a/rules/pango.make b/rules/pango.make index cece8ab9bf33..e6deb92c9eaf 100644 --- a/rules/pango.make +++ b/rules/pango.make @@ -52,7 +52,7 @@ $(STATEDIR)/pango.targetinstall: @$(call install_lib, pango, 0, 0, 0644, libpangoft2-1.0) @$(call install_lib, pango, 0, 0, 0644, libpangocairo-1.0) ifdef PTXCONF_PANGO_INTROSPECTION - @$(call install_copy, pango, 0, 0, 644, -, \ + @$(call install_copy, pango, 0, 0, 0644, -, \ /usr/lib/girepository-1.0/Pango-1.0.typelib) endif diff --git a/rules/piglit.make b/rules/piglit.make index 9ff721feb548..1f000cd467b0 100644 --- a/rules/piglit.make +++ b/rules/piglit.make @@ -56,7 +56,7 @@ $(STATEDIR)/piglit.targetinstall: @$(call install_fixup, piglit,AUTHOR,"Lucas Stach <l.stach@pengutronix.de>") @$(call install_fixup, piglit,DESCRIPTION,missing) - @$(call install_copy, piglit, 0, 0, 755, -, /usr/bin/piglit) + @$(call install_copy, piglit, 0, 0, 0755, -, /usr/bin/piglit) @$(call install_tree, piglit, 0, 0, -, /usr/lib/piglit, n) @$(call install_finish, piglit) diff --git a/rules/polkit.make b/rules/polkit.make index ac9b49e45ff2..4fa8d9c0edb1 100644 --- a/rules/polkit.make +++ b/rules/polkit.make @@ -101,7 +101,7 @@ endif /usr/libexec/polkit-agent-helper-1) # run-time - @$(call install_copy, polkit, 0, 0, 700, /var/lib/polkit-1) + @$(call install_copy, polkit, 0, 0, 0700, /var/lib/polkit-1) @$(call install_finish, polkit) diff --git a/rules/python.make b/rules/python.make index 61642cf14069..6bb9ae8fda46 100644 --- a/rules/python.make +++ b/rules/python.make @@ -192,12 +192,12 @@ $(STATEDIR)/python.targetinstall: $(PYTHON_SKIP_LIST) \ -a \( -name "*.so" -o -name "*.pyc" \) | \ while read file; do \ - $(call install_copy, python, 0, 0, 644, -, $${file##.}); \ + $(call install_copy, python, 0, 0, 0644, -, $${file##.}); \ done - @$(call install_copy, python, 0, 0, 755, -, /usr/bin/python$(PYTHON_MAJORMINOR)) + @$(call install_copy, python, 0, 0, 0755, -, /usr/bin/python$(PYTHON_MAJORMINOR)) @$(call install_link, python, python$(PYTHON_MAJORMINOR), /usr/bin/python2) - @$(call install_lib, python, 0, 0, 644, libpython$(PYTHON_MAJORMINOR)) + @$(call install_lib, python, 0, 0, 0644, libpython$(PYTHON_MAJORMINOR)) ifdef PTXCONF_PYTHON_SYMLINK @$(call install_link, python, python$(PYTHON_MAJORMINOR), /usr/bin/python) diff --git a/rules/python3.make b/rules/python3.make index 7cb24f0859cd..db4abd0718f9 100644 --- a/rules/python3.make +++ b/rules/python3.make @@ -164,11 +164,11 @@ $(STATEDIR)/python3.targetinstall: @$(call install_glob, python3, 0, 0, -, /usr/lib/python$(PYTHON3_MAJORMINOR), \ *.so *.pyc *.whl, */test */tests */__pycache__ $(PYTHON3_SKIP-y)) - @$(call install_copy, python3, 0, 0, 755, -, /usr/bin/python$(PYTHON3_MAJORMINOR)) + @$(call install_copy, python3, 0, 0, 0755, -, /usr/bin/python$(PYTHON3_MAJORMINOR)) @$(call install_link, python3, python$(PYTHON3_MAJORMINOR), /usr/bin/python3) - @$(call install_lib, python3, 0, 0, 644, libpython$(PYTHON3_MAJORMINOR)m) + @$(call install_lib, python3, 0, 0, 0644, libpython$(PYTHON3_MAJORMINOR)m) - @$(call install_copy, python3, 0, 0, 644, -, /usr/lib/python$(PYTHON3_MAJORMINOR)/venv/scripts/common/activate) + @$(call install_copy, python3, 0, 0, 0644, -, /usr/lib/python$(PYTHON3_MAJORMINOR)/venv/scripts/common/activate) ifdef PTXCONF_PYTHON3_SYMLINK @$(call install_link, python3, python$(PYTHON3_MAJORMINOR), /usr/bin/python) diff --git a/rules/sdl2-test.make b/rules/sdl2-test.make index 28a08dc30cea..5c92ebf6b583 100644 --- a/rules/sdl2-test.make +++ b/rules/sdl2-test.make @@ -157,11 +157,11 @@ $(STATEDIR)/sdl2-test.targetinstall: @$(call install_fixup, sdl2-test,DESCRIPTION,missing) @$(foreach file, $(SDL2_TEST_TOOLS), \ - $(call install_copy, sdl2-test, 0, 0, 755, -, \ + $(call install_copy, sdl2-test, 0, 0, 0755, -, \ /usr/bin/sdl2tests/$(file))$(ptx/nl)) @$(foreach file, $(SDL2_TEST_DATA), \ - $(call install_copy, sdl2-test, 0, 0, 644, -, \ + $(call install_copy, sdl2-test, 0, 0, 0644, -, \ /usr/bin/sdl2tests/$(file))$(ptx/nl)) @$(call install_finish, sdl2-test) diff --git a/rules/strongswan.make b/rules/strongswan.make index dddf8875474b..59de1cfdb714 100644 --- a/rules/strongswan.make +++ b/rules/strongswan.make @@ -311,19 +311,19 @@ ifdef PTXCONF_STRONGSWAN_SWANCTL @$(call install_lib, strongswan, 0, 0, 0644, libvici) @$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d) @$(call install_alternative, strongswan, 0, 0, 0644, /etc/swanctl/swanctl.conf) - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/bliss) - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/ecdsa) - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs12) - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs8) - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/private) - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/pubkey) - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/rsa) - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509) - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509aa) - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ac) - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ca) - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509crl) - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ocsp) + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/bliss) + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/ecdsa) + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/pkcs12) + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/pkcs8) + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/private) + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/pubkey) + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/rsa) + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509) + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509aa) + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509ac) + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509ca) + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509crl) + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509ocsp) endif @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts) diff --git a/rules/sudo.make b/rules/sudo.make index dd8c1bb67bc4..eb65060a7831 100644 --- a/rules/sudo.make +++ b/rules/sudo.make @@ -137,7 +137,7 @@ ifdef PTXCONF_SUDO_INSTALL_ETC_SUDOERS endif ifdef PTXCONF_SUDO_INSTALL_VISUDO - @$(call install_copy, sudo, 0, 0, 755, -, /usr/sbin/visudo) + @$(call install_copy, sudo, 0, 0, 0755, -, /usr/sbin/visudo) endif @$(call install_finish, sudo) diff --git a/rules/systemd.make b/rules/systemd.make index 0a0f52adedfd..61e538f07bc6 100644 --- a/rules/systemd.make +++ b/rules/systemd.make @@ -344,7 +344,7 @@ $(STATEDIR)/systemd.targetinstall: @$(call install_tree, systemd, 0, 0, -, /usr/lib/systemd/system-generators/) @$(foreach helper, $(SYSTEMD_HELPER), \ - $(call install_copy, systemd, 0, 0, 755, -, \ + $(call install_copy, systemd, 0, 0, 0755, -, \ /usr/lib/systemd/$(helper));) # # configuration diff --git a/rules/xorg-font-ttf-caladea.make b/rules/xorg-font-ttf-caladea.make index 61b22f8b5865..4d13ea88811d 100644 --- a/rules/xorg-font-ttf-caladea.make +++ b/rules/xorg-font-ttf-caladea.make @@ -56,9 +56,9 @@ $(STATEDIR)/xorg-font-ttf-caladea.targetinstall: @$(call install_fixup, xorg-font-ttf-caladea,AUTHOR,"Michael Olbrich <m.olbrich@pengutronix.de>") @$(call install_fixup, xorg-font-ttf-caladea,DESCRIPTION,missing) - @$(call install_alternative, xorg-font-ttf-caladea, 0, 0, 644, \ + @$(call install_alternative, xorg-font-ttf-caladea, 0, 0, 0644, \ /etc/fonts/conf.d/30-0-google-crosextra-caladea-fontconfig.conf) - @$(call install_alternative, xorg-font-ttf-caladea, 0, 0, 644, \ + @$(call install_alternative, xorg-font-ttf-caladea, 0, 0, 0644, \ /etc/fonts/conf.d/62-google-crosextra-caladea-fontconfig.conf) @$(call install_tree, xorg-font-ttf-caladea, 0, 0, -, /usr) diff --git a/rules/xorg-font-ttf-carlito.make b/rules/xorg-font-ttf-carlito.make index a493c03c85df..d82a0d0d7c06 100644 --- a/rules/xorg-font-ttf-carlito.make +++ b/rules/xorg-font-ttf-carlito.make @@ -56,9 +56,9 @@ $(STATEDIR)/xorg-font-ttf-carlito.targetinstall: @$(call install_fixup, xorg-font-ttf-carlito,AUTHOR,"Michael Olbrich <m.olbrich@pengutronix.de>") @$(call install_fixup, xorg-font-ttf-carlito,DESCRIPTION,missing) - @$(call install_alternative, xorg-font-ttf-carlito, 0, 0, 644, \ + @$(call install_alternative, xorg-font-ttf-carlito, 0, 0, 0644, \ /etc/fonts/conf.d/30-0-google-crosextra-carlito-fontconfig.conf) - @$(call install_alternative, xorg-font-ttf-carlito, 0, 0, 644, \ + @$(call install_alternative, xorg-font-ttf-carlito, 0, 0, 0644, \ /etc/fonts/conf.d/62-google-crosextra-carlito-fontconfig.conf) @$(call install_tree, xorg-font-ttf-carlito, 0, 0, -, /usr) -- 2.28.0 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [ptxdist] [APPLIED] rules: explicitly specify sticky/setuid/setgid bits for install_* macros 2020-08-19 10:59 ` [ptxdist] [PATCH v2 2/2] rules: explicitly specify sticky/setuid/setgid bits for install_* macros Roland Hieber @ 2020-09-04 17:01 ` Michael Olbrich 0 siblings, 0 replies; 16+ messages in thread From: Michael Olbrich @ 2020-09-04 17:01 UTC (permalink / raw) To: ptxdist; +Cc: Roland Hieber Thanks, applied as 537dbdecfde24dfdba056d263025b411b8a0db05. Michael [sent from post-receive hook] On Fri, 04 Sep 2020 19:01:29 +0200, Roland Hieber <rhi@pengutronix.de> wrote: > Until now the bits were implied to be 0, but we should be specific here. > All other packages already use the four-digit variant. > > These instances were found by using: > > git grep -e 'call install_\(alternative\|copy\|lib\), [^,]\+, [^,]\+, [^,]\+, [0-9][0-9][0-9][^0-9]' > > Signed-off-by: Roland Hieber <rhi@pengutronix.de> > Message-Id: <20200819105909.21441-2-rhi@pengutronix.de> > Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> > > diff --git a/rules/busybox.make b/rules/busybox.make > index 9870414d0b32..d5d6aa6c2e8b 100644 > --- a/rules/busybox.make > +++ b/rules/busybox.make > @@ -112,7 +112,7 @@ ifdef PTXCONF_BUSYBOX_FEATURE_INDIVIDUAL > @$(call install_lib, busybox, 0, 0, 0644, libbusybox) > > @cat $(BUSYBOX_PKGDIR)/etc/busybox.links | while read link; do \ > - $(call install_copy, busybox, 0, 0, 755, \ > + $(call install_copy, busybox, 0, 0, 0755, \ > "$(BUSYBOX_PKGDIR)/usr/lib/busybox/$${link##*/}", "/usr$${link}"); \ > done > else > @@ -125,7 +125,7 @@ ifdef PTXCONF_BUSYBOX_FEATURE_SUID_CONFIG > @$(call install_alternative, busybox, 0, 0, 0644, /etc/busybox.conf) > endif > else > - @$(call install_copy, busybox, 0, 0, 755, -, /usr/bin/busybox) > + @$(call install_copy, busybox, 0, 0, 0755, -, /usr/bin/busybox) > endif > @cat $(BUSYBOX_PKGDIR)/etc/busybox.links | while read link; do \ > case "$${link}" in \ > diff --git a/rules/cog.make b/rules/cog.make > index a0587a8d501a..e0e0707b647c 100644 > --- a/rules/cog.make > +++ b/rules/cog.make > @@ -61,8 +61,8 @@ $(STATEDIR)/cog.targetinstall: > @$(call install_fixup, cog,DESCRIPTION,"WPE launcher and webapp container") > > @$(call install_copy, cog, 0, 0, 0755, -, /usr/bin/cog) > - @$(call install_lib, cog, 0, 0, 644, libcogplatform-fdo) > - @$(call install_lib, cog, 0, 0, 644, libcogcore) > + @$(call install_lib, cog, 0, 0, 0644, libcogplatform-fdo) > + @$(call install_lib, cog, 0, 0, 0644, libcogcore) > > @$(call install_finish, cog) > > diff --git a/rules/cups.make b/rules/cups.make > index 297fe37e41ce..88d7e2e86f25 100644 > --- a/rules/cups.make > +++ b/rules/cups.make > @@ -134,7 +134,7 @@ $(STATEDIR)/cups.targetinstall: > @$(call install_fixup, cups,DESCRIPTION,missing) > > # ----- config files, install as daemon:lp > - @$(call install_copy, cups, daemon, lp, 750, /etc/cups) > + @$(call install_copy, cups, daemon, lp, 0750, /etc/cups) > @$(call install_alternative, cups, daemon, lp, 0640, /etc/cups/cups-files.conf) > @$(call install_alternative, cups, daemon, lp, 0640, /etc/cups/cupsd.conf) > @$(call install_alternative, cups, daemon, lp, 0600, /etc/cups/classes.conf) > diff --git a/rules/flex.make b/rules/flex.make > index 2478c55056e1..2543b77881f8 100644 > --- a/rules/flex.make > +++ b/rules/flex.make > @@ -67,7 +67,7 @@ $(STATEDIR)/flex.targetinstall: > @$(call install_fixup, flex,AUTHOR,"Marc Kleine-Budde <mkl@pengutronix.de>") > @$(call install_fixup, flex,DESCRIPTION,missing) > > - @$(call install_lib, flex, 0, 0, 644, libfl) > + @$(call install_lib, flex, 0, 0, 0644, libfl) > > @$(call install_finish, flex) > > diff --git a/rules/gpsd.make b/rules/gpsd.make > index 8d14dee809dd..0bda35d91e40 100644 > --- a/rules/gpsd.make > +++ b/rules/gpsd.make > @@ -164,19 +164,19 @@ ifdef PTXCONF_GPSD_GPSDCTL > @$(call install_copy, gpsd, 0, 0, 0755, -, /usr/sbin/gpsdctl) > endif > ifdef PTXCONF_GPSD_SYSTEMD_UNIT > - @$(call install_alternative, gpsd, 0, 0, 644, \ > + @$(call install_alternative, gpsd, 0, 0, 0644, \ > /usr/lib/systemd/system/gpsd.service) > @$(call install_replace, gpsd, \ > /usr/lib/systemd/system/gpsd.service, \ > @ARGS@, $(PTXCONF_GPSD_GPSD_ARGS)) > @$(call install_link, gpsd, ../gpsd.service, \ > /usr/lib/systemd/system/multi-user.target.wants/gpsd.service) > - @$(call install_alternative, gpsd, 0, 0, 644, \ > + @$(call install_alternative, gpsd, 0, 0, 0644, \ > /usr/lib/systemd/system/gpsd.socket) > @$(call install_link, gpsd, ../gpsd.socket, \ > /usr/lib/systemd/system/sockets.target.wants/gpsd.socket) > ifdef PTXCONF_GPSD_GPSDCTL > - @$(call install_alternative, gpsd, 0, 0, 644, \ > + @$(call install_alternative, gpsd, 0, 0, 0644, \ > /usr/lib/systemd/system/gpsdctl@.service) > endif > endif > diff --git a/rules/graphene.make b/rules/graphene.make > index 10b285d995fc..650ab1233bce 100644 > --- a/rules/graphene.make > +++ b/rules/graphene.make > @@ -61,7 +61,7 @@ $(STATEDIR)/graphene.targetinstall: > > @$(call install_lib, graphene, 0, 0, 0644, libgraphene-1.0) > ifdef PTXCONF_GRAPHENE_INTROSPECTION > - @$(call install_copy, graphene, 0, 0, 644, -, \ > + @$(call install_copy, graphene, 0, 0, 0644, -, \ > /usr/lib/girepository-1.0/Graphene-1.0.typelib) > endif > > diff --git a/rules/gst-bayer2rgb-neon.make b/rules/gst-bayer2rgb-neon.make > index 4bd003161bad..d81104aa0371 100644 > --- a/rules/gst-bayer2rgb-neon.make > +++ b/rules/gst-bayer2rgb-neon.make > @@ -49,7 +49,7 @@ $(STATEDIR)/gst-bayer2rgb-neon.targetinstall: > @$(call install_fixup, gst-bayer2rgb-neon,AUTHOR,"Marian Cichy <m.cichy@pengutronix.de>") > @$(call install_fixup, gst-bayer2rgb-neon,DESCRIPTION,missing) > > - @$(call install_lib, gst-bayer2rgb-neon, 0, 0, 644, \ > + @$(call install_lib, gst-bayer2rgb-neon, 0, 0, 0644, \ > gstreamer-1.0/gstbayer2rgbneon) > @$(call install_finish, gst-bayer2rgb-neon) > > diff --git a/rules/gst-rtsp-server1.make b/rules/gst-rtsp-server1.make > index bb57abd5dd4b..0bcce05322ca 100644 > --- a/rules/gst-rtsp-server1.make > +++ b/rules/gst-rtsp-server1.make > @@ -53,7 +53,7 @@ $(STATEDIR)/gst-rtsp-server1.targetinstall: > @$(call install_lib, gst-rtsp-server1, 0, 0, 0644, libgstrtspserver-1.0) > @$(call install_lib, gst-rtsp-server1, 0, 0, 0644, gstreamer-1.0/libgstrtspclientsink) > ifdef PTXCONF_GSTREAMER1_INTROSPECTION > - @$(call install_copy, gst-rtsp-server1, 0, 0, 644, -, \ > + @$(call install_copy, gst-rtsp-server1, 0, 0, 0644, -, \ > /usr/lib/girepository-1.0/GstRtspServer-1.0.typelib) > endif > > diff --git a/rules/gst-validate1.make b/rules/gst-validate1.make > index 41887f014a69..bfdb7efb86bd 100644 > --- a/rules/gst-validate1.make > +++ b/rules/gst-validate1.make > @@ -89,7 +89,7 @@ $(STATEDIR)/gst-validate1.targetinstall: > /usr/share/gstreamer-1.0/validate/scenarios) > > ifdef PTXCONF_GSTREAMER1_INTROSPECTION > - @$(call install_copy, gst-validate1, 0, 0, 644, -, \ > + @$(call install_copy, gst-validate1, 0, 0, 0644, -, \ > /usr/lib/girepository-1.0/GstValidate-1.0.typelib) > endif > > diff --git a/rules/intel-gmmlib.make b/rules/intel-gmmlib.make > index 134efdf5d288..54c652de646a 100644 > --- a/rules/intel-gmmlib.make > +++ b/rules/intel-gmmlib.make > @@ -48,7 +48,7 @@ $(STATEDIR)/intel-gmmlib.targetinstall: > @$(call install_fixup, intel-gmmlib,AUTHOR,"Michael Olbrich <m.olbrich@pengutronix.de>") > @$(call install_fixup, intel-gmmlib,DESCRIPTION,missing) > > - @$(call install_lib, intel-gmmlib, 0, 0, 644, libigdgmm) > + @$(call install_lib, intel-gmmlib, 0, 0, 0644, libigdgmm) > > @$(call install_finish, intel-gmmlib) > > diff --git a/rules/libpaper.make b/rules/libpaper.make > index b6ab2a71c9f1..ccd57cbf7d5c 100644 > --- a/rules/libpaper.make > +++ b/rules/libpaper.make > @@ -56,10 +56,10 @@ $(STATEDIR)/libpaper.targetinstall: > @$(call install_lib, libpaper, 0, 0, 0644, libpaper) > > ifdef PTXCONF_LIBPAPER_PAPERCONFIG > - @$(call install_copy, libpaper, 0, 0, 755, -, /usr/sbin/paperconfig) > + @$(call install_copy, libpaper, 0, 0, 0755, -, /usr/sbin/paperconfig) > endif > ifdef PTXCONF_LIBPAPER_PAPERCONF > - @$(call install_copy, libpaper, 0, 0, 755, -, /usr/bin/paperconf) > + @$(call install_copy, libpaper, 0, 0, 0755, -, /usr/bin/paperconf) > endif > > @$(call install_finish, libpaper) > diff --git a/rules/libsrtp.make b/rules/libsrtp.make > index 85d3d5766749..d6dd1d9243dd 100644 > --- a/rules/libsrtp.make > +++ b/rules/libsrtp.make > @@ -53,7 +53,7 @@ $(STATEDIR)/libsrtp.targetinstall: > @$(call install_fixup, libsrtp,AUTHOR,"Michael Olbrich <m.olbrich@pengutronix.de>") > @$(call install_fixup, libsrtp,DESCRIPTION,missing) > > - @$(call install_lib, libsrtp, 0, 0, 644, libsrtp2) > + @$(call install_lib, libsrtp, 0, 0, 0644, libsrtp2) > > @$(call install_finish, libsrtp) > > diff --git a/rules/pango.make b/rules/pango.make > index cece8ab9bf33..e6deb92c9eaf 100644 > --- a/rules/pango.make > +++ b/rules/pango.make > @@ -52,7 +52,7 @@ $(STATEDIR)/pango.targetinstall: > @$(call install_lib, pango, 0, 0, 0644, libpangoft2-1.0) > @$(call install_lib, pango, 0, 0, 0644, libpangocairo-1.0) > ifdef PTXCONF_PANGO_INTROSPECTION > - @$(call install_copy, pango, 0, 0, 644, -, \ > + @$(call install_copy, pango, 0, 0, 0644, -, \ > /usr/lib/girepository-1.0/Pango-1.0.typelib) > endif > > diff --git a/rules/piglit.make b/rules/piglit.make > index 9ff721feb548..1f000cd467b0 100644 > --- a/rules/piglit.make > +++ b/rules/piglit.make > @@ -56,7 +56,7 @@ $(STATEDIR)/piglit.targetinstall: > @$(call install_fixup, piglit,AUTHOR,"Lucas Stach <l.stach@pengutronix.de>") > @$(call install_fixup, piglit,DESCRIPTION,missing) > > - @$(call install_copy, piglit, 0, 0, 755, -, /usr/bin/piglit) > + @$(call install_copy, piglit, 0, 0, 0755, -, /usr/bin/piglit) > @$(call install_tree, piglit, 0, 0, -, /usr/lib/piglit, n) > > @$(call install_finish, piglit) > diff --git a/rules/polkit.make b/rules/polkit.make > index ac9b49e45ff2..4fa8d9c0edb1 100644 > --- a/rules/polkit.make > +++ b/rules/polkit.make > @@ -101,7 +101,7 @@ endif > /usr/libexec/polkit-agent-helper-1) > > # run-time > - @$(call install_copy, polkit, 0, 0, 700, /var/lib/polkit-1) > + @$(call install_copy, polkit, 0, 0, 0700, /var/lib/polkit-1) > > @$(call install_finish, polkit) > > diff --git a/rules/python.make b/rules/python.make > index 61642cf14069..6bb9ae8fda46 100644 > --- a/rules/python.make > +++ b/rules/python.make > @@ -192,12 +192,12 @@ $(STATEDIR)/python.targetinstall: > $(PYTHON_SKIP_LIST) \ > -a \( -name "*.so" -o -name "*.pyc" \) | \ > while read file; do \ > - $(call install_copy, python, 0, 0, 644, -, $${file##.}); \ > + $(call install_copy, python, 0, 0, 0644, -, $${file##.}); \ > done > > - @$(call install_copy, python, 0, 0, 755, -, /usr/bin/python$(PYTHON_MAJORMINOR)) > + @$(call install_copy, python, 0, 0, 0755, -, /usr/bin/python$(PYTHON_MAJORMINOR)) > @$(call install_link, python, python$(PYTHON_MAJORMINOR), /usr/bin/python2) > - @$(call install_lib, python, 0, 0, 644, libpython$(PYTHON_MAJORMINOR)) > + @$(call install_lib, python, 0, 0, 0644, libpython$(PYTHON_MAJORMINOR)) > > ifdef PTXCONF_PYTHON_SYMLINK > @$(call install_link, python, python$(PYTHON_MAJORMINOR), /usr/bin/python) > diff --git a/rules/python3.make b/rules/python3.make > index 0046d561de4e..ca2b5ded95b7 100644 > --- a/rules/python3.make > +++ b/rules/python3.make > @@ -163,11 +163,11 @@ $(STATEDIR)/python3.targetinstall: > @$(call install_glob, python3, 0, 0, -, /usr/lib/python$(PYTHON3_MAJORMINOR), \ > *.so *.pyc *.whl, */test */tests */__pycache__ $(PYTHON3_SKIP-y)) > > - @$(call install_copy, python3, 0, 0, 755, -, /usr/bin/python$(PYTHON3_MAJORMINOR)) > + @$(call install_copy, python3, 0, 0, 0755, -, /usr/bin/python$(PYTHON3_MAJORMINOR)) > @$(call install_link, python3, python$(PYTHON3_MAJORMINOR), /usr/bin/python3) > - @$(call install_lib, python3, 0, 0, 644, libpython$(PYTHON3_MAJORMINOR)m) > + @$(call install_lib, python3, 0, 0, 0644, libpython$(PYTHON3_MAJORMINOR)m) > > - @$(call install_copy, python3, 0, 0, 644, -, /usr/lib/python$(PYTHON3_MAJORMINOR)/venv/scripts/common/activate) > + @$(call install_copy, python3, 0, 0, 0644, -, /usr/lib/python$(PYTHON3_MAJORMINOR)/venv/scripts/common/activate) > > ifdef PTXCONF_PYTHON3_SYMLINK > @$(call install_link, python3, python$(PYTHON3_MAJORMINOR), /usr/bin/python) > diff --git a/rules/sdl2-test.make b/rules/sdl2-test.make > index 28a08dc30cea..5c92ebf6b583 100644 > --- a/rules/sdl2-test.make > +++ b/rules/sdl2-test.make > @@ -157,11 +157,11 @@ $(STATEDIR)/sdl2-test.targetinstall: > @$(call install_fixup, sdl2-test,DESCRIPTION,missing) > > @$(foreach file, $(SDL2_TEST_TOOLS), \ > - $(call install_copy, sdl2-test, 0, 0, 755, -, \ > + $(call install_copy, sdl2-test, 0, 0, 0755, -, \ > /usr/bin/sdl2tests/$(file))$(ptx/nl)) > > @$(foreach file, $(SDL2_TEST_DATA), \ > - $(call install_copy, sdl2-test, 0, 0, 644, -, \ > + $(call install_copy, sdl2-test, 0, 0, 0644, -, \ > /usr/bin/sdl2tests/$(file))$(ptx/nl)) > > @$(call install_finish, sdl2-test) > diff --git a/rules/strongswan.make b/rules/strongswan.make > index dddf8875474b..59de1cfdb714 100644 > --- a/rules/strongswan.make > +++ b/rules/strongswan.make > @@ -311,19 +311,19 @@ ifdef PTXCONF_STRONGSWAN_SWANCTL > @$(call install_lib, strongswan, 0, 0, 0644, libvici) > @$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d) > @$(call install_alternative, strongswan, 0, 0, 0644, /etc/swanctl/swanctl.conf) > - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/bliss) > - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/ecdsa) > - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs12) > - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs8) > - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/private) > - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/pubkey) > - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/rsa) > - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509) > - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509aa) > - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ac) > - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ca) > - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509crl) > - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ocsp) > + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/bliss) > + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/ecdsa) > + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/pkcs12) > + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/pkcs8) > + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/private) > + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/pubkey) > + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/rsa) > + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509) > + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509aa) > + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509ac) > + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509ca) > + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509crl) > + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509ocsp) > endif > > @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts) > diff --git a/rules/sudo.make b/rules/sudo.make > index dd8c1bb67bc4..eb65060a7831 100644 > --- a/rules/sudo.make > +++ b/rules/sudo.make > @@ -137,7 +137,7 @@ ifdef PTXCONF_SUDO_INSTALL_ETC_SUDOERS > endif > > ifdef PTXCONF_SUDO_INSTALL_VISUDO > - @$(call install_copy, sudo, 0, 0, 755, -, /usr/sbin/visudo) > + @$(call install_copy, sudo, 0, 0, 0755, -, /usr/sbin/visudo) > endif > > @$(call install_finish, sudo) > diff --git a/rules/systemd.make b/rules/systemd.make > index a4f67fb03673..3cec84397f3e 100644 > --- a/rules/systemd.make > +++ b/rules/systemd.make > @@ -344,7 +344,7 @@ $(STATEDIR)/systemd.targetinstall: > > @$(call install_tree, systemd, 0, 0, -, /usr/lib/systemd/system-generators/) > @$(foreach helper, $(SYSTEMD_HELPER), \ > - $(call install_copy, systemd, 0, 0, 755, -, \ > + $(call install_copy, systemd, 0, 0, 0755, -, \ > /usr/lib/systemd/$(helper));) > > # # configuration > diff --git a/rules/xorg-font-ttf-caladea.make b/rules/xorg-font-ttf-caladea.make > index 61b22f8b5865..4d13ea88811d 100644 > --- a/rules/xorg-font-ttf-caladea.make > +++ b/rules/xorg-font-ttf-caladea.make > @@ -56,9 +56,9 @@ $(STATEDIR)/xorg-font-ttf-caladea.targetinstall: > @$(call install_fixup, xorg-font-ttf-caladea,AUTHOR,"Michael Olbrich <m.olbrich@pengutronix.de>") > @$(call install_fixup, xorg-font-ttf-caladea,DESCRIPTION,missing) > > - @$(call install_alternative, xorg-font-ttf-caladea, 0, 0, 644, \ > + @$(call install_alternative, xorg-font-ttf-caladea, 0, 0, 0644, \ > /etc/fonts/conf.d/30-0-google-crosextra-caladea-fontconfig.conf) > - @$(call install_alternative, xorg-font-ttf-caladea, 0, 0, 644, \ > + @$(call install_alternative, xorg-font-ttf-caladea, 0, 0, 0644, \ > /etc/fonts/conf.d/62-google-crosextra-caladea-fontconfig.conf) > > @$(call install_tree, xorg-font-ttf-caladea, 0, 0, -, /usr) > diff --git a/rules/xorg-font-ttf-carlito.make b/rules/xorg-font-ttf-carlito.make > index a493c03c85df..d82a0d0d7c06 100644 > --- a/rules/xorg-font-ttf-carlito.make > +++ b/rules/xorg-font-ttf-carlito.make > @@ -56,9 +56,9 @@ $(STATEDIR)/xorg-font-ttf-carlito.targetinstall: > @$(call install_fixup, xorg-font-ttf-carlito,AUTHOR,"Michael Olbrich <m.olbrich@pengutronix.de>") > @$(call install_fixup, xorg-font-ttf-carlito,DESCRIPTION,missing) > > - @$(call install_alternative, xorg-font-ttf-carlito, 0, 0, 644, \ > + @$(call install_alternative, xorg-font-ttf-carlito, 0, 0, 0644, \ > /etc/fonts/conf.d/30-0-google-crosextra-carlito-fontconfig.conf) > - @$(call install_alternative, xorg-font-ttf-carlito, 0, 0, 644, \ > + @$(call install_alternative, xorg-font-ttf-carlito, 0, 0, 0644, \ > /etc/fonts/conf.d/62-google-crosextra-carlito-fontconfig.conf) > > @$(call install_tree, xorg-font-ttf-carlito, 0, 0, -, /usr) _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [ptxdist] [PATCH v2 1/2] doc: ref_make_macros: make clear that permission should be four digits 2020-08-19 10:59 ` [ptxdist] [PATCH v2 1/2] doc: ref_make_macros: make clear that permission should be four digits Roland Hieber 2020-08-19 10:59 ` [ptxdist] [PATCH v2 2/2] rules: explicitly specify sticky/setuid/setgid bits for install_* macros Roland Hieber @ 2020-08-19 11:04 ` Alexander Dahl 2020-08-21 7:52 ` Michael Olbrich 2020-09-04 17:01 ` [ptxdist] [APPLIED] " Michael Olbrich 2 siblings, 1 reply; 16+ messages in thread From: Alexander Dahl @ 2020-08-19 11:04 UTC (permalink / raw) To: ptxdist; +Cc: Roland Hieber Hello Roland, Am Mittwoch, 19. August 2020, 12:59:08 CEST schrieb Roland Hieber: > Three octal digits are not enough, we must also respect the > sticky/setuid/setgid bits. Even if these are mostly implied to be 0, we > should be explicit here. This should also help to prevent permission > clashes when more than one packages install the same directory. > > Signed-off-by: Roland Hieber <rhi@pengutronix.de> Acked-by: Alexander Dahl <ada@thorsis.com> Greets Alex > --- > * v2: unchanged > > doc/ref_make_macros.rst | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/doc/ref_make_macros.rst b/doc/ref_make_macros.rst > index 6f056adf3e7d..ae65cb9408cf 100644 > --- a/doc/ref_make_macros.rst > +++ b/doc/ref_make_macros.rst > @@ -173,7 +173,7 @@ Some of the parameters have fixed meanings: > **<GID>** > Group ID the file should use in the target's root filesystem > **<permission>** > - Permission (in an octal value) the file should use in the target's root > filesystem + Permission (as a four-digit octal value) the file should use > in the target's root filesystem > > The remaining parameters vary with the use case: > > @@ -384,7 +384,7 @@ The base parameters and their meanings: > **<GID>** > Group ID the file should use in the target's root filesystem > **<permission>** > - Permission (in an octal value) the file should use in the target's root > filesystem + Permission (as a four-digit octal value) the file should use > in the target's root filesystem > > The parameter <destination> is meant as an absolute path > and filename in target's root filesystem. PTXdist searches for the source > @@ -581,7 +581,7 @@ The parameters and their meanings: > **<GID>** > Group ID the directories and files should use in the target's root > filesystem **<permission>** > - Permission (as an octal value) the library should use in the target's > root + Permission (as a four-digit octal value) the library should use in > the target's root filesystem (mostly 0644) > **<libname>** > Basename of the library without any extension and path _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [ptxdist] [PATCH v2 1/2] doc: ref_make_macros: make clear that permission should be four digits 2020-08-19 11:04 ` [ptxdist] [PATCH v2 1/2] doc: ref_make_macros: make clear that permission should be four digits Alexander Dahl @ 2020-08-21 7:52 ` Michael Olbrich 2020-08-21 12:06 ` Alexander Dahl 0 siblings, 1 reply; 16+ messages in thread From: Michael Olbrich @ 2020-08-21 7:52 UTC (permalink / raw) To: ptxdist Hello Roland hand Alexander, On Wed, Aug 19, 2020 at 01:04:31PM +0200, Alexander Dahl wrote: > Am Mittwoch, 19. August 2020, 12:59:08 CEST schrieb Roland Hieber: > > Three octal digits are not enough, we must also respect the > > sticky/setuid/setgid bits. Even if these are mostly implied to be 0, we > > should be explicit here. This should also help to prevent permission > > clashes when more than one packages install the same directory. > > > > Signed-off-by: Roland Hieber <rhi@pengutronix.de> > > Acked-by: Alexander Dahl <ada@thorsis.com> Thanks for sorting this out. I'll apply the patches because I think this is better for consistency. But we should probably accept the versions without leading zeros as well. The final result is the same after all. Probably something like this: diff --git a/scripts/lib/ptxd_lib_check_dir_permissions.awk b/scripts/lib/ptxd_lib_check_dir_permissions.awk index faa0c64373f0..e6eb99f1937e 100644 --- a/scripts/lib/ptxd_lib_check_dir_permissions.awk +++ b/scripts/lib/ptxd_lib_check_dir_permissions.awk @@ -35,7 +35,7 @@ function check_parents(base) { $1 ~ "d" { path = gensub(/\/$/,"",1,$2) - perm = $3 "." $4 " " $5 + perm = $3 "." $4 " 0" sprintf("%o", strtonum("0" $5)) check(path, perm, "") check_parents(path) } What do you think? Michael > > --- > > * v2: unchanged > > > > doc/ref_make_macros.rst | 6 +++--- > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/doc/ref_make_macros.rst b/doc/ref_make_macros.rst > > index 6f056adf3e7d..ae65cb9408cf 100644 > > --- a/doc/ref_make_macros.rst > > +++ b/doc/ref_make_macros.rst > > @@ -173,7 +173,7 @@ Some of the parameters have fixed meanings: > > **<GID>** > > Group ID the file should use in the target's root filesystem > > **<permission>** > > - Permission (in an octal value) the file should use in the target's root > > filesystem + Permission (as a four-digit octal value) the file should use > > in the target's root filesystem > > > > The remaining parameters vary with the use case: > > > > @@ -384,7 +384,7 @@ The base parameters and their meanings: > > **<GID>** > > Group ID the file should use in the target's root filesystem > > **<permission>** > > - Permission (in an octal value) the file should use in the target's root > > filesystem + Permission (as a four-digit octal value) the file should use > > in the target's root filesystem > > > > The parameter <destination> is meant as an absolute path > > and filename in target's root filesystem. PTXdist searches for the source > > @@ -581,7 +581,7 @@ The parameters and their meanings: > > **<GID>** > > Group ID the directories and files should use in the target's root > > filesystem **<permission>** > > - Permission (as an octal value) the library should use in the target's > > root + Permission (as a four-digit octal value) the library should use in > > the target's root filesystem (mostly 0644) > > **<libname>** > > Basename of the library without any extension and path > > > > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [ptxdist] [PATCH v2 1/2] doc: ref_make_macros: make clear that permission should be four digits 2020-08-21 7:52 ` Michael Olbrich @ 2020-08-21 12:06 ` Alexander Dahl 2020-08-23 19:17 ` Roland Hieber 0 siblings, 1 reply; 16+ messages in thread From: Alexander Dahl @ 2020-08-21 12:06 UTC (permalink / raw) To: ptxdist; +Cc: Michael Olbrich Hello Michael, Am Freitag, 21. August 2020, 09:52:29 CEST schrieb Michael Olbrich: > Hello Roland hand Alexander, > > On Wed, Aug 19, 2020 at 01:04:31PM +0200, Alexander Dahl wrote: > > Am Mittwoch, 19. August 2020, 12:59:08 CEST schrieb Roland Hieber: > > > Three octal digits are not enough, we must also respect the > > > sticky/setuid/setgid bits. Even if these are mostly implied to be 0, we > > > should be explicit here. This should also help to prevent permission > > > clashes when more than one packages install the same directory. > > > > > > Signed-off-by: Roland Hieber <rhi@pengutronix.de> > > > > Acked-by: Alexander Dahl <ada@thorsis.com> > > Thanks for sorting this out. I'll apply the patches because I think this is > better for consistency. But we should probably accept the versions without > leading zeros as well. The final result is the same after all. No objection on the concept. If 3 digits is accepted in general and e.g. 755 always means 0755, that additional script magic would mean less friction on user side, which is a good thing. > Probably something like this: > > > diff --git a/scripts/lib/ptxd_lib_check_dir_permissions.awk > b/scripts/lib/ptxd_lib_check_dir_permissions.awk index > faa0c64373f0..e6eb99f1937e 100644 > --- a/scripts/lib/ptxd_lib_check_dir_permissions.awk > +++ b/scripts/lib/ptxd_lib_check_dir_permissions.awk > @@ -35,7 +35,7 @@ function check_parents(base) { > > $1 ~ "d" { > path = gensub(/\/$/,"",1,$2) > - perm = $3 "." $4 " " $5 > + perm = $3 "." $4 " 0" sprintf("%o", strtonum("0" $5)) > check(path, perm, "") > check_parents(path) > } > > What do you think? I can't review awk. Sorry. Have a nice weekend everyone Alex > > > --- > > > > > > * v2: unchanged > > > > > > doc/ref_make_macros.rst | 6 +++--- > > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > > > diff --git a/doc/ref_make_macros.rst b/doc/ref_make_macros.rst > > > index 6f056adf3e7d..ae65cb9408cf 100644 > > > --- a/doc/ref_make_macros.rst > > > +++ b/doc/ref_make_macros.rst > > > > > > @@ -173,7 +173,7 @@ Some of the parameters have fixed meanings: > > > **<GID>** > > > > > > Group ID the file should use in the target's root filesystem > > > > > > **<permission>** > > > > > > - Permission (in an octal value) the file should use in the target's > > > root > > > filesystem + Permission (as a four-digit octal value) the file should > > > use > > > in the target's root filesystem > > > > > > The remaining parameters vary with the use case: > > > @@ -384,7 +384,7 @@ The base parameters and their meanings: > > > **<GID>** > > > > > > Group ID the file should use in the target's root filesystem > > > > > > **<permission>** > > > > > > - Permission (in an octal value) the file should use in the target's > > > root > > > filesystem + Permission (as a four-digit octal value) the file should > > > use > > > in the target's root filesystem > > > > > > The parameter <destination> is meant as an absolute path > > > and filename in target's root filesystem. PTXdist searches for the > > > source > > > > > > @@ -581,7 +581,7 @@ The parameters and their meanings: > > > **<GID>** > > > > > > Group ID the directories and files should use in the target's root > > > > > > filesystem **<permission>** > > > - Permission (as an octal value) the library should use in the target's > > > root + Permission (as a four-digit octal value) the library should use > > > in > > > the target's root filesystem (mostly 0644) > > > > > > **<libname>** > > > > > > Basename of the library without any extension and path > > > > _______________________________________________ > > ptxdist mailing list > > ptxdist@pengutronix.de > > To unsubscribe, send a mail with subject "unsubscribe" to > > ptxdist-request@pengutronix.de _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [ptxdist] [PATCH v2 1/2] doc: ref_make_macros: make clear that permission should be four digits 2020-08-21 12:06 ` Alexander Dahl @ 2020-08-23 19:17 ` Roland Hieber 0 siblings, 0 replies; 16+ messages in thread From: Roland Hieber @ 2020-08-23 19:17 UTC (permalink / raw) To: ptxdist On Fri, Aug 21, 2020 at 02:06:32PM +0200, Alexander Dahl wrote: > Hello Michael, > > Am Freitag, 21. August 2020, 09:52:29 CEST schrieb Michael Olbrich: > > Hello Roland hand Alexander, > > > > On Wed, Aug 19, 2020 at 01:04:31PM +0200, Alexander Dahl wrote: > > > Am Mittwoch, 19. August 2020, 12:59:08 CEST schrieb Roland Hieber: > > > > Three octal digits are not enough, we must also respect the > > > > sticky/setuid/setgid bits. Even if these are mostly implied to be 0, we > > > > should be explicit here. This should also help to prevent permission > > > > clashes when more than one packages install the same directory. > > > > > > > > Signed-off-by: Roland Hieber <rhi@pengutronix.de> > > > > > > Acked-by: Alexander Dahl <ada@thorsis.com> > > > > Thanks for sorting this out. I'll apply the patches because I think this is > > better for consistency. But we should probably accept the versions without > > leading zeros as well. The final result is the same after all. > > No objection on the concept. If 3 digits is accepted in general and e.g. 755 > always means 0755, that additional script magic would mean less friction on > user side, which is a good thing. No objections from my side too. - Roland > > > Probably something like this: > > > > > > diff --git a/scripts/lib/ptxd_lib_check_dir_permissions.awk > > b/scripts/lib/ptxd_lib_check_dir_permissions.awk index > > faa0c64373f0..e6eb99f1937e 100644 > > --- a/scripts/lib/ptxd_lib_check_dir_permissions.awk > > +++ b/scripts/lib/ptxd_lib_check_dir_permissions.awk > > @@ -35,7 +35,7 @@ function check_parents(base) { > > > > $1 ~ "d" { > > path = gensub(/\/$/,"",1,$2) > > - perm = $3 "." $4 " " $5 > > + perm = $3 "." $4 " 0" sprintf("%o", strtonum("0" $5)) > > check(path, perm, "") > > check_parents(path) > > } > > > > What do you think? > > I can't review awk. Sorry. > > Have a nice weekend everyone > Alex > > > > > --- > > > > > > > > * v2: unchanged > > > > > > > > doc/ref_make_macros.rst | 6 +++--- > > > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > > > > > diff --git a/doc/ref_make_macros.rst b/doc/ref_make_macros.rst > > > > index 6f056adf3e7d..ae65cb9408cf 100644 > > > > --- a/doc/ref_make_macros.rst > > > > +++ b/doc/ref_make_macros.rst > > > > > > > > @@ -173,7 +173,7 @@ Some of the parameters have fixed meanings: > > > > **<GID>** > > > > > > > > Group ID the file should use in the target's root filesystem > > > > > > > > **<permission>** > > > > > > > > - Permission (in an octal value) the file should use in the target's > > > > root > > > > filesystem + Permission (as a four-digit octal value) the file should > > > > use > > > > in the target's root filesystem > > > > > > > > The remaining parameters vary with the use case: > > > > @@ -384,7 +384,7 @@ The base parameters and their meanings: > > > > **<GID>** > > > > > > > > Group ID the file should use in the target's root filesystem > > > > > > > > **<permission>** > > > > > > > > - Permission (in an octal value) the file should use in the target's > > > > root > > > > filesystem + Permission (as a four-digit octal value) the file should > > > > use > > > > in the target's root filesystem > > > > > > > > The parameter <destination> is meant as an absolute path > > > > and filename in target's root filesystem. PTXdist searches for the > > > > source > > > > > > > > @@ -581,7 +581,7 @@ The parameters and their meanings: > > > > **<GID>** > > > > > > > > Group ID the directories and files should use in the target's root > > > > > > > > filesystem **<permission>** > > > > - Permission (as an octal value) the library should use in the target's > > > > root + Permission (as a four-digit octal value) the library should use > > > > in > > > > the target's root filesystem (mostly 0644) > > > > > > > > **<libname>** > > > > > > > > Basename of the library without any extension and path > > > > > > _______________________________________________ > > > ptxdist mailing list > > > ptxdist@pengutronix.de > > > To unsubscribe, send a mail with subject "unsubscribe" to > > > ptxdist-request@pengutronix.de > > > > > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > -- Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de | Steuerwalder Str. 21 | https://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [ptxdist] [APPLIED] doc: ref_make_macros: make clear that permission should be four digits 2020-08-19 10:59 ` [ptxdist] [PATCH v2 1/2] doc: ref_make_macros: make clear that permission should be four digits Roland Hieber 2020-08-19 10:59 ` [ptxdist] [PATCH v2 2/2] rules: explicitly specify sticky/setuid/setgid bits for install_* macros Roland Hieber 2020-08-19 11:04 ` [ptxdist] [PATCH v2 1/2] doc: ref_make_macros: make clear that permission should be four digits Alexander Dahl @ 2020-09-04 17:01 ` Michael Olbrich 2 siblings, 0 replies; 16+ messages in thread From: Michael Olbrich @ 2020-09-04 17:01 UTC (permalink / raw) To: ptxdist; +Cc: Roland Hieber Thanks, applied as 455015358553bade699536203a16da6a87a67fdf. Michael [sent from post-receive hook] On Fri, 04 Sep 2020 19:01:29 +0200, Roland Hieber <rhi@pengutronix.de> wrote: > Three octal digits are not enough, we must also respect the > sticky/setuid/setgid bits. Even if these are mostly implied to be 0, we > should be explicit here. This should also help to prevent permission > clashes when more than one packages install the same directory. > > Signed-off-by: Roland Hieber <rhi@pengutronix.de> > Acked-by: Alexander Dahl <ada@thorsis.com> > Message-Id: <20200819105909.21441-1-rhi@pengutronix.de> > Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> > > diff --git a/doc/ref_make_macros.rst b/doc/ref_make_macros.rst > index 6f056adf3e7d..ae65cb9408cf 100644 > --- a/doc/ref_make_macros.rst > +++ b/doc/ref_make_macros.rst > @@ -173,7 +173,7 @@ Some of the parameters have fixed meanings: > **<GID>** > Group ID the file should use in the target's root filesystem > **<permission>** > - Permission (in an octal value) the file should use in the target's root filesystem > + Permission (as a four-digit octal value) the file should use in the target's root filesystem > > The remaining parameters vary with the use case: > > @@ -384,7 +384,7 @@ The base parameters and their meanings: > **<GID>** > Group ID the file should use in the target's root filesystem > **<permission>** > - Permission (in an octal value) the file should use in the target's root filesystem > + Permission (as a four-digit octal value) the file should use in the target's root filesystem > > The parameter <destination> is meant as an absolute path > and filename in target's root filesystem. PTXdist searches for the source > @@ -581,7 +581,7 @@ The parameters and their meanings: > **<GID>** > Group ID the directories and files should use in the target's root filesystem > **<permission>** > - Permission (as an octal value) the library should use in the target's root > + Permission (as a four-digit octal value) the library should use in the target's root > filesystem (mostly 0644) > **<libname>** > Basename of the library without any extension and path _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [ptxdist] [PATCH] sudo: targetinstall /etc/sudoers.d with 4 digit permission 2020-08-19 10:47 ` Roland Hieber 2020-08-19 10:51 ` [ptxdist] [PATCH 1/2] doc: ref_make_macros: make clear that permission should be four digits Roland Hieber @ 2020-08-19 11:11 ` Alexander Dahl 2020-08-19 11:29 ` Roland Hieber 1 sibling, 1 reply; 16+ messages in thread From: Alexander Dahl @ 2020-08-19 11:11 UTC (permalink / raw) To: ptxdist; +Cc: Roland Hieber Hello Roland, Am Mittwoch, 19. August 2020, 12:47:22 CEST schrieb Roland Hieber: > On Tue, Aug 18, 2020 at 12:35:32PM +0200, Alexander Dahl wrote: > > When installing additional files into /etc/sudoers.d from another > > > > package, we got this error (redacted): > > Incompatible ownership or permissions for '/etc/sudoers.d': > > sudo: 0.0 755 > > *****: 0.0 0755 (implicit) > > > > One of these packages must be fixed! > > > > Build is successful again, if fixed in the sudo package. > > > > Signed-off-by: Alexander Dahl <ada@thorsis.com> > > --- > > > > Notes: > > Besides: how would one fix this in the other package? I have that case > > for another set of packages where one creates a folder with 2775 and > > others should copy files in it, which fails because 0755 are the > > implicit rights. Recreate that folder in each package? > > A start could be to grep for install_copy calls and sort them by their > last parameter: > > git grep '$(call install_copy,' | sort -k 8 > > … but we still need to handle those lines which are wrapped using a \ at > the end… I think you misunderstood what I meant. Let me give an example. Assume package 'foo' creates a folder like this: @$(call install_copy, foo, root, daemon, 2775, /etc/daemon) And now another package 'bar' installs a file like this: @$(call install_alternative, bar, root, root, 0644, /etc/daemon/bar) This will clash with an error message (roughly) like this: Incompatible ownership or permissions for '/etc/daemon': foo: 0.1 2775 bar: 0.0 0755 (implicit) One of these packages must be fixed! Now the question again: how would one fix this in package 'bar' without touching package 'foo'? Greets Alex _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [ptxdist] [PATCH] sudo: targetinstall /etc/sudoers.d with 4 digit permission 2020-08-19 11:11 ` [ptxdist] [PATCH] sudo: targetinstall /etc/sudoers.d with 4 digit permission Alexander Dahl @ 2020-08-19 11:29 ` Roland Hieber 0 siblings, 0 replies; 16+ messages in thread From: Roland Hieber @ 2020-08-19 11:29 UTC (permalink / raw) To: Alexander Dahl; +Cc: ptxdist On Wed, Aug 19, 2020 at 01:11:35PM +0200, Alexander Dahl wrote: > Hello Roland, > > Am Mittwoch, 19. August 2020, 12:47:22 CEST schrieb Roland Hieber: > > On Tue, Aug 18, 2020 at 12:35:32PM +0200, Alexander Dahl wrote: > > > When installing additional files into /etc/sudoers.d from another > > > > > > package, we got this error (redacted): > > > Incompatible ownership or permissions for '/etc/sudoers.d': > > > sudo: 0.0 755 > > > *****: 0.0 0755 (implicit) > > > > > > One of these packages must be fixed! > > > > > > Build is successful again, if fixed in the sudo package. > > > > > > Signed-off-by: Alexander Dahl <ada@thorsis.com> > > > --- > > > > > > Notes: > > > Besides: how would one fix this in the other package? I have that case > > > for another set of packages where one creates a folder with 2775 and > > > others should copy files in it, which fails because 0755 are the > > > implicit rights. Recreate that folder in each package? > > > > A start could be to grep for install_copy calls and sort them by their > > last parameter: > > > > git grep '$(call install_copy,' | sort -k 8 > > > > … but we still need to handle those lines which are wrapped using a \ at > > the end… > > I think you misunderstood what I meant. Let me give an example. Assume package > 'foo' creates a folder like this: > > @$(call install_copy, foo, root, daemon, 2775, /etc/daemon) > > And now another package 'bar' installs a file like this: > > @$(call install_alternative, bar, root, root, 0644, /etc/daemon/bar) > > This will clash with an error message (roughly) like this: > > Incompatible ownership or permissions for '/etc/daemon': > foo: 0.1 2775 > bar: 0.0 0755 (implicit) > > One of these packages must be fixed! > > Now the question again: how would one fix this in package 'bar' without > touching package 'foo'? Ah yes, I misunderstood what you meant! :) Does an additional install_copy for the directory with the same permissions as in the other package should do the job already? - Roland -- Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de | Steuerwalder Str. 21 | https://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [ptxdist] [APPLIED] sudo: targetinstall /etc/sudoers.d with 4 digit permission 2020-08-18 10:35 [ptxdist] [PATCH] sudo: targetinstall /etc/sudoers.d with 4 digit permission Alexander Dahl 2020-08-19 10:47 ` Roland Hieber @ 2020-08-21 6:54 ` Michael Olbrich 1 sibling, 0 replies; 16+ messages in thread From: Michael Olbrich @ 2020-08-21 6:54 UTC (permalink / raw) To: ptxdist; +Cc: Alexander Dahl Thanks, applied as 40fb8b4c040d3f6f8e02a58494cf4f7d9c3b7750. Michael [sent from post-receive hook] On Fri, 21 Aug 2020 08:54:18 +0200, Alexander Dahl <ada@thorsis.com> wrote: > When installing additional files into /etc/sudoers.d from another > package, we got this error (redacted): > > Incompatible ownership or permissions for '/etc/sudoers.d': > sudo: 0.0 755 > *****: 0.0 0755 (implicit) > > One of these packages must be fixed! > > Build is successful again, if fixed in the sudo package. > > Signed-off-by: Alexander Dahl <ada@thorsis.com> > Message-Id: <20200818103532.27487-1-ada@thorsis.com> > Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> > > diff --git a/rules/sudo.make b/rules/sudo.make > index 985ab87683f9..dd8c1bb67bc4 100644 > --- a/rules/sudo.make > +++ b/rules/sudo.make > @@ -133,7 +133,7 @@ $(STATEDIR)/sudo.targetinstall: > > ifdef PTXCONF_SUDO_INSTALL_ETC_SUDOERS > @$(call install_alternative, sudo, 0, 0, 0440, /etc/sudoers, n) > - @$(call install_copy, sudo, 0, 0, 755, /etc/sudoers.d) > + @$(call install_copy, sudo, 0, 0, 0755, /etc/sudoers.d) > endif > > ifdef PTXCONF_SUDO_INSTALL_VISUDO _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de ^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2020-09-04 17:01 UTC | newest] Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-08-18 10:35 [ptxdist] [PATCH] sudo: targetinstall /etc/sudoers.d with 4 digit permission Alexander Dahl 2020-08-19 10:47 ` Roland Hieber 2020-08-19 10:51 ` [ptxdist] [PATCH 1/2] doc: ref_make_macros: make clear that permission should be four digits Roland Hieber 2020-08-19 10:51 ` [ptxdist] [PATCH 2/2] rules: explicitly specify sticky/setuid/setgid bits for install_* macros Roland Hieber 2020-08-19 10:55 ` Roland Hieber 2020-08-19 10:59 ` [ptxdist] [PATCH v2 1/2] doc: ref_make_macros: make clear that permission should be four digits Roland Hieber 2020-08-19 10:59 ` [ptxdist] [PATCH v2 2/2] rules: explicitly specify sticky/setuid/setgid bits for install_* macros Roland Hieber 2020-09-04 17:01 ` [ptxdist] [APPLIED] " Michael Olbrich 2020-08-19 11:04 ` [ptxdist] [PATCH v2 1/2] doc: ref_make_macros: make clear that permission should be four digits Alexander Dahl 2020-08-21 7:52 ` Michael Olbrich 2020-08-21 12:06 ` Alexander Dahl 2020-08-23 19:17 ` Roland Hieber 2020-09-04 17:01 ` [ptxdist] [APPLIED] " Michael Olbrich 2020-08-19 11:11 ` [ptxdist] [PATCH] sudo: targetinstall /etc/sudoers.d with 4 digit permission Alexander Dahl 2020-08-19 11:29 ` Roland Hieber 2020-08-21 6:54 ` [ptxdist] [APPLIED] " Michael Olbrich
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox