From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: In-Reply-To: <20200819105909.21441-2-rhi@pengutronix.de> MIME-Version: 1.0 Message-Id: From: Michael Olbrich Date: Fri, 04 Sep 2020 19:01:29 +0200 Subject: Re: [ptxdist] [APPLIED] rules: explicitly specify sticky/setuid/setgid bits for install_* macros List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de Cc: Roland Hieber Thanks, applied as 537dbdecfde24dfdba056d263025b411b8a0db05. Michael [sent from post-receive hook] On Fri, 04 Sep 2020 19:01:29 +0200, Roland Hieber wrote: > Until now the bits were implied to be 0, but we should be specific here. > All other packages already use the four-digit variant. > > These instances were found by using: > > git grep -e 'call install_\(alternative\|copy\|lib\), [^,]\+, [^,]\+, [^,]\+, [0-9][0-9][0-9][^0-9]' > > Signed-off-by: Roland Hieber > Message-Id: <20200819105909.21441-2-rhi@pengutronix.de> > Signed-off-by: Michael Olbrich > > diff --git a/rules/busybox.make b/rules/busybox.make > index 9870414d0b32..d5d6aa6c2e8b 100644 > --- a/rules/busybox.make > +++ b/rules/busybox.make > @@ -112,7 +112,7 @@ ifdef PTXCONF_BUSYBOX_FEATURE_INDIVIDUAL > @$(call install_lib, busybox, 0, 0, 0644, libbusybox) > > @cat $(BUSYBOX_PKGDIR)/etc/busybox.links | while read link; do \ > - $(call install_copy, busybox, 0, 0, 755, \ > + $(call install_copy, busybox, 0, 0, 0755, \ > "$(BUSYBOX_PKGDIR)/usr/lib/busybox/$${link##*/}", "/usr$${link}"); \ > done > else > @@ -125,7 +125,7 @@ ifdef PTXCONF_BUSYBOX_FEATURE_SUID_CONFIG > @$(call install_alternative, busybox, 0, 0, 0644, /etc/busybox.conf) > endif > else > - @$(call install_copy, busybox, 0, 0, 755, -, /usr/bin/busybox) > + @$(call install_copy, busybox, 0, 0, 0755, -, /usr/bin/busybox) > endif > @cat $(BUSYBOX_PKGDIR)/etc/busybox.links | while read link; do \ > case "$${link}" in \ > diff --git a/rules/cog.make b/rules/cog.make > index a0587a8d501a..e0e0707b647c 100644 > --- a/rules/cog.make > +++ b/rules/cog.make > @@ -61,8 +61,8 @@ $(STATEDIR)/cog.targetinstall: > @$(call install_fixup, cog,DESCRIPTION,"WPE launcher and webapp container") > > @$(call install_copy, cog, 0, 0, 0755, -, /usr/bin/cog) > - @$(call install_lib, cog, 0, 0, 644, libcogplatform-fdo) > - @$(call install_lib, cog, 0, 0, 644, libcogcore) > + @$(call install_lib, cog, 0, 0, 0644, libcogplatform-fdo) > + @$(call install_lib, cog, 0, 0, 0644, libcogcore) > > @$(call install_finish, cog) > > diff --git a/rules/cups.make b/rules/cups.make > index 297fe37e41ce..88d7e2e86f25 100644 > --- a/rules/cups.make > +++ b/rules/cups.make > @@ -134,7 +134,7 @@ $(STATEDIR)/cups.targetinstall: > @$(call install_fixup, cups,DESCRIPTION,missing) > > # ----- config files, install as daemon:lp > - @$(call install_copy, cups, daemon, lp, 750, /etc/cups) > + @$(call install_copy, cups, daemon, lp, 0750, /etc/cups) > @$(call install_alternative, cups, daemon, lp, 0640, /etc/cups/cups-files.conf) > @$(call install_alternative, cups, daemon, lp, 0640, /etc/cups/cupsd.conf) > @$(call install_alternative, cups, daemon, lp, 0600, /etc/cups/classes.conf) > diff --git a/rules/flex.make b/rules/flex.make > index 2478c55056e1..2543b77881f8 100644 > --- a/rules/flex.make > +++ b/rules/flex.make > @@ -67,7 +67,7 @@ $(STATEDIR)/flex.targetinstall: > @$(call install_fixup, flex,AUTHOR,"Marc Kleine-Budde ") > @$(call install_fixup, flex,DESCRIPTION,missing) > > - @$(call install_lib, flex, 0, 0, 644, libfl) > + @$(call install_lib, flex, 0, 0, 0644, libfl) > > @$(call install_finish, flex) > > diff --git a/rules/gpsd.make b/rules/gpsd.make > index 8d14dee809dd..0bda35d91e40 100644 > --- a/rules/gpsd.make > +++ b/rules/gpsd.make > @@ -164,19 +164,19 @@ ifdef PTXCONF_GPSD_GPSDCTL > @$(call install_copy, gpsd, 0, 0, 0755, -, /usr/sbin/gpsdctl) > endif > ifdef PTXCONF_GPSD_SYSTEMD_UNIT > - @$(call install_alternative, gpsd, 0, 0, 644, \ > + @$(call install_alternative, gpsd, 0, 0, 0644, \ > /usr/lib/systemd/system/gpsd.service) > @$(call install_replace, gpsd, \ > /usr/lib/systemd/system/gpsd.service, \ > @ARGS@, $(PTXCONF_GPSD_GPSD_ARGS)) > @$(call install_link, gpsd, ../gpsd.service, \ > /usr/lib/systemd/system/multi-user.target.wants/gpsd.service) > - @$(call install_alternative, gpsd, 0, 0, 644, \ > + @$(call install_alternative, gpsd, 0, 0, 0644, \ > /usr/lib/systemd/system/gpsd.socket) > @$(call install_link, gpsd, ../gpsd.socket, \ > /usr/lib/systemd/system/sockets.target.wants/gpsd.socket) > ifdef PTXCONF_GPSD_GPSDCTL > - @$(call install_alternative, gpsd, 0, 0, 644, \ > + @$(call install_alternative, gpsd, 0, 0, 0644, \ > /usr/lib/systemd/system/gpsdctl@.service) > endif > endif > diff --git a/rules/graphene.make b/rules/graphene.make > index 10b285d995fc..650ab1233bce 100644 > --- a/rules/graphene.make > +++ b/rules/graphene.make > @@ -61,7 +61,7 @@ $(STATEDIR)/graphene.targetinstall: > > @$(call install_lib, graphene, 0, 0, 0644, libgraphene-1.0) > ifdef PTXCONF_GRAPHENE_INTROSPECTION > - @$(call install_copy, graphene, 0, 0, 644, -, \ > + @$(call install_copy, graphene, 0, 0, 0644, -, \ > /usr/lib/girepository-1.0/Graphene-1.0.typelib) > endif > > diff --git a/rules/gst-bayer2rgb-neon.make b/rules/gst-bayer2rgb-neon.make > index 4bd003161bad..d81104aa0371 100644 > --- a/rules/gst-bayer2rgb-neon.make > +++ b/rules/gst-bayer2rgb-neon.make > @@ -49,7 +49,7 @@ $(STATEDIR)/gst-bayer2rgb-neon.targetinstall: > @$(call install_fixup, gst-bayer2rgb-neon,AUTHOR,"Marian Cichy ") > @$(call install_fixup, gst-bayer2rgb-neon,DESCRIPTION,missing) > > - @$(call install_lib, gst-bayer2rgb-neon, 0, 0, 644, \ > + @$(call install_lib, gst-bayer2rgb-neon, 0, 0, 0644, \ > gstreamer-1.0/gstbayer2rgbneon) > @$(call install_finish, gst-bayer2rgb-neon) > > diff --git a/rules/gst-rtsp-server1.make b/rules/gst-rtsp-server1.make > index bb57abd5dd4b..0bcce05322ca 100644 > --- a/rules/gst-rtsp-server1.make > +++ b/rules/gst-rtsp-server1.make > @@ -53,7 +53,7 @@ $(STATEDIR)/gst-rtsp-server1.targetinstall: > @$(call install_lib, gst-rtsp-server1, 0, 0, 0644, libgstrtspserver-1.0) > @$(call install_lib, gst-rtsp-server1, 0, 0, 0644, gstreamer-1.0/libgstrtspclientsink) > ifdef PTXCONF_GSTREAMER1_INTROSPECTION > - @$(call install_copy, gst-rtsp-server1, 0, 0, 644, -, \ > + @$(call install_copy, gst-rtsp-server1, 0, 0, 0644, -, \ > /usr/lib/girepository-1.0/GstRtspServer-1.0.typelib) > endif > > diff --git a/rules/gst-validate1.make b/rules/gst-validate1.make > index 41887f014a69..bfdb7efb86bd 100644 > --- a/rules/gst-validate1.make > +++ b/rules/gst-validate1.make > @@ -89,7 +89,7 @@ $(STATEDIR)/gst-validate1.targetinstall: > /usr/share/gstreamer-1.0/validate/scenarios) > > ifdef PTXCONF_GSTREAMER1_INTROSPECTION > - @$(call install_copy, gst-validate1, 0, 0, 644, -, \ > + @$(call install_copy, gst-validate1, 0, 0, 0644, -, \ > /usr/lib/girepository-1.0/GstValidate-1.0.typelib) > endif > > diff --git a/rules/intel-gmmlib.make b/rules/intel-gmmlib.make > index 134efdf5d288..54c652de646a 100644 > --- a/rules/intel-gmmlib.make > +++ b/rules/intel-gmmlib.make > @@ -48,7 +48,7 @@ $(STATEDIR)/intel-gmmlib.targetinstall: > @$(call install_fixup, intel-gmmlib,AUTHOR,"Michael Olbrich ") > @$(call install_fixup, intel-gmmlib,DESCRIPTION,missing) > > - @$(call install_lib, intel-gmmlib, 0, 0, 644, libigdgmm) > + @$(call install_lib, intel-gmmlib, 0, 0, 0644, libigdgmm) > > @$(call install_finish, intel-gmmlib) > > diff --git a/rules/libpaper.make b/rules/libpaper.make > index b6ab2a71c9f1..ccd57cbf7d5c 100644 > --- a/rules/libpaper.make > +++ b/rules/libpaper.make > @@ -56,10 +56,10 @@ $(STATEDIR)/libpaper.targetinstall: > @$(call install_lib, libpaper, 0, 0, 0644, libpaper) > > ifdef PTXCONF_LIBPAPER_PAPERCONFIG > - @$(call install_copy, libpaper, 0, 0, 755, -, /usr/sbin/paperconfig) > + @$(call install_copy, libpaper, 0, 0, 0755, -, /usr/sbin/paperconfig) > endif > ifdef PTXCONF_LIBPAPER_PAPERCONF > - @$(call install_copy, libpaper, 0, 0, 755, -, /usr/bin/paperconf) > + @$(call install_copy, libpaper, 0, 0, 0755, -, /usr/bin/paperconf) > endif > > @$(call install_finish, libpaper) > diff --git a/rules/libsrtp.make b/rules/libsrtp.make > index 85d3d5766749..d6dd1d9243dd 100644 > --- a/rules/libsrtp.make > +++ b/rules/libsrtp.make > @@ -53,7 +53,7 @@ $(STATEDIR)/libsrtp.targetinstall: > @$(call install_fixup, libsrtp,AUTHOR,"Michael Olbrich ") > @$(call install_fixup, libsrtp,DESCRIPTION,missing) > > - @$(call install_lib, libsrtp, 0, 0, 644, libsrtp2) > + @$(call install_lib, libsrtp, 0, 0, 0644, libsrtp2) > > @$(call install_finish, libsrtp) > > diff --git a/rules/pango.make b/rules/pango.make > index cece8ab9bf33..e6deb92c9eaf 100644 > --- a/rules/pango.make > +++ b/rules/pango.make > @@ -52,7 +52,7 @@ $(STATEDIR)/pango.targetinstall: > @$(call install_lib, pango, 0, 0, 0644, libpangoft2-1.0) > @$(call install_lib, pango, 0, 0, 0644, libpangocairo-1.0) > ifdef PTXCONF_PANGO_INTROSPECTION > - @$(call install_copy, pango, 0, 0, 644, -, \ > + @$(call install_copy, pango, 0, 0, 0644, -, \ > /usr/lib/girepository-1.0/Pango-1.0.typelib) > endif > > diff --git a/rules/piglit.make b/rules/piglit.make > index 9ff721feb548..1f000cd467b0 100644 > --- a/rules/piglit.make > +++ b/rules/piglit.make > @@ -56,7 +56,7 @@ $(STATEDIR)/piglit.targetinstall: > @$(call install_fixup, piglit,AUTHOR,"Lucas Stach ") > @$(call install_fixup, piglit,DESCRIPTION,missing) > > - @$(call install_copy, piglit, 0, 0, 755, -, /usr/bin/piglit) > + @$(call install_copy, piglit, 0, 0, 0755, -, /usr/bin/piglit) > @$(call install_tree, piglit, 0, 0, -, /usr/lib/piglit, n) > > @$(call install_finish, piglit) > diff --git a/rules/polkit.make b/rules/polkit.make > index ac9b49e45ff2..4fa8d9c0edb1 100644 > --- a/rules/polkit.make > +++ b/rules/polkit.make > @@ -101,7 +101,7 @@ endif > /usr/libexec/polkit-agent-helper-1) > > # run-time > - @$(call install_copy, polkit, 0, 0, 700, /var/lib/polkit-1) > + @$(call install_copy, polkit, 0, 0, 0700, /var/lib/polkit-1) > > @$(call install_finish, polkit) > > diff --git a/rules/python.make b/rules/python.make > index 61642cf14069..6bb9ae8fda46 100644 > --- a/rules/python.make > +++ b/rules/python.make > @@ -192,12 +192,12 @@ $(STATEDIR)/python.targetinstall: > $(PYTHON_SKIP_LIST) \ > -a \( -name "*.so" -o -name "*.pyc" \) | \ > while read file; do \ > - $(call install_copy, python, 0, 0, 644, -, $${file##.}); \ > + $(call install_copy, python, 0, 0, 0644, -, $${file##.}); \ > done > > - @$(call install_copy, python, 0, 0, 755, -, /usr/bin/python$(PYTHON_MAJORMINOR)) > + @$(call install_copy, python, 0, 0, 0755, -, /usr/bin/python$(PYTHON_MAJORMINOR)) > @$(call install_link, python, python$(PYTHON_MAJORMINOR), /usr/bin/python2) > - @$(call install_lib, python, 0, 0, 644, libpython$(PYTHON_MAJORMINOR)) > + @$(call install_lib, python, 0, 0, 0644, libpython$(PYTHON_MAJORMINOR)) > > ifdef PTXCONF_PYTHON_SYMLINK > @$(call install_link, python, python$(PYTHON_MAJORMINOR), /usr/bin/python) > diff --git a/rules/python3.make b/rules/python3.make > index 0046d561de4e..ca2b5ded95b7 100644 > --- a/rules/python3.make > +++ b/rules/python3.make > @@ -163,11 +163,11 @@ $(STATEDIR)/python3.targetinstall: > @$(call install_glob, python3, 0, 0, -, /usr/lib/python$(PYTHON3_MAJORMINOR), \ > *.so *.pyc *.whl, */test */tests */__pycache__ $(PYTHON3_SKIP-y)) > > - @$(call install_copy, python3, 0, 0, 755, -, /usr/bin/python$(PYTHON3_MAJORMINOR)) > + @$(call install_copy, python3, 0, 0, 0755, -, /usr/bin/python$(PYTHON3_MAJORMINOR)) > @$(call install_link, python3, python$(PYTHON3_MAJORMINOR), /usr/bin/python3) > - @$(call install_lib, python3, 0, 0, 644, libpython$(PYTHON3_MAJORMINOR)m) > + @$(call install_lib, python3, 0, 0, 0644, libpython$(PYTHON3_MAJORMINOR)m) > > - @$(call install_copy, python3, 0, 0, 644, -, /usr/lib/python$(PYTHON3_MAJORMINOR)/venv/scripts/common/activate) > + @$(call install_copy, python3, 0, 0, 0644, -, /usr/lib/python$(PYTHON3_MAJORMINOR)/venv/scripts/common/activate) > > ifdef PTXCONF_PYTHON3_SYMLINK > @$(call install_link, python3, python$(PYTHON3_MAJORMINOR), /usr/bin/python) > diff --git a/rules/sdl2-test.make b/rules/sdl2-test.make > index 28a08dc30cea..5c92ebf6b583 100644 > --- a/rules/sdl2-test.make > +++ b/rules/sdl2-test.make > @@ -157,11 +157,11 @@ $(STATEDIR)/sdl2-test.targetinstall: > @$(call install_fixup, sdl2-test,DESCRIPTION,missing) > > @$(foreach file, $(SDL2_TEST_TOOLS), \ > - $(call install_copy, sdl2-test, 0, 0, 755, -, \ > + $(call install_copy, sdl2-test, 0, 0, 0755, -, \ > /usr/bin/sdl2tests/$(file))$(ptx/nl)) > > @$(foreach file, $(SDL2_TEST_DATA), \ > - $(call install_copy, sdl2-test, 0, 0, 644, -, \ > + $(call install_copy, sdl2-test, 0, 0, 0644, -, \ > /usr/bin/sdl2tests/$(file))$(ptx/nl)) > > @$(call install_finish, sdl2-test) > diff --git a/rules/strongswan.make b/rules/strongswan.make > index dddf8875474b..59de1cfdb714 100644 > --- a/rules/strongswan.make > +++ b/rules/strongswan.make > @@ -311,19 +311,19 @@ ifdef PTXCONF_STRONGSWAN_SWANCTL > @$(call install_lib, strongswan, 0, 0, 0644, libvici) > @$(call install_tree, strongswan, 0, 0, -, /etc/strongswan.d) > @$(call install_alternative, strongswan, 0, 0, 0644, /etc/swanctl/swanctl.conf) > - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/bliss) > - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/ecdsa) > - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs12) > - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/pkcs8) > - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/private) > - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/pubkey) > - @$(call install_copy, strongswan, 0, 0, 750, /etc/swanctl/rsa) > - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509) > - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509aa) > - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ac) > - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ca) > - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509crl) > - @$(call install_copy, strongswan, 0, 0, 755, /etc/swanctl/x509ocsp) > + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/bliss) > + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/ecdsa) > + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/pkcs12) > + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/pkcs8) > + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/private) > + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/pubkey) > + @$(call install_copy, strongswan, 0, 0, 0750, /etc/swanctl/rsa) > + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509) > + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509aa) > + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509ac) > + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509ca) > + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509crl) > + @$(call install_copy, strongswan, 0, 0, 0755, /etc/swanctl/x509ocsp) > endif > > @$(call install_copy, strongswan, 0, 0, 0644, /etc/ipsec.d/aacerts) > diff --git a/rules/sudo.make b/rules/sudo.make > index dd8c1bb67bc4..eb65060a7831 100644 > --- a/rules/sudo.make > +++ b/rules/sudo.make > @@ -137,7 +137,7 @@ ifdef PTXCONF_SUDO_INSTALL_ETC_SUDOERS > endif > > ifdef PTXCONF_SUDO_INSTALL_VISUDO > - @$(call install_copy, sudo, 0, 0, 755, -, /usr/sbin/visudo) > + @$(call install_copy, sudo, 0, 0, 0755, -, /usr/sbin/visudo) > endif > > @$(call install_finish, sudo) > diff --git a/rules/systemd.make b/rules/systemd.make > index a4f67fb03673..3cec84397f3e 100644 > --- a/rules/systemd.make > +++ b/rules/systemd.make > @@ -344,7 +344,7 @@ $(STATEDIR)/systemd.targetinstall: > > @$(call install_tree, systemd, 0, 0, -, /usr/lib/systemd/system-generators/) > @$(foreach helper, $(SYSTEMD_HELPER), \ > - $(call install_copy, systemd, 0, 0, 755, -, \ > + $(call install_copy, systemd, 0, 0, 0755, -, \ > /usr/lib/systemd/$(helper));) > > # # configuration > diff --git a/rules/xorg-font-ttf-caladea.make b/rules/xorg-font-ttf-caladea.make > index 61b22f8b5865..4d13ea88811d 100644 > --- a/rules/xorg-font-ttf-caladea.make > +++ b/rules/xorg-font-ttf-caladea.make > @@ -56,9 +56,9 @@ $(STATEDIR)/xorg-font-ttf-caladea.targetinstall: > @$(call install_fixup, xorg-font-ttf-caladea,AUTHOR,"Michael Olbrich ") > @$(call install_fixup, xorg-font-ttf-caladea,DESCRIPTION,missing) > > - @$(call install_alternative, xorg-font-ttf-caladea, 0, 0, 644, \ > + @$(call install_alternative, xorg-font-ttf-caladea, 0, 0, 0644, \ > /etc/fonts/conf.d/30-0-google-crosextra-caladea-fontconfig.conf) > - @$(call install_alternative, xorg-font-ttf-caladea, 0, 0, 644, \ > + @$(call install_alternative, xorg-font-ttf-caladea, 0, 0, 0644, \ > /etc/fonts/conf.d/62-google-crosextra-caladea-fontconfig.conf) > > @$(call install_tree, xorg-font-ttf-caladea, 0, 0, -, /usr) > diff --git a/rules/xorg-font-ttf-carlito.make b/rules/xorg-font-ttf-carlito.make > index a493c03c85df..d82a0d0d7c06 100644 > --- a/rules/xorg-font-ttf-carlito.make > +++ b/rules/xorg-font-ttf-carlito.make > @@ -56,9 +56,9 @@ $(STATEDIR)/xorg-font-ttf-carlito.targetinstall: > @$(call install_fixup, xorg-font-ttf-carlito,AUTHOR,"Michael Olbrich ") > @$(call install_fixup, xorg-font-ttf-carlito,DESCRIPTION,missing) > > - @$(call install_alternative, xorg-font-ttf-carlito, 0, 0, 644, \ > + @$(call install_alternative, xorg-font-ttf-carlito, 0, 0, 0644, \ > /etc/fonts/conf.d/30-0-google-crosextra-carlito-fontconfig.conf) > - @$(call install_alternative, xorg-font-ttf-carlito, 0, 0, 644, \ > + @$(call install_alternative, xorg-font-ttf-carlito, 0, 0, 0644, \ > /etc/fonts/conf.d/62-google-crosextra-carlito-fontconfig.conf) > > @$(call install_tree, xorg-font-ttf-carlito, 0, 0, -, /usr) _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de