[pacman-dev] [PATCH] Remove setgid bit on srcdir/pkgdir creation
Allan McRae
allan at archlinux.org
Wed Jan 20 01:10:38 EST 2010
Dan McGee wrote:
> On Tue, Jan 19, 2010 at 11:51 PM, Allan McRae <allan at archlinux.org> wrote:
>> Dan McGee wrote:
>>> On Tue, Jan 19, 2010 at 11:25 PM, Dan McGee <dan at archlinux.org> wrote:
>>>> It was noted in FS#17533 that setgid bits are carried down into any
>>>> created
>>>> subdirectories, and thus could end up being in a built package if the
>>>> original package directory was marked g+s. When we create src/ and pkg/,
>>>> explicitly chmod them to remove any sticky bits.
>>>>
>>>> Signed-off-by: Dan McGee <dan at archlinux.org>
>>>> ---
>>> I forgot to add here that I wasn't particularly happy I had to add an
>>> additional command in 6 places. Do we know why we create these
>>> directories so much? Some of them are probably unnecessary...
>>>
>>> -Dan
>> Some of them are because $pkgdir does change its value with package
>> splitting, so we have one for $startdir/pkg and then another for
>> $startdir/pkg/{pkg1,pkg2...}. Then there is whether or not we do the
>> packaging in fakeroot, which is in a 10 line for loop that is duplicated and
>> could be refactored.
>>
>> The creation of $srcdir is done either before downloading sources,
>> performing integrity checks or creating a source package. These could all
>> go in the download_sources function, but if my skipinteg patches are
>> included, we will need the one back for creating a source package.
>>
>> So 4/6 are needed...
>
> Oh wow, OK. So with that said, does this patch look like it will
> actually work for what it set out to do? :P
Yes it does! It is either that, or we create those directories using:
mkdir -p -m u=rwx,go=rx,a-s "$srcdir"
which works but may not be as portable?
Allan
More information about the pacman-dev
mailing list