Trying to figure out some umask issues
Jesse Keating
jkeating at redhat.com
Mon Nov 10 18:36:55 UTC 2008
On Mon, 2008-11-10 at 12:32 -0600, Jason L Tibbitts III wrote:
> Here's a package from a recent review:
> http://www.math.uh.edu/~tibbs/rpms/cave9-0.3-2.bog9.src.rpm
>
> When build locally, the included file /usr/bin/cave9 has mode 0775.
> When built in koji
> (http://koji.fedoraproject.org/koji/taskinfo?taskID=924911) the file
> has mode 0755.
>
> My local machine has mock-0.9.9-1.fc9.noarch. I am using the caching
> stuff, and my configuration files have been modified to point to local
> package mirrors and to set basedir to /mock which is a 10G tmpfs with
> the same permissions as /var/lib/mock. Those permissions happen to be
> 2775; that's probably coincidental but I guess you never know.
I think the main point to take away from this is that relying on umask
of systems to set the permissions of your files correctly is fragile at
best, dangerous at worst. Umask can and does change from host to host
so the build output is unreliable. Permissions in package builds should
be set explicitly at either the %install phase or the %files phase.
This likely needs a big sweeping cleanup action on our existing
packages, but catching this on new packages is a start.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-buildsys-list/attachments/20081110/47839c3d/attachment.sig>
More information about the Fedora-buildsys-list
mailing list