On Mon, 2008-11-10 at 12:32 -0600, Jason L Tibbitts III wrote:
Here's a package from a recent review:
http://www.math.uh.edu/~tibbs/rpms/cave9-0.3-2.bog9.src.rpm
When build locally, the included file /usr/bin/cave9 has mode 0775.
When built in koji
(
http://koji.fedoraproject.org/koji/taskinfo?taskID=924911) the file
has mode 0755.
My local machine has mock-0.9.9-1.fc9.noarch. I am using the caching
stuff, and my configuration files have been modified to point to local
package mirrors and to set basedir to /mock which is a 10G tmpfs with
the same permissions as /var/lib/mock. Those permissions happen to be
2775; that's probably coincidental but I guess you never know.
I think the main point to take away from this is that relying on umask
of systems to set the permissions of your files correctly is fragile at
best, dangerous at worst. Umask can and does change from host to host
so the build output is unreliable. Permissions in package builds should
be set explicitly at either the %install phase or the %files phase.
This likely needs a big sweeping cleanup action on our existing
packages, but catching this on new packages is a start.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca:
http://identi.ca/jkeating