Hi all, I wrote a patch for http://www.cmake.org/Bug/view.php?id=14714 which add support for defining RPM package default user, group, file permissions and directory permissions (default file and dir permissions accept the same values that are defined for install command PERMISSIONS without SETUID and SETGID).
This patch is somewhat related to http://public.kitware.com/pipermail/cmake/2014-December/059460.html (bug report: http://www.cmake.org/Bug/view.php?id=3602) as it defines user and group that should be used for RPM content but on a per RPM scale since it is not possible to define it in install command. My question is if such functionality would be useful for other CPack packagers as well? If yes for default user and group I would suggest adding the following variables to CPack and the attached patch: CPACK_DEFAULT_USER and CPACK_<compName>_DEFAULT_USER for default user setting CPACK_DEFAULT_GROUP and CPACK_<compName>_DEFAULT_GROUP for default group setting and if there would also be interest in default permissions also: CPACK_DEFAULT_FILE_PERMISSIONS and CPACK_<compName>_DEFAULT_FILE_PERMISSIONS for default file permissions and CPACK_DEFAULT_DIR_PERMISSIONS and CPACK_<compName>_DEFAULT_DIR_PERMISSIONS for default directory permissions Regards, Domen
From 8a7981b4e710cbcf730eb30f16fc205992cf68d2 Mon Sep 17 00:00:00 2001 From: Domen Vrankar <[email protected]> Date: Tue, 13 Jan 2015 00:22:02 +0100 Subject: [PATCH] cpack rpm setting of defattr RPM supports setting of default user, group, file and directory permissions that will be applied for files in package unless specified per file/dir with attr setting --- Modules/CPackRPM.cmake | 125 ++++++++++++++++++++- .../MyLibCPackConfig-IgnoreGroup.cmake.in | 11 ++ .../RunCPackVerifyResult.cmake | 25 +++++ 3 files changed, 160 insertions(+), 1 deletion(-) diff --git a/Modules/CPackRPM.cmake b/Modules/CPackRPM.cmake index d2cb2ee..a2a3be0 100644 --- a/Modules/CPackRPM.cmake +++ b/Modules/CPackRPM.cmake @@ -379,6 +379,54 @@ # # May be used to add more exclude path (directories or files) from the initial # default list of excluded paths. See CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST. +# +# .. variable:: CPACK_RPM_DEFAULT_USER +# CPACK_RPM_<compName>_DEFAULT_USER +# +# default user ownership of RPM content +# +# * Mandatory : NO +# * Default : root +# +# Value should be user name and not UID. +# Note that <compName> must be in upper-case. +# +# .. variable:: CPACK_RPM_DEFAULT_GROUP +# CPACK_RPM_<compName>_DEFAULT_GROUP +# +# default group ownership of RPM content +# +# * Mandatory : NO +# * Default : root +# +# Value should be group name and not GID. +# Note that <compName> must be in upper-case. +# +# .. variable:: CPACK_RPM_DEFAULT_FILE_PERMISSIONS +# CPACK_RPM_<compName>_DEFAULT_FILE_PERMISSIONS +# +# default permissions used for packaged files +# +# * Mandatory : NO +# * Default : - (system default) +# +# Accepted values are lists with PERMISSIONS. Valid permissions +# are OWNER_READ, OWNER_WRITE, OWNER_EXECUTE, GROUP_READ, +# GROUP_WRITE, GROUP_EXECUTE, WORLD_READ, WORLD_WRITE and WORLD_EXECUTE. +# Note that <compName> must be in upper-case. +# +# .. variable:: CPACK_RPM_DEFAULT_DIR_PERMISSIONS +# CPACK_RPM_<compName>_DEFAULT_DIR_PERMISSIONS +# +# default permissions used for packaged directories +# +# * Mandatory : NO +# * Default : - (system default) +# +# Accepted values are lists with PERMISSIONS. Valid permissions +# are OWNER_READ, OWNER_WRITE, OWNER_EXECUTE, GROUP_READ, +# GROUP_WRITE, GROUP_EXECUTE, WORLD_READ, WORLD_WRITE and WORLD_EXECUTE. +# Note that <compName> must be in upper-case. #============================================================================= # Copyright 2007-2009 Kitware, Inc. @@ -395,6 +443,51 @@ # Author: Eric Noulard with the help of Alexander Neundorf. +function(get_unix_permissions_octal_notation PERMISSIONS_VAR RETURN_VAR) + set(PERMISSIONS ${${PERMISSIONS_VAR}}) + list(LENGTH PERMISSIONS PERM_LEN_PRE) + list(REMOVE_DUPLICATES PERMISSIONS) + list(LENGTH PERMISSIONS PERM_LEN_POST) + + if(${PERM_LEN_PRE} EQUAL ${PERM_LEN_POST}) + set(OWNER_PERMISSIONS 0) + set(GROUP_PERMISSIONS 0) + set(WORLD_PERMISSIONS 0) + + foreach(PERMISSION ${PERMISSIONS}) + if("${PERMISSION}" STREQUAL "OWNER_READ") + math(EXPR OWNER_PERMISSIONS "${OWNER_PERMISSIONS} + 4") + elseif("${PERMISSION}" STREQUAL "OWNER_WRITE") + math(EXPR OWNER_PERMISSIONS "${OWNER_PERMISSIONS} + 2") + elseif("${PERMISSION}" STREQUAL "OWNER_EXECUTE") + math(EXPR OWNER_PERMISSIONS "${OWNER_PERMISSIONS} + 1") + elseif("${PERMISSION}" STREQUAL "GROUP_READ") + math(EXPR GROUP_PERMISSIONS "${GROUP_PERMISSIONS} + 4") + elseif("${PERMISSION}" STREQUAL "GROUP_WRITE") + math(EXPR GROUP_PERMISSIONS "${GROUP_PERMISSIONS} + 2") + elseif("${PERMISSION}" STREQUAL "GROUP_EXECUTE") + math(EXPR GROUP_PERMISSIONS "${GROUP_PERMISSIONS} + 1") + elseif("${PERMISSION}" STREQUAL "WORLD_READ") + math(EXPR WORLD_PERMISSIONS "${WORLD_PERMISSIONS} + 4") + elseif("${PERMISSION}" STREQUAL "WORLD_WRITE") + math(EXPR WORLD_PERMISSIONS "${WORLD_PERMISSIONS} + 2") + elseif("${PERMISSION}" STREQUAL "WORLD_EXECUTE") + math(EXPR WORLD_PERMISSIONS "${WORLD_PERMISSIONS} + 1") + else() + set(INVALID_PERMISSIONS TRUE) + endif() + endforeach() + + if(NOT INVALID_PERMISSIONS) + set(${RETURN_VAR} "${OWNER_PERMISSIONS}${GROUP_PERMISSIONS}${WORLD_PERMISSIONS}" PARENT_SCOPE) + else() + set(${RETURN_VAR} "INVALID" PARENT_SCOPE) + endif() + else() + set(${RETURN_VAR} "DUPLICATE" PARENT_SCOPE) + endif() +endfunction() + if(CMAKE_BINARY_DIR) message(FATAL_ERROR "CPackRPM.cmake may only be used by CPack internally.") endif() @@ -1023,6 +1116,36 @@ else() set(CPACK_RPM_ABSOLUTE_INSTALL_FILES "") endif() +# set default user and group +foreach(_PERM_TYPE "USER" "GROUP") + if(CPACK_RPM_${CPACK_RPM_PACKAGE_COMPONENT_UPPER}_DEFAULT_${_PERM_TYPE}) + set(TMP_DEFAULT_${_PERM_TYPE} "${CPACK_RPM_${CPACK_RPM_PACKAGE_COMPONENT_UPPER}_DEFAULT_${_PERM_TYPE}}") + elseif(CPACK_RPM_DEFAULT_${_PERM_TYPE}) + set(TMP_DEFAULT_${_PERM_TYPE} "${CPACK_RPM_DEFAULT_${_PERM_TYPE}}") + else() + set(TMP_DEFAULT_${_PERM_TYPE} "root") + endif() +endforeach() + +# set default file and dir permissions +foreach(_PERM_TYPE "FILE" "DIR") + if(CPACK_RPM_${CPACK_RPM_PACKAGE_COMPONENT_UPPER}_DEFAULT_${_PERM_TYPE}_PERMISSIONS) + get_unix_permissions_octal_notation("CPACK_RPM_${CPACK_RPM_PACKAGE_COMPONENT_UPPER}_DEFAULT_${_PERM_TYPE}_PERMISSIONS" "TMP_DEFAULT_${_PERM_TYPE}_PERMISSIONS") + set(_PERMISSIONS_VAR "CPACK_RPM_${CPACK_RPM_PACKAGE_COMPONENT_UPPER}_DEFAULT_${_PERM_TYPE}_PERMISSIONS") + elseif(CPACK_RPM_DEFAULT_${_PERM_TYPE}_PERMISSIONS) + get_unix_permissions_octal_notation("CPACK_RPM_DEFAULT_${_PERM_TYPE}_PERMISSIONS" "TMP_DEFAULT_${_PERM_TYPE}_PERMISSIONS") + set(_PERMISSIONS_VAR "CPACK_RPM_DEFAULT_${_PERM_TYPE}_PERMISSIONS") + else() + set(TMP_DEFAULT_${_PERM_TYPE}_PERMISSIONS "-") + endif() + + if("${TMP_DEFAULT_${_PERM_TYPE}_PERMISSIONS}" STREQUAL "INVALID") + message(FATAL_ERROR "${_PERMISSIONS_VAR} contains invalid values.") + elseif("${TMP_DEFAULT_${_PERM_TYPE}_PERMISSIONS}" STREQUAL "DUPLICATE") + message(FATAL_ERROR "${_PERMISSIONS_VAR} contains duplicate values.") + endif() +endforeach() + # Prepend directories in ${CPACK_RPM_INSTALL_FILES} with %dir # This is necessary to avoid duplicate files since rpmbuild do # recursion on its own when encountering a pathname which is a directory @@ -1145,7 +1268,7 @@ mv \"\@CPACK_TOPLEVEL_DIRECTORY\@/tmpBBroot\" $RPM_BUILD_ROOT \@CPACK_RPM_SPEC_PREUNINSTALL\@ %files -%defattr(-,root,root,-) +%defattr(\@TMP_DEFAULT_FILE_PERMISSIONS\@,\@TMP_DEFAULT_USER\@,\@TMP_DEFAULT_GROUP\@,\@TMP_DEFAULT_DIR_PERMISSIONS\@) \@CPACK_RPM_INSTALL_FILES\@ \@CPACK_RPM_ABSOLUTE_INSTALL_FILES\@ \@CPACK_RPM_USER_INSTALL_FILES\@ diff --git a/Tests/CPackComponentsForAll/MyLibCPackConfig-IgnoreGroup.cmake.in b/Tests/CPackComponentsForAll/MyLibCPackConfig-IgnoreGroup.cmake.in index 8c01b32..f4af491 100644 --- a/Tests/CPackComponentsForAll/MyLibCPackConfig-IgnoreGroup.cmake.in +++ b/Tests/CPackComponentsForAll/MyLibCPackConfig-IgnoreGroup.cmake.in @@ -15,6 +15,17 @@ if(CPACK_GENERATOR MATCHES "RPM") # test package description override set(CPACK_RPM_libraries_PACKAGE_DESCRIPTION "libraries description") + + set(CPACK_RPM_DEFAULT_USER defusr) + set(CPACK_RPM_DEFAULT_GROUP defgrp) + set(CPACK_RPM_DEFAULT_FILE_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE + GROUP_READ WORLD_READ) + set(CPACK_RPM_DEFAULT_DIR_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE + GROUP_READ WORLD_READ) + set(CPACK_RPM_LIBRARIES_DEFAULT_USER user) + set(CPACK_RPM_APPLICATIONS_DEFAULT_GROUP group) + set(CPACK_RPM_LIBRARIES_DEFAULT_FILE_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE) + set(CPACK_RPM_APPLICATIONS_DEFAULT_DIR_PERMISSIONS OWNER_READ GROUP_READ WORLD_READ) endif() if(CPACK_GENERATOR MATCHES "DEB") diff --git a/Tests/CPackComponentsForAll/RunCPackVerifyResult.cmake b/Tests/CPackComponentsForAll/RunCPackVerifyResult.cmake index 4d56218..8604146 100644 --- a/Tests/CPackComponentsForAll/RunCPackVerifyResult.cmake +++ b/Tests/CPackComponentsForAll/RunCPackVerifyResult.cmake @@ -146,6 +146,7 @@ if(CPackGen MATCHES "RPM") string(REGEX MATCH ".*applications.*" check_file_applications_match ${check_file}) string(REGEX MATCH ".*Unspecified.*" check_file_Unspecified_match ${check_file}) + # validate summary and description execute_process(COMMAND ${RPM_EXECUTABLE} -pqi ${check_file} OUTPUT_VARIABLE check_file_content ERROR_QUIET @@ -178,6 +179,30 @@ if(CPackGen MATCHES "RPM") if(NOT check_file_match_description) message(FATAL_ERROR "error: '${check_file}' rpm package description does not match expected value - regex '${check_file_match_expected_description}'") endif() + + # validate permissions user and group + execute_process(COMMAND ${RPM_EXECUTABLE} -pqlv ${check_file} + OUTPUT_VARIABLE check_file_content + ERROR_QUIET + OUTPUT_STRIP_TRAILING_WHITESPACE) + + if(check_file_libraries_match) + set(check_file_match_expected_permissions ".*-rwx------.*user.*defgrp.*") + elseif(check_file_headers_match) + set(check_file_match_expected_permissions ".*-rwxr--r--.*defusr.*defgrp.*") + elseif(check_file_applications_match) + set(check_file_match_expected_permissions ".*-rwxr--r--.*defusr.*group.*") + elseif(check_file_Unspecified_match) + set(check_file_match_expected_permissions ".*-rwxr--r--.*defusr.*defgrp.*") + else() + message(FATAL_ERROR "error: unexpected rpm package '${check_file}'") + endif() + + string(REGEX MATCH ${check_file_match_expected_permissions} check_file_match_permissions ${check_file_content}) + + if(NOT check_file_match_permissions) + message(FATAL_ERROR "error: '${check_file}' rpm package permissions do not match expected value - regex '${check_file_match_expected_permissions}'") + endif() endforeach() elseif(${CPackComponentWay} STREQUAL "IgnoreGroup") endif() -- 2.1.0
-- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: http://public.kitware.com/mailman/listinfo/cmake-developers
