Den 13:45 3. mars 2012 skrev Guillaume Rousse <[email protected]> følgende: > Le 02/03/2012 22:01, Per Øyvind Karlsen a écrit : > >> Den 21:51 2. mars 2012 skrev Maarten Vanraes<[email protected]> følgende: >>> >>> Op vrijdag 02 maart 2012 21:29:05 schreef Anssi Hannula: >>>> >>>> 02.03.2012 21:57, Maarten Vanraes kirjoitti: >>>>> >>>>> Op vrijdag 02 maart 2012 15:22:23 schreef Anssi Hannula: >>>>>> >>>>>> 02.03.2012 00:17, Maarten Vanraes kirjoitti: >>>>>>> >>>>>>> Op donderdag 01 maart 2012 23:05:35 schreef Anssi Hannula: >>>>>>> [...] >>>>>>> >>>>>>>>> does this mean debug info fails for these? >>>>>>>> >>>>>>>> >>>>>>>> I'm not immediately sure (I never remember how the debug/stripping >>>>>>>> stuff works exactly), but I think either a) debug symbols extraction >>>>>>>> and thus -debug packaging, b) stripping, or c) both will fail with >>>>>>>> non-executable shared libs. >>>>>>> >>>>>>> >>>>>>> in that case i guess we would need a policy or bs check to make sure >>>>>>> we >>>>>>> don't fail some libraries debug and strip >>>>>> >>>>>> >>>>>> Possibly. >>>>>> >>>>>> Interestingly, Debian policy disallows executable permission on shared >>>>>> libs: >>>>>> >>>>>> http://www.debian.org/doc/debian-policy/ch-sharedlibs.html#s-sharedlibs- >>>>>> ru ntime >>>>>> >>>>>> "Shared libraries should not be installed executable, since the >>>>>> dynamic >>>>>> linker does not require this and trying to execute a shared library >>>>>> usually results in a core dump." >>>>> >>>>> >>>>> which is sort of strange, since libc is actually executable by design. >>>>> >>>>> i see where they are coming from >>>>> >>>>> but i guess the first part of this is, why is there a find with >>>>> executable restrictions for the code relating to stripped binaries and >>>>> debug? >>>>> >>>>> is it because it's also used for real executables? >>>> >>>> >>>> I guess it is there just to speed up the process, otherwise it would >>>> have to run 'file' for every file in the package (and many packages have >>>> lots of files). >>> >>> >>> still, it seems kind of weird, there are rpmlint checks for unstripped >>> libraries, but i do have 34 libraries not marked as executable, while the >>> stripping+ debug seems to target only executables? >>> >>> i wonder if we should make another check library unset as executable or >>> even >>> check what happened with these libraries not marked as executable? >> >> I posted a link to a rpmlint patch implementing such a check to this >> thread two >> hours ago.. :p > > I don't much point to a check, when a rpm-helper scriptlet would be able to > automatically enforce any given permission set. I eventually reached that conclusion as well, especially as I ran into same issues with mono libraries as well..
I've just pushed a new spec-helper to cooker with the following script: http://svn.mandriva.com/viewvc/soft/rpm/spec-helper/trunk/fix_file_permissions?view=markup -- Regards, Per Øyvind
