On linux, a symlink can only have permissions 0777 (lrwxrwxrwx)

But on at least kfreebsd (maybe hurd?) there is no such limitation, and
permissions are set like any regular file.  That also means the umask is
applied...  and tar and dpkg-deb preserve this.

This proves to be an issue for:
  * reproducible builds on kfreebsd, affected by user's umask
  * reproducing arch:all packages between linux<->kfreebsd
  * reproducing linux packages by cross-building from kfreebsd

I think we should normalise symlinks' permissions to 0777, except GNU
chmod can't do that!  (chmod follows the symlink, and has no -h flag).

Adding a -h (no dereference) option to chmod would allow dh_fixperms to
use that.  But (as pointed out in #759886) adding things there does not
help packages not using debhelper, or other uses of tar.

Would this be best added as a feature to tar, that dpkg-deb can use?
Probably a new flag, that would apply --mode a=rwx only to symlinks.

Or are there other ideas how to fix this?

Steven Chamberlain

Attachment: signature.asc
Description: Digital signature

Reproducible-builds mailing list

Reply via email to