subject:"Bug#796257\: dpkg\-dev\: dpkg\-source does not respect permissions from tarball when umask is set to 0002"

Bug#796257: dpkg-dev: dpkg-source does not respect permissions from tarball when umask is set to 0002

2018-10-10 Thread Ian Jackson

Stéphane writes:
> Concerning #390915, I don't agree with the way the original (LP
> #51468) bug was fixed.  Again, plain tar behaves correctly IMHO.

Sorry that I didn't reply at the time.  I found this bug again now.

I still think that the fix in #390915 is correct.  Unpacking source
code definitely ought to respect the user's umask.  Otherwise the
source will not be writeable to their collaborators, as intended.

That tar (often, depending on options) behaves differently is because
tar is trying to be several different kinds of utility in one.

I think a package build where the output file permissions depend on
the user's umask is a buggy package build.  (And this is not just a
reproducibility issue.)  This is what we have dh_fixperms for: to
manage the difference between source file and intermediate build
product permissions (which should respect the user's umask) and 
binary-package-in-preparation permissions (which need to be those
intended for the output package).

Does that make sense ?

Thanks,
Ian.

-- 
Ian JacksonThese opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Bug#796257: dpkg-dev: dpkg-source does not respect permissions from tarball when umask is set to 0002

2015-09-10 Thread Guillem Jover

Control: severity -1 wishlist

Hi!

On Thu, 2015-08-20 at 22:14:48 +0200, Stéphane Glondu wrote:
> Package: dpkg-dev
> Version: 1.18.2
> Severity: normal
> User: reproducible-bui...@lists.alioth.debian.org
> Usertags: umask toolchain

> $ umask 0002
> $ apt-get source hello
> $ ll hello-2.10|head -n5
> total 1008K
> -rw-rw-r-- 1 steph steph  92K nov.  16  2014 ABOUT-NLS
> -rw-rw-r-- 1 steph steph  43K nov.  16  2014 aclocal.m4
> -rw-rw-r-- 1 steph steph  593 juil. 19  2014 AUTHORS
> drwxrwxr-x 3 steph steph 4,0K nov.  16  2014 build-aux
> $ rm -rf hello-2.10
> $ tar xf hello_2.10.orig.tar.gz
> $ ll hello-2.10|head -n5
> total 1004K
> -rw-r--r-- 1 steph steph  92K nov.  16  2014 ABOUT-NLS
> -rw-r--r-- 1 steph steph  43K nov.  16  2014 aclocal.m4
> -rw-r--r-- 1 steph steph  593 juil. 19  2014 AUTHORS
> drwxr-xr-x 3 steph steph 4,0K nov.  16  2014 build-aux
> 
> I expect the same behaviour w.r.t. permissions with dpkg-source and
> tar.

Hmmm, well, tar only fully preserves owners and permissions when running
as root. I did some digging on this and now I'm a bit conflicted, this
was implemente on purpose due to bugs #390915 and #207289.

The actual commit is
.

I'll have to think about it a bit more I guess.

Thanks,
Guillem

Bug#796257: dpkg-dev: dpkg-source does not respect permissions from tarball when umask is set to 0002

2015-09-10 Thread Stéphane Glondu

Le 10/09/2015 14:53, Guillem Jover a écrit :
>> $ umask 0002
>> $ apt-get source hello
>> $ ll hello-2.10|head -n5
>> total 1008K
>> -rw-rw-r-- 1 steph steph  92K nov.  16  2014 ABOUT-NLS
>> -rw-rw-r-- 1 steph steph  43K nov.  16  2014 aclocal.m4
>> -rw-rw-r-- 1 steph steph  593 juil. 19  2014 AUTHORS
>> drwxrwxr-x 3 steph steph 4,0K nov.  16  2014 build-aux
>> $ rm -rf hello-2.10
>> $ tar xf hello_2.10.orig.tar.gz
>> $ ll hello-2.10|head -n5
>> total 1004K
>> -rw-r--r-- 1 steph steph  92K nov.  16  2014 ABOUT-NLS
>> -rw-r--r-- 1 steph steph  43K nov.  16  2014 aclocal.m4
>> -rw-r--r-- 1 steph steph  593 juil. 19  2014 AUTHORS
>> drwxr-xr-x 3 steph steph 4,0K nov.  16  2014 build-aux
>>
>> I expect the same behaviour w.r.t. permissions with dpkg-source and
>> tar.
> 
> Hmmm, well, tar only fully preserves owners and permissions when running
> as root. [...]

Owners are not preserved, but permissions are. The commands above were
run as non-root.

> [...] I did some digging on this and now I'm a bit conflicted, this
> was implemente on purpose due to bugs #390915 and #207289.
> 
> The actual commit is
> .
> 
> I'll have to think about it a bit more I guess.

Besides, the behaviour is documented in dpkg-source's manual (--extract
section). But I don't agree with it. CC'ing Ian Jackson, as he seems to
be the author of this. Maybe he can explain this behaviour.

Concerning #390915, I don't agree with the way the original (LP #51468)
bug was fixed. Again, plain tar behaves correctly IMHO.

Concerning #207289, I would say that the upstream tarball was at fault
and repacking it was the right solution.


Cheers,

-- 
Stéphane

Bug#796257: dpkg-dev: dpkg-source does not respect permissions from tarball when umask is set to 0002

2015-08-20 Thread Stéphane Glondu

Package: dpkg-dev
Version: 1.18.2
Severity: normal
User: reproducible-bui...@lists.alioth.debian.org
Usertags: umask toolchain

Dear Maintainer,

$ umask 0002
$ apt-get source hello
$ ll hello-2.10|head -n5
total 1008K
-rw-rw-r-- 1 steph steph  92K nov.  16  2014 ABOUT-NLS
-rw-rw-r-- 1 steph steph  43K nov.  16  2014 aclocal.m4
-rw-rw-r-- 1 steph steph  593 juil. 19  2014 AUTHORS
drwxrwxr-x 3 steph steph 4,0K nov.  16  2014 build-aux
$ rm -rf hello-2.10
$ tar xf hello_2.10.orig.tar.gz
$ ll hello-2.10|head -n5
total 1004K
-rw-r--r-- 1 steph steph  92K nov.  16  2014 ABOUT-NLS
-rw-r--r-- 1 steph steph  43K nov.  16  2014 aclocal.m4
-rw-r--r-- 1 steph steph  593 juil. 19  2014 AUTHORS
drwxr-xr-x 3 steph steph 4,0K nov.  16  2014 build-aux

I expect the same behaviour w.r.t. permissions with dpkg-source and
tar.

Cheers,

-- 
Stéphane


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dpkg-dev depends on:
ii  base-files9.2
ii  binutils  2.25.1-1
ii  bzip2 1.0.6-8
ii  libdpkg-perl  1.18.2
ii  make  4.0-8.1
ii  patch 2.7.5-1
ii  xz-utils  5.1.1alpha+20120614-2.1

Versions of packages dpkg-dev recommends:
ii  build-essential  11.7
ii  fakeroot 1.20.2-1
ii  gcc [c-compiler] 4:4.9.2-4
ii  gcc-4.8 [c-compiler] 4.8.4-4
ii  gcc-4.9 [c-compiler] 4.9.3-3
ii  gnupg1.4.19-3
ii  gnupg2   2.0.28-3
ii  gpgv 1.4.19-3
ii  libalgorithm-merge-perl  0.08-2

Versions of packages dpkg-dev suggests:
ii  debian-keyring  2015.08.13

-- no debconf information

Bug#796257: dpkg-dev: dpkg-source does not respect permissions from tarball when umask is set to 0002

Bug#796257: dpkg-dev: dpkg-source does not respect permissions from tarball when umask is set to 0002

Bug#796257: dpkg-dev: dpkg-source does not respect permissions from tarball when umask is set to 0002

Bug#796257: dpkg-dev: dpkg-source does not respect permissions from tarball when umask is set to 0002

4 matches

Site Navigation

Mail list logo

Footer information