[cmake-developers] [CPackDeb][libarchive] removing use of fakeroot and supporting UID/GID/UNAME etc in libarchive
Raffi Enficiaud
raffi.enficiaud at mines-paris.org
Tue Sep 15 08:15:33 EDT 2015
Le 15/09/15 11:00, Domen Vrankar a écrit :
>
> Sounds good.
> Those rules are written as guidelines and I'm not certain how often
> they are broken so could you also add a single variable for toggling
> between defaults described above and using file permissions as
> provided?
>
I think those are not really just "guidelines" if you want ever your
source package be published with a cmake toolchain (severity "serious").
Please find attached the "feature" based onto 68dba7f. I added the
variable CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION and its
component counterpart for controlling strict behaviour on the files
added to control.tar.gz .
I added a test over lintian again, as I think lintian is the official
tool for checking those things.
Please note that I was not able to check the produced documentation
(although I updated it). I would be happy if you can do it, otherwise I
will do tonight.
Thanks!
Raffi
PS.: what about the other patches?
-------------- next part --------------
>From 36f273c1e07651060deaea3b576150151ed65818 Mon Sep 17 00:00:00 2001
From: Raffi Enficiaud <raffi.enficiaud at mines-paris.org>
Date: Tue, 15 Sep 2015 11:26:53 +0200
Subject: [PATCH] fixUp! permissions on control files and strict Debian rules
variable
---
Modules/CPackDeb.cmake | 30 ++++++++++++++++++++++---
Source/CPack/cmCPackDebGenerator.cxx | 39 ++++++++++++++++++++++++++++++---
Tests/CPackComponentsDEB/CMakeLists.txt | 19 ++++++++++++++++
3 files changed, 82 insertions(+), 6 deletions(-)
diff --git a/Modules/CPackDeb.cmake b/Modules/CPackDeb.cmake
index 754df91..43b49f8 100644
--- a/Modules/CPackDeb.cmake
+++ b/Modules/CPackDeb.cmake
@@ -330,9 +330,30 @@
# .. note::
#
# The original permissions of the files will be used in the final
-# package. In particular, the scripts should have the proper executable
+# package unless the variable
+# :variable:`CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION` is set.
+# In particular, the scripts should have the proper executable
# flag prior to the generation of the package.
-
+#
+# .. variable:: CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION
+# CPACK_DEBIAN_<COMPONENT>_PACKAGE_CONTROL_STRICT_PERMISSION
+#
+# This variable indicates if the Debian policy on control files should be
+# strictly followed.
+#
+# * Mandatory : NO
+# * Default : FALSE
+#
+# Usage::
+#
+# set(CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION TRUE)
+#
+# .. note::
+#
+# This overrides the permissions on the original files, following the rules
+# set by Debian policy
+# https://www.debian.org/doc/debian-policy/ch-files.html#s-permissions-owners
+#
#=============================================================================
# Copyright 2007-2009 Kitware, Inc.
@@ -636,7 +657,7 @@ function(cpack_deb_prepare_package_vars)
# Are we packaging components ?
if(CPACK_DEB_PACKAGE_COMPONENT)
# override values with per component version if set
- foreach(VAR_NAME_ "PACKAGE_CONTROL_EXTRA")
+ foreach(VAR_NAME_ "PACKAGE_CONTROL_EXTRA" "PACKAGE_CONTROL_STRICT_PERMISSION")
if(CPACK_DEBIAN_${_local_component_name}_${VAR_NAME_})
set(CPACK_DEBIAN_${VAR_NAME_} "${CPACK_DEBIAN_${_local_component_name}_${VAR_NAME_}}")
endif()
@@ -658,6 +679,7 @@ function(cpack_deb_prepare_package_vars)
message("CPackDeb:Debug: CPACK_PACKAGE_FILE_NAME = ${CPACK_PACKAGE_FILE_NAME}")
message("CPackDeb:Debug: CPACK_PACKAGE_INSTALL_DIRECTORY = ${CPACK_PACKAGE_INSTALL_DIRECTORY}")
message("CPackDeb:Debug: CPACK_TEMPORARY_PACKAGE_FILE_NAME = ${CPACK_TEMPORARY_PACKAGE_FILE_NAME}")
+ message("CPackDeb:Debug: CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION = ${CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION}")
endif()
# For debian source packages:
@@ -694,6 +716,8 @@ function(cpack_deb_prepare_package_vars)
set(GEN_CPACK_DEBIAN_PACKAGE_PROVIDES "${CPACK_DEBIAN_PACKAGE_PROVIDES}" PARENT_SCOPE)
set(GEN_CPACK_DEBIAN_PACKAGE_REPLACES "${CPACK_DEBIAN_PACKAGE_REPLACES}" PARENT_SCOPE)
set(GEN_CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA "${CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA}" PARENT_SCOPE)
+ set(GEN_CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION
+ "${CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION}" PARENT_SCOPE)
set(GEN_WDIR "${WDIR}" PARENT_SCOPE)
endfunction()
diff --git a/Source/CPack/cmCPackDebGenerator.cxx b/Source/CPack/cmCPackDebGenerator.cxx
index 981d86d..b497b65 100644
--- a/Source/CPack/cmCPackDebGenerator.cxx
+++ b/Source/CPack/cmCPackDebGenerator.cxx
@@ -576,9 +576,18 @@ int cmCPackDebGenerator::createDeb()
control_tar.SetUNAME("root");
control_tar.SetGNAME("root");
- // set md5sum file permissions to RW-R--R-- so that deb lintian
- // doesn't warn about it
- control_tar.SetPermissions(S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+ // permissions are set according to
+// https://www.debian.org/doc/debian-policy/ch-files.html#s-permissions-owners
+ // and
+ // https://lintian.debian.org/tags/control-file-has-bad-permissions.html
+ const mode_t permission644 = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
+ const mode_t permissionExecute = S_IXUSR | S_IXGRP | S_IXOTH;
+ const mode_t permission755 = permission644 | permissionExecute;
+
+ // for md5sum and control (that we have generated here), we use 644
+ // (RW-R--R--)
+ // so that deb lintian doesn't warn about it
+ control_tar.SetPermissions(permission644);
// adds control and md5sums
if( !control_tar.Add(md5filename, strGenWDIR.length(), ".")
@@ -593,12 +602,28 @@ int cmCPackDebGenerator::createDeb()
return 0;
}
+ // for the other files, we use
+ // -either the original permission on the files
+ // -either a permission strictly defined by the Debian policies
const char* controlExtra =
this->GetOption("GEN_CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA");
if( controlExtra )
{
// permissions are now controlled by the original file permissions
+
+ const bool permissionStrictPolicy =
+ this->IsSet("GEN_CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION");
+
+ static const char* strictFiles[] = {
+ "config", "postinst", "postrm", "preinst", "prerm"
+ };
+ std::set<std::string> setStrictFiles(
+ strictFiles,
+ strictFiles + sizeof(strictFiles)/sizeof(strictFiles[0]));
+
+ // default
control_tar.SetPermissions(-1);
+
std::vector<std::string> controlExtraList;
cmSystemTools::ExpandListArgument(controlExtra, controlExtraList);
for(std::vector<std::string>::iterator i = controlExtraList.begin();
@@ -608,6 +633,14 @@ int cmCPackDebGenerator::createDeb()
cmsys::SystemTools::GetFilenameName(*i);
std::string localcopy = strGenWDIR + "/" + filenamename;
+
+ if(permissionStrictPolicy)
+ {
+ control_tar.SetPermissions(setStrictFiles.count(filenamename) ?
+ permission755 : permission644);
+ }
+
+
// if we can copy the file, it means it does exist, let's add it:
if( cmsys::SystemTools::CopyFileIfDifferent(*i, localcopy) )
{
diff --git a/Tests/CPackComponentsDEB/CMakeLists.txt b/Tests/CPackComponentsDEB/CMakeLists.txt
index 5c4eeab..5a5d626 100644
--- a/Tests/CPackComponentsDEB/CMakeLists.txt
+++ b/Tests/CPackComponentsDEB/CMakeLists.txt
@@ -80,6 +80,25 @@ set(CPACK_COMPONENT_HEADERS_DESCRIPTION
# depend on the libraries component.
set(CPACK_COMPONENT_HEADERS_DEPENDS libraries)
+# creates preinst/prerm scripts with specific permissions. Those permissions
+# (especially executable) should be in the final archive
+find_program(CHMOD_PROG chmod)
+if(CHMOD_PROG)
+ file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/preinst "echo default_preinst")
+ file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/prerm "echo default_prerm")
+
+ # Those should have 755 permission normally. We mess it up to see if
+ # CPACK_DEBIAN_APPLICATIONS_PACKAGE_CONTROL_STRICT_PERMISSION is able to fix
+ # it.
+ execute_process(COMMAND ${CHMOD_PROG} 640 ${CMAKE_CURRENT_BINARY_DIR}/preinst)
+ execute_process(COMMAND ${CHMOD_PROG} 640 ${CMAKE_CURRENT_BINARY_DIR}/prerm)
+
+ set(CPACK_DEBIAN_APPLICATIONS_PACKAGE_CONTROL_EXTRA
+ "${CMAKE_CURRENT_BINARY_DIR}/preinst;${CMAKE_CURRENT_BINARY_DIR}/prerm")
+
+ set(CPACK_DEBIAN_APPLICATIONS_PACKAGE_CONTROL_STRICT_PERMISSION TRUE)
+endif()
+
# We may use the CPack specific config file in order
# to tailor CPack behavior on a CPack generator specific way
# (Behavior would be different for RPM or TGZ or DEB ...)
--
2.0.1
More information about the cmake-developers
mailing list