Date: Tue, 07 Jun 2011 19:31:13 +0100 From: Eric <freebsdlists-ruby@chillibear.com> To: Romain =?ISO-8859-1?B?VGFydGnocmU=?= <romain@FreeBSD.org>, <ruby@freebsd.org> Subject: Re: Fixing gem files permissions Message-ID: <CA142D01.1F5AD%freebsdlists-ruby@chillibear.com> In-Reply-To: <20110606160931.GA17343@blogreen.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: Romain Tarti=E8re <romain@FreeBSD.org>
> I would like to know if there is some 'standard' way for the rubygems-*
> ports for fixing wrong files permissions.
Not that I'm personally aware of, but other more experienced people on this
list may know better.
> It appears that
> getopt-declare (not in the ports tree, it's a dependency of another port
> I would like to push) install files in a weird fashion:
>=20
> ------------------------------8<---------------------------
> =3D=3D=3D> SECURITY REPORT:
> This port has installed the following world-writable files/director=
ies.
> /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.=
29/ge
> topt-declare.gemspec
> /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.=
29/sa
> mples/cmdline_singles.rb
> /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.=
29/sa
> mples/cmdline_array.rb
> /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.=
29/sa
> mples/cmdline_usage.rb
> /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.=
29/te
> st/test_cmdline_parameters.rb
> /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.=
29/RE
> ADME.txt
> [...]
> ------------------------------8<---------------------------
>=20
> My current workaround is:
>=20
> ------------------------------8<---------------------------
> post-install:
> @${FIND} ${PREFIX}/${GEM_LIB_DIR} -type f -exec ${CHMOD} 444 '{}' =
';'
> ------------------------------8<---------------------------
>=20
> I am not really happy with this. Is there a better way to fix this?
I don't think there is an easy place other than the post-install target
where you can 'patch' gems since the other stages of the port build process
do little for a gem, given it's mainly a wrapper for the gem installer
itself.
I remember had to do similar things with a couple of gems I use personally
(can't remember if I've submitted those as ports yet). The only thing I'd
say is to restrict your 'fix' to just those files your 'getopt-declare' gem
installs rather than make all the contents of the Gem lib dir 444 and
potentially cause a headache somewhere else. So something more like (I not=
e
from a quick glance in my own Gem libs that they tend to be root/wheel and
644)
post-install:
@${FIND} ${PREFIX}/${GEM_LIB_DIR}/${PORTNAME}-${PORTVERSION} -type f -exe=
c
${CHMOD} 644 '{}' ';'
I'd also pop a comment in the Makefile so someone following knows why you'v=
e
done it.
=20
> I am not used with Ruby gems packaging, and I would like to be sure that
> this is a problem that should be signaled upstream before acting: is it?
I've never looked at the Gem internals to see how it determines file
permissions of those files it installs, but given it *appears* to be a bug
you'd do well to flag it to upstream and see what they say.
Regards
Eric
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA142D01.1F5AD%freebsdlists-ruby>