Le 15/09/15 11:00, Domen Vrankar a écrit :
Sounds good. Those rules are written as guidelines and I'm not certain how often they are broken so could you also add a single variable for toggling between defaults described above and using file permissions as provided?
I think those are not really just "guidelines" if you want ever your source package be published with a cmake toolchain (severity "serious").
Please find attached the "feature" based onto 68dba7f. I added the variable CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION and its component counterpart for controlling strict behaviour on the files added to control.tar.gz .
I added a test over lintian again, as I think lintian is the official tool for checking those things.
Please note that I was not able to check the produced documentation (although I updated it). I would be happy if you can do it, otherwise I will do tonight.
Thanks! Raffi PS.: what about the other patches?
>From 36f273c1e07651060deaea3b576150151ed65818 Mon Sep 17 00:00:00 2001 From: Raffi Enficiaud <raffi.enfici...@mines-paris.org> Date: Tue, 15 Sep 2015 11:26:53 +0200 Subject: [PATCH] fixUp! permissions on control files and strict Debian rules variable --- Modules/CPackDeb.cmake | 30 ++++++++++++++++++++++--- Source/CPack/cmCPackDebGenerator.cxx | 39 ++++++++++++++++++++++++++++++--- Tests/CPackComponentsDEB/CMakeLists.txt | 19 ++++++++++++++++ 3 files changed, 82 insertions(+), 6 deletions(-) diff --git a/Modules/CPackDeb.cmake b/Modules/CPackDeb.cmake index 754df91..43b49f8 100644 --- a/Modules/CPackDeb.cmake +++ b/Modules/CPackDeb.cmake @@ -330,9 +330,30 @@ # .. note:: # # The original permissions of the files will be used in the final -# package. In particular, the scripts should have the proper executable +# package unless the variable +# :variable:`CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION` is set. +# In particular, the scripts should have the proper executable # flag prior to the generation of the package. - +# +# .. variable:: CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION +# CPACK_DEBIAN_<COMPONENT>_PACKAGE_CONTROL_STRICT_PERMISSION +# +# This variable indicates if the Debian policy on control files should be +# strictly followed. +# +# * Mandatory : NO +# * Default : FALSE +# +# Usage:: +# +# set(CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION TRUE) +# +# .. note:: +# +# This overrides the permissions on the original files, following the rules +# set by Debian policy +# https://www.debian.org/doc/debian-policy/ch-files.html#s-permissions-owners +# #============================================================================= # Copyright 2007-2009 Kitware, Inc. @@ -636,7 +657,7 @@ function(cpack_deb_prepare_package_vars) # Are we packaging components ? if(CPACK_DEB_PACKAGE_COMPONENT) # override values with per component version if set - foreach(VAR_NAME_ "PACKAGE_CONTROL_EXTRA") + foreach(VAR_NAME_ "PACKAGE_CONTROL_EXTRA" "PACKAGE_CONTROL_STRICT_PERMISSION") if(CPACK_DEBIAN_${_local_component_name}_${VAR_NAME_}) set(CPACK_DEBIAN_${VAR_NAME_} "${CPACK_DEBIAN_${_local_component_name}_${VAR_NAME_}}") endif() @@ -658,6 +679,7 @@ function(cpack_deb_prepare_package_vars) message("CPackDeb:Debug: CPACK_PACKAGE_FILE_NAME = ${CPACK_PACKAGE_FILE_NAME}") message("CPackDeb:Debug: CPACK_PACKAGE_INSTALL_DIRECTORY = ${CPACK_PACKAGE_INSTALL_DIRECTORY}") message("CPackDeb:Debug: CPACK_TEMPORARY_PACKAGE_FILE_NAME = ${CPACK_TEMPORARY_PACKAGE_FILE_NAME}") + message("CPackDeb:Debug: CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION = ${CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION}") endif() # For debian source packages: @@ -694,6 +716,8 @@ function(cpack_deb_prepare_package_vars) set(GEN_CPACK_DEBIAN_PACKAGE_PROVIDES "${CPACK_DEBIAN_PACKAGE_PROVIDES}" PARENT_SCOPE) set(GEN_CPACK_DEBIAN_PACKAGE_REPLACES "${CPACK_DEBIAN_PACKAGE_REPLACES}" PARENT_SCOPE) set(GEN_CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA "${CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA}" PARENT_SCOPE) + set(GEN_CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION + "${CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION}" PARENT_SCOPE) set(GEN_WDIR "${WDIR}" PARENT_SCOPE) endfunction() diff --git a/Source/CPack/cmCPackDebGenerator.cxx b/Source/CPack/cmCPackDebGenerator.cxx index 981d86d..b497b65 100644 --- a/Source/CPack/cmCPackDebGenerator.cxx +++ b/Source/CPack/cmCPackDebGenerator.cxx @@ -576,9 +576,18 @@ int cmCPackDebGenerator::createDeb() control_tar.SetUNAME("root"); control_tar.SetGNAME("root"); - // set md5sum file permissions to RW-R--R-- so that deb lintian - // doesn't warn about it - control_tar.SetPermissions(S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); + // permissions are set according to +// https://www.debian.org/doc/debian-policy/ch-files.html#s-permissions-owners + // and + // https://lintian.debian.org/tags/control-file-has-bad-permissions.html + const mode_t permission644 = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH; + const mode_t permissionExecute = S_IXUSR | S_IXGRP | S_IXOTH; + const mode_t permission755 = permission644 | permissionExecute; + + // for md5sum and control (that we have generated here), we use 644 + // (RW-R--R--) + // so that deb lintian doesn't warn about it + control_tar.SetPermissions(permission644); // adds control and md5sums if( !control_tar.Add(md5filename, strGenWDIR.length(), ".") @@ -593,12 +602,28 @@ int cmCPackDebGenerator::createDeb() return 0; } + // for the other files, we use + // -either the original permission on the files + // -either a permission strictly defined by the Debian policies const char* controlExtra = this->GetOption("GEN_CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA"); if( controlExtra ) { // permissions are now controlled by the original file permissions + + const bool permissionStrictPolicy = + this->IsSet("GEN_CPACK_DEBIAN_PACKAGE_CONTROL_STRICT_PERMISSION"); + + static const char* strictFiles[] = { + "config", "postinst", "postrm", "preinst", "prerm" + }; + std::set<std::string> setStrictFiles( + strictFiles, + strictFiles + sizeof(strictFiles)/sizeof(strictFiles[0])); + + // default control_tar.SetPermissions(-1); + std::vector<std::string> controlExtraList; cmSystemTools::ExpandListArgument(controlExtra, controlExtraList); for(std::vector<std::string>::iterator i = controlExtraList.begin(); @@ -608,6 +633,14 @@ int cmCPackDebGenerator::createDeb() cmsys::SystemTools::GetFilenameName(*i); std::string localcopy = strGenWDIR + "/" + filenamename; + + if(permissionStrictPolicy) + { + control_tar.SetPermissions(setStrictFiles.count(filenamename) ? + permission755 : permission644); + } + + // if we can copy the file, it means it does exist, let's add it: if( cmsys::SystemTools::CopyFileIfDifferent(*i, localcopy) ) { diff --git a/Tests/CPackComponentsDEB/CMakeLists.txt b/Tests/CPackComponentsDEB/CMakeLists.txt index 5c4eeab..5a5d626 100644 --- a/Tests/CPackComponentsDEB/CMakeLists.txt +++ b/Tests/CPackComponentsDEB/CMakeLists.txt @@ -80,6 +80,25 @@ set(CPACK_COMPONENT_HEADERS_DESCRIPTION # depend on the libraries component. set(CPACK_COMPONENT_HEADERS_DEPENDS libraries) +# creates preinst/prerm scripts with specific permissions. Those permissions +# (especially executable) should be in the final archive +find_program(CHMOD_PROG chmod) +if(CHMOD_PROG) + file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/preinst "echo default_preinst") + file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/prerm "echo default_prerm") + + # Those should have 755 permission normally. We mess it up to see if + # CPACK_DEBIAN_APPLICATIONS_PACKAGE_CONTROL_STRICT_PERMISSION is able to fix + # it. + execute_process(COMMAND ${CHMOD_PROG} 640 ${CMAKE_CURRENT_BINARY_DIR}/preinst) + execute_process(COMMAND ${CHMOD_PROG} 640 ${CMAKE_CURRENT_BINARY_DIR}/prerm) + + set(CPACK_DEBIAN_APPLICATIONS_PACKAGE_CONTROL_EXTRA + "${CMAKE_CURRENT_BINARY_DIR}/preinst;${CMAKE_CURRENT_BINARY_DIR}/prerm") + + set(CPACK_DEBIAN_APPLICATIONS_PACKAGE_CONTROL_STRICT_PERMISSION TRUE) +endif() + # We may use the CPack specific config file in order # to tailor CPack behavior on a CPack generator specific way # (Behavior would be different for RPM or TGZ or DEB ...) -- 2.0.1
-- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: http://public.kitware.com/mailman/listinfo/cmake-developers