Github messages for voidlinux
 help / color / mirror / Atom feed
* [PR PATCH] common/hooks/post-install: add fix permissions hook
@ 2021-04-10 22:52 paper42
  2021-04-10 23:14 ` [PR REVIEW] " Duncaen
                   ` (43 more replies)
  0 siblings, 44 replies; 45+ messages in thread
From: paper42 @ 2021-04-10 22:52 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1278 bytes --]

There is a new pull request by paper42 against master on the void-packages repository

https://github.com/paper42/void-packages 0001-common-hooks-post-install-add-fix-permissions-hook.patch
https://github.com/void-linux/void-packages/pull/30139

common/hooks/post-install: add fix permissions hook
Some packages install files with wrong permissions, but sometimes we can detect and fix them.

## /usr/share/man: 644
this rule matches a lot of files, mainly because it matches 444 permissions too
* packages which install manpages with 755 permissions: nvimpager, sloccount
* packages which install manpages with 444 permissions: lowdown, mdocml, dhcpcd, openresolv, all perl packages, lua5.3 (but not 5.1, 5.2 and 5.4)

## /etc/apparmor.d: 600
I chose 600 because that's what aa-genprof creates.
* packages which install apparmor profiles wrong permissions: apparmor (644), brillo (640), firejail (644), mako (640) (these permission measurements may be wrong in some cases)

The package lists are not complete.

Are there any other common directories which should be included in this hook? Is forcing 644 in /usr/share/man too strict? Should affected packages be revbumped?

A patch file from https://github.com/void-linux/void-packages/pull/30139.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-0001-common-hooks-post-install-add-fix-permissions-hook.patch-30139.patch --]
[-- Type: text/x-diff, Size: 123730 bytes --]







<!DOCTYPE html>
<html lang="en" >
  <head>
    <meta charset="utf-8">
  <link rel="dns-prefetch" href="https://github.githubassets.com">
  <link rel="dns-prefetch" href="https://avatars.githubusercontent.com">
  <link rel="dns-prefetch" href="https://github-cloud.s3.amazonaws.com">
  <link rel="dns-prefetch" href="https://user-images.githubusercontent.com/">



  <link crossorigin="anonymous" media="all" integrity="sha512-PYWr2OavT8crCvolPhJe+bHZ6PG6Q6cH7+2eZue+suNLa9t4w/spUoiSCNG+JfpZIL7kq9rnGXwNXCJup7IQdA==" rel="stylesheet" href="https://github.githubassets.com/assets/frameworks-3d85abd8e6af4fc72b0afa253e125ef9.css" />
  <link crossorigin="anonymous" media="all" integrity="sha512-jaRxAk/R7Eq6XXtxt2dWYc6UfgT/Jk9zYWYh4UpAt5LFRnYVaWqEM3sPhUFL3fOBmHhHoOcn4wfLkMS21Q1yaw==" rel="stylesheet" href="https://github.githubassets.com/assets/site-8da471024fd1ec4aba5d7b71b7675661.css" />
    <link crossorigin="anonymous" media="all" integrity="sha512-jTdvoiCezBiH9yw26ZDI7d23d6fazvCUVOTMSiazFi9Ag0lnqFGqlnrhp+Amz6ztXz95V+0IbSHzqqNl6w70lw==" rel="stylesheet" href="https://github.githubassets.com/assets/behaviors-8d376fa2209ecc1887f72c36e990c8ed.css" />
    
    
    
    <link crossorigin="anonymous" media="all" integrity="sha512-eJ5SF1C8dgIPoW4kSTUm8MSPC61sDW8j336tq+7uZvZpdLaeEGk8EWXbkkbdKQ8yyKI1KL4CC/WptyDK+RAsaQ==" rel="stylesheet" href="https://github.githubassets.com/assets/github-789e521750bc76020fa16e24493526f0.css" />

  <script crossorigin="anonymous" defer="defer" integrity="sha512-CzeY4A6TiG4fGZSWZU8FxmzFFmcQFoPpArF0hkH0/J/S7UL4eed/LKEXMQXfTwiG5yEJBI+9BdKG8KQJNbhcIQ==" type="application/javascript" src="https://github.githubassets.com/assets/environment-0b3798e0.js"></script>
    <script crossorigin="anonymous" defer="defer" integrity="sha512-sw16M2npbt+P8ZPI/qesmb/qYA6Ad+oDpDe0XtREwJGuXWwo/UUJkffPzbuCX52jypJzobNJD8S5Lt29O5Y2Xw==" type="application/javascript" src="https://github.githubassets.com/assets/chunk-frameworks-b30d7a33.js"></script>
    <script crossorigin="anonymous" defer="defer" integrity="sha512-xs/XWtVY6sgxCZKGLtrGrcsYgDgR0UR1Nx14ivzvJC0S8ZEB7BAxAOBDF8xFrtPq/6Vek9n2A2A8mx/odP+fMg==" type="application/javascript" src="https://github.githubassets.com/assets/chunk-vendor-c6cfd75a.js"></script>
  
  <script crossorigin="anonymous" defer="defer" integrity="sha512-eDTfGTSC0/46o8puZd5wMeJdQHea/FghXKFHuhF7uGNPrAv3CQTYAz6EAotJxaJWSYvw4YAXGJt1ZKIJc5TfDg==" type="application/javascript" src="https://github.githubassets.com/assets/behaviors-7834df19.js"></script>
  
    <script crossorigin="anonymous" defer="defer" integrity="sha512-PNWgI0klII5M3oY8I2gz0PscHM2y5Kssqx1GvudT71XK8SfIsY1xp8W8niacw7vwY9p9ghxl7Gs8IPf4VTGPlg==" type="application/javascript" data-module-id="./chunk-codemirror.js" data-src="https://github.githubassets.com/assets/chunk-codemirror-3cd5a023.js"></script>
    <script crossorigin="anonymous" defer="defer" integrity="sha512-SXIExRkA78ru95lnVy8pTP36kPC7hzl3VIKYLfpsc5uAPjCGkugvrynH4gHk7/pGQ2PP0930j37F1jkJm19ZFA==" type="application/javascript" data-module-id="./chunk-color-modes.js" data-src="https://github.githubassets.com/assets/chunk-color-modes-497204c5.js"></script>
    <script crossorigin="anonymous" defer="defer" integrity="sha512-aXaEDYjukiK8mNa8+JEeHDMUNEr8z/DwIXjEa6nHWMhucFO/lqq/6x+NnPYM4QDj2AFRU62EcCTYY9qNPBSrOA==" type="application/javascript" data-module-id="./chunk-contributions-spider-graph.js" data-src="https://github.githubassets.com/assets/chunk-contributions-spider-graph-6976840d.js"></script>
    <script crossorigin="anonymous" defer="defer" integrity="sha512-6j/oSF+kbW+yetNPvI684VzAu9pzug6Vj2h+3u1LdCuRhR4jnuiHZfeQKls3nxcT/S3H+oIt7FtigE/aeoj+gg==" type="application/javascript" data-module-id="./chunk-drag-drop.js" data-src="https://github.githubassets.com/assets/chunk-drag-drop-ea3fe848.js"></script>
    <script crossorigin="anonymous" defer="defer" integrity="sha512-ymxyvUviKFi+en2si3ZTyY4YCLRKlk0cKK/ngD9ir8xoeH44pCE1I4MBRQE5PcErmUJMhlcAk3+pgwHB7VcseA==" type="application/javascript" data-module-id="./chunk-edit.js" data-src="https://github.githubassets.com/assets/chunk-edit-ca6c72bd.js"></script>
    <script crossorigin="anonymous" defer="defer" integrity="sha512-aiqMIGGZGo8AQMjcoImKPMTsZVVRl6htCSY7BpRmpGPG/AF+Wq+P/Oj/dthWQOIk9cCNMPEas7O2zAR6oqn0tA==" type="application/javascript" data-module-id="./chunk-emoji-picker-element.js" data-src="https://github.githubassets.com/assets/chunk-emoji-picker-element-6a2a8c20.js"></script>
    <script crossorigin="anonymous" defer="defer" integrity="sha512-DAk56F8lz8k6kg6vf15oE4tu4MTIPDT9DUo3VwO8SLYyb3ws4QU433BG7eVXOS50wzl7dUuMFRfTP1rHlHi45g==" type="application/javascript" data-module-id="./chunk-filter-input.js" data-src="https://github.githubassets.com/assets/chunk-filter-input-0c0939e8.js"></script>
    <script crossorigin="anonymous" defer="defer" integrity="sha512-j5Eltv6XYkPt7XVCMWLH6qhNBoFOzxXLIsaoffjjTl2fw/sXVfluH+EGE5dYJPEBwsmqK0LenheRi9hmNcWnCA==" type="application/javascript" data-module-id="./chunk-insights-graph.js" data-src="https://github.githubassets.com/assets/chunk-insights-graph-8f9125b6.js"></script>
    <script crossorigin="anonymous" defer="defer" integrity="sha512-vvgGYQm5eXCUTRJj+GVP1X8JcE5y7Xakq/6U4rhjmUir2S4h0xgjjpSMK+T/Xb6zzdUNhi3goLzNpeiCu4BHoA==" type="application/javascript" data-module-id="./chunk-jump-to.js" data-src="https://github.githubassets.com/assets/chunk-jump-to-bef80661.js"></script>
    <script crossorigin="anonymous" defer="defer" integrity="sha512-ma0OOy3nj0c1cqBx0BkcmIFsLqcSZ+MIukQxyEFM/OWTzZpG+QMgOoWPAHZz43M6fyjAUG1jH6c/6LPiiKPCyw==" type="application/javascript" data-module-id="./chunk-profile-pins-element.js" data-src="https://github.githubassets.com/assets/chunk-profile-pins-element-99ad0e3b.js"></script>
    <script crossorigin="anonymous" defer="defer" integrity="sha512-9WNXtB07IyWypiPmkuucspwog4mme9q5GKGMSgd7FI0DPimmg/pEw+aaAofFV1vuWMt9I8H5QpsVtlbHGg1YBA==" type="application/javascript" data-module-id="./chunk-runner-groups.js" data-src="https://github.githubassets.com/assets/chunk-runner-groups-f56357b4.js"></script>
    <script crossorigin="anonymous" defer="defer" integrity="sha512-JoWpXsdKsRKFyspZP0lsV/mUnqLhErMvFLeq7PwLuptuR0JgHOv5NMWIeBqqWHuWmhIltMifR+/rEjO553Raug==" type="application/javascript" data-module-id="./chunk-sortable-behavior.js" data-src="https://github.githubassets.com/assets/chunk-sortable-behavior-2685a95e.js"></script>
    <script crossorigin="anonymous" defer="defer" integrity="sha512-WK8VXw3lfUQ/VRW0zlgKPhcMUqH0uTnB/KzePUPdZhCm/HpxfXXHKTGvj5C0Oex7+zbIM2ECzULbtTCT4ug3yg==" type="application/javascript" data-module-id="./chunk-toast.js" data-src="https://github.githubassets.com/assets/chunk-toast-58af155f.js"></script>
    <script crossorigin="anonymous" defer="defer" integrity="sha512-ZyozqjwhoIovRiwFwpwYmlQUgmIyGt5y8DgJhtiLHr9EM6f51vmXxaIIZap+ly64QSLa0zeA7DPCD6Yio2/AGA==" type="application/javascript" data-module-id="./chunk-tweetsodium.js" data-src="https://github.githubassets.com/assets/chunk-tweetsodium-672a33aa.js"></script>
    <script crossorigin="anonymous" defer="defer" integrity="sha512-XwZYpRsOiSlFjfpVmuwm13/NzEJdRXAtqYo3fZ54WRBePihtHMR1HLf2dCWxPT0DnBG0qcm9GszICyC/3CrEcg==" type="application/javascript" data-module-id="./chunk-user-status-submit.js" data-src="https://github.githubassets.com/assets/chunk-user-status-submit-5f0658a5.js"></script>
  
  <script crossorigin="anonymous" defer="defer" integrity="sha512-ZNwhwB9beJlzscIPiDH5wsG7lgXPjLsp4rFgwH3Wo7WOnNegVZXugpfq4/EBQquFph76QcQi4vBNA9D7eDx8dQ==" type="application/javascript" src="https://github.githubassets.com/assets/codespaces-64dc21c0.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-9Py+eXPJzcXFKowJGSGfyuhLezFlGDOv05SFfHUa6NtBQE5TK+AFqBLmA8h8SHDKz9sSgFmOrfsdZutqbqAGeg==" type="application/javascript" src="https://github.githubassets.com/assets/diffs-f4fcbe79.js"></script>
<script crossorigin="anonymous" defer="defer" integrity="sha512-DEnWa+HI5b8YlfQcfUXbC/eb+I9MwP32lEPlIHWJBVzhkT/Jw/qMNCffbiNy0/QXtKevkOyL90nPVb0i4SJoPA==" type="application/javascript" src="https://github.githubassets.com/assets/scanning-0c49d66b.js"></script>

  <meta name="viewport" content="width=device-width">
  
  <title>common/hooks/post-install: add fix permissions hook by paper42 · Pull Request #30139 · void-linux/void-packages · GitHub</title>
    <meta name="description" content="Some packages install files with wrong permissions, but sometimes we can detect and fix them.
/usr/share/man: 644
this rule matches a lot of files, mainly because it matches 444 permissions too

packages which install manpages with 755 permissions: nvimpager, sloccount
packages which install manpages with 444 permissions: lowdown, mdocml, dhcpcd, openresolv, all perl packages, lua5.3 (but not 5.1, 5.2 and 5.4)

/etc/apparmor.d: 600
I chose 600 because that&#39;s what aa-genprof creates.

packages which install apparmor profiles wrong permissions: apparmor (644), brillo (640), firejail (644), mako (640) (these permission measurements may be wrong in some cases)

The package lists are not complete.
Are there any other common directories which should be included in this hook? Is forcing 644 in /usr/share/man too strict? Should affected packages be revbumped?">
    <link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="GitHub">
  <link rel="fluid-icon" href="https://github.com/fluidicon.png" title="GitHub">
  <meta property="fb:app_id" content="1401488693436528">
  <meta name="apple-itunes-app" content="app-id=1477376905" />
    <meta name="twitter:image:src" content="https://avatars.githubusercontent.com/u/37247796?s=400&amp;v=4" /><meta name="twitter:site" content="@github" /><meta name="twitter:card" content="summary" /><meta name="twitter:title" content="common/hooks/post-install: add fix permissions hook by paper42 · Pull Request #30139 · void-linux/void-packages" /><meta name="twitter:description" content="Some packages install files with wrong permissions, but sometimes we can detect and fix them.
/usr/share/man: 644
this rule matches a lot of files, mainly because it matches 444 permissions too

pa..." />
    <meta property="og:image" content="https://avatars.githubusercontent.com/u/37247796?s=400&amp;v=4" /><meta property="og:site_name" content="GitHub" /><meta property="og:type" content="object" /><meta property="og:title" content="common/hooks/post-install: add fix permissions hook by paper42 · Pull Request #30139 · void-linux/void-packages" /><meta property="og:url" content="https://github.com/void-linux/void-packages/pull/30139" /><meta property="og:description" content="Some packages install files with wrong permissions, but sometimes we can detect and fix them.
/usr/share/man: 644
this rule matches a lot of files, mainly because it matches 444 permissions too

pa..." />



    

  <link rel="assets" href="https://github.githubassets.com/">
  

  <meta name="request-id" content="B8F8:598C:A931C0:B7046B:60722C38" data-pjax-transient="true"/><meta name="html-safe-nonce" content="31d5ebd7b6b17a8d154423cc30d83f87ca484f8407aa052308bc7dbc4160ca36" data-pjax-transient="true"/><meta name="visitor-payload" content="eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJCOEY4OjU5OEM6QTkzMUMwOkI3MDQ2Qjo2MDcyMkMzOCIsInZpc2l0b3JfaWQiOiI5MDg4NTM0NTc2NzU2ODI5MjQwIiwicmVnaW9uX2VkZ2UiOiJmcmEiLCJyZWdpb25fcmVuZGVyIjoiZnJhIn0=" data-pjax-transient="true"/><meta name="visitor-hmac" content="b3dfd706512adb7e52024123d03206a1fd3cb77215e0fa6f73582a3349736f00" data-pjax-transient="true"/>

    <meta name="hovercard-subject-tag" content="pull_request:612975256" data-pjax-transient>


  <meta name="github-keyboard-shortcuts" content="repository,pull-request-list,pull-request-conversation,pull-request-files-changed" data-pjax-transient="true" />

  

  <meta name="selected-link" value="repo_pulls" data-pjax-transient>

    <meta name="google-site-verification" content="c1kuD-K2HIVF635lypcsWPoD4kilo5-jA_wBFyT4uMY">
  <meta name="google-site-verification" content="KT5gs8h0wvaagLKAVWq8bbeNwnZZK1r1XQysX3xurLU">
  <meta name="google-site-verification" content="ZzhVyEFwb7w3e0-uOTltm8Jsck2F5StVihD0exw2fsA">
  <meta name="google-site-verification" content="GXs5KoUUkNCoaAZn7wPN-t01Pywp9M3sEjnt_3_ZWPc">

  <meta name="octolytics-host" content="collector.githubapp.com" /><meta name="octolytics-app-id" content="github" /><meta name="octolytics-event-url" content="https://collector.githubapp.com/github-external/browser_event" />

  <meta name="analytics-location" content="/&lt;user-name&gt;/&lt;repo-name&gt;/pull_requests/show" data-pjax-transient="true" />

  



  <meta name="optimizely-datafile" content="{&quot;version&quot;: &quot;4&quot;, &quot;rollouts&quot;: [], &quot;typedAudiences&quot;: [], &quot;anonymizeIP&quot;: true, &quot;projectId&quot;: &quot;16737760170&quot;, &quot;variables&quot;: [], &quot;featureFlags&quot;: [], &quot;experiments&quot;: [], &quot;audiences&quot;: [{&quot;conditions&quot;: &quot;[\&quot;or\&quot;, {\&quot;match\&quot;: \&quot;exact\&quot;, \&quot;name\&quot;: \&quot;$opt_dummy_attribute\&quot;, \&quot;type\&quot;: \&quot;custom_attribute\&quot;, \&quot;value\&quot;: \&quot;$opt_dummy_value\&quot;}]&quot;, &quot;id&quot;: &quot;$opt_dummy_audience&quot;, &quot;name&quot;: &quot;Optimizely-Generated Audience for Backwards Compatibility&quot;}], &quot;groups&quot;: [{&quot;policy&quot;: &quot;random&quot;, &quot;trafficAllocation&quot;: [{&quot;entityId&quot;: &quot;20065350824&quot;, &quot;endOfRange&quot;: 10000}], &quot;experiments&quot;: [{&quot;status&quot;: &quot;Running&quot;, &quot;audienceIds&quot;: [], &quot;variations&quot;: [{&quot;variables&quot;: [], &quot;id&quot;: &quot;20061181493&quot;, &quot;key&quot;: &quot;control&quot;}, {&quot;variables&quot;: [], &quot;id&quot;: &quot;20046091568&quot;, &quot;key&quot;: &quot;most_popular&quot;}], &quot;id&quot;: &quot;20065350824&quot;, &quot;key&quot;: &quot;pricing_page&quot;, &quot;layerId&quot;: &quot;20047761391&quot;, &quot;trafficAllocation&quot;: [{&quot;entityId&quot;: &quot;20061181493&quot;, &quot;endOfRange&quot;: 5000}, {&quot;entityId&quot;: &quot;20046091568&quot;, &quot;endOfRange&quot;: 10000}], &quot;forcedVariations&quot;: {&quot;890b7acea08c1711c74beff6bd78b5e7&quot;: &quot;control&quot;, &quot;235830406.1616679911&quot;: &quot;control&quot;, &quot;167363014.1617810094&quot;: &quot;most_popular&quot;, &quot;f7d5ee986ba8bcc155e2393401c920f7&quot;: &quot;most_popular&quot;, &quot;2022915492.1615428687&quot;: &quot;most_popular&quot;, &quot;1006574531.1617036769&quot;: &quot;control&quot;, &quot;1693726779.1607624005&quot;: &quot;most_popular&quot;, &quot;b3d9f4f9910bc46c43a8d65ab83d8570&quot;: &quot;most_popular&quot;, &quot;1800070736.1616613011&quot;: &quot;control&quot;}}], &quot;id&quot;: &quot;19972601768&quot;}], &quot;attributes&quot;: [{&quot;id&quot;: &quot;16822470375&quot;, &quot;key&quot;: &quot;user_id&quot;}, {&quot;id&quot;: &quot;17143601254&quot;, &quot;key&quot;: &quot;spammy&quot;}, {&quot;id&quot;: &quot;18175660309&quot;, &quot;key&quot;: &quot;organization_plan&quot;}, {&quot;id&quot;: &quot;18813001570&quot;, &quot;key&quot;: &quot;is_logged_in&quot;}, {&quot;id&quot;: &quot;19073851829&quot;, &quot;key&quot;: &quot;geo&quot;}, {&quot;id&quot;: &quot;20175462351&quot;, &quot;key&quot;: &quot;requestedCurrency&quot;}], &quot;botFiltering&quot;: false, &quot;accountId&quot;: &quot;16737760170&quot;, &quot;events&quot;: [{&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;17911811441&quot;, &quot;key&quot;: &quot;hydro_click.dashboard.teacher_toolbox_cta&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18124116703&quot;, &quot;key&quot;: &quot;submit.organizations.complete_sign_up&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18145892387&quot;, &quot;key&quot;: &quot;no_metric.tracked_outside_of_optimizely&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18178755568&quot;, &quot;key&quot;: &quot;click.org_onboarding_checklist.add_repo&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18180553241&quot;, &quot;key&quot;: &quot;submit.repository_imports.create&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18186103728&quot;, &quot;key&quot;: &quot;click.help.learn_more_about_repository_creation&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18188530140&quot;, &quot;key&quot;: &quot;test_event.do_not_use_in_production&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18191963644&quot;, &quot;key&quot;: &quot;click.empty_org_repo_cta.transfer_repository&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18195612788&quot;, &quot;key&quot;: &quot;click.empty_org_repo_cta.import_repository&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18210945499&quot;, &quot;key&quot;: &quot;click.org_onboarding_checklist.invite_members&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18211063248&quot;, &quot;key&quot;: &quot;click.empty_org_repo_cta.create_repository&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18215721889&quot;, &quot;key&quot;: &quot;click.org_onboarding_checklist.update_profile&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18224360785&quot;, &quot;key&quot;: &quot;click.org_onboarding_checklist.dismiss&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18234832286&quot;, &quot;key&quot;: &quot;submit.organization_activation.complete&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18252392383&quot;, &quot;key&quot;: &quot;submit.org_repository.create&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18257551537&quot;, &quot;key&quot;: &quot;submit.org_member_invitation.create&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18259522260&quot;, &quot;key&quot;: &quot;submit.organization_profile.update&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18564603625&quot;, &quot;key&quot;: &quot;view.classroom_select_organization&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18568612016&quot;, &quot;key&quot;: &quot;click.classroom_sign_in_click&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18572592540&quot;, &quot;key&quot;: &quot;view.classroom_name&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18574203855&quot;, &quot;key&quot;: &quot;click.classroom_create_organization&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18582053415&quot;, &quot;key&quot;: &quot;click.classroom_select_organization&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18589463420&quot;, &quot;key&quot;: &quot;click.classroom_create_classroom&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18591323364&quot;, &quot;key&quot;: &quot;click.classroom_create_first_classroom&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18591652321&quot;, &quot;key&quot;: &quot;click.classroom_grant_access&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18607131425&quot;, &quot;key&quot;: &quot;view.classroom_creation&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;18831680583&quot;, &quot;key&quot;: &quot;upgrade_account_plan&quot;}, {&quot;experimentIds&quot;: [&quot;20065350824&quot;], &quot;id&quot;: &quot;19064064515&quot;, &quot;key&quot;: &quot;click.signup&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;19075373687&quot;, &quot;key&quot;: &quot;click.view_account_billing_page&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;19077355841&quot;, &quot;key&quot;: &quot;click.dismiss_signup_prompt&quot;}, {&quot;experimentIds&quot;: [&quot;20065350824&quot;], &quot;id&quot;: &quot;19079713938&quot;, &quot;key&quot;: &quot;click.contact_sales&quot;}, {&quot;experimentIds&quot;: [&quot;20065350824&quot;], &quot;id&quot;: &quot;19120963070&quot;, &quot;key&quot;: &quot;click.compare_account_plans&quot;}, {&quot;experimentIds&quot;: [&quot;20065350824&quot;], &quot;id&quot;: &quot;19151690317&quot;, &quot;key&quot;: &quot;click.upgrade_account_cta&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;19424193129&quot;, &quot;key&quot;: &quot;click.open_account_switcher&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;19520330825&quot;, &quot;key&quot;: &quot;click.visit_account_profile&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;19540970635&quot;, &quot;key&quot;: &quot;click.switch_account_context&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;19730198868&quot;, &quot;key&quot;: &quot;submit.homepage_signup&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;19820830627&quot;, &quot;key&quot;: &quot;click.homepage_signup&quot;}, {&quot;experimentIds&quot;: [&quot;20065350824&quot;], &quot;id&quot;: &quot;19988571001&quot;, &quot;key&quot;: &quot;click.create_enterprise_trial&quot;}, {&quot;experimentIds&quot;: [&quot;20065350824&quot;], &quot;id&quot;: &quot;20036538294&quot;, &quot;key&quot;: &quot;click.create_organization_team&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;20040653299&quot;, &quot;key&quot;: &quot;click.input_enterprise_trial_form&quot;}, {&quot;experimentIds&quot;: [&quot;20065350824&quot;], &quot;id&quot;: &quot;20062030003&quot;, &quot;key&quot;: &quot;click.continue_with_team&quot;}, {&quot;experimentIds&quot;: [&quot;20065350824&quot;], &quot;id&quot;: &quot;20068947153&quot;, &quot;key&quot;: &quot;click.create_organization_free&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;20086636658&quot;, &quot;key&quot;: &quot;click.signup_continue.username&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;20091648988&quot;, &quot;key&quot;: &quot;click.signup_continue.create_account&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;20103637615&quot;, &quot;key&quot;: &quot;click.signup_continue.email&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;20111574253&quot;, &quot;key&quot;: &quot;click.signup_continue.password&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;20120044111&quot;, &quot;key&quot;: &quot;view.pricing_page&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;20152062109&quot;, &quot;key&quot;: &quot;submit.create_account&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;20165800992&quot;, &quot;key&quot;: &quot;submit.upgrade_payment_form&quot;}, {&quot;experimentIds&quot;: [], &quot;id&quot;: &quot;20171520319&quot;, &quot;key&quot;: &quot;submit.create_organization&quot;}], &quot;revision&quot;: &quot;595&quot;}" />
  <!-- To prevent page flashing, the optimizely JS needs to be loaded in the
    <head> tag before the DOM renders -->
  <script crossorigin="anonymous" defer="defer" integrity="sha512-pYsZ5nv4Ik2oB39Lk84n9CLvbtMKb2uANcvFiEMMHva18PyfI08ZSA8xKPFF1l3BEHRDxpEdl8kU+vssPUqcGQ==" type="application/javascript" src="https://github.githubassets.com/assets/optimizely-a58b19e6.js"></script>



  

      <meta name="hostname" content="github.com">
    <meta name="user-login" content="">


      <meta name="expected-hostname" content="github.com">


    <meta name="enabled-features" content="MARKETPLACE_PENDING_INSTALLATIONS,AUTOCOMPLETE_EMOJIS_IN_MARKDOWN_EDITOR">

  <meta http-equiv="x-pjax-version" content="3b5355b3138a2756b60e27c14b4eaba4d445777b0c7fb1f138783e875270bc3d">
  

    
  <meta name="go-import" content="github.com/void-linux/void-packages git https://github.com/void-linux/void-packages.git">

  <meta name="octolytics-dimension-user_id" content="37247796" /><meta name="octolytics-dimension-user_login" content="void-linux" /><meta name="octolytics-dimension-repository_id" content="137503442" /><meta name="octolytics-dimension-repository_nwo" content="void-linux/void-packages" /><meta name="octolytics-dimension-repository_public" content="true" /><meta name="octolytics-dimension-repository_is_fork" content="false" /><meta name="octolytics-dimension-repository_network_root_id" content="137503442" /><meta name="octolytics-dimension-repository_network_root_nwo" content="void-linux/void-packages" />





  <meta name="browser-stats-url" content="https://api.github.com/_private/browser/stats">

  <meta name="browser-errors-url" content="https://api.github.com/_private/browser/errors">

  <meta name="browser-optimizely-client-errors-url" content="https://api.github.com/_private/browser/optimizely_client/errors">

  <link rel="mask-icon" href="https://github.githubassets.com/pinned-octocat.svg" color="#000000">
  <link rel="alternate icon" class="js-site-favicon" type="image/png" href="https://github.githubassets.com/favicons/favicon.png">
  <link rel="icon" class="js-site-favicon" type="image/svg+xml" href="https://github.githubassets.com/favicons/favicon.svg">

<meta name="theme-color" content="#1e2327">



  <link rel="manifest" href="/manifest.json" crossOrigin="use-credentials">

  </head>

  <body class="logged-out env-production page-responsive" style="word-wrap: break-word;">
    

    <div class="position-relative js-header-wrapper ">
      <a href="#start-of-content" class="px-2 py-4 color-bg-info-inverse color-text-white show-on-focus js-skip-to-content">Skip to content</a>
      <span class="progress-pjax-loader width-full js-pjax-loader-bar Progress position-fixed">
    <span style="background-color: #79b8ff;width: 0%;" class="Progress-item progress-pjax-loader-bar "></span>
</span>      
      


            <header class="Header-old header-logged-out js-details-container Details position-relative f4 py-2" role="banner">
  <div class="container-xl d-lg-flex flex-items-center p-responsive">
    <div class="d-flex flex-justify-between flex-items-center">
        <a class="mr-4" href="https://github.com/" aria-label="Homepage" data-ga-click="(Logged out) Header, go to homepage, icon:logo-wordmark">
          <svg height="32" class="octicon octicon-mark-github color-text-white" viewBox="0 0 16 16" version="1.1" width="32" aria-hidden="true"><path fill-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z"></path></svg>
        </a>

          <div class="d-lg-none css-truncate css-truncate-target width-fit p-2">
            

          </div>

        <div class="d-flex flex-items-center">
              <a href="/join?ref_cta=Sign+up&amp;ref_loc=header+logged+out&amp;ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fpull_requests%2Fshow&amp;source=header-repo"
                class="d-inline-block d-lg-none f5 color-text-white no-underline border color-border-tertiary rounded-2 px-2 py-1 mr-3 mr-sm-5 js-signup-redesign-control js-signup-redesign-target"
                data-hydro-click="{&quot;event_type&quot;:&quot;authentication.click&quot;,&quot;payload&quot;:{&quot;location_in_page&quot;:&quot;site header&quot;,&quot;repository_id&quot;:null,&quot;auth_type&quot;:&quot;SIGN_UP&quot;,&quot;originating_url&quot;:&quot;https://github.com/void-linux/void-packages/pull/30139&quot;,&quot;user_id&quot;:null}}" data-hydro-click-hmac="fa1fb0219c97aaa54bad158e8d37d347850503848f5641a50df63e7f8ee69a4d"
              >
                Sign&nbsp;up
              </a>
              <a href="/join_next?ref_cta=Sign+up&amp;ref_loc=header+logged+out&amp;ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fpull_requests%2Fshow&amp;source=header-repo"
                class="d-inline-block d-lg-none f5 color-text-white no-underline border color-border-tertiary rounded-2 px-2 py-1 mr-3 mr-sm-5 js-signup-redesign-variation js-signup-redesign-target"
                hidden
                data-hydro-click="{&quot;event_type&quot;:&quot;authentication.click&quot;,&quot;payload&quot;:{&quot;location_in_page&quot;:&quot;site header&quot;,&quot;repository_id&quot;:null,&quot;auth_type&quot;:&quot;SIGN_UP&quot;,&quot;originating_url&quot;:&quot;https://github.com/void-linux/void-packages/pull/30139&quot;,&quot;user_id&quot;:null}}" data-hydro-click-hmac="fa1fb0219c97aaa54bad158e8d37d347850503848f5641a50df63e7f8ee69a4d"
              >
                Sign&nbsp;up
              </a>

          <button class="btn-link d-lg-none mt-1 js-details-target" type="button" aria-label="Toggle navigation" aria-expanded="false">
            <svg height="24" class="octicon octicon-three-bars color-text-white" viewBox="0 0 16 16" version="1.1" width="24" aria-hidden="true"><path fill-rule="evenodd" d="M1 2.75A.75.75 0 011.75 2h12.5a.75.75 0 110 1.5H1.75A.75.75 0 011 2.75zm0 5A.75.75 0 011.75 7h12.5a.75.75 0 110 1.5H1.75A.75.75 0 011 7.75zM1.75 12a.75.75 0 100 1.5h12.5a.75.75 0 100-1.5H1.75z"></path></svg>
          </button>
        </div>
    </div>

    <div class="HeaderMenu HeaderMenu--logged-out position-fixed top-0 right-0 bottom-0 height-fit position-lg-relative d-lg-flex flex-justify-between flex-items-center flex-auto">
      <div class="d-flex d-lg-none flex-justify-end border-bottom color-bg-secondary p-3">
        <button class="btn-link js-details-target" type="button" aria-label="Toggle navigation" aria-expanded="false">
          <svg height="24" class="octicon octicon-x color-text-secondary" viewBox="0 0 24 24" version="1.1" width="24" aria-hidden="true"><path fill-rule="evenodd" d="M5.72 5.72a.75.75 0 011.06 0L12 10.94l5.22-5.22a.75.75 0 111.06 1.06L13.06 12l5.22 5.22a.75.75 0 11-1.06 1.06L12 13.06l-5.22 5.22a.75.75 0 01-1.06-1.06L10.94 12 5.72 6.78a.75.75 0 010-1.06z"></path></svg>
        </button>
      </div>

        <nav class="mt-0 px-3 px-lg-0 mb-5 mb-lg-0" aria-label="Global">
          <ul class="d-lg-flex list-style-none">
              <li class="d-block d-lg-flex flex-lg-nowrap flex-lg-items-center border-bottom border-lg-bottom-0 mr-0 mr-lg-3 edge-item-fix position-relative flex-wrap flex-justify-between d-flex flex-items-center ">
                <details class="HeaderMenu-details details-overlay details-reset width-full">
                  <summary class="HeaderMenu-summary HeaderMenu-link px-0 py-3 border-0 no-wrap d-block d-lg-inline-block">
                    Why GitHub?
                    <svg x="0px" y="0px" viewBox="0 0 14 8" xml:space="preserve" fill="none" class="icon-chevon-down-mktg position-absolute position-lg-relative">
                      <path d="M1,1l6.2,6L13,1"></path>
                    </svg>
                  </summary>
                  <div class="dropdown-menu flex-auto rounded px-0 mt-0 pb-4 p-lg-4 position-relative position-lg-absolute left-0 left-lg-n4">
                    <a href="/features" class="py-2 lh-condensed-ultra d-block Link--primary no-underline h5 Bump-link--hover" data-ga-click="(Logged out) Header, go to Features">Features <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a>
                    <ul class="list-style-none f5 pb-3">
                        <li class="edge-item-fix"><a href="/mobile" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover">Mobile <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                        <li class="edge-item-fix"><a href="/features/actions" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover">Actions <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                        <li class="edge-item-fix"><a href="/features/codespaces" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover">Codespaces <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                        <li class="edge-item-fix"><a href="/features/packages" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover">Packages <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                        <li class="edge-item-fix"><a href="/features/security" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover">Security <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                        <li class="edge-item-fix"><a href="/features/code-review/" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover">Code review <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                        <li class="edge-item-fix"><a href="/features/project-management/" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover">Project management <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                        <li class="edge-item-fix"><a href="/features/integrations" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover">Integrations <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                    </ul>

                    <ul class="list-style-none mb-0 border-lg-top pt-lg-3">
                      <li class="edge-item-fix"><a href="/sponsors" class="py-2 lh-condensed-ultra d-block no-underline Link--primary no-underline h5 Bump-link--hover" data-ga-click="(Logged out) Header, go to Sponsors">GitHub Sponsors <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                      <li class="edge-item-fix"><a href="/customer-stories" class="py-2 lh-condensed-ultra d-block no-underline Link--primary no-underline h5 Bump-link--hover" data-ga-click="(Logged out) Header, go to Customer stories">Customer stories<span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                    </ul>
                  </div>
                </details>
              </li>
              <li class="border-bottom border-lg-bottom-0 mr-0 mr-lg-3">
                <a href="/team" class="HeaderMenu-link no-underline py-3 d-block d-lg-inline-block" data-ga-click="(Logged out) Header, go to Team">Team</a>
              </li>
              <li class="border-bottom border-lg-bottom-0 mr-0 mr-lg-3">
                <a href="/enterprise" class="HeaderMenu-link no-underline py-3 d-block d-lg-inline-block" data-ga-click="(Logged out) Header, go to Enterprise">Enterprise</a>
              </li>

              <li class="d-block d-lg-flex flex-lg-nowrap flex-lg-items-center border-bottom border-lg-bottom-0 mr-0 mr-lg-3 edge-item-fix position-relative flex-wrap flex-justify-between d-flex flex-items-center ">
                <details class="HeaderMenu-details details-overlay details-reset width-full">
                  <summary class="HeaderMenu-summary HeaderMenu-link px-0 py-3 border-0 no-wrap d-block d-lg-inline-block">
                    Explore
                    <svg x="0px" y="0px" viewBox="0 0 14 8" xml:space="preserve" fill="none" class="icon-chevon-down-mktg position-absolute position-lg-relative">
                      <path d="M1,1l6.2,6L13,1"></path>
                    </svg>
                  </summary>

                  <div class="dropdown-menu flex-auto rounded px-0 pt-2 pb-0 mt-0 pb-4 p-lg-4 position-relative position-lg-absolute left-0 left-lg-n4">
                    <ul class="list-style-none mb-3">
                      <li class="edge-item-fix"><a href="/explore" class="py-2 lh-condensed-ultra d-block Link--primary no-underline h5 Bump-link--hover" data-ga-click="(Logged out) Header, go to Explore">Explore GitHub <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                    </ul>

                    <h4 class="color-text-tertiary text-normal text-mono f5 mb-2 border-lg-top pt-lg-3">Learn and contribute</h4>
                    <ul class="list-style-none mb-3">
                      <li class="edge-item-fix"><a href="/topics" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover" data-ga-click="(Logged out) Header, go to Topics">Topics <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                        <li class="edge-item-fix"><a href="/collections" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover" data-ga-click="(Logged out) Header, go to Collections">Collections <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                      <li class="edge-item-fix"><a href="/trending" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover" data-ga-click="(Logged out) Header, go to Trending">Trending <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                      <li class="edge-item-fix"><a href="https://lab.github.com/" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover" data-ga-click="(Logged out) Header, go to Learning lab">Learning Lab <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                      <li class="edge-item-fix"><a href="https://opensource.guide" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover" data-ga-click="(Logged out) Header, go to Open source guides">Open source guides <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                    </ul>

                    <h4 class="color-text-tertiary text-normal text-mono f5 mb-2 border-lg-top pt-lg-3">Connect with others</h4>
                    <ul class="list-style-none mb-0">
                      <li class="edge-item-fix"><a href="https://github.com/readme" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover">The ReadME Project <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                      <li class="edge-item-fix"><a href="https://github.com/events" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover" data-ga-click="(Logged out) Header, go to Events">Events <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                      <li class="edge-item-fix"><a href="https://github.community" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover" data-ga-click="(Logged out) Header, go to Community forum">Community forum <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                      <li class="edge-item-fix"><a href="https://education.github.com" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover" data-ga-click="(Logged out) Header, go to GitHub Education">GitHub Education <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                      <li class="edge-item-fix"><a href="https://stars.github.com" class="py-2 pb-0 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover" data-ga-click="(Logged out) Header, go to GitHub Stars Program">GitHub Stars program <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                    </ul>
                  </div>
                </details>
              </li>

              <li class="border-bottom border-lg-bottom-0 mr-0 mr-lg-3">
                <a href="/marketplace" class="HeaderMenu-link no-underline py-3 d-block d-lg-inline-block" data-ga-click="(Logged out) Header, go to Marketplace">Marketplace</a>
              </li>

              <li class="d-block d-lg-flex flex-lg-nowrap flex-lg-items-center border-bottom border-lg-bottom-0 mr-0 mr-lg-3 edge-item-fix position-relative flex-wrap flex-justify-between d-flex flex-items-center ">
                <details class="HeaderMenu-details details-overlay details-reset width-full">
                  <summary class="HeaderMenu-summary HeaderMenu-link px-0 py-3 border-0 no-wrap d-block d-lg-inline-block">
                    Pricing
                    <svg x="0px" y="0px" viewBox="0 0 14 8" xml:space="preserve" fill="none" class="icon-chevon-down-mktg position-absolute position-lg-relative">
                       <path d="M1,1l6.2,6L13,1"></path>
                    </svg>
                  </summary>

                  <div class="dropdown-menu flex-auto rounded px-0 pt-2 pb-4 mt-0 p-lg-4 position-relative position-lg-absolute left-0 left-lg-n4">
                    <a href="/pricing" class="pb-2 lh-condensed-ultra d-block Link--primary no-underline h5 Bump-link--hover" data-ga-click="(Logged out) Header, go to Pricing">Plans <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a>

                    <ul class="list-style-none mb-3">
                      <li class="edge-item-fix"><a href="/pricing#feature-comparison" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover" data-ga-click="(Logged out) Header, go to Compare plans">Compare plans <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                      <li class="edge-item-fix"><a href="https://enterprise.github.com/contact" class="py-2 lh-condensed-ultra d-block Link--secondary no-underline f5 Bump-link--hover" data-ga-click="(Logged out) Header, go to Contact Sales">Contact Sales <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                    </ul>

                    <ul class="list-style-none mb-0 border-lg-top pt-lg-3">
                      <li class="edge-item-fix"><a href="https://education.github.com" class="py-2 pb-0 lh-condensed-ultra d-block no-underline Link--primary no-underline h5 Bump-link--hover"  data-ga-click="(Logged out) Header, go to Education">Education <span class="Bump-link-symbol float-right text-normal color-text-tertiary pr-3">&rarr;</span></a></li>
                    </ul>
                  </div>
                </details>
              </li>
          </ul>
        </nav>

      <div class="d-lg-flex flex-items-center px-3 px-lg-0 text-center text-lg-left">
          <div class="d-lg-flex min-width-0 mb-3 mb-lg-0">
            <div class="header-search flex-auto js-site-search position-relative flex-self-stretch flex-md-self-auto mb-3 mb-md-0 mr-0 mr-md-3 scoped-search site-scoped-search js-jump-to"
  role="combobox"
  aria-owns="jump-to-results"
  aria-label="Search or jump to"
  aria-haspopup="listbox"
  aria-expanded="false"
>
  <div class="position-relative">
    <!-- '"` --><!-- </textarea></xmp> --></option></form><form class="js-site-search-form" role="search" aria-label="Site" data-scope-type="Repository" data-scope-id="137503442" data-scoped-search-url="/void-linux/void-packages/search" data-owner-scoped-search-url="/orgs/void-linux/search" data-unscoped-search-url="/search" action="/void-linux/void-packages/search" accept-charset="UTF-8" method="get">
      <label class="form-control input-sm header-search-wrapper p-0 js-chromeless-input-container header-search-wrapper-jump-to position-relative d-flex flex-justify-between flex-items-center">
        <input type="text"
          class="form-control input-sm header-search-input jump-to-field js-jump-to-field js-site-search-focus js-site-search-field is-clearable"
          data-hotkey="s,/"
          name="q"
          value=""
          placeholder="Search"
          data-unscoped-placeholder="Search GitHub"
          data-scoped-placeholder="Search"
          autocapitalize="off"
          aria-autocomplete="list"
          aria-controls="jump-to-results"
          aria-label="Search"
          data-jump-to-suggestions-path="/_graphql/GetSuggestedNavigationDestinations"
          spellcheck="false"
          autocomplete="off"
          >
          <input type="hidden" data-csrf="true" class="js-data-jump-to-suggestions-path-csrf" value="eDrAVbqkF6cHCEk9yEhI3Le3jW5h4JRmK5s4LD2dMosLcOK6MNEn7vcbx3f43Enj5XzZTH+lBlBUGwLFNI216g==" />
          <input type="hidden" class="js-site-search-type-field" name="type" >
            <img src="https://github.githubassets.com/images/search-key-slash.svg" alt="" class="mr-2 header-search-key-slash">

            <div class="Box position-absolute overflow-hidden d-none jump-to-suggestions js-jump-to-suggestions-container">
              
<ul class="d-none js-jump-to-suggestions-template-container">
  

<li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-suggestion" role="option">
  <a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="suggestion">
    <div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none">
      <svg height="16" width="16" class="octicon octicon-repo flex-shrink-0 js-jump-to-octicon-repo d-none" title="Repository" aria-label="Repository" viewBox="0 0 16 16" version="1.1" role="img"><path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path></svg>
      <svg height="16" width="16" class="octicon octicon-project flex-shrink-0 js-jump-to-octicon-project d-none" title="Project" aria-label="Project" viewBox="0 0 16 16" version="1.1" role="img"><path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path></svg>
      <svg height="16" width="16" class="octicon octicon-search flex-shrink-0 js-jump-to-octicon-search d-none" title="Search" aria-label="Search" viewBox="0 0 16 16" version="1.1" role="img"><path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path></svg>
    </div>

    <img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28">

    <div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target">
    </div>

    <div class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none js-jump-to-badge-search">
      <span class="js-jump-to-badge-search-text-default d-none" aria-label="in this repository">
        In this repository
      </span>
      <span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub">
        All GitHub
      </span>
      <span aria-hidden="true" class="d-inline-block ml-1 v-align-middle">↵</span>
    </div>

    <div aria-hidden="true" class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump">
      Jump to
      <span class="d-inline-block ml-1 v-align-middle">↵</span>
    </div>
  </a>
</li>

</ul>

<ul class="d-none js-jump-to-no-results-template-container">
  <li class="d-flex flex-justify-center flex-items-center f5 d-none js-jump-to-suggestion p-2">
    <span class="color-text-secondary">No suggested jump to results</span>
  </li>
</ul>

<ul id="jump-to-results" role="listbox" class="p-0 m-0 js-navigation-container jump-to-suggestions-results-container js-jump-to-suggestions-results-container">
  

<li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-scoped-search d-none" role="option">
  <a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="scoped_search">
    <div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none">
      <svg height="16" width="16" class="octicon octicon-repo flex-shrink-0 js-jump-to-octicon-repo d-none" title="Repository" aria-label="Repository" viewBox="0 0 16 16" version="1.1" role="img"><path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path></svg>
      <svg height="16" width="16" class="octicon octicon-project flex-shrink-0 js-jump-to-octicon-project d-none" title="Project" aria-label="Project" viewBox="0 0 16 16" version="1.1" role="img"><path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path></svg>
      <svg height="16" width="16" class="octicon octicon-search flex-shrink-0 js-jump-to-octicon-search d-none" title="Search" aria-label="Search" viewBox="0 0 16 16" version="1.1" role="img"><path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path></svg>
    </div>

    <img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28">

    <div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target">
    </div>

    <div class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none js-jump-to-badge-search">
      <span class="js-jump-to-badge-search-text-default d-none" aria-label="in this repository">
        In this repository
      </span>
      <span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub">
        All GitHub
      </span>
      <span aria-hidden="true" class="d-inline-block ml-1 v-align-middle">↵</span>
    </div>

    <div aria-hidden="true" class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump">
      Jump to
      <span class="d-inline-block ml-1 v-align-middle">↵</span>
    </div>
  </a>
</li>

  

<li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-owner-scoped-search d-none" role="option">
  <a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="owner_scoped_search">
    <div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none">
      <svg height="16" width="16" class="octicon octicon-repo flex-shrink-0 js-jump-to-octicon-repo d-none" title="Repository" aria-label="Repository" viewBox="0 0 16 16" version="1.1" role="img"><path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path></svg>
      <svg height="16" width="16" class="octicon octicon-project flex-shrink-0 js-jump-to-octicon-project d-none" title="Project" aria-label="Project" viewBox="0 0 16 16" version="1.1" role="img"><path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path></svg>
      <svg height="16" width="16" class="octicon octicon-search flex-shrink-0 js-jump-to-octicon-search d-none" title="Search" aria-label="Search" viewBox="0 0 16 16" version="1.1" role="img"><path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path></svg>
    </div>

    <img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28">

    <div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target">
    </div>

    <div class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none js-jump-to-badge-search">
      <span class="js-jump-to-badge-search-text-default d-none" aria-label="in this organization">
        In this organization
      </span>
      <span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub">
        All GitHub
      </span>
      <span aria-hidden="true" class="d-inline-block ml-1 v-align-middle">↵</span>
    </div>

    <div aria-hidden="true" class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump">
      Jump to
      <span class="d-inline-block ml-1 v-align-middle">↵</span>
    </div>
  </a>
</li>

  

<li class="d-flex flex-justify-start flex-items-center p-0 f5 navigation-item js-navigation-item js-jump-to-global-search d-none" role="option">
  <a tabindex="-1" class="no-underline d-flex flex-auto flex-items-center jump-to-suggestions-path js-jump-to-suggestion-path js-navigation-open p-2" href="" data-item-type="global_search">
    <div class="jump-to-octicon js-jump-to-octicon flex-shrink-0 mr-2 text-center d-none">
      <svg height="16" width="16" class="octicon octicon-repo flex-shrink-0 js-jump-to-octicon-repo d-none" title="Repository" aria-label="Repository" viewBox="0 0 16 16" version="1.1" role="img"><path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path></svg>
      <svg height="16" width="16" class="octicon octicon-project flex-shrink-0 js-jump-to-octicon-project d-none" title="Project" aria-label="Project" viewBox="0 0 16 16" version="1.1" role="img"><path fill-rule="evenodd" d="M1.75 0A1.75 1.75 0 000 1.75v12.5C0 15.216.784 16 1.75 16h12.5A1.75 1.75 0 0016 14.25V1.75A1.75 1.75 0 0014.25 0H1.75zM1.5 1.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v12.5a.25.25 0 01-.25.25H1.75a.25.25 0 01-.25-.25V1.75zM11.75 3a.75.75 0 00-.75.75v7.5a.75.75 0 001.5 0v-7.5a.75.75 0 00-.75-.75zm-8.25.75a.75.75 0 011.5 0v5.5a.75.75 0 01-1.5 0v-5.5zM8 3a.75.75 0 00-.75.75v3.5a.75.75 0 001.5 0v-3.5A.75.75 0 008 3z"></path></svg>
      <svg height="16" width="16" class="octicon octicon-search flex-shrink-0 js-jump-to-octicon-search d-none" title="Search" aria-label="Search" viewBox="0 0 16 16" version="1.1" role="img"><path fill-rule="evenodd" d="M11.5 7a4.499 4.499 0 11-8.998 0A4.499 4.499 0 0111.5 7zm-.82 4.74a6 6 0 111.06-1.06l3.04 3.04a.75.75 0 11-1.06 1.06l-3.04-3.04z"></path></svg>
    </div>

    <img class="avatar mr-2 flex-shrink-0 js-jump-to-suggestion-avatar d-none" alt="" aria-label="Team" src="" width="28" height="28">

    <div class="jump-to-suggestion-name js-jump-to-suggestion-name flex-auto overflow-hidden text-left no-wrap css-truncate css-truncate-target">
    </div>

    <div class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none js-jump-to-badge-search">
      <span class="js-jump-to-badge-search-text-default d-none" aria-label="in this repository">
        In this repository
      </span>
      <span class="js-jump-to-badge-search-text-global d-none" aria-label="in all of GitHub">
        All GitHub
      </span>
      <span aria-hidden="true" class="d-inline-block ml-1 v-align-middle">↵</span>
    </div>

    <div aria-hidden="true" class="border rounded-1 flex-shrink-0 color-bg-tertiary px-1 color-text-tertiary ml-1 f6 d-none d-on-nav-focus js-jump-to-badge-jump">
      Jump to
      <span class="d-inline-block ml-1 v-align-middle">↵</span>
    </div>
  </a>
</li>


</ul>

            </div>
      </label>
</form>  </div>
</div>

          </div>

        <a href="/login?return_to=%2Fvoid-linux%2Fvoid-packages%2Fpull%2F30139"
          class="HeaderMenu-link flex-shrink-0 no-underline mr-3"
          data-hydro-click="{&quot;event_type&quot;:&quot;authentication.click&quot;,&quot;payload&quot;:{&quot;location_in_page&quot;:&quot;site header menu&quot;,&quot;repository_id&quot;:null,&quot;auth_type&quot;:&quot;SIGN_UP&quot;,&quot;originating_url&quot;:&quot;https://github.com/void-linux/void-packages/pull/30139&quot;,&quot;user_id&quot;:null}}" data-hydro-click-hmac="27f87c200a12fb5383ab1e237de75f300199079771762696e6f8f7671f382555"
          data-ga-click="(Logged out) Header, clicked Sign in, text:sign-in">
          Sign in
        </a>
            <a href="/join?ref_cta=Sign+up&amp;ref_loc=header+logged+out&amp;ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fpull_requests%2Fshow&amp;source=header-repo&amp;source_repo=void-linux%2Fvoid-packages"
              class="HeaderMenu-link flex-shrink-0 d-inline-block no-underline border color-border-tertiary rounded px-2 py-1 js-signup-redesign-target js-signup-redesign-control"
              data-hydro-click="{&quot;event_type&quot;:&quot;authentication.click&quot;,&quot;payload&quot;:{&quot;location_in_page&quot;:&quot;site header menu&quot;,&quot;repository_id&quot;:null,&quot;auth_type&quot;:&quot;SIGN_UP&quot;,&quot;originating_url&quot;:&quot;https://github.com/void-linux/void-packages/pull/30139&quot;,&quot;user_id&quot;:null}}" data-hydro-click-hmac="27f87c200a12fb5383ab1e237de75f300199079771762696e6f8f7671f382555"
              data-hydro-click="{&quot;event_type&quot;:&quot;analytics.click&quot;,&quot;payload&quot;:{&quot;category&quot;:&quot;Sign up&quot;,&quot;action&quot;:&quot;click to sign up for account&quot;,&quot;label&quot;:&quot;ref_page:/&lt;user-name&gt;/&lt;repo-name&gt;/pull_requests/show;ref_cta:Sign up;ref_loc:header logged out&quot;,&quot;originating_url&quot;:&quot;https://github.com/void-linux/void-packages/pull/30139&quot;,&quot;user_id&quot;:null}}" data-hydro-click-hmac="e92de17775552e7756c15168129510df34417ae9628e2f4ff341fe27cbfb7838"
            >
              Sign up
            </a>
            <a href="/join_next?ref_cta=Sign+up&amp;ref_loc=header+logged+out&amp;ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fpull_requests%2Fshow&amp;source=header-repo&amp;source_repo=void-linux%2Fvoid-packages"
              class="HeaderMenu-link flex-shrink-0 d-inline-block no-underline border color-border-tertiary rounded-1 px-2 py-1 js-signup-redesign-target js-signup-redesign-variation"
              hidden
              data-hydro-click="{&quot;event_type&quot;:&quot;authentication.click&quot;,&quot;payload&quot;:{&quot;location_in_page&quot;:&quot;site header menu&quot;,&quot;repository_id&quot;:null,&quot;auth_type&quot;:&quot;SIGN_UP&quot;,&quot;originating_url&quot;:&quot;https://github.com/void-linux/void-packages/pull/30139&quot;,&quot;user_id&quot;:null}}" data-hydro-click-hmac="27f87c200a12fb5383ab1e237de75f300199079771762696e6f8f7671f382555"
              data-hydro-click="{&quot;event_type&quot;:&quot;analytics.click&quot;,&quot;payload&quot;:{&quot;category&quot;:&quot;Sign up&quot;,&quot;action&quot;:&quot;click to sign up for account&quot;,&quot;label&quot;:&quot;ref_page:/&lt;user-name&gt;/&lt;repo-name&gt;/pull_requests/show;ref_cta:Sign up;ref_loc:header logged out&quot;,&quot;originating_url&quot;:&quot;https://github.com/void-linux/void-packages/pull/30139&quot;,&quot;user_id&quot;:null}}" data-hydro-click-hmac="e92de17775552e7756c15168129510df34417ae9628e2f4ff341fe27cbfb7838"
            >
              Sign up
            </a>
      </div>
    </div>
  </div>
</header>

    </div>

  <div id="start-of-content" class="show-on-focus"></div>





    <div data-pjax-replace id="js-flash-container">


  <template class="js-flash-template">
    <div class="flash flash-full  {{ className }}">
  <div class=" px-2" >
    <button class="flash-close js-flash-close" type="button" aria-label="Dismiss this message">
      <svg class="octicon octicon-x" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M3.72 3.72a.75.75 0 011.06 0L8 6.94l3.22-3.22a.75.75 0 111.06 1.06L9.06 8l3.22 3.22a.75.75 0 11-1.06 1.06L8 9.06l-3.22 3.22a.75.75 0 01-1.06-1.06L6.94 8 3.72 4.78a.75.75 0 010-1.06z"></path></svg>
    </button>
    
      <div>{{ message }}</div>

  </div>
</div>
  </template>
</div>


    

  <include-fragment class="js-notification-shelf-include-fragment" data-base-src="https://github.com/notifications/beta/shelf"></include-fragment>




  <div
    class="application-main "
    data-commit-hovercards-enabled
    data-discussion-hovercards-enabled
    data-issue-and-pr-hovercards-enabled
  >
        <div itemscope itemtype="http://schema.org/SoftwareSourceCode" class="">
    <main id="js-repo-pjax-container" data-pjax-container >
      
<!-- base sha1: &quot;14fdd1148a71805e35cd6f93c4c5cd0f7a81ccbf&quot; -->
<!-- head sha1: &quot;0b02fe48aa5e877f4548125a3a1a27c582c87c56&quot; -->

      

    






  


  <div class="color-bg-secondary pt-3 hide-full-screen mb-5">

      <div class="d-flex mb-3 px-3 px-md-4 px-lg-5">

        <div class="flex-auto min-width-0 width-fit mr-3">
            <h1 class=" d-flex flex-wrap flex-items-center break-word f3 text-normal">
    <svg class="octicon octicon-repo color-text-secondary mr-2" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M2 2.5A2.5 2.5 0 014.5 0h8.75a.75.75 0 01.75.75v12.5a.75.75 0 01-.75.75h-2.5a.75.75 0 110-1.5h1.75v-2h-8a1 1 0 00-.714 1.7.75.75 0 01-1.072 1.05A2.495 2.495 0 012 11.5v-9zm10.5-1V9h-8c-.356 0-.694.074-1 .208V2.5a1 1 0 011-1h8zM5 12.25v3.25a.25.25 0 00.4.2l1.45-1.087a.25.25 0 01.3 0L8.6 15.7a.25.25 0 00.4-.2v-3.25a.25.25 0 00-.25-.25h-3.5a.25.25 0 00-.25.25z"></path></svg>
  <span class="author flex-self-stretch" itemprop="author">
    <a class="url fn" rel="author" data-hovercard-type="organization" data-hovercard-url="/orgs/void-linux/hovercard" href="/void-linux">void-linux</a>
  </span>
  <span class="mx-1 flex-self-stretch color-text-secondary">/</span>
  <strong itemprop="name" class="mr-2 flex-self-stretch">
    <a data-pjax="#js-repo-pjax-container" href="/void-linux/void-packages">void-packages</a>
  </strong>
  
</h1>


        </div>

          <ul class="pagehead-actions flex-shrink-0 d-none d-md-inline" style="padding: 2px 0;">

  <li>
      <a class="tooltipped tooltipped-s btn btn-sm" aria-label="You must be signed in to change notification settings" rel="nofollow" data-hydro-click="{&quot;event_type&quot;:&quot;authentication.click&quot;,&quot;payload&quot;:{&quot;location_in_page&quot;:&quot;notification subscription menu watch&quot;,&quot;repository_id&quot;:null,&quot;auth_type&quot;:&quot;LOG_IN&quot;,&quot;originating_url&quot;:&quot;https://github.com/void-linux/void-packages/pull/30139&quot;,&quot;user_id&quot;:null}}" data-hydro-click-hmac="c74d3fdce1d536f4bbba4abbc386efba5b8b5d8a01d4d8ac64fc3fc6f03c6a61" href="/login?return_to=%2Fvoid-linux%2Fvoid-packages">
    <svg class="octicon octicon-bell" height="16" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path d="M8 16a2 2 0 001.985-1.75c.017-.137-.097-.25-.235-.25h-3.5c-.138 0-.252.113-.235.25A2 2 0 008 16z"></path><path fill-rule="evenodd" d="M8 1.5A3.5 3.5 0 004.5 5v2.947c0 .346-.102.683-.294.97l-1.703 2.556a.018.018 0 00-.003.01l.001.006c0 .002.002.004.004.006a.017.017 0 00.006.004l.007.001h10.964l.007-.001a.016.016 0 00.006-.004.016.016 0 00.004-.006l.001-.007a.017.017 0 00-.003-.01l-1.703-2.554a1.75 1.75 0 01-.294-.97V5A3.5 3.5 0 008 1.5zM3 5a5 5 0 0110 0v2.947c0 .05.015.098.042.139l1.703 2.555A1.518 1.518 0 0113.482 13H2.518a1.518 1.518 0 01-1.263-2.36l1.703-2.554A.25.25 0 003 7.947V5z"></path></svg>
    Notifications
</a>
  </li>

  <li>
          <a class="btn btn-sm btn-with-count  tooltipped tooltipped-s" aria-label="You must be signed in to star a repository" rel="nofollow" data-hydro-click="{&quot;event_type&quot;:&quot;authentication.click&quot;,&quot;payload&quot;:{&quot;location_in_page&quot;:&quot;star button&quot;,&quot;repository_id&quot;:137503442,&quot;auth_type&quot;:&quot;LOG_IN&quot;,&quot;originating_url&quot;:&quot;https://github.com/void-linux/void-packages/pull/30139&quot;,&quot;user_id&quot;:null}}" data-hydro-click-hmac="29182079f4cec7fa9320f0d2e1852f73e5a38b943e408226a7dbe9ceb59f9cd8" href="/login?return_to=%2Fvoid-linux%2Fvoid-packages">
      <svg class="octicon octicon-star v-align-text-bottom mr-1" height="16" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M8 .25a.75.75 0 01.673.418l1.882 3.815 4.21.612a.75.75 0 01.416 1.279l-3.046 2.97.719 4.192a.75.75 0 01-1.088.791L8 12.347l-3.766 1.98a.75.75 0 01-1.088-.79l.72-4.194L.818 6.374a.75.75 0 01.416-1.28l4.21-.611L7.327.668A.75.75 0 018 .25zm0 2.445L6.615 5.5a.75.75 0 01-.564.41l-3.097.45 2.24 2.184a.75.75 0 01.216.664l-.528 3.084 2.769-1.456a.75.75 0 01.698 0l2.77 1.456-.53-3.084a.75.75 0 01.216-.664l2.24-2.183-3.096-.45a.75.75 0 01-.564-.41L8 2.694v.001z"></path></svg>
      <span>
        Star
</span></a>
    <a class="social-count js-social-count" href="/void-linux/void-packages/stargazers"
      aria-label="1261 users starred this repository">
      1.3k
    </a>

  </li>

  <li>
        <a class="btn btn-sm btn-with-count tooltipped tooltipped-s" aria-label="You must be signed in to fork a repository" rel="nofollow" data-hydro-click="{&quot;event_type&quot;:&quot;authentication.click&quot;,&quot;payload&quot;:{&quot;location_in_page&quot;:&quot;repo details fork button&quot;,&quot;repository_id&quot;:137503442,&quot;auth_type&quot;:&quot;LOG_IN&quot;,&quot;originating_url&quot;:&quot;https://github.com/void-linux/void-packages/pull/30139&quot;,&quot;user_id&quot;:null}}" data-hydro-click-hmac="4844e5af5b4d5dedfadb99abe63606e78dce36c61e86c2be6239eadbaf236cd8" href="/login?return_to=%2Fvoid-linux%2Fvoid-packages">
          <svg class="octicon octicon-repo-forked" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M5 3.25a.75.75 0 11-1.5 0 .75.75 0 011.5 0zm0 2.122a2.25 2.25 0 10-1.5 0v.878A2.25 2.25 0 005.75 8.5h1.5v2.128a2.251 2.251 0 101.5 0V8.5h1.5a2.25 2.25 0 002.25-2.25v-.878a2.25 2.25 0 10-1.5 0v.878a.75.75 0 01-.75.75h-4.5A.75.75 0 015 6.25v-.878zm3.75 7.378a.75.75 0 11-1.5 0 .75.75 0 011.5 0zm3-8.75a.75.75 0 100-1.5.75.75 0 000 1.5z"></path></svg>
          Fork
</a>
      <a href="/void-linux/void-packages/network/members" class="social-count"
         aria-label="1214 users forked this repository">
        1.2k
      </a>
  </li>
</ul>

      </div>
        
<nav aria-label="Repository" data-pjax="#js-repo-pjax-container" class="js-repo-nav js-sidenav-container-pjax js-responsive-underlinenav overflow-hidden UnderlineNav px-3 px-md-4 px-lg-5 color-bg-secondary">
  <ul class="UnderlineNav-body list-style-none ">        <li class="d-flex">
          <a class="js-selected-navigation-item UnderlineNav-item hx_underlinenav-item no-wrap js-responsive-underlinenav-item" data-tab-item="i0code-tab" data-hotkey="g c" data-ga-click="Repository, Navigation click, Code tab" data-selected-links="repo_source repo_downloads repo_commits repo_releases repo_tags repo_branches repo_packages repo_deployments /void-linux/void-packages" href="/void-linux/void-packages">
                <svg class="octicon octicon-code UnderlineNav-octicon d-none d-sm-inline" height="16" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M4.72 3.22a.75.75 0 011.06 1.06L2.06 8l3.72 3.72a.75.75 0 11-1.06 1.06L.47 8.53a.75.75 0 010-1.06l4.25-4.25zm6.56 0a.75.75 0 10-1.06 1.06L13.94 8l-3.72 3.72a.75.75 0 101.06 1.06l4.25-4.25a.75.75 0 000-1.06l-4.25-4.25z"></path></svg>
              <span data-content="Code">Code</span>
                <span title="Not available" class="Counter "></span>
</a>        </li>
        <li class="d-flex">
          <a class="js-selected-navigation-item UnderlineNav-item hx_underlinenav-item no-wrap js-responsive-underlinenav-item" data-tab-item="i1issues-tab" data-hotkey="g i" data-ga-click="Repository, Navigation click, Issues tab" data-selected-links="repo_issues repo_labels repo_milestones /void-linux/void-packages/issues" href="/void-linux/void-packages/issues">
                <svg class="octicon octicon-issue-opened UnderlineNav-octicon d-none d-sm-inline" height="16" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M8 1.5a6.5 6.5 0 100 13 6.5 6.5 0 000-13zM0 8a8 8 0 1116 0A8 8 0 010 8zm9 3a1 1 0 11-2 0 1 1 0 012 0zm-.25-6.25a.75.75 0 00-1.5 0v3.5a.75.75 0 001.5 0v-3.5z"></path></svg>
              <span data-content="Issues">Issues</span>
                <span title="525" class="Counter ">525</span>
</a>        </li>
        <li class="d-flex">
          <a class="js-selected-navigation-item selected UnderlineNav-item hx_underlinenav-item no-wrap js-responsive-underlinenav-item" data-tab-item="i2pull-requests-tab" data-hotkey="g p" data-ga-click="Repository, Navigation click, Pull requests tab" aria-current="page" data-selected-links="repo_pulls checks /void-linux/void-packages/pulls" href="/void-linux/void-packages/pulls">
                <svg class="octicon octicon-git-pull-request UnderlineNav-octicon d-none d-sm-inline" height="16" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.177 3.073L9.573.677A.25.25 0 0110 .854v4.792a.25.25 0 01-.427.177L7.177 3.427a.25.25 0 010-.354zM3.75 2.5a.75.75 0 100 1.5.75.75 0 000-1.5zm-2.25.75a2.25 2.25 0 113 2.122v5.256a2.251 2.251 0 11-1.5 0V5.372A2.25 2.25 0 011.5 3.25zM11 2.5h-1V4h1a1 1 0 011 1v5.628a2.251 2.251 0 101.5 0V5A2.5 2.5 0 0011 2.5zm1 10.25a.75.75 0 111.5 0 .75.75 0 01-1.5 0zM3.75 12a.75.75 0 100 1.5.75.75 0 000-1.5z"></path></svg>
              <span data-content="Pull requests">Pull requests</span>
                <span title="567" class="Counter ">567</span>
</a>        </li>
        <li class="d-flex">
          <a class="js-selected-navigation-item UnderlineNav-item hx_underlinenav-item no-wrap js-responsive-underlinenav-item" data-tab-item="i3actions-tab" data-hotkey="g a" data-ga-click="Repository, Navigation click, Actions tab" data-selected-links="repo_actions /void-linux/void-packages/actions" href="/void-linux/void-packages/actions">
                <svg class="octicon octicon-play UnderlineNav-octicon d-none d-sm-inline" height="16" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M1.5 8a6.5 6.5 0 1113 0 6.5 6.5 0 01-13 0zM8 0a8 8 0 100 16A8 8 0 008 0zM6.379 5.227A.25.25 0 006 5.442v5.117a.25.25 0 00.379.214l4.264-2.559a.25.25 0 000-.428L6.379 5.227z"></path></svg>
              <span data-content="Actions">Actions</span>
                <span title="Not available" class="Counter "></span>
</a>        </li>
        <li class="d-flex">
          <a class="js-selected-navigation-item UnderlineNav-item hx_underlinenav-item no-wrap js-responsive-underlinenav-item" data-tab-item="i4security-tab" data-hotkey="g s" data-ga-click="Repository, Navigation click, Security tab" data-selected-links="security overview alerts policy token_scanning code_scanning /void-linux/void-packages/security" href="/void-linux/void-packages/security">
                <svg class="octicon octicon-shield UnderlineNav-octicon d-none d-sm-inline" height="16" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.467.133a1.75 1.75 0 011.066 0l5.25 1.68A1.75 1.75 0 0115 3.48V7c0 1.566-.32 3.182-1.303 4.682-.983 1.498-2.585 2.813-5.032 3.855a1.7 1.7 0 01-1.33 0c-2.447-1.042-4.049-2.357-5.032-3.855C1.32 10.182 1 8.566 1 7V3.48a1.75 1.75 0 011.217-1.667l5.25-1.68zm.61 1.429a.25.25 0 00-.153 0l-5.25 1.68a.25.25 0 00-.174.238V7c0 1.358.275 2.666 1.057 3.86.784 1.194 2.121 2.34 4.366 3.297a.2.2 0 00.154 0c2.245-.956 3.582-2.104 4.366-3.298C13.225 9.666 13.5 8.36 13.5 7V3.48a.25.25 0 00-.174-.237l-5.25-1.68zM9 10.5a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.75a.75.75 0 10-1.5 0v3a.75.75 0 001.5 0v-3z"></path></svg>
              <span data-content="Security">Security</span>
                <include-fragment src="/void-linux/void-packages/security/overall-count" accept="text/fragment+html"></include-fragment>
</a>        </li>
        <li class="d-flex">
          <a class="js-selected-navigation-item UnderlineNav-item hx_underlinenav-item no-wrap js-responsive-underlinenav-item" data-tab-item="i5insights-tab" data-ga-click="Repository, Navigation click, Insights tab" data-selected-links="repo_graphs repo_contributors dependency_graph dependabot_updates pulse people community /void-linux/void-packages/pulse" href="/void-linux/void-packages/pulse">
                <svg class="octicon octicon-graph UnderlineNav-octicon d-none d-sm-inline" height="16" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M1.5 1.75a.75.75 0 00-1.5 0v12.5c0 .414.336.75.75.75h14.5a.75.75 0 000-1.5H1.5V1.75zm14.28 2.53a.75.75 0 00-1.06-1.06L10 7.94 7.53 5.47a.75.75 0 00-1.06 0L3.22 8.72a.75.75 0 001.06 1.06L7 7.06l2.47 2.47a.75.75 0 001.06 0l5.25-5.25z"></path></svg>
              <span data-content="Insights">Insights</span>
                <span title="Not available" class="Counter "></span>
</a>        </li>
</ul>
    <div style="visibility:hidden;" class="UnderlineNav-actions  js-responsive-underlinenav-overflow position-absolute pr-3 pr-md-4 pr-lg-5 right-0">    <details class="details-overlay details-reset position-relative">
  <summary role="button">        <div class="UnderlineNav-item mr-0 border-0">
          <svg class="octicon octicon-kebab-horizontal" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path d="M8 9a1.5 1.5 0 100-3 1.5 1.5 0 000 3zM1.5 9a1.5 1.5 0 100-3 1.5 1.5 0 000 3zm13 0a1.5 1.5 0 100-3 1.5 1.5 0 000 3z"></path></svg>
          <span class="sr-only">More</span>
        </div>
</summary>
  <div>        <details-menu role="menu" class="dropdown-menu dropdown-menu-sw ">
  
          <ul>
              <li data-menu-item="i0code-tab" hidden>
                <a role="menuitem" class="js-selected-navigation-item dropdown-item" data-selected-links=" /void-linux/void-packages" href="/void-linux/void-packages">
                  Code
</a>              </li>
              <li data-menu-item="i1issues-tab" hidden>
                <a role="menuitem" class="js-selected-navigation-item dropdown-item" data-selected-links=" /void-linux/void-packages/issues" href="/void-linux/void-packages/issues">
                  Issues
</a>              </li>
              <li data-menu-item="i2pull-requests-tab" hidden>
                <a role="menuitem" class="js-selected-navigation-item dropdown-item" data-selected-links=" /void-linux/void-packages/pulls" href="/void-linux/void-packages/pulls">
                  Pull requests
</a>              </li>
              <li data-menu-item="i3actions-tab" hidden>
                <a role="menuitem" class="js-selected-navigation-item dropdown-item" data-selected-links=" /void-linux/void-packages/actions" href="/void-linux/void-packages/actions">
                  Actions
</a>              </li>
              <li data-menu-item="i4security-tab" hidden>
                <a role="menuitem" class="js-selected-navigation-item dropdown-item" data-selected-links=" /void-linux/void-packages/security" href="/void-linux/void-packages/security">
                  Security
</a>              </li>
              <li data-menu-item="i5insights-tab" hidden>
                <a role="menuitem" class="js-selected-navigation-item dropdown-item" data-selected-links=" /void-linux/void-packages/pulse" href="/void-linux/void-packages/pulse">
                  Insights
</a>              </li>
          </ul>

</details-menu></div>
</details></div>
</nav>
  </div>


<div class="container-xl clearfix new-discussion-timeline px-3 px-md-4 px-lg-5">
  <div id="repo-content-pjax-container" class="repository-content " >

    
      
    <div class="js-check-all-container" data-pjax>
      

  <div id="js-report-pull-request-refresh" data-hydro-view="{&quot;event_type&quot;:&quot;pull-request-refresh&quot;,&quot;payload&quot;:{&quot;pull_request_id&quot;:612975256,&quot;tab_context&quot;:&quot;conversation&quot;,&quot;originating_url&quot;:&quot;https://github.com/void-linux/void-packages/pull/30139&quot;,&quot;user_id&quot;:null}}" data-hydro-view-hmac="2c605c2759a33898332a60fc0608c73e92574a987fcd994aea6d81b22ca42e61"></div>


  <div class="clearfix js-issues-results">
    

  <div
    id="partial-discussion-header"
    class="gh-header mb-3 js-details-container Details js-socket-channel js-updatable-content pull request js-pull-header-details"
    data-channel="eyJjIjoicHVsbF9yZXF1ZXN0OjYxMjk3NTI1NiIsInQiOjE2MTgwOTUxNjB9--49737d9c1d0c6485b206bdb01d566597338cf76f71e3376b91ea40a8c00ca6ab"
    data-url="/void-linux/void-packages/pull/30139/show_partial?partial=pull_requests%2Ftitle&amp;sticky=true"
    data-pull-is-open="true"
    data-gid="MDExOlB1bGxSZXF1ZXN0NjEyOTc1MjU2">
  <div class="gh-header-show ">
    <div class="d-flex flex-column flex-md-row">
      <div class="gh-header-actions mt-0 mt-md-2 mb-3 mb-md-0 ml-0 flex-md-order-1 flex-shrink-0 d-flex flex-items-start">


          
<details class="details-reset details-overlay details-overlay-dark float-right" >
  <summary
    class="btn btn-sm btn-primary m-0 ml-0 ml-md-2"
    
    
    data-ga-click="Issues, create new issue, view:issue_show location:issue_header style:button logged_in:false"
>
    
    New issue
  </summary>
  <details-dialog class="Box Box--overlay d-flex flex-column anim-fade-in fast overflow-auto" aria-label="Sign up for GitHub">
      <button class="position-absolute p-4 right-0 btn-link Link--muted" type="button" aria-label="Close dialog" data-close-dialog>
        <svg class="octicon octicon-x" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M3.72 3.72a.75.75 0 011.06 0L8 6.94l3.22-3.22a.75.75 0 111.06 1.06L9.06 8l3.22 3.22a.75.75 0 11-1.06 1.06L8 9.06l-3.22 3.22a.75.75 0 01-1.06-1.06L6.94 8 3.72 4.78a.75.75 0 010-1.06z"></path></svg>
      </button>
    <div class="d-flex flex-column p-4">
            <div class="mt-3 mb-2 text-center">
  <svg height="60" class="octicon octicon-comment-discussion color-text-link" viewBox="0 0 24 24" version="1.1" width="60" aria-hidden="true"><path fill-rule="evenodd" d="M1.75 1A1.75 1.75 0 000 2.75v9.5C0 13.216.784 14 1.75 14H3v1.543a1.457 1.457 0 002.487 1.03L8.061 14h6.189A1.75 1.75 0 0016 12.25v-9.5A1.75 1.75 0 0014.25 1H1.75zM1.5 2.75a.25.25 0 01.25-.25h12.5a.25.25 0 01.25.25v9.5a.25.25 0 01-.25.25h-6.5a.75.75 0 00-.53.22L4.5 15.44v-2.19a.75.75 0 00-.75-.75h-2a.25.25 0 01-.25-.25v-9.5z"></path><path d="M22.5 8.75a.25.25 0 00-.25-.25h-3.5a.75.75 0 010-1.5h3.5c.966 0 1.75.784 1.75 1.75v9.5A1.75 1.75 0 0122.25 20H21v1.543a1.457 1.457 0 01-2.487 1.03L15.939 20H10.75A1.75 1.75 0 019 18.25v-1.465a.75.75 0 011.5 0v1.465c0 .138.112.25.25.25h5.5a.75.75 0 01.53.22l2.72 2.72v-2.19a.75.75 0 01.75-.75h2a.25.25 0 00.25-.25v-9.5z"></path></svg>
</div>

<div class="px-4">
  <p class="text-center mb-4">
  <strong>Have a question about this project?</strong> Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
  </p>

  <!-- '"` --><!-- </textarea></xmp> --></option></form><form class="js-signup-form" autocomplete="off" action="/join?return_to=%2Fvoid-linux%2Fvoid-packages%2Fissues%2Fnew" accept-charset="UTF-8" method="post"><input type="hidden" data-csrf="true" name="authenticity_token" value="14tQp0p20l8ouprXlrs8kJFhlEeQh8zIOsr5mo4EObpL0fZQM2W4jwbLyrWPkpy+OzrRwCKrHWSQ8qZP4yjUyA==" />    <auto-check src="/signup_check/username">
      <dl class="form-group"><dt class="input-label"><label name="user[login]" autocapitalize="off" autofocus="autofocus" for="user_login_issues">Pick a username</label></dt><dd><input name="user[login]" autocapitalize="off" autofocus="autofocus" class="form-control" type="text" id="user_login_issues" /></dd></dl>
      <input type="hidden" data-csrf="true" value="iH2PB2bV2OwVmobQFC/Pi75RIy6Yin7/pgHtaR/IXIYDhmFFgLj5ZcrQsVr+jBQlLHpdR1H+/b24jJHvlykJ4A==" />
    </auto-check>

    <auto-check src="/signup_check/email">
      <dl class="form-group"><dt class="input-label"><label name="user[email]" autocapitalize="off" for="user_email_issues">Email Address</label></dt><dd><input name="user[email]" autocapitalize="off" class="form-control" type="text" id="user_email_issues" /></dd></dl>
      <input type="hidden" data-csrf="true" value="ne9HgUs5zWkSNQtXY6T3yvK7T9udbQafFRrbYtB7rd6OxGnapQPdnO1NIR5p+nzImU//EmpPjvdzVdoe3d3ILg==" />
    </auto-check>

    <auto-check src="/users/password"><dl class="form-group"><dt class="input-label"><label name="user[password]" for="user_password_issues">Password</label></dt><dd><input name="user[password]" class="form-control" type="password" id="user_password_issues" /></dd></dl><input type="hidden" data-csrf="true" value="2cXcuNTQsjo0hEeFhDkWOLoprkOCCGWnPamVj1WPHspQxlIENXM+cmuijGEwqqnI2+Nd4zPjcCbQt85CbHu1Fw==" /></auto-check>

    <input type="hidden" name="source" class="js-signup-source" value="modal-issues">
    <input class="form-control" type="text" name="required_field_8f43" hidden="hidden" />
<input class="form-control" type="hidden" name="timestamp" value="1618095160709" />
<input class="form-control" type="hidden" name="timestamp_secret" value="bc413a777edf634e5c6760959f593616534a83f4b38078820fc3521342dc6d17" />


    <button class="btn btn-primary mt-2 btn-block" type="submit" data-ga-click="(Logged out) New issue modal, clicked Sign up, text:sign-up">Sign up for GitHub</button>
</form>
  <p class="mt-4 color-text-secondary text-center">By clicking &ldquo;Sign up for GitHub&rdquo;, you agree to our <a href="https://docs.github.com/terms" target="_blank">terms of service</a> and
  <a href="https://docs.github.com/privacy" target="_blank">privacy statement</a>. We’ll occasionally send you account related emails.</p>

  <p class="mt-4 color-text-secondary text-center">
    Already on GitHub?
    <a data-ga-click="(Logged out) New issue modal, clicked Sign in, text:sign-in" data-hydro-click="{&quot;event_type&quot;:&quot;authentication.click&quot;,&quot;payload&quot;:{&quot;location_in_page&quot;:&quot;new issue modal&quot;,&quot;repository_id&quot;:null,&quot;auth_type&quot;:&quot;LOG_IN&quot;,&quot;originating_url&quot;:&quot;https://github.com/void-linux/void-packages/pull/30139&quot;,&quot;user_id&quot;:null}}" data-hydro-click-hmac="93be356b562c955340d0a0cabd1aa0f9ea9d83625c682f4af6b13c95e54a4880" href="/login?return_to=%2Fvoid-linux%2Fvoid-packages%2Fissues%2Fnew">Sign in</a>
    to your account
  </p>
</div>

</div>
  </details-dialog>
</details>
        <div class="flex-auto text-right d-block d-md-none">
          <a href="#issue-comment-box" class="py-1">Jump to bottom</a>
        </div>
      </div>

    <h1 class="gh-header-title mb-2 lh-condensed f1 mr-0 flex-auto break-word">
      <span class="js-issue-title markdown-title">
        common/hooks/post-install: add fix permissions hook
      </span>
      <span class="f1-light color-text-tertiary">#30139</span>
    </h1>
    </div>
  </div>

  <div class="d-flex flex-items-center flex-wrap mt-0 gh-header-meta">
    <div class="flex-shrink-0 mb-2 flex-self-start flex-md-self-center">
        <span title="Status: Open" class="State State--open ">
  <svg height="16" class="octicon octicon-git-pull-request" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.177 3.073L9.573.677A.25.25 0 0110 .854v4.792a.25.25 0 01-.427.177L7.177 3.427a.25.25 0 010-.354zM3.75 2.5a.75.75 0 100 1.5.75.75 0 000-1.5zm-2.25.75a2.25 2.25 0 113 2.122v5.256a2.251 2.251 0 11-1.5 0V5.372A2.25 2.25 0 011.5 3.25zM11 2.5h-1V4h1a1 1 0 011 1v5.628a2.251 2.251 0 101.5 0V5A2.5 2.5 0 0011 2.5zm1 10.25a.75.75 0 111.5 0 .75.75 0 01-1.5 0zM3.75 12a.75.75 0 100 1.5.75.75 0 000-1.5z"></path></svg> Open
</span>
    </div>



    <div class="flex-auto min-width-0 mb-2">
          <a class="author Link--secondary text-bold css-truncate css-truncate-target expandable" data-hovercard-type="user" data-hovercard-url="/users/paper42/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/paper42">paper42</a>

  wants to merge
  <span class="js-updating-pull-request-commits-count">1</span>
  commit into



  <span title="void-linux/void-packages:master" class="commit-ref css-truncate user-select-contain expandable base-ref"><a title="void-linux/void-packages:master" class="no-underline " href="/void-linux/void-packages"><span class="css-truncate-target">void-linux</span>:<span class="css-truncate-target">master</span></a></span><span></span>

  <div class="commit-ref-dropdown">
    <details class="details-reset details-overlay select-menu commitish-suggester">
      <summary class="btn btn-sm select-menu-button branch" title="Choose a base branch">
        <i>base:</i>
        <span class="css-truncate css-truncate-target" title="master">master</span>
      </summary>
      <details-menu
        class="select-menu-modal position-absolute js-pull-base-branch-menu"
        data-menu-input="pull-change-base-branch-field"
        style="z-index: 90;"
        src="/void-linux/void-packages/pull/30139/show_partial?partial=pull_requests%2Fdescription_branches_dropdown" preload>
        <include-fragment aria-label="Loading">
          <svg style="box-sizing: content-box; color: var(--color-icon-primary);" viewBox="0 0 16 16" fill="none" width="32" height="32" class="my-6 mx-auto d-block anim-rotate">
  <circle cx="8" cy="8" r="7" stroke="currentColor" stroke-opacity="0.25" stroke-width="2" vector-effect="non-scaling-stroke" />
  <path d="M15 8a7.002 7.002 0 00-7-7" stroke="currentColor" stroke-width="2" stroke-linecap="round" vector-effect="non-scaling-stroke" />
</svg>
        </include-fragment>
      </details-menu>
    </details>
    <!-- '"` --><!-- </textarea></xmp> --></option></form><form id="change-base-form" action="/void-linux/void-packages/pull/30139/change_base" accept-charset="UTF-8" method="post"><input type="hidden" data-csrf="true" name="authenticity_token" value="Onh9QGhgu/lnSik5sWPcN2rkywo82peq603lRukbAFalQJTy18PRiv6FDpsZyjRNubS/JvIWGjoZ+K+LFJkrhg==" />
      <input type="hidden" id="pull-change-base-branch-field" name="new_base_binary">
</form>  </div>

from

<span title="paper42/void-packages:0001-common-hooks-post-install-add-fix-permissions-hook.patch" class="commit-ref css-truncate user-select-contain expandable head-ref"><a title="paper42/void-packages:0001-common-hooks-post-install-add-fix-permissions-hook.patch" class="no-underline " href="/paper42/void-packages/tree/0001-common-hooks-post-install-add-fix-permissions-hook.patch"><span class="css-truncate-target">paper42</span>:<span class="css-truncate-target">0001-common-hooks-post-install-add-fix-permissions-hook.patch</span></a></span><span><clipboard-copy class="js-clipboard-copy zeroclipboard-link color-text-secondary Link--onHover" value="paper42:0001-common-hooks-post-install-add-fix-permissions-hook.patch" aria-label="Copy" data-copy-feedback="Copied!"><svg class="octicon octicon-clippy d-inline-block mx-1 js-clipboard-clippy-icon" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M5.75 1a.75.75 0 00-.75.75v3c0 .414.336.75.75.75h4.5a.75.75 0 00.75-.75v-3a.75.75 0 00-.75-.75h-4.5zm.75 3V2.5h3V4h-3zm-2.874-.467a.75.75 0 00-.752-1.298A1.75 1.75 0 002 3.75v9.5c0 .966.784 1.75 1.75 1.75h8.5A1.75 1.75 0 0014 13.25v-9.5a1.75 1.75 0 00-.874-1.515.75.75 0 10-.752 1.298.25.25 0 01.126.217v9.5a.25.25 0 01-.25.25h-8.5a.25.25 0 01-.25-.25v-9.5a.25.25 0 01.126-.217z"></path></svg><svg class="octicon octicon-check js-clipboard-check-icon mx-1 d-inline-block d-none color-text-success" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></clipboard-copy></span>



    </div>
  </div>



    <div class="js-sticky js-sticky-offset-scroll top-0 gh-header-sticky">
      <div class="sticky-content">
        <div class="d-flex flex-items-center flex-justify-between mt-2">
          <div class="d-flex flex-row flex-items-center min-width-0">
            <div class="mr-2 mb-2 flex-shrink-0">
                <span title="Status: Open" class="State State--open ">
  <svg height="16" class="octicon octicon-git-pull-request" viewBox="0 0 16 16" version="1.1" width="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.177 3.073L9.573.677A.25.25 0 0110 .854v4.792a.25.25 0 01-.427.177L7.177 3.427a.25.25 0 010-.354zM3.75 2.5a.75.75 0 100 1.5.75.75 0 000-1.5zm-2.25.75a2.25 2.25 0 113 2.122v5.256a2.251 2.251 0 11-1.5 0V5.372A2.25 2.25 0 011.5 3.25zM11 2.5h-1V4h1a1 1 0 011 1v5.628a2.251 2.251 0 101.5 0V5A2.5 2.5 0 0011 2.5zm1 10.25a.75.75 0 111.5 0 .75.75 0 01-1.5 0zM3.75 12a.75.75 0 100 1.5.75.75 0 000-1.5z"></path></svg> Open
</span>
            </div>



            <div class="min-width-0 mr-2 mb-2">
              <h1 class="d-flex text-bold f5">
  <a class="js-issue-title css-truncate css-truncate-target Link--primary width-fit markdown-title" href="#">common/hooks/post-install: add fix permissions hook</a>
  <span class="gh-header-number color-text-tertiary pl-1">#30139</span>
</h1>

              <div class="meta color-text-tertiary css-truncate css-truncate-target d-block width-fit">
                    <a class="author Link--secondary text-bold css-truncate css-truncate-target expandable" data-hovercard-z-index-override="111" data-hovercard-type="user" data-hovercard-url="/users/paper42/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/paper42">paper42</a>

  wants to merge
  <span class="js-updating-pull-request-commits-count">1</span>
  commit into



  <span title="void-linux/void-packages:master" class="commit-ref css-truncate user-select-contain expandable "><a title="void-linux/void-packages:master" class="no-underline " href="/void-linux/void-packages"><span class="css-truncate-target">void-linux</span>:<span class="css-truncate-target">master</span></a></span><span></span>

from

<span title="paper42/void-packages:0001-common-hooks-post-install-add-fix-permissions-hook.patch" class="commit-ref css-truncate user-select-contain expandable head-ref"><a title="paper42/void-packages:0001-common-hooks-post-install-add-fix-permissions-hook.patch" class="no-underline " href="/paper42/void-packages/tree/0001-common-hooks-post-install-add-fix-permissions-hook.patch"><span class="css-truncate-target">paper42</span>:<span class="css-truncate-target">0001-common-hooks-post-install-add-fix-permissions-hook.patch</span></a></span><span><clipboard-copy class="js-clipboard-copy zeroclipboard-link color-text-secondary Link--onHover" value="paper42:0001-common-hooks-post-install-add-fix-permissions-hook.patch" aria-label="Copy" data-copy-feedback="Copied!"><svg class="octicon octicon-clippy d-inline-block mx-1 js-clipboard-clippy-icon" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M5.75 1a.75.75 0 00-.75.75v3c0 .414.336.75.75.75h4.5a.75.75 0 00.75-.75v-3a.75.75 0 00-.75-.75h-4.5zm.75 3V2.5h3V4h-3zm-2.874-.467a.75.75 0 00-.752-1.298A1.75 1.75 0 002 3.75v9.5c0 .966.784 1.75 1.75 1.75h8.5A1.75 1.75 0 0014 13.25v-9.5a1.75 1.75 0 00-.874-1.515.75.75 0 10-.752 1.298.25.25 0 01.126.217v9.5a.25.25 0 01-.25.25h-8.5a.25.25 0 01-.25-.25v-9.5a.25.25 0 01.126-.217z"></path></svg><svg class="octicon octicon-check js-clipboard-check-icon mx-1 d-inline-block d-none color-text-success" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M13.78 4.22a.75.75 0 010 1.06l-7.25 7.25a.75.75 0 01-1.06 0L2.22 9.28a.75.75 0 011.06-1.06L6 10.94l6.72-6.72a.75.75 0 011.06 0z"></path></svg></clipboard-copy></span>



              </div>
            </div>
          </div>
        </div>
      </div>
    </div>
    <div class="gh-header-shadow color-shadow-small js-notification-shelf-offset-top"></div>
</div>


      
<div class="px-3 px-md-0 ml-n3 mr-n3 mx-md-0 tabnav">
    <div class="tabnav-extra float-right d-none d-md-block">
      <span class="diffstat" id="diffstat">
        <span class="color-text-success">
          +19
        </span>
        <span class="color-text-danger">
          −0
        </span>
        <span class="tooltipped tooltipped-s" aria-label="19 lines changed">
          <span class="diffstat-block-added"></span><span class="diffstat-block-added"></span><span class="diffstat-block-added"></span><span class="diffstat-block-added"></span><span class="diffstat-block-added"></span>
        </span>
      </span>
    </div>

  <nav class="tabnav-tabs d-flex overflow-auto">

    <a href="/void-linux/void-packages/pull/30139" class="tabnav-tab flex-shrink-0 selected js-pjax-history-navigate">
      <svg class="octicon octicon-comment-discussion d-none d-md-inline-block" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M1.5 2.75a.25.25 0 01.25-.25h8.5a.25.25 0 01.25.25v5.5a.25.25 0 01-.25.25h-3.5a.75.75 0 00-.53.22L3.5 11.44V9.25a.75.75 0 00-.75-.75h-1a.25.25 0 01-.25-.25v-5.5zM1.75 1A1.75 1.75 0 000 2.75v5.5C0 9.216.784 10 1.75 10H2v1.543a1.457 1.457 0 002.487 1.03L7.061 10h3.189A1.75 1.75 0 0012 8.25v-5.5A1.75 1.75 0 0010.25 1h-8.5zM14.5 4.75a.25.25 0 00-.25-.25h-.5a.75.75 0 110-1.5h.5c.966 0 1.75.784 1.75 1.75v5.5A1.75 1.75 0 0114.25 12H14v1.543a1.457 1.457 0 01-2.487 1.03L9.22 12.28a.75.75 0 111.06-1.06l2.22 2.22v-2.19a.75.75 0 01.75-.75h1a.25.25 0 00.25-.25v-5.5z"></path></svg>
      Conversation

      <span id="conversation_tab_counter" title="0" class="Counter ">0</span>
    </a>

    <a href="/void-linux/void-packages/pull/30139/commits" class="tabnav-tab flex-shrink-0  js-pjax-history-navigate">
      <svg class="octicon octicon-git-commit d-none d-md-inline-block" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M10.5 7.75a2.5 2.5 0 11-5 0 2.5 2.5 0 015 0zm1.43.75a4.002 4.002 0 01-7.86 0H.75a.75.75 0 110-1.5h3.32a4.001 4.001 0 017.86 0h3.32a.75.75 0 110 1.5h-3.32z"></path></svg>
      Commits

      <span id="commits_tab_counter" title="1" class="Counter js-updateable-pull-request-commits-count ">1</span>
    </a>

      <a href="/void-linux/void-packages/pull/30139/checks" class="tabnav-tab flex-shrink-0 " data-skip-pjax>
        <svg class="octicon octicon-checklist d-none d-md-inline-block" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M2.5 1.75a.25.25 0 01.25-.25h8.5a.25.25 0 01.25.25v7.736a.75.75 0 101.5 0V1.75A1.75 1.75 0 0011.25 0h-8.5A1.75 1.75 0 001 1.75v11.5c0 .966.784 1.75 1.75 1.75h3.17a.75.75 0 000-1.5H2.75a.25.25 0 01-.25-.25V1.75zM4.75 4a.75.75 0 000 1.5h4.5a.75.75 0 000-1.5h-4.5zM4 7.75A.75.75 0 014.75 7h2a.75.75 0 010 1.5h-2A.75.75 0 014 7.75zm11.774 3.537a.75.75 0 00-1.048-1.074L10.7 14.145 9.281 12.72a.75.75 0 00-1.062 1.058l1.943 1.95a.75.75 0 001.055.008l4.557-4.45z"></path></svg>
        Checks

        <span id="checks_tab_counter" title="0" class="Counter ">0</span>
      </a>

      <link rel="pjax-prefetch" href="/void-linux/void-packages/pull/30139/files">
    <a href="/void-linux/void-packages/pull/30139/files" class="tabnav-tab flex-shrink-0  js-pjax-history-navigate">
      <svg class="octicon octicon-file-diff d-none d-md-inline-block" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M2.75 1.5a.25.25 0 00-.25.25v12.5c0 .138.112.25.25.25h10.5a.25.25 0 00.25-.25V4.664a.25.25 0 00-.073-.177l-2.914-2.914a.25.25 0 00-.177-.073H2.75zM1 1.75C1 .784 1.784 0 2.75 0h7.586c.464 0 .909.184 1.237.513l2.914 2.914c.329.328.513.773.513 1.237v9.586A1.75 1.75 0 0113.25 16H2.75A1.75 1.75 0 011 14.25V1.75zm7 1.5a.75.75 0 01.75.75v1.5h1.5a.75.75 0 010 1.5h-1.5v1.5a.75.75 0 01-1.5 0V7h-1.5a.75.75 0 010-1.5h1.5V4A.75.75 0 018 3.25zm-3 8a.75.75 0 01.75-.75h4.5a.75.75 0 010 1.5h-4.5a.75.75 0 01-.75-.75z"></path></svg>
      Files changed

        <span id="files_tab_counter" title="1" class="Counter ">1</span>
    </a>
  </nav>
</div>



    <h2 class="sr-only">Conversation</h2>
    <div id="discussion_bucket"
          class="pull-request-tab-content is-visible js-socket-channel js-updatable-content"
          data-channel="eyJjIjoicHVsbF9yZXF1ZXN0OjYxMjk3NTI1Njp0aW1lbGluZSIsInQiOjE2MTgwOTUxNjB9--94957bd1e29bfa9416981888bcc3f15aa44822fdf7142ba8c4a14d09bb7c863e">
      
<div class="gutter-condensed gutter-lg flex-column flex-md-row d-flex">

  <div class="flex-shrink-0 col-12 col-md-9 mb-4 mb-md-0">    <div
      class="pull-discussion-timeline js-pull-discussion-timeline js-quote-selection-container js-review-state-classes"
      data-quote-markdown=".js-comment-body"
      data-discussion-hovercards-enabled
      data-issue-and-pr-hovercards-enabled
      data-team-hovercards-enabled
    >
      <div
        class="js-discussion  ml-0 pl-0 ml-md-6 pl-md-3"
      >

        
<div class="TimelineItem pt-0 js-comment-container js-socket-channel js-updatable-content"
  data-gid="MDExOlB1bGxSZXF1ZXN0NjEyOTc1MjU2"
  data-url="/_render_node/MDExOlB1bGxSZXF1ZXN0NjEyOTc1MjU2/pull_requests/body?variables%5BdeferredCommentActions%5D=false"
  data-channel="eyJjIjoicHVsbF9yZXF1ZXN0OjYxMjk3NTI1NiIsInQiOjE2MTgwOTUxNjB9--49737d9c1d0c6485b206bdb01d566597338cf76f71e3376b91ea40a8c00ca6ab">

  
<div class="avatar-parent-child TimelineItem-avatar d-none d-md-block">
  <a class="d-inline-block" data-hovercard-type="user" data-hovercard-url="/users/paper42/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/paper42"><img class="avatar rounded-1 avatar-user" height="40" width="40" alt="@paper42" src="https://avatars.githubusercontent.com/u/23639164?s=88&amp;v=4" /></a>

</div>

  <div class=" timeline-comment-group js-minimizable-comment-group js-targetable-element TimelineItem-body my-0 " id="issue-612975256">
    <div class="ml-n3 timeline-comment unminimized-comment comment previewable-edit js-task-list-container js-comment timeline-comment--caret"
        data-body-version="33ad2d5210add2a24f7f847d211871f7856682f0bc77b1aca4fd71743ad9f603"
        data-unfurl-hide-url="/content_reference_attachments/hide">
      <input type="hidden" data-csrf="true" class="js-data-unfurl-hide-url-csrf" value="+QiWJfhRL4w5dJ9j9wFD3EkCGU/5q9n39ysIb8xwXSn9JyvDJ+1zdSo1BW+5McfOPwmofknlNhByvr4mVfOwKA==" />

      
<div class="timeline-comment-header clearfix d-block d-sm-flex">
  <div class="timeline-comment-actions flex-shrink-0">
      


















<details class="details-overlay details-reset position-relative d-inline-block ">
  <summary class="btn-link timeline-comment-action Link--secondary">
    <svg aria-label="Show options" class="octicon octicon-kebab-horizontal" viewBox="0 0 16 16" version="1.1" width="16" height="16" role="img"><path d="M8 9a1.5 1.5 0 100-3 1.5 1.5 0 000 3zM1.5 9a1.5 1.5 0 100-3 1.5 1.5 0 000 3zm13 0a1.5 1.5 0 100-3 1.5 1.5 0 000 3z"></path></svg>
  </summary>
  <details-menu class="dropdown-menu dropdown-menu-sw show-more-popover color-text-primary anim-scale-in" style="width:185px">
        <clipboard-copy
    class="dropdown-item btn-link"
    for="pullrequest-612975256-permalink"
    role="menuitem"
    
    >
    Copy link
  </clipboard-copy>

        <button
    type="button"
    class="dropdown-item btn-link d-none js-comment-quote-reply"
    role="menuitem">
    Quote reply
  </button>

      
  </details-menu>
</details>

  </div>

  <div class="d-none d-sm-flex">


      



    

    <span class="timeline-comment-label tooltipped tooltipped-multiline tooltipped-s" aria-label="This user has previously committed to the void-packages repository.">
      Contributor
    </span>


  

  </div>

  <h3 class="timeline-comment-header-text f5 text-normal">


        <a class="d-inline-block d-md-none" data-hovercard-type="user" data-hovercard-url="/users/paper42/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/paper42"><img class="avatar rounded-1 avatar-user" height="20" width="20" alt="@paper42" src="https://avatars.githubusercontent.com/u/23639164?s=60&amp;v=4" /></a>

    <strong class="css-truncate">
      

  <a class="author Link--primary css-truncate-target width-fit" show_full_name="false" data-hovercard-type="user" data-hovercard-url="/users/paper42/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/paper42">paper42</a>
  

    </strong>


    commented


      <a href="#issue-612975256" id="pullrequest-612975256-permalink" class="Link--secondary js-timestamp"><relative-time datetime="2021-04-10T22:52:38Z" class="no-wrap">Apr 10, 2021</relative-time></a>


    <span class="js-comment-edit-history">
    </span>
  </h3>
</div>


      <div class="edit-comment-hide">

        
<task-lists disabled sortable>
<table class="d-block" data-paste-markdown-skip>
  <tbody class="d-block">
    <tr class="d-block">
      <td class="d-block comment-body markdown-body  js-comment-body">
          <p>Some packages install files with wrong permissions, but sometimes we can detect and fix them.</p>
<h2>/usr/share/man: 644</h2>
<p>this rule matches a lot of files, mainly because it matches 444 permissions too</p>
<ul>
<li>packages which install manpages with 755 permissions: nvimpager, sloccount</li>
<li>packages which install manpages with 444 permissions: lowdown, mdocml, dhcpcd, openresolv, all perl packages, lua5.3 (but not 5.1, 5.2 and 5.4)</li>
</ul>
<h2>/etc/apparmor.d: 600</h2>
<p>I chose 600 because that's what aa-genprof creates.</p>
<ul>
<li>packages which install apparmor profiles wrong permissions: apparmor (644), brillo (640), firejail (644), mako (640) (these permission measurements may be wrong in some cases)</li>
</ul>
<p>The package lists are not complete.</p>
<p>Are there any other common directories which should be included in this hook? Is forcing 644 in /usr/share/man too strict? Should affected packages be revbumped?</p>
      </td>
    </tr>
  </tbody>
</table>
</task-lists>


          
<div class="comment-reactions flex-items-center border-top  js-reactions-container">

</div>

      </div>

    </div>
</div>

</div>


        

  <div id="js-timeline-progressive-loader" data-timeline-item-src="void-linux/void-packages/timeline?id=MDExOlB1bGxSZXF1ZXN0NjEyOTc1MjU2&amp;variables%5Bafter%5D=Y3Vyc29yOnYyOpPPAAABeL3k8OgH2gAyNjEyOTc1MjU2OjBiMDJmZTQ4YWE1ZTg3N2Y0NTQ4MTI1YTNhMWEyN2M1ODJjODdjNTY%3D&amp;variables%5Bfirst%5D=60" ></div>


  
  
<div class="js-timeline-item js-timeline-progressive-focus-container" data-gid="MDE3OlB1bGxSZXF1ZXN0Q29tbWl0NjEyOTc1MjU2OjBiMDJmZTQ4YWE1ZTg3N2Y0NTQ4MTI1YTNhMWEyN2M1ODJjODdjNTY=">
  
      <div class="js-commit-group">
  <div class="js-commit-group-commits">
      <div class="TimelineItem TimelineItem--condensed js-commit py-3">
        <div class="TimelineItem-badge">
          <svg class="octicon octicon-git-commit" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M10.5 7.75a2.5 2.5 0 11-5 0 2.5 2.5 0 015 0zm1.43.75a4.002 4.002 0 01-7.86 0H.75a.75.75 0 110-1.5h3.32a4.001 4.001 0 017.86 0h3.32a.75.75 0 110 1.5h-3.32z"></path></svg>
        </div>
        <div class="TimelineItem-body">
          

<div class="js-details-container Details js-socket-channel js-updatable-content"
     data-channel="eyJjIjoicmVwbzoxMzc1MDM0NDI6Y29tbWl0OjBiMDJmZTQ4YWE1ZTg3N2Y0NTQ4MTI1YTNhMWEyN2M1ODJjODdjNTYiLCJ0IjoxNjE4MDk1MTYwfQ==--2950ee8041165aaa556d8afc1462c5a1cae1bda0c7d9c152e17a0d85c903654e"
     data-url="/void-linux/void-packages/pull/30139/commits/0b02fe48aa5e877f4548125a3a1a27c582c87c56/_render_node/commit/pull_condensed">
  <div class="d-flex flex-md-row flex-column">
    <div class="d-flex flex-auto">
      
<div class="AvatarStack flex-self-start ">
  <div class="AvatarStack-body" aria-label="paper42">
        <a class="avatar avatar-user" data-skip-pjax="true" data-hovercard-type="user" data-hovercard-url="/users/paper42/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" style="width:20px;height:20px;" href="/paper42">
          <img height="20" width="20" alt="@paper42" src="https://avatars.githubusercontent.com/u/23639164?s=60&amp;v=4" class=" avatar-user" />
</a>  </div>
</div>


      <div class="pr-1 flex-auto min-width-0" >
        <code>
          <a title="common/hooks/post-install: add fix permissions hook" data-pjax="true" class="Link--secondary" href="/void-linux/void-packages/pull/30139/commits/0b02fe48aa5e877f4548125a3a1a27c582c87c56">common/hooks/post-install: add fix permissions hook</a>
        </code>


      </div>

      <div class="text-right pr-1 d-md-inline-block d-none">
          

      </div>

      <div class="pr-1 flex-shrink-0" style="width: 16px;">
      </div>

      <!-- ml-1 is added to accommodate "clock" icon -->
      <div class="text-right ml-1">
        <code>
          <a href="/void-linux/void-packages/pull/30139/commits/0b02fe48aa5e877f4548125a3a1a27c582c87c56" class="Link--secondary">0b02fe4</a>
        </code>
      </div>
    </div>
  </div>
</div>


        </div>
      </div>
  </div>
</div>


</div>






<!-- Rendered timeline since 2021-04-10 15:26:41 -->
<div id="partial-timeline"
      class="js-timeline-marker js-socket-channel js-updatable-content"
      data-channel="eyJjIjoicHVsbF9yZXF1ZXN0OjYxMjk3NTI1NiIsInQiOjE2MTgwOTUxNjB9--49737d9c1d0c6485b206bdb01d566597338cf76f71e3376b91ea40a8c00ca6ab"
      data-url="/_render_node/MDExOlB1bGxSZXF1ZXN0NjEyOTc1MjU2/pull_requests/unread_timeline?variables%5BdeferCommitBadges%5D=false&amp;variables%5BdeferredCommentActions%5D=true&amp;variables%5BhasFocusedReviewComment%5D=false&amp;variables%5BhasFocusedReviewThread%5D=false&amp;variables%5BtimelinePageSize%5D=30&amp;variables%5BtimelineSince%5D=2021-04-10T22%3A26%3A41Z"
      data-last-modified="Sat, 10 Apr 2021 22:26:41 GMT"
      data-gid="MDExOlB1bGxSZXF1ZXN0NjEyOTc1MjU2">
  <!-- '"` --><!-- </textarea></xmp> --></option></form><form class="d-none js-timeline-marker-form" action="/_graphql/MarkNotificationSubjectAsRead" accept-charset="UTF-8" data-remote="true" method="post"><input type="hidden" data-csrf="true" name="authenticity_token" value="+fxwwEK/KlpM0mIPlni8T3lMHpXPa9i2LrqfxZP0tNXfMbF2LTsN5egKVJ3mEpjgKQ4RZUvbYYXfonLF1MhW5g==" />
    <input type="hidden" name="variables[subjectId]" value="MDExOlB1bGxSZXF1ZXN0NjEyOTc1MjU2">
</form></div>


      </div>

      <div class="discussion-timeline-actions">
          <div id="issue-comment-box">
                  <div class="flash flash-warn mt-3">
    <a rel="nofollow" class="btn btn-primary" data-hydro-click="{&quot;event_type&quot;:&quot;authentication.click&quot;,&quot;payload&quot;:{&quot;location_in_page&quot;:&quot;signed out comment&quot;,&quot;repository_id&quot;:137503442,&quot;auth_type&quot;:&quot;SIGN_UP&quot;,&quot;originating_url&quot;:&quot;https://github.com/void-linux/void-packages/pull/30139&quot;,&quot;user_id&quot;:null}}" data-hydro-click-hmac="970eb7a7408d094a21e64d13e61caf44fd1679c535f9b507ea5edd0633006844" href="/join?source=comment-repo">Sign up for free</a>
    <strong>to join this conversation on GitHub</strong>.
    Already have an account?
    <a rel="nofollow" data-hydro-click="{&quot;event_type&quot;:&quot;authentication.click&quot;,&quot;payload&quot;:{&quot;location_in_page&quot;:&quot;signed out comment&quot;,&quot;repository_id&quot;:137503442,&quot;auth_type&quot;:&quot;LOG_IN&quot;,&quot;originating_url&quot;:&quot;https://github.com/void-linux/void-packages/pull/30139&quot;,&quot;user_id&quot;:null}}" data-hydro-click-hmac="88a5c5303cfc50bd939ee1739dd2b9a91ebced5fa8c50bf1df6d00cfa1236d67" href="/login?return_to=https%3A%2F%2Fgithub.com%2Fvoid-linux%2Fvoid-packages%2Fpull%2F30139">Sign in to comment</a>
</div>


          </div>
      </div>
    </div>
</div>

    <div class="flex-shrink-0 col-12 col-md-3">    

<div id="partial-discussion-sidebar"
  class="js-socket-channel js-updatable-content"
  data-channel="eyJjIjoicHVsbF9yZXF1ZXN0OjYxMjk3NTI1NiIsInQiOjE2MTgwOTUxNjB9--49737d9c1d0c6485b206bdb01d566597338cf76f71e3376b91ea40a8c00ca6ab"
  data-gid="MDExOlB1bGxSZXF1ZXN0NjEyOTc1MjU2"
  data-url="/void-linux/void-packages/issues/30139/show_partial?partial=issues%2Fsidebar"
  data-project-hovercards-enabled>

    

      
<div class="discussion-sidebar-item sidebar-assignee js-discussion-sidebar-item position-relative" data-team-hovercards-enabled>
  <!-- '"` --><!-- </textarea></xmp> --></option></form><form class="js-issue-sidebar-form" aria-label="Select reviewers" action="/void-linux/void-packages/pull/30139/review-requests" accept-charset="UTF-8" method="post"><input type="hidden" data-csrf="true" name="authenticity_token" value="Uok8i7XMZRS1ZXwvDeTTTWO1B0sKRs7NCCzCsogVLyXu+5O8sdtsTMSxueDH0RY7YND41JWLm6L8JKvzsJEPkw==" />
    
  <div class="discussion-sidebar-heading text-bold">
    Reviewers
  </div>

    <span class="css-truncate">
    No reviews
</span>

</form>
</div>



    <div class="discussion-sidebar-item sidebar-assignee js-discussion-sidebar-item">
  <!-- '"` --><!-- </textarea></xmp> --></option></form><form class="js-issue-sidebar-form" aria-label="Select assignees" action="/void-linux/void-packages/issues/30139/assignees" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" /><input type="hidden" data-csrf="true" name="authenticity_token" value="Q79JQPOhSbk6dZBnsU+ZYeKmnESdXlQWtTgk/CHbNSItb+Yv4cJmQHjP3rAWpshxw5W25eqDF1jxO37MzkYdbg==" />

      
  <div class="discussion-sidebar-heading text-bold">
    Assignees
  </div>


      
<span class="css-truncate js-issue-assignees">
    No one assigned
</span>


</form></div>


      <div class="discussion-sidebar-item sidebar-labels js-discussion-sidebar-item">
  


  <div class="discussion-sidebar-heading text-bold">
    Labels
  </div>

  <div class="js-issue-labels labels css-truncate">
    None yet
</div>

</div>


      
<div class="discussion-sidebar-item js-discussion-sidebar-item">
  <!-- '"` --><!-- </textarea></xmp> --></option></form><form class="js-issue-sidebar-form" aria-label="Select projects" action="/void-linux/void-packages/projects/issues/30139" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" /><input type="hidden" data-csrf="true" name="authenticity_token" value="0Q8upwl/MxBU/uQuaqN0W4Ozyk/evVJhegqmms5smGGMNnpwnFZzZQx3fIEZ7ii5nQNf045E0UtZWVv4ajx0vQ==" />
      <div class="discussion-sidebar-heading text-bold">
    Projects
  </div>

    
<span class="css-truncate sidebar-progress-bar">
    None yet
</span>

</form></div>



      <div class="discussion-sidebar-item sidebar-progress-bar js-discussion-sidebar-item">
  <!-- '"` --><!-- </textarea></xmp> --></option></form><form class="js-issue-sidebar-form" aria-label="Select milestones" action="/void-linux/void-packages/issues/30139/set_milestone?partial=issues%2Fsidebar%2Fshow%2Fmilestone" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" /><input type="hidden" data-csrf="true" name="authenticity_token" value="PUQ668ViXefIQIVZSKkG4HEnVJdCxYVcrEWxUNtt3szhInHpuoEFsDnw/3d5p24RQY8u010h8dTyEL+MLtX+cQ==" />
      <div class="discussion-sidebar-heading text-bold">
    Milestone
  </div>

      No milestone

</form></div>


      
<div class="discussion-sidebar-item js-discussion-sidebar-item" data-issue-and-pr-hovercards-enabled >
  <!-- '"` --><!-- </textarea></xmp> --></option></form><form class="js-issue-sidebar-form" aria-label="Link issues" action="/void-linux/void-packages/issues/closing_references?source_id=612975256&amp;source_type=PULL_REQUEST" accept-charset="UTF-8" method="post"><input type="hidden" name="_method" value="put" /><input type="hidden" data-csrf="true" name="authenticity_token" value="pOedJML+NyA/qQXoJJE9MT1oj/JZ2BJfuRkSnjOFZDJi4dUWx25P5XtqDZI2qdo4yki8FigASKmwUfTVsDwayQ==" />
    
  <div class="discussion-sidebar-heading text-bold">
    Linked issues
  </div>


      
<p>Successfully merging this pull request may close these issues.</p>

  <p>None yet</p>

</form>
</div>


    

    <div id="partial-users-participants" class="discussion-sidebar-item">
  <div class="participation">
    <div class="discussion-sidebar-heading text-bold">
      1 participant
    </div>
    <div class="participation-avatars d-flex flex-wrap">
        <a class="participant-avatar" data-hovercard-type="user" data-hovercard-url="/users/paper42/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="/paper42">
          <img class="avatar avatar-user" src="https://avatars.githubusercontent.com/u/23639164?s=52&amp;v=4" width="26" height="26" alt="@paper42" /> 
</a>    </div>
  </div>
</div>


    

    



    

</div>


</div>
</div>
    </div>
  </div>
  <div hidden>
  <span class="js-add-to-batch-enabled">Add this suggestion to a batch that can be applied as a single commit.</span>
  <span class="js-unchanged-suggestion">This suggestion is invalid because no changes were made to the code.</span>
  <span class="js-closed-pull">Suggestions cannot be applied while the pull request is closed.</span>
  <span class="js-viewing-subset-changes">Suggestions cannot be applied while viewing a subset of changes.</span>
  <span class="js-one-suggestion-per-line">Only one suggestion per line can be applied in a batch.</span>
  <span class="js-reenable-add-to-batch">Add this suggestion to a batch that can be applied as a single commit.</span>
  <span class="js-validation-on-left-blob">Applying suggestions on deleted lines is not supported.</span>
  <span class="js-validation-on-right-blob">You must change the existing code in this line in order to create a valid suggestion.</span>
  <span class="js-outdated-comment">Outdated suggestions cannot be applied.</span>
  <span class="js-resolved-thread">This suggestion has been applied or marked resolved.</span>
  <span class="js-pending-review">Suggestions cannot be applied from pending reviews.</span>
  <span class="js-is-multiline">Suggestions cannot be applied on multi-line comments.</span>
  <div class="form-group errored m-0 error js-suggested-changes-inline-validation-template d-flex" style="cursor: default;">
    <span class="js-suggested-changes-inline-error-message position-relative error m-0" style="max-width: inherit;"></span>
  </div>
</div>


    </div>


  </div>
</div>


    </main>
  </div>

  </div>

          
<div class="footer container-xl width-full p-responsive" role="contentinfo">
  <div class="position-relative d-flex flex-row-reverse flex-lg-row flex-wrap flex-lg-nowrap flex-justify-center flex-lg-justify-between pt-6 pb-2 mt-6 f6 color-text-secondary border-top color-border-secondary ">
    <ul class="list-style-none d-flex flex-wrap col-12 col-lg-5 flex-justify-center flex-lg-justify-between mb-2 mb-lg-0">
      <li class="mr-3 mr-lg-0">&copy; 2021 GitHub, Inc.</li>
        <li class="mr-3 mr-lg-0"><a href="https://docs.github.com/en/github/site-policy/github-terms-of-service" data-ga-click="Footer, go to terms, text:terms">Terms</a></li>
        <li class="mr-3 mr-lg-0"><a href="https://docs.github.com/en/github/site-policy/github-privacy-statement" data-ga-click="Footer, go to privacy, text:privacy">Privacy</a></li>
        <li class="mr-3 mr-lg-0"><a data-ga-click="Footer, go to security, text:security" href="https://github.com/security">Security</a></li>
        <li class="mr-3 mr-lg-0"><a href="https://www.githubstatus.com/" data-ga-click="Footer, go to status, text:status">Status</a></li>
        <li><a data-ga-click="Footer, go to help, text:Docs" href="https://docs.github.com">Docs</a></li>
    </ul>

    <a aria-label="Homepage" title="GitHub" class="footer-octicon d-none d-lg-block mx-lg-4" href="https://github.com">
      <svg height="24" class="octicon octicon-mark-github" viewBox="0 0 16 16" version="1.1" width="24" aria-hidden="true"><path fill-rule="evenodd" d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z"></path></svg>
</a>
    <ul class="list-style-none d-flex flex-wrap col-12 col-lg-5 flex-justify-center flex-lg-justify-between mb-2 mb-lg-0">
        <li class="mr-3 mr-lg-0"><a href="https://support.github.com" data-ga-click="Footer, go to contact, text:contact">Contact GitHub</a></li>
        <li class="mr-3 mr-lg-0"><a href="https://github.com/pricing" data-ga-click="Footer, go to Pricing, text:Pricing">Pricing</a></li>
      <li class="mr-3 mr-lg-0"><a href="https://docs.github.com" data-ga-click="Footer, go to api, text:api">API</a></li>
      <li class="mr-3 mr-lg-0"><a href="https://services.github.com" data-ga-click="Footer, go to training, text:training">Training</a></li>
        <li class="mr-3 mr-lg-0"><a href="https://github.blog" data-ga-click="Footer, go to blog, text:blog">Blog</a></li>
        <li><a data-ga-click="Footer, go to about, text:about" href="https://github.com/about">About</a></li>
    </ul>
  </div>
  <div class="d-flex flex-justify-center pb-6">
    <span class="f6 color-text-tertiary"></span>
  </div>

  
</div>



  <div id="ajax-error-message" class="ajax-error-message flash flash-error" hidden>
    <svg class="octicon octicon-alert" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z"></path></svg>
    <button type="button" class="flash-close js-ajax-error-dismiss" aria-label="Dismiss error">
      <svg class="octicon octicon-x" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M3.72 3.72a.75.75 0 011.06 0L8 6.94l3.22-3.22a.75.75 0 111.06 1.06L9.06 8l3.22 3.22a.75.75 0 11-1.06 1.06L8 9.06l-3.22 3.22a.75.75 0 01-1.06-1.06L6.94 8 3.72 4.78a.75.75 0 010-1.06z"></path></svg>
    </button>
    You can’t perform that action at this time.
  </div>

  <div class="js-stale-session-flash flash flash-warn flash-banner" hidden
    >
    <svg class="octicon octicon-alert" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M8.22 1.754a.25.25 0 00-.44 0L1.698 13.132a.25.25 0 00.22.368h12.164a.25.25 0 00.22-.368L8.22 1.754zm-1.763-.707c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0114.082 15H1.918a1.75 1.75 0 01-1.543-2.575L6.457 1.047zM9 11a1 1 0 11-2 0 1 1 0 012 0zm-.25-5.25a.75.75 0 00-1.5 0v2.5a.75.75 0 001.5 0v-2.5z"></path></svg>
    <span class="js-stale-session-flash-signed-in" hidden>You signed in with another tab or window. <a href="">Reload</a> to refresh your session.</span>
    <span class="js-stale-session-flash-signed-out" hidden>You signed out in another tab or window. <a href="">Reload</a> to refresh your session.</span>
  </div>
    <template id="site-details-dialog">
  <details class="details-reset details-overlay details-overlay-dark lh-default color-text-primary hx_rsm" open>
    <summary role="button" aria-label="Close dialog"></summary>
    <details-dialog class="Box Box--overlay d-flex flex-column anim-fade-in fast hx_rsm-dialog hx_rsm-modal">
      <button class="Box-btn-octicon m-0 btn-octicon position-absolute right-0 top-0" type="button" aria-label="Close dialog" data-close-dialog>
        <svg class="octicon octicon-x" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M3.72 3.72a.75.75 0 011.06 0L8 6.94l3.22-3.22a.75.75 0 111.06 1.06L9.06 8l3.22 3.22a.75.75 0 11-1.06 1.06L8 9.06l-3.22 3.22a.75.75 0 01-1.06-1.06L6.94 8 3.72 4.78a.75.75 0 010-1.06z"></path></svg>
      </button>
      <div class="octocat-spinner my-6 js-details-dialog-spinner"></div>
    </details-dialog>
  </details>
</template>

    <div class="Popover js-hovercard-content position-absolute" style="display: none; outline: none;" tabindex="0">
  <div class="Popover-message Popover-message--bottom-left Popover-message--large Box color-shadow-large" style="width:360px;">
  </div>
</div>




  </body>
</html>


^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
@ 2021-04-10 23:14 ` Duncaen
  2021-04-10 23:15 ` Duncaen
                   ` (42 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: Duncaen @ 2021-04-10 23:14 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 180 bytes --]

New review comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r611104244

Comment:
find "$dir" -type f ! -perm -0644

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
  2021-04-10 23:14 ` [PR REVIEW] " Duncaen
@ 2021-04-10 23:15 ` Duncaen
  2021-04-10 23:15 ` Duncaen
                   ` (41 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: Duncaen @ 2021-04-10 23:15 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 182 bytes --]

New review comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r611104244

Comment:
`find "$dir" -type f ! -perm -0644`

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
  2021-04-10 23:14 ` [PR REVIEW] " Duncaen
  2021-04-10 23:15 ` Duncaen
@ 2021-04-10 23:15 ` Duncaen
  2021-04-10 23:17 ` Duncaen
                   ` (40 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: Duncaen @ 2021-04-10 23:15 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 223 bytes --]

New review comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r611104244

Comment:
`find "$dir" -type f ! -perm -"$perms"`

and `perms=0644` and `perms=0600`

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (2 preceding siblings ...)
  2021-04-10 23:15 ` Duncaen
@ 2021-04-10 23:17 ` Duncaen
  2021-04-10 23:19 ` Duncaen
                   ` (39 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: Duncaen @ 2021-04-10 23:17 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 242 bytes --]

New review comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r611104489

Comment:
Or even better:
```find /usr/include/ -type f ! -perm -"$perms" -exec chown "$perms" '{}' +```

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (3 preceding siblings ...)
  2021-04-10 23:17 ` Duncaen
@ 2021-04-10 23:19 ` Duncaen
  2021-04-10 23:19 ` Duncaen
                   ` (38 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: Duncaen @ 2021-04-10 23:19 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 245 bytes --]

New review comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r611104489

Comment:
Or even better:
```find /usr/include/ -type f ! -perm -"$perms" -exec chown -v "$perms" '{}' +```

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (4 preceding siblings ...)
  2021-04-10 23:19 ` Duncaen
@ 2021-04-10 23:19 ` Duncaen
  2021-04-10 23:19 ` Duncaen
                   ` (37 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: Duncaen @ 2021-04-10 23:19 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 242 bytes --]

New review comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r611104489

Comment:
Or even better:
```find /usr/include/ -type f ! -perm -"$perms" -exec chown "$perms" '{}' +```

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (5 preceding siblings ...)
  2021-04-10 23:19 ` Duncaen
@ 2021-04-10 23:19 ` Duncaen
  2021-04-10 23:20 ` Duncaen
                   ` (36 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: Duncaen @ 2021-04-10 23:19 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 242 bytes --]

New review comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r611104489

Comment:
Or even better:
```find /usr/include/ -type f ! -perm -"$perms" -exec chmod "$perms" '{}' +```

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (6 preceding siblings ...)
  2021-04-10 23:19 ` Duncaen
@ 2021-04-10 23:20 ` Duncaen
  2021-04-10 23:27 ` Duncaen
                   ` (35 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: Duncaen @ 2021-04-10 23:20 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 245 bytes --]

New review comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r611104489

Comment:
Or even better:
```find /usr/include/ -type f ! -perm -"$perms" -exec chmod -v "$perms" '{}' +```

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (7 preceding siblings ...)
  2021-04-10 23:20 ` Duncaen
@ 2021-04-10 23:27 ` Duncaen
  2021-04-11  1:09 ` ericonr
                   ` (34 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: Duncaen @ 2021-04-10 23:27 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 489 bytes --]

New comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#issuecomment-817216006

Comment:
Not sure of forcing 600 on /etc/apparmor.d is a good idea, I don't see no harm in them being readable.

Would also make sense to also make sure nothing is o+w, there were/are a few packages that did that:
https://gist.github.com/Duncaen/125a44a4e9f159141bcaade111a182e6
In those cases its probably better to abort instead of trying to fix them.

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (8 preceding siblings ...)
  2021-04-10 23:27 ` Duncaen
@ 2021-04-11  1:09 ` ericonr
  2021-04-20 23:11 ` [PR REVIEW] " paper42
                   ` (33 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: ericonr @ 2021-04-11  1:09 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 432 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#issuecomment-817229875

Comment:
I think revbumping is warranted if any packages are writable when they shouldn't be, or if permissions are a security concern for that case.

I agree that apparmor files can be world readable - makes inspection easier. Do you have any argument for it beyond being the default from genprof?

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (9 preceding siblings ...)
  2021-04-11  1:09 ` ericonr
@ 2021-04-20 23:11 ` paper42
  2021-04-20 23:13 ` [PR PATCH] [Updated] " paper42
                   ` (32 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-04-20 23:11 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 494 bytes --]

New review comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r617092404

Comment:
`! -perm -0600` would match a file with permissions 700, but not a file with permissions 670. I modified the function to accept a permission mask as its second argument.

> Or even better:
> find /usr/include/ -type f ! -perm -"$perms" -exec chmod -v "$perms" '{}' +

Is this better? It's shorter, but also we lose the pretty warning message.

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR PATCH] [Updated] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (10 preceding siblings ...)
  2021-04-20 23:11 ` [PR REVIEW] " paper42
@ 2021-04-20 23:13 ` paper42
  2021-04-20 23:26 ` paper42
                   ` (31 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-04-20 23:13 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1283 bytes --]

There is an updated pull request by paper42 against master on the void-packages repository

https://github.com/paper42/void-packages 0001-common-hooks-post-install-add-fix-permissions-hook.patch
https://github.com/void-linux/void-packages/pull/30139

common/hooks/post-install: add fix permissions hook
Some packages install files with wrong permissions, but sometimes we can detect and fix them.

## /usr/share/man: 644
this rule matches a lot of files, mainly because it matches 444 permissions too
* packages which install manpages with 755 permissions: nvimpager, sloccount
* packages which install manpages with 444 permissions: lowdown, mdocml, dhcpcd, openresolv, all perl packages, lua5.3 (but not 5.1, 5.2 and 5.4)

## /etc/apparmor.d: 600
I chose 600 because that's what aa-genprof creates.
* packages which install apparmor profiles wrong permissions: apparmor (644), brillo (640), firejail (644), mako (640) (these permission measurements may be wrong in some cases)

The package lists are not complete.

Are there any other common directories which should be included in this hook? Is forcing 644 in /usr/share/man too strict? Should affected packages be revbumped?

A patch file from https://github.com/void-linux/void-packages/pull/30139.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-0001-common-hooks-post-install-add-fix-permissions-hook.patch-30139.patch --]
[-- Type: text/x-diff, Size: 1616 bytes --]

From 241a7397722c7207d33ccaa675cd9040ff5fd76b Mon Sep 17 00:00:00 2001
From: Paper <paper@tilde.institute>
Date: Tue, 9 Mar 2021 17:10:07 +0100
Subject: [PATCH] common/hooks/post-install: add fix permissions hook

---
 .../hooks/post-install/14-fix-permissions.sh  | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 common/hooks/post-install/14-fix-permissions.sh

diff --git a/common/hooks/post-install/14-fix-permissions.sh b/common/hooks/post-install/14-fix-permissions.sh
new file mode 100644
index 000000000000..5de78ba4330e
--- /dev/null
+++ b/common/hooks/post-install/14-fix-permissions.sh
@@ -0,0 +1,29 @@
+# This hook fixes permissions in common places
+
+change_file_perms() {
+	dir="$PKGDESTDIR$1"
+	# permission mask for matching the files
+	permmask="$2"
+	# permissions which will be set on matched files
+	perms="$3"
+	if [ -d "$dir" ]; then
+		find "$dir" -type f -perm /"$permmask" | while read -r file; do
+			old_perms=$(stat -c "%a" "$file")
+			msg_warning "$pkgver: changing permissions of ${file#$PKGDESTDIR} from $old_perms to $perms\n"
+			chmod "$perms" "$file" >/dev/null 2>&1
+		done
+	fi
+}
+
+hook() {
+	# check that no files have permission write for all users
+	find "$PKGDESTDIR" -type f -perm -0020 | while read -r file; do
+		msg_error "$pkgver: file ${file#$PKGDESTDIR} has a write permission for all users\n"
+	done
+
+	change_file_perms "/usr/share/man" 133 644
+	change_file_perms "/etc/apparmor.d" 111 644
+	change_file_perms "/usr/share/applications" 133 644
+	change_file_perms "/usr/include" 133 644
+	change_file_perms "/usr/icons" 133 644
+}

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (11 preceding siblings ...)
  2021-04-20 23:13 ` [PR PATCH] [Updated] " paper42
@ 2021-04-20 23:26 ` paper42
  2021-04-20 23:50 ` [PR REVIEW] " Duncaen
                   ` (30 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-04-20 23:26 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1581 bytes --]

New comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#issuecomment-823664610

Comment:
> Not sure of forcing 600 on /etc/apparmor.d is a good idea, I don't see no harm in them being readable.

> I agree that apparmor files can be world readable - makes inspection easier. Do you have any argument for it beyond being the default from genprof?

I don't have a good reason, I just thought it was annoying having some profiles readable by my user and some not. I fixed the script to change permissions to 644 only if the profile is executable (mask 111).

> Would also make sense to also make sure nothing is o+w, there were/are a few packages that did that:
> https://gist.github.com/Duncaen/125a44a4e9f159141bcaade111a182e6
> In those cases its probably better to abort instead of trying to fix them.

Great idea, I added it to the script, it requires iterating over all files and in the script, so some directories are scanned twice, but I think it's not a big problem.

I also added 3 new rules:
* /usr/include - 644 - http-parser-devel (755), cups (444)

are there reasons to not force permissions here I don't know about?

* /usr/share/applications 644 - KDE applications often violate this rule - falkon, kate5, kde-cli-tools, kdevelop, khelpcenter, kinfocenter, kio, kmenuedit, knewstuff, konsole, kronometer, ksysguard, okteta, plasma-desktop, plasma-workspace, syncthing, systemsettings

* /usr/icons - 644 - no known violations

since there are no known violations, is it worth including this rule?

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (12 preceding siblings ...)
  2021-04-20 23:26 ` paper42
@ 2021-04-20 23:50 ` Duncaen
  2021-04-20 23:51 ` Duncaen
                   ` (29 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: Duncaen @ 2021-04-20 23:50 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 206 bytes --]

New review comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r617106741

Comment:
Shorter and faster and `chmod -v` still gives you messages.

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (13 preceding siblings ...)
  2021-04-20 23:50 ` [PR REVIEW] " Duncaen
@ 2021-04-20 23:51 ` Duncaen
  2021-04-20 23:55 ` Duncaen
                   ` (28 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: Duncaen @ 2021-04-20 23:51 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 203 bytes --]

New review comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r617106741

Comment:
Shorter, faster and `chmod -v` still gives you messages.

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (14 preceding siblings ...)
  2021-04-20 23:51 ` Duncaen
@ 2021-04-20 23:55 ` Duncaen
  2021-04-21 21:11 ` ericonr
                   ` (27 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: Duncaen @ 2021-04-20 23:55 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 389 bytes --]

New review comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r617106741

Comment:
Shorter, faster and `chmod -v` still gives you messages.

```
$ chmod -v 644 /tmp/foo /tmp/bar
mode of '/tmp/foo' changed from 0664 (rw-rw-r--) to 0644 (rw-r--r--)
mode of '/tmp/bar' changed from 0664 (rw-rw-r--) to 0644 (rw-r--r--)
```

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (15 preceding siblings ...)
  2021-04-20 23:55 ` Duncaen
@ 2021-04-21 21:11 ` ericonr
  2021-04-29 15:56 ` [PR PATCH] [Updated] " paper42
                   ` (26 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: ericonr @ 2021-04-21 21:11 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 269 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#issuecomment-824360598

Comment:
> since there are no known violations, is it worth including this rule?

I'd say yes, because it allows us to impose policy...

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR PATCH] [Updated] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (16 preceding siblings ...)
  2021-04-21 21:11 ` ericonr
@ 2021-04-29 15:56 ` paper42
  2021-04-29 15:56 ` paper42
                   ` (25 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-04-29 15:56 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1283 bytes --]

There is an updated pull request by paper42 against master on the void-packages repository

https://github.com/paper42/void-packages 0001-common-hooks-post-install-add-fix-permissions-hook.patch
https://github.com/void-linux/void-packages/pull/30139

common/hooks/post-install: add fix permissions hook
Some packages install files with wrong permissions, but sometimes we can detect and fix them.

## /usr/share/man: 644
this rule matches a lot of files, mainly because it matches 444 permissions too
* packages which install manpages with 755 permissions: nvimpager, sloccount
* packages which install manpages with 444 permissions: lowdown, mdocml, dhcpcd, openresolv, all perl packages, lua5.3 (but not 5.1, 5.2 and 5.4)

## /etc/apparmor.d: 600
I chose 600 because that's what aa-genprof creates.
* packages which install apparmor profiles wrong permissions: apparmor (644), brillo (640), firejail (644), mako (640) (these permission measurements may be wrong in some cases)

The package lists are not complete.

Are there any other common directories which should be included in this hook? Is forcing 644 in /usr/share/man too strict? Should affected packages be revbumped?

A patch file from https://github.com/void-linux/void-packages/pull/30139.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-0001-common-hooks-post-install-add-fix-permissions-hook.patch-30139.patch --]
[-- Type: text/x-diff, Size: 1418 bytes --]

From 3027d990c1a2b888ab103b6cec9a9fe547d0c45e Mon Sep 17 00:00:00 2001
From: Paper <paper@tilde.institute>
Date: Tue, 9 Mar 2021 17:10:07 +0100
Subject: [PATCH] common/hooks/post-install: add fix permissions hook

---
 .../hooks/post-install/14-fix-permissions.sh  | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 common/hooks/post-install/14-fix-permissions.sh

diff --git a/common/hooks/post-install/14-fix-permissions.sh b/common/hooks/post-install/14-fix-permissions.sh
new file mode 100644
index 000000000000..b4ee7c1237aa
--- /dev/null
+++ b/common/hooks/post-install/14-fix-permissions.sh
@@ -0,0 +1,23 @@
+# This hook fixes permissions in common places
+
+change_file_perms() {
+	dir="$PKGDESTDIR$1"
+	# permission mask for matching the files
+	permmask="$2"
+	# permissions which will be set on matched files
+	perms="$3"
+	[ -d "$dir" ] && find "$dir" -type f -perm /"$permmask" -exec chmod -v "$perms" {} +
+}
+
+hook() {
+	# check that no files have permission write for all users
+	find "$PKGDESTDIR" -type f -perm -0020 | while read -r file; do
+		msg_error "$pkgver: file ${file#$PKGDESTDIR} has a write permission for all users\n"
+	done
+
+	change_file_perms "/usr/share/man" 133 644
+	change_file_perms "/etc/apparmor.d" 111 644
+	change_file_perms "/usr/share/applications" 133 644
+	change_file_perms "/usr/include" 133 644
+	change_file_perms "/usr/icons" 133 644
+}

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR PATCH] [Updated] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (17 preceding siblings ...)
  2021-04-29 15:56 ` [PR PATCH] [Updated] " paper42
@ 2021-04-29 15:56 ` paper42
  2021-04-29 15:57 ` [PR REVIEW] " paper42
                   ` (24 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-04-29 15:56 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1283 bytes --]

There is an updated pull request by paper42 against master on the void-packages repository

https://github.com/paper42/void-packages 0001-common-hooks-post-install-add-fix-permissions-hook.patch
https://github.com/void-linux/void-packages/pull/30139

common/hooks/post-install: add fix permissions hook
Some packages install files with wrong permissions, but sometimes we can detect and fix them.

## /usr/share/man: 644
this rule matches a lot of files, mainly because it matches 444 permissions too
* packages which install manpages with 755 permissions: nvimpager, sloccount
* packages which install manpages with 444 permissions: lowdown, mdocml, dhcpcd, openresolv, all perl packages, lua5.3 (but not 5.1, 5.2 and 5.4)

## /etc/apparmor.d: 600
I chose 600 because that's what aa-genprof creates.
* packages which install apparmor profiles wrong permissions: apparmor (644), brillo (640), firejail (644), mako (640) (these permission measurements may be wrong in some cases)

The package lists are not complete.

Are there any other common directories which should be included in this hook? Is forcing 644 in /usr/share/man too strict? Should affected packages be revbumped?

A patch file from https://github.com/void-linux/void-packages/pull/30139.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-0001-common-hooks-post-install-add-fix-permissions-hook.patch-30139.patch --]
[-- Type: text/x-diff, Size: 1441 bytes --]

From 91b8703d6208bdd73ccb9d3bf64408a8bfaa19fa Mon Sep 17 00:00:00 2001
From: Paper <paper@tilde.institute>
Date: Tue, 9 Mar 2021 17:10:07 +0100
Subject: [PATCH] common/hooks/post-install: add fix permissions hook

---
 .../hooks/post-install/14-fix-permissions.sh  | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 common/hooks/post-install/14-fix-permissions.sh

diff --git a/common/hooks/post-install/14-fix-permissions.sh b/common/hooks/post-install/14-fix-permissions.sh
new file mode 100644
index 000000000000..44d9bab82935
--- /dev/null
+++ b/common/hooks/post-install/14-fix-permissions.sh
@@ -0,0 +1,25 @@
+# This hook fixes permissions in common places
+
+change_file_perms() {
+	dir="$PKGDESTDIR$1"
+	# permission mask for matching the files
+	permmask="$2"
+	# permissions which will be set on matched files
+	perms="$3"
+	if [ -d "$dir" ]; then
+        find "$dir" -type f -perm /"$permmask" -exec chmod -v "$perms" {} +
+    fi
+}
+
+hook() {
+	# check that no files have permission write for all users
+	find "$PKGDESTDIR" -type f -perm -0020 | while read -r file; do
+		msg_error "$pkgver: file ${file#$PKGDESTDIR} has a write permission for all users\n"
+	done
+
+	change_file_perms "/usr/share/man" 133 644
+	change_file_perms "/etc/apparmor.d" 111 644
+	change_file_perms "/usr/share/applications" 133 644
+	change_file_perms "/usr/include" 133 644
+	change_file_perms "/usr/icons" 133 644
+}

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (18 preceding siblings ...)
  2021-04-29 15:56 ` paper42
@ 2021-04-29 15:57 ` paper42
  2021-05-06  9:51 ` [PR PATCH] [Updated] " paper42
                   ` (23 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-04-29 15:57 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 164 bytes --]

New review comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r623186351

Comment:
Thank you, fixed.

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR PATCH] [Updated] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (19 preceding siblings ...)
  2021-04-29 15:57 ` [PR REVIEW] " paper42
@ 2021-05-06  9:51 ` paper42
  2021-07-01 23:04 ` paper42
                   ` (22 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-05-06  9:51 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1283 bytes --]

There is an updated pull request by paper42 against master on the void-packages repository

https://github.com/paper42/void-packages 0001-common-hooks-post-install-add-fix-permissions-hook.patch
https://github.com/void-linux/void-packages/pull/30139

common/hooks/post-install: add fix permissions hook
Some packages install files with wrong permissions, but sometimes we can detect and fix them.

## /usr/share/man: 644
this rule matches a lot of files, mainly because it matches 444 permissions too
* packages which install manpages with 755 permissions: nvimpager, sloccount
* packages which install manpages with 444 permissions: lowdown, mdocml, dhcpcd, openresolv, all perl packages, lua5.3 (but not 5.1, 5.2 and 5.4)

## /etc/apparmor.d: 600
I chose 600 because that's what aa-genprof creates.
* packages which install apparmor profiles wrong permissions: apparmor (644), brillo (640), firejail (644), mako (640) (these permission measurements may be wrong in some cases)

The package lists are not complete.

Are there any other common directories which should be included in this hook? Is forcing 644 in /usr/share/man too strict? Should affected packages be revbumped?

A patch file from https://github.com/void-linux/void-packages/pull/30139.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-0001-common-hooks-post-install-add-fix-permissions-hook.patch-30139.patch --]
[-- Type: text/x-diff, Size: 1441 bytes --]

From f28c1c7abe4162a577cb40e505ec706e466a4b7a Mon Sep 17 00:00:00 2001
From: Paper <paper@tilde.institute>
Date: Tue, 9 Mar 2021 17:10:07 +0100
Subject: [PATCH] common/hooks/post-install: add fix permissions hook

---
 .../hooks/post-install/14-fix-permissions.sh  | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 common/hooks/post-install/14-fix-permissions.sh

diff --git a/common/hooks/post-install/14-fix-permissions.sh b/common/hooks/post-install/14-fix-permissions.sh
new file mode 100644
index 000000000000..788833166439
--- /dev/null
+++ b/common/hooks/post-install/14-fix-permissions.sh
@@ -0,0 +1,25 @@
+# This hook fixes permissions in common places
+
+change_file_perms() {
+	dir="$PKGDESTDIR$1"
+	# permission mask for matching the files
+	permmask="$2"
+	# permissions which will be set on matched files
+	perms="$3"
+	if [ -d "$dir" ]; then
+        find "$dir" -type f -perm /"$permmask" -exec chmod -v "$perms" {} +
+    fi
+}
+
+hook() {
+	# check that no files have permission write for all users
+	find "$PKGDESTDIR" -type f -perm -0002 | while read -r file; do
+		msg_error "$pkgver: file ${file#$PKGDESTDIR} has a write permission for all users\n"
+	done
+
+	change_file_perms "/usr/share/man" 133 644
+	change_file_perms "/etc/apparmor.d" 111 644
+	change_file_perms "/usr/share/applications" 133 644
+	change_file_perms "/usr/include" 133 644
+	change_file_perms "/usr/icons" 133 644
+}

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR PATCH] [Updated] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (20 preceding siblings ...)
  2021-05-06  9:51 ` [PR PATCH] [Updated] " paper42
@ 2021-07-01 23:04 ` paper42
  2021-07-01 23:05 ` paper42
                   ` (21 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-07-01 23:04 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1283 bytes --]

There is an updated pull request by paper42 against master on the void-packages repository

https://github.com/paper42/void-packages 0001-common-hooks-post-install-add-fix-permissions-hook.patch
https://github.com/void-linux/void-packages/pull/30139

common/hooks/post-install: add fix permissions hook
Some packages install files with wrong permissions, but sometimes we can detect and fix them.

## /usr/share/man: 644
this rule matches a lot of files, mainly because it matches 444 permissions too
* packages which install manpages with 755 permissions: nvimpager, sloccount
* packages which install manpages with 444 permissions: lowdown, mdocml, dhcpcd, openresolv, all perl packages, lua5.3 (but not 5.1, 5.2 and 5.4)

## /etc/apparmor.d: 600
I chose 600 because that's what aa-genprof creates.
* packages which install apparmor profiles wrong permissions: apparmor (644), brillo (640), firejail (644), mako (640) (these permission measurements may be wrong in some cases)

The package lists are not complete.

Are there any other common directories which should be included in this hook? Is forcing 644 in /usr/share/man too strict? Should affected packages be revbumped?

A patch file from https://github.com/void-linux/void-packages/pull/30139.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-0001-common-hooks-post-install-add-fix-permissions-hook.patch-30139.patch --]
[-- Type: text/x-diff, Size: 1589 bytes --]

From ee7e5ba990d5ba1645feb45c7f4f8abf2898f4c3 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Fri, 2 Jul 2021 01:04:48 +0200
Subject: [PATCH] hooks/post-install: add fix permissions hook

---
 .../hooks/post-install/14-fix-permissions.sh  | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 common/hooks/post-install/14-fix-permissions.sh

diff --git a/common/hooks/post-install/14-fix-permissions.sh b/common/hooks/post-install/14-fix-permissions.sh
new file mode 100644
index 000000000000..3164f61ac76f
--- /dev/null
+++ b/common/hooks/post-install/14-fix-permissions.sh
@@ -0,0 +1,28 @@
+# This hook fixes permissions in common places
+
+change_file_perms() {
+	dir="$PKGDESTDIR$1"
+	# permission mask for matching the files
+	permmask="$2"
+	# permissions which will be set on matched files
+	perms="$3"
+	if [ -d "$dir" ]; then
+        find "$dir" -type f -perm /"$permmask" -exec chmod -v "$perms" {} +
+    fi
+}
+
+hook() {
+	# check that no files have permission write for all users
+	find "$PKGDESTDIR" -type f -perm -0002 | while read -r file; do
+		msg_error "$pkgver: file ${file#$PKGDESTDIR} has a write permission for all users\n"
+	done
+
+	change_file_perms "/usr/share/man" 133 644
+	change_file_perms "/etc/apparmor.d" 111 644
+	change_file_perms "/usr/share/applications" 133 644
+	change_file_perms "/usr/share/help" 133 644
+	change_file_perms "/usr/share/icons" 133 644
+	change_file_perms "/usr/share/locale" 133 644
+	change_file_perms "/usr/share/metainfo" 133 644
+	change_file_perms "/usr/include" 133 644
+}

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (21 preceding siblings ...)
  2021-07-01 23:04 ` paper42
@ 2021-07-01 23:05 ` paper42
  2021-07-01 23:05 ` paper42
                   ` (20 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-07-01 23:05 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 298 bytes --]

New comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#issuecomment-872601133

Comment:
added some new rules, I don't know about any violations

* /usr/share/help 644
* /usr/share/icons" 644
* /usr/share/locale 644
* /usr/share/metainfo 644

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (22 preceding siblings ...)
  2021-07-01 23:05 ` paper42
@ 2021-07-01 23:05 ` paper42
  2021-08-05 20:19 ` paper42
                   ` (19 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-07-01 23:05 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 297 bytes --]

New comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#issuecomment-872601133

Comment:
added some new rules, I don't know about any violations

* /usr/share/help 644
* /usr/share/icons 644
* /usr/share/locale 644
* /usr/share/metainfo 644

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (23 preceding siblings ...)
  2021-07-01 23:05 ` paper42
@ 2021-08-05 20:19 ` paper42
  2021-08-05 20:19 ` paper42
                   ` (18 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-08-05 20:19 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1587 bytes --]

New comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#issuecomment-823664610

Comment:
> Not sure of forcing 600 on /etc/apparmor.d is a good idea, I don't see no harm in them being readable.

> I agree that apparmor files can be world readable - makes inspection easier. Do you have any argument for it beyond being the default from genprof?

I don't have a good reason, I just thought it was annoying having some profiles readable by my user and some not. I fixed the script to change permissions to 644 only if the profile is executable (mask 111).

> Would also make sense to also make sure nothing is o+w, there were/are a few packages that did that:
> https://gist.github.com/Duncaen/125a44a4e9f159141bcaade111a182e6
> In those cases its probably better to abort instead of trying to fix them.

Great idea, I added it to the script, it requires iterating over all files and in the script, so some directories are scanned twice, but I think it's not a big problem.

I also added 3 new rules:
* /usr/include - 644 - http-parser-devel (755), cups (444)

are there reasons to not force permissions here I don't know about?

* /usr/share/applications 644 - KDE applications often violate this rule - falkon, kate5, kde-cli-tools, kdevelop, khelpcenter, kinfocenter, kio, kmenuedit, knewstuff, konsole, kronometer, ksysguard, okteta, plasma-desktop, plasma-workspace, syncthing, systemsettings

* /usr/share/icons - 644 - no known violations

since there are no known violations, is it worth including this rule?

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (24 preceding siblings ...)
  2021-08-05 20:19 ` paper42
@ 2021-08-05 20:19 ` paper42
  2021-08-05 20:23 ` paper42
                   ` (17 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-08-05 20:19 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 273 bytes --]

New comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#issuecomment-872601133

Comment:
added some new rules, I don't know about any violations

* /usr/share/help 644
* /usr/share/locale 644
* /usr/share/metainfo 644

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (25 preceding siblings ...)
  2021-08-05 20:19 ` paper42
@ 2021-08-05 20:23 ` paper42
  2021-08-05 21:10 ` Duncaen
                   ` (16 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-08-05 20:23 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 243 bytes --]

New comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#issuecomment-893772022

Comment:
@Duncaen @ericonr Is there anything you would like to add/change? It would be nice to get this merged.

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (26 preceding siblings ...)
  2021-08-05 20:23 ` paper42
@ 2021-08-05 21:10 ` Duncaen
  2021-08-05 21:10 ` Duncaen
                   ` (15 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: Duncaen @ 2021-08-05 21:10 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 348 bytes --]

New comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#issuecomment-893811690

Comment:
Seems fine to me, I wonder if there could be a case where we would need to allow a file to be writable by all users.
There are some `*.hscr` files that are at the moment, not sure if this should be allowed.

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (27 preceding siblings ...)
  2021-08-05 21:10 ` Duncaen
@ 2021-08-05 21:10 ` Duncaen
  2021-08-06 18:53 ` [PR REVIEW] " ericonr
                   ` (14 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: Duncaen @ 2021-08-05 21:10 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 383 bytes --]

New comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#issuecomment-893811690

Comment:
Seems fine to me, I wonder if there could be a case where we would need to allow a file to be writable by all users.
There are some `*.hscr` files that are at the moment where it maybe makes sense, but I'm not sure if this should be allowed.

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (28 preceding siblings ...)
  2021-08-05 21:10 ` Duncaen
@ 2021-08-06 18:53 ` ericonr
  2021-08-06 18:53 ` ericonr
                   ` (13 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: ericonr @ 2021-08-06 18:53 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 263 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r684441764

Comment:
```suggestion
		msg_error "$pkgver: file ${file#$PKGDESTDIR} has write permission for all users\n"
```

I think?

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (29 preceding siblings ...)
  2021-08-06 18:53 ` [PR REVIEW] " ericonr
@ 2021-08-06 18:53 ` ericonr
  2021-08-06 18:53 ` ericonr
                   ` (12 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: ericonr @ 2021-08-06 18:53 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 199 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r684441314

Comment:
I think it's standard to make these local variables.

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (30 preceding siblings ...)
  2021-08-06 18:53 ` ericonr
@ 2021-08-06 18:53 ` ericonr
  2021-08-06 18:53 ` ericonr
                   ` (11 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: ericonr @ 2021-08-06 18:53 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 240 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r684441537

Comment:
```suggestion
	dir="${PKGDESTDIR}${1}"
```

To make reading easier, since it's appending.

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (31 preceding siblings ...)
  2021-08-06 18:53 ` ericonr
@ 2021-08-06 18:53 ` ericonr
  2021-08-06 22:08 ` [PR PATCH] [Updated] " paper42
                   ` (10 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: ericonr @ 2021-08-06 18:53 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 165 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r684441194

Comment:
wonky indentation.

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR PATCH] [Updated] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (32 preceding siblings ...)
  2021-08-06 18:53 ` ericonr
@ 2021-08-06 22:08 ` paper42
  2021-08-06 22:18 ` [PR REVIEW] " paper42
                   ` (9 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-08-06 22:08 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1283 bytes --]

There is an updated pull request by paper42 against master on the void-packages repository

https://github.com/paper42/void-packages 0001-common-hooks-post-install-add-fix-permissions-hook.patch
https://github.com/void-linux/void-packages/pull/30139

common/hooks/post-install: add fix permissions hook
Some packages install files with wrong permissions, but sometimes we can detect and fix them.

## /usr/share/man: 644
this rule matches a lot of files, mainly because it matches 444 permissions too
* packages which install manpages with 755 permissions: nvimpager, sloccount
* packages which install manpages with 444 permissions: lowdown, mdocml, dhcpcd, openresolv, all perl packages, lua5.3 (but not 5.1, 5.2 and 5.4)

## /etc/apparmor.d: 600
I chose 600 because that's what aa-genprof creates.
* packages which install apparmor profiles wrong permissions: apparmor (644), brillo (640), firejail (644), mako (640) (these permission measurements may be wrong in some cases)

The package lists are not complete.

Are there any other common directories which should be included in this hook? Is forcing 644 in /usr/share/man too strict? Should affected packages be revbumped?

A patch file from https://github.com/void-linux/void-packages/pull/30139.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-0001-common-hooks-post-install-add-fix-permissions-hook.patch-30139.patch --]
[-- Type: text/x-diff, Size: 2266 bytes --]

From 1b0d68c765a4890627350afa2e8d0a9381f43cbb Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Fri, 2 Jul 2021 01:04:48 +0200
Subject: [PATCH] hooks/post-install: add fix permissions hook

---
 common/environment/setup-subpkg/subpkg.sh     |  3 ++
 .../hooks/post-install/14-fix-permissions.sh  | 30 +++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 common/hooks/post-install/14-fix-permissions.sh

diff --git a/common/environment/setup-subpkg/subpkg.sh b/common/environment/setup-subpkg/subpkg.sh
index 0243d2400481..048e28f83577 100644
--- a/common/environment/setup-subpkg/subpkg.sh
+++ b/common/environment/setup-subpkg/subpkg.sh
@@ -5,6 +5,9 @@
 unset -v conf_files mutable_files preserve triggers alternatives
 unset -v depends run_depends replaces provides conflicts tags
 
+# hooks/post-install/14-fix-permissions
+unset -v nofixperms
+
 # hooks/post-install/03-strip-and-debug-pkgs
 unset -v nostrip nostrip_files
 
diff --git a/common/hooks/post-install/14-fix-permissions.sh b/common/hooks/post-install/14-fix-permissions.sh
new file mode 100644
index 000000000000..8960e514258a
--- /dev/null
+++ b/common/hooks/post-install/14-fix-permissions.sh
@@ -0,0 +1,30 @@
+# This hook fixes permissions in common places
+
+change_file_perms() {
+	local dir="${PKGDESTDIR}${1}"
+	# permission mask for matching the files
+	local permmask="$2"
+	# permissions which will be set on matched files
+	local perms="$3"
+	if [ -d "$dir" ]; then
+		find "$dir" -type f -perm "/$permmask" -exec chmod -v "$perms" {} +
+	fi
+}
+
+hook() {
+	[ -n "$nofixperms" ] && return 0
+	# check that no files have permission write for all users
+	find "$PKGDESTDIR" -type f -perm -0002 | while read -r file; do
+		msg_error "$pkgver: file ${file#$PKGDESTDIR} has write permission for all users\n"
+	done
+
+	change_file_perms "/usr/share/man" 133 644
+	change_file_perms "/etc/apparmor.d" 111 644
+	change_file_perms "/usr/share/applications" 133 644
+	change_file_perms "/usr/share/help" 133 644
+	change_file_perms "/usr/share/icons" 133 644
+	change_file_perms "/usr/share/locale" 133 644
+	change_file_perms "/usr/share/metainfo" 133 644
+	change_file_perms "/usr/share/appdata" 133 644
+	change_file_perms "/usr/include" 133 644
+}

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (33 preceding siblings ...)
  2021-08-06 22:08 ` [PR PATCH] [Updated] " paper42
@ 2021-08-06 22:18 ` paper42
  2021-08-06 22:18 ` paper42
                   ` (8 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-08-06 22:18 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 169 bytes --]

New review comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r684529287

Comment:
You are right, thanks!

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (34 preceding siblings ...)
  2021-08-06 22:18 ` [PR REVIEW] " paper42
@ 2021-08-06 22:18 ` paper42
  2021-08-14 18:43 ` [PR PATCH] [Updated] " paper42
                   ` (7 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-08-06 22:18 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 673 bytes --]

New comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#issuecomment-894546065

Comment:
> Seems fine to me, I wonder if there could be a case where we would need to allow a file to be writable by all users.
> There are some `*.hscr` files that are at the moment where it maybe makes sense, but I'm not sure if this should be allowed.

I added a new variable nofixperms which skips the whole check for the package. I will test how the packages which use .hscr files behave with this hook and fix them if necessary.

* added a rule for /usr/share/appdata which is a deprecated directory similar to /usr/share/metainfo

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR PATCH] [Updated] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (35 preceding siblings ...)
  2021-08-06 22:18 ` paper42
@ 2021-08-14 18:43 ` paper42
  2021-08-14 19:47 ` paper42
                   ` (6 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-08-14 18:43 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1283 bytes --]

There is an updated pull request by paper42 against master on the void-packages repository

https://github.com/paper42/void-packages 0001-common-hooks-post-install-add-fix-permissions-hook.patch
https://github.com/void-linux/void-packages/pull/30139

common/hooks/post-install: add fix permissions hook
Some packages install files with wrong permissions, but sometimes we can detect and fix them.

## /usr/share/man: 644
this rule matches a lot of files, mainly because it matches 444 permissions too
* packages which install manpages with 755 permissions: nvimpager, sloccount
* packages which install manpages with 444 permissions: lowdown, mdocml, dhcpcd, openresolv, all perl packages, lua5.3 (but not 5.1, 5.2 and 5.4)

## /etc/apparmor.d: 600
I chose 600 because that's what aa-genprof creates.
* packages which install apparmor profiles wrong permissions: apparmor (644), brillo (640), firejail (644), mako (640) (these permission measurements may be wrong in some cases)

The package lists are not complete.

Are there any other common directories which should be included in this hook? Is forcing 644 in /usr/share/man too strict? Should affected packages be revbumped?

A patch file from https://github.com/void-linux/void-packages/pull/30139.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-0001-common-hooks-post-install-add-fix-permissions-hook.patch-30139.patch --]
[-- Type: text/x-diff, Size: 10757 bytes --]

From 32560ca2720891feddd2c287eaf74d67d8eba162 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Fri, 2 Jul 2021 01:04:48 +0200
Subject: [PATCH 01/10] hooks/post-install: add fix permissions hook

---
 common/environment/setup-subpkg/subpkg.sh     |  3 ++
 .../hooks/post-install/14-fix-permissions.sh  | 30 +++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 common/hooks/post-install/14-fix-permissions.sh

diff --git a/common/environment/setup-subpkg/subpkg.sh b/common/environment/setup-subpkg/subpkg.sh
index 0243d2400481..048e28f83577 100644
--- a/common/environment/setup-subpkg/subpkg.sh
+++ b/common/environment/setup-subpkg/subpkg.sh
@@ -5,6 +5,9 @@
 unset -v conf_files mutable_files preserve triggers alternatives
 unset -v depends run_depends replaces provides conflicts tags
 
+# hooks/post-install/14-fix-permissions
+unset -v nofixperms
+
 # hooks/post-install/03-strip-and-debug-pkgs
 unset -v nostrip nostrip_files
 
diff --git a/common/hooks/post-install/14-fix-permissions.sh b/common/hooks/post-install/14-fix-permissions.sh
new file mode 100644
index 000000000000..8960e514258a
--- /dev/null
+++ b/common/hooks/post-install/14-fix-permissions.sh
@@ -0,0 +1,30 @@
+# This hook fixes permissions in common places
+
+change_file_perms() {
+	local dir="${PKGDESTDIR}${1}"
+	# permission mask for matching the files
+	local permmask="$2"
+	# permissions which will be set on matched files
+	local perms="$3"
+	if [ -d "$dir" ]; then
+		find "$dir" -type f -perm "/$permmask" -exec chmod -v "$perms" {} +
+	fi
+}
+
+hook() {
+	[ -n "$nofixperms" ] && return 0
+	# check that no files have permission write for all users
+	find "$PKGDESTDIR" -type f -perm -0002 | while read -r file; do
+		msg_error "$pkgver: file ${file#$PKGDESTDIR} has write permission for all users\n"
+	done
+
+	change_file_perms "/usr/share/man" 133 644
+	change_file_perms "/etc/apparmor.d" 111 644
+	change_file_perms "/usr/share/applications" 133 644
+	change_file_perms "/usr/share/help" 133 644
+	change_file_perms "/usr/share/icons" 133 644
+	change_file_perms "/usr/share/locale" 133 644
+	change_file_perms "/usr/share/metainfo" 133 644
+	change_file_perms "/usr/share/appdata" 133 644
+	change_file_perms "/usr/include" 133 644
+}

From bb07822c5e603319f115373138a3fb09f02f7b41 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 13:13:01 +0200
Subject: [PATCH 02/10] python3-simplegeneric: fix permissions

---
 srcpkgs/python3-simplegeneric/template | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/python3-simplegeneric/template b/srcpkgs/python3-simplegeneric/template
index 1d52210254c4..e5972608a2a3 100644
--- a/srcpkgs/python3-simplegeneric/template
+++ b/srcpkgs/python3-simplegeneric/template
@@ -1,7 +1,7 @@
 # Template file for 'python3-simplegeneric'
 pkgname=python3-simplegeneric
 version=0.8.1
-revision=6
+revision=7
 wrksrc="simplegeneric-${version}"
 build_style=python3-module
 hostmakedepends="unzip python3-setuptools"
@@ -12,3 +12,7 @@ license="ZPL-2.1"
 homepage="https://pypi.org/project/simplegeneric/"
 distfiles="${PYPI_SITE}/s/simplegeneric/simplegeneric-${version}.zip"
 checksum=dc972e06094b9af5b855b3df4a646395e43d1c9d0d39ed345b7393560d0b9173
+
+post_install() {
+	chmod -R o-w ${DESTDIR}/usr/lib/python*/site-packages/*.egg-info/
+}

From 132dbd8cdbd67e13ebe5d88ff1b1868e89e355f3 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 13:14:01 +0200
Subject: [PATCH 03/10] python3-olefile: fix permissions

---
 srcpkgs/python3-olefile/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/python3-olefile/template b/srcpkgs/python3-olefile/template
index d76ec0ee8adc..4213ca32532f 100644
--- a/srcpkgs/python3-olefile/template
+++ b/srcpkgs/python3-olefile/template
@@ -1,7 +1,7 @@
 # Template file for 'python3-olefile'
 pkgname=python3-olefile
 version=0.46
-revision=4
+revision=5
 wrksrc="olefile-${version}"
 build_style=python3-module
 hostmakedepends="unzip python3-setuptools"
@@ -14,5 +14,6 @@ distfiles="${PYPI_SITE}/o/olefile/olefile-${version}.zip"
 checksum=133b031eaf8fd2c9399b78b8bc5b8fcbe4c31e85295749bb17a87cba8f3c3964
 
 post_install() {
+	chmod -R o-w ${DESTDIR}/usr/lib/python*/site-packages/*.egg-info/
 	vlicense LICENSE.txt
 }

From 5c54e0034bb2acc559d04896a59a4e028afed07c Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 13:16:40 +0200
Subject: [PATCH 04/10] brother-brscan3: fix permissions

---
 srcpkgs/brother-brscan3/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/brother-brscan3/template b/srcpkgs/brother-brscan3/template
index 38bf432986e9..4ca8965c65a3 100644
--- a/srcpkgs/brother-brscan3/template
+++ b/srcpkgs/brother-brscan3/template
@@ -1,7 +1,7 @@
 # Template file for 'brother-brscan3'
 pkgname=brother-brscan3
 version=0.2.13
-revision=1
+revision=2
 archs="i686 x86_64"
 create_wrksrc=yes
 hostmakedepends="tar"
@@ -44,6 +44,7 @@ do_install() {
 	ln -sf /usr/lib/libbrscandec3.so.1.0.0 ${DESTDIR}/usr/lib/libbrscandec3.so
 	vmkdir /opt/Brother
 	vcopy "./usr/local/Brother/*" /opt/Brother/
+	chmod o-w ${DESTDIR}/opt/Brother/sane/brsanenetdevice3.cfg
 	vlicense LICENSE
 }
 

From ce1c07b67c9dfd41aaeea3a461a139c57925203f Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 13:18:24 +0200
Subject: [PATCH 05/10] heyu: fix permissions

---
 srcpkgs/heyu/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/heyu/template b/srcpkgs/heyu/template
index 93b3ad7cc582..2537b473e4fa 100644
--- a/srcpkgs/heyu/template
+++ b/srcpkgs/heyu/template
@@ -1,7 +1,7 @@
 # Template file for 'heyu'
 pkgname=heyu
 version=2.10.1
-revision=3
+revision=4
 build_style=configure
 configure_script="./Configure"
 configure_args="linux"
@@ -26,7 +26,7 @@ do_install() {
 	vbin heyu
 
 	vmkdir etc/heyu
-	vinstall x10config.sample 0666 etc/heyu x10.conf
+	vinstall x10config.sample 0644 etc/heyu x10.conf
 
 	vman heyu.1
 	vman x10config.5

From fa2760b46fe69ca97c132be476fdc7ca82099737 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 13:21:30 +0200
Subject: [PATCH 06/10] occt: fix permissions

---
 srcpkgs/occt/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/occt/template b/srcpkgs/occt/template
index 9298edc76e08..bbf04b932396 100644
--- a/srcpkgs/occt/template
+++ b/srcpkgs/occt/template
@@ -2,7 +2,7 @@
 pkgname=occt
 reverts=7.5.0_1
 version=7.4.0p1
-revision=3
+revision=4
 _gittag="V${version//./_}"
 wrksrc=occt-${_gittag}
 build_style=cmake
@@ -27,6 +27,7 @@ post_install() {
 
 	vmkdir /etc/profile.d
 	vinstall ${FILESDIR}/opencascade.sh 644 /etc/profile.d
+	chmod 755 ${DESTDIR}/usr/bin/draw.sh
 }
 
 occt-devel_package() {

From 8092e1842c1747c1c4b75d8882dfd127f7a1b02a Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 14:40:25 +0200
Subject: [PATCH 07/10] vscode: fix permissions

---
 srcpkgs/vscode/template | 1 +
 1 file changed, 1 insertion(+)

diff --git a/srcpkgs/vscode/template b/srcpkgs/vscode/template
index 24e5aca3b26a..a97b8bd1ba47 100644
--- a/srcpkgs/vscode/template
+++ b/srcpkgs/vscode/template
@@ -66,4 +66,5 @@ do_install() {
 		-e 's|"$CLI"|"$CLI" --app="${VSCODE_PATH}/resources/app"|g' \
 		-i "$DESTDIR"/usr/lib/code-oss/bin/code-oss
 	vlicense LICENSE.txt
+	chmod -R o-w ${DESTDIR}/usr/lib/code-oss/resources/app/extensions/
 }

From 92cf0c6f006e7f250c91dc167aeceb829b7e6f3a Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sat, 14 Aug 2021 20:34:21 +0200
Subject: [PATCH 08/10] lbreakout2: disable fix-perms hook

---
 srcpkgs/lbreakout2/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/lbreakout2/template b/srcpkgs/lbreakout2/template
index 00eee1c29030..b28c81f620c3 100644
--- a/srcpkgs/lbreakout2/template
+++ b/srcpkgs/lbreakout2/template
@@ -1,7 +1,7 @@
 # Template file for 'lbreakout2'
 pkgname=lbreakout2
 version=2.6.5
-revision=2
+revision=3
 build_style=gnu-configure
 configure_args="--enable-sdl-net --localstatedir=/var/games/$pkgname"
 make_install_args="doc_dir=/usr/share/doc"
@@ -12,6 +12,7 @@ license="GPL-2.0-or-later"
 homepage="http://lgames.sourceforge.net"
 distfiles="${SOURCEFORGE_SITE}/lgames/$pkgname-$version.tar.gz"
 checksum=9104d6175553da3442dc6a5fc407a669e2f5aff3eedc5d30409eb003b7a78d6f
+nofixperms=yes # uses a world-writable .hscr file for global leaderboard
 
 post_install() {
 	vinstall ${FILESDIR}/lbreakout2.desktop 644 usr/share/applications

From ce421f719f840ff6558d547ae6059b65a887fa86 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sat, 14 Aug 2021 20:34:41 +0200
Subject: [PATCH 09/10] lbreakouthd: disable fix-perms hook

---
 srcpkgs/lbreakouthd/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/lbreakouthd/template b/srcpkgs/lbreakouthd/template
index 1f9accfb4ab9..e0518c57872b 100644
--- a/srcpkgs/lbreakouthd/template
+++ b/srcpkgs/lbreakouthd/template
@@ -1,7 +1,7 @@
 # Template file for 'lbreakouthd'
 pkgname=lbreakouthd
 version=1.0.6
-revision=1
+revision=2
 build_style=gnu-configure
 configure_args="--localstatedir=/var/${pkgname}"
 makedepends="SDL2-devel SDL2_mixer-devel SDL2_image-devel SDL2_ttf-devel"
@@ -11,3 +11,4 @@ license="GPL-2.0-or-later"
 homepage="http://lgames.sourceforge.net/LBreakoutHD/"
 distfiles="${SOURCEFORGE_SITE}/lgames/$pkgname-$version.tar.gz"
 checksum=df5f8ad88bcf20bd34e1dfd77697b49a168d83ad43d8fdf5a3fee1fe272e15bd
+nofixperms=yes # uses a world-writable .hscr file for global leaderboard

From 6347480b1419c5ff8e30ad30b2e6759de489aab9 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sat, 14 Aug 2021 20:34:44 +0200
Subject: [PATCH 10/10] ltris: disable fix-perms hook

---
 srcpkgs/ltris/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/ltris/template b/srcpkgs/ltris/template
index b2484148df6b..9c5d419e8799 100644
--- a/srcpkgs/ltris/template
+++ b/srcpkgs/ltris/template
@@ -1,7 +1,7 @@
 # Template file for 'ltris'
 pkgname=ltris
 version=1.2.3
-revision=1
+revision=2
 build_style=gnu-configure
 configure_args="--localstatedir=/var/games/ltris"
 hostmakedepends="bison"
@@ -12,4 +12,5 @@ license="GPL-2.0-or-later"
 homepage="http://lgames.sourceforge.net/index.php?project=LTris"
 distfiles="${SOURCEFORGE_SITE}/lgames/$pkgname-$version.tar.gz"
 checksum=0ec4ad053e066a296529e923c2f626fa0a19c094c5ae03e44359f9c9e50955a8
+nofixperms=yes # uses a world-writable .hscr file for global leaderboard
 CFLAGS+=" -fgnu89-inline"

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (36 preceding siblings ...)
  2021-08-14 18:43 ` [PR PATCH] [Updated] " paper42
@ 2021-08-14 19:47 ` paper42
  2021-08-14 21:22 ` [PR REVIEW] " ericonr
                   ` (5 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-08-14 19:47 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 540 bytes --]

New comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#issuecomment-898951526

Comment:
Lint is failing with `srcpkgs/lbreakout2/template:15: custom variables should use _ prefix: nofixperms=yes`, that's because xlint doesn't know about nofixperms yet. I am going to make a PR, but now is the last chance to change the variable name if anyone has good suggestions.

The x86_64 check is failing because I forgot to fix permissions for one path in vscode, I will fix it on the next push.

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (37 preceding siblings ...)
  2021-08-14 19:47 ` paper42
@ 2021-08-14 21:22 ` ericonr
  2021-08-14 21:22 ` ericonr
                   ` (4 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: ericonr @ 2021-08-14 21:22 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 297 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r688993352

Comment:
So `nofixperms` also implies not checking perms at all, correct? I wonder if we should have `nocheckperms` for this step, and then `nofixperms` below?

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (38 preceding siblings ...)
  2021-08-14 21:22 ` [PR REVIEW] " ericonr
@ 2021-08-14 21:22 ` ericonr
  2021-08-22 20:57 ` [PR PATCH] [Updated] " paper42
                   ` (3 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: ericonr @ 2021-08-14 21:22 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 227 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r688993406

Comment:
I'm not sure this level of granularity is actually necessary, just a suggestion.

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR PATCH] [Updated] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (39 preceding siblings ...)
  2021-08-14 21:22 ` ericonr
@ 2021-08-22 20:57 ` paper42
  2021-08-22 20:59 ` [PR REVIEW] " paper42
                   ` (2 subsequent siblings)
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-08-22 20:57 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1283 bytes --]

There is an updated pull request by paper42 against master on the void-packages repository

https://github.com/paper42/void-packages 0001-common-hooks-post-install-add-fix-permissions-hook.patch
https://github.com/void-linux/void-packages/pull/30139

common/hooks/post-install: add fix permissions hook
Some packages install files with wrong permissions, but sometimes we can detect and fix them.

## /usr/share/man: 644
this rule matches a lot of files, mainly because it matches 444 permissions too
* packages which install manpages with 755 permissions: nvimpager, sloccount
* packages which install manpages with 444 permissions: lowdown, mdocml, dhcpcd, openresolv, all perl packages, lua5.3 (but not 5.1, 5.2 and 5.4)

## /etc/apparmor.d: 600
I chose 600 because that's what aa-genprof creates.
* packages which install apparmor profiles wrong permissions: apparmor (644), brillo (640), firejail (644), mako (640) (these permission measurements may be wrong in some cases)

The package lists are not complete.

Are there any other common directories which should be included in this hook? Is forcing 644 in /usr/share/man too strict? Should affected packages be revbumped?

A patch file from https://github.com/void-linux/void-packages/pull/30139.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-0001-common-hooks-post-install-add-fix-permissions-hook.patch-30139.patch --]
[-- Type: text/x-diff, Size: 11454 bytes --]

From ab642a7736841e245f19ef682a0dc608ed761a88 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Fri, 2 Jul 2021 01:04:48 +0200
Subject: [PATCH 01/10] hooks/post-install: add fix permissions hook

---
 Manual.md                                     |  4 +++
 common/environment/setup-subpkg/subpkg.sh     |  3 ++
 .../hooks/post-install/14-fix-permissions.sh  | 33 +++++++++++++++++++
 3 files changed, 40 insertions(+)
 create mode 100644 common/hooks/post-install/14-fix-permissions.sh

diff --git a/Manual.md b/Manual.md
index 4316363f66c4..890457819e1c 100644
--- a/Manual.md
+++ b/Manual.md
@@ -760,6 +760,10 @@ Examples:
 	```
 A special value `noarch` used to be available, but has since been removed.
 
+- `nocheckperms` If set, xbps-src will not fail on common permission errors (world writable files, etc.)
+
+- `nofixperms` If set, xbps-src will not fix common permission errors (executable manpages, etc.)
+
 <a id="explain_depends"></a>
 #### About the many types of `depends` variables
 
diff --git a/common/environment/setup-subpkg/subpkg.sh b/common/environment/setup-subpkg/subpkg.sh
index 0243d2400481..6edab5d882e1 100644
--- a/common/environment/setup-subpkg/subpkg.sh
+++ b/common/environment/setup-subpkg/subpkg.sh
@@ -8,6 +8,9 @@ unset -v depends run_depends replaces provides conflicts tags
 # hooks/post-install/03-strip-and-debug-pkgs
 unset -v nostrip nostrip_files
 
+# hooks/post-install/14-fix-permissions
+unset -v nocheckperms nofixperms
+
 # hooks/pre-pkg/04-generate-runtime-deps
 unset -v noverifyrdeps skiprdeps allow_unknown_shlibs shlib_requires
 
diff --git a/common/hooks/post-install/14-fix-permissions.sh b/common/hooks/post-install/14-fix-permissions.sh
new file mode 100644
index 000000000000..57b76ae9f485
--- /dev/null
+++ b/common/hooks/post-install/14-fix-permissions.sh
@@ -0,0 +1,33 @@
+# This hook fixes permissions in common places
+
+change_file_perms() {
+	local dir="${PKGDESTDIR}${1}"
+	# permission mask for matching the files
+	local permmask="$2"
+	# permissions which will be set on matched files
+	local perms="$3"
+	if [ -d "$dir" ]; then
+		find "$dir" -type f -perm "/$permmask" -exec chmod -v "$perms" {} +
+	fi
+}
+
+hook() {
+	if [ -z "$nocheckperms" ]; then
+		# check that no files have permission write for all users
+		find "$PKGDESTDIR" -type f -perm -0002 | while read -r file; do
+			msg_error "$pkgver: file ${file#$PKGDESTDIR} has write permission for all users\n"
+		done
+	fi
+
+	if [ -z "$nofixperms" ]; then
+		change_file_perms "/usr/share/man" 133 644
+		change_file_perms "/etc/apparmor.d" 111 644
+		change_file_perms "/usr/share/applications" 133 644
+		change_file_perms "/usr/share/help" 133 644
+		change_file_perms "/usr/share/icons" 133 644
+		change_file_perms "/usr/share/locale" 133 644
+		change_file_perms "/usr/share/metainfo" 133 644
+		change_file_perms "/usr/share/appdata" 133 644
+		change_file_perms "/usr/include" 133 644
+	fi
+}

From b21917e051bcb79fa3dd6feb777ed2dd7ad78fa4 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 13:13:01 +0200
Subject: [PATCH 02/10] python3-simplegeneric: fix permissions

---
 srcpkgs/python3-simplegeneric/template | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/python3-simplegeneric/template b/srcpkgs/python3-simplegeneric/template
index 1d52210254c4..e5972608a2a3 100644
--- a/srcpkgs/python3-simplegeneric/template
+++ b/srcpkgs/python3-simplegeneric/template
@@ -1,7 +1,7 @@
 # Template file for 'python3-simplegeneric'
 pkgname=python3-simplegeneric
 version=0.8.1
-revision=6
+revision=7
 wrksrc="simplegeneric-${version}"
 build_style=python3-module
 hostmakedepends="unzip python3-setuptools"
@@ -12,3 +12,7 @@ license="ZPL-2.1"
 homepage="https://pypi.org/project/simplegeneric/"
 distfiles="${PYPI_SITE}/s/simplegeneric/simplegeneric-${version}.zip"
 checksum=dc972e06094b9af5b855b3df4a646395e43d1c9d0d39ed345b7393560d0b9173
+
+post_install() {
+	chmod -R o-w ${DESTDIR}/usr/lib/python*/site-packages/*.egg-info/
+}

From 3aee72bf793f04e20d28dd44ecaf9a5ef9c33bad Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 13:14:01 +0200
Subject: [PATCH 03/10] python3-olefile: fix permissions

---
 srcpkgs/python3-olefile/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/python3-olefile/template b/srcpkgs/python3-olefile/template
index d76ec0ee8adc..4213ca32532f 100644
--- a/srcpkgs/python3-olefile/template
+++ b/srcpkgs/python3-olefile/template
@@ -1,7 +1,7 @@
 # Template file for 'python3-olefile'
 pkgname=python3-olefile
 version=0.46
-revision=4
+revision=5
 wrksrc="olefile-${version}"
 build_style=python3-module
 hostmakedepends="unzip python3-setuptools"
@@ -14,5 +14,6 @@ distfiles="${PYPI_SITE}/o/olefile/olefile-${version}.zip"
 checksum=133b031eaf8fd2c9399b78b8bc5b8fcbe4c31e85295749bb17a87cba8f3c3964
 
 post_install() {
+	chmod -R o-w ${DESTDIR}/usr/lib/python*/site-packages/*.egg-info/
 	vlicense LICENSE.txt
 }

From 4315851c479affbdcb40ec5e6d40785a10573866 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 13:16:40 +0200
Subject: [PATCH 04/10] brother-brscan3: fix permissions

---
 srcpkgs/brother-brscan3/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/brother-brscan3/template b/srcpkgs/brother-brscan3/template
index 38bf432986e9..4ca8965c65a3 100644
--- a/srcpkgs/brother-brscan3/template
+++ b/srcpkgs/brother-brscan3/template
@@ -1,7 +1,7 @@
 # Template file for 'brother-brscan3'
 pkgname=brother-brscan3
 version=0.2.13
-revision=1
+revision=2
 archs="i686 x86_64"
 create_wrksrc=yes
 hostmakedepends="tar"
@@ -44,6 +44,7 @@ do_install() {
 	ln -sf /usr/lib/libbrscandec3.so.1.0.0 ${DESTDIR}/usr/lib/libbrscandec3.so
 	vmkdir /opt/Brother
 	vcopy "./usr/local/Brother/*" /opt/Brother/
+	chmod o-w ${DESTDIR}/opt/Brother/sane/brsanenetdevice3.cfg
 	vlicense LICENSE
 }
 

From 4dc1cf6c3cddccdc465e1dd266bc0d20cf60d60a Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 13:18:24 +0200
Subject: [PATCH 05/10] heyu: fix permissions

---
 srcpkgs/heyu/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/heyu/template b/srcpkgs/heyu/template
index 93b3ad7cc582..2537b473e4fa 100644
--- a/srcpkgs/heyu/template
+++ b/srcpkgs/heyu/template
@@ -1,7 +1,7 @@
 # Template file for 'heyu'
 pkgname=heyu
 version=2.10.1
-revision=3
+revision=4
 build_style=configure
 configure_script="./Configure"
 configure_args="linux"
@@ -26,7 +26,7 @@ do_install() {
 	vbin heyu
 
 	vmkdir etc/heyu
-	vinstall x10config.sample 0666 etc/heyu x10.conf
+	vinstall x10config.sample 0644 etc/heyu x10.conf
 
 	vman heyu.1
 	vman x10config.5

From 1ac21178fe6a33b8c18841ae8b3bf760eeaf3c47 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 13:21:30 +0200
Subject: [PATCH 06/10] occt: fix permissions

---
 srcpkgs/occt/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/occt/template b/srcpkgs/occt/template
index 9298edc76e08..bbf04b932396 100644
--- a/srcpkgs/occt/template
+++ b/srcpkgs/occt/template
@@ -2,7 +2,7 @@
 pkgname=occt
 reverts=7.5.0_1
 version=7.4.0p1
-revision=3
+revision=4
 _gittag="V${version//./_}"
 wrksrc=occt-${_gittag}
 build_style=cmake
@@ -27,6 +27,7 @@ post_install() {
 
 	vmkdir /etc/profile.d
 	vinstall ${FILESDIR}/opencascade.sh 644 /etc/profile.d
+	chmod 755 ${DESTDIR}/usr/bin/draw.sh
 }
 
 occt-devel_package() {

From f02d794ab9481b57dd56b0da77920146d8c02bfd Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 14:40:25 +0200
Subject: [PATCH 07/10] vscode: fix permissions

---
 srcpkgs/vscode/template | 1 +
 1 file changed, 1 insertion(+)

diff --git a/srcpkgs/vscode/template b/srcpkgs/vscode/template
index 24e5aca3b26a..be9c90ea2294 100644
--- a/srcpkgs/vscode/template
+++ b/srcpkgs/vscode/template
@@ -66,4 +66,5 @@ do_install() {
 		-e 's|"$CLI"|"$CLI" --app="${VSCODE_PATH}/resources/app"|g' \
 		-i "$DESTDIR"/usr/lib/code-oss/bin/code-oss
 	vlicense LICENSE.txt
+	chmod -R o-w ${DESTDIR}/usr/lib/code-oss/resources/app/
 }

From 5f9012175bdce2a86adad4adbff115827e4dd3d7 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sat, 14 Aug 2021 20:34:21 +0200
Subject: [PATCH 08/10] lbreakout2: do not check file permissions

---
 srcpkgs/lbreakout2/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/lbreakout2/template b/srcpkgs/lbreakout2/template
index 00eee1c29030..72e535247672 100644
--- a/srcpkgs/lbreakout2/template
+++ b/srcpkgs/lbreakout2/template
@@ -1,7 +1,7 @@
 # Template file for 'lbreakout2'
 pkgname=lbreakout2
 version=2.6.5
-revision=2
+revision=3
 build_style=gnu-configure
 configure_args="--enable-sdl-net --localstatedir=/var/games/$pkgname"
 make_install_args="doc_dir=/usr/share/doc"
@@ -12,6 +12,7 @@ license="GPL-2.0-or-later"
 homepage="http://lgames.sourceforge.net"
 distfiles="${SOURCEFORGE_SITE}/lgames/$pkgname-$version.tar.gz"
 checksum=9104d6175553da3442dc6a5fc407a669e2f5aff3eedc5d30409eb003b7a78d6f
+nocheckperms=yes # uses a world-writable .hscr file for global leaderboard
 
 post_install() {
 	vinstall ${FILESDIR}/lbreakout2.desktop 644 usr/share/applications

From 797f9682f69e48afc799214f2b843e685f986bcd Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sat, 14 Aug 2021 20:34:41 +0200
Subject: [PATCH 09/10] lbreakouthd: do not check file permissions

---
 srcpkgs/lbreakouthd/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/lbreakouthd/template b/srcpkgs/lbreakouthd/template
index 1f9accfb4ab9..f5e6c2fef8d3 100644
--- a/srcpkgs/lbreakouthd/template
+++ b/srcpkgs/lbreakouthd/template
@@ -1,7 +1,7 @@
 # Template file for 'lbreakouthd'
 pkgname=lbreakouthd
 version=1.0.6
-revision=1
+revision=2
 build_style=gnu-configure
 configure_args="--localstatedir=/var/${pkgname}"
 makedepends="SDL2-devel SDL2_mixer-devel SDL2_image-devel SDL2_ttf-devel"
@@ -11,3 +11,4 @@ license="GPL-2.0-or-later"
 homepage="http://lgames.sourceforge.net/LBreakoutHD/"
 distfiles="${SOURCEFORGE_SITE}/lgames/$pkgname-$version.tar.gz"
 checksum=df5f8ad88bcf20bd34e1dfd77697b49a168d83ad43d8fdf5a3fee1fe272e15bd
+nocheckperms=yes # uses a world-writable .hscr file for global leaderboard

From f1fa3f6becc123cd1aa4db6d393c7d3e53aa29b2 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sat, 14 Aug 2021 20:34:44 +0200
Subject: [PATCH 10/10] ltris: do not check file permissions

---
 srcpkgs/ltris/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/ltris/template b/srcpkgs/ltris/template
index b2484148df6b..8286b070561c 100644
--- a/srcpkgs/ltris/template
+++ b/srcpkgs/ltris/template
@@ -1,7 +1,7 @@
 # Template file for 'ltris'
 pkgname=ltris
 version=1.2.3
-revision=1
+revision=2
 build_style=gnu-configure
 configure_args="--localstatedir=/var/games/ltris"
 hostmakedepends="bison"
@@ -12,4 +12,5 @@ license="GPL-2.0-or-later"
 homepage="http://lgames.sourceforge.net/index.php?project=LTris"
 distfiles="${SOURCEFORGE_SITE}/lgames/$pkgname-$version.tar.gz"
 checksum=0ec4ad053e066a296529e923c2f626fa0a19c094c5ae03e44359f9c9e50955a8
+nocheckperms=yes # uses a world-writable .hscr file for global leaderboard
 CFLAGS+=" -fgnu89-inline"

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR REVIEW] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (40 preceding siblings ...)
  2021-08-22 20:57 ` [PR PATCH] [Updated] " paper42
@ 2021-08-22 20:59 ` paper42
  2021-08-26 19:45 ` [PR PATCH] [Updated] " paper42
  2021-08-26 19:46 ` [PR PATCH] [Merged]: " paper42
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-08-22 20:59 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 577 bytes --]

New review comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/30139#discussion_r693556222

Comment:
good idea, I modified it a bit to make it a bit more intuitive in my opinion:

* `nocheckperms` If set, xbps-src will not fail on common permission errors (world writable files, etc.)
* `nofixperms` If set, xbps-src will not fix common permission errors (executable manpages, etc.)

So the variables are entirely independent now, if nocheckperms is set, only fix will run, if both are set, the hook will not do anything, etc.

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR PATCH] [Updated] common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (41 preceding siblings ...)
  2021-08-22 20:59 ` [PR REVIEW] " paper42
@ 2021-08-26 19:45 ` paper42
  2021-08-26 19:46 ` [PR PATCH] [Merged]: " paper42
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-08-26 19:45 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1283 bytes --]

There is an updated pull request by paper42 against master on the void-packages repository

https://github.com/paper42/void-packages 0001-common-hooks-post-install-add-fix-permissions-hook.patch
https://github.com/void-linux/void-packages/pull/30139

common/hooks/post-install: add fix permissions hook
Some packages install files with wrong permissions, but sometimes we can detect and fix them.

## /usr/share/man: 644
this rule matches a lot of files, mainly because it matches 444 permissions too
* packages which install manpages with 755 permissions: nvimpager, sloccount
* packages which install manpages with 444 permissions: lowdown, mdocml, dhcpcd, openresolv, all perl packages, lua5.3 (but not 5.1, 5.2 and 5.4)

## /etc/apparmor.d: 600
I chose 600 because that's what aa-genprof creates.
* packages which install apparmor profiles wrong permissions: apparmor (644), brillo (640), firejail (644), mako (640) (these permission measurements may be wrong in some cases)

The package lists are not complete.

Are there any other common directories which should be included in this hook? Is forcing 644 in /usr/share/man too strict? Should affected packages be revbumped?

A patch file from https://github.com/void-linux/void-packages/pull/30139.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-0001-common-hooks-post-install-add-fix-permissions-hook.patch-30139.patch --]
[-- Type: text/x-diff, Size: 10942 bytes --]

From cb202e84b363ebde9c83416fcb43baf7f5375a8a Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Fri, 2 Jul 2021 01:04:48 +0200
Subject: [PATCH 01/10] hooks/post-install: add fix permissions hook

---
 Manual.md                                     |  4 +++
 common/environment/setup-subpkg/subpkg.sh     |  3 ++
 .../hooks/post-install/14-fix-permissions.sh  | 33 +++++++++++++++++++
 3 files changed, 40 insertions(+)
 create mode 100644 common/hooks/post-install/14-fix-permissions.sh

diff --git a/Manual.md b/Manual.md
index 33706f20c210..db605c52135f 100644
--- a/Manual.md
+++ b/Manual.md
@@ -762,6 +762,10 @@ Examples:
 	```
 A special value `noarch` used to be available, but has since been removed.
 
+- `nocheckperms` If set, xbps-src will not fail on common permission errors (world writable files, etc.)
+
+- `nofixperms` If set, xbps-src will not fix common permission errors (executable manpages, etc.)
+
 <a id="explain_depends"></a>
 #### About the many types of `depends` variables
 
diff --git a/common/environment/setup-subpkg/subpkg.sh b/common/environment/setup-subpkg/subpkg.sh
index 0243d2400481..6edab5d882e1 100644
--- a/common/environment/setup-subpkg/subpkg.sh
+++ b/common/environment/setup-subpkg/subpkg.sh
@@ -8,6 +8,9 @@ unset -v depends run_depends replaces provides conflicts tags
 # hooks/post-install/03-strip-and-debug-pkgs
 unset -v nostrip nostrip_files
 
+# hooks/post-install/14-fix-permissions
+unset -v nocheckperms nofixperms
+
 # hooks/pre-pkg/04-generate-runtime-deps
 unset -v noverifyrdeps skiprdeps allow_unknown_shlibs shlib_requires
 
diff --git a/common/hooks/post-install/14-fix-permissions.sh b/common/hooks/post-install/14-fix-permissions.sh
new file mode 100644
index 000000000000..57b76ae9f485
--- /dev/null
+++ b/common/hooks/post-install/14-fix-permissions.sh
@@ -0,0 +1,33 @@
+# This hook fixes permissions in common places
+
+change_file_perms() {
+	local dir="${PKGDESTDIR}${1}"
+	# permission mask for matching the files
+	local permmask="$2"
+	# permissions which will be set on matched files
+	local perms="$3"
+	if [ -d "$dir" ]; then
+		find "$dir" -type f -perm "/$permmask" -exec chmod -v "$perms" {} +
+	fi
+}
+
+hook() {
+	if [ -z "$nocheckperms" ]; then
+		# check that no files have permission write for all users
+		find "$PKGDESTDIR" -type f -perm -0002 | while read -r file; do
+			msg_error "$pkgver: file ${file#$PKGDESTDIR} has write permission for all users\n"
+		done
+	fi
+
+	if [ -z "$nofixperms" ]; then
+		change_file_perms "/usr/share/man" 133 644
+		change_file_perms "/etc/apparmor.d" 111 644
+		change_file_perms "/usr/share/applications" 133 644
+		change_file_perms "/usr/share/help" 133 644
+		change_file_perms "/usr/share/icons" 133 644
+		change_file_perms "/usr/share/locale" 133 644
+		change_file_perms "/usr/share/metainfo" 133 644
+		change_file_perms "/usr/share/appdata" 133 644
+		change_file_perms "/usr/include" 133 644
+	fi
+}

From 1892270e809f77a51ff6c3f0d0c28ebd5bb39b3c Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 13:13:01 +0200
Subject: [PATCH 02/10] python3-simplegeneric: fix permissions

---
 srcpkgs/python3-simplegeneric/template | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/python3-simplegeneric/template b/srcpkgs/python3-simplegeneric/template
index 1d52210254c4..e5972608a2a3 100644
--- a/srcpkgs/python3-simplegeneric/template
+++ b/srcpkgs/python3-simplegeneric/template
@@ -1,7 +1,7 @@
 # Template file for 'python3-simplegeneric'
 pkgname=python3-simplegeneric
 version=0.8.1
-revision=6
+revision=7
 wrksrc="simplegeneric-${version}"
 build_style=python3-module
 hostmakedepends="unzip python3-setuptools"
@@ -12,3 +12,7 @@ license="ZPL-2.1"
 homepage="https://pypi.org/project/simplegeneric/"
 distfiles="${PYPI_SITE}/s/simplegeneric/simplegeneric-${version}.zip"
 checksum=dc972e06094b9af5b855b3df4a646395e43d1c9d0d39ed345b7393560d0b9173
+
+post_install() {
+	chmod -R o-w ${DESTDIR}/usr/lib/python*/site-packages/*.egg-info/
+}

From 77b1b48880f9a6be2d2e1b0c77c0f18172042d6f Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 13:14:01 +0200
Subject: [PATCH 03/10] python3-olefile: fix permissions

---
 srcpkgs/python3-olefile/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/python3-olefile/template b/srcpkgs/python3-olefile/template
index d76ec0ee8adc..4213ca32532f 100644
--- a/srcpkgs/python3-olefile/template
+++ b/srcpkgs/python3-olefile/template
@@ -1,7 +1,7 @@
 # Template file for 'python3-olefile'
 pkgname=python3-olefile
 version=0.46
-revision=4
+revision=5
 wrksrc="olefile-${version}"
 build_style=python3-module
 hostmakedepends="unzip python3-setuptools"
@@ -14,5 +14,6 @@ distfiles="${PYPI_SITE}/o/olefile/olefile-${version}.zip"
 checksum=133b031eaf8fd2c9399b78b8bc5b8fcbe4c31e85295749bb17a87cba8f3c3964
 
 post_install() {
+	chmod -R o-w ${DESTDIR}/usr/lib/python*/site-packages/*.egg-info/
 	vlicense LICENSE.txt
 }

From ebeafd0822b46f97a735216397013e9115183d89 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 13:16:40 +0200
Subject: [PATCH 04/10] brother-brscan3: fix permissions

---
 srcpkgs/brother-brscan3/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/brother-brscan3/template b/srcpkgs/brother-brscan3/template
index 38bf432986e9..4ca8965c65a3 100644
--- a/srcpkgs/brother-brscan3/template
+++ b/srcpkgs/brother-brscan3/template
@@ -1,7 +1,7 @@
 # Template file for 'brother-brscan3'
 pkgname=brother-brscan3
 version=0.2.13
-revision=1
+revision=2
 archs="i686 x86_64"
 create_wrksrc=yes
 hostmakedepends="tar"
@@ -44,6 +44,7 @@ do_install() {
 	ln -sf /usr/lib/libbrscandec3.so.1.0.0 ${DESTDIR}/usr/lib/libbrscandec3.so
 	vmkdir /opt/Brother
 	vcopy "./usr/local/Brother/*" /opt/Brother/
+	chmod o-w ${DESTDIR}/opt/Brother/sane/brsanenetdevice3.cfg
 	vlicense LICENSE
 }
 

From 5965e2a92575dd77709cbf2c4d25a5ee84192535 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 13:18:24 +0200
Subject: [PATCH 05/10] heyu: fix permissions

---
 srcpkgs/heyu/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/heyu/template b/srcpkgs/heyu/template
index 93b3ad7cc582..2537b473e4fa 100644
--- a/srcpkgs/heyu/template
+++ b/srcpkgs/heyu/template
@@ -1,7 +1,7 @@
 # Template file for 'heyu'
 pkgname=heyu
 version=2.10.1
-revision=3
+revision=4
 build_style=configure
 configure_script="./Configure"
 configure_args="linux"
@@ -26,7 +26,7 @@ do_install() {
 	vbin heyu
 
 	vmkdir etc/heyu
-	vinstall x10config.sample 0666 etc/heyu x10.conf
+	vinstall x10config.sample 0644 etc/heyu x10.conf
 
 	vman heyu.1
 	vman x10config.5

From 9a2f61646eabe4d2216216bc2e32851fef6c9c02 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 13:21:30 +0200
Subject: [PATCH 06/10] occt: fix permissions

---
 srcpkgs/occt/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/occt/template b/srcpkgs/occt/template
index 9298edc76e08..bbf04b932396 100644
--- a/srcpkgs/occt/template
+++ b/srcpkgs/occt/template
@@ -2,7 +2,7 @@
 pkgname=occt
 reverts=7.5.0_1
 version=7.4.0p1
-revision=3
+revision=4
 _gittag="V${version//./_}"
 wrksrc=occt-${_gittag}
 build_style=cmake
@@ -27,6 +27,7 @@ post_install() {
 
 	vmkdir /etc/profile.d
 	vinstall ${FILESDIR}/opencascade.sh 644 /etc/profile.d
+	chmod 755 ${DESTDIR}/usr/bin/draw.sh
 }
 
 occt-devel_package() {

From ad955b5817e0c8d885ac1acb07110a6b4d9f8558 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sun, 8 Aug 2021 14:40:25 +0200
Subject: [PATCH 07/10] vscode: fix permissions

---
 srcpkgs/vscode/template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srcpkgs/vscode/template b/srcpkgs/vscode/template
index a5cb2b02b284..da7d5cbe5bcf 100644
--- a/srcpkgs/vscode/template
+++ b/srcpkgs/vscode/template
@@ -1,7 +1,7 @@
 # Template file for 'vscode'
 pkgname=vscode
 version=1.59.1
-revision=1
+revision=2
 _electronver=12.0.14
 hostmakedepends="pkg-config python nodejs yarn tar git"
 makedepends="libxkbfile-devel libsecret-devel electron12"
@@ -66,4 +66,5 @@ do_install() {
 		-e 's|"$CLI"|"$CLI" --app="${VSCODE_PATH}/resources/app"|g' \
 		-i "$DESTDIR"/usr/lib/code-oss/bin/code-oss
 	vlicense LICENSE.txt
+	chmod -R o-w ${DESTDIR}/usr/lib/code-oss/resources/app/
 }

From b83ca1d7dc5e3d24bb81e577ef0b56df1a1181b1 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sat, 14 Aug 2021 20:34:21 +0200
Subject: [PATCH 08/10] lbreakout2: do not check file permissions

---
 srcpkgs/lbreakout2/template | 1 +
 1 file changed, 1 insertion(+)

diff --git a/srcpkgs/lbreakout2/template b/srcpkgs/lbreakout2/template
index 00eee1c29030..8368195ae4a2 100644
--- a/srcpkgs/lbreakout2/template
+++ b/srcpkgs/lbreakout2/template
@@ -12,6 +12,7 @@ license="GPL-2.0-or-later"
 homepage="http://lgames.sourceforge.net"
 distfiles="${SOURCEFORGE_SITE}/lgames/$pkgname-$version.tar.gz"
 checksum=9104d6175553da3442dc6a5fc407a669e2f5aff3eedc5d30409eb003b7a78d6f
+nocheckperms=yes # uses a world-writable .hscr file for global leaderboard
 
 post_install() {
 	vinstall ${FILESDIR}/lbreakout2.desktop 644 usr/share/applications

From 55366f555002480dc943b008aff54054c83fd528 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sat, 14 Aug 2021 20:34:41 +0200
Subject: [PATCH 09/10] lbreakouthd: do not check file permissions

---
 srcpkgs/lbreakouthd/template | 1 +
 1 file changed, 1 insertion(+)

diff --git a/srcpkgs/lbreakouthd/template b/srcpkgs/lbreakouthd/template
index 1f9accfb4ab9..cb9062e4f631 100644
--- a/srcpkgs/lbreakouthd/template
+++ b/srcpkgs/lbreakouthd/template
@@ -11,3 +11,4 @@ license="GPL-2.0-or-later"
 homepage="http://lgames.sourceforge.net/LBreakoutHD/"
 distfiles="${SOURCEFORGE_SITE}/lgames/$pkgname-$version.tar.gz"
 checksum=df5f8ad88bcf20bd34e1dfd77697b49a168d83ad43d8fdf5a3fee1fe272e15bd
+nocheckperms=yes # uses a world-writable .hscr file for global leaderboard

From a9401b2037181e4d8c12d7d101ca3845ea262c00 Mon Sep 17 00:00:00 2001
From: Michal Vasilek <michal@vasilek.cz>
Date: Sat, 14 Aug 2021 20:34:44 +0200
Subject: [PATCH 10/10] ltris: do not check file permissions

---
 srcpkgs/ltris/template | 1 +
 1 file changed, 1 insertion(+)

diff --git a/srcpkgs/ltris/template b/srcpkgs/ltris/template
index b2484148df6b..98846feaac3b 100644
--- a/srcpkgs/ltris/template
+++ b/srcpkgs/ltris/template
@@ -12,4 +12,5 @@ license="GPL-2.0-or-later"
 homepage="http://lgames.sourceforge.net/index.php?project=LTris"
 distfiles="${SOURCEFORGE_SITE}/lgames/$pkgname-$version.tar.gz"
 checksum=0ec4ad053e066a296529e923c2f626fa0a19c094c5ae03e44359f9c9e50955a8
+nocheckperms=yes # uses a world-writable .hscr file for global leaderboard
 CFLAGS+=" -fgnu89-inline"

^ permalink raw reply	[flat|nested] 45+ messages in thread

* Re: [PR PATCH] [Merged]: common/hooks/post-install: add fix permissions hook
  2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
                   ` (42 preceding siblings ...)
  2021-08-26 19:45 ` [PR PATCH] [Updated] " paper42
@ 2021-08-26 19:46 ` paper42
  43 siblings, 0 replies; 45+ messages in thread
From: paper42 @ 2021-08-26 19:46 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1073 bytes --]

There's a merged pull request on the void-packages repository

common/hooks/post-install: add fix permissions hook
https://github.com/void-linux/void-packages/pull/30139

Description:
Some packages install files with wrong permissions, but sometimes we can detect and fix them.

## /usr/share/man: 644
this rule matches a lot of files, mainly because it matches 444 permissions too
* packages which install manpages with 755 permissions: nvimpager, sloccount
* packages which install manpages with 444 permissions: lowdown, mdocml, dhcpcd, openresolv, all perl packages, lua5.3 (but not 5.1, 5.2 and 5.4)

## /etc/apparmor.d: 600
I chose 600 because that's what aa-genprof creates.
* packages which install apparmor profiles wrong permissions: apparmor (644), brillo (640), firejail (644), mako (640) (these permission measurements may be wrong in some cases)

The package lists are not complete.

Are there any other common directories which should be included in this hook? Is forcing 644 in /usr/share/man too strict? Should affected packages be revbumped?

^ permalink raw reply	[flat|nested] 45+ messages in thread

end of thread, other threads:[~2021-08-26 19:46 UTC | newest]

Thread overview: 45+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-10 22:52 [PR PATCH] common/hooks/post-install: add fix permissions hook paper42
2021-04-10 23:14 ` [PR REVIEW] " Duncaen
2021-04-10 23:15 ` Duncaen
2021-04-10 23:15 ` Duncaen
2021-04-10 23:17 ` Duncaen
2021-04-10 23:19 ` Duncaen
2021-04-10 23:19 ` Duncaen
2021-04-10 23:19 ` Duncaen
2021-04-10 23:20 ` Duncaen
2021-04-10 23:27 ` Duncaen
2021-04-11  1:09 ` ericonr
2021-04-20 23:11 ` [PR REVIEW] " paper42
2021-04-20 23:13 ` [PR PATCH] [Updated] " paper42
2021-04-20 23:26 ` paper42
2021-04-20 23:50 ` [PR REVIEW] " Duncaen
2021-04-20 23:51 ` Duncaen
2021-04-20 23:55 ` Duncaen
2021-04-21 21:11 ` ericonr
2021-04-29 15:56 ` [PR PATCH] [Updated] " paper42
2021-04-29 15:56 ` paper42
2021-04-29 15:57 ` [PR REVIEW] " paper42
2021-05-06  9:51 ` [PR PATCH] [Updated] " paper42
2021-07-01 23:04 ` paper42
2021-07-01 23:05 ` paper42
2021-07-01 23:05 ` paper42
2021-08-05 20:19 ` paper42
2021-08-05 20:19 ` paper42
2021-08-05 20:23 ` paper42
2021-08-05 21:10 ` Duncaen
2021-08-05 21:10 ` Duncaen
2021-08-06 18:53 ` [PR REVIEW] " ericonr
2021-08-06 18:53 ` ericonr
2021-08-06 18:53 ` ericonr
2021-08-06 18:53 ` ericonr
2021-08-06 22:08 ` [PR PATCH] [Updated] " paper42
2021-08-06 22:18 ` [PR REVIEW] " paper42
2021-08-06 22:18 ` paper42
2021-08-14 18:43 ` [PR PATCH] [Updated] " paper42
2021-08-14 19:47 ` paper42
2021-08-14 21:22 ` [PR REVIEW] " ericonr
2021-08-14 21:22 ` ericonr
2021-08-22 20:57 ` [PR PATCH] [Updated] " paper42
2021-08-22 20:59 ` [PR REVIEW] " paper42
2021-08-26 19:45 ` [PR PATCH] [Updated] " paper42
2021-08-26 19:46 ` [PR PATCH] [Merged]: " paper42

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).