From 1b0d68c765a4890627350afa2e8d0a9381f43cbb Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 2 Jul 2021 01:04:48 +0200 Subject: [PATCH] hooks/post-install: add fix permissions hook --- common/environment/setup-subpkg/subpkg.sh | 3 ++ .../hooks/post-install/14-fix-permissions.sh | 30 +++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 common/hooks/post-install/14-fix-permissions.sh diff --git a/common/environment/setup-subpkg/subpkg.sh b/common/environment/setup-subpkg/subpkg.sh index 0243d2400481..048e28f83577 100644 --- a/common/environment/setup-subpkg/subpkg.sh +++ b/common/environment/setup-subpkg/subpkg.sh @@ -5,6 +5,9 @@ unset -v conf_files mutable_files preserve triggers alternatives unset -v depends run_depends replaces provides conflicts tags +# hooks/post-install/14-fix-permissions +unset -v nofixperms + # hooks/post-install/03-strip-and-debug-pkgs unset -v nostrip nostrip_files diff --git a/common/hooks/post-install/14-fix-permissions.sh b/common/hooks/post-install/14-fix-permissions.sh new file mode 100644 index 000000000000..8960e514258a --- /dev/null +++ b/common/hooks/post-install/14-fix-permissions.sh @@ -0,0 +1,30 @@ +# This hook fixes permissions in common places + +change_file_perms() { + local dir="${PKGDESTDIR}${1}" + # permission mask for matching the files + local permmask="$2" + # permissions which will be set on matched files + local perms="$3" + if [ -d "$dir" ]; then + find "$dir" -type f -perm "/$permmask" -exec chmod -v "$perms" {} + + fi +} + +hook() { + [ -n "$nofixperms" ] && return 0 + # check that no files have permission write for all users + find "$PKGDESTDIR" -type f -perm -0002 | while read -r file; do + msg_error "$pkgver: file ${file#$PKGDESTDIR} has write permission for all users\n" + done + + change_file_perms "/usr/share/man" 133 644 + change_file_perms "/etc/apparmor.d" 111 644 + change_file_perms "/usr/share/applications" 133 644 + change_file_perms "/usr/share/help" 133 644 + change_file_perms "/usr/share/icons" 133 644 + change_file_perms "/usr/share/locale" 133 644 + change_file_perms "/usr/share/metainfo" 133 644 + change_file_perms "/usr/share/appdata" 133 644 + change_file_perms "/usr/include" 133 644 +}