From 32560ca2720891feddd2c287eaf74d67d8eba162 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Fri, 2 Jul 2021 01:04:48 +0200 Subject: [PATCH 01/10] hooks/post-install: add fix permissions hook --- common/environment/setup-subpkg/subpkg.sh | 3 ++ .../hooks/post-install/14-fix-permissions.sh | 30 +++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 common/hooks/post-install/14-fix-permissions.sh diff --git a/common/environment/setup-subpkg/subpkg.sh b/common/environment/setup-subpkg/subpkg.sh index 0243d2400481..048e28f83577 100644 --- a/common/environment/setup-subpkg/subpkg.sh +++ b/common/environment/setup-subpkg/subpkg.sh @@ -5,6 +5,9 @@ unset -v conf_files mutable_files preserve triggers alternatives unset -v depends run_depends replaces provides conflicts tags +# hooks/post-install/14-fix-permissions +unset -v nofixperms + # hooks/post-install/03-strip-and-debug-pkgs unset -v nostrip nostrip_files diff --git a/common/hooks/post-install/14-fix-permissions.sh b/common/hooks/post-install/14-fix-permissions.sh new file mode 100644 index 000000000000..8960e514258a --- /dev/null +++ b/common/hooks/post-install/14-fix-permissions.sh @@ -0,0 +1,30 @@ +# This hook fixes permissions in common places + +change_file_perms() { + local dir="${PKGDESTDIR}${1}" + # permission mask for matching the files + local permmask="$2" + # permissions which will be set on matched files + local perms="$3" + if [ -d "$dir" ]; then + find "$dir" -type f -perm "/$permmask" -exec chmod -v "$perms" {} + + fi +} + +hook() { + [ -n "$nofixperms" ] && return 0 + # check that no files have permission write for all users + find "$PKGDESTDIR" -type f -perm -0002 | while read -r file; do + msg_error "$pkgver: file ${file#$PKGDESTDIR} has write permission for all users\n" + done + + change_file_perms "/usr/share/man" 133 644 + change_file_perms "/etc/apparmor.d" 111 644 + change_file_perms "/usr/share/applications" 133 644 + change_file_perms "/usr/share/help" 133 644 + change_file_perms "/usr/share/icons" 133 644 + change_file_perms "/usr/share/locale" 133 644 + change_file_perms "/usr/share/metainfo" 133 644 + change_file_perms "/usr/share/appdata" 133 644 + change_file_perms "/usr/include" 133 644 +} From bb07822c5e603319f115373138a3fb09f02f7b41 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sun, 8 Aug 2021 13:13:01 +0200 Subject: [PATCH 02/10] python3-simplegeneric: fix permissions --- srcpkgs/python3-simplegeneric/template | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/srcpkgs/python3-simplegeneric/template b/srcpkgs/python3-simplegeneric/template index 1d52210254c4..e5972608a2a3 100644 --- a/srcpkgs/python3-simplegeneric/template +++ b/srcpkgs/python3-simplegeneric/template @@ -1,7 +1,7 @@ # Template file for 'python3-simplegeneric' pkgname=python3-simplegeneric version=0.8.1 -revision=6 +revision=7 wrksrc="simplegeneric-${version}" build_style=python3-module hostmakedepends="unzip python3-setuptools" @@ -12,3 +12,7 @@ license="ZPL-2.1" homepage="https://pypi.org/project/simplegeneric/" distfiles="${PYPI_SITE}/s/simplegeneric/simplegeneric-${version}.zip" checksum=dc972e06094b9af5b855b3df4a646395e43d1c9d0d39ed345b7393560d0b9173 + +post_install() { + chmod -R o-w ${DESTDIR}/usr/lib/python*/site-packages/*.egg-info/ +} From 132dbd8cdbd67e13ebe5d88ff1b1868e89e355f3 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sun, 8 Aug 2021 13:14:01 +0200 Subject: [PATCH 03/10] python3-olefile: fix permissions --- srcpkgs/python3-olefile/template | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/srcpkgs/python3-olefile/template b/srcpkgs/python3-olefile/template index d76ec0ee8adc..4213ca32532f 100644 --- a/srcpkgs/python3-olefile/template +++ b/srcpkgs/python3-olefile/template @@ -1,7 +1,7 @@ # Template file for 'python3-olefile' pkgname=python3-olefile version=0.46 -revision=4 +revision=5 wrksrc="olefile-${version}" build_style=python3-module hostmakedepends="unzip python3-setuptools" @@ -14,5 +14,6 @@ distfiles="${PYPI_SITE}/o/olefile/olefile-${version}.zip" checksum=133b031eaf8fd2c9399b78b8bc5b8fcbe4c31e85295749bb17a87cba8f3c3964 post_install() { + chmod -R o-w ${DESTDIR}/usr/lib/python*/site-packages/*.egg-info/ vlicense LICENSE.txt } From 5c54e0034bb2acc559d04896a59a4e028afed07c Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sun, 8 Aug 2021 13:16:40 +0200 Subject: [PATCH 04/10] brother-brscan3: fix permissions --- srcpkgs/brother-brscan3/template | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/srcpkgs/brother-brscan3/template b/srcpkgs/brother-brscan3/template index 38bf432986e9..4ca8965c65a3 100644 --- a/srcpkgs/brother-brscan3/template +++ b/srcpkgs/brother-brscan3/template @@ -1,7 +1,7 @@ # Template file for 'brother-brscan3' pkgname=brother-brscan3 version=0.2.13 -revision=1 +revision=2 archs="i686 x86_64" create_wrksrc=yes hostmakedepends="tar" @@ -44,6 +44,7 @@ do_install() { ln -sf /usr/lib/libbrscandec3.so.1.0.0 ${DESTDIR}/usr/lib/libbrscandec3.so vmkdir /opt/Brother vcopy "./usr/local/Brother/*" /opt/Brother/ + chmod o-w ${DESTDIR}/opt/Brother/sane/brsanenetdevice3.cfg vlicense LICENSE } From ce1c07b67c9dfd41aaeea3a461a139c57925203f Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sun, 8 Aug 2021 13:18:24 +0200 Subject: [PATCH 05/10] heyu: fix permissions --- srcpkgs/heyu/template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/srcpkgs/heyu/template b/srcpkgs/heyu/template index 93b3ad7cc582..2537b473e4fa 100644 --- a/srcpkgs/heyu/template +++ b/srcpkgs/heyu/template @@ -1,7 +1,7 @@ # Template file for 'heyu' pkgname=heyu version=2.10.1 -revision=3 +revision=4 build_style=configure configure_script="./Configure" configure_args="linux" @@ -26,7 +26,7 @@ do_install() { vbin heyu vmkdir etc/heyu - vinstall x10config.sample 0666 etc/heyu x10.conf + vinstall x10config.sample 0644 etc/heyu x10.conf vman heyu.1 vman x10config.5 From fa2760b46fe69ca97c132be476fdc7ca82099737 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sun, 8 Aug 2021 13:21:30 +0200 Subject: [PATCH 06/10] occt: fix permissions --- srcpkgs/occt/template | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/srcpkgs/occt/template b/srcpkgs/occt/template index 9298edc76e08..bbf04b932396 100644 --- a/srcpkgs/occt/template +++ b/srcpkgs/occt/template @@ -2,7 +2,7 @@ pkgname=occt reverts=7.5.0_1 version=7.4.0p1 -revision=3 +revision=4 _gittag="V${version//./_}" wrksrc=occt-${_gittag} build_style=cmake @@ -27,6 +27,7 @@ post_install() { vmkdir /etc/profile.d vinstall ${FILESDIR}/opencascade.sh 644 /etc/profile.d + chmod 755 ${DESTDIR}/usr/bin/draw.sh } occt-devel_package() { From 8092e1842c1747c1c4b75d8882dfd127f7a1b02a Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sun, 8 Aug 2021 14:40:25 +0200 Subject: [PATCH 07/10] vscode: fix permissions --- srcpkgs/vscode/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/vscode/template b/srcpkgs/vscode/template index 24e5aca3b26a..a97b8bd1ba47 100644 --- a/srcpkgs/vscode/template +++ b/srcpkgs/vscode/template @@ -66,4 +66,5 @@ do_install() { -e 's|"$CLI"|"$CLI" --app="${VSCODE_PATH}/resources/app"|g' \ -i "$DESTDIR"/usr/lib/code-oss/bin/code-oss vlicense LICENSE.txt + chmod -R o-w ${DESTDIR}/usr/lib/code-oss/resources/app/extensions/ } From 92cf0c6f006e7f250c91dc167aeceb829b7e6f3a Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sat, 14 Aug 2021 20:34:21 +0200 Subject: [PATCH 08/10] lbreakout2: disable fix-perms hook --- srcpkgs/lbreakout2/template | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/srcpkgs/lbreakout2/template b/srcpkgs/lbreakout2/template index 00eee1c29030..b28c81f620c3 100644 --- a/srcpkgs/lbreakout2/template +++ b/srcpkgs/lbreakout2/template @@ -1,7 +1,7 @@ # Template file for 'lbreakout2' pkgname=lbreakout2 version=2.6.5 -revision=2 +revision=3 build_style=gnu-configure configure_args="--enable-sdl-net --localstatedir=/var/games/$pkgname" make_install_args="doc_dir=/usr/share/doc" @@ -12,6 +12,7 @@ license="GPL-2.0-or-later" homepage="http://lgames.sourceforge.net" distfiles="${SOURCEFORGE_SITE}/lgames/$pkgname-$version.tar.gz" checksum=9104d6175553da3442dc6a5fc407a669e2f5aff3eedc5d30409eb003b7a78d6f +nofixperms=yes # uses a world-writable .hscr file for global leaderboard post_install() { vinstall ${FILESDIR}/lbreakout2.desktop 644 usr/share/applications From ce421f719f840ff6558d547ae6059b65a887fa86 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sat, 14 Aug 2021 20:34:41 +0200 Subject: [PATCH 09/10] lbreakouthd: disable fix-perms hook --- srcpkgs/lbreakouthd/template | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/srcpkgs/lbreakouthd/template b/srcpkgs/lbreakouthd/template index 1f9accfb4ab9..e0518c57872b 100644 --- a/srcpkgs/lbreakouthd/template +++ b/srcpkgs/lbreakouthd/template @@ -1,7 +1,7 @@ # Template file for 'lbreakouthd' pkgname=lbreakouthd version=1.0.6 -revision=1 +revision=2 build_style=gnu-configure configure_args="--localstatedir=/var/${pkgname}" makedepends="SDL2-devel SDL2_mixer-devel SDL2_image-devel SDL2_ttf-devel" @@ -11,3 +11,4 @@ license="GPL-2.0-or-later" homepage="http://lgames.sourceforge.net/LBreakoutHD/" distfiles="${SOURCEFORGE_SITE}/lgames/$pkgname-$version.tar.gz" checksum=df5f8ad88bcf20bd34e1dfd77697b49a168d83ad43d8fdf5a3fee1fe272e15bd +nofixperms=yes # uses a world-writable .hscr file for global leaderboard From 6347480b1419c5ff8e30ad30b2e6759de489aab9 Mon Sep 17 00:00:00 2001 From: Michal Vasilek Date: Sat, 14 Aug 2021 20:34:44 +0200 Subject: [PATCH 10/10] ltris: disable fix-perms hook --- srcpkgs/ltris/template | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/srcpkgs/ltris/template b/srcpkgs/ltris/template index b2484148df6b..9c5d419e8799 100644 --- a/srcpkgs/ltris/template +++ b/srcpkgs/ltris/template @@ -1,7 +1,7 @@ # Template file for 'ltris' pkgname=ltris version=1.2.3 -revision=1 +revision=2 build_style=gnu-configure configure_args="--localstatedir=/var/games/ltris" hostmakedepends="bison" @@ -12,4 +12,5 @@ license="GPL-2.0-or-later" homepage="http://lgames.sourceforge.net/index.php?project=LTris" distfiles="${SOURCEFORGE_SITE}/lgames/$pkgname-$version.tar.gz" checksum=0ec4ad053e066a296529e923c2f626fa0a19c094c5ae03e44359f9c9e50955a8 +nofixperms=yes # uses a world-writable .hscr file for global leaderboard CFLAGS+=" -fgnu89-inline"