From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6641861376070385664
X-Received: by 2002:a1c:2088:: with SMTP id g130mr980430wmg.6.1546878492576;
        Mon, 07 Jan 2019 08:28:12 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a1c:93c4:: with SMTP id v187ls185008wmd.8.gmail; Mon, 07 Jan
 2019 08:28:12 -0800 (PST)
X-Google-Smtp-Source: ALg8bN7r9t0/7dGK62btUaJVR7R1puHRH+iSee89IQCeSNWbEm1DeNx6mY590p0fKPE6UdgycDGY
X-Received: by 2002:a1c:18d:: with SMTP id 135mr1077349wmb.13.1546878492122;
        Mon, 07 Jan 2019 08:28:12 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1546878492; cv=none;
        d=google.com; s=arc-20160816;
        b=FxkQyBqJ2+ttO4YM7Mw1tW86SyLd0XRGDHJSZUOMh4WaeyZdLY8fRl5lexWKXd5RV+
         arqU8xsD9ZoNJZf9zCua1sk140oF+8H+V5NHESU5HxcvCHrdB/Qr6XI5cerqDzw4Gzw9
         M+wu2etnw1UqOdNetqKDjXuYdHEEPf1vNLF2zgP/GgFcSESjUPOY2sKRMN/MzieMjFKe
         IMk0vAt0XFNU3XRDGpaTUtLJVxFfxBWo5YupXZ0B67ovANqcUlNJQkGOXCaC1bxf6pWi
         To3VqOe9DLwS4Lewz+Di0CIF6viDJNUbKkCXPltoNMDJkAyna3lKH99saMjTzJl0nWiS
         iJNA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:subject:cc:to:from:date;
        bh=rFUVEpFr2bIpTL9IrBaUpYSwZhVZBZeBcINPmsTli9I=;
        b=aHY4+/acuGjFSRcJd1WMoDwJdHV34twkNrKtzYeIq9TNjE51l2O+3P/q11R129v3LH
         mvggTuqOHg+PLPg7X+3NjLUPy949wqvgEGBxulaSUiUxQveD3pZgaElIZBurpHBdRMRH
         ibkhdVGK1JPAaNfSwbULqZGFXpva5htpXOA3+KSxJ0hBvM9xELNKbHDzdOUpMIBxu54n
         m5pnwKaSrpnJ3YI0Zpkz+57C5b2wNoYWtURMe8twUhkraBIgSxp76ss0LtKWSFERVn+3
         qztKgeqZWV4o0WC9aZtxDDo7vyKOTvrr8ADmepRfWS1uXDyFZomlI3twD3OxCkbSE1Av
         4SWg==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=henning.schild@siemens.com
Return-Path: <henning.schild@siemens.com>
Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2])
        by gmr-mx.google.com with ESMTPS id f136si461037wmd.1.2019.01.07.08.28.12
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 07 Jan 2019 08:28:12 -0800 (PST)
Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=henning.schild@siemens.com
Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35])
	by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id x07GSBWk030081
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <isar-users@googlegroups.com>; Mon, 7 Jan 2019 17:28:11 +0100
Received: from md1za8fc.ad001.siemens.net ([139.25.69.158])
	by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id x07GSBc6012053;
	Mon, 7 Jan 2019 17:28:11 +0100
Date: Mon, 7 Jan 2019 17:28:10 +0100
From: Henning Schild <henning.schild@siemens.com>
To: Jan Kiszka <jan.kiszka@siemens.com>
Cc: isar-users <isar-users@googlegroups.com>
Subject: Re: [PATCH 1/7] dpkg-raw: Respect file permissions defined by
 recipe
Message-ID: <20190107172810.10e0178b@md1za8fc.ad001.siemens.net>
In-Reply-To: <30994991-d72e-1a54-6f90-1a89e926e121@siemens.com>
References: <cover.1546428857.git.jan.kiszka@siemens.com>
	<c19c2dda69dc67cd793108ceb84a0f2d0a952274.1546428857.git.jan.kiszka@siemens.com>
	<20190107142049.0c5426a3@md1za8fc.ad001.siemens.net>
	<bc1712a9-8bfe-89c2-6f39-306cbee7ee7f@siemens.com>
	<20190107151959.2627fcd8@md1za8fc.ad001.siemens.net>
	<1552f87b-a193-fca2-6496-e94554b21d6f@siemens.com>
	<30994991-d72e-1a54-6f90-1a89e926e121@siemens.com>
X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-TUID: E7w9ZKhiUUA6

Am Mon, 7 Jan 2019 15:26:16 +0100
schrieb Jan Kiszka <jan.kiszka@siemens.com>:

> On 07.01.19 15:20, Jan Kiszka wrote:
> > On 07.01.19 15:19, Henning Schild wrote: =20
> >> Am Mon, 7 Jan 2019 14:28:47 +0100
> >> schrieb Jan Kiszka <jan.kiszka@siemens.com>:
> >> =20
> >>> On 07.01.19 14:20, Henning Schild wrote: =20
> >>>> Am Wed, 2 Jan 2019 12:34:11 +0100
> >>>> schrieb Jan Kiszka <jan.kiszka@siemens.com>: =20
> >>>>> From: Jan Kiszka <jan.kiszka@siemens.com>
> >>>>>
> >>>>> dh_fixperms overwrites the permissions do_install defined
> >>>>> carefully. Skip this step to avoid that.
> >>>>>
> >>>>> Fixes: f301ccb2b5b1 ("meta/dpkg-raw: build raw packages like all
> >>>>> others") CC: Henning Schild <henning.schild@siemens.com>
> >>>>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
> >>>>> ---
> >>>>> =C2=A0=C2=A0 meta/classes/dpkg-raw.bbclass | 4 +++-
> >>>>> =C2=A0=C2=A0 1 file changed, 3 insertions(+), 1 deletion(-)
> >>>>>
> >>>>> diff --git a/meta/classes/dpkg-raw.bbclass
> >>>>> b/meta/classes/dpkg-raw.bbclass index 8d11433..10fb1b9 100644
> >>>>> --- a/meta/classes/dpkg-raw.bbclass
> >>>>> +++ b/meta/classes/dpkg-raw.bbclass
> >>>>> @@ -56,9 +56,11 @@ EOF
> >>>>> =C2=A0=C2=A0 deb_create_rules() {
> >>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 cat << EOF > ${S}/debian/rules
> >>>>> =C2=A0=C2=A0 #!/usr/bin/make -f
> >>>>> +
> >>>>> +override_dh_fixperms:
> >>>>> +
> >>>>> =C2=A0=C2=A0 %:
> >>>>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 dh \$@
> >>>>> - =20
> >>>>
> >>>> I think it is not a good idea to do that in general. While you
> >>>> might have found an example where dh_fixperms caused problems,
> >>>> there are probably many where it helps. Say people use "cp" to
> >>>> fill ${D} or "echo" to fill ${D}/bin/ =20
> >>>
> >>> I'm open for better suggestions. =20
> >>
> >> The suggestion is to do that in the one recipe that you need it
> >> for, and not touch the general case. =20
> >=20
> > ...except for causing that regression: Keep in mind that we used to
> > respect permissions defined by the user before the switch to
> > packaging via Debian! =20

True, but there is a changelog section that even tells users how to
disable certain dhs for their recipes.

> To make my issue more concrete: Consider you want to package secrets
> this way. Then it would be rather ugly to even temporary have them
> group or even work readable during packaging and installation - in
> case you suggestion should be to adjust the permissions in a postinst.

Having secrets in your repo and build process would be ugly as well,
many spots where they could leak. So i do not think that is a good
example.
And i am not talking about a postinst, but a rules file that does
exactly what yours does. See what example-raw does for dh_usrlocal, if
you bring your rules you do not get the defaults.
Looking at the man-page i see a lot of "removes permission", where
documentation seems to be the only exception. Again secret does not
seem to be a good example. (except you place it in usr/share/doc ;) )

What exactly is your motivation for the change?

Henning

> Jan
>=20