From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6641861376070385664 X-Received: by 2002:a17:906:2445:: with SMTP id a5-v6mr8053422ejb.8.1546871177827; Mon, 07 Jan 2019 06:26:17 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a50:9177:: with SMTP id f52ls332074eda.2.gmail; Mon, 07 Jan 2019 06:26:17 -0800 (PST) X-Google-Smtp-Source: AFSGD/W3qUDD64pt8PMpVDjtIvVsBvPGYwHCO6bkPwXSCKzgGSkgbEIILTKPpQ3gMEIz5angsbwa X-Received: by 2002:a50:aeaf:: with SMTP id e44mr9331321edd.4.1546871177328; Mon, 07 Jan 2019 06:26:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546871177; cv=none; d=google.com; s=arc-20160816; b=05pD1zNF4xNU7fVb7jqOSPWQ66cdZYngmC5cyYfQFIYrkPOrt9KIiadQPXe5eaz5V4 UbdTG4L7zhojtE2d1cGB7KUEBvHD2LJiM0RvlAmMzekA4vhX8xFVzKATFDV2EKWKpFWa 1+w9q3xJn+w5OmUli6X5jZjYQPxVPGXytwwMKbO4+Oy22YsXa9wwZnElJ25f4PJsUvvR IMKXSIQQ5txFdaTTKnLk88jZEA28nmX4whMPlArGnM164LmCs8SnMxzvt19Y0GvCI1jm o+8TnjNj882+8wsuBGmyBE468Bhwulc7he8YG1SCsgjJXypDooODYbhaNED84GFPIIVD ofOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:references:cc:to:from:subject; bh=Q5Zxl9RFE9pbb3ajECk+hOJ/EcwBu9NkbqencoNtQYg=; b=hwQodKXPAWgYsiDbttmqVZARuYqUYGkORkHBQMCfIy2FWLLI95piA6tj2kWyB15ZN5 sOSSsSREKXJfLVOkeisvgbf3tvWwR25IKMM1/r5mU56lksZ2VJ15krgv+LABSqKodvKj /aB4E0sVp4BCOPsLn2fYPSk0oJWE8JYA8qtuNyn0AyGaBvP5xIQxJAfG4HD5HgyWQeX2 zKtNtanXjvejtAX9tWvMZMRz/1ejOkBplH40CEVkv4E/m2AtDtMvHtCD2x4dOi79dX7s xu/YHJf9vnHQsOnkaVNa0dX6UnQeyNaqEXzLv+mq+HO26R8t5L61S1dmvYO/CnxhnqYj EL8Q== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com Return-Path: Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2]) by gmr-mx.google.com with ESMTPS id l31si2952879edb.5.2019.01.07.06.26.17 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Jan 2019 06:26:17 -0800 (PST) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) client-ip=192.35.17.2; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.2 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id x07EQGJT002194 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 7 Jan 2019 15:26:16 +0100 Received: from [139.25.68.37] (md1q0hnc.ad001.siemens.net [139.25.68.37] (may be forged)) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id x07EQGfM018029; Mon, 7 Jan 2019 15:26:16 +0100 Subject: Re: [PATCH 1/7] dpkg-raw: Respect file permissions defined by recipe From: Jan Kiszka To: Henning Schild Cc: isar-users References: <20190107142049.0c5426a3@md1za8fc.ad001.siemens.net> <20190107151959.2627fcd8@md1za8fc.ad001.siemens.net> <1552f87b-a193-fca2-6496-e94554b21d6f@siemens.com> Message-ID: <30994991-d72e-1a54-6f90-1a89e926e121@siemens.com> Date: Mon, 7 Jan 2019 15:26:16 +0100 User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 In-Reply-To: <1552f87b-a193-fca2-6496-e94554b21d6f@siemens.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-TUID: CMTsFg3OQ7Wk On 07.01.19 15:20, Jan Kiszka wrote: > On 07.01.19 15:19, Henning Schild wrote: >> Am Mon, 7 Jan 2019 14:28:47 +0100 >> schrieb Jan Kiszka : >> >>> On 07.01.19 14:20, Henning Schild wrote: >>>> Am Wed, 2 Jan 2019 12:34:11 +0100 >>>> schrieb Jan Kiszka : >>>>> From: Jan Kiszka >>>>> >>>>> dh_fixperms overwrites the permissions do_install defined >>>>> carefully. Skip this step to avoid that. >>>>> >>>>> Fixes: f301ccb2b5b1 ("meta/dpkg-raw: build raw packages like all >>>>> others") CC: Henning Schild >>>>> Signed-off-by: Jan Kiszka >>>>> --- >>>>>    meta/classes/dpkg-raw.bbclass | 4 +++- >>>>>    1 file changed, 3 insertions(+), 1 deletion(-) >>>>> >>>>> diff --git a/meta/classes/dpkg-raw.bbclass >>>>> b/meta/classes/dpkg-raw.bbclass index 8d11433..10fb1b9 100644 >>>>> --- a/meta/classes/dpkg-raw.bbclass >>>>> +++ b/meta/classes/dpkg-raw.bbclass >>>>> @@ -56,9 +56,11 @@ EOF >>>>>    deb_create_rules() { >>>>>        cat << EOF > ${S}/debian/rules >>>>>    #!/usr/bin/make -f >>>>> + >>>>> +override_dh_fixperms: >>>>> + >>>>>    %: >>>>>        dh \$@ >>>>> - >>>> >>>> I think it is not a good idea to do that in general. While you might >>>> have found an example where dh_fixperms caused problems, there are >>>> probably many where it helps. Say people use "cp" to fill ${D} or >>>> "echo" to fill ${D}/bin/ >>> >>> I'm open for better suggestions. >> >> The suggestion is to do that in the one recipe that you need it for, >> and not touch the general case. > > ...except for causing that regression: Keep in mind that we used to respect > permissions defined by the user before the switch to packaging via Debian! To make my issue more concrete: Consider you want to package secrets this way. Then it would be rather ugly to even temporary have them group or even work readable during packaging and installation - in case you suggestion should be to adjust the permissions in a postinst. Jan -- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux