[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

fakeroot forcing filemodes

As you may be aware, the "fakeroot" package allows execution of commands
in an envrionment where getuid(),chown(), chmod(), stat() etc are
wrapped to make it appear the user really is root.

This allows the use of "dpkg-buildpackage -rfakeroot", so debian packages
do not need to be build as root any more (merely fakeroot).

But this allows for more: Fakeroot_0.0-7a (just released, due to problems
with master only available on ftp://rulcmc.leidenuniv.nl/debian/upload),
also (by default) refuses to do things like
  chmod og-r foo
as this is not allowed by the Debian Policy Manual: Section 3.3.8
only allows for dirs with mode 04755 or 02775, and files should
have at least mode 0644.

This was (I think) suggested by Christian Schwarz, and I now really
like this feature: Turns out that about every X package that uses 
xmkmf violates the debian policy, as all manual pages, header files,
etc are installed mode 0444 (just filed a bug about this, against xlib6-dev).

However, there are places where files with mode less than 0644,
or dirs with mode less than 04755 should be permissable:
/etc/shadow, and, as recently suggested on bugtraq, /etc/ircd/
(the latter directory contains /etc/shadow like files).

This could be solved with an environment variable "FAKEROOTOPT=--nodebian",
that would switch off this behaviour. Then the rules file would have:
	FAKEROOTOPT=--nodebian chmod 0700 /etc/ircd
This would work both for non-fakeroot builds, and for fakeroot builds.

On the other hand, /etc/shadow isn't too much of a problem, as that
one appears to be created by a postinst script. And the /etc/ircd 
problem could be solved by saying /etc/ircd can be mode 04755, and the
passwd like files in that dir should be created in the postinst.
So is there really a problem here? Maybe it would be OK to have a
strict rule "no .deb package may contain files with modes less than
0644 etc"?

I'd like opinions on this.
joost witteveen, joostje@debian.org
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: