guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Permissions in builds


From: Gábor Boskovits
Subject: Permissions in builds
Date: Tue, 7 Nov 2017 19:43:23 +0100

I have seen, that several package definitions add write permissions to files in the build.

I just had a package, where this issue came up. (python-networkx2)

The first issue I had was that in the build log the filenames were truncated in the stacktrace.
Do we have any mean to avoid that? It would help to find the problematic files.

It might not be a big issue currently, but it seems, that upstreams are sometimes tighten permissions.
I think we could be more roboust to this if we could make sure, that we have write permissions when we open something for writing in the build system.

At first I thought that the best way would be something like this:
check permission of file, if no good, then add write permission, do the modifications, then reset permissions to the state before.

Then I got a comment that files become read-only after they have been installed in the store anyway from Marius Bakke.

So it seems, that reseting the permissions is not needed.

Then I thought, that maybe we could simply add write permission unconditionally. That might be easy to implement. If it really has no security implications, then the only drawback I see, is that some tests might fail, if they check that permissions are strict.

WDYT?

We could also enable execute for directories unconditionally.

If this is good, then where in the build could such a step be implemented?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]