Re: Should .so files under python site dir be 755 perms?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 12 Sep 2013 00:29:58 +0900, Mamoru TASAKA wrote:

> Well, I am so long wondering about this. Actually creating debuginfo,
> stripping shared libs and making the shared libs non executable can
> be accomplished by using %attr, i.e.
> - At %install, install the shared libs with 0755 as before
> - On %files, explicitly mark the files with %attr(0644,root,root)
> 
> http://koji.fedoraproject.org/koji/taskinfo?taskID=5923317
> 
> Some other distros makes non-executable shared libs 0644 permission.
> Is %attr approach for this case allowed / preferable / discouraged ?

It is widely accepted practice to limit %attr usage to really special
permissions (such as setuid, setgid) and ownership (non-root user and/or
group), so where that is done in a spec file, it sticks out.
In packages with many files, overusing %attr would decrease readability
even when using spec syntax-highlighting. Ordinary file permissions should
get fixed in %install and upstream.

Is it guaranteed that %attr will set the permission _after_ debuginfo
generation?

AFAIK, the only thing that wants +x on these libs is the debuginfo
generator, and IIRC there's support already for flipping a flag and making
it work with non-executables, too.

ldd still warns about non-executable libs. And the build tools are not
specific to Fedora/Linux, so they will likely keep making .so files +x.

How many of the libs contain special code that can be run?
I don't want to imagine a large configure script running a lib for
some version check or feature list. Would packagers need to check every
lib for whether it may be run or not?
--
packaging mailing list
packaging@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/packaging





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite Forum]     [KDE Users]

  Powered by Linux