> From: Romain Tartière <rom...@freebsd.org>
> I would like to know if there is some 'standard' way for the rubygems-*
> ports for fixing wrong files permissions.
Not that I'm personally aware of, but other more experienced people on this
list may know better.
> It appears that
> getopt-declare (not in the ports tree, it's a dependency of another port
> I would like to push) install files in a weird fashion:
>
> ------------------------------8<---------------------------
> ===> SECURITY REPORT:
> This port has installed the following world-writable files/directories.
> /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.29/ge
> topt-declare.gemspec
> /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.29/sa
> mples/cmdline_singles.rb
> /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.29/sa
> mples/cmdline_array.rb
> /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.29/sa
> mples/cmdline_usage.rb
> /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.29/te
> st/test_cmdline_parameters.rb
> /tmp/rubygem-getopt-declare-1.29/lib/ruby/gems/1.8/gems/getopt-declare-1.29/RE
> ADME.txt
> [...]
> ------------------------------8<---------------------------
>
> My current workaround is:
>
> ------------------------------8<---------------------------
> post-install:
> @${FIND} ${PREFIX}/${GEM_LIB_DIR} -type f -exec ${CHMOD} 444 '{}' ';'
> ------------------------------8<---------------------------
>
> I am not really happy with this. Is there a better way to fix this?
I don't think there is an easy place other than the post-install target
where you can 'patch' gems since the other stages of the port build process
do little for a gem, given it's mainly a wrapper for the gem installer
itself.
I remember had to do similar things with a couple of gems I use personally
(can't remember if I've submitted those as ports yet). The only thing I'd
say is to restrict your 'fix' to just those files your 'getopt-declare' gem
installs rather than make all the contents of the Gem lib dir 444 and
potentially cause a headache somewhere else. So something more like (I note
from a quick glance in my own Gem libs that they tend to be root/wheel and
644)
post-install:
@${FIND} ${PREFIX}/${GEM_LIB_DIR}/${PORTNAME}-${PORTVERSION} -type f -exec
${CHMOD} 644 '{}' ';'
I'd also pop a comment in the Makefile so someone following knows why you've
done it.
> I am not used with Ruby gems packaging, and I would like to be sure that
> this is a problem that should be signaled upstream before acting: is it?
I've never looked at the Gem internals to see how it determines file
permissions of those files it installs, but given it *appears* to be a bug
you'd do well to flag it to upstream and see what they say.
Regards
Eric
_______________________________________________
freebsd-ruby@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ruby
To unsubscribe, send any mail to "freebsd-ruby-unsubscr...@freebsd.org"
