[Reproducible-builds] symlink permission bits on non-Linux

Steven Chamberlain steven at pyro.eu.org
Mon Feb 15 23:58:24 UTC 2016


On linux, a symlink can only have permissions 0777 (lrwxrwxrwx)

But on at least kfreebsd (maybe hurd?) there is no such limitation, and
permissions are set like any regular file.  That also means the umask is
applied...  and tar and dpkg-deb preserve this.

This proves to be an issue for:
  * reproducible builds on kfreebsd, affected by user's umask
  * reproducing arch:all packages between linux<->kfreebsd
  * reproducing linux packages by cross-building from kfreebsd

I think we should normalise symlinks' permissions to 0777, except GNU
chmod can't do that!  (chmod follows the symlink, and has no -h flag).

Adding a -h (no dereference) option to chmod would allow dh_fixperms to
use that.  But (as pointed out in #759886) adding things there does not
help packages not using debhelper, or other uses of tar.

Would this be best added as a feature to tar, that dpkg-deb can use?
Probably a new flag, that would apply --mode a=rwx only to symlinks.

Or are there other ideas how to fix this?

Steven Chamberlain
steven at pyro.eu.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160215/091d47f4/attachment.sig>

More information about the Reproducible-builds mailing list