[Reproducible-builds] symlink permission bits on non-Linux
lunar at debian.org
Tue Feb 16 07:42:07 UTC 2016
> On linux, a symlink can only have permissions 0777 (lrwxrwxrwx)
> But on at least kfreebsd (maybe hurd?) there is no such limitation, and
> permissions are set like any regular file. That also means the umask is
> applied... and tar and dpkg-deb preserve this.
> This proves to be an issue for:
> * reproducible builds on kfreebsd, affected by user's umask
> * reproducing arch:all packages between linux<->kfreebsd
> * reproducing linux packages by cross-building from kfreebsd
> I think we should normalise symlinks' permissions to 0777, except GNU
> chmod can't do that! (chmod follows the symlink, and has no -h flag).
> Adding a -h (no dereference) option to chmod would allow dh_fixperms to
> use that. But (as pointed out in #759886) adding things there does not
> help packages not using debhelper, or other uses of tar.
> Would this be best added as a feature to tar, that dpkg-deb can use?
> Probably a new flag, that would apply --mode a=rwx only to symlinks.
> Or are there other ideas how to fix this?
One idea floating is to get dpkg-deb working with an explicit manifest
to create the package content. I believe that would solve the issue. But
that's at least mid-term because dpkg needs to get its own Tar
implementation (or maybe depend on libarchive) and, likely harder, a
format needs to be defined for the manifest.
In the meantime, shouldn't GNU chmod get a `-h` option in any cases if
it's going to be used on kFreeBSD?
Then it's pretty easy to start with `dh_fixperms` and see how much it
Guillem said he was ok with dpkg depending on recent versions of
Tar , but changes would need to be accepted by Tar upstream.
What's the situation regarding symlinks on HURD?
lunar at debian.org : :Ⓐ : # apt-get install anarchism
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: Digital signature
More information about the Reproducible-builds