updatecenter2
  1. updatecenter2
  2. UPDATECENTER2-2207

Change UC2 packages to have more restrictive file permissions

    Details

    • Type: Bug Bug
    • Status: Reopened
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: B55
    • Fix Version/s: None
    • Component/s: build
    • Labels:
      None
    • Status Whiteboard:
      Hide

      2_3u7

      Show
      2_3u7

      Description

      A requirement of the GlassFish application server is to have more restrictive file permissions by default. Specifically executables and directories should be 750 and normal files should be 640. We should change our UC packages to have more restrictive permissions.

        Activity

        Hide
        Joe Di Pol added a comment -

        Fixed in 2.3.5: r2849

        Project:    updatecenter2
        Repository: svn
        Revision:   2849
        Author:     jfdipol
        Date:       2011-11-29 01:08:02 UTC
        Link:       
        
        Log Message:
        ------------
        Fix UPDATECENTER2-2207 Change UC2 packages to have more restrictive file
        permissions
        
        Directories and executables now install with 0750.
        Normal files are now 0640.
        
        
        
        
        Revisions:
        ----------
        2849
        
        
        Modified Paths:
        ---------------
        branches/2.3sustaining/packaging/pkg-extra-tools_proto.py
        branches/2.3sustaining/packaging/pkg_proto.py
        branches/2.3sustaining/packaging/updatetool_proto.py
        branches/2.3sustaining/packaging/python_proto.py
        branches/2.3sustaining/tools/makepkgs.py
        branches/2.3sustaining/build.xml
        
        
        Diffs:
        ------
        Index: branches/2.3sustaining/tools/makepkgs.py
        ===================================================================
        --- branches/2.3sustaining/tools/makepkgs.py	(revision 2848)
        +++ branches/2.3sustaining/tools/makepkgs.py	(revision 2849)
        @@ -294,11 +294,11 @@
             global default_file_mode, default_file_owner, default_file_group, \
                    default_dir_mode, default_dir_owner, default_dir_group
             # defaults for file action
        -    default_file_mode = "0644"
        +    default_file_mode = "0640"
             default_file_owner = "root"
             default_file_group = "sys"
             # defaults for dir action
        -    default_dir_mode = "0755"
        +    default_dir_mode = "0750"
             default_dir_owner = "root"
             default_dir_group = "sys"
         
        Index: branches/2.3sustaining/packaging/pkg-extra-tools_proto.py
        ===================================================================
        --- branches/2.3sustaining/packaging/pkg-extra-tools_proto.py	(revision 2848)
        +++ branches/2.3sustaining/packaging/pkg-extra-tools_proto.py	(revision 2849)
        @@ -69,18 +69,18 @@
                                "pkg/bin/makeimage.py"      : {},
                                "pkg/bin/makemanifest.py"   : {},
                                "pkg/bin/cmprepo.py"        : {},
        -                       "pkg/bin/archivepkgs.bat"   : {"mode" : "0755" },
        -                       "pkg/bin/archivepkgs"       : {"mode" : "0755" },
        -                       "pkg/bin/makepkgs.bat"      : {"mode" : "0755" },
        -                       "pkg/bin/makepkgs"          : {"mode" : "0755" },
        -                       "pkg/bin/copypkgs.bat"      : {"mode" : "0755" },
        -                       "pkg/bin/copypkgs"          : {"mode" : "0755" },
        -                       "pkg/bin/makeimage.bat"     : {"mode" : "0755" },
        -                       "pkg/bin/makeimage"         : {"mode" : "0755" },
        -                       "pkg/bin/makemanifest.bat"  : {"mode" : "0755" },
        -                       "pkg/bin/makemanifest"      : {"mode" : "0755" },
        -                       "pkg/bin/cmprepo.bat"       : {"mode" : "0755" },
        -                       "pkg/bin/cmprepo"           : {"mode" : "0755" },
        +                       "pkg/bin/archivepkgs.bat"   : {"mode" : "0750" },
        +                       "pkg/bin/archivepkgs"       : {"mode" : "0750" },
        +                       "pkg/bin/makepkgs.bat"      : {"mode" : "0750" },
        +                       "pkg/bin/makepkgs"          : {"mode" : "0750" },
        +                       "pkg/bin/copypkgs.bat"      : {"mode" : "0750" },
        +                       "pkg/bin/copypkgs"          : {"mode" : "0750" },
        +                       "pkg/bin/makeimage.bat"     : {"mode" : "0750" },
        +                       "pkg/bin/makeimage"         : {"mode" : "0750" },
        +                       "pkg/bin/makemanifest.bat"  : {"mode" : "0750" },
        +                       "pkg/bin/makemanifest"      : {"mode" : "0750" },
        +                       "pkg/bin/cmprepo.bat"       : {"mode" : "0750" },
        +                       "pkg/bin/cmprepo"           : {"mode" : "0750" },
                                "pkg/lib/pkg-ant-tasks.xml" : {},
                                "pkg/lib/pkg-ant-tasks.jar" : {},
                                },
        Index: branches/2.3sustaining/packaging/updatetool_proto.py
        ===================================================================
        --- branches/2.3sustaining/packaging/updatetool_proto.py	(revision 2848)
        +++ branches/2.3sustaining/packaging/updatetool_proto.py	(revision 2849)
        @@ -67,15 +67,15 @@
                               },
         
             "dirs"          : {
        -                       "bin"                   : {"mode" : "0755"},
        -                       "updatetool"            : {"mode" : "0755"},
        -                       "updatetool/bin"        : {"mode" : "0755"},
        -                       "updatetool/lib"        : {"mode" : "0755"},
        -                       "updatetool/vendor-packages" : {"mode" : "0755"},
        -                       "updatetool/vendor-packages/updatetool" : {"mode" : "0755"},
        -                       "updatetool/UpdateTool.app" : {"mode" : "0755", "os" : "darwin-universal"},
        -                       "updatetool/lib/UpdateToolNotifier.app" : {"mode" : "0755", "os" : "darwin-universal"},
        -                       "updatetool/lib/SoftwareUpdate.app" : {"mode" : "0755", "os" : "darwin-universal"},
        +                       "bin"                   : {"mode" : "0750"},
        +                       "updatetool"            : {"mode" : "0750"},
        +                       "updatetool/bin"        : {"mode" : "0750"},
        +                       "updatetool/lib"        : {"mode" : "0750"},
        +                       "updatetool/vendor-packages" : {"mode" : "0750"},
        +                       "updatetool/vendor-packages/updatetool" : {"mode" : "0750"},
        +                       "updatetool/UpdateTool.app" : {"mode" : "0750", "os" : "darwin-universal"},
        +                       "updatetool/lib/UpdateToolNotifier.app" : {"mode" : "0750", "os" : "darwin-universal"},
        +                       "updatetool/lib/SoftwareUpdate.app" : {"mode" : "0750", "os" : "darwin-universal"},
                               },
         
         
        @@ -91,15 +91,15 @@
                                "pkg/python2.4-minimal/Lib/site-packages/updatetool.pth" : { "os" : "windows"},
                                "pkg/python2.4-minimal/bin/Update Tool" : { "os" : "darwin-universal"},
         
        -                       "bin/updatetool.exe"      : {"mode" : "0755", "os" : "windows"},
        -                       "bin/updatetool"          : {"mode" : "0755", "os" : "unix"},
        -                       "updatetool/bin/updatetool.exe" : {"mode" : "0755", "os" : "windows"},
        -                       "updatetool/lib/Update Tool Notifier.exe" : {"mode" : "0755", "os" : "windows"},
        +                       "bin/updatetool.exe"      : {"mode" : "0750", "os" : "windows"},
        +                       "bin/updatetool"          : {"mode" : "0750", "os" : "unix"},
        +                       "updatetool/bin/updatetool.exe" : {"mode" : "0750", "os" : "windows"},
        +                       "updatetool/lib/Update Tool Notifier.exe" : {"mode" : "0750", "os" : "windows"},
                                "updatetool/lib/version"    : {},
        -                       "updatetool/bin/updatetool"     : {"mode" : "0755", "os" : "unix"},
        -                       "updatetool/bin/updatetoolconfig.bat"      : {"mode" : "0755", "os" : "windows"},
        -                       "updatetool/bin/updatetoolconfig"      : {"mode" : "0755", "os" : "unix"},
        -                       "updatetool/lib/notifier"      : {"mode" : "0755", "os" : "unix"},
        +                       "updatetool/bin/updatetool"     : {"mode" : "0750", "os" : "unix"},
        +                       "updatetool/bin/updatetoolconfig.bat"      : {"mode" : "0750", "os" : "windows"},
        +                       "updatetool/bin/updatetoolconfig"      : {"mode" : "0750", "os" : "unix"},
        +                       "updatetool/lib/notifier"      : {"mode" : "0750", "os" : "unix"},
                                "updatetool/LICENSE.txt"    : {},
                                "updatetool/3RD-PARTY-LICENSE.txt"    : {},
                               },
        Index: branches/2.3sustaining/packaging/pkg_proto.py
        ===================================================================
        --- branches/2.3sustaining/packaging/pkg_proto.py	(revision 2848)
        +++ branches/2.3sustaining/packaging/pkg_proto.py	(revision 2849)
        @@ -65,10 +65,10 @@
             "depends"       : { "pkg:/python2.4-minimal@" + builder.props["python.version"] + "-" + builder.props["build.number"] : {"type" : "require" } },
         
             "dirs"          : {
        -                       "bin"                   : {"mode" : "0755"},
        -                       "pkg"               : {"mode" : "0755"},
        -                       "pkg/bin"           : {"mode" : "0755"},
        -                       "pkg/vendor-packages" : {"mode" : "0755"},
        +                       "bin"                   : {"mode" : "0750"},
        +                       "pkg"               : {"mode" : "0750"},
        +                       "pkg/bin"           : {"mode" : "0750"},
        +                       "pkg/vendor-packages" : {"mode" : "0750"},
                               },
         
             "dirtrees"      : { "pkg/vendor-packages"   : {},
        @@ -77,16 +77,16 @@
                               },
         
             "files"         : {
        -                       "bin/pkg.bat"           : {"mode" : "0755", "os" : "windows"},
        -                       "pkg/bin/pkg.bat"       : {"mode" : "0755", "os" : "windows"},
        -                       "pkg/bin/pkgsend.bat"   : {"mode" : "0755", "os" : "windows"},
        -                       "pkg/bin/pkgrecv.bat"   : {"mode" : "0755", "os" : "windows"},
        -                       "pkg/bin/pkg.depotd.bat": {"mode" : "0755", "os" : "windows"},
        -                       "bin/pkg"               : {"mode" : "0755", "os" : "unix"},
        -                       "pkg/bin/pkg"           : {"mode" : "0755", "os" : "unix"},
        -                       "pkg/bin/pkgsend"       : {"mode" : "0755", "os" : "unix"},
        -                       "pkg/bin/pkgrecv"       : {"mode" : "0755", "os" : "unix"},
        -                       "pkg/bin/pkg.depotd"    : {"mode" : "0755", "os" : "unix"},
        +                       "bin/pkg.bat"           : {"mode" : "0750", "os" : "windows"},
        +                       "pkg/bin/pkg.bat"       : {"mode" : "0750", "os" : "windows"},
        +                       "pkg/bin/pkgsend.bat"   : {"mode" : "0750", "os" : "windows"},
        +                       "pkg/bin/pkgrecv.bat"   : {"mode" : "0750", "os" : "windows"},
        +                       "pkg/bin/pkg.depotd.bat": {"mode" : "0750", "os" : "windows"},
        +                       "bin/pkg"               : {"mode" : "0750", "os" : "unix"},
        +                       "pkg/bin/pkg"           : {"mode" : "0750", "os" : "unix"},
        +                       "pkg/bin/pkgsend"       : {"mode" : "0750", "os" : "unix"},
        +                       "pkg/bin/pkgrecv"       : {"mode" : "0750", "os" : "unix"},
        +                       "pkg/bin/pkg.depotd"    : {"mode" : "0750", "os" : "unix"},
                                "pkg/bin/client.py"     : {},
                                "pkg/bin/publish.py"    : {},
                                "pkg/bin/pull.py"       : {},
        @@ -101,13 +101,13 @@
                                "pkg/python2.4-minimal/lib/python2.4/site-packages/_xmlplus.pth" : { "os" : "unix"},
                                "pkg/python2.4-minimal/Lib/site-packages/_xmlplus.pth" : { "os" : "windows"},
         
        -                        "pkg/vendor-packages/_xmlplus/parsers/sgmlop.sl"    : {"mode" : "0755", "os" : "hpux-ia64" },
        -                        "pkg/vendor-packages/_xmlplus/parsers/pyexpat.sl"   : {"mode" : "0755", "os" : "hpux-ia64" },
        -                        "pkg/vendor-packages/pycurl.sl" : {"mode" : "0755", "os" : "hpux-ia64" },
        -                        "pkg/vendor-packages/pkg/actions/_actions.sl"   : {"mode" : "0755", "os" : "hpux-ia64" },
        -                        "pkg/vendor-packages/OpenSSL/SSL.sl"    : {"mode" : "0755", "os" : "hpux-ia64" },
        -                        "pkg/vendor-packages/OpenSSL/crypto.sl" : {"mode" : "0755", "os" : "hpux-ia64" },
        -                        "pkg/vendor-packages/OpenSSL/rand.sl"   : {"mode" : "0755", "os" : "hpux-ia64" },
        +                        "pkg/vendor-packages/_xmlplus/parsers/sgmlop.sl"    : {"mode" : "0750", "os" : "hpux-ia64" },
        +                        "pkg/vendor-packages/_xmlplus/parsers/pyexpat.sl"   : {"mode" : "0750", "os" : "hpux-ia64" },
        +                        "pkg/vendor-packages/pycurl.sl" : {"mode" : "0750", "os" : "hpux-ia64" },
        +                        "pkg/vendor-packages/pkg/actions/_actions.sl"   : {"mode" : "0750", "os" : "hpux-ia64" },
        +                        "pkg/vendor-packages/OpenSSL/SSL.sl"    : {"mode" : "0750", "os" : "hpux-ia64" },
        +                        "pkg/vendor-packages/OpenSSL/crypto.sl" : {"mode" : "0750", "os" : "hpux-ia64" },
        +                        "pkg/vendor-packages/OpenSSL/rand.sl"   : {"mode" : "0750", "os" : "hpux-ia64" },
         
                                },
         
        Index: branches/2.3sustaining/packaging/python_proto.py
        ===================================================================
        --- branches/2.3sustaining/packaging/python_proto.py	(revision 2848)
        +++ branches/2.3sustaining/packaging/python_proto.py	(revision 2849)
        @@ -60,8 +60,8 @@
                               },
         
             "dirs"          : {
        -                       "pkg"            : {"mode" : "0755"},
        -                       "pkg/python2.4-minimal"  : {"mode" : "0755"},
        +                       "pkg"            : {"mode" : "0750"},
        +                       "pkg/python2.4-minimal"  : {"mode" : "0750"},
                               },
         
             "files" : { },
        Index: branches/2.3sustaining/build.xml
        ===================================================================
        --- branches/2.3sustaining/build.xml	(revision 2848)
        +++ branches/2.3sustaining/build.xml	(revision 2849)
        @@ -740,6 +740,14 @@
                 <copy tofile="${dist}/bin/pkg.bat" file="${rootdir}/scripts/pkg-wrapper.bat"/>
             </target>
         
        +    <!-- Remove all permissions for "other" -->
        +    <target name="adjust-permissions">
        +        <chmod perm="o-rwx" type="both" maxparallel="100">
        +            <fileset dir="${dist}" />
        +            <dirset dir="${dist}" />
        +        </chmod>
        +    </target>
        +
             <macrodef name="compile-po">
                 <!-- Requires msgfmt from GNU gettext tools to be on path -->
                 <attribute name="lang"/>
        @@ -894,7 +902,7 @@
                 <copy todir="${build}" file="${rootdir}/bootstrap/build/pkg-bootstrap-sources.jar"/>
                 <copy todir="${build}" file="${rootdir}/bootstrap/build/pkg-bootstrap-javadoc.jar"/>
                 <copy todir="${build}" file="${rootdir}/scripts/pkg-bootstub.sh"/>
        -        <chmod file="${build}/pkg-bootstub.sh" perm="ugo+rwx"/>
        +        <chmod file="${build}/pkg-bootstub.sh" perm="755"/>
                 <copy todir="${build}" file="${rootdir}/scripts/pkg-bootstub.bat"/>
             </target>
         
        @@ -961,7 +969,7 @@
             </target>
         
             <!-- Generate manifests -->
        -    <target name="generate-manifests" depends="init">
        +    <target name="generate-manifests" depends="init, adjust-permissions">
                 <!-- If python.version is not set this will default to 2.4.6.0 -->
                 <property name="python.version" value="2.4.6.0"/>
                 <!-- Process the manifest fragments, expanding ${} properties in them -->
        @@ -1172,7 +1180,7 @@
                 </makeimage>
                 <mkdir  dir="${pkg.toolkit.imagedir}/bin"/>
                 <copy tofile="${pkg.toolkit.imagedir}/bin/pkg" file="${build}/pkg-bootstub.sh"/>
        -        <chmod file="${pkg.toolkit.imagedir}/bin/pkg" perm="ugo+rwx"/>
        +        <chmod file="${pkg.toolkit.imagedir}/bin/pkg" perm="ugo+rx"/>
                 <copy tofile="${pkg.toolkit.imagedir}/bin/pkg.bat" file="${build}/pkg-bootstub.bat"/>
                 <copy tofile="${pkg.toolkit.imagedir}/README.txt" file="${basedir}/docs/README.txt"/>
                 <replace file="${pkg.toolkit.imagedir}/README.txt"
        
        
        Show
        Joe Di Pol added a comment - Fixed in 2.3.5: r2849 Project: updatecenter2 Repository: svn Revision: 2849 Author: jfdipol Date: 2011-11-29 01:08:02 UTC Link: Log Message: ------------ Fix UPDATECENTER2-2207 Change UC2 packages to have more restrictive file permissions Directories and executables now install with 0750. Normal files are now 0640. Revisions: ---------- 2849 Modified Paths: --------------- branches/2.3sustaining/packaging/pkg-extra-tools_proto.py branches/2.3sustaining/packaging/pkg_proto.py branches/2.3sustaining/packaging/updatetool_proto.py branches/2.3sustaining/packaging/python_proto.py branches/2.3sustaining/tools/makepkgs.py branches/2.3sustaining/build.xml Diffs: ------ Index: branches/2.3sustaining/tools/makepkgs.py =================================================================== --- branches/2.3sustaining/tools/makepkgs.py (revision 2848) +++ branches/2.3sustaining/tools/makepkgs.py (revision 2849) @@ -294,11 +294,11 @@ global default_file_mode, default_file_owner, default_file_group, \ default_dir_mode, default_dir_owner, default_dir_group # defaults for file action - default_file_mode = "0644" + default_file_mode = "0640" default_file_owner = "root" default_file_group = "sys" # defaults for dir action - default_dir_mode = "0755" + default_dir_mode = "0750" default_dir_owner = "root" default_dir_group = "sys" Index: branches/2.3sustaining/packaging/pkg-extra-tools_proto.py =================================================================== --- branches/2.3sustaining/packaging/pkg-extra-tools_proto.py (revision 2848) +++ branches/2.3sustaining/packaging/pkg-extra-tools_proto.py (revision 2849) @@ -69,18 +69,18 @@ "pkg/bin/makeimage.py" : {}, "pkg/bin/makemanifest.py" : {}, "pkg/bin/cmprepo.py" : {}, - "pkg/bin/archivepkgs.bat" : {"mode" : "0755" }, - "pkg/bin/archivepkgs" : {"mode" : "0755" }, - "pkg/bin/makepkgs.bat" : {"mode" : "0755" }, - "pkg/bin/makepkgs" : {"mode" : "0755" }, - "pkg/bin/copypkgs.bat" : {"mode" : "0755" }, - "pkg/bin/copypkgs" : {"mode" : "0755" }, - "pkg/bin/makeimage.bat" : {"mode" : "0755" }, - "pkg/bin/makeimage" : {"mode" : "0755" }, - "pkg/bin/makemanifest.bat" : {"mode" : "0755" }, - "pkg/bin/makemanifest" : {"mode" : "0755" }, - "pkg/bin/cmprepo.bat" : {"mode" : "0755" }, - "pkg/bin/cmprepo" : {"mode" : "0755" }, + "pkg/bin/archivepkgs.bat" : {"mode" : "0750" }, + "pkg/bin/archivepkgs" : {"mode" : "0750" }, + "pkg/bin/makepkgs.bat" : {"mode" : "0750" }, + "pkg/bin/makepkgs" : {"mode" : "0750" }, + "pkg/bin/copypkgs.bat" : {"mode" : "0750" }, + "pkg/bin/copypkgs" : {"mode" : "0750" }, + "pkg/bin/makeimage.bat" : {"mode" : "0750" }, + "pkg/bin/makeimage" : {"mode" : "0750" }, + "pkg/bin/makemanifest.bat" : {"mode" : "0750" }, + "pkg/bin/makemanifest" : {"mode" : "0750" }, + "pkg/bin/cmprepo.bat" : {"mode" : "0750" }, + "pkg/bin/cmprepo" : {"mode" : "0750" }, "pkg/lib/pkg-ant-tasks.xml" : {}, "pkg/lib/pkg-ant-tasks.jar" : {}, }, Index: branches/2.3sustaining/packaging/updatetool_proto.py =================================================================== --- branches/2.3sustaining/packaging/updatetool_proto.py (revision 2848) +++ branches/2.3sustaining/packaging/updatetool_proto.py (revision 2849) @@ -67,15 +67,15 @@ }, "dirs" : { - "bin" : {"mode" : "0755"}, - "updatetool" : {"mode" : "0755"}, - "updatetool/bin" : {"mode" : "0755"}, - "updatetool/lib" : {"mode" : "0755"}, - "updatetool/vendor-packages" : {"mode" : "0755"}, - "updatetool/vendor-packages/updatetool" : {"mode" : "0755"}, - "updatetool/UpdateTool.app" : {"mode" : "0755", "os" : "darwin-universal"}, - "updatetool/lib/UpdateToolNotifier.app" : {"mode" : "0755", "os" : "darwin-universal"}, - "updatetool/lib/SoftwareUpdate.app" : {"mode" : "0755", "os" : "darwin-universal"}, + "bin" : {"mode" : "0750"}, + "updatetool" : {"mode" : "0750"}, + "updatetool/bin" : {"mode" : "0750"}, + "updatetool/lib" : {"mode" : "0750"}, + "updatetool/vendor-packages" : {"mode" : "0750"}, + "updatetool/vendor-packages/updatetool" : {"mode" : "0750"}, + "updatetool/UpdateTool.app" : {"mode" : "0750", "os" : "darwin-universal"}, + "updatetool/lib/UpdateToolNotifier.app" : {"mode" : "0750", "os" : "darwin-universal"}, + "updatetool/lib/SoftwareUpdate.app" : {"mode" : "0750", "os" : "darwin-universal"}, }, @@ -91,15 +91,15 @@ "pkg/python2.4-minimal/Lib/site-packages/updatetool.pth" : { "os" : "windows"}, "pkg/python2.4-minimal/bin/Update Tool" : { "os" : "darwin-universal"}, - "bin/updatetool.exe" : {"mode" : "0755", "os" : "windows"}, - "bin/updatetool" : {"mode" : "0755", "os" : "unix"}, - "updatetool/bin/updatetool.exe" : {"mode" : "0755", "os" : "windows"}, - "updatetool/lib/Update Tool Notifier.exe" : {"mode" : "0755", "os" : "windows"}, + "bin/updatetool.exe" : {"mode" : "0750", "os" : "windows"}, + "bin/updatetool" : {"mode" : "0750", "os" : "unix"}, + "updatetool/bin/updatetool.exe" : {"mode" : "0750", "os" : "windows"}, + "updatetool/lib/Update Tool Notifier.exe" : {"mode" : "0750", "os" : "windows"}, "updatetool/lib/version" : {}, - "updatetool/bin/updatetool" : {"mode" : "0755", "os" : "unix"}, - "updatetool/bin/updatetoolconfig.bat" : {"mode" : "0755", "os" : "windows"}, - "updatetool/bin/updatetoolconfig" : {"mode" : "0755", "os" : "unix"}, - "updatetool/lib/notifier" : {"mode" : "0755", "os" : "unix"}, + "updatetool/bin/updatetool" : {"mode" : "0750", "os" : "unix"}, + "updatetool/bin/updatetoolconfig.bat" : {"mode" : "0750", "os" : "windows"}, + "updatetool/bin/updatetoolconfig" : {"mode" : "0750", "os" : "unix"}, + "updatetool/lib/notifier" : {"mode" : "0750", "os" : "unix"}, "updatetool/LICENSE.txt" : {}, "updatetool/3RD-PARTY-LICENSE.txt" : {}, }, Index: branches/2.3sustaining/packaging/pkg_proto.py =================================================================== --- branches/2.3sustaining/packaging/pkg_proto.py (revision 2848) +++ branches/2.3sustaining/packaging/pkg_proto.py (revision 2849) @@ -65,10 +65,10 @@ "depends" : { "pkg:/python2.4-minimal@" + builder.props["python.version"] + "-" + builder.props["build.number"] : {"type" : "require" } }, "dirs" : { - "bin" : {"mode" : "0755"}, - "pkg" : {"mode" : "0755"}, - "pkg/bin" : {"mode" : "0755"}, - "pkg/vendor-packages" : {"mode" : "0755"}, + "bin" : {"mode" : "0750"}, + "pkg" : {"mode" : "0750"}, + "pkg/bin" : {"mode" : "0750"}, + "pkg/vendor-packages" : {"mode" : "0750"}, }, "dirtrees" : { "pkg/vendor-packages" : {}, @@ -77,16 +77,16 @@ }, "files" : { - "bin/pkg.bat" : {"mode" : "0755", "os" : "windows"}, - "pkg/bin/pkg.bat" : {"mode" : "0755", "os" : "windows"}, - "pkg/bin/pkgsend.bat" : {"mode" : "0755", "os" : "windows"}, - "pkg/bin/pkgrecv.bat" : {"mode" : "0755", "os" : "windows"}, - "pkg/bin/pkg.depotd.bat": {"mode" : "0755", "os" : "windows"}, - "bin/pkg" : {"mode" : "0755", "os" : "unix"}, - "pkg/bin/pkg" : {"mode" : "0755", "os" : "unix"}, - "pkg/bin/pkgsend" : {"mode" : "0755", "os" : "unix"}, - "pkg/bin/pkgrecv" : {"mode" : "0755", "os" : "unix"}, - "pkg/bin/pkg.depotd" : {"mode" : "0755", "os" : "unix"}, + "bin/pkg.bat" : {"mode" : "0750", "os" : "windows"}, + "pkg/bin/pkg.bat" : {"mode" : "0750", "os" : "windows"}, + "pkg/bin/pkgsend.bat" : {"mode" : "0750", "os" : "windows"}, + "pkg/bin/pkgrecv.bat" : {"mode" : "0750", "os" : "windows"}, + "pkg/bin/pkg.depotd.bat": {"mode" : "0750", "os" : "windows"}, + "bin/pkg" : {"mode" : "0750", "os" : "unix"}, + "pkg/bin/pkg" : {"mode" : "0750", "os" : "unix"}, + "pkg/bin/pkgsend" : {"mode" : "0750", "os" : "unix"}, + "pkg/bin/pkgrecv" : {"mode" : "0750", "os" : "unix"}, + "pkg/bin/pkg.depotd" : {"mode" : "0750", "os" : "unix"}, "pkg/bin/client.py" : {}, "pkg/bin/publish.py" : {}, "pkg/bin/pull.py" : {}, @@ -101,13 +101,13 @@ "pkg/python2.4-minimal/lib/python2.4/site-packages/_xmlplus.pth" : { "os" : "unix"}, "pkg/python2.4-minimal/Lib/site-packages/_xmlplus.pth" : { "os" : "windows"}, - "pkg/vendor-packages/_xmlplus/parsers/sgmlop.sl" : {"mode" : "0755", "os" : "hpux-ia64" }, - "pkg/vendor-packages/_xmlplus/parsers/pyexpat.sl" : {"mode" : "0755", "os" : "hpux-ia64" }, - "pkg/vendor-packages/pycurl.sl" : {"mode" : "0755", "os" : "hpux-ia64" }, - "pkg/vendor-packages/pkg/actions/_actions.sl" : {"mode" : "0755", "os" : "hpux-ia64" }, - "pkg/vendor-packages/OpenSSL/SSL.sl" : {"mode" : "0755", "os" : "hpux-ia64" }, - "pkg/vendor-packages/OpenSSL/crypto.sl" : {"mode" : "0755", "os" : "hpux-ia64" }, - "pkg/vendor-packages/OpenSSL/rand.sl" : {"mode" : "0755", "os" : "hpux-ia64" }, + "pkg/vendor-packages/_xmlplus/parsers/sgmlop.sl" : {"mode" : "0750", "os" : "hpux-ia64" }, + "pkg/vendor-packages/_xmlplus/parsers/pyexpat.sl" : {"mode" : "0750", "os" : "hpux-ia64" }, + "pkg/vendor-packages/pycurl.sl" : {"mode" : "0750", "os" : "hpux-ia64" }, + "pkg/vendor-packages/pkg/actions/_actions.sl" : {"mode" : "0750", "os" : "hpux-ia64" }, + "pkg/vendor-packages/OpenSSL/SSL.sl" : {"mode" : "0750", "os" : "hpux-ia64" }, + "pkg/vendor-packages/OpenSSL/crypto.sl" : {"mode" : "0750", "os" : "hpux-ia64" }, + "pkg/vendor-packages/OpenSSL/rand.sl" : {"mode" : "0750", "os" : "hpux-ia64" }, }, Index: branches/2.3sustaining/packaging/python_proto.py =================================================================== --- branches/2.3sustaining/packaging/python_proto.py (revision 2848) +++ branches/2.3sustaining/packaging/python_proto.py (revision 2849) @@ -60,8 +60,8 @@ }, "dirs" : { - "pkg" : {"mode" : "0755"}, - "pkg/python2.4-minimal" : {"mode" : "0755"}, + "pkg" : {"mode" : "0750"}, + "pkg/python2.4-minimal" : {"mode" : "0750"}, }, "files" : { }, Index: branches/2.3sustaining/build.xml =================================================================== --- branches/2.3sustaining/build.xml (revision 2848) +++ branches/2.3sustaining/build.xml (revision 2849) @@ -740,6 +740,14 @@ <copy tofile="${dist}/bin/pkg.bat" file="${rootdir}/scripts/pkg-wrapper.bat"/> </target> + <!-- Remove all permissions for "other" --> + <target name="adjust-permissions"> + <chmod perm="o-rwx" type="both" maxparallel="100"> + <fileset dir="${dist}" /> + <dirset dir="${dist}" /> + </chmod> + </target> + <macrodef name="compile-po"> <!-- Requires msgfmt from GNU gettext tools to be on path --> <attribute name="lang"/> @@ -894,7 +902,7 @@ <copy todir="${build}" file="${rootdir}/bootstrap/build/pkg-bootstrap-sources.jar"/> <copy todir="${build}" file="${rootdir}/bootstrap/build/pkg-bootstrap-javadoc.jar"/> <copy todir="${build}" file="${rootdir}/scripts/pkg-bootstub.sh"/> - <chmod file="${build}/pkg-bootstub.sh" perm="ugo+rwx"/> + <chmod file="${build}/pkg-bootstub.sh" perm="755"/> <copy todir="${build}" file="${rootdir}/scripts/pkg-bootstub.bat"/> </target> @@ -961,7 +969,7 @@ </target> <!-- Generate manifests --> - <target name="generate-manifests" depends="init"> + <target name="generate-manifests" depends="init, adjust-permissions"> <!-- If python.version is not set this will default to 2.4.6.0 --> <property name="python.version" value="2.4.6.0"/> <!-- Process the manifest fragments, expanding ${} properties in them --> @@ -1172,7 +1180,7 @@ </makeimage> <mkdir dir="${pkg.toolkit.imagedir}/bin"/> <copy tofile="${pkg.toolkit.imagedir}/bin/pkg" file="${build}/pkg-bootstub.sh"/> - <chmod file="${pkg.toolkit.imagedir}/bin/pkg" perm="ugo+rwx"/> + <chmod file="${pkg.toolkit.imagedir}/bin/pkg" perm="ugo+rx"/> <copy tofile="${pkg.toolkit.imagedir}/bin/pkg.bat" file="${build}/pkg-bootstub.bat"/> <copy tofile="${pkg.toolkit.imagedir}/README.txt" file="${basedir}/docs/README.txt"/> <replace file="${pkg.toolkit.imagedir}/README.txt"
        Hide
        Joe Di Pol added a comment -

        This fix was backed out.

        Project:    updatecenter2
        Repository: svn
        Revision:   2851
        Author:     jfdipol
        Date:       2011-12-02 22:03:51 UTC
        Link:       
        
        Log Message:
        ------------
        Back out fix for UPDATECENTER2-2207: more restrictive file permissions
        
        We are backing this out because existing Update Center installations
        (like GlassFish 3.1 and 3.1.1) have an older version of the pkg-java
        client with bug 2206 (bootstrap files on packages with 750 directories).
        That bug has been fixed in 2.3.5, but if we publish UC packages with more 
        restrictive permissions then older clients may hit that bug -- for example
        users installing GlassFish 3.1.1 may have the bootstrap code fail
        when it boostraps the newer packages.
        
        So for now we stay with 755/644 permissions. 
        
        
        Show
        Joe Di Pol added a comment - This fix was backed out. Project: updatecenter2 Repository: svn Revision: 2851 Author: jfdipol Date: 2011-12-02 22:03:51 UTC Link: Log Message: ------------ Back out fix for UPDATECENTER2-2207: more restrictive file permissions We are backing this out because existing Update Center installations (like GlassFish 3.1 and 3.1.1) have an older version of the pkg-java client with bug 2206 (bootstrap files on packages with 750 directories). That bug has been fixed in 2.3.5, but if we publish UC packages with more restrictive permissions then older clients may hit that bug -- for example users installing GlassFish 3.1.1 may have the bootstrap code fail when it boostraps the newer packages. So for now we stay with 755/644 permissions.

          People

          • Assignee:
            Joe Di Pol
            Reporter:
            Joe Di Pol
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: