Hi,

I'm just busy tweaking XFCE for my needs, e. g. replace the horrible
filemanager (xffm) by something more viable (thunar). Here's a piece of the
original xfce.SlackBuild, to get an idea:

--8<----------------------------------------


do
( cd $TMP
tar xjf $CWD/$file
cd `basename $file .tar.bz2`



chown -R root.root .
find . -perm 777 -exec chmod 755 {} \;
find . -perm 775 -exec chmod 755 {} \;
find . -perm 666 -exec chmod 644 {} \;
find . -perm 664 -exec chmod 644 {} \;


CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
./configure --prefix=/usr \
--sysconfdir=/etc/X11 \
--enable-static=no \
--enable-xinerama
make -j6
make install
make install DESTDIR=$PKG
mkdir -p $PKG/usr/doc/`basename $file .tar.bz2`
cp -a \
AUTHORS COPYING INSTALL NEWS README TODO \
$PKG/usr/doc/`basename $file .tar.bz2`
( cd $PKG
find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : |
xargs strip --strip-unneeded 2> /dev/null
find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d :
| xargs strip --strip-unneeded 2> /dev/null
for mandir in `find . -name man -type d` ; do
if [ -d $mandir ]; then
( cd $mandir
find . -type f -name "*.?" -exec gzip -9 {} \;
)
fi
done

--8<----------------------------------------

My question is about the permissions section. The script unpacks the sources
of each file (XFCE consists of a variety of 20 to 40 files, depending on
how sophisticated you want it), and then sets permissions in the source
directory, like this:

--8<----------------------------------------

chown -R root.root .
find . -perm 777 -exec chmod 755 {} \;
find . -perm 775 -exec chmod 755 {} \;
find . -perm 666 -exec chmod 644 {} \;
find . -perm 664 -exec chmod 644 {} \;

--8<----------------------------------------

Once this is done, it's the usual trinity of ./configure (+options), make
and make install DESTDIR=/builddirectory.

Now my question. Is it possible to perform the file permission operation
*after* the 'make install DESTDIR=/whatever" step? The thing is: I try to
emulate the build scripts found on http://www.slackbuilds.net, and the big
difference between classical Slackware scripts and these are that the
latter are built as normal user (to prevent messy installs).

Why should I want to do this? Well, to concentrate all operations requiring
root rights into one phase, working with either sudo or fakeroot.

Any suggestions?

Niki Kovacs
--
I'm not as think as you stoned I am.

On Tue, 07 Feb 2006 10:41:17 +0100, Niki Kovacs <mickey@mouse.com> wrote:

>Now my question. Is it possible to perform the file permission operation
>*after* the 'make install DESTDIR=/whatever" step?

Try unpacking source as normal user, do permissions need changing?

Generally speaking, it is a bad idea to unpack foreign tarballs as
root.

Grant.
--
.... The computer scientist, who had listened to all of this said,
"Yes, but where do you think the chaos came from?"

Grant wrote:

> Try unpacking source as normal user, do permissions need changing?
>
> Generally speaking, it is a bad idea to unpack foreign tarballs as
> root.

I know this. One of the reasons I call my script a custom script is that it
tries to build a maximum of XFCE as a normal user. The question was whether
is was the same defining said permissions *before* compiling / *after*
installing.

Niki

Tue, 07 Feb 2006 10:41:17 +0100 - Niki Kovacs <mickey@mouse.com> :
> Now my question. Is it possible to perform the file permission
> operation *after* the 'make install DESTDIR=/whatever" step? The
> thing is: I try to emulate the build scripts found on
> http://www.slackbuilds.net, and the big difference between
> classical Slackware scripts and these are that the latter are built
> as normal user (to prevent messy installs).
>
> Why should I want to do this? Well, to concentrate all operations
> requiring root rights into one phase, working with either sudo or
> fakeroot.
>
> Any suggestions?

1) You *MUST* set/verify permissions of each file *AFTER* the "make
install" command. There is no reason to set permissions in the source
tree (!!!) before building a package. If there is a reason, it's a
bug and it should be reported to the author of the software.

2) You *MUST NOT* build a package as root. Until now, I have built
thousand of packages over the years and I *NEVER* see a package which
*REALLY* requires to be build as root.

Tue, 07 Feb 2006 11:44:38 +0100 - Niki Kovacs <mickey@mouse.com> :
> Grant wrote:
>
> > Try unpacking source as normal user, do permissions need changing?
> >
> > Generally speaking, it is a bad idea to unpack foreign tarballs as
> > root.
>
> I know this. One of the reasons I call my script a custom script is
> that it tries to build a maximum of XFCE as a normal user. The
> question was whether is was the same defining said permissions
> *before* compiling / *after* installing.
>
> Niki

There is not reason to set permissions in the source tree before
building the software. If there is, it's a bug and it *MUST* be
reported to the author(s) of the software.

LiNuCe wrote:

> There is not reason to set permissions in the source tree before
> building the software. If there is, it's a bug and it MUST be
> reported to the author(s) of the software.

Hmmm. Take a peek at xfce.SlackBuild in /source (Slackware CD number 3 or
4). The script changes permissions before building the software.

Niki

Tue, 07 Feb 2006 14:13:00 +0100 - Niki Kovacs <mickey@mouse.com> :
> LiNuCe wrote:
>
> > There is not reason to set permissions in the source tree before
> > building the software. If there is, it's a bug and it MUST be
> > reported to the author(s) of the software.
>
> Hmmm. Take a peek at xfce.SlackBuild in /source (Slackware CD
> number 3 or 4). The script changes permissions before building the
> software.

There is not reason to set permissions in the source tree before
building the software. If there is, it's a bug and it MUST be
reported to the author(s) of the software.

If you think I'm wrong because you *KNOW* that this script do the
right thing, don't ask if this is the right thing or explains us why
it is so right.

Note that I assume that you build the software as a non-root user as
it is known to be technically correct (think about the thousand of
packages provided with Debian which are build as non-root user).

LiNuCe wrote:

> There is not reason to set permissions in the source tree before
> building the software. If there is, it's a bug and it MUST be
> reported to the author(s) of the software.
>
> If you think I'm wrong because you KNOW that this script do the
> right thing, don't ask if this is the right thing or explains us why
> it is so right.

No no, I get your point and it makes sense. Thanks for answering in detail.

Niki

LiNuCe wrote:

> There is not reason to set permissions in the source tree before
> building the software. If there is, it's a bug and it MUST be
> reported to the author(s) of the software.

I disagree with the absoluteness of the above statements. There are
very good reasons, at least in some environments, to set permissions in
the source tree before building the software:

On a multi-user system, regardless of building software as root or an
unprivileged user, you might want to make sure that other users are
not able to overwrite the source files, either while you're working on
them, or afterwards if you, like me, keep the sources around in their
own directory for reference.

We don't want to build the software in directories that are completely
inaccessible to ordinary users, since we want the users to be able to
examine the source, just not write to it.

The first thing I always do, immediately after unpacking a tar archive
is: chmod -R a+rX,og-w ${package}-${version}

Now, with that said, it doesn't change my ability to build a package (or
to build it as an unprivileged user), just my ability to be sure that
what I'm building can only be changed by me (or root).

--
----------------------------------------------------------------------
Sylvain Robitaille syl@alcor.concordia.ca

Systems and Network analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------