cpack rpm setting of defattr
RPM supports setting of default user, group, file and directory permissions that will be applied for files in package unless specified per file/dir with attr setting This is related to bug report 14714
This commit is contained in:
parent
d29004756f
commit
1fe004eac3
|
@ -0,0 +1,9 @@
|
|||
cpack-rpm-default-user-and-group
|
||||
--------------------------------
|
||||
|
||||
* The "CPackRPM" module learned how to set default values for owning user/group
|
||||
and file/directory permissions of package content.
|
||||
See :variable:`CPACK_RPM_DEFAULT_USER`, :variable:`CPACK_RPM_DEFAULT_GROUP`,
|
||||
:variable:`CPACK_RPM_DEFAULT_FILE_PERMISSIONS`,
|
||||
:variable:`CPACK_RPM_DEFAULT_DIR_PERMISSIONS` and their per component
|
||||
counterparts.
|
|
@ -531,6 +531,54 @@
|
|||
# - /usr/share/doc/.*/man/man.*
|
||||
# - /usr/lib/.*/man/man.*
|
||||
#
|
||||
# .. variable:: CPACK_RPM_DEFAULT_USER
|
||||
# CPACK_RPM_<compName>_DEFAULT_USER
|
||||
#
|
||||
# default user ownership of RPM content
|
||||
#
|
||||
# * Mandatory : NO
|
||||
# * Default : root
|
||||
#
|
||||
# Value should be user name and not UID.
|
||||
# Note that <compName> must be in upper-case.
|
||||
#
|
||||
# .. variable:: CPACK_RPM_DEFAULT_GROUP
|
||||
# CPACK_RPM_<compName>_DEFAULT_GROUP
|
||||
#
|
||||
# default group ownership of RPM content
|
||||
#
|
||||
# * Mandatory : NO
|
||||
# * Default : root
|
||||
#
|
||||
# Value should be group name and not GID.
|
||||
# Note that <compName> must be in upper-case.
|
||||
#
|
||||
# .. variable:: CPACK_RPM_DEFAULT_FILE_PERMISSIONS
|
||||
# CPACK_RPM_<compName>_DEFAULT_FILE_PERMISSIONS
|
||||
#
|
||||
# default permissions used for packaged files
|
||||
#
|
||||
# * Mandatory : NO
|
||||
# * Default : - (system default)
|
||||
#
|
||||
# Accepted values are lists with PERMISSIONS. Valid permissions
|
||||
# are OWNER_READ, OWNER_WRITE, OWNER_EXECUTE, GROUP_READ,
|
||||
# GROUP_WRITE, GROUP_EXECUTE, WORLD_READ, WORLD_WRITE and WORLD_EXECUTE.
|
||||
# Note that <compName> must be in upper-case.
|
||||
#
|
||||
# .. variable:: CPACK_RPM_DEFAULT_DIR_PERMISSIONS
|
||||
# CPACK_RPM_<compName>_DEFAULT_DIR_PERMISSIONS
|
||||
#
|
||||
# default permissions used for packaged directories
|
||||
#
|
||||
# * Mandatory : NO
|
||||
# * Default : - (system default)
|
||||
#
|
||||
# Accepted values are lists with PERMISSIONS. Valid permissions
|
||||
# are OWNER_READ, OWNER_WRITE, OWNER_EXECUTE, GROUP_READ,
|
||||
# GROUP_WRITE, GROUP_EXECUTE, WORLD_READ, WORLD_WRITE and WORLD_EXECUTE.
|
||||
# Note that <compName> must be in upper-case.
|
||||
#
|
||||
# Packaging of Symbolic Links
|
||||
# ^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
#
|
||||
|
@ -581,6 +629,35 @@
|
|||
|
||||
# Author: Eric Noulard with the help of Alexander Neundorf.
|
||||
|
||||
function(get_unix_permissions_octal_notation PERMISSIONS_VAR RETURN_VAR)
|
||||
set(PERMISSIONS ${${PERMISSIONS_VAR}})
|
||||
list(LENGTH PERMISSIONS PERM_LEN_PRE)
|
||||
list(REMOVE_DUPLICATES PERMISSIONS)
|
||||
list(LENGTH PERMISSIONS PERM_LEN_POST)
|
||||
|
||||
if(NOT ${PERM_LEN_PRE} EQUAL ${PERM_LEN_POST})
|
||||
message(FATAL_ERROR "${PERMISSIONS_VAR} contains duplicate values.")
|
||||
endif()
|
||||
|
||||
foreach(PERMISSION_TYPE "OWNER" "GROUP" "WORLD")
|
||||
set(${PERMISSION_TYPE}_PERMISSIONS 0)
|
||||
|
||||
foreach(PERMISSION ${PERMISSIONS})
|
||||
if("${PERMISSION}" STREQUAL "${PERMISSION_TYPE}_READ")
|
||||
math(EXPR ${PERMISSION_TYPE}_PERMISSIONS "${${PERMISSION_TYPE}_PERMISSIONS} + 4")
|
||||
elseif("${PERMISSION}" STREQUAL "${PERMISSION_TYPE}_WRITE")
|
||||
math(EXPR ${PERMISSION_TYPE}_PERMISSIONS "${${PERMISSION_TYPE}_PERMISSIONS} + 2")
|
||||
elseif("${PERMISSION}" STREQUAL "${PERMISSION_TYPE}_EXECUTE")
|
||||
math(EXPR ${PERMISSION_TYPE}_PERMISSIONS "${${PERMISSION_TYPE}_PERMISSIONS} + 1")
|
||||
elseif(PERMISSION MATCHES "${PERMISSION_TYPE}.*")
|
||||
message(FATAL_ERROR "${PERMISSIONS_VAR} contains invalid values.")
|
||||
endif()
|
||||
endforeach()
|
||||
endforeach()
|
||||
|
||||
set(${RETURN_VAR} "${OWNER_PERMISSIONS}${GROUP_PERMISSIONS}${WORLD_PERMISSIONS}" PARENT_SCOPE)
|
||||
endfunction()
|
||||
|
||||
function(cpack_rpm_prepare_relocation_paths)
|
||||
# set appropriate prefix, remove possible trailing slash and convert backslashes to slashes
|
||||
if(CPACK_RPM_${CPACK_RPM_PACKAGE_COMPONENT}_PACKAGE_PREFIX)
|
||||
|
@ -1572,6 +1649,30 @@ function(cpack_rpm_generate_package)
|
|||
"${CPACK_RPM_PACKAGE_RELOCATABLE}"
|
||||
)
|
||||
|
||||
# set default user and group
|
||||
foreach(_PERM_TYPE "USER" "GROUP")
|
||||
if(CPACK_RPM_${CPACK_RPM_PACKAGE_COMPONENT_UPPER}_DEFAULT_${_PERM_TYPE})
|
||||
set(TMP_DEFAULT_${_PERM_TYPE} "${CPACK_RPM_${CPACK_RPM_PACKAGE_COMPONENT_UPPER}_DEFAULT_${_PERM_TYPE}}")
|
||||
elseif(CPACK_RPM_DEFAULT_${_PERM_TYPE})
|
||||
set(TMP_DEFAULT_${_PERM_TYPE} "${CPACK_RPM_DEFAULT_${_PERM_TYPE}}")
|
||||
else()
|
||||
set(TMP_DEFAULT_${_PERM_TYPE} "root")
|
||||
endif()
|
||||
endforeach()
|
||||
|
||||
# set default file and dir permissions
|
||||
foreach(_PERM_TYPE "FILE" "DIR")
|
||||
if(CPACK_RPM_${CPACK_RPM_PACKAGE_COMPONENT_UPPER}_DEFAULT_${_PERM_TYPE}_PERMISSIONS)
|
||||
get_unix_permissions_octal_notation("CPACK_RPM_${CPACK_RPM_PACKAGE_COMPONENT_UPPER}_DEFAULT_${_PERM_TYPE}_PERMISSIONS" "TMP_DEFAULT_${_PERM_TYPE}_PERMISSIONS")
|
||||
set(_PERMISSIONS_VAR "CPACK_RPM_${CPACK_RPM_PACKAGE_COMPONENT_UPPER}_DEFAULT_${_PERM_TYPE}_PERMISSIONS")
|
||||
elseif(CPACK_RPM_DEFAULT_${_PERM_TYPE}_PERMISSIONS)
|
||||
get_unix_permissions_octal_notation("CPACK_RPM_DEFAULT_${_PERM_TYPE}_PERMISSIONS" "TMP_DEFAULT_${_PERM_TYPE}_PERMISSIONS")
|
||||
set(_PERMISSIONS_VAR "CPACK_RPM_DEFAULT_${_PERM_TYPE}_PERMISSIONS")
|
||||
else()
|
||||
set(TMP_DEFAULT_${_PERM_TYPE}_PERMISSIONS "-")
|
||||
endif()
|
||||
endforeach()
|
||||
|
||||
# The name of the final spec file to be used by rpmbuild
|
||||
set(CPACK_RPM_BINARY_SPECFILE "${CPACK_RPM_ROOTDIR}/SPECS/${CPACK_RPM_PACKAGE_NAME}.spec")
|
||||
|
||||
|
@ -1671,7 +1772,7 @@ mv \"\@CPACK_TOPLEVEL_DIRECTORY\@/tmpBBroot\" $RPM_BUILD_ROOT
|
|||
\@CPACK_RPM_SPEC_PREUNINSTALL\@
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
%defattr(\@TMP_DEFAULT_FILE_PERMISSIONS\@,\@TMP_DEFAULT_USER\@,\@TMP_DEFAULT_GROUP\@,\@TMP_DEFAULT_DIR_PERMISSIONS\@)
|
||||
\@CPACK_RPM_INSTALL_FILES\@
|
||||
\@CPACK_RPM_ABSOLUTE_INSTALL_FILES\@
|
||||
\@CPACK_RPM_USER_INSTALL_FILES\@
|
||||
|
|
|
@ -32,6 +32,20 @@ if(CPACK_GENERATOR MATCHES "RPM")
|
|||
# test package do not use CPACK_PACKAGING_INSTALL_PREFIX
|
||||
# as relocation path
|
||||
set(CPACK_RPM_NO_LIBRARIES_INSTALL_PREFIX_RELOCATION true)
|
||||
|
||||
# test default permissions
|
||||
set(CPACK_RPM_DEFAULT_USER defusr)
|
||||
set(CPACK_RPM_DEFAULT_GROUP defgrp)
|
||||
set(CPACK_RPM_DEFAULT_FILE_PERMISSIONS
|
||||
OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ WORLD_READ)
|
||||
set(CPACK_RPM_DEFAULT_DIR_PERMISSIONS
|
||||
OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ WORLD_READ)
|
||||
set(CPACK_RPM_LIBRARIES_DEFAULT_USER user)
|
||||
set(CPACK_RPM_APPLICATIONS_DEFAULT_GROUP group)
|
||||
set(CPACK_RPM_LIBRARIES_DEFAULT_FILE_PERMISSIONS
|
||||
OWNER_READ OWNER_WRITE OWNER_EXECUTE)
|
||||
set(CPACK_RPM_APPLICATIONS_DEFAULT_DIR_PERMISSIONS
|
||||
OWNER_READ GROUP_READ WORLD_READ)
|
||||
endif()
|
||||
|
||||
if(CPACK_GENERATOR MATCHES "DEB")
|
||||
|
|
|
@ -304,6 +304,30 @@ if(CPackGen MATCHES "RPM")
|
|||
|
||||
message(FATAL_ERROR "error: '${check_file}' rpm package content does not match expected value - regex '${check_content_list}'; RPM output: '${check_package_content}'; generated spec file: '${spec_file_content}'")
|
||||
endif()
|
||||
|
||||
# validate permissions user and group
|
||||
execute_process(COMMAND ${RPM_EXECUTABLE} -pqlv ${check_file}
|
||||
OUTPUT_VARIABLE check_file_content
|
||||
ERROR_QUIET
|
||||
OUTPUT_STRIP_TRAILING_WHITESPACE)
|
||||
|
||||
if(check_file_libraries_match)
|
||||
set(check_file_match_expected_permissions ".*-rwx------.*user.*defgrp.*")
|
||||
elseif(check_file_headers_match)
|
||||
set(check_file_match_expected_permissions ".*-rwxr--r--.*defusr.*defgrp.*")
|
||||
elseif(check_file_applications_match)
|
||||
set(check_file_match_expected_permissions ".*-rwxr--r--.*defusr.*group.*")
|
||||
elseif(check_file_Unspecified_match)
|
||||
set(check_file_match_expected_permissions ".*-rwxr--r--.*defusr.*defgrp.*")
|
||||
else()
|
||||
message(FATAL_ERROR "error: unexpected rpm package '${check_file}'")
|
||||
endif()
|
||||
|
||||
string(REGEX MATCH "${check_file_match_expected_permissions}" check_file_match_permissions "${check_file_content}")
|
||||
|
||||
if(NOT check_file_match_permissions)
|
||||
message(FATAL_ERROR "error: '${check_file}' rpm package permissions do not match expected value - regex '${check_file_match_expected_permissions}'")
|
||||
endif()
|
||||
endforeach()
|
||||
|
||||
#######################
|
||||
|
|
Loading…
Reference in New Issue