/usr/bin/dh_fixperms is in debhelper 10.2.5.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 | #!/usr/bin/perl
=head1 NAME
dh_fixperms - fix permissions of files in package build directories
=cut
use strict;
use warnings;
use Config;
use Debian::Debhelper::Dh_Lib;
=head1 SYNOPSIS
B<dh_fixperms> [S<I<debhelper options>>] [B<-X>I<item>]
=head1 DESCRIPTION
B<dh_fixperms> is a debhelper program that is responsible for setting the
permissions of files and directories in package build directories to a
sane state -- a state that complies with Debian policy.
B<dh_fixperms> makes all files in F<usr/share/doc> in the package build directory
(excluding files in the F<examples/> directory) be mode 644. It also changes
the permissions of all man pages to mode 644. It makes all files be owned
by root, and it removes group and other write permission from all files. It
removes execute permissions from any libraries, headers, Perl modules, or
desktop files that have it set. It makes all files in the standard F<bin> and
F<sbin> directories, F<usr/games/> and F<etc/init.d> executable (since v4). Finally,
it removes the setuid and setgid bits from all files in the package.
=head1 OPTIONS
=over 4
=item B<-X>I<item>, B<--exclude> I<item>
Exclude files that contain I<item> anywhere in their filename from having
their permissions changed. You may use this option multiple times to build
up a list of things to exclude.
=back
=cut
init();
my $vendorlib = substr $Config{vendorlib}, 1;
my $vendorarch = substr $Config{vendorarch}, 1;
my @mode_0644_patterns = (
# Libraries and related files
'*.so.*', '*.so', '*.la', '*.a',
# Web application related files
'*.js', '*.css',
# Images
'*.jpeg', '*.jpg', '*.png', '*.gif',
# OCaml native-code shared objects
'*.cmxs',
);
# Turn the patterns in to a find pattern
my $mode_0644_find_pattern = sprintf('\\( -name %s \\)',
join(' -o -name ',
map { "'$_'" } @mode_0644_patterns));
foreach my $package (@{$dh{DOPACKAGES}}) {
my $tmp=tmpdir($package);
my $find_options='';
if (defined($dh{EXCLUDE_FIND}) && $dh{EXCLUDE_FIND} ne '') {
$find_options="! \\( $dh{EXCLUDE_FIND} \\)";
}
# General permissions fixing.
complex_doit("find $tmp $find_options -print0",
"2>/dev/null | xargs -0r chown --no-dereference 0:0");
complex_doit("find $tmp ! -type l $find_options -print0",
"2>/dev/null | xargs -0r chmod go=rX,u+rw,a-s");
# Fix up permissions in usr/share/doc, setting everything to not
# executable by default, but leave examples directories alone.
complex_doit("find $tmp/usr/share/doc -type f $find_options ! -regex '$tmp/usr/share/doc/[^/]*/examples/.*' -print0 2>/dev/null",
"| xargs -0r chmod 0644");
complex_doit("find $tmp/usr/share/doc -type d $find_options -print0 2>/dev/null",
"| xargs -0r chmod 0755");
# Executable man pages are a bad thing..
complex_doit("find $tmp/usr/share/man -type f",
"$find_options -print0 2>/dev/null | xargs -0r chmod 0644");
# ..and header files ..
complex_doit("find $tmp/usr/include -type f $find_options -print0",
"2>/dev/null | xargs -0r chmod 0644");
# ..and desktop files ..
complex_doit("find $tmp/usr/share/applications -type f $find_options -print0",
"2>/dev/null | xargs -0r chmod 0644");
# .. and perl modules.
complex_doit("find $tmp/$vendorarch $tmp/$vendorlib -type f",
"-perm -5 -name '*.pm' $find_options -print0",
"2>/dev/null | xargs -0r chmod a-X");
complex_doit("find $tmp -perm -5 -type f ${mode_0644_find_pattern}",
"${find_options} -print0 2>/dev/null",
"| xargs -0r chmod 0644");
# Programs in the bin and init.d dirs should be executable..
for my $dir (qw{usr/bin bin usr/sbin sbin usr/games etc/init.d}) {
if (-d "$tmp/$dir") {
complex_doit("find $tmp/$dir -type f $find_options -print0 2>/dev/null",
"| xargs -0r chmod a+x");
}
}
# ADA ali files should be mode 444 to avoid recompilation
complex_doit("find $tmp/usr/lib -type f",
"-name '*.ali' $find_options -print0",
"2>/dev/null | xargs -0r chmod uga-w");
if ( -d "$tmp/usr/share/bug/$package") {
complex_doit("find $tmp/usr/share/bug/$package -type f",
"! -name 'script' $find_options -print0",
"2>/dev/null | xargs -0r chmod 644");
if ( -f "$tmp/usr/share/bug/$package/script" ) {
reset_perm_and_owner('0755', "$tmp/usr/share/bug/$package/script");
}
} elsif ( -f "$tmp/usr/share/bug/$package" ) {
reset_perm_and_owner('0755', "$tmp/usr/share/bug/$package");
}
# Lintian overrides should never be executable, too.
if (-d "$tmp/usr/share/lintian") {
complex_doit("find $tmp/usr/share/lintian/overrides",
"-type f $find_options -print0",
"2>/dev/null | xargs -0r chmod 0644");
}
# Files in $tmp/etc/sudoers.d/ must be mode 0440.
if (-d "$tmp/etc/sudoers.d") {
complex_doit("find $tmp/etc/sudoers.d",
"-type f ! -perm 440 $find_options -print0",
"2>/dev/null | xargs -0r chmod 0440");
}
}
=head1 SEE ALSO
L<debhelper(7)>
This program is a part of debhelper.
=head1 AUTHOR
Joey Hess <joeyh@debian.org>
=cut
# Local Variables:
# indent-tabs-mode: t
# tab-width: 4
# cperl-indent-level: 4
# End:
|