Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong permissions in the tarball #15

Open
3 tasks
denilsonsa opened this issue Oct 18, 2023 · 1 comment
Open
3 tasks

Wrong permissions in the tarball #15

denilsonsa opened this issue Oct 18, 2023 · 1 comment

Comments

@denilsonsa
Copy link

When someone installs the pysol cardsets on any Arch-based Linux distribution, several cardsets will be installed with wrong permissions. Look at this bug report.

$ ls -l /usr/share/PySolFC
…
drwxr-xr-x 2 root root 4096 Jun 6 16:29 cardset-neo
drwx------ 2 root root 4096 Jun 6 16:29 cardset-neo-hex
drwx------ 2 root root 4096 Jun 6 16:29 cardset-neo-tarock
drwx------ 2 root root 4096 Jun 6 16:29 cardset-next-matrix
…

Then I started investigating…

  • When I clone the git repository, the permissions seem sane. (Which makes sense, as I'm cloning as my own user instead of root.)
  • When I download from the GitHub tag 2.2, running tar tvf 2.2.tar.gz shows all directories with sane permissions and root/root as user and group owners.
  • When I download from SourceForge files, running tar tvf 2.2.tar.gz shows wrong permissions for some directories, and joe/joe as the user and group owners.

Thus, I conclude that manually-created tarballs can have incorrect permissions.

Solutions

I have some ideas for solutions.

  • Use GitHub actions to automatically push to SourceForge whenever a new tag is created or updated. I'm not familiar to publishing to SourceForge, and a quick search shows it may be possible.
  • Move the official releases to GitHub. That has the drawback of all the links over the web still pointing to SourceForge. Still, might be a simpler solution.
  • Use a script to fix the permissions before building the tarball. Or just use GitHub's automatically-built tarballs.

Bonus: There are two COPYRIGHT files that have +x permission, while they shouldn't.
@joeraz
Copy link
Collaborator

joeraz commented Apr 1, 2024

Sorry for the delay in response on this. I had to push a release this weekend, but my attempts to add a script to update permissions did not work well. Not sure if I got it fixed or not, but if there is still an issue and someone is able to generate correct packages, I can replace the ones currently on SourceForge - I think this 3.0 package will be the last one for a while.

Unfortunately, the previous developers did not leave me a script on how to correctly generate the cardsets package, so I had to improvise and generate the manually. And at this point, the release scripts are basically held together with duct tape and chewing gum. I tried to fix them up, but keep running into issues (this isn't really my area of expertise). If there's a volunteer willing to help harden the release scripts overall, it would help a lot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@denilsonsa @joeraz