-#!/bin/sh -e
-#
-# Do some general file permission fixups.
+#!/usr/bin/perl -w
-PATH=debian:$PATH:/usr/lib/debhelper
-. dh_lib
+=head1 NAME
-for PACKAGE in $DH_DOPACKAGES; do
- TMP=`tmpdir $PACKAGE`
+dh_fixperms - fix permissions of files in package build directories
+
+=cut
+
+use strict;
+use Debian::Debhelper::Dh_Lib;
+
+=head1 SYNOPSIS
+
+B<dh_fixperms> [S<I<debhelper options>>] [B<-X>I<item>]
+
+=head1 DESCRIPTION
+
+dh_fixperms is a debhelper program that is responsible for setting the
+permissions of files and directories in package build directories to a
+sane state -- a state that complies with Debian policy.
+
+dh_fixperms makes all files in usr/share/doc in the package build directory
+(excluding files in the examples/ directory) be mode 644. It also changes
+the permissions of all man pages to mode 644. It makes all files be owned by
+root, and it removes group and other write permission from all files.
+It removes execute permissions from any libraries that have it set. It makes
+all files in bin/ directories and etc/init.d executable (v4 only). Finally,
+it removes the setuid and setgid bits from all files in the package.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-X>I<item>, B<--exclude> I<item>
+
+Exclude files that contain "item" anywhere in their filename from having
+their permissions changed. You may use this option multiple times to build
+up a list of things to exclude.
+
+=back
+
+=cut
+
+init();
+
+foreach my $package (@{$dh{DOPACKAGES}}) {
+ my $tmp=tmpdir($package);
+
+ my $find_options='';
+ if (defined($dh{EXCLUDE_FIND}) && $dh{EXCLUDE_FIND} ne '') {
+ $find_options="! \\( $dh{EXCLUDE_FIND} \\)";
+ }
# General permissions fixing.
- if [ ! "$DH_EXCLUDE_FIND" ]; then
- # It's much faster to do it this way, but we can only do
- # this if there is nothing to exclude.
- if [ -d $TMP ]; then
- doit "chown -R root.root $TMP"
- doit "chmod -R go=rX $TMP"
- doit "chmod -R u+rw $TMP"
- fi
-
- FIND_OPTIONS=""
- else
- # Do it the hard way.
- complex_doit "find $TMP ! \( $DH_EXCLUDE_FIND \) -print0 \
- 2>/dev/null | xargs -0r chown root.root"
- complex_doit "find $TMP ! \($DH_EXCLUDE_FIND \) -print0 \
- 2>/dev/null | xargs -0r chmod go=rX"
- complex_doit "find $TMP ! \( $DH_EXCLUDE_FIND \) -print0 \
- 2>/dev/null | xargs -0r chmod u+rw"
-
- FIND_OPTIONS="! \( $DH_EXCLUDE_FIND \)"
- fi
-
- # Fix up premissions in usr/doc, setting everything to not exectable
- # by default, but leave examples directories alone.
- complex_doit "find $TMP/usr/doc -type f $FIND_OPTIONS ! -regex .\*/examples/.\* -print0 \
- 2>/dev/null | xargs -0r chmod 644"
- complex_doit "find $TMP/usr/doc -type d $FIND_OPTIONS -print0 \
- 2>/dev/null | xargs -0r chmod 755"
+ complex_doit("find $tmp $find_options -print0",
+ "2>/dev/null | xargs -0r chown --no-dereference 0.0");
+ complex_doit("find $tmp ! -type l $find_options -print0",
+ "2>/dev/null | xargs -0r chmod go=rX,u+rw,a-s");
+
+ # Fix up premissions in usr/share/doc, setting everything to not
+ # executable by default, but leave examples directories alone.
+ complex_doit("find $tmp/usr/share/doc -type f $find_options ! -regex '$tmp/usr/share/doc/[^/]*/examples/.*' -print0 2>/dev/null",
+ "| xargs -0r chmod 644");
+ complex_doit("find $tmp/usr/share/doc -type d $find_options -print0 2>/dev/null",
+ "| xargs -0r chmod 755");
# Executable man pages are a bad thing..
- complex_doit "find $TMP/usr/man/ $TMP/usr/X11*/man/ -type f \
- $FIND_OPTIONS -print0 2>/dev/null | xargs -0r chmod 644"
+ complex_doit("find $tmp/usr/share/man $tmp/usr/man/ $tmp/usr/X11*/man/ -type f",
+ "$find_options -print0 2>/dev/null | xargs -0r chmod 644");
# ..and so are executable shared and static libraries
- # (and .la files from libtool)
- complex_doit "find $TMP -perm -5 -type f \
- \( -name '*.so*' -or -name '*.la' -or -name '*.a' \) $FIND_OPTIONS -print0 \
- 2>/dev/null | xargs -0r chmod a-X"
-done
+ # (and .la files from libtool) ..
+ complex_doit("find $tmp -perm -5 -type f",
+ "\\( -name '*.so*' -or -name '*.la' -or -name '*.a' \\) $find_options -print0",
+ "2>/dev/null | xargs -0r chmod 644");
+
+ # .. and perl modules.
+ complex_doit("find $tmp/usr/lib/perl5 $tmp/usr/share/perl5 -type f",
+ "-perm -5 -name '*.pm' $find_options -print0",
+ "2>/dev/null | xargs -0r chmod a-X");
+
+ # v4 only
+ if (! compat(3)) {
+ # Programs in the bin and init.d dirs should be executable..
+ for my $dir (qw{usr/bin bin usr/sbin sbin etc/init.d}) {
+ if (-d "$tmp/$dir") {
+ complex_doit("find $tmp/$dir -type f $find_options -print0 2>/dev/null",
+ "| xargs -0r chmod +x");
+ }
+ }
+ }
+
+}
+
+=head1 SEE ALSO
+
+L<debhelper(7)>
+
+This program is a part of debhelper.
+
+=head1 AUTHOR
+
+Joey Hess <joeyh@debian.org>
+
+=cut