r1170: fix tag name

[debhelper.git] / dh_fixperms

diff --git a/dh_fixperms b/dh_fixperms
index 58aa1484e0693de87a520cb9244fb4f7af29b7c2..1a35c78d0973300c1c844af373a7fe95789a650c 100755 (executable)
--- a/dh_fixperms
+++ b/dh_fixperms
@@ -1,50 +1,105 @@
-#!/bin/sh -e
-#
-# Do some general file permission fixups.
+#!/usr/bin/perl -w
 
-PATH=debian:$PATH:/usr/lib/debhelper
-. dh_lib
+=head1 NAME
 
-for PACKAGE in $DH_DOPACKAGES; do
-       TMP=`tmpdir $PACKAGE`
+dh_fixperms - fix permissions of files in package build directories
+
+=cut
+
+use strict;
+use Debian::Debhelper::Dh_Lib;
+
+=head1 SYNOPSIS
+
+B<dh_fixperms> [S<I<debhelper options>>] [B<-X>I<item>]
+
+=head1 DESCRIPTION
+
+dh_fixperms is a debhelper program that is responsible for setting the
+permissions of files and directories in package build directories to a
+sane state -- a state that complies with Debian policy.
+
+dh_fixperms makes all files in usr/share/doc in the package build directory
+(excluding files in the examples/ directory) be mode 644. It also changes
+the permissions of all man pages to mode 644. It makes all files be owned by
+root, and it removes group and other write permission from all files.
+It removes execute permissions from any libraries that have it set. It makes
+all files in bin/ directories and etc/init.d executable (v4 only). Finally,
+it removes the setuid and setgid bits from all files in the package.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-X>I<item>, B<--exclude> I<item>
+
+Exclude files that contain "item" anywhere in their filename from having
+their permissions changed. You may use this option multiple times to build
+up a list of things to exclude.
+
+=back
+
+=cut
+
+init();
+
+foreach my $package (@{$dh{DOPACKAGES}}) {
+       my $tmp=tmpdir($package);
+
+       my $find_options='';
+       if (defined($dh{EXCLUDE_FIND}) && $dh{EXCLUDE_FIND} ne '') {
+               $find_options="! \\( $dh{EXCLUDE_FIND} \\)";
+       }
 
        # General permissions fixing.
-       if [ ! "$DH_EXCLUDE_FIND" ]; then
-               # It's much faster to do it this way, but we can only do
-               # this if there is nothing to exclude.
-               if [ -d $TMP ]; then
-                       doit "chown -R root.root $TMP"
-                       doit "chmod -R go=rX $TMP"
-                       doit "chmod -R u+rw $TMP"
-               fi
-
-               FIND_OPTIONS=""
-       else
-               # Do it the hard way.
-               complex_doit "find $TMP ! \( $DH_EXCLUDE_FIND \) -print0 \
-                       2>/dev/null | xargs -0r chown root.root"
-               complex_doit "find $TMP ! \($DH_EXCLUDE_FIND \) -print0 \
-                       2>/dev/null | xargs -0r chmod go=rX"
-               complex_doit "find $TMP ! \( $DH_EXCLUDE_FIND \) -print0 \
-                       2>/dev/null | xargs -0r chmod u+rw"
-
-               FIND_OPTIONS="! \( $DH_EXCLUDE_FIND \)"
-       fi
-
-       # Fix up premissions in usr/doc, setting everything to not exectable
-       # by default, but leave examples directories alone.
-       complex_doit "find $TMP/usr/doc -type f $FIND_OPTIONS ! -regex .\*/examples/.\* -print0 \
-               2>/dev/null | xargs -0r chmod 644"
-       complex_doit "find $TMP/usr/doc -type d $FIND_OPTIONS -print0 \
-               2>/dev/null | xargs -0r chmod 755"
+       complex_doit("find $tmp $find_options -print0",
+               "2>/dev/null | xargs -0r chown --no-dereference 0.0");
+       complex_doit("find $tmp ! -type l $find_options -print0",
+               "2>/dev/null | xargs -0r chmod go=rX,u+rw,a-s");
+               
+       # Fix up premissions in usr/share/doc, setting everything to not
+       # executable by default, but leave examples directories alone.
+       complex_doit("find $tmp/usr/share/doc -type f $find_options ! -regex '$tmp/usr/share/doc/[^/]*/examples/.*' -print0 2>/dev/null",
+               "| xargs -0r chmod 644");
+       complex_doit("find $tmp/usr/share/doc -type d $find_options -print0 2>/dev/null",
+               "| xargs -0r chmod 755");
 
        # Executable man pages are a bad thing..
-       complex_doit "find $TMP/usr/man/ $TMP/usr/X11*/man/ -type f \
-               $FIND_OPTIONS -print0 2>/dev/null | xargs -0r chmod 644"
+       complex_doit("find $tmp/usr/share/man $tmp/usr/man/ $tmp/usr/X11*/man/ -type f",
+               "$find_options -print0 2>/dev/null | xargs -0r chmod 644");
 
        # ..and so are executable shared and static libraries 
-       # (and .la files from libtool)
-       complex_doit "find $TMP -perm -5 -type f \
-               \( -name '*.so*' -or -name '*.la' -or -name '*.a' \) $FIND_OPTIONS -print0 \
-               2>/dev/null | xargs -0r chmod a-X"
-done
+       # (and .la files from libtool) ..
+       complex_doit("find $tmp -perm -5 -type f",
+               "\\( -name '*.so*' -or -name '*.la' -or -name '*.a' \\) $find_options -print0",
+               "2>/dev/null | xargs -0r chmod 644");
+       
+       # .. and perl modules.
+       complex_doit("find $tmp/usr/lib/perl5 $tmp/usr/share/perl5 -type f",
+               "-perm -5 -name '*.pm' $find_options -print0",
+               "2>/dev/null | xargs -0r chmod a-X");
+       
+       # v4 only
+       if (! compat(3)) {
+               # Programs in the bin and init.d dirs should be executable..
+               for my $dir (qw{usr/bin bin usr/sbin sbin etc/init.d}) {
+                       if (-d "$tmp/$dir") {
+                               complex_doit("find $tmp/$dir -type f $find_options -print0 2>/dev/null",
+                                       "| xargs -0r chmod +x");
+                       }
+               }
+       }
+       
+}
+
+=head1 SEE ALSO
+
+L<debhelper(7)>
+
+This program is a part of debhelper.
+
+=head1 AUTHOR
+
+Joey Hess <joeyh@debian.org>
+
+=cut