#!/usr/bin/perl -w
-#
-# Do some general file permission fixups.
+=head1 NAME
+
+dh_fixperms - fix permissions of files in package build directories
+
+=cut
+
+use strict;
use Debian::Debhelper::Dh_Lib;
+
+=head1 SYNOPSIS
+
+ dh_fixperms [debhelper options] [-Xitem]
+
+=head1 DESCRIPTION
+
+dh_fixperms is a debhelper program that is responsible for setting the
+permissions of files and directories in package build directories to a
+sane state -- a state that complies with Debian policy.
+
+dh_fixperms makes all files in usr/share/doc in the package build directory
+(excluding files in the examples/ directory) be mode 644. It also changes
+the permissions of all man pages to mode 644. It makes all files be owned by
+root, and it removes group and other write permission from all files.
+It removes execute permissions from any libraries that have it set. Finally,
+it removes the setuid and setgid bits from all files in the package.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-X>I<item>, B<--exclude>I<item>
+
+Exclude files that contain "item" anywhere in their filename from having
+their permissions changed. You may use this option multiple times to build
+up a list of things to exclude.
+
+=back
+
+=cut
+
init();
-foreach $PACKAGE (@{$dh{DOPACKAGES}}) {
- $TMP=tmpdir($PACKAGE);
+foreach my $package (@{$dh{DOPACKAGES}}) {
+ my $tmp=tmpdir($package);
- if (! defined($dh{EXCLUDE_FIND}) || $dh{EXCLUDE_FIND} eq '') {
- $find_options="";
- }
- else {
+ my $find_options='';
+ if (defined($dh{EXCLUDE_FIND}) && $dh{EXCLUDE_FIND} ne '') {
$find_options="! \\( $dh{EXCLUDE_FIND} \\)";
}
# General permissions fixing.
- complex_doit("find $TMP $find_options -print0",
- "2>/dev/null | xargs -0r chown --no-dereference root.root");
- complex_doit("find $TMP ! -type l $find_options -print0",
+ complex_doit("find $tmp $find_options -print0",
+ "2>/dev/null | xargs -0r chown --no-dereference 0.0");
+ complex_doit("find $tmp ! -type l $find_options -print0",
"2>/dev/null | xargs -0r chmod go=rX,u+rw,a-s");
-
# Fix up premissions in usr/share/doc, setting everything to not
# executable by default, but leave examples directories alone.
- complex_doit("find $TMP/usr/share/doc $TMP/usr/doc -type f $find_options ! -regex '.*/examples/.*' -print0",
+ complex_doit("find $tmp/usr/share/doc $tmp/usr/doc -type f $find_options ! -regex '.*/examples/.*' -print0",
"2>/dev/null | xargs -0r chmod 644");
- complex_doit("find $TMP/usr/share/doc $TMP/usr/doc -type d $find_options -print0",
+ complex_doit("find $tmp/usr/share/doc $tmp/usr/doc -type d $find_options -print0",
"2>/dev/null | xargs -0r chmod 755");
# Executable man pages are a bad thing..
- complex_doit("find $TMP/usr/share/man $TMP/usr/man/ $TMP/usr/X11*/man/ -type f",
+ complex_doit("find $tmp/usr/share/man $tmp/usr/man/ $tmp/usr/X11*/man/ -type f",
"$find_options -print0 2>/dev/null | xargs -0r chmod 644");
# ..and so are executable shared and static libraries
# (and .la files from libtool)
- complex_doit("find $TMP -perm -5 -type f",
+ complex_doit("find $tmp -perm -5 -type f",
"\\( -name '*.so*' -or -name '*.la' -or -name '*.a' \\) $find_options -print0",
"2>/dev/null | xargs -0r chmod a-X");
}
+
+=head1 SEE ALSO
+
+L<debhelper(1)>
+
+This program is a part of debhelper.
+
+=head1 AUTHOR
+
+Joey Hess <joeyh@debian.org>
+
+=cut