cmake: Pass CPPFLAGS in CFLAGS. Closes: #668813 Thanks, Simon Ruderich for the patch...

[debhelper.git] / dh_fixperms

diff --git a/dh_fixperms b/dh_fixperms
index d6b0f721487b48e5f5f085863e47a62d3db34587..d6e237bc93a270501fa95ac5770cdcb0d403b286 100755 (executable)
--- a/dh_fixperms
+++ b/dh_fixperms
@@ -15,16 +15,17 @@ B<dh_fixperms> [S<I<debhelper options>>] [B<-X>I<item>]
 
 =head1 DESCRIPTION
 
-dh_fixperms is a debhelper program that is responsible for setting the
+B<dh_fixperms> is a debhelper program that is responsible for setting the
 permissions of files and directories in package build directories to a
 sane state -- a state that complies with Debian policy.
 
-dh_fixperms makes all files in usr/share/doc in the package build directory
-(excluding files in the examples/ directory) be mode 644. It also changes
-the permissions of all man pages to mode 644. It makes all files be owned by
-root, and it removes group and other write permission from all files.
-It removes execute permissions from any libraries that have it set. It makes
-all files in bin/ directories and etc/init.d executable (v4 only). Finally,
+B<dh_fixperms> makes all files in F<usr/share/doc> in the package build directory
+(excluding files in the F<examples/> directory) be mode 644. It also changes
+the permissions of all man pages to mode 644. It makes all files be owned
+by root, and it removes group and other write permission from all files. It
+removes execute permissions from any libraries, headers, Perl modules, or
+desktop files that have it set. It makes all files in the standard F<bin> and
+F<sbin> directories, F<usr/games/> and F<etc/init.d> executable (since v4). Finally,
 it removes the setuid and setgid bits from all files in the package.
 
 =head1 OPTIONS
@@ -33,7 +34,7 @@ it removes the setuid and setgid bits from all files in the package.
 
 =item B<-X>I<item>, B<--exclude> I<item>
 
-Exclude files that contain "item" anywhere in their filename from having
+Exclude files that contain I<item> anywhere in their filename from having
 their permissions changed. You may use this option multiple times to build
 up a list of things to exclude.
 
@@ -53,10 +54,10 @@ foreach my $package (@{$dh{DOPACKAGES}}) {
 
        # General permissions fixing.
        complex_doit("find $tmp $find_options -print0",
-               "2>/dev/null | xargs -0r chown --no-dereference 0.0");
+               "2>/dev/null | xargs -0r chown --no-dereference 0:0");
        complex_doit("find $tmp ! -type l $find_options -print0",
                "2>/dev/null | xargs -0r chmod go=rX,u+rw,a-s");
-               
+       
        # Fix up premissions in usr/share/doc, setting everything to not
        # executable by default, but leave examples directories alone.
        complex_doit("find $tmp/usr/share/doc -type f $find_options ! -regex '$tmp/usr/share/doc/[^/]*/examples/.*' -print0 2>/dev/null",
@@ -71,7 +72,20 @@ foreach my $package (@{$dh{DOPACKAGES}}) {
        # ..and so are executable shared and static libraries 
        # (and .la files from libtool) ..
        complex_doit("find $tmp -perm -5 -type f",
-               "\\( -name '*.so*' -or -name '*.la' -or -name '*.a' \\) $find_options -print0",
+               "\\( -name '*.so.*' -or -name '*.so' -or -name '*.la' -or -name '*.a' \\) $find_options -print0",
+               "2>/dev/null | xargs -0r chmod 644");
+       
+       # ..and header files ..
+       complex_doit("find $tmp/usr/include -type f $find_options -print0",
+               "2>/dev/null | xargs -0r chmod 644");
+       
+       # ..and desktop files ..
+       complex_doit("find $tmp/usr/share/applications -type f $find_options -print0",
+               "2>/dev/null | xargs -0r chmod 644");
+
+       # ..and OCaml native-code shared objects ..
+       complex_doit("find $tmp -perm -5 -type f",
+               "\\( -name '*.cmxs' \\) $find_options -print0",
                "2>/dev/null | xargs -0r chmod 644");
        
        # .. and perl modules.
@@ -79,22 +93,40 @@ foreach my $package (@{$dh{DOPACKAGES}}) {
                "-perm -5 -name '*.pm' $find_options -print0",
                "2>/dev/null | xargs -0r chmod a-X");
        
-       # v4 only
+       # v4 and up
        if (! compat(3)) {
                # Programs in the bin and init.d dirs should be executable..
-               for my $dir (qw{usr/bin bin usr/sbin sbin etc/init.d}) {
+               for my $dir (qw{usr/bin bin usr/sbin sbin usr/games etc/init.d}) {
                        if (-d "$tmp/$dir") {
                                complex_doit("find $tmp/$dir -type f $find_options -print0 2>/dev/null",
-                                       "| xargs -0r chmod +x");
+                                       "| xargs -0r chmod a+x");
                        }
                }
        }
        
+       # ADA ali files should be mode 444 to avoid recompilation
+       complex_doit("find $tmp/usr/lib -type f",
+               "-name '*.ali' $find_options -print0",
+               "2>/dev/null | xargs -0r chmod uga-w");
+
+       # Lintian overrides should never be executable, too.
+       if (-d "$tmp/usr/share/lintian") {
+               complex_doit("find $tmp/usr/share/lintian/overrides",
+                       "-type f $find_options -print0",
+                       "2>/dev/null | xargs -0r chmod 644");
+       }
+
+       # Files in $tmp/etc/sudoers.d/ must be mode 440.
+       if (-d "$tmp/etc/sudoers.d") {
+               complex_doit("find $tmp/etc/sudoers.d",
+                       "-type f ! -perm 440 $find_options -print0",
+                       "2>/dev/null | xargs -0r chmod 440");
+       }
 }
 
 =head1 SEE ALSO
 
-L<debhelper(1)>
+L<debhelper(7)>
 
 This program is a part of debhelper.