On Thu, 12 Sep 2013 00:29:58 +0900, Mamoru TASAKA wrote: > Well, I am so long wondering about this. Actually creating debuginfo, > stripping shared libs and making the shared libs non executable can > be accomplished by using %attr, i.e. > - At %install, install the shared libs with 0755 as before > - On %files, explicitly mark the files with %attr(0644,root,root) > > http://koji.fedoraproject.org/koji/taskinfo?taskID=5923317 > > Some other distros makes non-executable shared libs 0644 permission. > Is %attr approach for this case allowed / preferable / discouraged ? It is widely accepted practice to limit %attr usage to really special permissions (such as setuid, setgid) and ownership (non-root user and/or group), so where that is done in a spec file, it sticks out. In packages with many files, overusing %attr would decrease readability even when using spec syntax-highlighting. Ordinary file permissions should get fixed in %install and upstream. Is it guaranteed that %attr will set the permission _after_ debuginfo generation? AFAIK, the only thing that wants +x on these libs is the debuginfo generator, and IIRC there's support already for flipping a flag and making it work with non-executables, too. ldd still warns about non-executable libs. And the build tools are not specific to Fedora/Linux, so they will likely keep making .so files +x. How many of the libs contain special code that can be run? I don't want to imagine a large configure script running a lib for some version check or feature list. Would packagers need to check every lib for whether it may be run or not? -- packaging mailing list packaging@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/packaging
