[PATCH] packaging: really make System.map mode 0600

Brad Figg brad.figg at canonical.com
Mon Jan 31 22:08:14 UTC 2011 

On 01/31/2011 01:43 PM, Kees Cook wrote:
> 799f11e9c88770eb1017a297c1a456013a80f324 tried to make System.map mode
> 0600. It turns out that dh_fixperms undoes that change. This patch fixes
> this up, corrects perms for sub-flavors, and adds vmcoreinfo to the mode
> 0600 list.
>
> Signed-off-by: Kees Cook<kees.cook at canonical.com>
> ---
>   debian/rules.d/2-binary-arch.mk |    6 ++++--
>   debian/scripts/sub-flavour      |    4 +++-
>   2 files changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
> index c289d11..c31ab14 100644
> --- a/debian/rules.d/2-binary-arch.mk
> +++ b/debian/rules.d/2-binary-arch.mk
> @@ -72,6 +72,7 @@ endif
>   ifeq ($(no_dumpfile),)
>   	makedumpfile -g $(pkgdir)/boot/vmcoreinfo-$(abi_release)-$* \
>   		-x $(builddir)/build-$*/vmlinux
> +	chmod 0600 $(pkgdir)/boot/vmcoreinfo-$(abi_release)-$*
>   endif
>
>   	$(build_cd) $(kmake) $(build_O) modules_install \
> @@ -92,6 +93,7 @@ endif
>   ifeq ($(no_dumpfile),)
>   	makedumpfile -g $(pkgdir)/boot/vmcoreinfo-$(abi_release)-$* \
>   		-x $(builddir)/build-$*/vmlinux
> +	chmod 0600 $(pkgdir)/boot/vmcoreinfo-$(abi_release)-$*
>   endif
>   	rm -f $(pkgdir)/lib/modules/$(abi_release)-$*/build
>   	rm -f $(pkgdir)/lib/modules/$(abi_release)-$*/source
> @@ -275,7 +277,7 @@ binary-%: install-%
>   	dh_installchangelogs -p$(pkgimg)
>   	dh_installdocs -p$(pkgimg)
>   	dh_compress -p$(pkgimg)
> -	dh_fixperms -p$(pkgimg)
> +	dh_fixperms -p$(pkgimg) -X/boot/
>   	dh_installdeb -p$(pkgimg)
>   	dh_shlibdeps -p$(pkgimg)
>   	dh_gencontrol -p$(pkgimg)
> @@ -298,7 +300,7 @@ ifneq ($(skipsub),true)
>   		dh_installchangelogs -p$$pkg;		\
>   		dh_installdocs -p$$pkg;			\
>   		dh_compress -p$$pkg;			\
> -		dh_fixperms -p$$pkg;			\
> +		dh_fixperms -p$$pkg -X/boot/;		\
>   		dh_shlibdeps -p$$pkg;			\
>   		dh_installdeb -p$$pkg;			\
>   		dh_gencontrol -p$$pkg;			\
> diff --git a/debian/scripts/sub-flavour b/debian/scripts/sub-flavour
> index c0093a6..45456bb 100644
> --- a/debian/scripts/sub-flavour
> +++ b/debian/scripts/sub-flavour
> @@ -11,7 +11,9 @@ from_moddir="debian/$from_pkg/lib/modules/$ABI_RELEASE-$FROM"
>   to_moddir="debian/$to_pkg/lib/modules/$ABI_RELEASE-$FROM"
>
>   install -d "debian/$to_pkg/boot"
> -install -m644 debian/$from_pkg/boot/{vmlinuz,System.map,config}-$ABI_RELEASE-$FROM \
> +install -m644 debian/$from_pkg/boot/{vmlinuz,config}-$ABI_RELEASE-$FROM \
> +	debian/$to_pkg/boot/
> +install -m600 debian/$from_pkg/boot/System.map-$ABI_RELEASE-$FROM \
>   	debian/$to_pkg/boot/
>
>   #

Are you only targeting this towards natty?

Brad
-- 
Brad Figg brad.figg at canonical.com http://www.canonical.com

More information about the kernel-team mailing list