How do you change the umask when building with rpmbuild? - permissions

I've tried 'umask 77' in the shell, then building it with:
[non-root-user#machine SPECS]$ rpmbuild -bb SPECFILE.spec
but I still get this from the output:
+ umask 022

You cannot change the umask from the shell because rpmbuild will always set a a fixed umask of 0022 before running %prep script.
Therefore, depending on what you're trying to achieve, you could try change the umask in the spec file, at the beginning the %prep section:
%prep
umask 077
But, if you're just trying to set the file permissions for the files in the RPM, the standard way is to use %defattr and %attr directives in the %files section:
%defattr sets the default attributes for files and folders:
%defattr(<file mode>, <user>, <group>, <dir mode>)
some attributes may be omitted by replacing them with a dash (because the file is installed with those attributes properly set)
%attr sets the attributes for a single file or folder:
%attr(<mode>, <user>, <group>) file/folder
As with %defattr if a particular attribute does not need to be specified, you can replace it with a dash (for example you can use it along with %defattr to keep the default value for that attribute)
A full example:
%files
# set default attributes for all files and folders:
%defattr(644, root, root, 755)
# make a file executable:
%attr(755, -, -) /usr/bin/myexec
# set a different owner for a file:
%attr(-, myuser, -) /var/log/mylog.log
# set different permissions, owner and group for a file:
%attr(600, myuser, mygroup) /home/myfile
For more details & examples you can take a look to:
http://www.rpm.org/max-rpm-snapshot/s1-rpm-specref-files-list-directives.html and
http://www.rpm.org/max-rpm/s1-rpm-anywhere-specifying-file-attributes.html

I don't think changing the umask is what you should be doing. I assume you are unhappy with the permissions on the files coming out of the RPM. For that, you should be using %attr() and %defattr() in your %files section.

Related

rsync backs up everything

I am trying to backup some of the essential folders in the / in my ubuntu system. I am using
sudo rsync -aAXv --delete --include="/etc" --include="/home" --include="/usr/local" // /home/$USER/Desktop/bkup/
This command should only copy /etc, /home, /usr/local dirs and leave the rest of the files. But, when I run this command this copies every dir and every file in the / dir.
I am not sure what wrong I am doing here.
Includes without any excludes are meaningless.
--exclude='*' would exclude everything not explicitly included, from every subfolder, even the included ones.
--exclude='*/' would exclude every directory not explicitly included, but allow copying files within included directories (and the root).
--exclude='/*' would exclude all root directories and files not explicitly included, but allow all directories and files within included directories. You probably want this one.
You should add your exclude rule after your include rules. The rule is that, for each directory and file, it's the first matching include/exclude rule that matters, and the default (when no rule matches) is to include.
By "root" I mean the root of the copied directory, not the root of the whole file system.
P.S. Your command also has the destination directory inside the source directory; you probably want an exclude rule for that!

How do give a specific mode to all directories and another to all files in a spec file?

I can't rely on the umask since my machine does not use umask to set permissions. Is there a way to specify that all sub-directories (and their sub-directories etc) of some root directory all have a certain permission, and similarly, that all sub-files of the same root directory have another type of permission in the %files section of the spec file.
If not, I'll have to run some external bash scrip to get the spec file syntax for each individual file, and copy that output to the %files section of the spec file, which will be highly tedious.
If you look at the various references online, %defattr() takes a lesser-known fourth parameter for directories.

How does RPM determine the permissions of the installed package?

If you explicitly state -,root,root in the %defattr then the installed packaged will belong to root - root, and will have 'default' permissions (due to the -. Replacing it with a three-digit octal give the installed files those permissions instead of 'default permissions').
I am wondering how RPM determines what permissions to give when using '-'? I think it is related to umask, but I'm currently testing to confirm. If it is related to umask, then when exactly does the umask get applied?
Thanks.
umask removes permissions from the defaults of 0666 for files. If you have a umask of 0022, then you end up with effective default permissions on new files/folders of 0644. You can see the default umask that your account has with the umask command and no parameters. It is normally set at login time by the /etc/bashrc file and /etc/profile file.

What does %defattr mean in RPM spec files?

While creating RPMs, the RPM spec files have a directive %defattr . I know that it defines the default attributes for the files that are installed by that RPM. If I write the %defattr as below, what does it mean?
%defattr(-testuser, testuser)
The mode you specified is invalid. %defattr takes four arguments
From http://ftp.rpm.org/max-rpm/s1-rpm-inside-files-list-directives.html#S3-RPM-INSIDE-FLIST-DEFATTR-DIRECTIVE
The %defattr Directive
The %defattr directive allows setting of default attributes for files and directives. The %defattr has a similar format to the %attr directive:
The default permissions, or "mode" for files.
The default user id.
The default group id.
The default permissions, or "mode" for directories.
The %attr directive has the following format:
%defattr(file mode, user, group, dir mode)
As with %attr if a particular attribute does not need to
be specified (usually because the file is installed with that
attribute set properly), then that attribute may be replaced with a
dash. In addition the directory mode may be ommited. %defattr tends to
be used at the top of %files.
To set permissions and ownerships in a spec file treat the directory like a file thusly...
%defattr will set all files without %attr (in this case rww owner apache group apache and set directories to 755).
%files
#%attr(<mode>, <user>, <group>) file
%defattr(644,apache,apache,755)
%attr(-,apache,apache) /var/www/coolapp
%attr(-,apache,apache) /var/www/coolapp/js
%attr(-,apache,apache) /var/www/coolapp/static
/var/www/coolapp/index.html
/var/www/coolapp/__init__.py
/var/www/coolapp/settings.py
/var/www/coolapp/urls.py
/var/www/coolapp/wsgi.py

How to specify output folder for self-extracting ZIP file

extracting ZIP files that have been created using:
PKSFX(R) Version 2.50 FAST! Self Extract Utility for Windows 95/NT 4-15-1998
Is there an option to specify which folder the files contained in the EXE should be extracted to?
By typing "/help" I was able to find some useful options (like Overwrite, Exclude, etc.), but I cannot see anything related to the Output Folder.
Any suggestion?
Thank you!
I found the following over at ousob.com. It appears as part of a larger article which seems to have the documentation for the whole PKSFX suite. It looks like you run the executable and then specify any flags followed by the path to extract to and, optionally, specific named files from within the archive to be extracted if you don't want them all.
PKSFX Command Summary
Command line syntax and options are the same as PKUNZIP. The options
listed below are offered by a self-extracting file.
Syntax: pksfx [option] [d:\path] [file]* [file]*
PKSFX indicates the name of the self-extracting file you are executing.
No options are necessary if you wish to simply extract all files to the
current directory. If you wish to extract the contents to another
directory, indicate the drive and/or path the files should extract to. To
extract only particular files, indicate the name(s) at the end of the
command line.
Options:
#listfile.lst Specify list of files for extraction*
-c[m] Extract to console*
-d Re-create directories stored in .ZIP file*
-l Display software license agreement*
-n Extract only newer files*
-o Overwrite existing files
-p[a|b][c][#] Extract to printer*
-s<password> Decrypt with password*
-t Test file integrity*
* Indicates options not available in the PKSFX Junior and PKUNZIP Junior
programs.
Options should be placed after the self-extracting files name. If
multiple options are used they must be separated by a space and each must
have its own option indicator (either - or /).
All options behave in the same manner as they do with PKUNZIP, with one
exception. The -s option cannot accept keyboard entry. A password
entered with a self-extracting file must be able to be entered from the
command line.