UBUNTU: [Config] packaging: really make System.map mode 0600

799f11e9c88770eb1017a297c1a456013a80f324 tried to make System.map mode
0600. It turns out that dh_fixperms undoes that change. This patch fixes
this up, corrects perms for sub-flavors, and adds vmcoreinfo to the mode
0600 list.

Signed-off-by: Kees Cook <kees.cook@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
index c289d11..c31ab14 100644 (file)
--- a/debian/rules.d/2-binary-arch.mk
+++ b/debian/rules.d/2-binary-arch.mk
@@ -72,6 +72,7 @@ endif
 ifeq ($(no_dumpfile),)
        makedumpfile -g $(pkgdir)/boot/vmcoreinfo-$(abi_release)-$* \
                -x $(builddir)/build-$*/vmlinux
+       chmod 0600 $(pkgdir)/boot/vmcoreinfo-$(abi_release)-$*
 endif
 
        $(build_cd) $(kmake) $(build_O) modules_install \
@@ -92,6 +93,7 @@ endif
 ifeq ($(no_dumpfile),)
        makedumpfile -g $(pkgdir)/boot/vmcoreinfo-$(abi_release)-$* \
                -x $(builddir)/build-$*/vmlinux
+       chmod 0600 $(pkgdir)/boot/vmcoreinfo-$(abi_release)-$*
 endif
        rm -f $(pkgdir)/lib/modules/$(abi_release)-$*/build
        rm -f $(pkgdir)/lib/modules/$(abi_release)-$*/source
@@ -275,7 +277,7 @@ binary-%: install-%
        dh_installchangelogs -p$(pkgimg)
        dh_installdocs -p$(pkgimg)
        dh_compress -p$(pkgimg)
-       dh_fixperms -p$(pkgimg)
+       dh_fixperms -p$(pkgimg) -X/boot/
        dh_installdeb -p$(pkgimg)
        dh_shlibdeps -p$(pkgimg)
        dh_gencontrol -p$(pkgimg)
@@ -298,7 +300,7 @@ ifneq ($(skipsub),true)
                dh_installchangelogs -p$$pkg;           \
                dh_installdocs -p$$pkg;                 \
                dh_compress -p$$pkg;                    \
-               dh_fixperms -p$$pkg;                    \
+               dh_fixperms -p$$pkg -X/boot/;           \
                dh_shlibdeps -p$$pkg;                   \
                dh_installdeb -p$$pkg;                  \
                dh_gencontrol -p$$pkg;                  \

diff --git a/debian/scripts/sub-flavour b/debian/scripts/sub-flavour
index c0093a6..45456bb 100644 (file)
--- a/debian/scripts/sub-flavour
+++ b/debian/scripts/sub-flavour
@@ -11,7 +11,9 @@ from_moddir="debian/$from_pkg/lib/modules/$ABI_RELEASE-$FROM"
 to_moddir="debian/$to_pkg/lib/modules/$ABI_RELEASE-$FROM"
 
 install -d "debian/$to_pkg/boot"
-install -m644 debian/$from_pkg/boot/{vmlinuz,System.map,config}-$ABI_RELEASE-$FROM \
+install -m644 debian/$from_pkg/boot/{vmlinuz,config}-$ABI_RELEASE-$FROM \
+       debian/$to_pkg/boot/
+install -m600 debian/$from_pkg/boot/System.map-$ABI_RELEASE-$FROM \
        debian/$to_pkg/boot/
 
 #