Bug 1247355 - [debuginfo package] firefox ships executable source files
[debuginfo package] firefox ships executable source files
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: firefox (Show other bugs)
22
Unspecified Unspecified
unspecified Severity low
: ---
: ---
Assigned To: Petr Jašíček
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-07-27 15:43 EDT by Christian Stadelmann
Modified: 2016-01-03 22:48 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-08-27 05:45:41 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 1199152 None None None Never

  None (edit)
Description Christian Stadelmann 2015-07-27 15:43:56 EDT
Description of problem:
firefox-debuginfo installs these executable source files:
mozilla-release/dom/camera/DOMCameraControl.cpp
mozilla-release/dom/ipc/ContentParent.cpp
mozilla-release/dom/plugins/ipc/PluginModuleParent.cpp
mozilla-release/gfx/angle/include/KHR/khrplatform.h
mozilla-release/gfx/gl/GLScreenBuffer.cpp
mozilla-release/gfx/gl/SkiaGLGlue.cpp
mozilla-release/gfx/gl/SkiaGLGlue.h
mozilla-release/gfx/layers/composite/ContainerLayerComposite.cpp
mozilla-release/gfx/layers/ipc/AsyncTransactionTracker.cpp
mozilla-release/gfx/skia/trunk/src/core/SkDistanceFieldGen.cpp
mozilla-release/gfx/skia/trunk/src/core/SkGlyphCache.cpp
mozilla-release/gfx/skia/trunk/src/core/SkTLS.cpp
mozilla-release/gfx/skia/trunk/src/effects/SkColorFilterImageFilter.cpp
mozilla-release/gfx/skia/trunk/src/effects/SkMergeImageFilter.cpp
mozilla-release/gfx/skia/trunk/src/effects/SkTestImageFilters.cpp
mozilla-release/gfx/skia/trunk/src/gpu/GrBitmapTextContext.cpp
mozilla-release/gfx/skia/trunk/src/gpu/GrContext.cpp
mozilla-release/gfx/skia/trunk/src/gpu/GrDistanceFieldTextContext.cpp
mozilla-release/gfx/skia/trunk/src/gpu/GrRectanizer_skyline.cpp
mozilla-release/gfx/skia/trunk/src/gpu/effects/GrDistanceFieldTextureEffect.cpp
mozilla-release/gfx/skia/trunk/src/utils/SkBitSet.cpp
mozilla-release/media/webrtc/signaling/src/common/MediaEngineWrapper.h
mozilla-release/media/webrtc/signaling/src/media-conduit/AudioConduit.cpp
mozilla-release/media/webrtc/signaling/src/media-conduit/AudioConduit.h
mozilla-release/media/webrtc/signaling/src/media-conduit/CodecConfig.h
mozilla-release/media/webrtc/signaling/src/media-conduit/MediaConduitErrors.h
mozilla-release/media/webrtc/signaling/src/media-conduit/MediaConduitInterface.h
mozilla-release/media/webrtc/signaling/src/media-conduit/VideoConduit.cpp
mozilla-release/media/webrtc/signaling/src/media-conduit/VideoConduit.h
mozilla-release/media/webrtc/signaling/src/media-conduit/VideoTypes.h
mozilla-release/media/webrtc/trunk/webrtc/modules/desktop_capture/app_capturer_x11.cc
mozilla-release/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_device_info.cc
mozilla-release/media/webrtc/trunk/webrtc/modules/desktop_capture/window_capturer_x11.cc
mozilla-release/media/webrtc/trunk/webrtc/modules/desktop_capture/x11/shared_x_util.cc
mozilla-release/media/webrtc/trunk/webrtc/modules/desktop_capture/x11/shared_x_util.h
mozilla-release/media/webrtc/trunk/webrtc/video_engine/vie_channel.cc
mozilla-release/netwerk/sctp/src/netinet/sctp.h
mozilla-release/netwerk/sctp/src/netinet/sctp_asconf.c
mozilla-release/netwerk/sctp/src/netinet/sctp_asconf.h
mozilla-release/netwerk/sctp/src/netinet/sctp_auth.c
mozilla-release/netwerk/sctp/src/netinet/sctp_auth.h
mozilla-release/netwerk/sctp/src/netinet/sctp_bsd_addr.c
mozilla-release/netwerk/sctp/src/netinet/sctp_bsd_addr.h
mozilla-release/netwerk/sctp/src/netinet/sctp_callout.c
mozilla-release/netwerk/sctp/src/netinet/sctp_callout.h
mozilla-release/netwerk/sctp/src/netinet/sctp_cc_functions.c
mozilla-release/netwerk/sctp/src/netinet/sctp_crc32.c
mozilla-release/netwerk/sctp/src/netinet/sctp_crc32.h
mozilla-release/netwerk/sctp/src/netinet/sctp_header.h
mozilla-release/netwerk/sctp/src/netinet/sctp_indata.c
mozilla-release/netwerk/sctp/src/netinet/sctp_indata.h
mozilla-release/netwerk/sctp/src/netinet/sctp_input.c
mozilla-release/netwerk/sctp/src/netinet/sctp_input.h
mozilla-release/netwerk/sctp/src/netinet/sctp_os.h
mozilla-release/netwerk/sctp/src/netinet/sctp_os_userspace.h
mozilla-release/netwerk/sctp/src/netinet/sctp_output.c
mozilla-release/netwerk/sctp/src/netinet/sctp_output.h
mozilla-release/netwerk/sctp/src/netinet/sctp_pcb.c
mozilla-release/netwerk/sctp/src/netinet/sctp_pcb.h
mozilla-release/netwerk/sctp/src/netinet/sctp_peeloff.c
mozilla-release/netwerk/sctp/src/netinet/sctp_peeloff.h
mozilla-release/netwerk/sctp/src/netinet/sctp_sha1.c
mozilla-release/netwerk/sctp/src/netinet/sctp_sha1.h
mozilla-release/netwerk/sctp/src/netinet/sctp_ss_functions.c
mozilla-release/netwerk/sctp/src/netinet/sctp_structs.h
mozilla-release/netwerk/sctp/src/netinet/sctp_sysctl.c
mozilla-release/netwerk/sctp/src/netinet/sctp_sysctl.h
mozilla-release/netwerk/sctp/src/netinet/sctp_timer.c
mozilla-release/netwerk/sctp/src/netinet/sctp_timer.h
mozilla-release/netwerk/sctp/src/netinet/sctp_uio.h
mozilla-release/netwerk/sctp/src/netinet/sctp_userspace.c
mozilla-release/netwerk/sctp/src/netinet/sctp_usrreq.c
mozilla-release/netwerk/sctp/src/netinet/sctp_var.h
mozilla-release/netwerk/sctp/src/netinet/sctputil.c
mozilla-release/netwerk/sctp/src/netinet/sctputil.h
mozilla-release/netwerk/sctp/src/netinet6/sctp6_var.h
mozilla-release/netwerk/sctp/src/user_atomic.h
mozilla-release/netwerk/sctp/src/user_environment.c
mozilla-release/netwerk/sctp/src/user_environment.h
mozilla-release/netwerk/sctp/src/user_inpcb.h
mozilla-release/netwerk/sctp/src/user_ip6_var.h
mozilla-release/netwerk/sctp/src/user_malloc.h
mozilla-release/netwerk/sctp/src/user_mbuf.c
mozilla-release/netwerk/sctp/src/user_mbuf.h
mozilla-release/netwerk/sctp/src/user_recv_thread.c
mozilla-release/netwerk/sctp/src/user_recv_thread.h
mozilla-release/netwerk/sctp/src/user_route.h
mozilla-release/netwerk/sctp/src/user_socket.c
mozilla-release/netwerk/sctp/src/user_socketvar.h
mozilla-release/objdir/dist/include/SkiaGLGlue.h
mozilla-release/objdir/dist/include/angle/KHR/khrplatform.h
mozilla-release/other-licenses/atk-1.0/atk/atkrelationtype.h
mozilla-release/toolkit/crashreporter/google-breakpad/src/processor/minidump.cc

Version-Release number of selected component (if applicable):
39.0

How reproducible:
always (see rpm file)
Comment 1 John Sullivan 2015-08-20 12:02:04 EDT
Umm, it's a -debuginfo package, it's supposed to...

That's so that the "list", "next" and other commands in gdb can give you source level debugging.
Comment 2 Christian Stadelmann 2015-08-21 04:41:05 EDT
I don't get what you want to tell me.

Gdb needs source files to give source level debugging, that's right. This issue is about the fact that these source files are executable. Source files should not be executable.
Comment 3 Martin Stransky 2015-08-21 05:56:37 EDT
Peter, this one should be fairly easy to fix. We'd also want to propagate the fix upstream.
Comment 4 John Sullivan 2015-08-21 08:24:18 EDT
(In reply to Christian Stadelmann from comment #2)
> I don't get what you want to tell me.
> 
> Gdb needs source files to give source level debugging, that's right. This
> issue is about the fact that these source files are executable. Source files
> should not be executable.

Sorry, I thought the issue was that source files were there at all, not that they were executable. When I checked my installed firefox-debuginfo package they looked ok at a first glance. Checking more carefully:

$ rpm -qlv firefox-debuginfo | grep '^-..x' | wc -l
95
$ rpm -qlv firefox-debuginfo | grep '^-..-' | wc -l
15113

So it's a small proportion of the total.

Checking back to the SRPM, and the upstream tarball from that:

$ rpm2cpio firefox-39.0.3-1.fc22.src.rpm | cpio -id
$ tar jtvf firefox-39.0.3.source.tar.bz2 >tarball-files
$ grep DOMCameraControl.cpp tarball-files 
-rwxr-xr-x 0/0           46014 2015-08-06 08:13 mozilla-release/dom/camera/DOMCameraControl.cpp
$ grep nsXULWindow.cpp tarball-files 
-rw-r--r-- 0/0           67597 2015-08-06 08:13 mozilla-release/xpfe/appshell/nsXULWindow.cpp

So the inconsistency comes from upstream. Either getting upstream to fix their permissions, or making modifying the upstream tarball part of the new RPM release process feels fragile and best avoided from a provenance point of view.

The bit that puts these into the -debuginfo RPM is /usr/lib/rpm/find-debuginfo.sh from RPM rpm-build (a subpackage of the rpm SRPM), which uses the following loop:

if [ -s "$SOURCEFILE" ]; then
  mkdir -p "${RPM_BUILD_ROOT}/usr/src/debug"
  LC_ALL=C sort -z -u "$SOURCEFILE" | grep -E -v -z '(<internal>|<built-in>)$' |
  (cd "$RPM_BUILD_DIR"; cpio -pd0mL "${RPM_BUILD_ROOT}/usr/src/debug")
  # stupid cpio creates new directories in mode 0700, fixup
  find "${RPM_BUILD_ROOT}/usr/src/debug" -type d -print0 |
  xargs --no-run-if-empty -0 chmod a+rx
fi

(The list of files in $SOURCEFILE comes from trawling the debug sections of any packaged binary files, so should genuinely be all the source, and nothing but the source, without having to know anything specific about the package's build directory layout.)

Adding:

  find "${RPM_BUILD_ROOT}/usr/src/debug" -type f -print0 |
  xargs --no-run-if-empty -0 chmod a-x

Should do the trick, as long as no RPM ever would genuinely want to executable files in /usr/src/debug. (I can't see why they would...)

Note You need to log in before you can comment on or make changes to this bug.