Wrong permissions in the tarball

[denilsonsa]

When someone installs the pysol cardsets on any Arch-based Linux distribution, several cardsets will be installed with wrong permissions. Look at this bug report.

$ ls -l /usr/share/PySolFC
…
drwxr-xr-x 2 root root 4096 Jun 6 16:29 cardset-neo
drwx------ 2 root root 4096 Jun 6 16:29 cardset-neo-hex
drwx------ 2 root root 4096 Jun 6 16:29 cardset-neo-tarock
drwx------ 2 root root 4096 Jun 6 16:29 cardset-next-matrix
…

Then I started investigating…

• When I clone the git repository, the permissions seem sane. (Which makes sense, as I'm cloning as my own user instead of root.)
• When I download from the GitHub tag 2.2, running tar tvf 2.2.tar.gz shows all directories with sane permissions and root/root as user and group owners.
• When I download from SourceForge files, running tar tvf 2.2.tar.gz shows wrong permissions for some directories, and joe/joe as the user and group owners.

Thus, I conclude that manually-created tarballs can have incorrect permissions.

Solutions

I have some ideas for solutions.

• Use GitHub actions to automatically push to SourceForge whenever a new tag is created or updated. I'm not familiar to publishing to SourceForge, and a quick search shows it may be possible.
• Move the official releases to GitHub. That has the drawback of all the links over the web still pointing to SourceForge. Still, might be a simpler solution.
• Use a script to fix the permissions before building the tarball. Or just use GitHub's automatically-built tarballs.

Bonus: There are two COPYRIGHT files that have +x permission, while they shouldn't.

[joeraz]

Sorry for the delay in response on this. I had to push a release this weekend, but my attempts to add a script to update permissions did not work well. Not sure if I got it fixed or not, but if there is still an issue and someone is able to generate correct packages, I can replace the ones currently on SourceForge - I think this 3.0 package will be the last one for a while.

Unfortunately, the previous developers did not leave me a script on how to correctly generate the cardsets package, so I had to improvise and generate the manually. And at this point, the release scripts are basically held together with duct tape and chewing gum. I tried to fix them up, but keep running into issues (this isn't really my area of expertise). If there's a volunteer willing to help harden the release scripts overall, it would help a lot.

[shlomif]

@joeraz : hi! I would like to take a look at the script. Where can I find it?

[joeraz]

Regarding a script for generating the cardsets package, the problem is that there isn't one. I've had to create the cardset packages manually (copying and renaming the folder, then putting it in the tarball). Prior to my releases, the last time a cardset package was generated was back in 2009, and I was not able to find any old documentation on the subject.

Regarding my issues with the other release scripts, I document those issues mostly on shlomif/PySolFC#324