Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

bart (450)

Journal of bart (450)

Sunday December 21, 2008
07:38 PM

Fixing world writable files in tarball before upload to CPAN

[ #38127 ]

Fairly recently, CPAN changed its policy regarding uploaded distributions: if the distribution contains world writable files and/or directories (I'm not entirely clear about its exact rules), then CPAN won't index it.

That is a problem that bites authors who create their distributions on Windows: as Windows doesn't know Unix file permissions, a typical tar on Windows will simply set all file modes to 0777. Well, duh!

Some people have reconsidered fixes, such as Burak who claims that if you exclude directories from explicitly mentioning them, when creating the tar file, that then the problem will not occur.

My idea instead would be to fix the stupid behaviour in tar.

A second best approach, for now, until it gets a definite solution, is to clean up the tarball you just created, going over every file and directory in it, and fix its file mode.

And that's what I did here. I've used Archive::Tar, which turned out to be slightly more problematic than I thought, but I seem to have gotten it to behave. One nasty problem is backward compatibility of the tar files: by default Archive::Tar strips the path away from the file name, and stuffs it in a nonstandard "prefix" field. I've seen tar archive tools fall over this. Setting $Archive::Tar::DO_NOT_USE_PREFIX to 1 stops this behaviour, and you get backward compatible tar files, as long as the full name of the entry (including relative path) is at most 100 Ascii characters long. I do not expect this to be a problem in a typical CPAN upload.

Archive::Tar keeps the entire archive in memory, which may pose a problem for huge tar files, but most likely not for any archive to be uploaded to CPAN.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.