-
-
Notifications
You must be signed in to change notification settings - Fork 919
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Files in axiom-types and descendants_tracker gems use 400 and 440 modes #1989
Comments
may I ask where exactly the problem lies ? yes, jruby-complete.jar does not contain those. jar-dependencies will install those gem on the fly when needed. the idea was to minimize the "download" when you first use jar-dependencies since even with ruby-maven already installed it will first download the half the internet. the second run is fast since the download is cached in the local maven repository. the above gems are used for a pure ruby version of maven-model - let me see if jar-dependencies will work without those. |
This isn't about jruby-complete.jar or using jar-dependencies. It's the simple fact that release tarballs should not contain files that are not group and world readable. Really, this should be fixed upstream, but since upstream is ignoring the issue, JRuby should work around this. I only noticed the problem because I'm the JRuby port maintainer for OpenBSD, and the OpenBSD porting tools complain if you try to create a package that contains files that aren't group and world readable. |
are the any requirements on directory permissions - if so please reopen the issue here or just leave a comment. |
Looks like this is still a problem in 1.7.16:
|
lib/pom.rb was changing the permissions of all gem files to be 644. This caused other gems with binaries to lose their execute bit. It also adds time to the build during development. The new code will only fix up the permissions of the unsupported gem which demonstrates the issue.
Issues in both upstream repos have been filed, with no response since May 23:
According to @headius, these gems are pulled in because they are transitive dependencies for jar-dependencies, which may not even need to be shipped.
The text was updated successfully, but these errors were encountered: