bug#10878: "make dist" with read-only srcdir generates read-only tarball

[Nick Bowler]

On 2012-02-24 12:10 -0700, Eric Blake wrote:
> On 02/24/2012 11:34 AM, Nick Bowler wrote:
> >> But it's the package that expects its distributed files to be writable
> >> that is assuming too much; if such package wants its expectation to
> >> safely hold, it should add something like this in its 'dist-hook':
> >>
> >>     find $(distdir) -exec chmod u+w '{}' ';'
> 
> I agree.
> 
> > 
> > I'm not talking about building the package, which absolutely should work
> > from a read-only source tree.  I'm talking about creating a distribution
> > tarball, with "make dist": something only package maintainers (that's
> > me!) will generally do.
> 
> That's where we are arguing that you are wrong.  The GNU Coding
> Standards requires that _anyone_ can run 'make dist', and not just
> 'package maintainers'.

OK, but I was responding to a part of Stefano's message (which you
elided) which said "... *builds* correctly with a read-only source
tree" (emphasis added).  Regardless, I cannot find where this supposed
GCS requirement for "make dist" (or even ordinary builds, for that
matter) to work on read-only source trees comes from.  Do you have a
reference?

> That's the whole point of software freedom: You, as a recipient of the
> tarball, should be just as free to redistribute your modifications
> (including rebuilding a tarball) as the upstream maintainer you got
> the package from, even if you are starting from your (possibly
> read-only) copy of the expanded tarball.

If someone is redistributing modifications, then presumably they have a
writable source tree in order to create their modifications in the first
place.  They can then run "make dist" from the modified tree.  When the
files in a tarball are read-only, however, users who want to modify
source files are presented with a totally gratuitous (and frustrating!)
extra step.

I also didn't say anything about any "upstream maintainer": when someone
is distributing a modified version, then they are for all intents and
purposes a maintainer of their own version.  People creating a
distribution tarball from modified sources can reasonably expect to
require extra tools or setup over and above what's required to merely
build the package.  For example, they will probably need to have GNU
Automake installed.

> Which is _why_ 'make distcheck' intentionally checks that 'make dist'
> from a read-only source tarball will accurately create a tarball.

It checks that it creates a tarball, but as I mentioned in another
paragraph (which you elided), it does not check that the tarball is
accurate.  In my original example, "make distcheck" failed to notice
that the generated tarball was wrong: i.e., it was not the same as the
original tarball it was testing.

> This is a _feature_ of automake's 'make distcheck'.  If you want to
> guarantee that the generated tarball has certain permissions, then
> you, as the package author, must add something in your dist-hook to
> guarantee it, since automake cannot know which files you _need_ to
> leave writable.

The answer is: all of them!

Cheers,
-- 
Nick Bowler, Elliptic Technologies (http://www.elliptictech.com/)