hooks/post-install: add fix permissions hook

Manual.md

@@ -762,6 +762,10 @@ Examples:
 	```
 A special value `noarch` used to be available, but has since been removed.
 
+- `nocheckperms` If set, xbps-src will not fail on common permission errors (world writable files, etc.)
+
+- `nofixperms` If set, xbps-src will not fix common permission errors (executable manpages, etc.)
+
 <a id="explain_depends"></a>
 #### About the many types of `depends` variables
 

common/environment/setup-subpkg/subpkg.sh

@@ -8,6 +8,9 @@ unset -v depends run_depends replaces provides conflicts tags
 # hooks/post-install/03-strip-and-debug-pkgs
 unset -v nostrip nostrip_files
 
+# hooks/post-install/14-fix-permissions
+unset -v nocheckperms nofixperms
+
 # hooks/pre-pkg/04-generate-runtime-deps
 unset -v noverifyrdeps skiprdeps allow_unknown_shlibs shlib_requires
 

common/hooks/post-install/14-fix-permissions.sh

@@ -0,0 +1,33 @@
+# This hook fixes permissions in common places
+
+change_file_perms() {
+	local dir="${PKGDESTDIR}${1}"
+	# permission mask for matching the files
+	local permmask="$2"
+	# permissions which will be set on matched files
+	local perms="$3"
+	if [ -d "$dir" ]; then
+		find "$dir" -type f -perm "/$permmask" -exec chmod -v "$perms" {} +
+	fi
+}
+
+hook() {
+	if [ -z "$nocheckperms" ]; then
+		# check that no files have permission write for all users
+		find "$PKGDESTDIR" -type f -perm -0002 | while read -r file; do
+			msg_error "$pkgver: file ${file#$PKGDESTDIR} has write permission for all users\n"
+		done
+	fi
+
+	if [ -z "$nofixperms" ]; then
+		change_file_perms "/usr/share/man" 133 644
+		change_file_perms "/etc/apparmor.d" 111 644
+		change_file_perms "/usr/share/applications" 133 644
+		change_file_perms "/usr/share/help" 133 644
+		change_file_perms "/usr/share/icons" 133 644
+		change_file_perms "/usr/share/locale" 133 644
+		change_file_perms "/usr/share/metainfo" 133 644
+		change_file_perms "/usr/share/appdata" 133 644
+		change_file_perms "/usr/include" 133 644
+	fi
+}