The permission and ownership of /usr/local/bin/hg after running the Mercurial 2.8 for MacOS X 10.9 package installer is, -rwxrwxr-x 1 jason admin 1078 Nov 1 18:18 hg It really should be, -rwxr-xr-x 1 root wheel 1078 Nov 1 18:18 hg It also did not clean up the Mercurial 2.7.2 site-package, drwxr-xr-x 6 root wheel 204 Oct 22 15:35 mercurial-2.7.2_20131002-py2.7.egg-info drwxrwxr-x 6 jason admin 204 Nov 1 18:18 mercurial-2.8_20131101-py2.7.egg-info and had the wrong permission on the egg. site-packages/hgext and site-packages/mercurial are probably wrong too.
Which of the five possible ways of installing Mac packages did you use for 2.8 and 2.7.2?
(In reply to comment #1) The point and click way? October 11th: Mercurial 2.7.2 for MacOS X 10.8 http://mercurial.selenic.com/mac/binaries/Mercurial-2.7.2-py2.7-macosx10.8.zip mercurial-2.7.2+20131002-py2.7-macosx10.8.mpkg November 3rd: Mercurial 2.8 for MacOS X 10.9 http://mercurial.selenic.com/mac/binaries/Mercurial-2.8-py2.7-macosx10.9.zip mercurial-2.8+20131101-py2.7-macosx10.9.mpkg
From the description I guess it is caused by the mpkg format storing the uid of the user creating the package. Building as 'first uid on a system' and installing as root on another system will installer the files as owned by that uid. If my guess is right, it is thus not really possible to build mpkg as an unprivileged user. Yeah ... https://github.com/MacPython/bdist_mpkg/issues/3 ... what a lovely platform ... It must be possible to specify something similar to GNU tar --owner and --group ...
https://github.com/MacPython/bdist_mpkg/blob/master/bdist_mpkg/script_reown_mpkg.py
- except that this command must run as a privilged user ...
Created attachment 1803 [details] Script to rewrite Mac package archive in-memory to fix permissions
I've attached a proof-of-concept script that rewrites a zip, rewriting the owners of any Archive.pax.gz files it finds. Someone with a Mac will need to actually test it.
I hacked the script and took it to the next level of proof-of-concept where it works for me. Sent as patch to the mailing list.
Fixed by http://selenic.com/repo/hg/rev/d0ef40776999 Mads Kiilerich <madski@unity3d.com> osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081) The packages has to be installed by root but they would be installed insecurely, owned by the uid of the unprivileged user that made the package. The local user with that uid could thus write to /usr/local/bin/hg . bdist_mpkg calls out to pax to create the package, but pax do apparently not have the power to control what it is writing. Instead, patch the pax files and set their uid fields to 0 before they are wrapped in a dmg. (please test the fix)
Bug was set to TESTING for 7 days, resolving