Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 550434

Summary: CVS files with executable bit to be removed, QA review needed
Product: Gentoo Linux Reporter: Robin Johnson <robbat2>
Component: [OLD] UnspecifiedAssignee: Gentoo Quality Assurance Team <qa>
Status: RESOLVED FIXED    
Severity: normal CC: infra-bugs, vapier
Priority: Normal Keywords: QAcanfix
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 550540, 550542    
Bug Blocks:    
Attachments: review of executable files

Description Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2015-05-26 05:41:19 UTC
Hi QA,

All of these files in CVS have +x set, and I want to remove that as part of the Git preperations.

Please review and confirm that the +x can be removed in CVS (and then infra will remove it, do NOT try to remove/re-add). This list is from CVS directly, so please note that some files might have been removed in non-HEAD revisions.

I suspect you might find some really old code that just copies the files and doesn't alter the +x bit at all.

./app-admin/diamond/files/diamond.initd
./app-admin/hddtemp/files/update-hddtemp.db
./app-admin/metalog/files/metalog.initd
./app-admin/puppet/files/puppet.init
./app-admin/puppet/files/puppetmaster.init
./app-admin/sysrqd/files/sysrqd.init
./app-admin/webmin/files/gentoo-setup
./app-antivirus/clamav/files/clamd.initd-r3
./app-antivirus/clamav/files/clamd.initd-r5
./app-antivirus/clamav/files/clamd.initd-r6
./app-arch/makeself/files/makeself-unpack
./app-backup/tsm/files/dsmcad.init.d-r1
./app-crypt/tpm-emulator/files/tpm-emulator.initd-0.7.4
./app-emulation/docker/files/docker-r2.initd
./app-emulation/virtualbox-bin/files/virtualbox-bin-3-wrapper
./app-emulation/virtualbox/files/virtualbox-ose-3-wrapper
./app-emulation/virtualbox-modules/files/create_vbox_modules_tarball.sh
./app-emulation/xen-tools/files/xenstored.initd
./app-eselect/eselect-metasploit/files/msfloader-0.16
./app-eselect/eselect-php/files/php-fpm.init
./app-eselect/eselect-php/files/php-fpm-r1.init
./app-eselect/eselect-wxwidgets/files/wx-config-1.3
./app-eselect/eselect-wxwidgets/files/wx-config-1.4
./app-eselect/eselect-wxwidgets/files/wxrc-1.3
./app-eselect/eselect-wxwidgets/files/wxrc-1.4
./app-forensics/aide/files/aide.cron
./app-forensics/aide/files/aideinit
./app-laptop/pommed/files/pommed.rc
./app-laptop/tp_smapi/files/tp_smapi-0.40-initd
./app-misc/conmux/files/conmux.initd
./app-misc/conmux/files/conmux-registry.initd
./app-misc/inputlircd/files/inputlircd.init
./app-misc/inputlircd/files/inputlircd.init.2
./app-misc/lirc/files/irexec-initd
./app-misc/lirc/files/irexec-initd-0.8.6-r2
./app-misc/misterhouse/files/misterhouse.init
./app-misc/xmind/files/xmind-wrapper
./app-mobilephone/bitpim/files/maketarball
./app-mobilephone/smstools/files/smsd.initd
./app-office/openerp/files/openerp
./app-office/openerp/files/openerp-confd
./app-office/rubrica/files/rubrica2.desktop
./app-portage/eclass-manpages/files/eclass-to-manpage.sh
./app-portage/portage-utils/files/post_sync
./app-portage/prefix-chain-setup/files/prefix-chain-setup.in
./dev-db/henplus/files/henplus.pre
./dev-db/hyperdex/files/hyperdex.initd
./dev-db/mysql-proxy/files/mysql-proxy.initd
./dev-db/slony1/files/slony1.init
./dev-java/ecj-gcj/files/ecj-gcj.in
./dev-java/jruby/files/jruby
./dev-java/maven-bin/files/maven
./dev-lang/php/files/php-fpm-r4.init
./dev-lang/python/files/pydoc.init
./dev-libs/collada-dom/files/take_snapshot.sh
./dev-libs/openssl/files/gentoo.config-0.9.8
./dev-libs/openssl/files/gentoo.config-1.0.0
./dev-libs/openssl/files/gentoo.config-1.0.1
./dev-perl/Perlbal/files/perlbal_init.d_1.58
./dev-tex/circuit_macros/files/cm2pdf
./dev-util/debugedit/files/update.sh
./dev-util/jif/files/jif
./games-arcade/gish-demo/files/gish-wrapper
./games-rpg/nwn/files/fixinstall
./gnome-base/gnome-menus/files/gnome-menus-3.8.0-ignore_kde_standalone.patch
./gnome-base/gnome-session/files/10-user-dirs-update-gnome-r1
./gnome-base/gnome-settings-daemon/files/gnome-settings-daemon-3.7.90-short-touchpad-timeout.patch
./gnome-extra/gdesklets-core/files/gdesklets-control-getid
./kde-base/kdebase-startkde/files/KDE-4
./mail-filter/sid-milter/files/sid-filter.init-r1
./mail-filter/spampd/files/init-r1
./mate-base/mate-session-manager/files/10-user-dirs-update-mate
./media-gfx/drqueue/files/drqueue-0.64.3-etc-initd-drqmd
./media-gfx/drqueue/files/drqueue-0.64.3-etc-initd-drqsd
./media-gfx/replicatorg/files/replicatorg
./media-libs/netpbm/files/make-tarball.sh
./media-libs/svgalib/files/svgalib-1.9.25-linux2.6.28.patch
./media-plugins/vdr-powermate/files/rc-addon.sh
./media-plugins/vdr-vcd/files/rc-addon.sh
./media-sound/gmpc/files/gmpc-11.8.16-icons.patch
./media-sound/mt-daapd/files/mt-daapd.init.2
./media-sound/peercast/files/peercast.initd
./media-sound/sonata/files/sonata-1.6.2.1-mpd18-compat.patch
./media-tv/freevo/files/freevo.boot
./media-tv/kodi/files/generate.sh
./media-tv/xbmc/files/generate.sh
./media-video/flumotion/files/flumotion-init-0.2.0
./media-video/mplayer/files/dump_ffmpeg.sh
./net-analyzer/flow-tools/files/flowcapture.confd
./net-analyzer/flow-tools/files/flowcapture.initd
./net-analyzer/flow-tools/files/linkme
./net-analyzer/greenbone-security-assistant/files/gsad
./net-analyzer/ipcad/files/ipcad-3.7-linux-2.6.35.patch
./net-analyzer/nagircbot/files/init
./net-analyzer/ndoutils/files/ndo2db.init-nagios3
./net-analyzer/p0f/files/p0f.initd3
./net-analyzer/sguil-server/files/sguild.initd
./net-analyzer/smokeping/files/smokeping.init.3
./net-dialup/mwavem/files/mwave-dev-handler
./net-dns/bind/files/generate-rndc-key.sh
./net-dns/totd/files/totd
./net-firewall/iptables/files/iptables-1.3.2.init
./net-fs/nfs-utils/files/nfs.initd
./net-fs/nfs-utils/files/nfsmount.initd
./net-fs/nfs-utils/files/rpc.gssd.initd
./net-fs/nfs-utils/files/rpc.idmapd.initd
./net-fs/nfs-utils/files/rpc.statd.initd
./net-fs/nfs-utils/files/rpc.svcgssd.initd
./net-fs/smbtad/files/smbtad.rc
./net-ftp/atftp/files/atftp.init
./net-libs/webkit-gtk/files/gir-paxctl-lt-wrapper
./net-mail/courier-imap/files/mkimapdcert
./net-mail/perdition/files/perdition.initd
./net-misc/arpsponge/files/arpsponge.initd
./net-misc/astmanproxy/files/astmanproxy.rc6
./net-misc/cfengine/files/cfenvd.rc6
./net-misc/cfengine/files/cf-execd.rc6
./net-misc/cfengine/files/cfexecd.rc6
./net-misc/cfengine/files/cf-monitord.rc6
./net-misc/cfengine/files/cfservd.rc6
./net-misc/cfengine/files/cf-serverd.rc6
./net-misc/chrome-remote-desktop/files/chrome-remote-desktop.rc
./net-misc/dhcp/files/dhcpd.init5
./net-misc/dhcp/files/dhcrelay.init3
./net-misc/iputils/files/rarpd.init.d
./net-misc/libreswan/files/ipsec.service
./net-misc/networkmanager/files/init.d.NetworkManager
./net-misc/ntp/files/man-pages/genmans.sh
./net-misc/openssh/files/sshd.rc6.4
./net-misc/openvpn/files/down.sh
./net-misc/openvpn/files/openvpn-2.1.init
./net-misc/openvpn/files/up.sh
./net-misc/rabbitmq-server/files/rabbitmq-server.init-r3
./net-misc/ser/files/ser.rc6
./net-misc/siproxd/files/siproxd.rc6
./net-misc/siproxd/files/siproxd.rc7
./net-misc/sobby/files/sobby-init-0.4.7
./net-misc/sslh/files/sslh.init.d-2
./net-misc/tlsdate/files/tlsdated.rc
./net-misc/tlsdate/files/tlsdate.rc
./net-nds/rpcbind/files/rpcbind.confd
./net-nds/rpcbind/files/rpcbind.initd
./net-nds/ypserv/files/ypserv
./net-p2p/multibit/files/multibit
./net-proxy/http-replicator/files/http-replicator-3.0-callrepcacheman-0.1
./net-proxy/http-replicator/files/http-replicator-3.0.init
./net-proxy/http-replicator/files/http-replicator-3.0-repcacheman-0.44
./net-proxy/http-replicator/files/http-replicator-3.0-repcacheman-0.44-r1
./net-proxy/http-replicator/files/http-replicator-3.0-repcacheman-0.44-r2
./net-voip/gnugk/files/gnugk.rc6
./net-voip/yate/files/yate.rc6
./net-wireless/bluez/files/bluez-plugdev.patch
./net-wireless/bluez/files/rfcomm-init.d-r2
./perl-core/DB_File/files/config.in
./sci-geosciences/gpsd/files/gpsd.init-2
./sci-geosciences/osm-gps-map/files/osm-gps-map-0.7.3-disable-compiler-warnings.patch
./sci-geosciences/osm-gps-map/files/osm-gps-map-0.7.3-fix-docs-location.patch
./sci-mathematics/reduce/files/csl
./sci-mathematics/reduce/files/redcsl
./sci-visualization/nonolith-connect/files/nonolith-connect.initd
./sys-apps/apparmor/files/apparmor-init
./sys-apps/busybox/files/mdev.rc
./sys-apps/busybox/files/mdev.rc.1
./sys-apps/busybox/files/mdev-start.sh
./sys-apps/collectl/files/collectl.initd-2
./sys-apps/logwatch/files/logwatch
./sys-apps/netplug/files/netplug-2
./sys-apps/preload/files/preload-0.6.4.init.in-r1
./sys-apps/preload/files/preload-0.6.4.init.in-r2
./sys-apps/setserial/files/serial-2.17-r4
./sys-apps/superiotool/files/make-tarball.sh
./sys-apps/sysvinit/files/reboot.sh
./sys-apps/sysvinit/files/shutdown.sh
./sys-apps/unscd/files/unscd.initd
./sys-apps/util-linux/files/crypto-loop.initd
./sys-block/afacli/files/afacli
./sys-block/dellmgr/files/dellmgr-r2
./sys-block/gparted/files/gparted-pkexec
./sys-block/megacli/files/megacli-wrapper
./sys-block/noflushd/files/noflushd.rc6
./sys-boot/yaboot/files/new-ofpath
./sys-cluster/ccs/files/ccsd.rc
./sys-cluster/csync2/files/csync2.initd
./sys-cluster/dlm/files/dlm.rc
./sys-cluster/ganglia/files/gmetad.rc
./sys-cluster/ganglia/files/gmetad.rc-2
./sys-cluster/ganglia/files/gmond.rc
./sys-cluster/ganglia/files/gmond.rc-2
./sys-cluster/rgmanager/files/rgmanager-2.0x.rc
./sys-devel/autoconf-wrapper/files/ac-wrapper-10.sh
./sys-devel/autoconf-wrapper/files/ac-wrapper-12.sh
./sys-devel/autoconf-wrapper/files/ac-wrapper-13.sh
./sys-devel/autoconf-wrapper/files/ac-wrapper-8.sh
./sys-devel/autoconf-wrapper/files/ac-wrapper-9.sh
./sys-devel/automake-wrapper/files/am-wrapper-3.sh
./sys-devel/automake-wrapper/files/am-wrapper-4.sh
./sys-devel/automake-wrapper/files/am-wrapper-5.sh
./sys-devel/automake-wrapper/files/am-wrapper-6.sh
./sys-devel/automake-wrapper/files/am-wrapper-7.sh
./sys-devel/automake-wrapper/files/am-wrapper-8.sh
./sys-devel/automake-wrapper/files/am-wrapper-9.sh
./sys-devel/binutils-config/files/binutils-config-1.9
./sys-devel/binutils-config/files/binutils-config-2
./sys-devel/binutils-config/files/binutils-config-3
./sys-devel/binutils-config/files/binutils-config-4
./sys-devel/distcc/files/3.0/init
./sys-devel/distcc/files/3.1/init
./sys-devel/gcc-config/files/gcc-config-1.5
./sys-devel/gcc-config/files/gcc-config-1.5.1
./sys-devel/gcc/files/c89
./sys-devel/gcc/files/c99
./sys-freebsd/freebsd-cddl/files/zvol.initd
./sys-freebsd/freebsd-cddl/files/zvol.initd-9.0
./sys-freebsd/freebsd-pf/files/pf.initd
./sys-freebsd/freebsd-sbin/files/idmapd.initd
./sys-freebsd/freebsd-usbin/files/iscsid.initd
./sys-freebsd/freebsd-usbin/files/nfs.initd
./sys-freebsd/freebsd-usbin/files/nfsmount.initd
./sys-freebsd/freebsd-usbin/files/nfsuserd.initd
./sys-freebsd/freebsd-usbin/files/powerd.initd
./sys-freebsd/freebsd-usbin/files/rpcbind.initd
./sys-freebsd/freebsd-usbin/files/rpc.lockd.initd
./sys-freebsd/freebsd-usbin/files/rpc.statd.initd
./sys-freebsd/freebsd-usbin/files/syscons.initd
./sys-freebsd/freebsd-usbin/files/syslogd.initd
./sys-freebsd/ubin-wrappers/files/dowrap
./sys-fs/cryptsetup/files/1.5.1-dmcrypt.rc
./sys-fs/cryptsetup/files/1.6.7-dmcrypt.rc
./sys-fs/devfsd/files/devfs-start.sh
./sys-fs/devfsd/files/devfs-stop.sh
./sys-fs/eudev/files/udev-postmount
./sys-fs/iprutils/files/iprdump
./sys-fs/iprutils/files/iprinit
./sys-fs/iprutils/files/iprupdate
./sys-fs/lvm2/files/clvmd.rc-2.02.39
./sys-fs/lvm2/files/lvmetad.initd-2.02.105-r2
./sys-fs/mdadm/files/mdadm.rc
./sys-fs/multipath-tools/files/multipath.rc
./sys-fs/owfs/files/owfs.initd
./sys-fs/owfs/files/owftpd.initd
./sys-fs/owfs/files/owhttpd.initd
./sys-fs/owfs/files/owserver.initd
./sys-fs/zfs/files/zed
./sys-libs/glibc/files/nscd
./sys-libs/libcxx/files/prepare_snapshot.sh
./sys-libs/libcxxrt/files/prepare_snapshot.sh
./sys-power/acpid/files/acpid-1.0.6-default.sh
./sys-power/apcupsd/files/apcupsd.init.4
./sys-power/athcool/files/athcool
./sys-power/nut/files/nut-2.2.2-init.d-upsd
./sys-power/nut/files/nut-2.2.2-init.d-upsdrv
./sys-power/nut/files/nut-2.2.2-init.d-upsmon
./sys-power/nut/files/nut-2.6.5-init.d-upsd
./sys-power/nut/files/nut-2.6.5-init.d-upsmon
./sys-process/anacron/files/anacron.rc6
./sys-process/at/files/atd.rc7
./sys-process/at/files/atd.rc8
./sys-process/cronbase/files/run-crons-0.3.3
./sys-process/dcron/files/dcron
./sys-process/dcron/files/dcron.init
./sys-process/dcron/files/dcron.init-4.4
./sys-process/dcron/files/dcron.init-4.5
./sys-process/runit/files/1
./sys-process/runit/files/2
./sys-process/runit/files/3
./sys-process/runit/files/ctrlaltdel
./sys-process/runit/files/finish.getty
./sys-process/runit/files/run.getty
./sys-process/vixie-cron/files/vixie-cron.rc6
./www-apache/mod_spdy/files/make-snapshot.sh
./www-apps/gallery/files/postinstall-en2.txt
./www-apps/trac/files/tracd.initd
./www-apps/webdavcgi/files/reconfig
./www-apps/webdavcgi/files/reconfig-suid
./www-servers/skunkweb/files/skunkweb-cron-cache_cleaner
./www-servers/skunkweb/files/skunkweb-init
./www-servers/varnish/files/varnishd.initd-r1
./www-servers/varnish/files/varnishd.initd-r2
./x11-drivers/nvidia-drivers/files/nvidia-persistenced.init
./x11-drivers/xf86-video-virtualbox/files/xf86-video-virtualbox-3-vboxvideo_drm.makefile
./x11-libs/libxcb/files/xcb-rebuilder.sh
./x11-wm/afterstep/files/afterstep
./x11-wm/icewm/files/icewm
Comment 1 SpanKY gentoo-dev 2015-05-26 08:47:53 UTC
why ?  git supports +x just fine.  in fact it'd be nice if we could add more +x bits to files in CVS ... sometimes i forgot to do it and regret it later.  having these be directly executable is nice: we can run them in place, or copy them into the right location without having to update the +x bits first/every time.
Comment 2 Ulrich Müller gentoo-dev 2015-05-26 09:41:12 UTC
(In reply to SpanKY from comment #1)
> why ?  git supports +x just fine.  in fact it'd be nice if we could add more
> +x bits to files in CVS ... sometimes i forgot to do it and regret it later.
> having these be directly executable is nice: we can run them in place, or
> copy them into the right location without having to update the +x bits
> first/every time.

Not sure if I understand your use case. When installing with the do* or new* functions, the permissions of the source file are ignored. The majority of the files listed seem to be init scripts which *should* be installed using doinitd.


Checking the first 10 packages, I cannot find any legitimate reason why the file in the tree should have the executable bit set:

> ./app-admin/diamond/files/diamond.initd
    newinitd "${FILESDIR}"/${PN}.initd ${PN}

> ./app-admin/hddtemp/files/update-hddtemp.db
    dosbin "${FILESDIR}"/update-hddtemp.db

> ./app-admin/metalog/files/metalog.initd
    newinitd "${FILESDIR}"/metalog.initd metalog

> ./app-admin/puppet/files/puppet.init
    # file not used?

> ./app-admin/puppet/files/puppetmaster.init
    # file not used?

> ./app-admin/sysrqd/files/sysrqd.init
    newinitd "${FILESDIR}/sysrqd.init" sysrqd

> ./app-admin/webmin/files/gentoo-setup
    newins "${FILESDIR}"/gentoo-setup gentoo-setup.sh
    fperms 0744 /usr/libexec/webmin/gentoo-setup.sh

> ./app-antivirus/clamav/files/clamd.initd-r3
    # file not used?

> ./app-antivirus/clamav/files/clamd.initd-r5
    # file not used?

> ./app-antivirus/clamav/files/clamd.initd-r6
    newinitd "${FILESDIR}"/clamd.initd-r6 clamd

> ./app-arch/makeself/files/makeself-unpack
    dobin makeself-header.sh makeself.sh "${FILESDIR}"/makeself-unpack

> ./app-backup/tsm/files/dsmcad.init.d-r1
    newinitd "${FILESDIR}/dsmcad.init.d-r1" dsmcad

> ./app-crypt/tpm-emulator/files/tpm-emulator.initd-0.7.4
    newinitd "${FILESDIR}"/${PN}.initd-0.7.4 ${PN}
Comment 3 SpanKY gentoo-dev 2015-05-26 13:19:23 UTC
(In reply to Ulrich Müller from comment #2)

i'm talking about testing files outside of the ebuild.  the question still stands: what exactly is the problem with allowing the +x bit ?  CVS & SVN & GIT all support it fine.
Comment 4 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2015-05-26 17:59:51 UTC
Git actually handles the +x bit considerably better than CVS does, but I want to get away from ANY file in the repo that is not meant to be executed in that path.

So far, the ones that stay:
/scripts/bootstrap.sh
/eclass/tests/*.sh
scripts executed in-place by ebuilds (but I hope this violates some other QA rule so we can remove them).

Ones that should go:
stuff that installs in /etc/init.d/
stuff that installs in /etc/conf.d/
*.{patch,diff,txt,desktop,service}

Maybe we add a QA warning on 'cp' being used for a file with +x on the source filesdir?
Comment 5 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2015-05-26 18:14:28 UTC
There's no real reason to keep executable bits on any scripts at all. Shell scripts you can run using shell, which also works on noexec mounts. I'd say we drop the +x bits as a misfeature that wasn't likely used by anyone but vapier.
Comment 6 SpanKY gentoo-dev 2015-05-27 02:02:08 UTC
no one here has provided *any* reason for dropping the +x bit.  you can undo it in CVS since infra has admin access, but it's trivial to restore it in git with a commit.
Comment 7 Ulrich Müller gentoo-dev 2015-05-27 07:47:14 UTC
Created attachment 404056 [details]
review of executable files

Attached is the list of files prefixed with a number indicating their status.

1: removing the executable bit should be safe
2: file is not referenced at all from ebuilds (i.e. files previously
   installed but missed when removing the old ebuild)
3: executable bit is needed (e.g., file is installed with cp)
4: not referenced from ebuilds, but intended to be executed directly
   (make-tarball.sh &c.)
Comment 8 Ulrich Müller gentoo-dev 2015-05-27 07:53:00 UTC
(In reply to SpanKY from comment #6)
> no one here has provided *any* reason for dropping the +x bit.  you can undo
> it in CVS since infra has admin access, but it's trivial to restore it in
> git with a commit.

To clarify, QA does _not_ have any policy that +x would be disallowed. Still, it would be cleaner if the bit was removed for the 95 % of files where it isn't needed.
Comment 9 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2015-05-27 10:13:27 UTC
However, it may be a good idea to create such a policy. We can't assume that +x will be preserved reliably, and we certainly mustn't allow ebuilds to rely on that. And as I see it, the only reliable way of preventing that is to make repoman reject any +x files in filesdir.

That said, there's no reason to keep any of the other ebuild files, profile files or eclass files executable, so repoman should cover them as well to check for accidental +x.
Comment 10 SpanKY gentoo-dev 2015-05-27 10:40:09 UTC
(In reply to Michał Górny from comment #9)

i'm not aware of any ebuild ever relying on the file being +x to be installed that way (nor am i advocating for it).  so you're attempting to ban something which hasn't shown to be an actual problem.  conversely, i have found it to be useful a number of times as a matter of convenience to have these be directly executable for local development & testing.

checking & rejecting +x on files where it doesn't make sense (*.ebuild, *.eclass, *.patch, *.xml, ChangeLog*, etc...) is fine, but i also don't see a lot of value: has anyone ever actually committed one of those files with +x ?
Comment 11 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2015-05-27 10:49:21 UTC
Yes, developers did that. There were bugs open about it. Infra fixed the bits in CVS. The files are still +x in the git mirror because of poor +x support in cvs/rsync.
Comment 12 Ulrich Müller gentoo-dev 2015-05-27 12:21:35 UTC
(In reply to Ulrich Müller from comment #7)
> Created attachment 404056 [details]

> 3 sys-boot/yaboot/files/new-ofpath

Sorry, this was a false positive, so can be marked with 1 instead.
(The package's build system installs the file using "install -m 0755" so should be fine without the permission bit in FILESDIR.)

> 3 net-analyzer/nagircbot/files/init

Bug 550542.

> 3 sys-freebsd/ubin-wrappers/files/dowrap

Bug 550540.
Comment 13 Ulrich Müller gentoo-dev 2015-05-30 08:58:18 UTC
(In reply to Robin Johnson from comment #4)
> So far, the ones that stay:
> /scripts/bootstrap.sh
> /eclass/tests/*.sh
> scripts executed in-place by ebuilds (but I hope this violates some other QA
> rule so we can remove them).

I have found only one instance of this (bug 550540) and it is gone now.

> Ones that should go:
> stuff that installs in /etc/init.d/
> stuff that installs in /etc/conf.d/
> *.{patch,diff,txt,desktop,service}

It should be save to remove the bit for all of these; everything is being installed with doconfd/doinitd. The single package that used cp has been fixed (bug 550542).

So, the executable bit can be removed for all files in the original list, except for the following maintainers' scripts where it should stay:

   app-emulation/virtualbox-modules/files/create_vbox_modules_tarball.sh
   app-mobilephone/bitpim/files/maketarball
   dev-libs/collada-dom/files/take_snapshot.sh
   dev-util/debugedit/files/update.sh
   media-libs/netpbm/files/make-tarball.sh
   media-tv/kodi/files/generate.sh
   media-tv/xbmc/files/generate.sh
   net-misc/ntp/files/man-pages/genmans.sh
   sys-apps/superiotool/files/make-tarball.sh
   sys-libs/libcxx/files/prepare_snapshot.sh
   sys-libs/libcxxrt/files/prepare_snapshot.sh
   www-apache/mod_spdy/files/make-snapshot.sh