diff options
| author |   Zac Medico <zmedico@gentoo.org> | 2006-03-09 04:15:19 +0000 |
|---|---|---|
| committer | Zac Medico <zmedico@gentoo.org> | 2006-03-09 04:15:19 +0000 |
| commit | 22144b96d1fba1235e3b67c9cba536c3963d76ec (patch) | |
| tree | 14b4501ca609ee8ab0473cdd29145d126cadfcee /bin/misc-functions.sh | |
| parent | Split dyn_package from ebuild.sh to misc-functions.sh and add MISC_SH_BINARY ... (diff) | |
| download | portage-multirepo-22144b96d1fba1235e3b67c9cba536c3963d76ec.tar.gz portage-multirepo-22144b96d1fba1235e3b67c9cba536c3963d76ec.tar.bz2 portage-multirepo-22144b96d1fba1235e3b67c9cba536c3963d76ec.zip | |
Split install_mask and parts of dyn_preinst from ebuild.sh to misc-functions.sh and add the necessary support to doebuild.
svn path=/main/trunk/; revision=2832
Diffstat (limited to 'bin/misc-functions.sh')
| -rw-r--r-- | bin/misc-functions.sh | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh index 0eb184b3..605c4a8d 100644 --- a/bin/misc-functions.sh +++ b/bin/misc-functions.sh @@ -16,6 +16,134 @@ MISC_FUNCTIONS_ARGS="$@" shift $# source /usr/lib/portage/bin/ebuild.sh +install_mask() { + local root="$1" + shift + local install_mask="$*" + + # we don't want globbing for initial expansion, but afterwards, we do + local shopts=$- + set -o noglob + for no_inst in ${install_mask}; do + set +o noglob + einfo "Removing ${no_inst}" + # normal stuff + rm -Rf ${root}/${no_inst} >&/dev/null + + # we also need to handle globs (*.a, *.h, etc) + find "${root}" -name ${no_inst} -exec rm -fR {} \; >/dev/null + done + # set everything back the way we found it + set +o noglob + set -${shopts} +} + +preinst_mask() { + if [ -z "$IMAGE" ]; then + eerror "${FUNCNAME}: IMAGE is unset" + return 1 + fi + # remove man pages, info pages, docs if requested + for f in man info doc; do + if hasq no${f} $FEATURES; then + INSTALL_MASK="${INSTALL_MASK} /usr/share/${f}" + fi + done + + install_mask "${IMAGE}" ${INSTALL_MASK} + + # remove share dir if unnessesary + if hasq nodoc $FEATURES -o hasq noman $FEATURES -o hasq noinfo $FEATURES; then + rmdir "${IMAGE}/usr/share" &> /dev/null + fi +} + +preinst_sfperms() { + if [ -z "$IMAGE" ]; then + eerror "${FUNCNAME}: IMAGE is unset" + return 1 + fi + # Smart FileSystem Permissions + if hasq sfperms $FEATURES; then + for i in $(find ${IMAGE}/ -type f -perm -4000); do + ebegin ">>> SetUID: [chmod go-r] $i " + chmod go-r "$i" + eend $? + done + for i in $(find ${IMAGE}/ -type f -perm -2000); do + ebegin ">>> SetGID: [chmod o-r] $i " + chmod o-r "$i" + eend $? + done + fi +} + +preinst_suid_scan() { + if [ -z "$IMAGE" ]; then + eerror "${FUNCNAME}: IMAGE is unset" + return 1 + fi + # total suid control. + if hasq suidctl $FEATURES; then + sfconf=/etc/portage/suidctl.conf + echo ">>> Preforming suid scan in ${IMAGE}" + for i in $(find ${IMAGE}/ -type f \( -perm -4000 -o -perm -2000 \) ); do + if [ -s "${sfconf}" ]; then + suid="`grep ^${i/${IMAGE}/}$ ${sfconf}`" + if [ "${suid}" = "${i/${IMAGE}/}" ]; then + echo "- ${i/${IMAGE}/} is an approved suid file" + else + echo ">>> Removing sbit on non registered ${i/${IMAGE}/}" + for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done + echo -ne "\a" + chmod ugo-s "${i}" + grep ^#${i/${IMAGE}/}$ ${sfconf} > /dev/null || { + # sandbox prevents us from writing directly + # to files outside of the sandbox, but this + # can easly be bypassed using the addwrite() function + addwrite "${sfconf}" + echo ">>> Appending commented out entry to ${sfconf} for ${PF}" + ls_ret=`ls -ldh "${i}"` + echo "## ${ls_ret%${IMAGE}*}${ls_ret#*${IMAGE}}" >> ${sfconf} + echo "#${i/${IMAGE}/}" >> ${sfconf} + # no delwrite() eh? + # delwrite ${sconf} + } + fi + else + echo "suidctl feature set but you are lacking a ${sfconf}" + fi + done + fi +} + +preinst_selinux_labels() { + if [ -z "$IMAGE" ]; then + eerror "${FUNCNAME}: IMAGE is unset" + return 1 + fi + if hasq selinux ${FEATURES}; then + # SELinux file labeling (needs to always be last in dyn_preinst) + # only attempt to label if setfiles is executable + # and 'context' is available on selinuxfs. + if [ -f /selinux/context -a -x /usr/sbin/setfiles -a -x /usr/sbin/selinuxconfig ]; then + echo ">>> Setting SELinux security labels" + ( + eval "$(/usr/sbin/selinuxconfig)" || \ + die "Failed to determine SELinux policy paths."; + + addwrite /selinux/context; + + /usr/sbin/setfiles "${file_contexts_path}" -r "${IMAGE}" "${IMAGE}"; + ) || die "Failed to set SELinux security labels." + else + # nonfatal, since merging can happen outside a SE kernel + # like during a recovery situation + echo "!!! Unable to set SELinux security labels" + fi + fi +} + dyn_package() { cd "${PORTAGE_BUILDDIR}/image" install_mask "${PORTAGE_BUILDDIR}/image" ${PKG_INSTALL_MASK} |