From 22144b96d1fba1235e3b67c9cba536c3963d76ec Mon Sep 17 00:00:00 2001 From: Zac Medico Date: Thu, 9 Mar 2006 04:15:19 +0000 Subject: [PATCH] Split install_mask and parts of dyn_preinst from ebuild.sh to misc-functions.sh and add the necessary support to doebuild. svn path=/main/trunk/; revision=2832 --- bin/ebuild.sh | 91 ++---------------------------- bin/misc-functions.sh | 128 ++++++++++++++++++++++++++++++++++++++++++ pym/portage.py | 16 +++++- 3 files changed, 147 insertions(+), 88 deletions(-) diff --git a/bin/ebuild.sh b/bin/ebuild.sh index 87d72f4f5..288d68602 100755 --- a/bin/ebuild.sh +++ b/bin/ebuild.sh @@ -1324,100 +1324,17 @@ install_mask() { } dyn_preinst() { - # set IMAGE depending if this is a binary or compile merge - [ "${EMERGE_FROM}" == "binary" ] && IMAGE=${PKG_TMPDIR}/${PF}/bin \ - || IMAGE=${D} + if [ -z "$IMAGE" ]; then + eerror "${FUNCNAME}: IMAGE is unset" + return 1 + fi [ "$(type -t pre_pkg_preinst)" == "function" ] && pre_pkg_preinst declare -r D=${IMAGE} pkg_preinst - # remove man pages, info pages, docs if requested - for f in man info doc; do - if hasq no${f} $FEATURES; then - INSTALL_MASK="${INSTALL_MASK} /usr/share/${f}" - fi - done - - install_mask "${IMAGE}" ${INSTALL_MASK} - - # remove share dir if unnessesary - if hasq nodoc $FEATURES -o hasq noman $FEATURES -o hasq noinfo $FEATURES; then - rmdir "${IMAGE}/usr/share" &> /dev/null - fi - - # Smart FileSystem Permissions - if hasq sfperms $FEATURES; then - for i in $(find ${IMAGE}/ -type f -perm -4000); do - ebegin ">>> SetUID: [chmod go-r] $i " - chmod go-r "$i" - eend $? - done - for i in $(find ${IMAGE}/ -type f -perm -2000); do - ebegin ">>> SetGID: [chmod o-r] $i " - chmod o-r "$i" - eend $? - done - fi - - # total suid control. - if hasq suidctl $FEATURES > /dev/null ; then - sfconf=/etc/portage/suidctl.conf - echo ">>> Preforming suid scan in ${IMAGE}" - for i in $(find ${IMAGE}/ -type f \( -perm -4000 -o -perm -2000 \) ); do - if [ -s "${sfconf}" ]; then - suid="`grep ^${i/${IMAGE}/}$ ${sfconf}`" - if [ "${suid}" = "${i/${IMAGE}/}" ]; then - echo "- ${i/${IMAGE}/} is an approved suid file" - else - echo ">>> Removing sbit on non registered ${i/${IMAGE}/}" - for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done - echo -ne "\a" - chmod ugo-s "${i}" - grep ^#${i/${IMAGE}/}$ ${sfconf} > /dev/null || { - # sandbox prevents us from writing directly - # to files outside of the sandbox, but this - # can easly be bypassed using the addwrite() function - addwrite "${sfconf}" - echo ">>> Appending commented out entry to ${sfconf} for ${PF}" - ls_ret=`ls -ldh "${i}"` - echo "## ${ls_ret%${IMAGE}*}${ls_ret#*${IMAGE}}" >> ${sfconf} - echo "#${i/${IMAGE}/}" >> ${sfconf} - # no delwrite() eh? - # delwrite ${sconf} - } - fi - else - echo "suidctl feature set but you are lacking a ${sfconf}" - fi - done - fi - - # SELinux file labeling (needs to always be last in dyn_preinst) - if hasq selinux ${FEATURES} ; then - # only attempt to label if setfiles is executable - # and 'context' is available on selinuxfs. - if [ -f /selinux/context -a -x /usr/sbin/setfiles -a -x /usr/sbin/selinuxconfig ]; then - echo ">>> Setting SELinux security labels" - ( - eval "$(/usr/sbin/selinuxconfig)" || \ - die "Failed to determine SELinux policy paths."; - - addwrite /selinux/context; - - /usr/sbin/setfiles "${file_contexts_path}" -r "${IMAGE}" "${IMAGE}"; - ) || die "Failed to set SELinux security labels." - else - # nonfatal, since merging can happen outside a SE kernel - # like during a recovery situation - echo "!!! Unable to set SELinux security labels" - fi - fi - [ "$(type -t post_pkg_preinst)" == "function" ] && post_pkg_preinst - - trap SIGINT SIGQUIT } dyn_spec() { diff --git a/bin/misc-functions.sh b/bin/misc-functions.sh index 0eb184b30..605c4a8dd 100644 --- a/bin/misc-functions.sh +++ b/bin/misc-functions.sh @@ -16,6 +16,134 @@ MISC_FUNCTIONS_ARGS="$@" shift $# source /usr/lib/portage/bin/ebuild.sh +install_mask() { + local root="$1" + shift + local install_mask="$*" + + # we don't want globbing for initial expansion, but afterwards, we do + local shopts=$- + set -o noglob + for no_inst in ${install_mask}; do + set +o noglob + einfo "Removing ${no_inst}" + # normal stuff + rm -Rf ${root}/${no_inst} >&/dev/null + + # we also need to handle globs (*.a, *.h, etc) + find "${root}" -name ${no_inst} -exec rm -fR {} \; >/dev/null + done + # set everything back the way we found it + set +o noglob + set -${shopts} +} + +preinst_mask() { + if [ -z "$IMAGE" ]; then + eerror "${FUNCNAME}: IMAGE is unset" + return 1 + fi + # remove man pages, info pages, docs if requested + for f in man info doc; do + if hasq no${f} $FEATURES; then + INSTALL_MASK="${INSTALL_MASK} /usr/share/${f}" + fi + done + + install_mask "${IMAGE}" ${INSTALL_MASK} + + # remove share dir if unnessesary + if hasq nodoc $FEATURES -o hasq noman $FEATURES -o hasq noinfo $FEATURES; then + rmdir "${IMAGE}/usr/share" &> /dev/null + fi +} + +preinst_sfperms() { + if [ -z "$IMAGE" ]; then + eerror "${FUNCNAME}: IMAGE is unset" + return 1 + fi + # Smart FileSystem Permissions + if hasq sfperms $FEATURES; then + for i in $(find ${IMAGE}/ -type f -perm -4000); do + ebegin ">>> SetUID: [chmod go-r] $i " + chmod go-r "$i" + eend $? + done + for i in $(find ${IMAGE}/ -type f -perm -2000); do + ebegin ">>> SetGID: [chmod o-r] $i " + chmod o-r "$i" + eend $? + done + fi +} + +preinst_suid_scan() { + if [ -z "$IMAGE" ]; then + eerror "${FUNCNAME}: IMAGE is unset" + return 1 + fi + # total suid control. + if hasq suidctl $FEATURES; then + sfconf=/etc/portage/suidctl.conf + echo ">>> Preforming suid scan in ${IMAGE}" + for i in $(find ${IMAGE}/ -type f \( -perm -4000 -o -perm -2000 \) ); do + if [ -s "${sfconf}" ]; then + suid="`grep ^${i/${IMAGE}/}$ ${sfconf}`" + if [ "${suid}" = "${i/${IMAGE}/}" ]; then + echo "- ${i/${IMAGE}/} is an approved suid file" + else + echo ">>> Removing sbit on non registered ${i/${IMAGE}/}" + for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done + echo -ne "\a" + chmod ugo-s "${i}" + grep ^#${i/${IMAGE}/}$ ${sfconf} > /dev/null || { + # sandbox prevents us from writing directly + # to files outside of the sandbox, but this + # can easly be bypassed using the addwrite() function + addwrite "${sfconf}" + echo ">>> Appending commented out entry to ${sfconf} for ${PF}" + ls_ret=`ls -ldh "${i}"` + echo "## ${ls_ret%${IMAGE}*}${ls_ret#*${IMAGE}}" >> ${sfconf} + echo "#${i/${IMAGE}/}" >> ${sfconf} + # no delwrite() eh? + # delwrite ${sconf} + } + fi + else + echo "suidctl feature set but you are lacking a ${sfconf}" + fi + done + fi +} + +preinst_selinux_labels() { + if [ -z "$IMAGE" ]; then + eerror "${FUNCNAME}: IMAGE is unset" + return 1 + fi + if hasq selinux ${FEATURES}; then + # SELinux file labeling (needs to always be last in dyn_preinst) + # only attempt to label if setfiles is executable + # and 'context' is available on selinuxfs. + if [ -f /selinux/context -a -x /usr/sbin/setfiles -a -x /usr/sbin/selinuxconfig ]; then + echo ">>> Setting SELinux security labels" + ( + eval "$(/usr/sbin/selinuxconfig)" || \ + die "Failed to determine SELinux policy paths."; + + addwrite /selinux/context; + + /usr/sbin/setfiles "${file_contexts_path}" -r "${IMAGE}" "${IMAGE}"; + ) || die "Failed to set SELinux security labels." + else + # nonfatal, since merging can happen outside a SE kernel + # like during a recovery situation + echo "!!! Unable to set SELinux security labels" + fi + fi +} + dyn_package() { cd "${PORTAGE_BUILDDIR}/image" install_mask "${PORTAGE_BUILDDIR}/image" ${PKG_INSTALL_MASK} diff --git a/pym/portage.py b/pym/portage.py index 6468b0f87..08187a8c8 100644 --- a/pym/portage.py +++ b/pym/portage.py @@ -2749,7 +2749,21 @@ def doebuild(myebuild,mydo,myroot,mysettings,debug=0,listonly=0,fetchonly=0,clea logfile=None if mydo in ["help","clean","setup"]: return spawn(EBUILD_SH_BINARY+" "+mydo,mysettings,debug=debug,free=1,logfile=logfile) - elif mydo in ["prerm","postrm","preinst","postinst","config"]: + elif mydo == "preinst": + mysettings.load_infodir(pkg_dir) + if mysettings.has_key("EMERGE_FROM") and "binary" == mysettings["EMERGE_FROM"]: + mysettings["IMAGE"] = os.path.join(mysettings["PKG_TMPDIR"], mysettings["PF"], "bin") + else: + mysettings["IMAGE"] = mysettings["D"] + phase_retval = spawn(" ".join((EBUILD_SH_BINARY, mydo)), mysettings, debug=debug, free=1, logfile=logfile) + if phase_retval == os.EX_OK: + # Post phase logic and tasks that have been factored out of ebuild.sh. + myargs = [MISC_SH_BINARY, "preinst_mask", "preinst_sfperms", + "preinst_selinux_labels", "preinst_suid_scan"] + spawn(" ".join(myargs), mysettings, debug=debug, free=1, logfile=logfile) + del mysettings["IMAGE"] + return phase_retval + elif mydo in ["prerm","postrm","postinst","config"]: mysettings.load_infodir(pkg_dir) return spawn(EBUILD_SH_BINARY+" "+mydo,mysettings,debug=debug,free=1,logfile=logfile) -- 2.26.2