|
|
|---|
if [[ $UNSAFE > 0 ]]; then | if [[ $UNSAFE > 0 ]]; then |
die "There are ${UNSAFE} unsafe files. Portage will not install them." | die "There are ${UNSAFE} unsafe files. Portage will not install them." |
fi | fi |
|
|
|
find ${D}/ -user portage -print0 | $XARGS -0 -n100 chown root |
|
if [ "$USERLAND" == "BSD" ]; then |
|
find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp wheel |
|
else |
|
find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp root |
|
fi |
|
|
|
echo ">>> Completed installing into ${D}" |
|
echo |
|
cd ${BUILDDIR} |
|
trap SIGINT SIGQUIT |
|
} |
|
|
|
dyn_preinst() { |
|
pkg_preinst |
|
|
|
# set IMAGE depending if this is a binary or compile merge |
|
[ "${EMERGE_FROM}" == "binary" ] && IMAGE=${PKG_TMPDIR}/${PF} \ |
|
|| IMAGE=${D} |
|
|
|
# remove man pages |
|
if has noman $FEATURES; then |
|
rm -fR ${IMAGE}/usr/share/man |
|
fi |
|
|
|
# remove info pages |
|
if has noinfo $FEATURES; then |
|
rm -fR ${IMAGE}/usr/share/info |
|
fi |
|
|
|
# remove docs |
|
if has nodoc $FEATURES; then |
|
rm -fR ${IMAGE}/usr/share/doc |
|
fi |
| |
# Smart FileSystem Permissions | # Smart FileSystem Permissions |
if has sfperms $FEATURES; then | if has sfperms $FEATURES; then |
for i in $(find ${D}/ -type f -perm -4000); do |
for i in $(find ${IMAGE}/ -type f -perm -4000); do |
ebegin ">>> SetUID: [chmod go-r] $i " | ebegin ">>> SetUID: [chmod go-r] $i " |
chmod go-r $i | chmod go-r $i |
eend $? | eend $? |
done | done |
for i in $(find ${D}/ -type f -perm -2000); do |
for i in $(find ${IMAGE}/ -type f -perm -2000); do |
ebegin ">>> SetGID: [chmod o-r] $i " | ebegin ">>> SetGID: [chmod o-r] $i " |
chmod o-r $i | chmod o-r $i |
eend $? | eend $? |
done | done |
fi | fi |
|
|
find ${D}/ -user portage -print0 | $XARGS -0 -n100 chown root |
|
if [ "$USERLAND" == "BSD" ]; then |
|
find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp wheel |
|
else |
|
find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp root |
|
fi |
|
| |
|
# SELinux file labeling (needs to always be last in dyn_preinst) |
if use selinux; then | if use selinux; then |
if [ -x /usr/sbin/setfiles ]; then |
# only attempt to label if setfiles is executable |
|
# and 'context' is available on selinuxfs. |
|
if [ -f /selinux/context -a -x /usr/sbin/setfiles ]; then |
|
echo ">>> Setting SELinux security labels" |
if [ -f ${POLICYDIR}/file_contexts/file_contexts ]; then | if [ -f ${POLICYDIR}/file_contexts/file_contexts ]; then |
cp -f ${POLICYDIR}/file_contexts/file_contexts ${T} | cp -f ${POLICYDIR}/file_contexts/file_contexts ${T} |
else | else |
|
|
|---|
fi | fi |
| |
addwrite /selinux/context | addwrite /selinux/context |
/usr/sbin/setfiles -r ${D} ${T}/file_contexts ${D} |
/usr/sbin/setfiles -r ${IMAGE} ${T}/file_contexts ${IMAGE} \ |
|
|| die "Failed to set SELinux security labels." |
|
else |
|
# nonfatal, since merging can happen outside a SE kernel |
|
# like during a recovery situation |
|
echo "!!! Unable to set SELinux security labels" |
fi | fi |
fi | fi |
|
|
echo ">>> Completed installing into ${D}" |
|
echo |
|
cd ${BUILDDIR} |
|
trap SIGINT SIGQUIT | trap SIGINT SIGQUIT |
} | } |
| |
|
|
|---|
nofetch) | nofetch) |
pkg_nofetch | pkg_nofetch |
;; | ;; |
prerm|postrm|preinst|postinst|config) |
prerm|postrm|postinst|config) |
export SANDBOX_ON="0" | export SANDBOX_ON="0" |
if [ "$PORTAGE_DEBUG" != "1" ]; then | if [ "$PORTAGE_DEBUG" != "1" ]; then |
pkg_${myarg} | pkg_${myarg} |
|
|
|---|
fi | fi |
export SANDBOX_ON="0" | export SANDBOX_ON="0" |
;; | ;; |
help|clean|setup) |
help|clean|setup|preinst) |
#pkg_setup needs to be out of the sandbox for tmp file creation; | #pkg_setup needs to be out of the sandbox for tmp file creation; |
#for example, awking and piping a file in /tmp requires a temp file to be created | #for example, awking and piping a file in /tmp requires a temp file to be created |
#in /etc. If pkg_setup is in the sandbox, both our lilo and apache ebuilds break. | #in /etc. If pkg_setup is in the sandbox, both our lilo and apache ebuilds break. |
