Lines 795-824
Link Here
|
795 |
if [[ $UNSAFE > 0 ]]; then |
795 |
if [[ $UNSAFE > 0 ]]; then |
796 |
die "There are ${UNSAFE} unsafe files. Portage will not install them." |
796 |
die "There are ${UNSAFE} unsafe files. Portage will not install them." |
797 |
fi |
797 |
fi |
|
|
798 |
|
799 |
find ${D}/ -user portage -print0 | $XARGS -0 -n100 chown root |
800 |
if [ "$USERLAND" == "BSD" ]; then |
801 |
find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp wheel |
802 |
else |
803 |
find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp root |
804 |
fi |
805 |
|
806 |
echo ">>> Completed installing into ${D}" |
807 |
echo |
808 |
cd ${BUILDDIR} |
809 |
trap SIGINT SIGQUIT |
810 |
} |
811 |
|
812 |
dyn_preinst() { |
813 |
pkg_preinst |
814 |
|
815 |
# set IMAGE depending if this is a binary or compile merge |
816 |
[ "${EMERGE_FROM}" == "binary" ] && IMAGE=${PKG_TMPDIR}/${PF} \ |
817 |
|| IMAGE=${D} |
818 |
|
819 |
# remove man pages |
820 |
if has noman $FEATURES; then |
821 |
rm -fR ${IMAGE}/usr/share/man |
822 |
fi |
823 |
|
824 |
# remove info pages |
825 |
if has noinfo $FEATURES; then |
826 |
rm -fR ${IMAGE}/usr/share/info |
827 |
fi |
828 |
|
829 |
# remove docs |
830 |
if has nodoc $FEATURES; then |
831 |
rm -fR ${IMAGE}/usr/share/doc |
832 |
fi |
798 |
|
833 |
|
799 |
# Smart FileSystem Permissions |
834 |
# Smart FileSystem Permissions |
800 |
if has sfperms $FEATURES; then |
835 |
if has sfperms $FEATURES; then |
801 |
for i in $(find ${D}/ -type f -perm -4000); do |
836 |
for i in $(find ${IMAGE}/ -type f -perm -4000); do |
802 |
ebegin ">>> SetUID: [chmod go-r] $i " |
837 |
ebegin ">>> SetUID: [chmod go-r] $i " |
803 |
chmod go-r $i |
838 |
chmod go-r $i |
804 |
eend $? |
839 |
eend $? |
805 |
done |
840 |
done |
806 |
for i in $(find ${D}/ -type f -perm -2000); do |
841 |
for i in $(find ${IMAGE}/ -type f -perm -2000); do |
807 |
ebegin ">>> SetGID: [chmod o-r] $i " |
842 |
ebegin ">>> SetGID: [chmod o-r] $i " |
808 |
chmod o-r $i |
843 |
chmod o-r $i |
809 |
eend $? |
844 |
eend $? |
810 |
done |
845 |
done |
811 |
fi |
846 |
fi |
812 |
|
|
|
813 |
find ${D}/ -user portage -print0 | $XARGS -0 -n100 chown root |
814 |
if [ "$USERLAND" == "BSD" ]; then |
815 |
find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp wheel |
816 |
else |
817 |
find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp root |
818 |
fi |
819 |
|
847 |
|
|
|
848 |
# SELinux file labeling (needs to always be last in dyn_preinst) |
820 |
if use selinux; then |
849 |
if use selinux; then |
821 |
if [ -x /usr/sbin/setfiles ]; then |
850 |
# only attempt to label if setfiles is executable |
|
|
851 |
# and 'context' is available on selinuxfs. |
852 |
if [ -f /selinux/context -a -x /usr/sbin/setfiles ]; then |
853 |
echo ">>> Setting SELinux security labels" |
822 |
if [ -f ${POLICYDIR}/file_contexts/file_contexts ]; then |
854 |
if [ -f ${POLICYDIR}/file_contexts/file_contexts ]; then |
823 |
cp -f ${POLICYDIR}/file_contexts/file_contexts ${T} |
855 |
cp -f ${POLICYDIR}/file_contexts/file_contexts ${T} |
824 |
else |
856 |
else |
Lines 826-838
Link Here
|
826 |
fi |
858 |
fi |
827 |
|
859 |
|
828 |
addwrite /selinux/context |
860 |
addwrite /selinux/context |
829 |
/usr/sbin/setfiles -r ${D} ${T}/file_contexts ${D} |
861 |
/usr/sbin/setfiles -r ${IMAGE} ${T}/file_contexts ${IMAGE} \ |
|
|
862 |
|| die "Failed to set SELinux security labels." |
863 |
else |
864 |
# nonfatal, since merging can happen outside a SE kernel |
865 |
# like during a recovery situation |
866 |
echo "!!! Unable to set SELinux security labels" |
830 |
fi |
867 |
fi |
831 |
fi |
868 |
fi |
832 |
|
|
|
833 |
echo ">>> Completed installing into ${D}" |
834 |
echo |
835 |
cd ${BUILDDIR} |
836 |
trap SIGINT SIGQUIT |
869 |
trap SIGINT SIGQUIT |
837 |
} |
870 |
} |
838 |
|
871 |
|
Lines 1232-1238
Link Here
|
1232 |
nofetch) |
1265 |
nofetch) |
1233 |
pkg_nofetch |
1266 |
pkg_nofetch |
1234 |
;; |
1267 |
;; |
1235 |
prerm|postrm|preinst|postinst|config) |
1268 |
prerm|postrm|postinst|config) |
1236 |
export SANDBOX_ON="0" |
1269 |
export SANDBOX_ON="0" |
1237 |
if [ "$PORTAGE_DEBUG" != "1" ]; then |
1270 |
if [ "$PORTAGE_DEBUG" != "1" ]; then |
1238 |
pkg_${myarg} |
1271 |
pkg_${myarg} |
Lines 1261-1267
Link Here
|
1261 |
fi |
1294 |
fi |
1262 |
export SANDBOX_ON="0" |
1295 |
export SANDBOX_ON="0" |
1263 |
;; |
1296 |
;; |
1264 |
help|clean|setup) |
1297 |
help|clean|setup|preinst) |
1265 |
#pkg_setup needs to be out of the sandbox for tmp file creation; |
1298 |
#pkg_setup needs to be out of the sandbox for tmp file creation; |
1266 |
#for example, awking and piping a file in /tmp requires a temp file to be created |
1299 |
#for example, awking and piping a file in /tmp requires a temp file to be created |
1267 |
#in /etc. If pkg_setup is in the sandbox, both our lilo and apache ebuilds break. |
1300 |
#in /etc. If pkg_setup is in the sandbox, both our lilo and apache ebuilds break. |