Attachment #20605 for bug #31748




	if [[ $UNSAFE > 0 ]]; then
		die "There are ${UNSAFE} unsafe files. Portage will not install them."
	fi
	
	find ${D}/ -user  portage -print0 | $XARGS -0 -n100 chown root
	if [ "$USERLAND" == "BSD" ]; then
		find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp wheel
	else
		find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp root
	fi

	echo ">>> Completed installing into ${D}"
	echo
	cd ${BUILDDIR}
	trap SIGINT SIGQUIT
}

dyn_preinst() {
	pkg_preinst

	# set IMAGE depending if this is a binary or compile merge
	[ "${EMERGE_FROM}" == "binary" ] && IMAGE=${PKG_TMPDIR}/${PF} \
					|| IMAGE=${D}

	# remove man pages
	if has noman $FEATURES; then
		rm -fR ${IMAGE}/usr/share/man
	fi

	# remove info pages
	if has noinfo $FEATURES; then
		rm -fR ${IMAGE}/usr/share/info
	fi

	# remove docs
	if has nodoc $FEATURES; then
		rm -fR ${IMAGE}/usr/share/doc
	fi

	# Smart FileSystem Permissions
	if has sfperms $FEATURES; then
		for i in $(find ${IMAGE}/ -type f -perm -4000); do
			ebegin ">>> SetUID: [chmod go-r] $i "
			chmod go-r $i
			eend $?
		done
		for i in $(find ${IMAGE}/ -type f -perm -2000); do
			ebegin ">>> SetGID: [chmod o-r] $i "
			chmod o-r $i
			eend $?
		done
	fi
	
	find ${D}/ -user  portage -print0 | $XARGS -0 -n100 chown root
	if [ "$USERLAND" == "BSD" ]; then
		find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp wheel
	else
		find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp root
	fi

	# SELinux file labeling (needs to always be last in dyn_preinst)
	if use selinux; then
		# only attempt to label if setfiles is executable
		# and 'context' is available on selinuxfs.
		if [ -f /selinux/context -a -x /usr/sbin/setfiles ]; then
			echo ">>> Setting SELinux security labels"
			if [ -f ${POLICYDIR}/file_contexts/file_contexts ]; then
				cp -f ${POLICYDIR}/file_contexts/file_contexts ${T}
			else

			fi

			addwrite /selinux/context
			/usr/sbin/setfiles -r ${IMAGE} ${T}/file_contexts ${IMAGE} \
				|| die "Failed to set SELinux security labels."
		else
			# nonfatal, since merging can happen outside a SE kernel
			# like during a recovery situation
			echo "!!! Unable to set SELinux security labels"
		fi
	fi

	echo ">>> Completed installing into ${D}"
	echo
	cd ${BUILDDIR}
	trap SIGINT SIGQUIT
}


	nofetch)
		pkg_nofetch
		;;
	prerm|postrm|postinst|config)
		export SANDBOX_ON="0"
		if [ "$PORTAGE_DEBUG" != "1" ]; then
			pkg_${myarg}

		fi
		export SANDBOX_ON="0"
		;;
	help|clean|setup|preinst)
		#pkg_setup needs to be out of the sandbox for tmp file creation;
		#for example, awking and piping a file in /tmp requires a temp file to be created
		#in /etc.  If pkg_setup is in the sandbox, both our lilo and apache ebuilds break.

Return to bug 31748

Lines 795-824 Link Here

(-)ebuild.sh.orig (-17 / +50 lines)
795	if [[ $UNSAFE > 0 ]]; then	795	if [[ $UNSAFE > 0 ]]; then
796	die "There are ${UNSAFE} unsafe files. Portage will not install them."	796	die "There are ${UNSAFE} unsafe files. Portage will not install them."
797	fi	797	fi
		798
		799	find ${D}/ -user portage -print0 \| $XARGS -0 -n100 chown root
		800	if [ "$USERLAND" == "BSD" ]; then
		801	find ${D}/ -group portage -print0 \| $XARGS -0 -n100 chgrp wheel
		802	else
		803	find ${D}/ -group portage -print0 \| $XARGS -0 -n100 chgrp root
		804	fi
		805
		806	echo ">>> Completed installing into ${D}"
		807	echo
		808	cd ${BUILDDIR}
		809	trap SIGINT SIGQUIT
		810	}
		811
		812	dyn_preinst() {
		813	pkg_preinst
		814
		815	# set IMAGE depending if this is a binary or compile merge
		816	[ "${EMERGE_FROM}" == "binary" ] && IMAGE=${PKG_TMPDIR}/${PF} \
		817	\|\| IMAGE=${D}
		818
		819	# remove man pages
		820	if has noman $FEATURES; then
		821	rm -fR ${IMAGE}/usr/share/man
		822	fi
		823
		824	# remove info pages
		825	if has noinfo $FEATURES; then
		826	rm -fR ${IMAGE}/usr/share/info
		827	fi
		828
		829	# remove docs
		830	if has nodoc $FEATURES; then
		831	rm -fR ${IMAGE}/usr/share/doc
		832	fi
798		833
799	# Smart FileSystem Permissions	834	# Smart FileSystem Permissions
800	if has sfperms $FEATURES; then	835	if has sfperms $FEATURES; then
801	for i in $(find ${D}/ -type f -perm -4000); do	836	for i in $(find ${IMAGE}/ -type f -perm -4000); do
802	ebegin ">>> SetUID: [chmod go-r] $i "	837	ebegin ">>> SetUID: [chmod go-r] $i "
803	chmod go-r $i	838	chmod go-r $i
804	eend $?	839	eend $?
805	done	840	done
806	for i in $(find ${D}/ -type f -perm -2000); do	841	for i in $(find ${IMAGE}/ -type f -perm -2000); do
807	ebegin ">>> SetGID: [chmod o-r] $i "	842	ebegin ">>> SetGID: [chmod o-r] $i "
808	chmod o-r $i	843	chmod o-r $i
809	eend $?	844	eend $?
810	done	845	done
811	fi	846	fi
812
813	find ${D}/ -user portage -print0 \| $XARGS -0 -n100 chown root
814	if [ "$USERLAND" == "BSD" ]; then
815	find ${D}/ -group portage -print0 \| $XARGS -0 -n100 chgrp wheel
816	else
817	find ${D}/ -group portage -print0 \| $XARGS -0 -n100 chgrp root
818	fi
819		847
		848	# SELinux file labeling (needs to always be last in dyn_preinst)
820	if use selinux; then	849	if use selinux; then
821	if [ -x /usr/sbin/setfiles ]; then	850	# only attempt to label if setfiles is executable
		851	# and 'context' is available on selinuxfs.
		852	if [ -f /selinux/context -a -x /usr/sbin/setfiles ]; then
		853	echo ">>> Setting SELinux security labels"
822	if [ -f ${POLICYDIR}/file_contexts/file_contexts ]; then	854	if [ -f ${POLICYDIR}/file_contexts/file_contexts ]; then
823	cp -f ${POLICYDIR}/file_contexts/file_contexts ${T}	855	cp -f ${POLICYDIR}/file_contexts/file_contexts ${T}
824	else	856	else
Lines 826-838 Link Here
826	fi	858	fi
827		859
828	addwrite /selinux/context	860	addwrite /selinux/context
829	/usr/sbin/setfiles -r ${D} ${T}/file_contexts ${D}	861	/usr/sbin/setfiles -r ${IMAGE} ${T}/file_contexts ${IMAGE} \
		862	\|\| die "Failed to set SELinux security labels."
		863	else
		864	# nonfatal, since merging can happen outside a SE kernel
		865	# like during a recovery situation
		866	echo "!!! Unable to set SELinux security labels"
830	fi	867	fi
831	fi	868	fi
832
833	echo ">>> Completed installing into ${D}"
834	echo
835	cd ${BUILDDIR}
836	trap SIGINT SIGQUIT	869	trap SIGINT SIGQUIT
837	}	870	}
838		871
Lines 1232-1238 Link Here
1232	nofetch)	1265	nofetch)
1233	pkg_nofetch	1266	pkg_nofetch
1234	;;	1267	;;
1235	prerm\|postrm\|preinst\|postinst\|config)	1268	prerm\|postrm\|postinst\|config)
1236	export SANDBOX_ON="0"	1269	export SANDBOX_ON="0"
1237	if [ "$PORTAGE_DEBUG" != "1" ]; then	1270	if [ "$PORTAGE_DEBUG" != "1" ]; then
1238	pkg_${myarg}	1271	pkg_${myarg}
Lines 1261-1267 Link Here
1261	fi	1294	fi
1262	export SANDBOX_ON="0"	1295	export SANDBOX_ON="0"
1263	;;	1296	;;
1264	help\|clean\|setup)	1297	help\|clean\|setup\|preinst)
1265	#pkg_setup needs to be out of the sandbox for tmp file creation;	1298	#pkg_setup needs to be out of the sandbox for tmp file creation;
1266	#for example, awking and piping a file in /tmp requires a temp file to be created	1299	#for example, awking and piping a file in /tmp requires a temp file to be created
1267	#in /etc. If pkg_setup is in the sandbox, both our lilo and apache ebuilds break.	1300	#in /etc. If pkg_setup is in the sandbox, both our lilo and apache ebuilds break.