Attachment #81580 for bug #81025




	  MOVE_BINARY, PRELINK_BINARY, WORLD_FILE, MAKE_CONF_FILE, MAKE_DEFAULTS_FILE, \
	  DEPRECATED_PROFILE_FILE, USER_VIRTUALS_FILE, EBUILD_SH_ENV_FILE, \
	  INVALID_ENV_FILE, CUSTOM_MIRRORS_FILE, CONFIG_MEMORY_FILE,\
	  INCREMENTALS, STICKIES, EAPI, MISC_SH_BINARY

	from portage_data import ostype, lchown, userland, secpass, uid, wheelgid, \
	                         portage_uid, portage_gid

		logfile=None
	if mydo in ["help","clean","setup"]:
		return spawn(EBUILD_SH_BINARY+" "+mydo,mysettings,debug=debug,free=1,logfile=logfile)
	elif mydo == "preinst":
		if mysettings.has_key("EMERGE_FROM") and "binary" == mysettings["EMERGE_FROM"]:
			mysettings["IMAGE"] = os.path.join(mysettings["PKG_TMPDIR"], mysettings["PF"], "bin")
		else:
			mysettings["IMAGE"] = mysettings["D"]
		phase_retval = spawn(" ".join((EBUILD_SH_BINARY, mydo)), mysettings, debug=debug, free=1, logfile=logfile)
		if phase_retval == os.EX_OK:
			# Post phase logic and tasks that have been factored out of ebuild.sh.
			myargs = [MISC_SH_BINARY, "preinst_mask", "preinst_sfperms",
				"preinst_selinux_labels", "preinst_suid_scan"]
			spawn(" ".join(myargs), mysettings, debug=debug, free=1, logfile=logfile)
		del mysettings["IMAGE"]
		return phase_retval
	elif mydo in ["prerm","postrm","postinst","config"]:
		mysettings.load_infodir(pkg_dir)
		return spawn(EBUILD_SH_BINARY+" "+mydo,mysettings,debug=debug,free=1,logfile=logfile)


Lines 24-29 Link Here

(-)pym/portage_const.py (+1 lines)
24	LOCALE_DATA_PATH = PORTAGE_BASE_PATH+"/locale"	24	LOCALE_DATA_PATH = PORTAGE_BASE_PATH+"/locale"
25		25
26	EBUILD_SH_BINARY = PORTAGE_BIN_PATH+"/ebuild.sh"	26	EBUILD_SH_BINARY = PORTAGE_BIN_PATH+"/ebuild.sh"
		27	MISC_SH_BINARY = PORTAGE_BIN_PATH + "/misc-functions.sh"
27	SANDBOX_BINARY = "/usr/bin/sandbox"	28	SANDBOX_BINARY = "/usr/bin/sandbox"
28	BASH_BINARY = "/bin/bash"	29	BASH_BINARY = "/bin/bash"
29	MOVE_BINARY = "/bin/mv"	30	MOVE_BINARY = "/bin/mv"




#!/bin/bash
# Copyright 1999-2006 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header$
#
# Miscellaneous shell functions that make use of the ebuild env but don't need
# to be included directly in ebuild.sh.
#
# We're sourcing ebuild.sh here so that we inherit all of it's goodness,
# including bashrc trickery.  This approach allows us to do our miscellaneous
# shell work withing the same env that ebuild.sh has, but without polluting
# ebuild.sh itself with unneeded logic and shell code.
#
# XXX hack: clear the args so ebuild.sh doesn't see them
MISC_FUNCTIONS_ARGS="$@"
shift $#
source /usr/lib/portage/bin/ebuild.sh

install_mask() {
	local root="$1"
	shift
	local install_mask="$*"

	# we don't want globbing for initial expansion, but afterwards, we do
	local shopts=$-
	set -o noglob
	for no_inst in ${install_mask}; do
		set +o noglob
		einfo "Removing ${no_inst}"
		# normal stuff
		rm -Rf ${root}/${no_inst} >&/dev/null

		# we also need to handle globs (*.a, *.h, etc)
		find "${root}" -name ${no_inst} -exec rm -fR {} \; >/dev/null
	done
	# set everything back the way we found it
	set +o noglob
	set -${shopts}
}

preinst_mask() {
	if [ -z "$IMAGE" ]; then
		 eerror "${FUNCNAME}: IMAGE is unset"
		 return 1
	fi
	# remove man pages, info pages, docs if requested
	for f in man info doc; do
		if hasq no${f} $FEATURES; then
			INSTALL_MASK="${INSTALL_MASK} /usr/share/${f}"
		fi
	done

	install_mask "${IMAGE}" ${INSTALL_MASK}

	# remove share dir if unnessesary
	if hasq nodoc $FEATURES -o hasq noman $FEATURES -o hasq noinfo $FEATURES; then
		rmdir "${IMAGE}/usr/share" &> /dev/null
	fi
}

preinst_sfperms() {
	if [ -z "$IMAGE" ]; then
		 eerror "${FUNCNAME}: IMAGE is unset"
		 return 1
	fi
	# Smart FileSystem Permissions
	if hasq sfperms $FEATURES; then
		for i in $(find ${IMAGE}/ -type f -perm -4000); do
			ebegin ">>> SetUID: [chmod go-r] $i "
			chmod go-r "$i"
			eend $?
		done
		for i in $(find ${IMAGE}/ -type f -perm -2000); do
			ebegin ">>> SetGID: [chmod o-r] $i "
			chmod o-r "$i"
			eend $?
		done
	fi
}

preinst_suid_scan() {
	if [ -z "$IMAGE" ]; then
		 eerror "${FUNCNAME}: IMAGE is unset"
		 return 1
	fi
	# total suid control.
	if hasq suidctl $FEATURES; then
		sfconf=/etc/portage/suidctl.conf
		echo ">>> Preforming suid scan in ${IMAGE}"
		for i in $(find ${IMAGE}/ -type f \( -perm -4000 -o -perm -2000 \) ); do
			if [ -s "${sfconf}" ]; then
				suid="`grep ^${i/${IMAGE}/}$ ${sfconf}`"
				if [ "${suid}" = "${i/${IMAGE}/}" ]; then
					echo "- ${i/${IMAGE}/} is an approved suid file"
				else
					echo ">>> Removing sbit on non registered ${i/${IMAGE}/}"
					for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done
					echo -ne "\a"
					chmod ugo-s "${i}"
					grep ^#${i/${IMAGE}/}$ ${sfconf} > /dev/null || {
						# sandbox prevents us from writing directly
						# to files outside of the sandbox, but this
						# can easly be bypassed using the addwrite() function
						addwrite "${sfconf}"
						echo ">>> Appending commented out entry to ${sfconf} for ${PF}"
						ls_ret=`ls -ldh "${i}"`
						echo "## ${ls_ret%${IMAGE}*}${ls_ret#*${IMAGE}}" >> ${sfconf}
						echo "#${i/${IMAGE}/}" >> ${sfconf}
						# no delwrite() eh?
						# delwrite ${sconf}
					}
				fi
			else
				echo "suidctl feature set but you are lacking a ${sfconf}"
			fi
		done
	fi
}

preinst_selinux_labels() {
	if [ -z "$IMAGE" ]; then
		 eerror "${FUNCNAME}: IMAGE is unset"
		 return 1
	fi
	if hasq selinux ${FEATURES}; then
		# SELinux file labeling (needs to always be last in dyn_preinst)
		# only attempt to label if setfiles is executable
		# and 'context' is available on selinuxfs.
		if [ -f /selinux/context -a -x /usr/sbin/setfiles -a -x /usr/sbin/selinuxconfig ]; then
			echo ">>> Setting SELinux security labels"
			(
				eval "$(/usr/sbin/selinuxconfig)" || \
					die "Failed to determine SELinux policy paths.";
	
				addwrite /selinux/context;
	
				/usr/sbin/setfiles "${file_contexts_path}" -r "${IMAGE}" "${IMAGE}";
			) || die "Failed to set SELinux security labels."
		else
			# nonfatal, since merging can happen outside a SE kernel
			# like during a recovery situation
			echo "!!! Unable to set SELinux security labels"
		fi
	fi
}

abort_signal() {
	trap SIGINT SIGQUIT
	exit 1
}

if [ -n "${MISC_FUNCTIONS_ARGS}" ]; then
	[ "$PORTAGE_DEBUG" == "1" ] && set -x
	trap "abort_signal" SIGINT SIGQUIT
	for x in ${MISC_FUNCTIONS_ARGS}; do
		${x}
	done
	trap SIGINT SIGQUIT
fi

true




}

dyn_preinst() {
	if [ -z "$IMAGE" ]; then
		 eerror "${FUNCNAME}: IMAGE is unset"
		 return 1
	fi

	[ "$(type -t pre_pkg_preinst)" == "function" ] && pre_pkg_preinst

	declare -r D=${IMAGE}
	pkg_preinst

	# remove man pages, info pages, docs if requested
	for f in man info doc; do
		if hasq no${f} $FEATURES; then
			INSTALL_MASK="${INSTALL_MASK} /usr/share/${f}"
		fi
	done

	# we don't want globbing for initial expansion, but afterwards, we do
	local shopts=$-
	set -o noglob
	for no_inst in ${INSTALL_MASK}; do
		set +o noglob
		einfo "Removing ${no_inst}"
		# normal stuff
		rm -Rf ${IMAGE}/${no_inst} >&/dev/null

		# we also need to handle globs (*.a, *.h, etc)
		find "${IMAGE}" -name ${no_inst} -exec rm -fR {} \; >&/dev/null
	done
	# set everything back the way we found it
	set +o noglob
	set -${shopts}

	# remove share dir if unnessesary
	if hasq nodoc $FEATURES -o hasq noman $FEATURES -o hasq noinfo $FEATURES; then
		rmdir "${IMAGE}/usr/share" &> /dev/null
	fi

	# Smart FileSystem Permissions
	if hasq sfperms $FEATURES; then
		for i in $(find ${IMAGE}/ -type f -perm -4000); do
			ebegin ">>> SetUID: [chmod go-r] $i "
			chmod go-r "$i"
			eend $?
		done
		for i in $(find ${IMAGE}/ -type f -perm -2000); do
			ebegin ">>> SetGID: [chmod o-r] $i "
			chmod o-r "$i"
			eend $?
		done
	fi

	# total suid control.
	if hasq suidctl $FEATURES > /dev/null ; then
		sfconf=/etc/portage/suidctl.conf
		echo ">>> Preforming suid scan in ${IMAGE}"
		for i in $(find ${IMAGE}/ -type f \( -perm -4000 -o -perm -2000 \) ); do
			if [ -s "${sfconf}" ]; then
				suid="`grep ^${i/${IMAGE}/}$ ${sfconf}`"
				if [ "${suid}" = "${i/${IMAGE}/}" ]; then
					echo "- ${i/${IMAGE}/} is an approved suid file"
				else
					echo ">>> Removing sbit on non registered ${i/${IMAGE}/}"
					for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done
					echo -ne "\a"
					chmod ugo-s "${i}"
					grep ^#${i/${IMAGE}/}$ ${sfconf} > /dev/null || {
						# sandbox prevents us from writing directly
						# to files outside of the sandbox, but this
						# can easly be bypassed using the addwrite() function
						addwrite "${sfconf}"
						echo ">>> Appending commented out entry to ${sfconf} for ${PF}"
						ls_ret=`ls -ldh "${i}"`
						echo "## ${ls_ret%${IMAGE}*}${ls_ret#*${IMAGE}}" >> ${sfconf}
						echo "#${i/${IMAGE}/}" >> ${sfconf}
						# no delwrite() eh?
						# delwrite ${sconf}
					}
				fi
			else
				echo "suidctl feature set but you are lacking a ${sfconf}"
			fi
		done
	fi

	# SELinux file labeling (needs to always be last in dyn_preinst)
	if hasq selinux ${FEATURES} ; then
		# only attempt to label if setfiles is executable
		# and 'context' is available on selinuxfs.
		if [ -f /selinux/context -a -x /usr/sbin/setfiles -a -x /usr/sbin/selinuxconfig ]; then
			echo ">>> Setting SELinux security labels"
			(
				eval "$(/usr/sbin/selinuxconfig)" || \
					die "Failed to determine SELinux policy paths.";

				addwrite /selinux/context;

				/usr/sbin/setfiles "${file_contexts_path}" -r "${IMAGE}" "${IMAGE}";
			) || die "Failed to set SELinux security labels."
		else
			# nonfatal, since merging can happen outside a SE kernel
			# like during a recovery situation
			echo "!!! Unable to set SELinux security labels"
		fi
	fi

	[ "$(type -t post_pkg_preinst)" == "function" ] && post_pkg_preinst

	trap SIGINT SIGQUIT

	#fi
done

# Save the env only for relevant phases.
if [ -n "$myarg" ] && [ "$myarg" != "clean" ]; then
	# Save current environment and touch a success file. (echo for success)
	umask 002
	set | egrep -v "^SANDBOX_" > "${T}/environment" 2>/dev/null

	chmod g+w "${T}/environment" &>/dev/null
fi

# Do not exit when ebuild.sh is sourced by other scripts.
true

Return to bug 81025

Lines 86-92 Link Here

(-)pym/portage.py (-2 / +15 lines)
86	MOVE_BINARY, PRELINK_BINARY, WORLD_FILE, MAKE_CONF_FILE, MAKE_DEFAULTS_FILE, \	86	MOVE_BINARY, PRELINK_BINARY, WORLD_FILE, MAKE_CONF_FILE, MAKE_DEFAULTS_FILE, \
87	DEPRECATED_PROFILE_FILE, USER_VIRTUALS_FILE, EBUILD_SH_ENV_FILE, \	87	DEPRECATED_PROFILE_FILE, USER_VIRTUALS_FILE, EBUILD_SH_ENV_FILE, \
88	INVALID_ENV_FILE, CUSTOM_MIRRORS_FILE, CONFIG_MEMORY_FILE,\	88	INVALID_ENV_FILE, CUSTOM_MIRRORS_FILE, CONFIG_MEMORY_FILE,\
89	INCREMENTALS, STICKIES, EAPI	89	INCREMENTALS, STICKIES, EAPI, MISC_SH_BINARY
90		90
91	from portage_data import ostype, lchown, userland, secpass, uid, wheelgid, \	91	from portage_data import ostype, lchown, userland, secpass, uid, wheelgid, \
92	portage_uid, portage_gid	92	portage_uid, portage_gid
Lines 2746-2752 Link Here
2746	logfile=None	2746	logfile=None
2747	if mydo in ["help","clean","setup"]:	2747	if mydo in ["help","clean","setup"]:
2748	return spawn(EBUILD_SH_BINARY+" "+mydo,mysettings,debug=debug,free=1,logfile=logfile)	2748	return spawn(EBUILD_SH_BINARY+" "+mydo,mysettings,debug=debug,free=1,logfile=logfile)
2749	elif mydo in ["prerm","postrm","preinst","postinst","config"]:	2749	elif mydo == "preinst":
		2750	if mysettings.has_key("EMERGE_FROM") and "binary" == mysettings["EMERGE_FROM"]:
		2751	mysettings["IMAGE"] = os.path.join(mysettings["PKG_TMPDIR"], mysettings["PF"], "bin")
		2752	else:
		2753	mysettings["IMAGE"] = mysettings["D"]
		2754	phase_retval = spawn(" ".join((EBUILD_SH_BINARY, mydo)), mysettings, debug=debug, free=1, logfile=logfile)
		2755	if phase_retval == os.EX_OK:
		2756	# Post phase logic and tasks that have been factored out of ebuild.sh.
		2757	myargs = [MISC_SH_BINARY, "preinst_mask", "preinst_sfperms",
		2758	"preinst_selinux_labels", "preinst_suid_scan"]
		2759	spawn(" ".join(myargs), mysettings, debug=debug, free=1, logfile=logfile)
		2760	del mysettings["IMAGE"]
		2761	return phase_retval
		2762	elif mydo in ["prerm","postrm","postinst","config"]:
2750	mysettings.load_infodir(pkg_dir)	2763	mysettings.load_infodir(pkg_dir)
2751	return spawn(EBUILD_SH_BINARY+" "+mydo,mysettings,debug=debug,free=1,logfile=logfile)	2764	return spawn(EBUILD_SH_BINARY+" "+mydo,mysettings,debug=debug,free=1,logfile=logfile)
2752		2765

Lines 1299-1409 Link Here

(-)bin/ebuild.sh (-101 / +8 lines)
1299	}	1299	}
1300		1300
1301	dyn_preinst() {	1301	dyn_preinst() {
1302	# set IMAGE depending if this is a binary or compile merge	1302	if [ -z "$IMAGE" ]; then
1303	[ "${EMERGE_FROM}" == "binary" ] && IMAGE=${PKG_TMPDIR}/${PF}/bin \	1303	eerror "${FUNCNAME}: IMAGE is unset"
1304	\|\| IMAGE=${D}	1304	return 1
		1305	fi
1305		1306
1306	[ "$(type -t pre_pkg_preinst)" == "function" ] && pre_pkg_preinst	1307	[ "$(type -t pre_pkg_preinst)" == "function" ] && pre_pkg_preinst
1307		1308
1308	declare -r D=${IMAGE}	1309	declare -r D=${IMAGE}
1309	pkg_preinst	1310	pkg_preinst
1310		1311
1311	# remove man pages, info pages, docs if requested
1312	for f in man info doc; do
1313	if hasq no${f} $FEATURES; then
1314	INSTALL_MASK="${INSTALL_MASK} /usr/share/${f}"
1315	fi
1316	done
1317
1318	# we don't want globbing for initial expansion, but afterwards, we do
1319	local shopts=$-
1320	set -o noglob
1321	for no_inst in ${INSTALL_MASK}; do
1322	set +o noglob
1323	einfo "Removing ${no_inst}"
1324	# normal stuff
1325	rm -Rf ${IMAGE}/${no_inst} >&/dev/null
1326
1327	# we also need to handle globs (.a, .h, etc)
1328	find "${IMAGE}" -name ${no_inst} -exec rm -fR {} \; >&/dev/null
1329	done
1330	# set everything back the way we found it
1331	set +o noglob
1332	set -${shopts}
1333
1334	# remove share dir if unnessesary
1335	if hasq nodoc $FEATURES -o hasq noman $FEATURES -o hasq noinfo $FEATURES; then
1336	rmdir "${IMAGE}/usr/share" &> /dev/null
1337	fi
1338
1339	# Smart FileSystem Permissions
1340	if hasq sfperms $FEATURES; then
1341	for i in $(find ${IMAGE}/ -type f -perm -4000); do
1342	ebegin ">>> SetUID: [chmod go-r] $i "
1343	chmod go-r "$i"
1344	eend $?
1345	done
1346	for i in $(find ${IMAGE}/ -type f -perm -2000); do
1347	ebegin ">>> SetGID: [chmod o-r] $i "
1348	chmod o-r "$i"
1349	eend $?
1350	done
1351	fi
1352
1353	# total suid control.
1354	if hasq suidctl $FEATURES > /dev/null ; then
1355	sfconf=/etc/portage/suidctl.conf
1356	echo ">>> Preforming suid scan in ${IMAGE}"
1357	for i in $(find ${IMAGE}/ -type f \( -perm -4000 -o -perm -2000 \) ); do
1358	if [ -s "${sfconf}" ]; then
1359	suid="`grep ^${i/${IMAGE}/}$ ${sfconf}`"
1360	if [ "${suid}" = "${i/${IMAGE}/}" ]; then
1361	echo "- ${i/${IMAGE}/} is an approved suid file"
1362	else
1363	echo ">>> Removing sbit on non registered ${i/${IMAGE}/}"
1364	for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done
1365	echo -ne "\a"
1366	chmod ugo-s "${i}"
1367	grep ^#${i/${IMAGE}/}$ ${sfconf} > /dev/null \|\| {
1368	# sandbox prevents us from writing directly
1369	# to files outside of the sandbox, but this
1370	# can easly be bypassed using the addwrite() function
1371	addwrite "${sfconf}"
1372	echo ">>> Appending commented out entry to ${sfconf} for ${PF}"
1373	ls_ret=`ls -ldh "${i}"`
1374	echo "## ${ls_ret%${IMAGE}}${ls_ret#${IMAGE}}" >> ${sfconf}
1375	echo "#${i/${IMAGE}/}" >> ${sfconf}
1376	# no delwrite() eh?
1377	# delwrite ${sconf}
1378	}
1379	fi
1380	else
1381	echo "suidctl feature set but you are lacking a ${sfconf}"
1382	fi
1383	done
1384	fi
1385
1386	# SELinux file labeling (needs to always be last in dyn_preinst)
1387	if hasq selinux ${FEATURES} ; then
1388	# only attempt to label if setfiles is executable
1389	# and 'context' is available on selinuxfs.
1390	if [ -f /selinux/context -a -x /usr/sbin/setfiles -a -x /usr/sbin/selinuxconfig ]; then
1391	echo ">>> Setting SELinux security labels"
1392	(
1393	eval "$(/usr/sbin/selinuxconfig)" \|\| \
1394	die "Failed to determine SELinux policy paths.";
1395
1396	addwrite /selinux/context;
1397
1398	/usr/sbin/setfiles "${file_contexts_path}" -r "${IMAGE}" "${IMAGE}";
1399	) \|\| die "Failed to set SELinux security labels."
1400	else
1401	# nonfatal, since merging can happen outside a SE kernel
1402	# like during a recovery situation
1403	echo "!!! Unable to set SELinux security labels"
1404	fi
1405	fi
1406
1407	[ "$(type -t post_pkg_preinst)" == "function" ] && post_pkg_preinst	1312	[ "$(type -t post_pkg_preinst)" == "function" ] && post_pkg_preinst
1408		1313
1409	trap SIGINT SIGQUIT	1314	trap SIGINT SIGQUIT
Lines 2030-2036 Link Here
2030	#fi	1935	#fi
2031	done	1936	done
2032		1937
2033	if [ "$myarg" != "clean" ]; then	1938	# Save the env only for relevant phases.
		1939	if [ -n "$myarg" ] && [ "$myarg" != "clean" ]; then
2034	# Save current environment and touch a success file. (echo for success)	1940	# Save current environment and touch a success file. (echo for success)
2035	umask 002	1941	umask 002
2036	set \| egrep -v "^SANDBOX_" > "${T}/environment" 2>/dev/null	1942	set \| egrep -v "^SANDBOX_" > "${T}/environment" 2>/dev/null
Lines 2038-2041 Link Here
2038	chmod g+w "${T}/environment" &>/dev/null	1944	chmod g+w "${T}/environment" &>/dev/null
2039	fi	1945	fi
2040		1946
2041	exit 0	1947	# Do not exit when ebuild.sh is sourced by other scripts.
		1948	true

Line 0 Link Here

(-)bin/misc-functions.sh (+161 lines)
		1	#!/bin/bash
		2	# Copyright 1999-2006 Gentoo Foundation
		3	# Distributed under the terms of the GNU General Public License v2
		4	# $Header$
		5	#
		6	# Miscellaneous shell functions that make use of the ebuild env but don't need
		7	# to be included directly in ebuild.sh.
		8	#
		9	# We're sourcing ebuild.sh here so that we inherit all of it's goodness,
		10	# including bashrc trickery. This approach allows us to do our miscellaneous
		11	# shell work withing the same env that ebuild.sh has, but without polluting
		12	# ebuild.sh itself with unneeded logic and shell code.
		13	#
		14	# XXX hack: clear the args so ebuild.sh doesn't see them
		15	MISC_FUNCTIONS_ARGS="$@"
		16	shift $#
		17	source /usr/lib/portage/bin/ebuild.sh
		18
		19	install_mask() {
		20	local root="$1"
		21	shift
		22	local install_mask="$*"
		23
		24	# we don't want globbing for initial expansion, but afterwards, we do
		25	local shopts=$-
		26	set -o noglob
		27	for no_inst in ${install_mask}; do
		28	set +o noglob
		29	einfo "Removing ${no_inst}"
		30	# normal stuff
		31	rm -Rf ${root}/${no_inst} >&/dev/null
		32
		33	# we also need to handle globs (.a, .h, etc)
		34	find "${root}" -name ${no_inst} -exec rm -fR {} \; >/dev/null
		35	done
		36	# set everything back the way we found it
		37	set +o noglob
		38	set -${shopts}
		39	}
		40
		41	preinst_mask() {
		42	if [ -z "$IMAGE" ]; then
		43	eerror "${FUNCNAME}: IMAGE is unset"
		44	return 1
		45	fi
		46	# remove man pages, info pages, docs if requested
		47	for f in man info doc; do
		48	if hasq no${f} $FEATURES; then
		49	INSTALL_MASK="${INSTALL_MASK} /usr/share/${f}"
		50	fi
		51	done
		52
		53	install_mask "${IMAGE}" ${INSTALL_MASK}
		54
		55	# remove share dir if unnessesary
		56	if hasq nodoc $FEATURES -o hasq noman $FEATURES -o hasq noinfo $FEATURES; then
		57	rmdir "${IMAGE}/usr/share" &> /dev/null
		58	fi
		59	}
		60
		61	preinst_sfperms() {
		62	if [ -z "$IMAGE" ]; then
		63	eerror "${FUNCNAME}: IMAGE is unset"
		64	return 1
65	fi
66	# Smart FileSystem Permissions
67	if hasq sfperms $FEATURES; then
68	for i in $(find ${IMAGE}/ -type f -perm -4000); do
69	ebegin ">>> SetUID: [chmod go-r] $i "
70	chmod go-r "$i"
71	eend $?
72	done
73	for i in $(find ${IMAGE}/ -type f -perm -2000); do
74	ebegin ">>> SetGID: [chmod o-r] $i "
75	chmod o-r "$i"
76	eend $?
77	done
78	fi
79	}
80
81	preinst_suid_scan() {
82	if [ -z "$IMAGE" ]; then
83	eerror "${FUNCNAME}: IMAGE is unset"
84	return 1
85	fi
86	# total suid control.
87	if hasq suidctl $FEATURES; then
88	sfconf=/etc/portage/suidctl.conf
89	echo ">>> Preforming suid scan in ${IMAGE}"
90	for i in $(find ${IMAGE}/ -type f \( -perm -4000 -o -perm -2000 \) ); do
91	if [ -s "${sfconf}" ]; then
92	suid="`grep ^${i/${IMAGE}/}$ ${sfconf}`"
93	if [ "${suid}" = "${i/${IMAGE}/}" ]; then
94	echo "- ${i/${IMAGE}/} is an approved suid file"
95	else
96	echo ">>> Removing sbit on non registered ${i/${IMAGE}/}"
97	for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done
98	echo -ne "\a"
99	chmod ugo-s "${i}"
100	grep ^#${i/${IMAGE}/}$ ${sfconf} > /dev/null \|\| {
101	# sandbox prevents us from writing directly
102	# to files outside of the sandbox, but this
103	# can easly be bypassed using the addwrite() function
104	addwrite "${sfconf}"
105	echo ">>> Appending commented out entry to ${sfconf} for ${PF}"
106	ls_ret=`ls -ldh "${i}"`
107	echo "## ${ls_ret%${IMAGE}}${ls_ret#${IMAGE}}" >> ${sfconf}
108	echo "#${i/${IMAGE}/}" >> ${sfconf}
109	# no delwrite() eh?
110	# delwrite ${sconf}
111	}
112	fi
113	else
114	echo "suidctl feature set but you are lacking a ${sfconf}"
115	fi
116	done
117	fi
118	}
119
120	preinst_selinux_labels() {
121	if [ -z "$IMAGE" ]; then
122	eerror "${FUNCNAME}: IMAGE is unset"
123	return 1
124	fi
125	if hasq selinux ${FEATURES}; then
126	# SELinux file labeling (needs to always be last in dyn_preinst)
127	# only attempt to label if setfiles is executable
128	# and 'context' is available on selinuxfs.
129	if [ -f /selinux/context -a -x /usr/sbin/setfiles -a -x /usr/sbin/selinuxconfig ]; then
130	echo ">>> Setting SELinux security labels"
131	(
132	eval "$(/usr/sbin/selinuxconfig)" \|\| \
133	die "Failed to determine SELinux policy paths.";
134
135	addwrite /selinux/context;
136
137	/usr/sbin/setfiles "${file_contexts_path}" -r "${IMAGE}" "${IMAGE}";
138	) \|\| die "Failed to set SELinux security labels."
139	else
140	# nonfatal, since merging can happen outside a SE kernel
141	# like during a recovery situation
142	echo "!!! Unable to set SELinux security labels"
143	fi
144	fi
145	}
146
147	abort_signal() {
148	trap SIGINT SIGQUIT
149	exit 1
150	}
151
152	if [ -n "${MISC_FUNCTIONS_ARGS}" ]; then
153	[ "$PORTAGE_DEBUG" == "1" ] && set -x
154	trap "abort_signal" SIGINT SIGQUIT
155	for x in ${MISC_FUNCTIONS_ARGS}; do
156	${x}
157	done
158	trap SIGINT SIGQUIT
159	fi
160
161	true