Line 0
Link Here
|
|
|
1 |
#!/bin/bash |
2 |
# Copyright 1999-2006 Gentoo Foundation |
3 |
# Distributed under the terms of the GNU General Public License v2 |
4 |
# $Header$ |
5 |
# |
6 |
# Miscellaneous shell functions that make use of the ebuild env but don't need |
7 |
# to be included directly in ebuild.sh. |
8 |
# |
9 |
# We're sourcing ebuild.sh here so that we inherit all of it's goodness, |
10 |
# including bashrc trickery. This approach allows us to do our miscellaneous |
11 |
# shell work withing the same env that ebuild.sh has, but without polluting |
12 |
# ebuild.sh itself with unneeded logic and shell code. |
13 |
# |
14 |
# XXX hack: clear the args so ebuild.sh doesn't see them |
15 |
MISC_FUNCTIONS_ARGS="$@" |
16 |
shift $# |
17 |
source /usr/lib/portage/bin/ebuild.sh |
18 |
|
19 |
install_mask() { |
20 |
local root="$1" |
21 |
shift |
22 |
local install_mask="$*" |
23 |
|
24 |
# we don't want globbing for initial expansion, but afterwards, we do |
25 |
local shopts=$- |
26 |
set -o noglob |
27 |
for no_inst in ${install_mask}; do |
28 |
set +o noglob |
29 |
einfo "Removing ${no_inst}" |
30 |
# normal stuff |
31 |
rm -Rf ${root}/${no_inst} >&/dev/null |
32 |
|
33 |
# we also need to handle globs (*.a, *.h, etc) |
34 |
find "${root}" -name ${no_inst} -exec rm -fR {} \; >/dev/null |
35 |
done |
36 |
# set everything back the way we found it |
37 |
set +o noglob |
38 |
set -${shopts} |
39 |
} |
40 |
|
41 |
preinst_mask() { |
42 |
if [ -z "$IMAGE" ]; then |
43 |
eerror "${FUNCNAME}: IMAGE is unset" |
44 |
return 1 |
45 |
fi |
46 |
# remove man pages, info pages, docs if requested |
47 |
for f in man info doc; do |
48 |
if hasq no${f} $FEATURES; then |
49 |
INSTALL_MASK="${INSTALL_MASK} /usr/share/${f}" |
50 |
fi |
51 |
done |
52 |
|
53 |
install_mask "${IMAGE}" ${INSTALL_MASK} |
54 |
|
55 |
# remove share dir if unnessesary |
56 |
if hasq nodoc $FEATURES -o hasq noman $FEATURES -o hasq noinfo $FEATURES; then |
57 |
rmdir "${IMAGE}/usr/share" &> /dev/null |
58 |
fi |
59 |
} |
60 |
|
61 |
preinst_sfperms() { |
62 |
if [ -z "$IMAGE" ]; then |
63 |
eerror "${FUNCNAME}: IMAGE is unset" |
64 |
return 1 |
65 |
fi |
66 |
# Smart FileSystem Permissions |
67 |
if hasq sfperms $FEATURES; then |
68 |
for i in $(find ${IMAGE}/ -type f -perm -4000); do |
69 |
ebegin ">>> SetUID: [chmod go-r] $i " |
70 |
chmod go-r "$i" |
71 |
eend $? |
72 |
done |
73 |
for i in $(find ${IMAGE}/ -type f -perm -2000); do |
74 |
ebegin ">>> SetGID: [chmod o-r] $i " |
75 |
chmod o-r "$i" |
76 |
eend $? |
77 |
done |
78 |
fi |
79 |
} |
80 |
|
81 |
preinst_suid_scan() { |
82 |
if [ -z "$IMAGE" ]; then |
83 |
eerror "${FUNCNAME}: IMAGE is unset" |
84 |
return 1 |
85 |
fi |
86 |
# total suid control. |
87 |
if hasq suidctl $FEATURES; then |
88 |
sfconf=/etc/portage/suidctl.conf |
89 |
echo ">>> Preforming suid scan in ${IMAGE}" |
90 |
for i in $(find ${IMAGE}/ -type f \( -perm -4000 -o -perm -2000 \) ); do |
91 |
if [ -s "${sfconf}" ]; then |
92 |
suid="`grep ^${i/${IMAGE}/}$ ${sfconf}`" |
93 |
if [ "${suid}" = "${i/${IMAGE}/}" ]; then |
94 |
echo "- ${i/${IMAGE}/} is an approved suid file" |
95 |
else |
96 |
echo ">>> Removing sbit on non registered ${i/${IMAGE}/}" |
97 |
for x in 5 4 3 2 1 0; do echo -ne "\a"; sleep 0.25 ; done |
98 |
echo -ne "\a" |
99 |
chmod ugo-s "${i}" |
100 |
grep ^#${i/${IMAGE}/}$ ${sfconf} > /dev/null || { |
101 |
# sandbox prevents us from writing directly |
102 |
# to files outside of the sandbox, but this |
103 |
# can easly be bypassed using the addwrite() function |
104 |
addwrite "${sfconf}" |
105 |
echo ">>> Appending commented out entry to ${sfconf} for ${PF}" |
106 |
ls_ret=`ls -ldh "${i}"` |
107 |
echo "## ${ls_ret%${IMAGE}*}${ls_ret#*${IMAGE}}" >> ${sfconf} |
108 |
echo "#${i/${IMAGE}/}" >> ${sfconf} |
109 |
# no delwrite() eh? |
110 |
# delwrite ${sconf} |
111 |
} |
112 |
fi |
113 |
else |
114 |
echo "suidctl feature set but you are lacking a ${sfconf}" |
115 |
fi |
116 |
done |
117 |
fi |
118 |
} |
119 |
|
120 |
preinst_selinux_labels() { |
121 |
if [ -z "$IMAGE" ]; then |
122 |
eerror "${FUNCNAME}: IMAGE is unset" |
123 |
return 1 |
124 |
fi |
125 |
if hasq selinux ${FEATURES}; then |
126 |
# SELinux file labeling (needs to always be last in dyn_preinst) |
127 |
# only attempt to label if setfiles is executable |
128 |
# and 'context' is available on selinuxfs. |
129 |
if [ -f /selinux/context -a -x /usr/sbin/setfiles -a -x /usr/sbin/selinuxconfig ]; then |
130 |
echo ">>> Setting SELinux security labels" |
131 |
( |
132 |
eval "$(/usr/sbin/selinuxconfig)" || \ |
133 |
die "Failed to determine SELinux policy paths."; |
134 |
|
135 |
addwrite /selinux/context; |
136 |
|
137 |
/usr/sbin/setfiles "${file_contexts_path}" -r "${IMAGE}" "${IMAGE}"; |
138 |
) || die "Failed to set SELinux security labels." |
139 |
else |
140 |
# nonfatal, since merging can happen outside a SE kernel |
141 |
# like during a recovery situation |
142 |
echo "!!! Unable to set SELinux security labels" |
143 |
fi |
144 |
fi |
145 |
} |
146 |
|
147 |
abort_signal() { |
148 |
trap SIGINT SIGQUIT |
149 |
exit 1 |
150 |
} |
151 |
|
152 |
if [ -n "${MISC_FUNCTIONS_ARGS}" ]; then |
153 |
[ "$PORTAGE_DEBUG" == "1" ] && set -x |
154 |
trap "abort_signal" SIGINT SIGQUIT |
155 |
for x in ${MISC_FUNCTIONS_ARGS}; do |
156 |
${x} |
157 |
done |
158 |
trap SIGINT SIGQUIT |
159 |
fi |
160 |
|
161 |
true |