Il Wednesday 04 June 2008 05:55:55 Allan McRae ha scritto:
Carlo Bersani wrote:
Hello, I finally had a while to fix the permissions issue and to include fakeroot support.
Great, tested this with mlocate and the permissions get setup nicely. I did notice one regression though.
We should add a warning here if fakeroot is missing so the user knows the permissions might be messy.
The positioning of this block also needs to be considered, e.g.:
./bacman
Entering fakeroot environment This program recreates a package using pacman's db and system files Usage: bacman <installed package name> Example: bacman kernel26
Wops, that was stupid : ) I fixed that
+ if [ -e "/$i" ]; then + bsdtar -cnf - "/$i" 2> /dev/null | bsdtar -xpf - + ret=${PIPESTATUS[0]} else echo "/$i" is missing: this might result in a broken package fi
The ret catch from bsdtar is not working correctly. E.g. making the sudo package where the user does not have permission to read /etc/sudoers no longer has that error caught.
And I even checked $PIPESTATUS behaviour before. This looks like a problem with bsdtar which returns 0 even if the file is missing: carlocci ~/.abs/tmp $ bsdtar -cf foo.tar /etc/shadow && echo I\'m dumb! bsdtar: Removing leading '/' from member names bsdtar: /etc/shadow: could not open file: Permission denied I'm dumb!
Instead of checking $PIPESTATUS, how about checking the actual file is present:
if [ ! -e $work_dir/$i ]; then ret=1 fi
This is a nice workaround, as long as we can't trust bsdtar. Here's the patch to the commit Allan made: --- gitbacman 2008-06-03 19:02:14.000000000 +0200 +++ bacman 2008-06-04 18:43:19.000000000 +0200 @@ -43,12 +43,33 @@ fi if [ "$1" = "--version" -o "$1" = "-v" ]; then - echo "$progname version $version" + echo "$progname version $progver" echo "Copyright (C) 2008 locci" exit 0 fi # +# Fakeroot support +# +if [ $EUID -gt 0 ]; then + if [ -f /usr/bin/fakeroot ]; then + echo "Entering fakeroot environment" + export INFAKEROOT="1" + /usr/bin/fakeroot -u -- $0 $1 + exit $? + else + echo "You should install fakeroot or run $progname as root" + echo "Otherwise $progname won't be able to preserve the owner:group of the files" + exit 1 + fi +elif [ $EUID -eq 0 ] && [ -z $INFAKEROOT ]; then + echo + echo "CAUTION: you might be packaging security sensitive data!" + echo +fi + +# # Setting environmental variables # if [ ! -r /etc/pacman.conf ]; then @@ -116,16 +137,21 @@ case $current in %FILES%) ret=0 - if [ -d "/$i" ]; then - mkdir "$i" || ret=$? - elif [ -f "/$i" ]; then - cp -dp "/$i" "$i" || ret=$? + if [ -e "/$i" ]; then + bsdtar -cnf - "/$i" 2> /dev/null | bsdtar -xpf - else echo "/$i" is missing: this might result in a broken package fi - if [ $ret -ne 0 ]; then - echo Error: unable to create /$i + # Workaround to bsdtar not reporting a missing file as an error + if [ ! -e "$work_dir"/"$i" ]; then + echo + echo "Error: unable to add /$i to the package" + echo "Check the file permissions, probably the file contains important data" + echo "If you can't read it as a user, you probably should not make a package" + echo "with it inside: it might result in a security hazard" + echo "Run $progname as root, if you know what you are doing" + echo exit 1 fi ;; @@ -152,6 +178,9 @@ # echo Generating .PKGINFO metadata... echo "# Generated by $progname $progver" > .PKGINFO +if [ -n $INFAKEROOT ]; then + echo "# Using $(fakeroot -v)" >> .PKGINFO +fi echo "# $(LC_ALL=C date)" >> .PKGINFO echo "#" >> .PKGINFO @@ -208,7 +237,7 @@ # files %BACKUP%) # strip the md5sum after the tab - echo "backup = ${i%% *}" >> .PKGINFO + echo "backup = ${i%%$'\t'*}" >> .PKGINFO ;; # depends @@ -228,6 +257,12 @@ done # +# Fixes owner:group and permissions for .PKGINFO, .CHANGELOG, .INSTALL +# +chown root:root $work_dir/{.PKGINFO,.CHANGELOG,.INSTALL} 2> /dev/null +chmod 644 $work_dir/{.PKGINFO,.CHANGELOG,.INSTALL} 2> /dev/null + +# # Generate the package # echo Generating the package... @@ -237,6 +272,7 @@ if [ $ret -ne 0 ]; then echo Error: unable to write package to $pkg_dest echo Maybe the disk is full or you do not have write access + rm -rf $work_dir exit 1 fi @@ -247,3 +283,4 @@ exit 0 # vim: set ts=2 sw=2 noet: + Here's the whole script: #!/bin/bash # # bacman: recreate a package from a running system # This script rebuilds an already installed package using metadata # stored into the pacman database and system files # # (c) 2008 - locci <carlocci_at_gmail_dot_com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # readonly progname="bacman" readonly progver="0.1.2" # # User Friendliness # function usage(){ echo "This program recreates a package using pacman's db and system files" echo "Usage: $progname <installed package name>" echo "Example: $progname kernel26" } if [ $# -ne 1 ] ; then usage exit 1 fi if [ "$1" = "--help" -o "$1" = "-h" ] ; then usage exit 0 fi if [ "$1" = "--version" -o "$1" = "-v" ]; then echo "$progname version $progver" echo "Copyright (C) 2008 locci" exit 0 fi # # Fakeroot support # if [ $EUID -gt 0 ]; then if [ -f /usr/bin/fakeroot ]; then echo "Entering fakeroot environment" export INFAKEROOT="1" /usr/bin/fakeroot -u -- $0 $1 exit $? else echo "You should install fakeroot or run $progname as root" echo "Otherwise $progname won't be able to preserve the owner:group of the files" exit 1 fi elif [ $EUID -eq 0 ] && [ -z $INFAKEROOT ]; then echo echo "CAUTION: you might be packaging security sensitive data!" echo fi # # Setting environmental variables # if [ ! -r /etc/pacman.conf ]; then echo Error: unable to read /etc/pacman.conf exit 1 fi eval $(awk '/DBPath/ {print $1$2$3}' /etc/pacman.conf) pac_db="${DBPath:-/var/lib/pacman/}/local" if [ ! -r /etc/makepkg.conf ]; then echo Error: unable to read /etc/makepkg.conf exit 1 fi source "/etc/makepkg.conf" if [ -r ~/.makepkg.conf ]; then source ~/.makepkg.conf fi pkg_arch=${CARCH:-'unknown'} pkg_dest="${PKGDEST:-$PWD}" pkg_pkger=${PACKAGER:-'Unknown Packager'} pkg_name="$1" pkg_dir="$(echo $pac_db/$pkg_name-[0-9]*)" pkg_namver="${pkg_dir##*/}" # # Checks everything is in place # if [ ! -d "$pac_db" ] ; then echo Error: pacman database directory ${pac_db} not found exit 1 fi if [ ! -d "$pkg_dir" ] ; then echo Error: package ${pkg_name} not found in pacman database exit 1 fi # # Begin # echo Package: ${pkg_namver} work_dir=$(mktemp -d -p /tmp) cd $work_dir || exit 1 # # File copying # echo Copying package files... cat "$pkg_dir"/files | while read i; do if [ -z "$i" ] ; then continue fi if [[ "$i" =~ %[A-Z]*% ]] ; then current=$i continue fi case $current in %FILES%) ret=0 if [ -e "/$i" ]; then bsdtar -cnf - "/$i" 2> /dev/null | bsdtar -xpf - else echo "/$i" is missing: this might result in a broken package fi # Workaround to bsdtar not reporting a missing file as an error if [ ! -e "$work_dir"/"$i" ]; then echo echo "Error: unable to add /$i to the package" echo "Check the file permissions, probably the file contains important data" echo "If you can't read it as a user, you probably should not make a package" echo "with it inside: it might result in a security hazard" echo "Run $progname as root, if you know what you are doing" echo exit 1 fi ;; esac done ret=$? if [ $ret -ne 0 ]; then rm -rf $work_dir exit 1 fi pkg_size=$(du -sk | awk '{print $1 * 1024}') if [ -f "$pkg_dir/install" ] ; then cp "$pkg_dir/install" "$work_dir/.INSTALL" fi if [ -f $pkg_dir/changelog ] ; then cp "$pkg_dir/changelog" "$work_dir/.CHANGELOG" fi # # .PKGINFO stuff # echo Generating .PKGINFO metadata... echo "# Generated by $progname $progver" > .PKGINFO if [ -n $INFAKEROOT ]; then echo "# Using $(fakeroot -v)" >> .PKGINFO fi echo "# $(LC_ALL=C date)" >> .PKGINFO echo "#" >> .PKGINFO cat "$pkg_dir"/{desc,files,depends} | while read i; do if [[ -z "$i" ]]; then continue; fi if [[ "$i" =~ %[A-Z]*% ]] ; then current=$i continue fi case "$current" in # desc %NAME%) echo "pkgname = $i" >> .PKGINFO ;; %VERSION%) echo "pkgver = $i" >> .PKGINFO ;; %DESC%) echo "pkgdesc = $i" >> .PKGINFO ;; %URL%) echo "url = $i" >> .PKGINFO ;; %LICENSE%) echo "license = $i" >> .PKGINFO ;; %ARCH%) echo "arch = $i" >> .PKGINFO ;; %BUILDDATE%) echo "builddate = $(date -u "+%s")" >> .PKGINFO ;; %PACKAGER%) echo "packager = $pkg_pkger" >> .PKGINFO ;; %SIZE%) echo "size = $pkg_size" >> .PKGINFO ;; %GROUPS%) echo "group = $i" >> .PKGINFO ;; %REPLACES%) echo "replaces = $i" >> .PKGINFO ;; %FORCE%) echo "force = true" >> .PKGINFO ;; # files %BACKUP%) # strip the md5sum after the tab echo "backup = ${i%%$'\t'*}" >> .PKGINFO ;; # depends %DEPENDS%) echo "depend = $i" >> .PKGINFO ;; %OPTDEPENDS%) echo "optdepend = $i" >> .PKGINFO ;; %CONFLICTS%) echo "conflict = $i" >> .PKGINFO ;; %PROVIDES%) echo "provides = $i" >> .PKGINFO ;; esac done # # Fixes owner:group and permissions for .PKGINFO, .CHANGELOG, .INSTALL # chown root:root $work_dir/{.PKGINFO,.CHANGELOG,.INSTALL} 2> /dev/null chmod 644 $work_dir/{.PKGINFO,.CHANGELOG,.INSTALL} 2> /dev/null # # Generate the package # echo Generating the package... ret=0 bsdtar -czf "$pkg_dest/$pkg_namver-$pkg_arch.tar.gz" $(ls -A) || ret=$? if [ $ret -ne 0 ]; then echo Error: unable to write package to $pkg_dest echo Maybe the disk is full or you do not have write access rm -rf $work_dir exit 1 fi rm -rf $work_dir echo Done exit 0 # vim: set ts=2 sw=2 noet: