Il Wednesday 04 June 2008 05:55:55 Allan McRae ha scritto:
Carlo Bersani wrote:
Hello, I finally had a while to fix the permissions issue and to include fakeroot support.
Great, tested this with mlocate and the permissions get setup nicely. I did notice one regression though.
We should add a warning here if fakeroot is missing so the user knows the permissions might be messy.
The positioning of this block also needs to be considered, e.g.:
./bacman
Entering fakeroot environment This program recreates a package using pacman's db and system files Usage: bacman <installed package name> Example: bacman kernel26
Wops, that was stupid : ) I fixed that
+ if [ -e "/$i" ]; then + bsdtar -cnf - "/$i" 2> /dev/null | bsdtar -xpf - + ret=${PIPESTATUS[0]} else echo "/$i" is missing: this might result in a broken package fi
The ret catch from bsdtar is not working correctly. E.g. making the sudo package where the user does not have permission to read /etc/sudoers no longer has that error caught.
And I even checked $PIPESTATUS behaviour before. This looks like a problem with bsdtar which returns 0 even if the file is missing: carlocci ~/.abs/tmp $ bsdtar -cf foo.tar /etc/shadow && echo I\'m dumb! bsdtar: Removing leading '/' from member names bsdtar: /etc/shadow: could not open file: Permission denied I'm dumb!
Instead of checking $PIPESTATUS, how about checking the actual file is present:
if [ ! -e $work_dir/$i ]; then ret=1 fi
This is a nice workaround, as long as we can't trust bsdtar.
Here's the patch to the commit Allan made:
--- gitbacman 2008-06-03 19:02:14.000000000 +0200
+++ bacman 2008-06-04 18:43:19.000000000 +0200
@@ -43,12 +43,33 @@
fi
if [ "$1" = "--version" -o "$1" = "-v" ]; then
- echo "$progname version $version"
+ echo "$progname version $progver"
echo "Copyright (C) 2008 locci"
exit 0
fi
#
+# Fakeroot support
+#
+if [ $EUID -gt 0 ]; then
+ if [ -f /usr/bin/fakeroot ]; then
+ echo "Entering fakeroot environment"
+ export INFAKEROOT="1"
+ /usr/bin/fakeroot -u -- $0 $1
+ exit $?
+ else
+ echo "You should install fakeroot or run $progname as root"
+ echo "Otherwise $progname won't be able to preserve the owner:group
of the files"
+ exit 1
+ fi
+elif [ $EUID -eq 0 ] && [ -z $INFAKEROOT ]; then
+ echo
+ echo "CAUTION: you might be packaging security sensitive data!"
+ echo
+fi
+
+#
# Setting environmental variables
#
if [ ! -r /etc/pacman.conf ]; then
@@ -116,16 +137,21 @@
case $current in
%FILES%)
ret=0
- if [ -d "/$i" ]; then
- mkdir "$i" || ret=$?
- elif [ -f "/$i" ]; then
- cp -dp "/$i" "$i" || ret=$?
+ if [ -e "/$i" ]; then
+ bsdtar -cnf - "/$i" 2> /dev/null | bsdtar -xpf -
else
echo "/$i" is missing: this might result in a broken package
fi
- if [ $ret -ne 0 ]; then
- echo Error: unable to create /$i
+ # Workaround to bsdtar not reporting a missing file as an error
+ if [ ! -e "$work_dir"/"$i" ]; then
+ echo
+ echo "Error: unable to add /$i to the package"
+ echo "Check the file permissions, probably the file contains
important data"
+ echo "If you can't read it as a user, you probably should not
make a package"
+ echo "with it inside: it might result in a security hazard"
+ echo "Run $progname as root, if you know what you are doing"
+ echo
exit 1
fi
;;
@@ -152,6 +178,9 @@
#
echo Generating .PKGINFO metadata...
echo "# Generated by $progname $progver" > .PKGINFO
+if [ -n $INFAKEROOT ]; then
+ echo "# Using $(fakeroot -v)" >> .PKGINFO
+fi
echo "# $(LC_ALL=C date)" >> .PKGINFO
echo "#" >> .PKGINFO
@@ -208,7 +237,7 @@
# files
%BACKUP%)
# strip the md5sum after the tab
- echo "backup = ${i%% *}" >> .PKGINFO
+ echo "backup = ${i%%$'\t'*}" >> .PKGINFO
;;
# depends
@@ -228,6 +257,12 @@
done
#
+# Fixes owner:group and permissions for .PKGINFO, .CHANGELOG, .INSTALL
+#
+chown root:root $work_dir/{.PKGINFO,.CHANGELOG,.INSTALL} 2> /dev/null
+chmod 644 $work_dir/{.PKGINFO,.CHANGELOG,.INSTALL} 2> /dev/null
+
+#
# Generate the package
#
echo Generating the package...
@@ -237,6 +272,7 @@
if [ $ret -ne 0 ]; then
echo Error: unable to write package to $pkg_dest
echo Maybe the disk is full or you do not have write access
+ rm -rf $work_dir
exit 1
fi
@@ -247,3 +283,4 @@
exit 0
# vim: set ts=2 sw=2 noet:
+
Here's the whole script:
#!/bin/bash
#
# bacman: recreate a package from a running system
# This script rebuilds an already installed package using metadata
# stored into the pacman database and system files
#
# (c) 2008 - locci