[pacman-dev] [PATCH] bacman - regenerate package from system
Original work by Carlo "carlocci" Bersani with additions by
Xavier Chantry and Allan McRae
This script rebuilds an already installed package using metadata
stored into the pacman database and system files. Replaces the
outdated re-pacman script
Signed-off-by: Allan McRae
Il Saturday 31 May 2008 15:23:54 Allan McRae ha scritto:
Original work by Carlo "carlocci" Bersani with additions by Xavier Chantry and Allan McRae
This script rebuilds an already installed package using metadata stored into the pacman database and system files. Replaces the outdated re-pacman script
Signed-off-by: Allan McRae
Hello,
I finally had a while to fix the permissions issue and to include fakeroot
support.
This is the patch to the commit Allan made
-------------------------------------BEGIN-------------------------------------
--- gitbacman 2008-06-03 19:02:14.000000000 +0200
+++ bacman 2008-06-03 19:16:04.000000000 +0200
@@ -5,7 +5,7 @@
# stored into the pacman database and system files
#
# (c) 2008 - locci
Carlo Bersani wrote:
Hello, I finally had a while to fix the permissions issue and to include fakeroot support.
Great, tested this with mlocate and the permissions get setup nicely. I did notice one regression though.
# +# Fakeroot +# +if [ -f /usr/bin/fakeroot -a $EUID -gt 0 ] ; then + echo "Entering fakeroot environment" + /usr/bin/fakeroot -u -- $progname $1 + exit $? +fi
We should add a warning here if fakeroot is missing so the user knows the permissions might be messy. The positioning of this block also needs to be considered, e.g.:
./bacman Entering fakeroot environment This program recreates a package using pacman's db and system files Usage: bacman <installed package name> Example: bacman kernel26
@@ -116,10 +125,9 @@ case $current in %FILES%) ret=0 - if [ -d "/$i" ]; then - mkdir "$i" || ret=$? - elif [ -f "/$i" ]; then - cp -dp "/$i" "$i" || ret=$? + if [ -e "/$i" ]; then + bsdtar -cnf - "/$i" 2> /dev/null | bsdtar -xpf - + ret=${PIPESTATUS[0]} else echo "/$i" is missing: this might result in a broken package fi
The ret catch from bsdtar is not working correctly. E.g. making the sudo package where the user does not have permission to read /etc/sudoers no longer has that error caught. Instead of checking $PIPESTATUS, how about checking the actual file is present: if [ ! -e $work_dir/$i ]; then ret=1 fi Allan
Il Wednesday 04 June 2008 05:55:55 Allan McRae ha scritto:
Carlo Bersani wrote:
Hello, I finally had a while to fix the permissions issue and to include fakeroot support.
Great, tested this with mlocate and the permissions get setup nicely. I did notice one regression though.
We should add a warning here if fakeroot is missing so the user knows the permissions might be messy.
The positioning of this block also needs to be considered, e.g.:
./bacman
Entering fakeroot environment This program recreates a package using pacman's db and system files Usage: bacman <installed package name> Example: bacman kernel26
Wops, that was stupid : ) I fixed that
+ if [ -e "/$i" ]; then + bsdtar -cnf - "/$i" 2> /dev/null | bsdtar -xpf - + ret=${PIPESTATUS[0]} else echo "/$i" is missing: this might result in a broken package fi
The ret catch from bsdtar is not working correctly. E.g. making the sudo package where the user does not have permission to read /etc/sudoers no longer has that error caught.
And I even checked $PIPESTATUS behaviour before. This looks like a problem with bsdtar which returns 0 even if the file is missing: carlocci ~/.abs/tmp $ bsdtar -cf foo.tar /etc/shadow && echo I\'m dumb! bsdtar: Removing leading '/' from member names bsdtar: /etc/shadow: could not open file: Permission denied I'm dumb!
Instead of checking $PIPESTATUS, how about checking the actual file is present:
if [ ! -e $work_dir/$i ]; then ret=1 fi
This is a nice workaround, as long as we can't trust bsdtar.
Here's the patch to the commit Allan made:
--- gitbacman 2008-06-03 19:02:14.000000000 +0200
+++ bacman 2008-06-04 18:43:19.000000000 +0200
@@ -43,12 +43,33 @@
fi
if [ "$1" = "--version" -o "$1" = "-v" ]; then
- echo "$progname version $version"
+ echo "$progname version $progver"
echo "Copyright (C) 2008 locci"
exit 0
fi
#
+# Fakeroot support
+#
+if [ $EUID -gt 0 ]; then
+ if [ -f /usr/bin/fakeroot ]; then
+ echo "Entering fakeroot environment"
+ export INFAKEROOT="1"
+ /usr/bin/fakeroot -u -- $0 $1
+ exit $?
+ else
+ echo "You should install fakeroot or run $progname as root"
+ echo "Otherwise $progname won't be able to preserve the owner:group
of the files"
+ exit 1
+ fi
+elif [ $EUID -eq 0 ] && [ -z $INFAKEROOT ]; then
+ echo
+ echo "CAUTION: you might be packaging security sensitive data!"
+ echo
+fi
+
+#
# Setting environmental variables
#
if [ ! -r /etc/pacman.conf ]; then
@@ -116,16 +137,21 @@
case $current in
%FILES%)
ret=0
- if [ -d "/$i" ]; then
- mkdir "$i" || ret=$?
- elif [ -f "/$i" ]; then
- cp -dp "/$i" "$i" || ret=$?
+ if [ -e "/$i" ]; then
+ bsdtar -cnf - "/$i" 2> /dev/null | bsdtar -xpf -
else
echo "/$i" is missing: this might result in a broken package
fi
- if [ $ret -ne 0 ]; then
- echo Error: unable to create /$i
+ # Workaround to bsdtar not reporting a missing file as an error
+ if [ ! -e "$work_dir"/"$i" ]; then
+ echo
+ echo "Error: unable to add /$i to the package"
+ echo "Check the file permissions, probably the file contains
important data"
+ echo "If you can't read it as a user, you probably should not
make a package"
+ echo "with it inside: it might result in a security hazard"
+ echo "Run $progname as root, if you know what you are doing"
+ echo
exit 1
fi
;;
@@ -152,6 +178,9 @@
#
echo Generating .PKGINFO metadata...
echo "# Generated by $progname $progver" > .PKGINFO
+if [ -n $INFAKEROOT ]; then
+ echo "# Using $(fakeroot -v)" >> .PKGINFO
+fi
echo "# $(LC_ALL=C date)" >> .PKGINFO
echo "#" >> .PKGINFO
@@ -208,7 +237,7 @@
# files
%BACKUP%)
# strip the md5sum after the tab
- echo "backup = ${i%% *}" >> .PKGINFO
+ echo "backup = ${i%%$'\t'*}" >> .PKGINFO
;;
# depends
@@ -228,6 +257,12 @@
done
#
+# Fixes owner:group and permissions for .PKGINFO, .CHANGELOG, .INSTALL
+#
+chown root:root $work_dir/{.PKGINFO,.CHANGELOG,.INSTALL} 2> /dev/null
+chmod 644 $work_dir/{.PKGINFO,.CHANGELOG,.INSTALL} 2> /dev/null
+
+#
# Generate the package
#
echo Generating the package...
@@ -237,6 +272,7 @@
if [ $ret -ne 0 ]; then
echo Error: unable to write package to $pkg_dest
echo Maybe the disk is full or you do not have write access
+ rm -rf $work_dir
exit 1
fi
@@ -247,3 +283,4 @@
exit 0
# vim: set ts=2 sw=2 noet:
+
Here's the whole script:
#!/bin/bash
#
# bacman: recreate a package from a running system
# This script rebuilds an already installed package using metadata
# stored into the pacman database and system files
#
# (c) 2008 - locci
Carlo Bersani wrote:
Il Wednesday 04 June 2008 05:55:55 Allan McRae ha scritto:
Carlo Bersani wrote:
Hello, I finally had a while to fix the permissions issue and to include fakeroot support.
Great, tested this with mlocate and the permissions get setup nicely. I did notice one regression though.
Wops, that was stupid : ) I fixed that
Great, this does everything now! I think some of the error/warning messages are a bit excessive (e.g. you don't really need to warn the user about accessing potentially sensitive information if they are root. It just come with the territory...). I will make the minor adjustments to the comments that I feel are needed and resubmit the patch for the inclusion of this script over the weekend. Many thanks for your work. I have other ideas for script for the contrib section if you want to continue contributing :) Allan
Il Thursday 05 June 2008 17:20:55 Allan McRae ha scritto:
Carlo Bersani wrote:
Il Wednesday 04 June 2008 05:55:55 Allan McRae ha scritto:
Carlo Bersani wrote:
Hello, I finally had a while to fix the permissions issue and to include fakeroot support.
Great, tested this with mlocate and the permissions get setup nicely. I did notice one regression though.
Wops, that was stupid : ) I fixed that
Great, this does everything now! I think some of the error/warning messages are a bit excessive (e.g. you don't really need to warn the user about accessing potentially sensitive information if they are root. It just come with the territory...). I will make the minor adjustments to the comments that I feel are needed and resubmit the patch for the inclusion of this script over the weekend.
Many thanks for your work. I have other ideas for script for the contrib section if you want to continue contributing :)
Allan
_______________________________________________ pacman-dev mailing list pacman-dev@archlinux.org http://archlinux.org/mailman/listinfo/pacman-dev
Il Thursday 05 June 2008 17:20:55 Allan McRae ha scritto:
Great, this does everything now! I think some of the error/warning messages are a bit excessive (e.g. you don't really need to warn the user about accessing potentially sensitive information if they are root. It just come with the territory...). I will make the minor adjustments to the comments that I feel are needed and resubmit the patch for the inclusion of this script over the weekend.
Great
Many thanks for your work. I have other ideas for script for the contrib section if you want to continue contributing :)
Feel free to make your suggestions, I'd be glad to help as long as it's fun and especially as long as it's compatible with my limited scripting knowledge. ps: sorry for the empty message: the "reply" and "send message" buttons look awfully alike in kmail.
participants (2)
-
Allan McRae
-
Carlo Bersani