[pacman-dev] [PATCH] bacman - regenerate package from system
Carlo Bersani
carlocci at gmail.com
Wed Jun 4 12:51:57 EDT 2008
Il Wednesday 04 June 2008 05:55:55 Allan McRae ha scritto:
> Carlo Bersani wrote:
> > Hello,
> > I finally had a while to fix the permissions issue and to include
> > fakeroot support.
>
> Great, tested this with mlocate and the permissions get setup nicely. I
> did notice one regression though.
>
>
> We should add a warning here if fakeroot is missing so the user knows
> the permissions might be messy.
>
> The positioning of this block also needs to be considered, e.g.:
> > ./bacman
>
> Entering fakeroot environment
> This program recreates a package using pacman's db and system files
> Usage: bacman <installed package name>
> Example: bacman kernel26
>
Wops, that was stupid : )
I fixed that
> > + if [ -e "/$i" ]; then
> > + bsdtar -cnf - "/$i" 2> /dev/null | bsdtar -xpf -
> > + ret=${PIPESTATUS[0]}
> > else
> > echo "/$i" is missing: this might result in a broken
> > package fi
>
> The ret catch from bsdtar is not working correctly. E.g. making the
> sudo package where the user does not have permission to read
> /etc/sudoers no longer has that error caught.
>
And I even checked $PIPESTATUS behaviour before.
This looks like a problem with bsdtar which returns 0 even if the file is
missing:
carlocci ~/.abs/tmp $ bsdtar -cf foo.tar /etc/shadow && echo I\'m dumb!
bsdtar: Removing leading '/' from member names
bsdtar: /etc/shadow: could not open file: Permission denied
I'm dumb!
> Instead of checking $PIPESTATUS, how about checking the actual file is
> present:
>
> if [ ! -e $work_dir/$i ]; then
> ret=1
> fi
>
This is a nice workaround, as long as we can't trust bsdtar.
Here's the patch to the commit Allan made:
--- gitbacman 2008-06-03 19:02:14.000000000 +0200
+++ bacman 2008-06-04 18:43:19.000000000 +0200
@@ -43,12 +43,33 @@
fi
if [ "$1" = "--version" -o "$1" = "-v" ]; then
- echo "$progname version $version"
+ echo "$progname version $progver"
echo "Copyright (C) 2008 locci"
exit 0
fi
#
+# Fakeroot support
+#
+if [ $EUID -gt 0 ]; then
+ if [ -f /usr/bin/fakeroot ]; then
+ echo "Entering fakeroot environment"
+ export INFAKEROOT="1"
+ /usr/bin/fakeroot -u -- $0 $1
+ exit $?
+ else
+ echo "You should install fakeroot or run $progname as root"
+ echo "Otherwise $progname won't be able to preserve the owner:group
of the files"
+ exit 1
+ fi
+elif [ $EUID -eq 0 ] && [ -z $INFAKEROOT ]; then
+ echo
+ echo "CAUTION: you might be packaging security sensitive data!"
+ echo
+fi
+
+#
# Setting environmental variables
#
if [ ! -r /etc/pacman.conf ]; then
@@ -116,16 +137,21 @@
case $current in
%FILES%)
ret=0
- if [ -d "/$i" ]; then
- mkdir "$i" || ret=$?
- elif [ -f "/$i" ]; then
- cp -dp "/$i" "$i" || ret=$?
+ if [ -e "/$i" ]; then
+ bsdtar -cnf - "/$i" 2> /dev/null | bsdtar -xpf -
else
echo "/$i" is missing: this might result in a broken package
fi
- if [ $ret -ne 0 ]; then
- echo Error: unable to create /$i
+ # Workaround to bsdtar not reporting a missing file as an error
+ if [ ! -e "$work_dir"/"$i" ]; then
+ echo
+ echo "Error: unable to add /$i to the package"
+ echo "Check the file permissions, probably the file contains
important data"
+ echo "If you can't read it as a user, you probably should not
make a package"
+ echo "with it inside: it might result in a security hazard"
+ echo "Run $progname as root, if you know what you are doing"
+ echo
exit 1
fi
;;
@@ -152,6 +178,9 @@
#
echo Generating .PKGINFO metadata...
echo "# Generated by $progname $progver" > .PKGINFO
+if [ -n $INFAKEROOT ]; then
+ echo "# Using $(fakeroot -v)" >> .PKGINFO
+fi
echo "# $(LC_ALL=C date)" >> .PKGINFO
echo "#" >> .PKGINFO
@@ -208,7 +237,7 @@
# files
%BACKUP%)
# strip the md5sum after the tab
- echo "backup = ${i%% *}" >> .PKGINFO
+ echo "backup = ${i%%$'\t'*}" >> .PKGINFO
;;
# depends
@@ -228,6 +257,12 @@
done
#
+# Fixes owner:group and permissions for .PKGINFO, .CHANGELOG, .INSTALL
+#
+chown root:root $work_dir/{.PKGINFO,.CHANGELOG,.INSTALL} 2> /dev/null
+chmod 644 $work_dir/{.PKGINFO,.CHANGELOG,.INSTALL} 2> /dev/null
+
+#
# Generate the package
#
echo Generating the package...
@@ -237,6 +272,7 @@
if [ $ret -ne 0 ]; then
echo Error: unable to write package to $pkg_dest
echo Maybe the disk is full or you do not have write access
+ rm -rf $work_dir
exit 1
fi
@@ -247,3 +283,4 @@
exit 0
# vim: set ts=2 sw=2 noet:
+
Here's the whole script:
#!/bin/bash
#
# bacman: recreate a package from a running system
# This script rebuilds an already installed package using metadata
# stored into the pacman database and system files
#
# (c) 2008 - locci <carlocci_at_gmail_dot_com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
readonly progname="bacman"
readonly progver="0.1.2"
#
# User Friendliness
#
function usage(){
echo "This program recreates a package using pacman's db and system files"
echo "Usage: $progname <installed package name>"
echo "Example: $progname kernel26"
}
if [ $# -ne 1 ] ; then
usage
exit 1
fi
if [ "$1" = "--help" -o "$1" = "-h" ] ; then
usage
exit 0
fi
if [ "$1" = "--version" -o "$1" = "-v" ]; then
echo "$progname version $progver"
echo "Copyright (C) 2008 locci"
exit 0
fi
#
# Fakeroot support
#
if [ $EUID -gt 0 ]; then
if [ -f /usr/bin/fakeroot ]; then
echo "Entering fakeroot environment"
export INFAKEROOT="1"
/usr/bin/fakeroot -u -- $0 $1
exit $?
else
echo "You should install fakeroot or run $progname as root"
echo "Otherwise $progname won't be able to preserve the owner:group of
the files"
exit 1
fi
elif [ $EUID -eq 0 ] && [ -z $INFAKEROOT ]; then
echo
echo "CAUTION: you might be packaging security sensitive data!"
echo
fi
#
# Setting environmental variables
#
if [ ! -r /etc/pacman.conf ]; then
echo Error: unable to read /etc/pacman.conf
exit 1
fi
eval $(awk '/DBPath/ {print $1$2$3}' /etc/pacman.conf)
pac_db="${DBPath:-/var/lib/pacman/}/local"
if [ ! -r /etc/makepkg.conf ]; then
echo Error: unable to read /etc/makepkg.conf
exit 1
fi
source "/etc/makepkg.conf"
if [ -r ~/.makepkg.conf ]; then
source ~/.makepkg.conf
fi
pkg_arch=${CARCH:-'unknown'}
pkg_dest="${PKGDEST:-$PWD}"
pkg_pkger=${PACKAGER:-'Unknown Packager'}
pkg_name="$1"
pkg_dir="$(echo $pac_db/$pkg_name-[0-9]*)"
pkg_namver="${pkg_dir##*/}"
#
# Checks everything is in place
#
if [ ! -d "$pac_db" ] ; then
echo Error: pacman database directory ${pac_db} not found
exit 1
fi
if [ ! -d "$pkg_dir" ] ; then
echo Error: package ${pkg_name} not found in pacman database
exit 1
fi
#
# Begin
#
echo Package: ${pkg_namver}
work_dir=$(mktemp -d -p /tmp)
cd $work_dir || exit 1
#
# File copying
#
echo Copying package files...
cat "$pkg_dir"/files |
while read i; do
if [ -z "$i" ] ; then
continue
fi
if [[ "$i" =~ %[A-Z]*% ]] ; then
current=$i
continue
fi
case $current in
%FILES%)
ret=0
if [ -e "/$i" ]; then
bsdtar -cnf - "/$i" 2> /dev/null | bsdtar -xpf -
else
echo "/$i" is missing: this might result in a broken package
fi
# Workaround to bsdtar not reporting a missing file as an error
if [ ! -e "$work_dir"/"$i" ]; then
echo
echo "Error: unable to add /$i to the package"
echo "Check the file permissions, probably the file contains
important data"
echo "If you can't read it as a user, you probably should not
make a package"
echo "with it inside: it might result in a security hazard"
echo "Run $progname as root, if you know what you are doing"
echo
exit 1
fi
;;
esac
done
ret=$?
if [ $ret -ne 0 ]; then
rm -rf $work_dir
exit 1
fi
pkg_size=$(du -sk | awk '{print $1 * 1024}')
if [ -f "$pkg_dir/install" ] ; then
cp "$pkg_dir/install" "$work_dir/.INSTALL"
fi
if [ -f $pkg_dir/changelog ] ; then
cp "$pkg_dir/changelog" "$work_dir/.CHANGELOG"
fi
#
# .PKGINFO stuff
#
echo Generating .PKGINFO metadata...
echo "# Generated by $progname $progver" > .PKGINFO
if [ -n $INFAKEROOT ]; then
echo "# Using $(fakeroot -v)" >> .PKGINFO
fi
echo "# $(LC_ALL=C date)" >> .PKGINFO
echo "#" >> .PKGINFO
cat "$pkg_dir"/{desc,files,depends} |
while read i; do
if [[ -z "$i" ]]; then
continue;
fi
if [[ "$i" =~ %[A-Z]*% ]] ; then
current=$i
continue
fi
case "$current" in
# desc
%NAME%)
echo "pkgname = $i" >> .PKGINFO
;;
%VERSION%)
echo "pkgver = $i" >> .PKGINFO
;;
%DESC%)
echo "pkgdesc = $i" >> .PKGINFO
;;
%URL%)
echo "url = $i" >> .PKGINFO
;;
%LICENSE%)
echo "license = $i" >> .PKGINFO
;;
%ARCH%)
echo "arch = $i" >> .PKGINFO
;;
%BUILDDATE%)
echo "builddate = $(date -u "+%s")" >> .PKGINFO
;;
%PACKAGER%)
echo "packager = $pkg_pkger" >> .PKGINFO
;;
%SIZE%)
echo "size = $pkg_size" >> .PKGINFO
;;
%GROUPS%)
echo "group = $i" >> .PKGINFO
;;
%REPLACES%)
echo "replaces = $i" >> .PKGINFO
;;
%FORCE%)
echo "force = true" >> .PKGINFO
;;
# files
%BACKUP%)
# strip the md5sum after the tab
echo "backup = ${i%%$'\t'*}" >> .PKGINFO
;;
# depends
%DEPENDS%)
echo "depend = $i" >> .PKGINFO
;;
%OPTDEPENDS%)
echo "optdepend = $i" >> .PKGINFO
;;
%CONFLICTS%)
echo "conflict = $i" >> .PKGINFO
;;
%PROVIDES%)
echo "provides = $i" >> .PKGINFO
;;
esac
done
#
# Fixes owner:group and permissions for .PKGINFO, .CHANGELOG, .INSTALL
#
chown root:root $work_dir/{.PKGINFO,.CHANGELOG,.INSTALL} 2> /dev/null
chmod 644 $work_dir/{.PKGINFO,.CHANGELOG,.INSTALL} 2> /dev/null
#
# Generate the package
#
echo Generating the package...
ret=0
bsdtar -czf "$pkg_dest/$pkg_namver-$pkg_arch.tar.gz" $(ls -A) || ret=$?
if [ $ret -ne 0 ]; then
echo Error: unable to write package to $pkg_dest
echo Maybe the disk is full or you do not have write access
rm -rf $work_dir
exit 1
fi
rm -rf $work_dir
echo Done
exit 0
# vim: set ts=2 sw=2 noet:
More information about the pacman-dev
mailing list