mirror of
git://slackware.nl/current.git
synced 2024-12-29 10:25:00 +01:00
1e755d579a
Several ELF objects were found to have rpaths pointing into /tmp, a world writable directory. This could have allowed a local attacker to launch denial of service attacks or execute arbitrary code when the affected binaries are run by placing crafted ELF objects in the /tmp rpath location. All rpaths with an embedded /tmp path have been scrubbed from the binaries, and makepkg has gained a lint feature to detect these so that they won't creep back in. a/kernel-firmware-20241001_95bfe08-noarch-1.txz: Upgraded. a/kernel-generic-6.10.12-x86_64-1.txz: Upgraded. a/pkgtools-15.1-noarch-12.txz: Rebuilt. makepkg: when looking for ELF objects with --remove-rpaths or --remove-tmp-rpaths, avoid false hits on files containing 'ELF' as part of the directory or filename. Also warn about /tmp rpaths after the package is built. ap/cups-2.4.11-x86_64-1.txz: Upgraded. ap/cups-browsed-2.0.1-x86_64-2.txz: Rebuilt. Mitigate security issue that could lead to a denial of service or the execution of arbitrary code. Rebuilt with --with-browseremoteprotocols=none to disable incoming connections, since this daemon has been shown to be insecure. If you actually use cups-browsed, be sure to install the new /etc/cups/cups-browsed.conf.new containing this line: BrowseRemoteProtocols none For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47176 (* Security fix *) d/kernel-headers-6.10.12-x86-1.txz: Upgraded. d/llvm-18.1.8-x86_64-3.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) d/luajit-2.1.1727621189-x86_64-1.txz: Upgraded. d/ruby-3.3.5-x86_64-2.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) k/kernel-source-6.10.12-noarch-1.txz: Upgraded. kde/kimageformats-5.116.0-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. kde/kio-extras-23.08.5-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. kde/krita-5.2.5-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. kde/libindi-2.1.0-x86_64-1.txz: Upgraded. l/cryfs-0.10.3-x86_64-13.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) l/espeak-ng-1.51.1-x86_64-2.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) l/ffmpeg-7.1-x86_64-1.txz: Upgraded. l/gegl-0.4.48-x86_64-3.txz: Rebuilt. Recompiled against openexr-3.3.0. l/gst-plugins-bad-free-1.24.8-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. l/imagemagick-7.1.1_38-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. l/libgsf-1.14.53-x86_64-1.txz: Upgraded. l/librsvg-2.58.5-x86_64-1.txz: Upgraded. l/libvncserver-0.9.14-x86_64-3.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) l/mozjs128-128.3.0esr-x86_64-1.txz: Upgraded. l/netpbm-11.08.00-x86_64-1.txz: Upgraded. l/opencv-4.10.0-x86_64-3.txz: Rebuilt. Recompiled against openexr-3.3.0. l/openexr-3.3.0-x86_64-1.txz: Upgraded. Shared library .so-version bump. l/python-glad2-2.0.8-x86_64-1.txz: Upgraded. l/python-pyproject-hooks-1.2.0-x86_64-1.txz: Upgraded. l/spirv-llvm-translator-18.1.4-x86_64-2.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) l/woff2-20231106_0f4d304-x86_64-2.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) n/openobex-1.7.2-x86_64-6.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) x/marisa-0.2.6-x86_64-11.txz: Rebuilt. Remove rpaths from binaries. (* Security fix *) xap/gimp-2.10.38-x86_64-2.txz: Rebuilt. Recompiled against openexr-3.3.0. xap/mozilla-firefox-128.3.0esr-x86_64-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/128.3.0/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-47 https://www.cve.org/CVERecord?id=CVE-2024-9392 https://www.cve.org/CVERecord?id=CVE-2024-9393 https://www.cve.org/CVERecord?id=CVE-2024-9394 https://www.cve.org/CVERecord?id=CVE-2024-8900 https://www.cve.org/CVERecord?id=CVE-2024-9396 https://www.cve.org/CVERecord?id=CVE-2024-9397 https://www.cve.org/CVERecord?id=CVE-2024-9398 https://www.cve.org/CVERecord?id=CVE-2024-9399 https://www.cve.org/CVERecord?id=CVE-2024-9400 https://www.cve.org/CVERecord?id=CVE-2024-9401 https://www.cve.org/CVERecord?id=CVE-2024-9402 (* Security fix *) xap/xlockmore-5.80-x86_64-1.txz: Upgraded. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. testing/packages/kernel-generic-6.11.1-x86_64-1.txz: Upgraded. testing/packages/kernel-headers-6.11.1-x86-1.txz: Upgraded. testing/packages/kernel-source-6.11.1-noarch-1.txz: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.
510 lines
18 KiB
Bash
510 lines
18 KiB
Bash
#!/bin/bash
|
|
# Copyright 1994, 1998, 2008 Patrick Volkerding, Moorhead, Minnesota USA
|
|
# Copyright 2003 Slackware Linux, Inc. Concord, CA USA
|
|
# Copyright 2009, 2015, 2017, 2018, 2019, 2024 Patrick J. Volkerding, Sebeka, MN, USA
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use of this script, with or without modification, is
|
|
# permitted provided that the following conditions are met:
|
|
#
|
|
# 1. Redistributions of this script must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
|
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
|
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
|
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
|
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
|
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
#
|
|
# Fri Sep 27 19:50:49 UTC 2024
|
|
# Warn about the presence of rpaths in ELF objects so that the packager can
|
|
# decide what to do about them, if anything. They could be removed by adding
|
|
# something to the SlackBuild to do it, or with one of these new options:
|
|
# --remove-rpaths (remove all rpaths from ELF objects. It's possible this could
|
|
# break some things)
|
|
# --remove-tmp-rpaths (remove rpaths from any ELF object containing an rpath
|
|
# that references the /tmp directory. This is likely safe to do and prevents
|
|
# evil object attacks in /tmp)
|
|
#
|
|
# Mon 2 Jul 15:32:14 UTC 2018
|
|
# Sort file lists and support SOURCE_DATE_EPOCH, for reproducibility.
|
|
#
|
|
# Mon May 21 18:31:20 UTC 2018
|
|
# Add --compress option, usually used to change the preset compression level
|
|
# or block size.
|
|
#
|
|
# Tue Feb 13 00:46:12 UTC 2018
|
|
# Use recent tar, and support storing POSIX ACLs and extended attributes.
|
|
#
|
|
# Tue Dec 12 21:55:59 UTC 2017
|
|
# If possible, use multiple compression threads.
|
|
#
|
|
# Wed Sep 23 18:36:43 UTC 2015
|
|
# Support spaces in file/directory names. <alphageek>
|
|
#
|
|
# Sun Apr 5 21:23:26 CDT 2009
|
|
# Support .tgz, .tbz, .tlz, and .txz packages. <volkerdi>
|
|
#
|
|
# Fri Nov 26 13:53:36 GMT 2004
|
|
# Patched to chmod 755 the package's root directory if needed, then restore
|
|
# previous permissions after the package has been created. <sw>
|
|
#
|
|
# Wed Mar 18 15:32:33 CST 1998
|
|
# Patched to avoid possible symlink attacks in /tmp.
|
|
|
|
CWD=$(pwd)
|
|
|
|
umask 022
|
|
|
|
make_install_script() {
|
|
TAB="$(echo -e "\t")"
|
|
COUNT=1
|
|
while :; do
|
|
LINE="$(sed -n "$COUNT p" $1)"
|
|
if [ "$LINE" = "" ]; then
|
|
break
|
|
fi
|
|
LINKGOESIN="$(echo "$LINE" | cut -f 1 -d "$TAB")"
|
|
LINKGOESIN="$(dirname "$LINKGOESIN")"
|
|
LINKNAMEIS="$(echo "$LINE" | cut -f 1 -d "$TAB")"
|
|
LINKNAMEIS="$(basename "$LINKNAMEIS")"
|
|
LINKPOINTSTO="$(echo "$LINE" | cut -f 2 -d "$TAB")"
|
|
echo "( cd $LINKGOESIN ; rm -rf $LINKNAMEIS )"
|
|
echo "( cd $LINKGOESIN ; ln -sf $LINKPOINTSTO $LINKNAMEIS )"
|
|
COUNT=$(expr $COUNT + 1)
|
|
done
|
|
}
|
|
|
|
usage() {
|
|
cat << EOF
|
|
|
|
Usage: makepkg package_name.tgz
|
|
(or: package_name.tbz, package_name.tlz, package_name.txz)
|
|
|
|
Makes a Slackware compatible package containing the contents of the current
|
|
and all subdirectories. If symbolic links exist, they will be removed and
|
|
an installation script will be made to recreate them later. This script will
|
|
be called "install/doinst.sh". You may add any of your own ash-compatible
|
|
shell scripts to this file and rebuild the package if you wish.
|
|
|
|
options: -l, --linkadd y|n (moves symlinks into doinst.sh: recommended)
|
|
-p, --prepend (prepend rather than append symlinks to an existing
|
|
doinst.sh. Useful to link libraries needed by programs in
|
|
the doinst.sh script)
|
|
-c, --chown y|n (resets all permissions to root:root 755 - not
|
|
generally recommended)
|
|
--threads <number> For xz/plzip compressed packages, set the max
|
|
number of threads to be used for compression. Only has an
|
|
effect on large packages. For plzip, the default is equal to
|
|
the number of CPU threads available on the machine. For xz,
|
|
the default is equal to 2 (due to commonly occuring memory
|
|
related failures when using many threads with multi-threaded
|
|
xz compression).
|
|
--compress <option> Supply a custom option to the compressor.
|
|
This will be used in place of the default, which is: -9
|
|
--acls Support storing POSIX ACLs in the package. The resulting
|
|
package will not be compatible with pkgtools version < 15.0.
|
|
--xattrs Support storing extended attributes in the package. The
|
|
resulting package will not be compatible with pkgtools
|
|
version < 15.0.
|
|
--remove-rpaths (remove all rpaths from ELF objects)
|
|
--remove-tmp-rpaths (remove rpaths from ELF objects if we find one
|
|
that contains '/tmp')
|
|
|
|
If these options are not set, makepkg will prompt if appropriate.
|
|
EOF
|
|
}
|
|
|
|
TMP=/tmp # This can be a hole, but I'm going to be careful about file
|
|
# creation in there, so don't panic. :^)
|
|
|
|
# Set maximum number of threads to use. By default, this will be the number
|
|
# of CPU threads:
|
|
THREADS="$(nproc)"
|
|
|
|
# Set default compression option.
|
|
COMPRESS_OPTION="-9"
|
|
|
|
# Parse options
|
|
unset ACLS XATTRS
|
|
while [ 0 ]; do
|
|
if [ "$1" = "--linkadd" -o "$1" = "-l" ]; then
|
|
if [ "$2" = "y" ]; then
|
|
LINKADD=y
|
|
elif [ "$2" = "n" ]; then
|
|
LINKADD=n
|
|
else
|
|
usage
|
|
exit 2
|
|
fi
|
|
shift 2
|
|
elif [ "$1" = "--chown" -o "$1" = "-c" ]; then
|
|
if [ "$2" = "y" ]; then
|
|
CHOWN=y
|
|
elif [ "$2" = "n" ]; then
|
|
CHOWN=n
|
|
else
|
|
usage
|
|
exit 2
|
|
fi
|
|
shift 2
|
|
elif [ "$1" = "-p" -o "$1" = "--prepend" ]; then
|
|
PREPEND=y
|
|
shift 1
|
|
elif [ "$1" = "-threads" -o "$1" = "--threads" ]; then
|
|
THREADS="$2"
|
|
shift 2
|
|
XZ_THREADS_FORCED=yes
|
|
elif [ "$1" = "-compress" -o "$1" = "--compress" ]; then
|
|
COMPRESS_OPTION="$2"
|
|
shift 2
|
|
elif [ "$1" = "--acls" ]; then
|
|
ACLS="--acls"
|
|
shift 1
|
|
elif [ "$1" = "--xattrs" ]; then
|
|
XATTRS="--xattrs"
|
|
shift 1
|
|
elif [ "$1" = "--remove-tmp-rpaths" ]; then
|
|
REMOVE_TMP_RPATHS="true"
|
|
shift 1
|
|
elif [ "$1" = "--remove-rpaths" ]; then
|
|
REMOVE_RPATHS="true"
|
|
shift 1
|
|
elif [ "$1" = "-h" -o "$1" = "-H" -o "$1" = "--help" -o $# = 0 ]; then
|
|
usage
|
|
exit 0
|
|
else
|
|
break
|
|
fi
|
|
done
|
|
|
|
unset MTIME
|
|
if [ -n "${SOURCE_DATE_EPOCH}" ]; then
|
|
MTIME="--clamp-mtime --mtime=@${SOURCE_DATE_EPOCH}"
|
|
fi
|
|
|
|
PACKAGE_NAME="$1"
|
|
TARGET_NAME="$(dirname $PACKAGE_NAME)"
|
|
PACKAGE_NAME="$(basename $PACKAGE_NAME)"
|
|
|
|
# Identify package extension and compression type to use:
|
|
if [ ! "$(basename $PACKAGE_NAME .tgz)" = "$PACKAGE_NAME" ]; then
|
|
EXTENSION="tgz"
|
|
COMPEXT="gz"
|
|
COMPRESSOR="gzip ${COMPRESS_OPTION} -cn"
|
|
if ! which gzip 1> /dev/null 2> /dev/null ; then
|
|
echo "ERROR: gzip compression utility not found in \$PATH."
|
|
exit 3
|
|
fi
|
|
elif [ ! "$(basename $PACKAGE_NAME .tar.gz)" = "$PACKAGE_NAME" ]; then
|
|
EXTENSION="tar.gz"
|
|
COMPRESSOR="gzip ${COMPRESS_OPTION} -cn"
|
|
if ! which gzip 1> /dev/null 2> /dev/null ; then
|
|
echo "ERROR: gzip compression utility not found in \$PATH."
|
|
exit 3
|
|
fi
|
|
elif [ ! "$(basename $PACKAGE_NAME .tbz)" = "$PACKAGE_NAME" ]; then
|
|
EXTENSION="tbz"
|
|
if which lbzip2 1> /dev/null 2> /dev/null ; then
|
|
COMPRESSOR="lbzip2 ${COMPRESS_OPTION} -c"
|
|
else
|
|
if which bzip2 1> /dev/null 2> /dev/null ; then
|
|
COMPRESSOR="bzip2 ${COMPRESS_OPTION} -c"
|
|
else
|
|
echo "ERROR: bzip2 compression utility not found in \$PATH."
|
|
exit 3
|
|
fi
|
|
fi
|
|
elif [ ! "$(basename $PACKAGE_NAME .tar.bz2)" = "$PACKAGE_NAME" ]; then
|
|
EXTENSION="tar.bz2"
|
|
if which lbzip2 1> /dev/null 2> /dev/null ; then
|
|
COMPRESSOR="lbzip2 ${COMPRESS_OPTION} -c"
|
|
else
|
|
if which bzip2 1> /dev/null 2> /dev/null ; then
|
|
COMPRESSOR="bzip2 ${COMPRESS_OPTION} -c"
|
|
else
|
|
echo "ERROR: bzip2 compression utility not found in \$PATH."
|
|
exit 3
|
|
fi
|
|
fi
|
|
elif [ ! "$(basename $PACKAGE_NAME .tlz)" = "$PACKAGE_NAME" ]; then
|
|
EXTENSION="tlz"
|
|
if which plzip 1> /dev/null 2> /dev/null ; then
|
|
COMPRESSOR="plzip ${COMPRESS_OPTION} --threads=${THREADS} -c"
|
|
else
|
|
echo "WARNING: plzip compression utility not found in \$PATH."
|
|
echo "WARNING: package will not support multithreaded decompression."
|
|
if which lzip 1> /dev/null 2> /dev/null ; then
|
|
COMPRESSOR="lzip ${COMPRESS_OPTION} -c"
|
|
else
|
|
echo "ERROR: lzip compression utility not found in \$PATH."
|
|
exit 3
|
|
fi
|
|
fi
|
|
elif [ ! "$(basename $PACKAGE_NAME .tar.lz)" = "$PACKAGE_NAME" ]; then
|
|
EXTENSION="tar.lz"
|
|
if which plzip 1> /dev/null 2> /dev/null ; then
|
|
COMPRESSOR="plzip ${COMPRESS_OPTION} --threads=${THREADS} -c"
|
|
else
|
|
echo "WARNING: plzip compression utility not found in \$PATH."
|
|
echo "WARNING: package will not support multithreaded decompression."
|
|
if which lzip 1> /dev/null 2> /dev/null ; then
|
|
COMPRESSOR="lzip ${COMPRESS_OPTION} -c"
|
|
else
|
|
echo "ERROR: lzip compression utility not found in \$PATH."
|
|
exit 3
|
|
fi
|
|
fi
|
|
elif [ ! "$(basename $PACKAGE_NAME .tar.lzma)" = "$PACKAGE_NAME" ]; then
|
|
EXTENSION="tar.lzma"
|
|
COMPRESSOR="lzma ${COMPRESS_OPTION} -c"
|
|
if ! which lzma 1> /dev/null 2> /dev/null ; then
|
|
echo "ERROR: lzma compression utility not found in \$PATH."
|
|
exit 3
|
|
fi
|
|
elif [ ! "$(basename $PACKAGE_NAME .txz)" = "$PACKAGE_NAME" ]; then
|
|
EXTENSION="txz"
|
|
if [ ! "$XZ_THREADS_FORCED" = "yes" ]; then
|
|
if [[ "$(uname -m)" =~ (x86_64|aarch64|riscv64) ]]; then
|
|
# Allow xz to determine how many threads to use:
|
|
COMPRESSOR="xz ${COMPRESS_OPTION} --threads=0 -c"
|
|
else
|
|
# Default to 2 threads on 32-bit platforms:
|
|
COMPRESSOR="xz ${COMPRESS_OPTION} --threads=2 -c"
|
|
fi
|
|
else
|
|
COMPRESSOR="xz ${COMPRESS_OPTION} --threads=${THREADS} -c"
|
|
fi
|
|
if ! which xz 1> /dev/null 2> /dev/null ; then
|
|
echo "ERROR: xz compression utility not found in \$PATH."
|
|
exit 3
|
|
fi
|
|
elif [ ! "$(basename $PACKAGE_NAME .tar.xz)" = "$PACKAGE_NAME" ]; then
|
|
EXTENSION="tar.xz"
|
|
if [ ! "$XZ_THREADS_FORCED" = "yes" ]; then
|
|
if [[ "$(uname -m)" =~ (x86_64|aarch64|riscv64) ]]; then
|
|
# Allow xz to determine how many threads to use:
|
|
COMPRESSOR="xz ${COMPRESS_OPTION} --threads=0 -c"
|
|
else
|
|
# Default to 2 threads on 32-bit platforms:
|
|
COMPRESSOR="xz ${COMPRESS_OPTION} --threads=2 -c"
|
|
fi
|
|
else
|
|
COMPRESSOR="xz ${COMPRESS_OPTION} --threads=${THREADS} -c"
|
|
fi
|
|
if ! which xz 1> /dev/null 2> /dev/null ; then
|
|
echo "ERROR: xz compression utility not found in \$PATH."
|
|
exit 3
|
|
fi
|
|
else
|
|
EXTENSION="$(echo $PACKAGE_NAME | rev | cut -f 1 -d . | rev)"
|
|
echo "ERROR: Package extension .$EXTENSION is not supported."
|
|
exit 1
|
|
fi
|
|
|
|
TAR_NAME="$(basename $PACKAGE_NAME .$EXTENSION)"
|
|
|
|
# Sanity check -- we can't make the package in the current directory:
|
|
if [ "$CWD" = "$TARGET_NAME" -o "." = "$TARGET_NAME" ]; then
|
|
echo "ERROR: Can't make output package in current directory."
|
|
exit 2
|
|
fi
|
|
|
|
echo
|
|
echo "Slackware package maker, version 3.14159265."
|
|
echo
|
|
echo "Searching for symbolic links:"
|
|
# Get rid of possible pre-existing trouble:
|
|
INST=$(mktemp $TMP/makepkg.XXXXXX)
|
|
# Escape some characters in symlink names:
|
|
find . -type l -printf "%p\t%l\n" | LC_COLLATE=C sort | sed 's,^\./,,; s,[ "#$&\x27()*;<>?[\\`{|~],\\&,g;' | tee $INST
|
|
if [ ! "$(cat $INST)" = "" ]; then
|
|
echo
|
|
echo "Making symbolic link creation script:"
|
|
make_install_script $INST | tee doinst.sh
|
|
fi
|
|
echo
|
|
if [ ! "$(cat $INST)" = "" ]; then
|
|
if [ -r install/doinst.sh ]; then
|
|
echo "Unless your existing installation script already contains the code"
|
|
echo "to create these links, you should append these lines to your existing"
|
|
echo "install script. Now's your chance. :^)"
|
|
echo
|
|
echo "Would you like to add this stuff to the existing install script and"
|
|
echo -n "remove the symbolic links ([y]es, [n]o)? "
|
|
else
|
|
echo "It is recommended that you make these lines your new installation script."
|
|
echo
|
|
echo "Would you like to make this stuff the install script for this package"
|
|
echo -n "and remove the symbolic links ([y]es, [n]o)? "
|
|
fi
|
|
if [ ! "$LINKADD" ]; then
|
|
read LINKADD;
|
|
echo
|
|
else
|
|
echo $LINKADD
|
|
echo
|
|
fi
|
|
if [ "$LINKADD" = "y" ]; then
|
|
if [ -r install/doinst.sh ]; then
|
|
UPDATE="t"
|
|
if [ "$PREPEND" = "y" ]; then
|
|
touch install/doinst.sh
|
|
mv install/doinst.sh install/doinst.sh.shipped
|
|
cat doinst.sh > install/doinst.sh
|
|
echo "" >> install/doinst.sh
|
|
cat install/doinst.sh.shipped >> install/doinst.sh
|
|
rm -f install/doinst.sh.shipped
|
|
else
|
|
cat doinst.sh >> install/doinst.sh
|
|
fi
|
|
else
|
|
mkdir -p install
|
|
cat doinst.sh > install/doinst.sh
|
|
fi
|
|
echo
|
|
echo "Removing symbolic links:"
|
|
find . -type l -exec rm -v {} \;
|
|
echo
|
|
if [ "$UPDATE" = "t" ]; then
|
|
if [ "$PREPEND" = "y" ]; then
|
|
echo "Updating your ./install/doinst.sh (prepending symlinks)..."
|
|
else
|
|
echo "Updating your ./install/doinst.sh..."
|
|
fi
|
|
else
|
|
echo "Creating your new ./install/doinst.sh..."
|
|
fi
|
|
fi
|
|
else
|
|
echo "No symbolic links were found, so we won't make an installation script."
|
|
echo "You can make your own later in ./install/doinst.sh and rebuild the"
|
|
echo "package if you like."
|
|
fi
|
|
rm -f doinst.sh $INST
|
|
echo
|
|
echo "This next step is optional - you can set the directories in your package"
|
|
echo "to some sane permissions. If any of the directories in your package have"
|
|
echo "special permissions, then DO NOT reset them here!"
|
|
echo
|
|
echo "Would you like to reset all directory permissions to 755 (drwxr-xr-x) and"
|
|
echo -n "directory ownerships to root.root ([y]es, [n]o)? "
|
|
if [ ! "$CHOWN" ]; then
|
|
read CHOWN;
|
|
echo
|
|
else
|
|
echo $CHOWN
|
|
echo
|
|
fi
|
|
if [ "$CHOWN" = "y" ]; then
|
|
find . -type d -exec chmod -v 755 {} \;
|
|
find . -type d -exec chown -v root:root {} \;
|
|
fi
|
|
|
|
# Ensure that the 'root' of the package is chmod 755 because
|
|
# the / of your filesystem will inherit these permissions.
|
|
# If it's anything tighter than 755 then bad things happen such as users
|
|
# not being able to login, users already logged in can no longer run commands
|
|
# and so on.
|
|
OLDROOTPERMS="$(find -name . -printf "%m\n")"
|
|
if [ $OLDROOTPERMS -ne 755 ]; then
|
|
echo "WARNING: $PWD is chmod $OLDROOTPERMS"
|
|
echo " temporarily changing to chmod 755"
|
|
chmod 755 .
|
|
fi
|
|
|
|
# Detect/warn/remove rpaths from ELF objects:
|
|
for ELFOBJ in $(find . -type f | xargs file | grep ' ELF ' | cut -f 1 -d :) ; do
|
|
if objdump -p "$ELFOBJ" 2>/dev/null | grep -q R.*PATH ; then
|
|
if [ "$REMOVE_RPATHS" = "true" ]; then
|
|
echo "Removing rpath from: $ELFOBJ"
|
|
patchelf --remove-rpath "$ELFOBJ"
|
|
elif [ "$REMOVE_TMP_RPATHS" = "true" ]; then
|
|
if objdump -p "$ELFOBJ" 2>/dev/null | grep -q R.*PATH.*/tmp ; then
|
|
echo "Removing /tmp rpath from: $ELFOBJ"
|
|
patchelf --remove-rpath "$ELFOBJ"
|
|
fi
|
|
else # just warn:
|
|
if objdump -p "$ELFOBJ" 2>/dev/null | grep -q R.*PATH.*/tmp ; then
|
|
echo "WARNING: */tmp* rpath found in $ELFOBJ: $(objdump -p "$ELFOBJ" 2>/dev/null | grep R.*PATH)"
|
|
# This is important, so we'll notify again after the package is built:
|
|
NOTIFY_INSECURE_RPATH=" WARNING: */tmp* rpath found in $ELFOBJ: $(objdump -p "$ELFOBJ" 2>/dev/null | grep R.*PATH)"
|
|
else
|
|
echo "WARNING: rpath found in $ELFOBJ: $(objdump -p "$ELFOBJ" 2>/dev/null | grep R.*PATH)"
|
|
fi
|
|
fi
|
|
fi
|
|
done
|
|
echo
|
|
|
|
echo "Creating Slackware package: ${TARGET_NAME}/${TAR_NAME}.${EXTENSION}"
|
|
echo
|
|
rm -f ${TARGET_NAME}/${TAR_NAME}.${EXTENSION}
|
|
|
|
# HISTORICAL NOTE 2/2018:
|
|
# In the interest of maximizing portability of this script, we'll use find
|
|
# and sed to create a filelist compatible with tar-1.13, and then use a
|
|
# more modern tar version to create the archive.
|
|
#
|
|
# Other (but possibly less portable) ways to achieve the same result:
|
|
#
|
|
# Use the tar --transform and --show-transformed-names options:
|
|
# tar --transform "s,^\./\(.\),\1," --show-transformed-names $ACLS $XATTRS -cvf - . | $COMPRESSOR > ${TARGET_NAME}/${TAR_NAME}.${EXTENSION}
|
|
#
|
|
# Use cpio:
|
|
# find ./ | sed '2,$s,^\./,,' | cpio --quiet -ovHustar > ${TARGET_NAME}/${TAR_NAME}.tar
|
|
|
|
# Create the package:
|
|
find ./ | LC_COLLATE=C sort | sed '2,$s,^\./,,' | tar --no-recursion $ACLS $XATTRS $MTIME -T - -cvf - | $COMPRESSOR > ${TARGET_NAME}/${TAR_NAME}.${EXTENSION}
|
|
ERRCODE=$?
|
|
if [ ! $ERRCODE = 0 ]; then
|
|
echo "ERROR: $COMPRESSOR returned error code $ERRCODE -- makepkg failed."
|
|
exit 1
|
|
fi
|
|
|
|
# Warn of zero-length files:
|
|
find . -type f -size 0c | cut -b3- | sed "s/^/WARNING: zero length file /g"
|
|
|
|
# Warn of corrupt or empty gzip files:
|
|
find . -type f -name '*.gz' | while read file ; do
|
|
if ! gzip -t $file 1> /dev/null 2> /dev/null ; then
|
|
echo "WARNING: gzip test failed on $(echo $file | cut -b3-)"
|
|
else
|
|
if [ "$(gzip -l $file | tail -n 1 | tr -s ' ' | cut -f 3 -d ' ')" -eq 0 ]; then
|
|
echo "WARNING: $(echo $file | cut -b3-) is an empty gzipped file"
|
|
fi
|
|
fi
|
|
done
|
|
|
|
# Some more handy warnings:
|
|
if [ -d usr/share/man ]; then
|
|
echo "WARNING: /usr/share/man (with possibly not gzipped man pages) detected"
|
|
fi
|
|
|
|
if [ -d usr/share/info ]; then
|
|
echo "WARNING: /usr/share/info (with possibly not gzipped info pages) detected"
|
|
fi
|
|
|
|
if find . | grep site_perl 1> /dev/null ; then
|
|
echo "WARNING: site_perl directory detected (this is fine for a local package build)"
|
|
fi
|
|
|
|
# Restore the old permissions if they previously weren't chmod 755
|
|
if [ $OLDROOTPERMS -ne 755 ]; then
|
|
echo
|
|
echo "Restoring permissions of $PWD to chmod $OLDROOTPERMS"
|
|
chmod $OLDROOTPERMS .
|
|
fi
|
|
|
|
echo
|
|
echo "Slackware package ${TARGET_NAME}/${TAR_NAME}.${EXTENSION} created."
|
|
if [ ! -z "$NOTIFY_INSECURE_RPATH" ]; then
|
|
echo "WARNING: detected at least one insecure /tmp rpath:"
|
|
echo $NOTIFY_INSECURE_RPATH
|
|
fi
|
|
echo
|