diff options
author | Allan McRae <allan@archlinux.org> | 2013-02-02 12:13:41 +1000 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2013-02-07 10:48:11 +1000 |
commit | f170a94c137d355cfebb7d1623b685f34a09081b (patch) | |
tree | bd514ab1c8894b9170b046a0c403d30947a53ef6 | |
parent | 274c3890b07bdb6faae7bbbd7535f73c26565f24 (diff) | |
download | pacman-f170a94c137d355cfebb7d1623b685f34a09081b.tar.xz |
makepkg: make $pkgdir non-accessible during build()
The idea of having separate build() and package() functions is that
build() is run as a normal uses and package() as (fake)root. Any
files placed in $pkgdir during build() can have the wrong permissions.
Restrict access to $pkgdir during build() - unless there is no package()
function.
Also, set $pkgdir to something "useful" during build(). For split
packages, this uses "<path>/pkg/$pkgbase" because it is not obvious
which $pkgdir is being referred to.
Signed-off-by: Allan McRae <allan@archlinux.org>
-rw-r--r-- | scripts/makepkg.sh.in | 42 |
1 files changed, 24 insertions, 18 deletions
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index bcc415b8..c464ec79 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -152,7 +152,7 @@ clean_up() { # If it's a clean exit and -c/--clean has been passed... msg "$(gettext "Cleaning up...")" - rm -rf "$pkgdir" "$srcdir" + rm -rf "$pkgdirbase" "$srcdir" if [[ -n $pkgbase ]]; then local fullver=$(get_full_version) # Can't do this unless the BUILDSCRIPT has been sourced. @@ -1519,7 +1519,7 @@ tidy_install() { if find "${pkgdir}" -type f -print0 | xargs -0 grep -q -I "${srcdir}" ; then warning "$(gettext "Package contains reference to %s")" "\$srcdir" fi - if find "${pkgdir}" -type f -print0 | xargs -0 grep -q -I "${pkgdir}" ; then + if find "${pkgdir}" -type f -print0 | xargs -0 grep -q -I "${pkgdirbase}" ; then warning "$(gettext "Package contains reference to %s")" "\$pkgdir" fi @@ -2344,16 +2344,14 @@ restore_package_variables() { run_split_packaging() { local pkgname_backup=${pkgname[@]} for pkgname in ${pkgname_backup[@]}; do - pkgdir="$pkgdir/$pkgname" - mkdir -p "$pkgdir" - chmod a-s "$pkgdir" + pkgdir="$pkgdirbase/$pkgname" + mkdir "$pkgdir" backup_package_variables run_package $pkgname tidy_install create_package create_debug_package restore_package_variables - pkgdir="${pkgdir%/*}" done pkgname=${pkgname_backup[@]} } @@ -2689,12 +2687,16 @@ epoch=${epoch:-0} if [[ $BUILDDIR = "$startdir" ]]; then srcdir="$BUILDDIR/src" - pkgdir="$BUILDDIR/pkg" + pkgdirbase="$BUILDDIR/pkg" else srcdir="$BUILDDIR/$pkgbase/src" - pkgdir="$BUILDDIR/$pkgbase/pkg" + pkgdirbase="$BUILDDIR/$pkgbase/pkg" + fi +# set pkgdir to something "sensible" for (not recommended) use during build() +pkgdir="$pkgdirbase/$pkgbase" + if (( GENINTEG )); then mkdir -p "$srcdir" chmod a-s "$srcdir" @@ -2767,9 +2769,10 @@ if (( INFAKEROOT )); then exit 0 # $E_OK fi + chmod 755 "$pkgdirbase" if (( ! SPLITPKG )); then - pkgdir="$pkgdir/$pkgname" - mkdir -p "$pkgdir" + pkgdir="$pkgdirbase/$pkgname" + mkdir "$pkgdir" if (( ! PKGFUNC )); then if (( ! REPKG )); then if (( BUILDFUNC )); then @@ -2786,7 +2789,6 @@ if (( INFAKEROOT )); then tidy_install create_package create_debug_package - pkgdir="${pkgdir%/*}" else run_split_packaging fi @@ -2881,7 +2883,7 @@ if (( NOEXTRACT )); then warning "$(gettext "Using existing %s tree")" "src/" elif (( REPKG )); then if (( ! PKGFUNC && ! SPLITPKG )) \ - && { [[ ! -d $pkgdir ]] || dir_is_empty "$pkgdir"; }; then + && { [[ ! -d $pkgdirbase ]] || dir_is_empty "$pkgdirbase"; }; then error "$(gettext "The package directory is empty, there is nothing to repackage!")" plain "$(gettext "Aborting...")" exit 1 @@ -2900,22 +2902,27 @@ if (( NOBUILD )); then exit 0 #E_OK else # check for existing pkg directory; don't remove if we are repackaging - if [[ -d $pkgdir ]] && (( ! REPKG || PKGFUNC || SPLITPKG )); then + if [[ -d $pkgdirbase ]] && (( ! REPKG || PKGFUNC || SPLITPKG )); then msg "$(gettext "Removing existing %s directory...")" "pkg/" - rm -rf "$pkgdir" + rm -rf "$pkgdirbase" fi - mkdir -p "$pkgdir" - chmod a-s "$pkgdir" + mkdir -p "$pkgdirbase" + chmod a-srwx "$pkgdirbase" cd_safe "$startdir" # if we are root or if fakeroot is not enabled, then we don't use it if ! check_buildenv "fakeroot" "y" || (( EUID == 0 )); then if (( ! REPKG )); then + if (( ! ( SPLITPKG || PKGFUNC ) )); then + chmod 755 "$pkgdirbase" + mkdir -p "$pkgdir" + fi (( BUILDFUNC )) && run_build (( CHECKFUNC )) && run_check fi + chmod 755 "$pkgdirbase" if (( ! SPLITPKG )); then - pkgdir="$pkgdir/$pkgname" + pkgdir="$pkgdirbase/$pkgname" mkdir -p "$pkgdir" if (( PKGFUNC )); then run_package @@ -2926,7 +2933,6 @@ else tidy_install create_package create_debug_package - pkgdir="${pkgdir%/*}" else run_split_packaging fi |