From: Steve Youngs Date: Wed, 12 Mar 2014 08:05:16 +0000 (+1000) Subject: A truck load of updates/fixes/tweaks X-Git-Url: http://cgit.sxemacs.org/?p=pkgusr;a=commitdiff_plain;h=222d19f0a3e070995716ea83df13b3c0758c913a;hp=90738259aed952673346ee99b8481ecc9469ce05 A truck load of updates/fixes/tweaks * fixes/updates: A few more minor tweaks. Fix nasty bug in chmod, plus minor fixes. Fix a bug that was exposed by the SXEmacs configure script. Try to make it easier for when I update the build script template. Fix a bunch of little things from the previous changeset. Major overhaul -- most scripts rewritten or updated. --- diff --git a/LFS-pkgusr-hint.txt b/LFS-pkgusr-hint.txt index 49c7356..50e64dd 100644 --- a/LFS-pkgusr-hint.txt +++ b/LFS-pkgusr-hint.txt @@ -1,30 +1,30 @@ AUTHOR: Matthias S. Benkmann
-DATE: 2005-11-13 +DATE: 2007-10-20 -LICENSE: Creative Commons Attribution-NoDerivs 2.0 - (http://creativecommons.org/licenses/by-nd/2.0/) +LICENSE: Creative Commons Attribution-Share Alike 3.0 + (http://creativecommons.org/licenses/by-sa/3.0/) -SYNOPSIS: More Control and Package Management using Package Users (v1.2) +SYNOPSIS: More Control and Package Management using Package Users (v1.4) DESCRIPTION: --You want to know which packages your files belong to ? --You want to deinstall software that doesn't have make uninstall ? --You are bothered by programs installed setuid root behind your back ? +-You want to know which packages your files belong to ? +-You want to deinstall software that doesn't have make uninstall ? +-You are bothered by programs installed setuid root behind your back ? -You don't like packages quietly overwriting files from other packages ? --You don't like package managers like RPM ? --YOU WANT TOTAL CONTROL USING ONLY UNIX BUILTINS ? +-You don't like package managers like RPM ? +-YOU WANT TOTAL CONTROL USING ONLY UNIX BUILTINS ? ATTACHMENTS: http://www.linuxfromscratch.org/hints/downloads/attachments/more_control_and_pkg_man/more_control_helpers.tar.bz2 PREREQUISITES: -For use with LFS book 6.0: Brain. -For use with LFS book later than 6.0: Brain (awake, good working condition). +For use with LFS book 6.2: Brain. +For use with LFS book later than 6.2: Brain (awake, good working condition). HINT: -########################################################################### +########################################################################### Contents ########################################################################### @@ -46,6 +46,7 @@ HINT: 4.5 Write to Non-Install Directory 4.6 Delete or Overwrite File 4.7 /sbin/ldconfig + 4.8 What Commands to Run as a Package User 5. The more_control_helpers Archive 5.1 Overview 5.2 The Wrappers @@ -57,7 +58,7 @@ HINT: 5.8 grep_all_regular_files_for 5.9 The etc Directory 5.10 Temporary Files - + - PART 2: LFS Specifics - 6. Pre-Chroot Phase (Chapter 5) @@ -76,9 +77,9 @@ A. Security Issues A.2 Daemons B. Package Categories C. Acknowledgements and Changelog - -########################################################################### + +########################################################################### 1. Preface ########################################################################### @@ -86,8 +87,8 @@ Let's say I have written a program that you would like to use. To make it easier for you I come over to install it for you. Would you give me the root account and then leave the room ? No ? Then why do you give it to complete strangers who you have never seen in your life, to install software packages -pulled from some Internet server, that come with no warranty and don't even -list their contents in the README, although they will happily spread them all +pulled from some Internet server, that come with no warranty and don't even +list their contents in the README, although they will happily spread them all over your system ? It is a mystery why Unix admins who wouldn't even trust their employer with @@ -95,15 +96,15 @@ more than a normal user account carelessly execute complex and incomprehensible installation scripts with full root rights. Users and groups are the basic security principle in a Unix system. They have -been used successfully for a long time to monitor who has created a file and -to control who is allowed to delete or change it. But this control has only +been used successfully for a long time to monitor who has created a file and +to control who is allowed to delete or change it. But this control has only been imposed on the files of ordinary users. What a waste! I suggest to extend -this control to all system files. +this control to all system files. The general idea is to create package users, i.e. user accounts with restricted -rights, to build and install software packages, rather than doing these tasks -as root. Not only does this give you more control over what build and install -scripts may or may not do, it can also serve as a quite useful package +rights, to build and install software packages, rather than doing these tasks +as root. Not only does this give you more control over what build and install +scripts may or may not do, it can also serve as a quite useful package management system. @@ -113,32 +114,32 @@ management system. This hint is divided into 3 parts. The first part contains general information about the package user method. This part is the most important part of the -hint. Read it thoroughly. The second part explains how to apply the package -user method to the building of an LFS system. +hint. Read it thoroughly. The second part explains how to apply the package +user method to the building of an LFS system. Finally, part 3 of this hint is the Appendix with information that would not fit anywhere else or that is not of general interest. -It is inevitable that part 2 will become outdated with time as the LFS book -changes and new versions of the software packages used with LFS are released. -I make no attempt to track these changes. +It is inevitable that part 2 will become outdated with time as the LFS book +changes and new versions of the software packages used with LFS are released. +I make no attempt to track these changes. When someone reports an issue with a package I will incorporate it into the hint, but larger changes that might be required due to changes in -the LFS build methodology could take a long time to get included. The reason -for this (aside from lack of time) is that I consider part 2 as bonus material -that helps people get started but is not essential. Part 1 describes the -concepts, which are independent of package versions or the LFS book, and you -will have to rely on this information whenever part 2 fails. Don't forget -that part 2 only deals with the packages used by the LFS book. For all the -other packages you install on your system after that even an up-to-date +the LFS build methodology could take a long time to get included. The reason +for this (aside from lack of time) is that I consider part 2 as bonus material +that helps people get started but is not essential. Part 1 describes the +concepts, which are independent of package versions or the LFS book, and you +will have to rely on this information whenever part 2 fails. Don't forget +that part 2 only deals with the packages used by the LFS book. For all the +other packages you install on your system after that even an up-to-date part 2 would offer no aid anyway. The previous paragraph might sound discouraging, and as you read more from the hint it is possible that you get the impression that the package user method is complicated, causes lots of difficult problems and is overall too much trouble for anyone but a real hardcore admin with programming experience. -But you would be mistaken. +But you would be mistaken. First of all, many things experienced as installation problems when working -with the package user system are in fact desirable features. +with the package user system are in fact desirable features. If `make install' fails for some package, because it attempts to install a file with the same name as a pre-existing file from another package, you should not curse the fact that you have to spend additional time to resolve @@ -150,8 +151,8 @@ works on a per-package basis. If a package gives you too much trouble, you can always decide to chicken out and finish the installation as root. Finally, the more_control_helpers archive provided with this hint contains several useful scripts that automate many aspects of software installation -as a package user and, together with the tips given in this hint, add a lot -of value to the package user system. +as a package user and, together with the tips given in this hint, add a lot +of value to the package user system. So do not pass judgement until you have read at least the complete part 1, including the description of the more_control_helpers. @@ -166,39 +167,39 @@ including the description of the more_control_helpers. 3.1 Introduction ---------------- -The basic idea of this scheme is easily explained. Every package belongs to a +The basic idea of this scheme is easily explained. Every package belongs to a certain "package user". When you install a package, you build and install -the package as this package user, causing all files that are installed to be -owned by the package user. As a consequence all the usual package management -tasks can be comfortably achieved through the use of standard command line -utilities. A simple `ls -l ' will tell you, for instance, what package - belongs to and a `find -user ...' command allows you to perform an -operation on all the files belonging to a certain package, e.g. delete them +the package as this package user, causing all files that are installed to be +owned by the package user. As a consequence all the usual package management +tasks can be comfortably achieved through the use of standard command line +utilities. A simple `ls -l ' will tell you, for instance, what package + belongs to and a `find -user ...' command allows you to perform an +operation on all the files belonging to a certain package, e.g. delete them to uninstall the package. But package management is not all that package users are good for. Because package users do not have root-rights, the installation of a package is limited in what it can do. One thing that a package user is not allowed to do, for example, is to overwrite files from a different package user. Clashes -between different packages that want to install a binary, library or header +between different packages that want to install a binary, library or header file of the same name are more common than you might think. With package users -you never run the risk of package B's installation destroying files from +you never run the risk of package B's installation destroying files from package A silently without you noticing. Every attempt of doing this during package B's installation will cause a "Permission denied" or -"Operation not permitted" error so that you have the chance of taking +"Operation not permitted" error so that you have the chance of taking appropriate steps. -Another thing that package users are not allowed to do is install setuid root -binaries. The decision to make a binary setuid root is also something that a +Another thing that package users are not allowed to do is install setuid root +binaries. The decision to make a binary setuid root is also something that a prudent admin does not want to leave up to the creator of a software package. -Usually package user accounts have no valid password so that only root can su -to a package user, which ensures that package users do not open an additional -way into the system and undermine security. But you *may* set passwords -anyway to allow a co-admin who you want to be able to install and maintain -certain software packages to do so without having access to the actual root -account. This co-admin could for instance install, delete, change additional -libraries which might be necessary for his workgroup. He would be unable, -though, to remove or modify libraries which don't belong to him/her, such as +Usually package user accounts have no valid password so that only root can su +to a package user, which ensures that package users do not open an additional +way into the system and undermine security. But you *may* set passwords +anyway to allow a co-admin who you want to be able to install and maintain +certain software packages to do so without having access to the actual root +account. This co-admin could for instance install, delete, change additional +libraries which might be necessary for his workgroup. He would be unable, +though, to remove or modify libraries which don't belong to him/her, such as libc. @@ -206,47 +207,50 @@ libc. ------------- You don't need to drive yourself nuts trying to come up with 8 character -names for the package users. I always use the name of the package without -the version number, including dashes and possibly exceeding 8 characters in -length, e.g. "util-linux", and in the several years that I've been using this -scheme I have not encountered any problems, nor has anyone else reported +names for the package users. I always use the name of the package without +the version number, including dashes and possibly exceeding 8 characters in +length, e.g. "util-linux", and in the several years that I've been using this +scheme I have not encountered any problems, nor has anyone else reported trouble. The 8-character limit on user names seems to be a thing of the past. TIP: - You can use bash's programmable completion feature to save yourself some + You can use bash's programmable completion feature to save yourself some typing when entering commands that take a user name as an argument, such as - su, finger or pinky. The command - + su, finger or pinky. The command + complete -o default -o nospace -A user su finger pinky - + tells bash to tab-complete words as user names for the commands su, finger and pinky. With this in place you can simply type `su linux-li' and bash will complete this to `su linux-libc-headers' (assuming that you have a package user named "linux-libc-headers"). - "-o default" tells bash that if a suitable user name does not exist, the - default completion shall be attempted. + "-o default" tells bash that if a suitable user name does not exist, the + default completion shall be attempted. "-o nospace" prevents the addition of a space after the completed word. - + This is a very useful command to put into root's .bashrc and .bash_profile. - + BTW, at http://freshmeat.net/projects/bashcompletion/ you can find a project that offers sophisticated completions for many other commands. + Or switch to zsh (http://freshmeat.net/projects/zsh/). It's more powerful + and less buggy than bash. + 3.3 Groups ---------- Every package user belongs to at least 2 groups. One of these groups is the "install" group, which all package users (and only package users) belong -to. All directories that packages are allowed to install stuff in belong to -the install group. This includes directories such as /bin and /usr/bin but -excludes directories like /root or /. -The directories owned by the install group are always group-writable. -This would be enough for the package management aspects, but without further -preparation this would not give added security or control because every -package could replace the files from a different package (the change would +to. All directories that packages are allowed to install stuff in belong to +the install group. This includes directories such as /bin and /usr/bin but +excludes directories like /root or /. +The directories owned by the install group are always group-writable. +This would be enough for the package management aspects, but without further +preparation this would not give added security or control because every +package could replace the files from a different package (the change would be visible in the output from `ls -l', though). For this reason all install directories get the sticky attribute. This allows users to create new files and delete or modify their own files in @@ -257,27 +261,27 @@ sticky. IOW, to turn into an install directory you would do chgrp install && chmod g+w,o+t -Although the install group is crucial for the package user system, it is +Although the install group is crucial for the package user system, it is implemented as a supplementary group, rather than as the primary group for -package users. This has at least 2 advantages. -One advantage is that this makes it easy to get a list of all packages +package users. This has at least 2 advantages. +One advantage is that this makes it easy to get a list of all packages installed on the system with the command grep install /etc/group A more important point, however, is that the primary group is the -one that files created by the package user will belong to. So it will be -printed in the output of `ls -l' and is subject to find's "-group" test. -This makes it very useful for organizational purposes. -Following are some suggestions for how to use the primary group. +one that files created by the package user will belong to. So it will be +printed in the output of `ls -l' and is subject to find's "-group" test. +This makes it very useful for organizational purposes. +Following are some suggestions for how to use the primary group. 1. group name = user name Under this scheme the package user for the bash package would be bash:bash. `ls -l /bin/bash' would show something like this - + -rwxr-xr-x 1 bash bash 1731859 Feb 30 2005 /bin/bash - + An important advantage of this scheme is that the user information is not lost when you make a file setuid root, which requires changing the file's owner. Because of this advantage, this scheme is the one @@ -288,26 +292,26 @@ Following are some suggestions for how to use the primary group. Under this scheme, you would have certain package categories, such as games, system, net,... and bash, being a system program, would possibly - belong to the system group, so that `ls -l /bin/bash' would show something + belong to the system group, so that `ls -l /bin/bash' would show something like this - + -rwxr-xr-x 1 bash system 1731859 Jul 4 1776 /bin/bash - + This system is nice, but probably not as useful as #1 above, unless you have a real use for this categorization. For a possible categorization see Appendix B at the end of this hint. 3. group name = identifier for a real group of people - - Under this scheme, the group would correspond to a real group of people in - meatspace, e.g. the group of admins responsible for the package. + + Under this scheme, the group would correspond to a real group of people in + meatspace, e.g. the group of admins responsible for the package. If you need something like this you'll know best what it looks like and how - to implement it, so no further discussion of this method will be given here. - + to implement it, so no further discussion of this method will be given here. + 3.4 Home Directory ------------------ - + Although it is well possible not to have a valid home directory for package users or to have just one home directory shared by all package users, that would be a wasted opportunity. Having individual home directories for the @@ -315,49 +319,49 @@ package users offers a nice way to organize tarballs, patches, build scripts, notes and all the other per-package information that you accumulate with time. I suggest to use the home directory /usr/src/ for a package user -called with the contents detailed below. The more_control_helpers +called with the contents detailed below. The more_control_helpers archive contains scripts and skeleton files that implement this suggestion. - .bash_profile: - You will usually want to have the same environment for all package - users, so it is a good idea to make .bash_profile a symbolic link - to a file in a central location. The more_control_helpers example - uses /etc/pkgusr/bash_profile for this purpose. - - .bashrc: - As for .bash_profile a symlink is a good idea for .bashrc. The - more_control_helpers example uses /etc/pkgusr/bashrc as link target. - Under normal circumstances package users are not - (and even can not be) used for logging into the system, so there - is little reason to distinguish between login and non-login shells - for package users. Therefore, the example bashrc from - more_control_helpers simply sources .bash_profile. - This makes sure that the same environment will be used, regardless - of whether `su ' or `su - ' is used to become - the package user. - - .project: - The contents of this file are printed by the commands - `finger -l ' and 'pinky -l ' so .project is a - good place for putting information about a package. You should - keep the contents of the .project files for your package users - up-to-date. - + .bash_profile: + You will usually want to have the same environment for all package + users, so it is a good idea to make .bash_profile a symbolic link + to a file in a central location. The more_control_helpers example + uses /etc/pkgusr/bash_profile for this purpose. + + .bashrc: + As for .bash_profile a symlink is a good idea for .bashrc. The + more_control_helpers example uses /etc/pkgusr/bashrc as link target. + Under normal circumstances package users are not + (and even can not be) used for logging into the system, so there + is little reason to distinguish between login and non-login shells + for package users. Therefore, the example bashrc from + more_control_helpers simply sources .bash_profile. + This makes sure that the same environment will be used, regardless + of whether `su ' or `su - ' is used to become + the package user. + + .project: + The contents of this file are printed by the commands + `finger -l ' and 'pinky -l ' so .project is a + good place for putting information about a package. You should + keep the contents of the .project files for your package users + up-to-date. + source code: - The package user's home directory is the perfect place for storing - a package's source code. This includes tarballs for different - versions, CVS checkouts, unpacked source trees for building,... - + The package user's home directory is the perfect place for storing + a package's source code. This includes tarballs for different + versions, CVS checkouts, unpacked source trees for building,... + build script(s): - Package user installations require more careful examination of build - and install messages than installations done as root, because of - the package user-specific problems that can occur. Therefore it is - unwise to simply copy'n'paste installation instructions from the - LFS book. Build scripts allow you to use sophisticated output - redirection for logging purposes that is impractical for direct - entry on the command line. The build script skeleton included in - the more_control_helpers archive demonstrates this. - + Package user installations require more careful examination of build + and install messages than installations done as root, because of + the package user-specific problems that can occur. Therefore it is + unwise to simply copy'n'paste installation instructions from the + LFS book. Build scripts allow you to use sophisticated output + redirection for logging purposes that is impractical for direct + entry on the command line. The build script skeleton included in + the more_control_helpers archive demonstrates this. + ############################################################################ 4. Common Problems @@ -366,25 +370,25 @@ archive contains scripts and skeleton files that implement this suggestion. 4.1 Introduction ---------------- -Software installation is the crux of the package user system. Because -installation scripts are often written under the assumption that they will be +Software installation is the crux of the package user system. Because +installation scripts are often written under the assumption that they will be executed as root, they sometimes fail when executed by a package user. -Once this hurdle is passed and a package has been installed, there's usually no -difference to a root-installation. A few programs insist that certain +Once this hurdle is passed and a package has been installed, there's usually no +difference to a root-installation. A few programs insist that certain security-sensitive files be owned by root and will not execute otherwise, -but this is the rare exception. -This chapter presents some more or less common problems that you will +but this is the rare exception. +This chapter presents some more or less common problems that you will encounter when using package user accounts to install software, together with -guidelines on how to deal with these issues. +guidelines on how to deal with these issues. Although I've said it before I will say it again: Many of the problems you encounter during a package user installation are desirable features of the -package user system. You want installation to fail rather than have +package user system. You want installation to fail rather than have potentially dangerous actions performed behind your back with root rights. - + 4.2 General Procedure --------------------- - + When an installation fails it is almost always due to a "Permission denied" or "Operation not permitted" error while executing a command during `make install'. The first thing you have to do is identify the command that @@ -392,7 +396,7 @@ is causing the problem. Usually you will find this in the make output right before the error message. Once you have identified the culprit, you have to decide whether the action that is attempted is illegitimate, partially legitimate or completely legitimate. Illegitimate commands can simply be -removed from the Makefile. The other 2 possibilities are more difficult to +removed from the Makefile. The other 2 possibilities are more difficult to deal with. You either have to change the condition that makes the command fail or you have to change or sometimes remove the command and make a note if your change suppresses a legitimate action. @@ -407,15 +411,15 @@ Note that often Makefiles are generated during the configure step, sometimes even later in the build process. If you want to apply changes before the configure step you will usually have to edit files called "Makefile.in". - + 4.3 Permission Changes ---------------------- -Some unsophisticated build systems that don't use the mkinstalldirs script to -create installation target directories are very poorly written. Instead of -testing whether a target directory exists, they simply attempt to create +Some unsophisticated build systems that don't use the mkinstalldirs script to +create installation target directories are very poorly written. Instead of +testing whether a target directory exists, they simply attempt to create it with default permissions. This problem usually manifests as a line such -as "install -d $(prefix)/bin" in the Makefile. In the common case where +as "install -d $(prefix)/bin" in the Makefile. In the common case where prefix=/usr this would attempt to create the /usr/bin directory. If the target directory already exists, as in this case, install will attempt to change its permissions to the default permissions (or those passed on the command line). @@ -425,7 +429,7 @@ Of course a package user is not allowed to change the permissions of This is an example of a completely illegitimate command. Just remove it from the Makefile and everything's fine. - + 4.4 Ownership Changes --------------------- @@ -437,14 +441,14 @@ look like this: "install: cannot change ownership of `name': Operation not permitted" The change of ownership is hidden in the "-o root" switch to install, which tells it to make the target file owned by root. -The command is at least partially legitimate, because you probably want the -binary to be installed. Whether you actually want it to be setuid root is +The command is at least partially legitimate, because you probably want the +binary to be installed. Whether you actually want it to be setuid root is a different matter. The fact that a binary is commonly installed as setuid root doesn't mean that you should make it so. You'll have to ask yourself if normal users absolutely need to execute that binary. If you think they can live without it you're better off not making it setuid root, because every setuid root binary is a potential security hole. In any case you will -have to edit the Makefile and remove the offending switch, "-o root" in this +have to edit the Makefile and remove the offending switch, "-o root" in this case, so that the installation can succeed. Note that this will cause the binary to be installed setuid , which of course makes no sense at all. If you don't intend to make the binary setuid root after the installation, it @@ -454,18 +458,18 @@ setuid at all. TIP: When you make a binary setuid root after the installation, use `chown root /usr/bin/name' and not `chown root:root /usr/bin/name'. - This way you can keep original group of the file (i.e. the group of the + This way you can keep original group of the file (i.e. the group of the package user) intact. With the user name = group name scheme recommended for package users this makes sure that you can identify the source package of the binary even after making it setuid root. Note that as a security measure chown resets the setuid bit, so you will have to do `chmod u+s /usr/bin/name' after the chown. - + 4.5 Write to Non-Install Directory ---------------------------------- -Sometimes packages want to create files or directories in non-install +Sometimes packages want to create files or directories in non-install directories. 3 situations have to be distinguished in this case. The 1st possibility is that the target directory should be an install directory. An example of this is /usr/share/aclocal. This directory is not among the @@ -481,8 +485,8 @@ directory is that the failing command is only partially legitimate, i.e. you do want to have installed whatever it is meant to install, but you want it in a different location. For example some packages install binaries that are not meant to be called directly. The default location for these binaries is -sometimes called libexec and with prefix=/usr the package will attempt to -create /usr/libexec. In cases such as this you often don't have to change +sometimes called libexec and with prefix=/usr the package will attempt to +create /usr/libexec. In cases such as this you often don't have to change any Makefiles. There is either a configure switch to change the directory in question or it is just a matter of overriding a Makefile variable as in `make libexecdir=/usr/lib install'. @@ -494,9 +498,9 @@ commands you can edit the Makefile and just remove them. In the case of a whole directory whose installation you want to suppress it could be too much effort to remove all of the offending commands that want to install files there. In this case an approach similar to that from the previous -paragraph can be more effective. Either through configure switches or +paragraph can be more effective. Either through configure switches or overriding of variables you change the directory in question to something -like /foobar, where is the directory in which build +like /foobar, where is the directory in which build commands are run (i.e. usually the top of the unpackaged source tree). This will cause the package to create the unwanted directory inside the build tree, which doesn't cause any permission problems and has the nice @@ -515,25 +519,41 @@ When a package tries to overwrite or delete a file or directory that is owned by another package the attempt will fail. It will fail even inside install directories because of the sticky bit. Although sometimes difficult to implement, the solution to such a conflict is -easy to describe. You need to either remove (or rename) the old file or -directory before installing, or suppress the installation of the new file or +easy to describe. You need to either remove (or rename) the old file or +directory before installing, or suppress the installation of the new file or directory. The installation of individual binaries is sometimes easy to prevent. If you find a line such as "PROGRAMS=foo bar fubar barfu" in the Makefile and "foo" is the name of the conflicting binary, just try removing it from that list. That may be sufficient to prevent it from being installed. - + 4.7 /sbin/ldconfig ------------------ - + Packages that install libraries sometimes run /sbin/ldconfig as part of their -installation so that the dynamic libraries are properly registered on the +installation so that the dynamic libraries are properly registered on the system. Because a package user is not allowed to overwrite /etc/ld.so.cache ldconfig fails. This failure is commonly ignored in Makefiles, but you should take note of it anyway, because you need to run ldconfig as root after -the installation. - - +the installation. Alternatively, the more_control_helpers contain a wrapper +program that calls /sbin/ldconfig and can be made setuid root. + + + 4.8 What Commands to Run as a Package User + ------------------------------------------ + +A common problem that new users of this hint have is to decide which commands +to run as a package user and which commands to run as root. The general rule +is that the only commands to run as a package user are those for building, +installing, removing and modifying the files that belong to *that* package +user's package. Everything else should be run as root as usual. +Some things you CAN/SHOULD NOT DO as a package user include + + - starting daemons + - running udevstart + - stripping /lib/* + + ############################################################################ 5. The more_control_helpers Archive ############################################################################ @@ -543,57 +563,57 @@ the installation. The more_control_helpers archive contains files to help you with building and maintaining a system that uses the package user method. One thing that the -more_control_helpers archive contains are some LFS-specific temporary files -that are only needed for the building of your LFS system and will not remain -installed in a permanent location. Then there are the previously mentioned -example files that demonstrate the suggested use of the package user home -directories discussed earlier. Another group of files contained in the archive +more_control_helpers archive contains are some LFS-specific temporary files +that are only needed for the building of your LFS system and will not remain +installed in a permanent location. Then there are the previously mentioned +example files that demonstrate the suggested use of the package user home +directories discussed earlier. Another group of files contained in the archive is a set of scripts that help with package management aspects, such as -creating new package users and checking which files a particular package has +creating new package users and checking which files a particular package has installed. Finally the more_control_helpers archive contains wrapper scripts for some commands that handle many of the common problems discussed in the previous chapter and make package user installations a lot easier. - - + + 5.2 The Wrappers ---------------- - + The previous chapter discussed some common problems encountered during package user builds and how to solve them. The solution to an installation failure usually requires editing of one or more Makefiles. Making such changes manually is annoying, even if it happens only occasionally, and whenever you reinstall a package you have to make the changes again. Sed scripts and patches -can help with the latter problem, but they still have to be custom fitted to +can help with the latter problem, but they still have to be custom fitted to every package that needs them. There is a better solution, though. While there exist countless ways to install files, only very few are commonly used by -packages. The 5 commands mkdir, chgrp, chown, chmod and install are responsible -for many of the common problems that arise during an LFS installation. This +packages. The 5 commands mkdir, chgrp, chown, chmod and install are responsible +for most of the problems that arise during an LFS installation. This prompted me to write wrapper scripts for these 5 commands that recognize certain problematic patterns and deal with them automatically. The instructions given in this hint in the LFS-specific part will instruct you -to install these wrappers in /usr/lib/pkgusr. If you do that and make sure +to install these wrappers in /usr/lib/pkgusr. If you do that and make sure that this directory is the first entry in the PATH of every package user, then they will save you a lot of time and effort in dealing with recurring issues. Note that if you want to choose a directory other than /usr/lib/pkgusr for the wrappers, you need to be careful. Some configure scripts ignore certain locations. A subdirectory of /etc would not work, for instance, because /etc -is one of these locations. +is one of these locations. It is important that you understand the limitations of the wrapper scripts. They can fix some problems without user intervention, such as turning newly created directories in /usr/share/locale into install directories. -But other problems by their very nature require manual intervention. When a -program tries to install a setuid root binary, for instance, the wrapper -scripts will suppress the attempt to change ownership of an installed file to -root. While that allows `make install' to complete without error, it is only +But other problems by their very nature require manual intervention. When a +program tries to install a setuid root binary, for instance, the wrapper +scripts will suppress the attempt to change ownership of an installed file to +root. While that allows `make install' to complete without error, it is only a partial solution. The wrapper scripts can not (and should not) take away your responsibility for deciding whether the program in question should be setuid root and to make it so, if necessary. To account for this, the wrapper scripts will output warning lines to standard error that start with "***" whenever they encounter a situation that needs to be reviewed. Following the "***" in the message will be the original command that the -installation attempted to perform. +installation attempted to perform. You *must* check these "***" lines, examine the affected files or directories and take appropriate action. Because of this it is imperative that you log the messages output during a package installation and check these logs @@ -615,39 +635,39 @@ Example 1: "*** install -c rsh -o root -m 4775 /usr/bin/rsh" indicate an attempt to make a binary setuid or setgid, then you will have to investigate. You need to decide if you want rsh to be setuid root and if you decide you do, you need to become root and issue commands like this: - + chown root /usr/bin/rsh chmod u+s /usr/bin/rsh - + TIP: Be conservative with making binaries setuid. If you're unsure whether you - will ever use a program (as non-root), you probably don't want it to be + will ever use a program (as non-root), you probably don't want it to be setuid root. Keep in mind that you can always make the change later when - you need it. When you apply this reasoning to rsh, for instance, you'll + you need it. When you apply this reasoning to rsh, for instance, you'll probably end up not making it setuid root. -Example 2: "*** chgrp tty /usr/bin/write" +Example 2: "*** chgrp tty /usr/bin/write" This is output by the chgrp wrapper during the util-linux installation. The util-linux package wants to install the write program as setgid tty, so that it is allowed to access other users' terminals. The chgrp wrapper prevents the changing of the group and the chmod wrapper prevents the setting of the setgid bit. You need to decide if you want the program to be setgid and if you decide in favor of this, do as root - + chgrp tty /usr/bin/write chmod g+s /usr/bin/write - - + + Example 3: "*** install -d -m 755 /sbin" This is also from the util-linux installation. Util-linux, for no good reason, tries to recreate the /sbin directory. The install wrapper prevents this and you don't have to take any further action. - + 5.3 add_package_user/install_package ------------------------------------ - + Whenever you install a new package on your system, you first have to create a new user account, possibly create a new group and if you follow the advice from this hint about making productive use of a package user's home directory, @@ -656,27 +676,32 @@ it would be a lot of work. The add_package_user and install_package scripts in the more_control_helpers archive were written to automate this. The install_package script is the one you will normally use to prepare for -installing a new package. It takes 3 parameters: the description of the +installing a new package. It takes 3 parameters: the description of the package, the name of the package user account to create and the name of the -package user's primary group. So if you use the user=group scheme recommended -by this hint and are as creative with your package descriptions as I am, then +package user's primary group. So if you use the user=group scheme recommended +by this hint and are as creative with your package descriptions as I am, then the command you'll use to prepare for installing package "foo" will be install_package foo foo foo This command does 2 things. First it calls the add_package_user script with -the provided name, group and description plus sensible default values for -add_package_user's other parameters. Then, after add_package_user has created +the provided name, group and description plus sensible default values for +add_package_user's other parameters. Then, after add_package_user has created the package user account, install_package automatically uses the su-command to switch to the newly created account. If the default .bashrc and .bash_profile scripts you use for package users contain the command "cd" as do the examples in the more_control_helpers archive, you will be put right into your package user's home directory so that you can start installing right away. +TIP: + The install_package script can be called with a single argument that will + be used as user name, group name and description. So instead of the above + command a simple `install_package foo' would have sufficed. + The add_package_user script is responsible for the actual work of creating a new package user account. Given a name, a group name and a description, it will create a new user account with the provided primary group and the install -group as supplementary group. The groups will be created if necessary. +group as supplementary group. The groups will be created if necessary. add_package_user takes several arguments that determine the numeric ranges from which it will pick the new user's UID and the GIDs for groups it needs to create. add_package_user does not only create the package user account. It @@ -684,10 +709,10 @@ will set up a home directory for it, too. You can either specify the directory or go with the default, which is /usr/src/, where is the name provided for the new account. If the home directory already exists, its ownership and that of any existing contents will be changed to the new user. -If it doesn't exist, it will be created. +If it doesn't exist, it will be created. The contents of /etc/pkgusr/skel-package will be copied into the new package -user's home directory (without overwriting pre-existing files). +user's home directory (without overwriting pre-existing files). The more_control_helpers archive contains an example of a useful skel-package directory. Note that symlinks are copied as symlinks, so skel-package is the perfect place to put .bashrc and .bash_profile symlinks to a central location @@ -695,23 +720,23 @@ that will ensure that all package user accounts have the same environment. This is especially useful to make sure that all package users have the wrappers directory in their PATH. - + 5.4 forall_direntries_from -------------------------- The forall_direntries_from script is a very useful tool for common package -management tasks. It can roughly be described as a shortcut for +management tasks. It can roughly be described as a shortcut for "find / -user -or -group ", where is the first parameter to forall_direntries_from and are the remaining parameters. However, forall_direntries_from takes care of making sure that only relevant filesystems are scanned and shields you from certain unpleasant -surprises such as "Oops, I forgot that -depth negates -prune and have +surprises such as "Oops, I forgot that -depth negates -prune and have accidentally wiped out my home directory." or "Oops, I forgot to -prune /proc -and now I'm getting parity errors on my SCSI bus.". +and now I'm getting parity errors on my SCSI bus.". IMPORTANT NOTE: By default the forall_direntries_from script will only scan the / filesystem and will not traverse other filesystems. If you have -relevant directories that need to be scanned on other filesystems, you will +relevant directories that need to be scanned on other filesystems, you will need to edit the script and add the respective mount point(s) to the fs_to_scan list at the beginning of the script. The most likely candidate for addition is "/usr". @@ -719,47 +744,47 @@ addition is "/usr". Application examples: Example 1: Create a tar.gz archive of all files that belong to , e.g. - for installing on another machine without having to - recompile it there. + for installing on another machine without having to + recompile it there. forall_direntries_from -fprint0 /tmp/files.lst tar --null -P -czf /tmp/archive.tar.gz --files-from=/tmp/files.lst Example 2: Print out all setuid root binaries installed by . - (This only works if you use the user=group scheme.) - + (This only works if you use the user=group scheme.) + forall_direntries_from -perm +u+s -print -Example 3: List all binaries in /bin and /usr/bin belonging to "me" (i.e. the - package user executing the command) in alphabetical order. +Example 3: List all binaries in /bin and /usr/bin belonging to "me" (i.e. the + package user executing the command) in alphabetical order. forall_direntries_from $(whoami) -path "*/bin/*" -printf "%f\n" | sort Example 4: Uninstall . - + See following section about the uninstall_package script. - - + + 5.5 uninstall_package --------------------- The uninstall_package script is basically a forall_direntries_from application example in script form. The command `uninstall_package foo' prints out the forall_direntries_from call that you have to use to delete -all the files of package "foo" (except for those in directories that +all the files of package "foo" (except for those in directories that forall_direntries_from is instructed not to scan) together with some -explanations. So in order to delete the files from package foo, you would +explanations. So in order to delete the files from package foo, you would execute `uninstall_package foo' and then copy'n'paste the command it prints -to the command line. As a safeguard the forall_direntries_from call has an -"echo" in front of the "rm" and "rmdir" calls, so if you execute it, the files -will not actually be deleted unless you remove both instances of "echo". -It is recommended that you execute the command once with the echos and check -the output to make sure that only the files you intend to be deleted are in -the list. After you've confirmed that, you can use the shell's history to -recall the command, edit out the instances of "echo" and remove the files +to the command line. As a safeguard the forall_direntries_from call has an +"echo" in front of the "rm" and "rmdir" calls, so if you execute it, the files +will not actually be deleted unless you remove both instances of "echo". +It is recommended that you execute the command once with the echos and check +the output to make sure that only the files you intend to be deleted are in +the list. After you've confirmed that, you can use the shell's history to +recall the command, edit out the instances of "echo" and remove the files for real. @@ -768,27 +793,27 @@ for real. list_suspicious_files looks for filesystem entries that are out of the ordinary in some way and prints a categorized list of them. Things that qualify as -suspicious include setuid and setgid binaries, world-writable files, symlinks -that are possibly broken, hard links, install directories with unusual -permissions and other stuff. You should run this script after you've finished +suspicious include setuid and setgid binaries, world-writable files, symlinks +that are possibly broken, hard links, install directories with unusual +permissions and other stuff. You should run this script after you've finished your new LFS system and in regular intervals after that. Investigate the listing closely. -TIP: +TIP: When you check the list of setuid and setgid files, don't forget to look at the actual user or group ownership of the file. It's easy to forget that, especially in the setuid case, because we often equate setuid with setuid root since setuid is seldom used with other user accounts. -list_suspicious_files_from takes a user or group name or a UID/GID as an -argument and reports suspicious entries only when they are owned by the given +list_suspicious_files_from takes a user or group name or a UID/GID as an +argument and reports suspicious entries only when they are owned by the given user or group. Usually you would not call this script directly but instead -use list_package (described in the next section), whose output includes that +use list_package (described in the next section), whose output includes that from list_suspicious_files_from. IMPORTANT NOTE: By default the list_suspicious_files script will only scan the / filesystem and will not traverse other filesystems. If you have -relevant directories that need to be scanned on other filesystems, you will +relevant directories that need to be scanned on other filesystems, you will need to edit the script and add the respective mount point(s) to the fs_to_scan list at the beginning of the script. The most likely candidate for addition is "/usr". @@ -798,12 +823,12 @@ addition is "/usr". ---------------- list_package tells you everything about a package's installed files. In -general you will want to execute something like +general you will want to execute something like list_package $(whoami) >pkg.lst - + right after installing a package and you can forget about the chronically -inaccurate content listings in the (B)LFS book. +inaccurate content listings in the (B)LFS book. The following (shortened) output for util-linux speaks for itself: PS1> list_package util-linux @@ -893,10 +918,10 @@ Note: list_package works regardless of the prefix you've installed the package filesystem configured to be scanned by forall_direntries_from and list_suspicious_files). -Note: list_package only considers manpages actually owned by the package to +Note: list_package only considers manpages actually owned by the package to list. It will not consider manpages installed by another package. This means that you may see executables identified as not having a manpage - although they do have one courtesy of another package + although they do have one courtesy of another package (usually man-pages). @@ -905,43 +930,64 @@ Note: list_package only considers manpages actually owned by the package to This script is not really related to the package user system, but because of its similarity to the other scripts I've included it anyway. The sole purpose -of this script is to identify files that store references to the build +of this script is to identify files that store references to the build environment, specifically the /tools directory. Such references may point out problems, since the /tools directory is supposed to be transient. -Don't forget that results for unstripped binaries and libraries are not +Don't forget that results for unstripped binaries and libraries are not reliable, because debugging information often includes references to the build environment. These do not cause trouble (unless you're trying to debug the objects in question after deleting /tools). - + IMPORTANT NOTE: By default the grep_all_regular_files_for script will only scan the / filesystem and will not traverse other filesystems. If you have -relevant directories that need to be scanned on other filesystems, you will +relevant directories that need to be scanned on other filesystems, you will need to edit the script and add the respective mount point(s) to the fs_to_scan list at the beginning of the script. The most likely candidate for -addition is "/usr". - - +addition is "/usr". + + 5.9 The etc Directory --------------------- - + If you follow the instructions provided in the LFS-specific part of this hint, the contents of the etc directory will be installed in /etc/pkgusr. The directory contains a bashrc and bash_profile for package users that takes care of package user specific details such as putting the wrappers directory at the beginning of the PATH and calling cd, so that `su ' will put you right into the package user's home directory. Also contained in the -etc directory is a skel-package directory as used by +etc directory is a skel-package directory as used by install_package/add_package_user to populate the home directories of newly created package users. - - - 5.10 Temporary Files + + + 5.10 ldconfig.c + -------------------- + +A lot of packages contain libraries. Having to manually call /sbin/ldconfig +as root after installing these packages can become annoying. It would be +much easier if one could grant package users permission to use /sbin/ldconfig. +Making ldconfig setuid root would be a simple and effective solution, but +there are some pitfalls. First of all it is imperative that ordinary users +be prohibited from executing ldconfig with elevated privileges. Otherwise +an ordinary user can overwrite and possibly read arbitrary files on the +system. This can be prevented by making ldconfig owned by group install and +removing the o+x bit from the file mode. While this setup is no less secure +than running `make install' as root, one reason why we're using package users +is because we don't feel safe doing that. To protect against the (admittedly +very theoretical) danger of a malicious package user, the more_control_helpers +provide ldconfig.c. The only thing this program does is to call +`/sbin/ldconfig -v' with an empty environment. Because it doesn't evaluate +any user input and doesn't pass any user-provided data to ldconfig, it can +safely be made setuid root. + + + 5.11 Temporary Files -------------------- -3 files in the more_control_helpers archive are only used during the +3 files in the more_control_helpers archive are only used during the installation of the base LFS system and are not installed permanently. -The first of them is the installdirs.lst file that contains a list of -directories that should be install directories. +The first of them is the installdirs.lst file that contains a list of +directories that should be install directories. The second file is sbin/useradd, which is a very primitive shell script that adds a new entry to /etc/passwd. It allows us to add package users before we have installed shadow, which provides a real useradd. @@ -950,7 +996,7 @@ Both scripts, useradd as well as groupadd, do very little error checking and only support the syntax needed by install_package/add_package_user. So don't try anything funky with them. - + ------------------------ PART 2: LFS Specifics ------------------------------ @@ -958,34 +1004,37 @@ try anything funky with them. 6. Pre-Chroot Phase (Chapter 5) ############################################################################# -Build Chapter 5 exactly as explained by the LFS book. There is only one -little change you have to make. After running `make install' for the coreutils -package, issue the following command (still from within the coreutils -build directory): +Build Chapter 5 explained by the LFS book with the following changes: + +coreutils: + After running `make install' for the coreutils + package, issue the following command (still from within the coreutils + build directory): cp src/su /tools/bin - -This installs the su binary. Coreutils doesn't install su when working as -non-root (which we do in Chapter 5), because su needs to be setuid root for -normal operation and a non-root user cannot install setuid root binaries. -But for our purposes (i.e. su'ing from root to a package user) a non-setuid -su is enough, so we just copy coreutils' su to /tools/bin without making it -setuid root. - -When you have reached the end of Chapter 5, before you begin with Chapter 6 -you will need to install the helper scripts in the /tools directory so that -they are available once you've entered the chroot environment. Use the -following commands to install the more_control_helpers in /tools: + + This installs the su binary. Coreutils doesn't install su when working as + non-root (which we do in Chapter 5), because su needs to be setuid root for + normal operation and a non-root user cannot install setuid root binaries. + But for our purposes (i.e. su'ing from root to a package user) a non-setuid + su is enough, so we just copy coreutils' su to /tools/bin without making it + setuid root. + +more_control_helpers: + When you have reached the end of Chapter 5, before you begin with Chapter 6 + you will need to install the helper scripts in the /tools directory so that + they are available once you've entered the chroot environment. Use the + following commands to install the more_control_helpers in /tools: cd /tools && tar xjf /path/to/more_control_helpers.tar.bz2 && cd more_control_helpers && cp ./sbin/* /tools/bin - -Note that the target directory is "/tools/bin" in the cp command and -*not* "/tools/sbin", although the latter location would be more appropriate. -The reason for this is simply that the LFS instructions do not add -"/tools/sbin" to the PATH (and neither do the instructions in this hint). + + Note that the target directory is "/tools/bin" in the cp command and + *not* "/tools/sbin", although the latter location would be more appropriate. + The reason for this is simply that the LFS instructions do not add + "/tools/sbin" to the PATH (and neither do the instructions in this hint). ############################################################################# @@ -1008,15 +1057,15 @@ files in their proper locations on the new LFS system: cp /tools/more_control_helpers/sbin/* /usr/sbin && rm /usr/sbin/{useradd,groupadd} -Note that the useradd and groupadd scripts are not installed on the new LFS -system. These scripts are just temporary workarounds we will use as long as -the real useradd and groupadd are not available. Therefore they should only +Note that the useradd and groupadd scripts are not installed on the new LFS +system. These scripts are just temporary workarounds we will use as long as +the real useradd and groupadd are not available. Therefore they should only be in /tools/bin. ATTENTION! If you decide to use a different directory than /usr/lib/pkgusr for the wrappers, you have to be careful, because at least the glibc configure script ignores certain directories when looking for programs. The -list of ignored directories for glibc includes, among others, everything that +list of ignored directories for glibc includes, among others, everything that starts with "/etc", "/usr/etc" and "/sbin". Wrappers put into a directory that matches any of these patterns would be ineffective. @@ -1024,7 +1073,7 @@ Now it's time to create the install group: groupadd -g 9999 install -The GID 9999 has been chosen because the default range used by +The GID 9999 has been chosen because the default range used by add_package_user for package user GIDs starts at 10000. Choose whatever number you like. @@ -1052,7 +1101,7 @@ You will get the same error messages as for the previous command. At this point everything has been set up for creating the first package user. At the time of this writing the first package installed in the LFS -book is Linux-Libc-Headers, so this package will serve as an example for how +book is Linux-Libc-Headers, so this package will serve as an example for how things are done. The command install_package 'Linux Headers' linux-libc-headers linux-libc-headers @@ -1062,46 +1111,50 @@ If you don't want to use the user=group scheme, change the last argument to the desired group name. The description is arbitrary but needs to meet the requirements for the description field of an /etc/passwd entry. +TIP: + Remember that you can call install_package with just one argument, if you + want user name, group name and description to be the same. + The directory /usr/src/linux-libc-headers will be set up as the home directory -for the package user, automatically populated with the contents of +for the package user, automatically populated with the contents of /etc/pkgusr/skel-package. The install_package command also issues the command -`su linux-libc-headers' to assume the identity of the newly created package +`su - linux-libc-headers' to assume the identity of the newly created package user. If you're using the bashrc and bash_profile scripts from the -more_control_helpers archive, you will be put straight into the directory +more_control_helpers archive, you will be put straight into the directory /usr/src/linux-libc-headers and your prompt will look like this package linux-libc-headers:/usr/src/linux-libc-headers> - + to show you that you're working as package user linux-libc-headers and that your current working directory is /usr/src/linux-libc-headers. -Use the command - +Use the command + echo $PATH -to verify that your PATH starts with "/usr/lib/pkgusr", the directory that +to verify that your PATH starts with "/usr/lib/pkgusr", the directory that contains the wrappers, and ends with "/tools/bin". Now everything is prepared for installing the package according to the -instructions in the LFS book. Note that at the time of this writing the -LFS book tells you to execute a chown command to make sure that the headers -are owned by root. This is just because the packager has made a very common -mistake when creating the tarball for the headers: He has archived the files -with a non-root user/group assignment. When unpacking such a tarball as root, -the files end up being owned by some weird user/group combination, which may -open a security hole. When you're working as a package user this can not -happen and you don't want to chown the headers to root:root, because that +instructions in the LFS book. Note that at the time of this writing the +LFS book tells you to execute a chown command to make sure that the headers +are owned by root. This is just because the packager has made a very common +mistake when creating the tarball for the headers: He has archived the files +with a non-root user/group assignment. When unpacking such a tarball as root, +the files end up being owned by some weird user/group combination, which may +open a security hole. When you're working as a package user this can not +happen and you don't want to chown the headers to root:root, because that would defeat the whole point of installing the headers with a package user. -This is one of the small points on which you will have to deviate from the +This is one of the small points on which you will have to deviate from the standard LFS instructions when using package users. More package user related issues with the current LFS book can be found in the next section. After you've installed the headers, simply issue the command exit - + to become root again. Now would be a good time to think about useful -customizations for /etc/pkgusr/{bash_profile,bashrc} and/or +customizations for /etc/pkgusr/{bash_profile,bashrc} and/or /etc/pkgusr/skel-package, if you've not already customized them. Once you're satisfied with your setup, install the rest of the packages. The following section will help you with some problems that you will run into. @@ -1112,61 +1165,69 @@ The following section will help you with some problems that you will run into. This section has details on the package user related problems you will face when building your LFS system. You should copy the information from this -section to the INSTALL NOTES of the relevant .project files for the packages +section to the INSTALL NOTES of the relevant .project files for the packages concerned, together with any of your own notes. -NOTE: If you're building by an LFS book later than 6.0 it is recommended that +NOTE: If you're building by an LFS book later than 6.2 it is recommended that you read this complete chapter before you start building any packages. - If your LFS version is 6.0 then it's fine to read this section package + If your LFS version is 6.2 then it's fine to read this section package by package as you progress with your build. linux-libc-headers: - At the time of this writing the LFS book tells you to execute a chown - command to make sure that the headers are owned by root. This is just - because the packager has made a very common mistake when creating the - tarball for the headers: He has archived the files with a non-root - user/group assignment. When unpacking such a tarball as root, the files - end up being owned by some weird user/group combination, which may open - a security hole. When you're working as a package user this can not happen - and you don't want to chown the headers to root:root, because that would + At the time of this writing the LFS book tells you to execute a chown + command to make sure that the headers are owned by root. This is just + because the packager has made a very common mistake when creating the + tarball for the headers: He has archived the files with a non-root + user/group assignment. When unpacking such a tarball as root, the files + end up being owned by some weird user/group combination, which may open + a security hole. When you're working as a package user this can not happen + and you don't want to chown the headers to root:root, because that would defeat the whole point of installing the headers with a package user. - - There's another packaging error in the linux-libc-headers archive. - The files are stored with incorrect permissions. They are supposed to - be world-readable, but they are not. The book's instructions already - tell you how to correct this but I point it out, because this error will - resurface a little later. + + There used to be another packaging error in the linux-libc-headers. + Version 2.6.12.0 (current as of this writing) doesn't have it anymore, + but older versions used to contain files with permissions set incorrectly. + All headers are supposed to be world-readable, but they weren't. More about + this later in the glibc notes. man-pages: - If the name you use for the man-pages package user is not exactly + If the name you use for the man-pages package user is not exactly "man-pages", then you will have to change the variable "manpagesowner" right at the beginning of the wrapper script `install'. Recent versions of man-pages contain POSIX manpages that the package - tries to install in /usr/share/man/man{0,1,3}p. As /usr/share/man is + tries to install in /usr/share/man/man{0,1,3}p. There's also a manpage + that man-pages wants to install to /usr/share/man/man9. + As /usr/share/man is not an install directory and the LFS book does not have instructions to - create these directories at the time of this writing, the installation + create these directories at the time of this writing, the installation will fail and the respective man-pages will not be installed. Possible remedies: - 1. Make /usr/share/man an install directory. - Consequence: All Packages will be able to create new subdirectories - in /usr/share/man. I find this undesirable because there are packages - that create directories for manpages in foreign languages that I - don't want. YMMV. + 1. Make /usr/share/man an install directory. + Consequence: All Packages will be able to create new subdirectories + in /usr/share/man. I find this undesirable because there are packages + that create directories for manpages in foreign languages that I + don't want. YMMV. 2. Ignore the problem and live without the POSIX manpages. Unless - you are a developer (including script writer) who is interested - in writing portable programs/scripts this is a good solution. - 3. Create the directories /usr/share/man/man{0,1,3}p as root - prior to installing man-pages. You'll have to either chown them - to the man-pages package user or make them install directories. - This is my preferred solution. + you are a developer (including script writer) who is interested + in writing portable programs/scripts this is a good solution. + 3. Create the directories /usr/share/man/man{0,1,3}p and man9 as root + prior to installing man-pages. You'll have to either chown them + to the man-pages package user or make them install directories. + This is my preferred solution. glibc: - The packaging error of libc-linux-headers described earlier also affects - the glibc build. Because of the error, the headers in /tools/include + It is kind of unfortunate that the packaging error of libc-linux-headers + concerning the permissions doesn't exist in the current version. It + provided for a great learning experience. I've kept the following section + in the hint for this reason even though it doesn't apply anymore. Please + take the time to read it. + +--------------------- old stuff start ---------------------------------------- + Because of the error, the headers in /tools/include are not world-readable. Unfortunately the LFS book (as of this writing) does not correct this in Chapter 5 like it does in Chapter 6. For a standard LFS build this is no problem, because glibc is built as root and @@ -1176,98 +1237,100 @@ glibc: the respective test programs can not be compiled. The end result is the error message "/lib/cpp fails sanity check", which is completely nonsensical as we don't have a /lib/cpp. - + This is the perfect opportunity to introduce rule #1 of error diagnostics: - + NEVER TRUST DIAGNOSTIC MESSAGES ! - + There are 2 kinds of diagnostic messages: - + 1. Those that are unnecessary, because once you see which component has - failed, the source of the problem is obvious. + failed, the source of the problem is obvious. 2. Those that grossly misdiagnose the source of the problem and lead - you to draw the wrong conclusions. - + you to draw the wrong conclusions. + No, there is no other kind. Trust me ;-) In this case, /lib/cpp has nothing to do with the problem. It doesn't exist and that's fine. The message just wants to trick you into doing something stupid such as create a symlink /lib/cpp -> /tools/bin/cpp. - But that would be totally wrong. Before you jump to any premature - conclusions you should always try to get as much *low-level* information - as you can. Diagnostic messages are *high-level* information. They + But that would be totally wrong. Before you jump to any premature + conclusions you should always try to get as much *low-level* information + as you can. Diagnostic messages are *high-level* information. They represent a filtered view of the problem, which is usually of little help. Fortunately the message (the complete one, not the part quoted above) also - points at the source for the necessary low-level information. In this - case that is the file config.log (not to be confused with configure.log, - the file created by the build script included in the more_control_helpers + points at the source for the necessary low-level information. In this + case that is the file config.log (not to be confused with configure.log, + the file created by the build script included in the more_control_helpers archive). - config.log is created by all autoconf-created configures (not just that - of glibc) and it contains, among other things, the test programs used by - configure and messages output while building and running them. Whenever a - configure script fails or gives weird results, check config.log. And + config.log is created by all autoconf-created configures (not just that + of glibc) and it contains, among other things, the test programs used by + configure and messages output while building and running them. Whenever a + configure script fails or gives weird results, check config.log. And always remember rule #2 of error diagnostics - + ALWAYS START AT THE FIRST ERROR - + This seems pretty obvious, but nevertheless people commonly do the exact - opposite. It's just too tempting to start at the point of the final - failure and try to work backwards. In this case many people would open + opposite. It's just too tempting to start at the point of the final + failure and try to work backwards. In this case many people would open config.log and scroll to the point of the failed /lib/cpp sanity check. After all, that's what caused configure to abort and so that's what needs - to be fixed, right? WRONG! Someone who takes this approach just sees the - error message "/lib/cpp: No such file or directory" and is even more + to be fixed, right? WRONG! Someone who takes this approach just sees the + error message "/lib/cpp: No such file or directory" and is even more convinced that a missing /lib/cpp symlink (or program) is the problem. - + The correct way to approach such a problem is to start at the beginning of config.log, to scroll down to first error message and to check if it is an issue that needs to be fixed (error messages in config.log are not always signs for a problem). If the issue needs to be fixed, then it needs to be fixed first, because all later errors could be rooted in - this issue (even if, no, *especially* if you don't believe this is the + this issue (even if, no, *especially* if you don't believe this is the case). If we apply this advice to the problem at hand, we quickly get to the first - serious error in config.log: + serious error in config.log: "/tools/include/linux/limits.h: Permission denied" - + A quick check with ls reveals that indeed the directory with the linux headers is not world-readable, which is obviously wrong. The fix is - easy. Just make (as root) the header directories /tools/include/{linux,asm} - world-readable with commands similar to those the LFS book presents + easy. Just make (as root) the header directories /tools/include/{linux,asm} + world-readable with commands similar to those the LFS book presents in Chapter 6 for the installation of linux-libc-headers. Once this change has been made, glibc's configure succeeds. +--------------------- old stuff end ----------------------------------------- TIP: Even when configure completes successfully, you should still check the output carefully to see if there is anything odd. E.g. if you're using the wrappers, you should check that configure outputs the line - + checking for a BSD-compatible install... /usr/lib/pkgusr/install -c - + If configure detects a different install, such as /tools/bin/install, something is wrong. Maybe there's a typo in the PATH for the package user, or you've put the wrappers into a directory that is ignored by configure. - - With the wrappers the glibc build and install should work smoothly. - The wrapper script for install makes sure that the /usr/share/locale/* - directories become install directories so that other programs can install - their localized messages. One thing that the wrappers do not take care of, + + With the wrappers the glibc build and install should work smoothly. + The wrapper script for install makes sure that the /usr/share/locale/* + directories become install directories so that other programs can install + their localized messages. + One thing that the wrappers do not take care of, however, is the file /usr/share/info/dir. Because in the current LFS build - order glibc is the first package that installs info files, dir is owned by - and only writable by glibc. In order to allow other packages to install + order glibc is the first package that installs info files, dir is owned by + and only writable by glibc. In order to allow other packages to install info pages, execute the following commands as root: - + chown root:install /usr/share/info/dir && chmod ug=rw,o=r /usr/share/info/dir NOTE: glibc wants to install the program pt_chown as setuid root. If you install as a package user, the program will get installed but not given root - privileges (because of the install wrapper). + privileges (because of the install wrapper). The following info is from the glibc docs: - + One auxiliary program, `/usr/libexec/pt_chown', is installed setuid `root'. This program is invoked by the `grantpt' function; it sets the permissions on a pseudoterminal so it can be used by the calling @@ -1277,112 +1340,177 @@ NOTE: `devptsfs' or `devfs' filesystems providing pty slaves, you don't need this program; otherwise you do. The source for `pt_chown' is in `login/programs/pt_chown.c'. - + So unless you're building a system that does not use devpts (which would be quite unusual), this does not need to concern you. TIP: In case you were wondering if you should create /etc/nsswitch.conf and - /etc/ld.so.conf as root or glibc, I recommend to assign all files that + /etc/ld.so.conf as root or glibc, I recommend to assign all files that you manually create or manually edit to the root account. That way you can distinguish between those files that can be regenerated automatically and those that can not. Assigning even automatically generated files to - root once you make the first manual edit, ensures that a later + root once you make the first manual edit, ensures that a later reinstallation of a package won't silently do away with your manual tweaks. +ldconfig: + Now that glibc has installed /sbin/ldconfig you can activate the ldconfig + wrapper if you want to. Perform the following steps as root + AFTER re-adjusting the toolchain, + just before starting with binutils: + + cd /usr/lib/pkgusr + gcc -O2 -W -Wall -o ldconfig ldconfig.c + chown root:install ldconfig + chmod u=rwxs,g=rxs,o= ldconfig + + These instructions make the ldconfig wrapper setuid root and setgid install + and prevent non-root users not in the install group from executing it. + The setuid root is required so that it can replace /etc/ld.so.cache. + The setgid install is not strictly required, but without it + /etc/ld.so.cache will end up with the group of the last package user that + touched it. If you use the user name=group name scheme this will cause the + more_control_helpers scripts to believe that /etc/ld.so.cache belongs to + the package in question which can be confusing. binutils: - The installation of binutils should complete without problems. + Have you make /usr/share/info/dir group-writable as explained above in + the glibc notes? If you've missed that part, go back and do it now. + The installation of binutils should complete without problems. It does however cause minor conflicts with autoconf (see later). - - + +NOTE: + At the time of this writing the version of bash used in the LFS book has + a bug that causes the list_package script to spit out errors and to list + all manpages of binutils (and other packages) as Broken. This bug is + already fixed by the bash patch used by the book but the patch is not + applied in chapter 5. Since the manpage summary functionality of + list_package requires man which is not installed until after bash is + rebuilt, this doesn't really matter, because while patching the + chapter 5 bash would get rid of the error messages, it wouldn't result + in usable manpage summaries. + + gcc: - Because the /usr/lib/libgcc_s.so.1 symlink created at the beginning of - Chapter 6 is owned by root, gcc's installation cannot remove it. + Because the /usr/lib/libgcc_s.so* symlinks created at the beginning of + Chapter 6 is owned by root, gcc's installation cannot remove it. So you will have to remove it as root before `make install'. - - + Alternatively use + + chown -h gcc: /usr/lib/libgcc* + + to change ownership of the files in question after creating the gcc + package user. Note the -h option which has to be used to change + ownership of the symlinks themselves rather than their target files. + +db: + It should be obvious that you don't want to change the ownership of the + installed files. + + coreutils: Because the /bin/cat, /bin/pwd and /bin/stty symlinks are owned by root, - coreutils' installation cannot remove them. So you will have to remove - them manually before `make install'. + coreutils' installation cannot remove them. So you will have to remove + them manually before `make install'. Alternatively use the command + + chown -h coreutils: /bin/{cat,pwd,stty} + + after creating the coreutils package user. Note the -h switch that makes + chown change the ownership of the symlinks themselves rather than their + target files. + + The chapter 6 instructions move the coreutils binaries to /bin, including + the mv binary itself. You need to make sure that hashing is turned off + for this to work. The LFS book does this by putting `set +h' into the + LFS user's .bashrc. If you're following this hint, you're likely using + build scripts, so you need to put this command into the build script + before the mv commands. NOTE: The man-pages package has already installed manpages for the binaries from coreutils. The install wrapper will prevent coreutils from overwriting - those. This is done because the manpages from the man-pages package are - of superior quality. It also prevents errors during `make install' that - would otherwise occur because the coreutils package user cannot overwrite + those. This is done because the manpages from the man-pages package are + of superior quality (although not necessarily uptodate). + It also prevents errors during `make install' that + would otherwise occur because the coreutils package user cannot overwrite manpages owned by another user. - If you don't like the above behaviour and would rather have the original - package manpages (despite them being inferior), you can set the variable + If you don't like the above behaviour and would rather have the original + package manpages (because they are uptodate), you can set the variable manpagesowner at the beginning of the install wrapper to a string that doesn't correspond to a package user name (it must not be empty, though!). - If you do this, you will have to resolve manpage conflicts in another way. - The easiest way to handle this is probably to not install the man-pages + If you do this, you will have to resolve manpage conflicts in another way. + The easiest way to handle this is probably to not install the man-pages package at the beginning of Chapter 6 but at the end, after all the other - packages have already installed their manpages. Then you need only deal + packages have already installed their manpages. Then you need only deal with the conflicts once, when installing man-pages. ncurses: - The installation of ncurses (like that of other packages that include - libraries) wants to run /sbin/ldconfig to update /etc/ld.so.cache. - This fails because the package user doesn't have permission to replace + The installation of ncurses (like that of other packages that include + libraries) wants to run /sbin/ldconfig to update /etc/ld.so.cache. + This fails because the package user doesn't have permission to replace /etc/ld.so.cache. - Making /etc/ld.so.cache group-writable by the install group doesn't help, + Making /etc/ld.so.cache group-writable by the install group doesn't help, because the permissions would be reset on the next call to /sbin/ldconfig. This error will usually not abort the installation and you can just run /sbin/ldconfig manually as root afterwards. + Alternatively you can use the ldconfig wrapper as described earlier. -gettext: - The gettext installation creates the directory /usr/share/aclocal, which - contains macros for autoconf. Other packages want to install - files into this directory, so you should make it writable by the install - group and sticky. You don't need to do this now. You can wait till you - install a package that wants to write to aclocal. - - -inetutils: - This package contains some programs that it wants to be setuid root: - rsh, rcp, rlogin and ping - The install wrapper prevents these programs from being installed - setuid root. You must decide which of these programs you want to be - setuid root and manually make them so. Be conservative. Don't make a - binary setuid root unless you *know* that ordinary users can't live - without it. Every setuid root binary is a potential security hole. - - -iproute2: - This package tries to change the permissions of /usr/sbin. The install - wrapper takes care of this. +aclocal directory: + At the time of this writing the directory /usr/share/aclocal is + created during the bison installation. This directory contains + macros for autoconf. Other packages want to install + files into this directory, so you should make it writable by the install + group and sticky. perl: - Before you do `make install', you will have to - `chown perl /usr/bin/perl' so that the perl package user is allowed to + Before you do `make install', you will have to + `chown -h perl: /usr/bin/perl' so that the perl package user is allowed to remove the /usr/bin/perl symlink. - + If you will install add-on packages for perl as their own package users - into /usr/lib/perl5/site_perl, then you will need to turn - /usr/lib/perl5/site_perl/ and its subdirectories into + into /usr/lib/perl5/site_perl, then you will need to turn + /usr/lib/perl5/site_perl/ and its subdirectories into install directories. You don't need to do this now as you'll notice it - anyway when installing a perl add-on fails. + anyway when installing a perl add-on fails. autoconf: The autoconf package wants to install its own copy of standards.info, - which fails because binutils has already installed this file. You can - either ignore the error or remove the binutils version of standards.info + which fails because binutils has already installed this file. You can + either ignore the error or remove the binutils version of standards.info before `make install'. bash: - Before you can `make install' you need to `chown bash /bin/bash' so - that the bash installation can replace the /bin/bash symlink. - When running the test suite as a package user, the test "run-test" will - fail with the following output: + configure: + The bash configure script tests for the presence of the special devices + /dev/std* and /dev/fd/*. Unfortunately at the time of this writing the + test for /dev/fd/* is buggy (the test for /dev/stdin used to be broke, too + in bash-2.x, but has been fixed since). It ends up testing read access to + standard input, + which is the (pseudo)terminal you're building your system in. + Unfortunately su doesn't change ownership of the terminal device, so when + you're su'd to a package user account, the terminal still belongs to the + login user. As the package user doesn't have read access to the device, + the tests fail. + + There is a simple way to get around this. Simply run ./configure like this + + ./configure .... ' !) to refer to /dev/null. Unlike the terminal device, /dev/null is + world-readable and world-writable, so the tests succeed as they should. + If you don't like this trick, you can also chown the terminal device in + question (see `ls -la /dev/fd/0') to the package user before building + bash. + + make check: + When running the test suite as a package user, the test "run-test" will + fail with the output like this: 33d32 < *** chmod g+s /tmp/test.setgid @@ -1404,148 +1532,116 @@ bash: < 1 --- > 0 - + The first 2 failures are caused by the chmod wrapper which prevents the test from setting the setuid and setgid bits and outputs the *** warning. - The failures are harmless and will not occur if you remove the wrappers + The failures are harmless. You can get rid of them by removing the wrappers directory from the PATH before running the tests. - - The last 2 failures are not specific to package users but will occur - whenever the user running the test is not the user who owns the terminal - as is usually the case when you use the `su' command. - Simply ignore these failures. They are harmless. If you insist on getting - the tests to succeed, you will have to use chown as root to - assign ownership of the tty in which you will run the tests to the - user running the tests. To find out the proper terminal, use the command - `ls -la /proc/self/fd/1' in the terminal where you will run the tests. - It will output something like - lrwx------ 1 bash bash 64 Sep 12 21:29 /proc/self/fd/1 -> /dev/pts/2 - In this example the tty to be chowned would be /dev/pts/2. - - -libtool: - The libtool installation wants to add files to /usr/share/aclocal, so - if you have not made it an install directory, yet, you will have to do it - now (i.e. make the directory group install, group-writable, sticky). - - + + The last 2 failures are not specific to package users but will occur + whenever you run the tests su'd to another user. The reasons are the same + as for the configure problem described earlier. The same solutions apply. + Either use chown (if you chowned before configure you're already + done, of course) or run make check like this + + make check tags to the synopsis for the sake of the hints - index - -added group mmedia to the list of suggested groups - -submitted v0.8 - -2002-03-16 - -added note, that on Linux make doesn't need to be setgid kmem - -2002-02-18 - -added section "Security issues with NFS" - -submitted v0.7 - -2002-01-30 -added Changelog - -moved "chown 0.10000 `cat /tmp/installdirs`" command up (before - glibc package user is created) - -add_package_user: create home directory with "mkdir -p" - use $grpfile everywhere instead of /etc/group - -improved mammoth sentence in Introduction - -added note about possibility to have user name==group name - -source bashrc_basic in bashrc_package - -minor textual changes - - +2007-10-20 Matthias Benkmann + -relicensed under CC-BY-SA (previously CC-BY-ND). + -added name tags to changelog entries in preparation for having the + hint continued by different authors. + -added workaround to list_package for bug in man-db that causes + some manpages to show up as "Weird manpage" in the summary. + -chmod wrapper now prevents shadow from installing files setuid + shadow. + -added a wrapper to solve ldconfig issue. + -install_package now works when called with just a single argument. + That argument is used for user name, group name and description. + -bash_profile of more_control_helpers now has /sbin and /usr/sbin + in the PATH to match the PATH used by root when building. + -install_package does su - now (i.e. start a login shell). + -build script now handles unpacking of tarballs and allows calling + the different stages individually. + -useradd uses the -s provided shell and no longer hardwires bash. + -chapter 6 bash notes now properly address the configure and + make check issues. + +2007-03-21 Matthias Benkmann + -changed forall_direntries_from to avoid warning message from find + when -depth is used. + -added 4.8 What Commands to Run as a Package User + +2005-12-22 Matthias Benkmann + -added advice on how to cope with the moving mv problem to + coreutils note. + +2005-11-13 Matthias Benkmann + -fixed list_suspicious_files and list_package to work with + recent more POSIX-conforming versions of GNU find + -released version 1.2 + +2005-01-01 Matthias Benkmann + -fixed bug in skel-package/build script that caused it to report + all steps as successful, even if they failed + -released version 1.1 + +2004-11-01 Matthias Benkmann + -capitalized title + -released version 1.0 + +2004-10-14 Matthias Benkmann + -started developing the more_control_helpers utilities + +2004-08-14 Matthias Benkmann + -started major rewrite (update for new LFS version, new hint + format, textual improvements,...) + +2002-04-20 Matthias Benkmann + -changed LFS VERSION header to be more conservative + -added
tags to the synopsis for the sake of the hints + index + -added group mmedia to the list of suggested groups + -submitted v0.8 + +2002-03-16 Matthias Benkmann + -added note, that on Linux make doesn't need to be setgid kmem + +2002-02-18 Matthias Benkmann + -added section "Security issues with NFS" + -submitted v0.7 + +2002-01-30 Matthias Benkmann + -added Changelog + -moved "chown 0.10000 `cat /tmp/installdirs`" command up (before + glibc package user is created) + -add_package_user: create home directory with "mkdir -p" + use $grpfile everywhere instead of /etc/group + -improved mammoth sentence in Introduction + -added note about possibility to have user name==group name + -source bashrc_basic in bashrc_package + -minor textual changes diff --git a/README b/README index c4b323f..80a344a 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ -*- mode:text; eval:(footnote-balloons) -*- -Time-stamp: +Time-stamp: Introduction: ============ @@ -7,7 +7,7 @@ Introduction: Here are the tools I use for package management on bastard. It is based _very_ heavily on the LFS hint: - "More control and package management using package users (v1.2)" + "More control and package management using package users (v1.4)" Which I have included in this repo (see LFS-pkgusr-hint.txt) and is considered essential reading. @@ -24,8 +24,16 @@ original LFS hint are: o Better build script and .project templates + As of v1.4 of the hint, Matt uses a central build script + and each pkgusr has a "build.conf"... an interesting idea + and I may switch to that method one day, but for now I use + a build script for each pkgusr. + o Better uninstall script. + o Most of the "wrapper" scripts have been updated or + rewritten. + o Includes a `which' script. o Includes a `/bin/mail' script. @@ -34,41 +42,62 @@ original LFS hint are: Pat Volkerding and Slackware. Thanks, Pat!) o A more complete list of "install" directories. + Everyone's needs and tastes are different so not everything + I have in my list of install directories you'll want. Edit + it to suit you. o Includes an elisp library that implements much of the - convenience shell functions.[2] + convenience shell functions. [2] + + o Allow pkgusr to run ldconfig as root safely via a wrapper + script and sudo. -You should understand that not everything here can be used straight -away. The /bin/mail script, for example, needs Zsh, and Sendmail -installed (could probably be rewritten to use bash with very little -effort); if you want to set yourself up as a "master installer", -OpenSSL and OpenSSH are needed; and pkgusr.el needs SXEmacs (or -XEmacs/Emacs) obviously. + Matt uses a setuid C wrapper that calls execve(2) to do + this. Which, IMO, is not the right way to go. + + +You should understand that not everything here can be used straight away. +The /bin/mail script, for example, needs Zsh, and Sendmail installed +(could probably be rewritten to use bash with very little effort); the +ldconfig wrapper needs sudo; if you want to set yourself up as a "master +installer", OpenSSL and OpenSSH are needed; and pkgusr.el needs SXEmacs +(or XEmacs/Emacs) obviously. Pre-Installation: ================ -The current version of the LFS book (Version SVN-20100919) is a little -screwed up in one or two places, so BEFORE you move onto the chroot -part of the deal you need to do a couple extra things: 1. Install bison, flex, nano, and less (in that order) into your /tools dir. Bison, and flex are needed to build binutils in the chroot. And nano and less make life for the package user so much easier. + As of LFS SVN-20140303, they still do not install bison and + flex in chapter 5. I think it might be because they install + the binutils from gnu (eww), whereas I install the _proper_ + optimised for Linux binutils from kernel.org which requires + bison/flex. It is also odd that in chapter 6 when they do + install these 2 packages, they do them in the wrong order + (bison should be done before flex). + 2. At the point in the book where it has you mount the devpts filesystem, it neglects to mention that you have to specify a mode and gid: mount -vt devpts devpts ${LFS}/dev/pts -o gid=5,mode=620 - 3. When creating the initial /etc/group file, I don't use the LFS + Update: I think LFS has this now, but check anyway. + + 3. Install sudo into your /tools dir. Sudo is used to let pkgusrs + run ldconfig as root, thereby bypassing the annoyance of getting + errors about /etc/ld.so.cache not being able to be updated. + + I don't have a LFS build chain anymore so I am not 100% certain + if this is possible, but I cannot think of any reasons why it + shouldn't be. Let me know if you have an issue with this step. + + 4. When creating the initial /etc/group file, I don't use the LFS book suggestions. I have my own set groups that I've been using since 1995, and old habits are so hard to break. :-) - IMPORTANT: Please note that my tty group has GID 5 and that - group in the LFS book has GID 4... make sure you use the right - gid= option when mounting your devpts. - Anyhoo, here's my initial group file... cat>/etc/group<' or 'su - ' to become the package user. +# Use the same environment regardless of whether we use +# `su ' or 'su - ' to become the package user. source ~/.bash_profile diff --git a/etc/pkgusr/handy_funcs b/etc/pkgusr/handy_funcs index 952c4b3..7f90d79 100644 --- a/etc/pkgusr/handy_funcs +++ b/etc/pkgusr/handy_funcs @@ -1,231 +1,242 @@ # -*- shell-script -*- -# Copyright (C) 2007 - 2013 Steve Youngs +# Copyright (C) 2007 - 2014 Steve Youngs -# What lies here is a collection of handy bash shell functions that -# make life a little easier for pkgusr. +# What lies here is a collection of handy bash shell functions and +# aliases that make life a little easier for pkgusr. -## The build logs -alogs() +less-or-cat() { - ls -l ${HOME}/*.{err,log} -} - -lerr() -{ - ls -l ${HOME}/*.err -} - -llog() -{ - ls -l ${HOME}/*.log + local arg=$1 + local al=$(wc -l<${arg}) + local sl=$(($LINES-2)) + + if [ $al -le $sl ]; then + cat ${arg} + else + less ${arg} + fi } verr() { - local arg=$1 - - if [ -z "$arg" ]; then - arg=all - fi - - case $arg in - conf) less ${HOME}/configure.err ;; - install) less ${HOME}/install.err ;; - check) less ${HOME}/check.err ;; - make) less ${HOME}/make.err ;; - upd) less ${HOME}/upd.err ;; - ver) less ${HOME}/verupd.err ;; - all) less ${HOME}/*.err ;; - esac + local arg=$1 + if [ -z "$arg" ]; then + arg=all + fi + case $arg in + (conf) less-or-cat ${HOME}/configure.err ;; + (install) less-or-cat ${HOME}/install.err ;; + (check) less-or-cat ${HOME}/check.err ;; + (make) less-or-cat ${HOME}/make.err ;; + (upd) less-or-cat ${HOME}/upd.err ;; + (ver) less-or-cat ${HOME}/verupd.err ;; + (all) less ${HOME}/*.err ;; + esac } vlog() { - local arg=$1 - - if [ -z "$arg" ]; then - arg=all - fi - - case $arg in - conf) less ${HOME}/configure.log ;; - install) less ${HOME}/install.log ;; - check) less ${HOME}/check.log ;; - make) less ${HOME}/make.log ;; - upd) less ${HOME}/upd.log ;; - ver) less ${HOME}/verupd.log ;; - all) less ${HOME}/*.log ;; - esac + local arg=$1 + if [ -z "$arg" ]; then + arg=all + fi + case $arg in + (conf) less-or-cat ${HOME}/configure.log ;; + (install) less-or-cat ${HOME}/install.log ;; + (check) less-or-cat ${HOME}/check.log ;; + (make) less-or-cat ${HOME}/make.log ;; + (upd) less-or-cat ${HOME}/upd.log ;; + (ver) less-or-cat ${HOME}/verupd.log ;; + (all) less ${HOME}/*.log ;; + esac } verrlog() { - local arg=$1 - - if [ -z "$arg" ]; then - arg=all - fi - - case $arg in - conf) less ${HOME}/configure.{err,log} ;; - install) less ${HOME}/install.{err,log} ;; - check) less ${HOME}/check.{err,log} ;; - make) less ${HOME}/make.{err,log} ;; - upd) less ${HOME}/upd.{err,log} ;; - ver) less ${HOME}/verupd.{err,log} ;; - all) less ${HOME}/*.{err,log} ;; - esac + local arg=$1 + if [ -z "$arg" ]; then + arg=all + fi + case $arg in + (conf) less ${HOME}/configure.{err,log} ;; + (install) less ${HOME}/install.{err,log} ;; + (check) less ${HOME}/check.{err,log} ;; + (make) less ${HOME}/make.{err,log} ;; + (upd) less ${HOME}/upd.{err,log} ;; + (ver) less ${HOME}/verupd.{err,log} ;; + (all) less ${HOME}/*.{err,log} ;; + esac +} + +instg() +{ + local arg=$1 + if [ -z "$arg" ]; then + arg=err + fi + grep --color '^\*\*\*' ${HOME}/install.${arg} } dlog() { for log in configure make check install upd verupd; do - [[ -f ${HOME}/${log}.err ]] && rm -v ${HOME}/${log}.err - [[ -f ${HOME}/${log}.log ]] && rm -v ${HOME}/${log}.log + [[ -f ${HOME}/${log}.err ]] && rm -v ${HOME}/${log}.err + [[ -f ${HOME}/${log}.log ]] && rm -v ${HOME}/${log}.log done } updver() { - local arg=${1} - sed -i "s|\(Version: \).*$|\1${arg}|" ${HOME}/.project - echo -n "Version updated... " - grep --colour Version:.*$ ${HOME}/.project + local arg=${1} + sed -i "s|\(Version: \).*$|\1${arg}|" ${HOME}/.project + echo -n "Version updated... " + grep --colour Version:.*$ ${HOME}/.project } showinst() { - local top=$(grep -n "^Install Notes:$" ${HOME}/.project|cut -d: -f1) - local bot=$(grep -n "^General Notes:$" ${HOME}/.project|cut -d: -f1) - - sed -n ${top},${bot}p ${HOME}/.project + local top=$(grep -n "^Install Notes:$" ${HOME}/.project|cut -d: -f1) + local bot=$(grep -n "^General Notes:$" ${HOME}/.project|cut -d: -f1) + sed -n ${top},${bot}p ${HOME}/.project } showgen() { - local top=$(grep -n "^General Notes:$" ${HOME}/.project|cut -d: -f1) - local bot=$(grep -n "^CONTENTS:$" ${HOME}/.project|cut -d: -f1) - - sed -n ${top},${bot}p ${HOME}/.project -} - -deps() -{ - grep --colour 'Deps: ' ${HOME}/.project -} - -listp() -{ - pinky -l $(whoami)|less -} - -srepo() -{ - grep --colour Repo_Location:.*$ ${HOME}/.project -} - -rawrepo() -{ - srepo|awk '{print $2;}'|tr -d '<>' -} - -trepo() -{ - grep --colour Repo_Type:.*$ ${HOME}/.project -} - -web() -{ - grep --colour Web_Site:.*$ ${HOME}/.project -} - -rawweb() -{ - web|awk '{print $2;}'|tr -d '<>' + local top=$(grep -n "^General Notes:$" ${HOME}/.project|cut -d: -f1) + local bot=$(grep -n "^CONTENTS:$" ${HOME}/.project|cut -d: -f1) + sed -n ${top},${bot}p ${HOME}/.project } xtar() { - local opts - local type - local fname=$1 - - if [ -z "${fname}" ]; then - echo No filename specified >&2 - return 1 - fi - - type=$(file ${fname}|cut -d' ' -f2) - - case $type in - tar) opts=xf ;; - gzip) opts=zxf ;; - bzip2) opts=jxf ;; - xz|XZ) opts=Jxf ;; - *) - # try lzma - if lzmainfo ${fname} &>/dev/null; then - opts="--lzma -xf" - else - printf "Unknown file type: %s\n" $type >&2 - return 2 - fi - ;; - esac - - tar ${opts} ${fname} + local opts + local type + local fname=$1 + + if [ -z "${fname}" ]; then + echo No filename specified >&2 + return 1 + fi + + type=$(file ${fname}|cut -d' ' -f2) + + case $type in + (tar) opts=xf ;; + (gzip) opts=zxf ;; + (bzip2) opts=jxf ;; + (xz|XZ) opts=Jxf ;; + (*) + # try lzma + if lzmainfo ${fname} &>/dev/null; then + opts="--lzma -xf" + else + printf "Unknown file type: %s\n" $type >&2 + return 2 + fi + ;; + esac + + tar ${opts} ${fname} } vtar() { - local opts - local type - local fname=$1 - - if [ -z "${fname}" ]; then - echo No filename specified >&2 - return 1 - fi - - type=$(file ${fname}|cut -d' ' -f2) - - case $type in - tar) opts=tvvvf ;; - gzip) opts=ztvvvf ;; - bzip2) opts=jtvvvf ;; - xz|XZ) opts=Jtvvvf ;; - *) - # lzma. Here because lzmainfo is too stupid - if lzmainfo ${fname} &>/dev/null; then - opts="--lzma -tvvvf" - else - printf "Unknown file type: %s\n" $type >&2 - return 2 - fi - ;; - esac - - tar ${opts} ${fname}|less + local opts + local type + local fname=$1 + + if [ -z "${fname}" ]; then + echo No filename specified >&2 + return 1 + fi + + type=$(file ${fname}|cut -d' ' -f2) + + case $type in + (tar) opts=tvvvf ;; + (gzip) opts=ztvvvf ;; + (bzip2) opts=jtvvvf ;; + (xz|XZ) opts=Jtvvvf ;; + (*) + # lzma. Here because lzmainfo is too stupid + if lzmainfo ${fname} &>/dev/null; then + opts="--lzma -tvvvf" + else + printf "Unknown file type: %s\n" $type >&2 + return 2 + fi + ;; + esac + + tar ${opts} ${fname}|less } -ebld() +## Check if there is a newer build script, maybe update. +# NOTE: Updating needs SXEmacs. It'll work in XEmacs and Emacs too, +# but you'll need to change build-update() accordingly. +build-update() { - nano -w ${HOME}/build + if [ -x $(type -p sxemacs) ]; then + sxemacs -l /etc/pkgusr/bld-update.el + else + echo *** Sorry, you do not have SXEmacs installed. + echo *** Copying the new build script to ~/build-$(date +%Y%m%d) + cp -v /etc/pkgusr/skel-package/build \ + ${HOME}/build-$(date +%Y%m%d) + fi } -epro() +checkupdates() { - nano -w ${HOME}/.project + local sysb=/etc/pkgusr/skel-package/build + local pkgb=${HOME}/build + local sysbv=$(${sysb} -V|awk '/build:/ {print $2;}') + local pkgbv=$(${pkgb} -V|awk '/build:/ {print $2;}') + + if [ ${sysb} -nt ${pkgb} ]; then + echo '*****************************************' + echo '* *' + echo '* B u i l d S c r i p t U p d a t e *' + echo '* A v a i l a b l e *' + echo '* *' + echo '*****************************************' + echo ' Your version:' ${pkgbv} + echo ' Available Version:' ${sysbv} + echo + echo 'For a SXEmacs based interactive update, run: "build-update"' + echo 'To turn this notice off, set $CHECKUPDATES to: "0"' + echo + echo -n 'Press [RETURN] to continue...' + read junk + fi } -ebp() -{ - nano -w ${HOME}/{build,.project} -} +## Aliases +# Repos/Websites +alias srepo='grep --colour Repo_Location:.*$ ${HOME}/.project' +alias rawrepo='srepo|cut -d" " -f2|tr -d "<>"' +alias trepo='grep --colour Repo_Type:.*$ ${HOME}/.project' +alias web='grep --colour Web_Site:.*$ ${HOME}/.project' +alias rawweb='web|tr -s " "|cut -d" " -f3|tr -d "<>"' +# Logs +alias alogs='ls -l ${HOME}/*.{err,log}' +alias lerr='ls -l ${HOME}/*.err' +alias llog='ls -l ${HOME}/*.log' +# Util +alias ebld='nano -w ${HOME}/build' +alias epro='nano -w ${HOME}/.project' +alias ebp='nano -w ${HOME}/{build,.project}' +alias deps='grep --colour "Deps: " ${HOME}/.project' +alias ipkg=showinst +alias gpkg=showgen +alias listp='pinky -l $(whoami)|less' +alias lc=less-or-cat H-pkg() { - cat< # -# This build script is meant to be executed from within the source -# directory created by extracting the tarball. +# This build script is meant to be executed from within the build +# directory, regardless of whether that is outside the source tree or +# not. # # It will create up to 12 log files in the $HOME directory: # @@ -16,13 +17,9 @@ # install.log: All messages output during make install # install.err: Just the errors output during make install # upd.log: Any messages from updating the package list -# (usually nothing) # upd.err: Just the errors from updating the package list -# (usually nothing) # verupd.log: Any messages from updating the package version -# (usually nothing) # verupd.err: Just the errors from updating the package version -# (usually nothing) # # After running the script you should check the *.err files to see # if any problems have occurred. If that is the case, use the corresponding @@ -38,8 +35,8 @@ ## Version info. ourname=${0##*/} -VERSION=1.3 -COPYRIGHT="Copyright (C) 2007 - 2013 Steve Youngs " +VERSION=1.5 +COPYRIGHT="Copyright (C) 2007 - 2014 Steve Youngs " version_str="${ourname}: ${VERSION}\n${COPYRIGHT}" show_version() @@ -49,16 +46,17 @@ show_version() } #* -# Set this to 1 (one) if the package's version can be updated -# automatically +# Set $auto_version to 1 (one) if the package's version can be updated +# automatically. Set $SRCTREE if building outside the source tree. auto_version=0 +SRCTREE='.' #* # Set the configure commands/options here. Remove everything except # the braces and colon if the package has no configure. configure_commands() { : - ./configure --prefix=/usr \ + ${SRCTREE}/configure --prefix=/usr \ --infodir=/usr/share/info \ --mandir=/usr/share/man \ --sysconfdir=/etc \ @@ -116,12 +114,7 @@ test_pipe() update_commands() { : - sed -i s/"\(Last_Updated: \).*$"/"\1$(date +%c)"/g ${HOME}/.project - sed -i s/"\(Deps: \).*$"/"\1$(forall_direntries_from $(whoami) -executable -exec ldd {} 2>/dev/null \;|grep '=>' 2>/dev/null|awk '{print $3;}'|xargs stat --format \"%U:%G\"|sort|uniq|xargs echo -n)"/ ${HOME}/.project - awk '/^CONTENTS:/ { print; exit; } {print}' ${HOME}/.project > ${HOME}/.projtmp - echo "--------" >> ${HOME}/.projtmp - list_package $(whoami) >> ${HOME}/.projtmp - mv ${HOME}/.projtmp ${HOME}/.project + update-pkg-project $(whoami) } run_configure() diff --git a/etc/pkgusr/zsh/zsh-pkgtools b/etc/pkgusr/zsh/zsh-pkgtools index 2d39901..f66d553 100644 --- a/etc/pkgusr/zsh/zsh-pkgtools +++ b/etc/pkgusr/zsh/zsh-pkgtools @@ -179,7 +179,7 @@ pkgwant() fi for p in $(lpkg); do - dpkg ${p} | grep -q $argv[1] && print ${p} + dpkg ${p} | grep -wq $argv[1] && print ${p} done } diff --git a/etc/sudoers.d/99-pkgusr b/etc/sudoers.d/99-pkgusr new file mode 100644 index 0000000..2789e32 --- /dev/null +++ b/etc/sudoers.d/99-pkgusr @@ -0,0 +1,12 @@ +#### +# +# To allow pkgusr users to run ldconfig as root. +# +#### + +Cmnd_Alias LDCONFIG = /sbin/ldconfig * +User_Alias PKGUSRS = %install +Defaults:PKGUSRS !lecture, !authenticate + +PKGUSRS ALL = LDCONFIG + diff --git a/installdir.lst b/installdir.lst index a8328df..5b10f1c 100644 --- a/installdir.lst +++ b/installdir.lst @@ -1,306 +1,468 @@ /bin -/boot -/etc -/etc/X11 -/etc/avahi/services -/etc/dbus-1/system.d -/etc/foomatic -/etc/gconf/schemas -/etc/gnome/gconf/gconf.xml.defaults -/etc/init.d -/etc/opt -/etc/profile.d -/etc/sgml -/etc/udev -/etc/udev/rules.d +/sbin /lib +/lib/udev +/lib/udev/rules.d +/lib/kbd/consolefonts +/lib/kbd/consoletrans /lib/firmware +/lib/systemd/system +/lib/systemd/system/multi-user.target.wants +/lib/systemd/system/sockets.target.wants +/var/spool +/var/log +/var/www +/var/cache +/var/lib /opt -/sbin +/opt/qt/plugins +/opt/qt/plugins/designer +/opt/qt/plugins/sqldrivers +/opt/qt/imports +/opt/qt/mkspecs/features +/opt/google +/opt/kde/share/apps/solid/actions /usr/X11R6 -/usr/X11R6/bin -/usr/X11R6/include -/usr/X11R6/include/GL -/usr/X11R6/include/GL/internal -/usr/X11R6/include/X11 /usr/X11R6/lib -/usr/X11R6/lib/X11/fonts -/usr/X11R6/lib/pkgconfig /usr/X11R6/lib/xorg /usr/X11R6/lib/xorg/modules +/usr/X11R6/lib/xorg/modules/drivers +/usr/X11R6/lib/X11 +/usr/X11R6/lib/X11/app-defaults +/usr/X11R6/lib/pkgconfig +/usr/X11R6/include +/usr/X11R6/include/X11 +/usr/X11R6/include/GL +/usr/X11R6/include/GL/internal /usr/X11R6/share -/usr/X11R6/share/X11/app-defaults -/usr/X11R6/share/doc /usr/X11R6/share/man +/usr/X11R6/share/man/man8 +/usr/X11R6/share/man/man5 /usr/X11R6/share/man/man1 -/usr/X11R6/share/man/man3 /usr/X11R6/share/man/man4 -/usr/X11R6/share/man/man5 +/usr/X11R6/share/man/man3 /usr/X11R6/share/man/man7 -/usr/X11R6/share/man/man8 -/usr/bin -/usr/include -/usr/include/SDL -/usr/include/apache -/usr/include/arpa -/usr/include/linux -/usr/include/net -/usr/include/scsi -/usr/include/sys +/usr/X11R6/share/fonts/X11 +/usr/X11R6/share/X11 +/usr/X11R6/share/X11/app-defaults +/usr/X11R6/share/doc +/usr/X11R6/bin /usr/lib -/usr/lib/apache +/usr/lib/nautilus/extensions-2.0 +/usr/lib/orbit-2.0 +/usr/lib/girepository-1.0 +/usr/lib/gstreamer-1.0 /usr/lib/bonobo-2.0/samples -/usr/lib/bonobo/monikers -/usr/lib/bonobo/servers -/usr/lib/enlightenment/modules -/usr/lib/gimp/2.0/plug-ins +/usr/lib/cmake +/usr/lib/gio/modules +/usr/lib/ruby/site_ruby/1.9.1 +/usr/lib/ruby/site_ruby/1.9.1/x86_64-linux +/usr/lib/systemd/system +/usr/lib/gnome-settings-daemon-3.0 +/usr/lib/kernel/install.d +/usr/lib/python2.7/site-packages +/usr/lib/python2.7/site-packages/PyQt4/uic +/usr/lib/python2.7/site-packages/PyQt4/uic/widget-plugins +/usr/lib/python2.7/site-packages/gtk-2.0 +/usr/lib/python2.7/site-packages/dbus/mainloop +/usr/lib/python2.7/site-packages/ogg /usr/lib/gnome-vfs-2.0/modules /usr/lib/gtk-2.0/modules +/usr/lib/gtk-2.0/2.10.0/engines /usr/lib/libglade/2.0 -/usr/lib/mozilla -/usr/lib/mozilla/components -/usr/lib/mozilla/plugins -/usr/lib/orbit-2.0 -/usr/lib/perl5/site_perl +/usr/lib/apache /usr/lib/pkgconfig -/usr/lib/ruby/site_ruby -/usr/lib/sxemacs +/usr/lib/gstreamer-0.10 +/usr/lib/perl5 +/usr/lib/perl5/site_perl +/usr/lib/perl5/site_perl/5.16.0 +/usr/lib/perl5/site_perl/5.16.0/x86_64-linux +/usr/lib/perl5/site_perl/5.16.0/x86_64-linux/auto +/usr/lib/perl5/site_perl/5.16.0/x86_64-linux/Bundle +/usr/lib/bonobo +/usr/lib/bonobo/monikers +/usr/lib/bonobo/servers +/usr/lib/sane +/usr/lib/gdk-pixbuf-2.0/2.10.0/loaders +/usr/lib/rep /usr/sbin +/usr/include +/usr/include/arpa +/usr/include/sys +/usr/include/telepathy-logger-0.2 +/usr/include/linux +/usr/include/SDL +/usr/include/clutter-1.0 +/usr/include/apache +/usr/include/pygtk-2.0 +/usr/include/gstreamer-0.10/gst +/usr/include/netinet +/usr/include/net +/usr/include/scsi /usr/share -/usr/share/aclocal -/usr/share/application-registry -/usr/share/applications +/usr/share/texmf /usr/share/dbus-1 -/usr/share/dbus-1/interfaces -/usr/share/dbus-1/services /usr/share/dbus-1/system-services -/usr/share/doc -/usr/share/foomatic -/usr/share/foomatic/db -/usr/share/foomatic/db/source -/usr/share/foomatic/db/source/driver -/usr/share/foomatic/db/source/opt -/usr/share/foomatic/db/source/printer -/usr/share/gnome -/usr/share/gnome/help -/usr/share/gnome/wm-properties +/usr/share/dbus-1/services +/usr/share/dbus-1/interfaces +/usr/share/GConf/gsettings +/usr/share/idl +/usr/share/man +/usr/share/man/man6 +/usr/share/man/man8 +/usr/share/man/man9 +/usr/share/man/man5 +/usr/share/man/man2 +/usr/share/man/man1 +/usr/share/man/mann +/usr/share/man/man4 +/usr/share/man/man3 +/usr/share/man/man7 +/usr/share/gnome-2.0/ui +/usr/share/gnome-background-properties +/usr/share/guile/site +/usr/share/telepathy +/usr/share/telepathy/clients +/usr/share/cups/charsets +/usr/share/cups/drv +/usr/share/cups/ppdc +/usr/share/cups/mime +/usr/share/cups/banners +/usr/share/cups/data +/usr/share/applications /usr/share/gtk-doc /usr/share/gtk-doc/html -/usr/share/hwdata +/usr/share/info +/usr/share/mime +/usr/share/mime/packages +/usr/share/ppd +/usr/share/application-registry +/usr/share/mime-info +/usr/share/terminfo +/usr/share/gnome +/usr/share/gnome/wm-properties +/usr/share/gnome/help /usr/share/icons +/usr/share/icons/locolor +/usr/share/icons/locolor/32x32 +/usr/share/icons/locolor/32x32/mimetypes +/usr/share/icons/locolor/32x32/actions +/usr/share/icons/locolor/32x32/apps +/usr/share/icons/locolor/16x16 +/usr/share/icons/locolor/16x16/mimetypes +/usr/share/icons/locolor/16x16/actions +/usr/share/icons/locolor/16x16/apps +/usr/share/icons/Crux +/usr/share/icons/Crux/24x24 +/usr/share/icons/Crux/24x24/places +/usr/share/icons/Crux/24x24/status +/usr/share/icons/Crux/24x24/actions +/usr/share/icons/Crux/22x22 +/usr/share/icons/Crux/22x22/places +/usr/share/icons/Crux/22x22/status +/usr/share/icons/Crux/22x22/actions +/usr/share/icons/Crux/32x32 +/usr/share/icons/Crux/32x32/places +/usr/share/icons/Crux/32x32/status +/usr/share/icons/Crux/32x32/actions +/usr/share/icons/Crux/scalable +/usr/share/icons/Crux/scalable/places +/usr/share/icons/Crux/scalable/status +/usr/share/icons/Crux/scalable/actions +/usr/share/icons/Crux/16x16 +/usr/share/icons/Crux/16x16/places +/usr/share/icons/Crux/16x16/status +/usr/share/icons/Crux/16x16/actions +/usr/share/icons/HighContrastLargePrint +/usr/share/icons/HighContrastLargePrint/48x48 +/usr/share/icons/HighContrastLargePrint/48x48/mimetypes +/usr/share/icons/HighContrastLargePrint/48x48/places +/usr/share/icons/HighContrastLargePrint/48x48/status +/usr/share/icons/HighContrastLargePrint/48x48/actions +/usr/share/icons/HighContrastLargePrint/48x48/categories +/usr/share/icons/HighContrastLargePrint/48x48/emblems +/usr/share/icons/HighContrastLargePrint/48x48/apps +/usr/share/icons/HighContrastLargePrint/48x48/devices +/usr/share/icons/HighContrastLargePrint/36x36 +/usr/share/icons/HighContrastLargePrint/36x36/animations +/usr/share/icons/HighContrast +/usr/share/icons/LargePrint +/usr/share/icons/HighContrastLargePrintInverse +/usr/share/icons/HighContrastLargePrintInverse/48x48 +/usr/share/icons/HighContrastLargePrintInverse/48x48/mimetypes +/usr/share/icons/HighContrastLargePrintInverse/48x48/places +/usr/share/icons/HighContrastLargePrintInverse/48x48/status +/usr/share/icons/HighContrastLargePrintInverse/48x48/actions +/usr/share/icons/HighContrastLargePrintInverse/48x48/categories +/usr/share/icons/HighContrastLargePrintInverse/48x48/emblems +/usr/share/icons/HighContrastLargePrintInverse/48x48/apps +/usr/share/icons/HighContrastLargePrintInverse/48x48/devices +/usr/share/icons/HighContrastLargePrintInverse/36x36 +/usr/share/icons/HighContrastLargePrintInverse/36x36/animations +/usr/share/icons/HighContrastInverse +/usr/share/icons/gnome +/usr/share/icons/gnome/24x24 +/usr/share/icons/gnome/24x24/mimetypes +/usr/share/icons/gnome/24x24/places +/usr/share/icons/gnome/24x24/status +/usr/share/icons/gnome/24x24/actions +/usr/share/icons/gnome/24x24/categories +/usr/share/icons/gnome/24x24/emblems +/usr/share/icons/gnome/24x24/apps +/usr/share/icons/gnome/24x24/emotes +/usr/share/icons/gnome/24x24/devices +/usr/share/icons/gnome/48x48 +/usr/share/icons/gnome/48x48/mimetypes +/usr/share/icons/gnome/48x48/places +/usr/share/icons/gnome/48x48/status +/usr/share/icons/gnome/48x48/actions +/usr/share/icons/gnome/48x48/categories +/usr/share/icons/gnome/48x48/emblems +/usr/share/icons/gnome/48x48/apps +/usr/share/icons/gnome/48x48/emotes +/usr/share/icons/gnome/48x48/animations +/usr/share/icons/gnome/48x48/devices +/usr/share/icons/gnome/22x22 +/usr/share/icons/gnome/22x22/mimetypes +/usr/share/icons/gnome/22x22/places +/usr/share/icons/gnome/22x22/status +/usr/share/icons/gnome/22x22/actions +/usr/share/icons/gnome/22x22/categories +/usr/share/icons/gnome/22x22/emblems +/usr/share/icons/gnome/22x22/apps +/usr/share/icons/gnome/22x22/emotes +/usr/share/icons/gnome/22x22/animations +/usr/share/icons/gnome/22x22/devices +/usr/share/icons/gnome/256x256 +/usr/share/icons/gnome/256x256/mimetypes +/usr/share/icons/gnome/256x256/places +/usr/share/icons/gnome/256x256/status +/usr/share/icons/gnome/256x256/actions +/usr/share/icons/gnome/256x256/categories +/usr/share/icons/gnome/256x256/emblems +/usr/share/icons/gnome/256x256/apps +/usr/share/icons/gnome/256x256/emotes +/usr/share/icons/gnome/256x256/devices +/usr/share/icons/gnome/32x32 +/usr/share/icons/gnome/32x32/mimetypes +/usr/share/icons/gnome/32x32/places +/usr/share/icons/gnome/32x32/status +/usr/share/icons/gnome/32x32/actions +/usr/share/icons/gnome/32x32/categories +/usr/share/icons/gnome/32x32/emblems +/usr/share/icons/gnome/32x32/apps +/usr/share/icons/gnome/32x32/emotes +/usr/share/icons/gnome/32x32/animations +/usr/share/icons/gnome/32x32/devices +/usr/share/icons/gnome/scalable +/usr/share/icons/gnome/scalable/status +/usr/share/icons/gnome/16x16 +/usr/share/icons/gnome/16x16/mimetypes +/usr/share/icons/gnome/16x16/places +/usr/share/icons/gnome/16x16/status +/usr/share/icons/gnome/16x16/actions +/usr/share/icons/gnome/16x16/categories +/usr/share/icons/gnome/16x16/emblems +/usr/share/icons/gnome/16x16/apps +/usr/share/icons/gnome/16x16/emotes +/usr/share/icons/gnome/16x16/animations +/usr/share/icons/gnome/16x16/devices +/usr/share/icons/gnome/8x8 +/usr/share/icons/gnome/8x8/emblems /usr/share/icons/hicolor -/usr/share/icons/hicolor/128x128 -/usr/share/icons/hicolor/128x128/actions -/usr/share/icons/hicolor/128x128/animations -/usr/share/icons/hicolor/128x128/apps -/usr/share/icons/hicolor/128x128/categories -/usr/share/icons/hicolor/128x128/devices -/usr/share/icons/hicolor/128x128/emblems -/usr/share/icons/hicolor/128x128/emotes -/usr/share/icons/hicolor/128x128/filesystems -/usr/share/icons/hicolor/128x128/intl -/usr/share/icons/hicolor/128x128/mimetypes -/usr/share/icons/hicolor/128x128/places -/usr/share/icons/hicolor/128x128/status -/usr/share/icons/hicolor/128x128/stock -/usr/share/icons/hicolor/128x128/stock/chart -/usr/share/icons/hicolor/128x128/stock/code -/usr/share/icons/hicolor/128x128/stock/data -/usr/share/icons/hicolor/128x128/stock/form -/usr/share/icons/hicolor/128x128/stock/image -/usr/share/icons/hicolor/128x128/stock/io -/usr/share/icons/hicolor/128x128/stock/media -/usr/share/icons/hicolor/128x128/stock/navigation -/usr/share/icons/hicolor/128x128/stock/net -/usr/share/icons/hicolor/128x128/stock/object -/usr/share/icons/hicolor/128x128/stock/table -/usr/share/icons/hicolor/128x128/stock/text -/usr/share/icons/hicolor/16x16 -/usr/share/icons/hicolor/16x16/apps -/usr/share/icons/hicolor/192x192 -/usr/share/icons/hicolor/192x192/actions -/usr/share/icons/hicolor/192x192/animations -/usr/share/icons/hicolor/192x192/apps -/usr/share/icons/hicolor/192x192/categories -/usr/share/icons/hicolor/192x192/devices -/usr/share/icons/hicolor/192x192/emblems -/usr/share/icons/hicolor/192x192/emotes -/usr/share/icons/hicolor/192x192/filesystems -/usr/share/icons/hicolor/192x192/intl -/usr/share/icons/hicolor/192x192/mimetypes -/usr/share/icons/hicolor/192x192/places -/usr/share/icons/hicolor/192x192/status -/usr/share/icons/hicolor/192x192/stock -/usr/share/icons/hicolor/192x192/stock/chart -/usr/share/icons/hicolor/192x192/stock/code -/usr/share/icons/hicolor/192x192/stock/data -/usr/share/icons/hicolor/192x192/stock/form -/usr/share/icons/hicolor/192x192/stock/image -/usr/share/icons/hicolor/192x192/stock/io -/usr/share/icons/hicolor/192x192/stock/media -/usr/share/icons/hicolor/192x192/stock/navigation -/usr/share/icons/hicolor/192x192/stock/net -/usr/share/icons/hicolor/192x192/stock/object -/usr/share/icons/hicolor/192x192/stock/table -/usr/share/icons/hicolor/192x192/stock/text -/usr/share/icons/hicolor/22x22 -/usr/share/icons/hicolor/22x22/apps +/usr/share/icons/hicolor/64x64 +/usr/share/icons/hicolor/64x64/apps /usr/share/icons/hicolor/24x24 +/usr/share/icons/hicolor/24x24/actions /usr/share/icons/hicolor/24x24/apps -/usr/share/icons/hicolor/32x32 -/usr/share/icons/hicolor/32x32/apps -/usr/share/icons/hicolor/36x36 -/usr/share/icons/hicolor/36x36/actions -/usr/share/icons/hicolor/36x36/animations -/usr/share/icons/hicolor/36x36/apps -/usr/share/icons/hicolor/36x36/categories -/usr/share/icons/hicolor/36x36/devices -/usr/share/icons/hicolor/36x36/emblems -/usr/share/icons/hicolor/36x36/emotes -/usr/share/icons/hicolor/36x36/filesystems -/usr/share/icons/hicolor/36x36/intl -/usr/share/icons/hicolor/36x36/mimetypes -/usr/share/icons/hicolor/36x36/places -/usr/share/icons/hicolor/36x36/status -/usr/share/icons/hicolor/36x36/stock -/usr/share/icons/hicolor/36x36/stock/chart -/usr/share/icons/hicolor/36x36/stock/code -/usr/share/icons/hicolor/36x36/stock/data -/usr/share/icons/hicolor/36x36/stock/form -/usr/share/icons/hicolor/36x36/stock/image -/usr/share/icons/hicolor/36x36/stock/io -/usr/share/icons/hicolor/36x36/stock/media -/usr/share/icons/hicolor/36x36/stock/navigation -/usr/share/icons/hicolor/36x36/stock/net -/usr/share/icons/hicolor/36x36/stock/object -/usr/share/icons/hicolor/36x36/stock/table -/usr/share/icons/hicolor/36x36/stock/text /usr/share/icons/hicolor/48x48 +/usr/share/icons/hicolor/48x48/mimetypes /usr/share/icons/hicolor/48x48/apps -/usr/share/icons/hicolor/64x64 -/usr/share/icons/hicolor/64x64/actions -/usr/share/icons/hicolor/64x64/animations -/usr/share/icons/hicolor/64x64/apps -/usr/share/icons/hicolor/64x64/categories -/usr/share/icons/hicolor/64x64/devices -/usr/share/icons/hicolor/64x64/emblems -/usr/share/icons/hicolor/64x64/emotes -/usr/share/icons/hicolor/64x64/filesystems -/usr/share/icons/hicolor/64x64/intl -/usr/share/icons/hicolor/64x64/mimetypes -/usr/share/icons/hicolor/64x64/places -/usr/share/icons/hicolor/64x64/status -/usr/share/icons/hicolor/64x64/stock -/usr/share/icons/hicolor/64x64/stock/chart -/usr/share/icons/hicolor/64x64/stock/code -/usr/share/icons/hicolor/64x64/stock/data -/usr/share/icons/hicolor/64x64/stock/form -/usr/share/icons/hicolor/64x64/stock/image -/usr/share/icons/hicolor/64x64/stock/io -/usr/share/icons/hicolor/64x64/stock/media -/usr/share/icons/hicolor/64x64/stock/navigation -/usr/share/icons/hicolor/64x64/stock/net -/usr/share/icons/hicolor/64x64/stock/object -/usr/share/icons/hicolor/64x64/stock/table -/usr/share/icons/hicolor/64x64/stock/text -/usr/share/icons/hicolor/72x72 -/usr/share/icons/hicolor/72x72/actions -/usr/share/icons/hicolor/72x72/animations -/usr/share/icons/hicolor/72x72/apps -/usr/share/icons/hicolor/72x72/categories -/usr/share/icons/hicolor/72x72/devices -/usr/share/icons/hicolor/72x72/emblems -/usr/share/icons/hicolor/72x72/emotes -/usr/share/icons/hicolor/72x72/filesystems -/usr/share/icons/hicolor/72x72/intl -/usr/share/icons/hicolor/72x72/mimetypes -/usr/share/icons/hicolor/72x72/places -/usr/share/icons/hicolor/72x72/status -/usr/share/icons/hicolor/72x72/stock -/usr/share/icons/hicolor/72x72/stock/chart -/usr/share/icons/hicolor/72x72/stock/code -/usr/share/icons/hicolor/72x72/stock/data -/usr/share/icons/hicolor/72x72/stock/form -/usr/share/icons/hicolor/72x72/stock/image -/usr/share/icons/hicolor/72x72/stock/io -/usr/share/icons/hicolor/72x72/stock/media -/usr/share/icons/hicolor/72x72/stock/navigation -/usr/share/icons/hicolor/72x72/stock/net -/usr/share/icons/hicolor/72x72/stock/object -/usr/share/icons/hicolor/72x72/stock/table -/usr/share/icons/hicolor/72x72/stock/text -/usr/share/icons/hicolor/96x96 -/usr/share/icons/hicolor/96x96/actions -/usr/share/icons/hicolor/96x96/animations -/usr/share/icons/hicolor/96x96/apps -/usr/share/icons/hicolor/96x96/categories -/usr/share/icons/hicolor/96x96/devices -/usr/share/icons/hicolor/96x96/emblems -/usr/share/icons/hicolor/96x96/emotes -/usr/share/icons/hicolor/96x96/filesystems -/usr/share/icons/hicolor/96x96/intl -/usr/share/icons/hicolor/96x96/mimetypes -/usr/share/icons/hicolor/96x96/places -/usr/share/icons/hicolor/96x96/status -/usr/share/icons/hicolor/96x96/stock -/usr/share/icons/hicolor/96x96/stock/chart -/usr/share/icons/hicolor/96x96/stock/code -/usr/share/icons/hicolor/96x96/stock/data -/usr/share/icons/hicolor/96x96/stock/form -/usr/share/icons/hicolor/96x96/stock/image -/usr/share/icons/hicolor/96x96/stock/io -/usr/share/icons/hicolor/96x96/stock/media -/usr/share/icons/hicolor/96x96/stock/navigation -/usr/share/icons/hicolor/96x96/stock/net -/usr/share/icons/hicolor/96x96/stock/object -/usr/share/icons/hicolor/96x96/stock/table -/usr/share/icons/hicolor/96x96/stock/text +/usr/share/icons/hicolor/48x48/devices +/usr/share/icons/hicolor/22x22 +/usr/share/icons/hicolor/22x22/actions +/usr/share/icons/hicolor/22x22/apps +/usr/share/icons/hicolor/256x256 +/usr/share/icons/hicolor/256x256/mimetypes +/usr/share/icons/hicolor/256x256/apps +/usr/share/icons/hicolor/32x32 +/usr/share/icons/hicolor/32x32/mimetypes +/usr/share/icons/hicolor/32x32/actions +/usr/share/icons/hicolor/32x32/apps +/usr/share/icons/hicolor/128x128 +/usr/share/icons/hicolor/128x128/mimetypes +/usr/share/icons/hicolor/128x128/apps /usr/share/icons/hicolor/scalable +/usr/share/icons/hicolor/scalable/mimetypes +/usr/share/icons/hicolor/scalable/actions /usr/share/icons/hicolor/scalable/apps -/usr/share/idl -/usr/share/info +/usr/share/icons/hicolor/16x16 +/usr/share/icons/hicolor/16x16/mimetypes +/usr/share/icons/hicolor/16x16/actions +/usr/share/icons/hicolor/16x16/apps +/usr/share/icons/hicolor/512x512 +/usr/share/icons/hicolor/512x512/apps +/usr/share/icons/Mist +/usr/share/icons/Mist/24x24 +/usr/share/icons/Mist/24x24/places +/usr/share/icons/Mist/24x24/status +/usr/share/icons/Mist/24x24/actions +/usr/share/icons/Mist/24x24/apps +/usr/share/icons/Mist/24x24/devices +/usr/share/icons/Mist/48x48 +/usr/share/icons/Mist/48x48/places +/usr/share/icons/Mist/48x48/status +/usr/share/icons/Mist/48x48/actions +/usr/share/icons/Mist/48x48/apps +/usr/share/icons/Mist/48x48/devices +/usr/share/icons/Mist/22x22 +/usr/share/icons/Mist/22x22/places +/usr/share/icons/Mist/22x22/status +/usr/share/icons/Mist/22x22/actions +/usr/share/icons/Mist/22x22/apps +/usr/share/icons/Mist/22x22/devices +/usr/share/icons/Mist/256x256 +/usr/share/icons/Mist/256x256/places +/usr/share/icons/Mist/256x256/status +/usr/share/icons/Mist/256x256/actions +/usr/share/icons/Mist/256x256/apps +/usr/share/icons/Mist/256x256/devices +/usr/share/icons/Mist/32x32 +/usr/share/icons/Mist/32x32/places +/usr/share/icons/Mist/32x32/status +/usr/share/icons/Mist/32x32/actions +/usr/share/icons/Mist/32x32/apps +/usr/share/icons/Mist/32x32/devices +/usr/share/icons/Mist/16x16 +/usr/share/icons/Mist/16x16/places +/usr/share/icons/Mist/16x16/status +/usr/share/icons/Mist/16x16/actions +/usr/share/icons/Mist/16x16/apps +/usr/share/icons/Mist/16x16/devices +/usr/share/icons/HighContrast-SVG +/usr/share/icons/HighContrast-SVG/48x48 +/usr/share/icons/HighContrast-SVG/48x48/animations +/usr/share/icons/HighContrast-SVG/scalable +/usr/share/icons/HighContrast-SVG/scalable/mimetypes +/usr/share/icons/HighContrast-SVG/scalable/places +/usr/share/icons/HighContrast-SVG/scalable/status +/usr/share/icons/HighContrast-SVG/scalable/actions +/usr/share/icons/HighContrast-SVG/scalable/categories +/usr/share/icons/HighContrast-SVG/scalable/emblems +/usr/share/icons/HighContrast-SVG/scalable/apps +/usr/share/icons/HighContrast-SVG/scalable/emotes +/usr/share/icons/HighContrast-SVG/scalable/devices /usr/share/kbd/consolefonts -/usr/share/locale -/usr/share/man -/usr/share/man/man1 -/usr/share/man/man2 -/usr/share/man/man3 -/usr/share/man/man4 -/usr/share/man/man5 -/usr/share/man/man6 -/usr/share/man/man7 -/usr/share/man/man8 -/usr/share/mime/packages +/usr/share/gir-1.0 /usr/share/misc -/usr/share/omf -/usr/share/pixmaps -/usr/share/pygtk/2.0 -/usr/share/pygtk/2.0/defs +/usr/share/gdb +/usr/share/gdb/auto-load +/usr/share/menu +/usr/share/sip +/usr/share/desktop-directories +/usr/share/bash-completion/completions +/usr/share/pkgconfig +/usr/share/polkit-1/actions +/usr/share/glib-2.0/schemas +/usr/share/sounds /usr/share/sgml /usr/share/sgml/docbook -/usr/share/sounds -/usr/share/sxemacs -/usr/share/sxemacs/site-packages/etc -/usr/share/sxemacs/site-packages/info -/usr/share/sxemacs/site-packages/lisp -/usr/share/sxemacs/site-packages/pkginfo -/usr/share/terminfo +/usr/share/devhelp/books /usr/share/texinfo -/usr/share/texmf +/usr/share/zsh/site-functions +/usr/share/omf +/usr/share/xml +/usr/share/xml/docbook +/usr/share/doc +/usr/share/pixmaps +/usr/share/aclocal +/usr/share/hwdata /usr/share/texmf-local -/usr/share/texmf/tex -/usr/share/texmf/tex/generic -/usr/share/texmf/tex/generic/epsf -/usr/share/texmf/tex/texinfo /usr/share/themes -/usr/share/themes/Default +/usr/share/themes/Crux +/usr/share/themes/Simple /usr/share/themes/Emacs +/usr/share/themes/Mist +/usr/share/themes/Clearlooks /usr/share/themes/Raleigh -/usr/share/xml -/usr/share/xml/docbook +/usr/share/themes/Default +/usr/share/locale +/usr/share/locale/ca +/usr/share/locale/ca/LC_MESSAGES +/usr/share/locale/ja +/usr/share/locale/ja/LC_MESSAGES +/usr/share/locale/ru +/usr/share/locale/ru/LC_MESSAGES +/usr/share/locale/cs +/usr/share/locale/cs/LC_MESSAGES +/usr/share/locale/vi +/usr/share/locale/vi/LC_MESSAGES +/usr/share/locale/sv +/usr/share/locale/sv/LC_MESSAGES +/usr/share/locale/el +/usr/share/locale/el/LC_MESSAGES +/usr/share/locale/bg +/usr/share/locale/bg/LC_MESSAGES +/usr/share/locale/gl +/usr/share/locale/gl/LC_MESSAGES +/usr/share/locale/tr +/usr/share/locale/tr/LC_MESSAGES +/usr/share/locale/hr +/usr/share/locale/hr/LC_MESSAGES +/usr/share/locale/it +/usr/share/locale/it/LC_MESSAGES +/usr/share/locale/ia +/usr/share/locale/ia/LC_MESSAGES +/usr/share/locale/fr +/usr/share/locale/fr/LC_MESSAGES +/usr/share/locale/hu +/usr/share/locale/hu/LC_MESSAGES +/usr/share/locale/de +/usr/share/locale/de/LC_MESSAGES +/usr/share/locale/es +/usr/share/locale/es/LC_MESSAGES +/usr/share/locale/rw +/usr/share/locale/rw/LC_MESSAGES +/usr/share/locale/pl +/usr/share/locale/pl/LC_MESSAGES +/usr/share/locale/eo +/usr/share/locale/eo/LC_MESSAGES +/usr/share/locale/pt_BR +/usr/share/locale/pt_BR/LC_MESSAGES +/usr/share/locale/be +/usr/share/locale/be/LC_MESSAGES +/usr/share/locale/sk +/usr/share/locale/sk/LC_MESSAGES +/usr/share/locale/lt +/usr/share/locale/lt/LC_MESSAGES +/usr/share/locale/en_GB +/usr/share/locale/en_GB/LC_MESSAGES +/usr/share/locale/id +/usr/share/locale/id/LC_MESSAGES +/usr/share/locale/nl +/usr/share/locale/nl/LC_MESSAGES +/usr/share/locale/da +/usr/share/locale/da/LC_MESSAGES +/usr/share/locale/fi +/usr/share/locale/fi/LC_MESSAGES +/usr/share/locale/zh_TW +/usr/share/locale/zh_TW/LC_MESSAGES +/usr/share/locale/zh_CN +/usr/share/locale/zh_CN/LC_MESSAGES +/usr/share/locale/nb +/usr/share/locale/nb/LC_MESSAGES +/usr/share/locale/ko +/usr/share/locale/ko/LC_MESSAGES +/usr/share/gnome-control-center +/usr/share/gnome-control-center/keybindings +/usr/share/gnome-control-center/default-apps +/usr/share/vala +/usr/share/vala/vapi +/usr/share/common-lisp/source +/usr/share/appdata +/usr/share/xsessions /usr/share/zoneinfo -/var/cache -/var/lib -/var/lib/misc -/var/opt -/var/spool +/usr/share/pygtk/2.0 +/usr/share/pygtk/2.0/defs +/usr/share/games +/usr/bin diff --git a/lisp/bld-update.el b/lisp/bld-update.el new file mode 100644 index 0000000..531ebd9 --- /dev/null +++ b/lisp/bld-update.el @@ -0,0 +1,59 @@ +;; bld-update.el --- Update pkgusr build scripts via ediff -*- Emacs-Lisp -*- + +;; Copyright (C) 2014 Steve Youngs + +;; Author: Steve Youngs +;; Maintainer: Steve Youngs +;; Created: <2014-03-10> +;; Time-stamp: + +;; This file is part of pkgusr. + +;; Redistribution and use in source and binary forms, with or without +;; modification, are permitted provided that the following conditions +;; are met: +;; +;; 1. Redistributions of source code must retain the above copyright +;; notice, this list of conditions and the following disclaimer. +;; +;; 2. Redistributions in binary form must reproduce the above copyright +;; notice, this list of conditions and the following disclaimer in the +;; documentation and/or other materials provided with the distribution. +;; +;; 3. Neither the name of the author nor the names of any contributors +;; may be used to endorse or promote products derived from this +;; software without specific prior written permission. +;; +;; THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR +;; IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +;; WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +;; DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +;; FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +;; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +;; SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +;; BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +;; WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +;; OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +;; IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +;;; Commentary: +;; +;; Just calls #'ediff-files to update build scripts. Probably way +;; over the top, but it is the best and easiest way I know of to +;; incrementally and interactively apply a diff. + +;;; Code: +(require 'ediff) +(defvar pkgusr-build-script + (expand-file-name "build" (user-home-directory)) + "The pkgusr's build script.") + +(defvar system-build-script + (expand-file-name "build" + (paths-construct-path + (list "/etc" "pkgusr" "skel-package"))) + "The build script new pkgusrs get.") + +(ediff-files pkgusr-build-script system-build-script) + +;;; bld-update.el ends here diff --git a/lisp/pkgusr.el b/lisp/pkgusr.el index 01c3c4f..e975c86 100644 --- a/lisp/pkgusr.el +++ b/lisp/pkgusr.el @@ -5,7 +5,7 @@ ;; Author: Steve Youngs ;; Maintainer: Steve Youngs ;; Created: <2007-07-13> -;; Time-stamp: +;; Time-stamp: ;; Homepage: N/A ;; Keywords: utils package-management @@ -93,7 +93,7 @@ (defconst pkgusr-url-regexp (concat - #r"\(\(https?\|ftp\|gopher\|telnet\|wais\)://\|file:/\|s?news:\|mailto:\)" + #r"\(\(https?\|ftp\|rsync\|s\(cp\|sh\)\|git\)://\|file:/\|s?news:\|mailto:\)" "[^]\t\n \"'()<>[^`{}]*[^]\t\n \"'()<>[^`{}.,;]+") "A regular expression matching URLs.") diff --git a/usr/bin/forall_direntries_from b/usr/bin/forall_direntries_from index 23024f5..7963334 100755 --- a/usr/bin/forall_direntries_from +++ b/usr/bin/forall_direntries_from @@ -1,62 +1,73 @@ #!/bin/bash +## Originally... # Copyright (c) 2004 Matthias S. Benkmann
# You may do everything with this code except misrepresent its origin. # PROVIDED `AS IS' WITH ABSOLUTELY NO WARRANTY OF ANY KIND! -#The following list should contain the mount points of all filesystems -#that are to be scanned as a space-separated list within parentheses. -#/ will usually be in this list and if you have /usr -#on a separate partition, it will also be in this list. Other non-special -#filesystems where package users could own files should also be put in this -#list. -#Mount points whose filesystems are special, such as procfs or sysfs must -#not be in this list. While a simple find on those special filesystems should -#be harmless, operations such as "-exec grep something" are NOT SAFE and may -#have HARMFUL SIDE-EFFECTS, especially when performed as root. +# Copyright (C) 2014 Steve Youngs +## Loads of minor tweaks --SY. + +# The following list should contain the mount points of all +# filesystems that are to be scanned as a space-separated list within +# parentheses. / will usually be in this list and if you have /usr on +# a separate partition, it will also be in this list. Other +# non-special filesystems where package users could own files should +# also be put in this list. Mount points whose filesystems are +# special, such as procfs or sysfs must not be in this list. While a +# simple find on those special filesystems should be harmless, +# operations such as "-exec grep something" are NOT SAFE and may have +# HARMFUL SIDE-EFFECTS, especially when performed as root. ## Bastard settings -# fs_to_scan=(/ /opt /usr /usr/local /var) +# fs_to_scan=(/ /opt /usr /var) fs_to_scan=(/) -#Files with a path prefix found in the following list are ignored. -#This list will usually contain the parent directory of your package users' -#home directories, because normally you don't want to scan those. You can -#also add other directories that will never contain package user files, such -#as /home. This reduces scan time. -#NOTE: The LFS-6.0 book uses a ramfs mounted on /dev and with that setup -#/dev does not need to be in the prune list. But since there is no requirement -#that /dev have its on filesystem it's better to prune it explicitly. +# Files with a path prefix found in the following list are ignored. This +# list will usually contain the parent directory of your package users' +# home directories, because normally you don't want to scan those. You +# can also add other directories that will never contain package user +# files, such as /home. This reduces scan time. + +# Directories that are on separate filesystems (separate from the ones +# listed in fs_to_scan above) don't need to be listed here because of +# the -xdev option used in the find command. ## Bastard settings # prune_prefixes=(\ -# /tools \ -# /usr/local/LFS/tools \ -# /home \ -# /usr/src \ -# /dev \ -# /mnt \ -# /tmp \ -# /sys \ -# /etc/apache/ssl.key \ -# /etc/cups/ssl \ -# /etc/firewall \ -# /etc/skel \ -# /etc/ssl/private \ -# /lost+found \ -# /**/lost+found \ -# /root \ -# /usr/local/lost+found \ -# /**/.{mc,ssh,mozilla,spamassassin} \ -# /usr/local/media/pr0n \ -# /usr/local/LFS \ -# /usr/share/mailman \ -# /var/{cache,chroot,run,snmp,spool} \ -# /var/lib/{sshd,nfs,spamassassin,pulse} \ -# /var/www/htdocs/SXEmacs-issues{,.old} \ -# /var/lost+found) #NO TRAILING SLASHES!!!! - -prune_prefixes=(/home /usr/src /dev /tools) #NO TRAILING SLASHES!!!! +# /{,*/{,*/}}lost+found \ +# /root \ +# /opt/pgsql/data \ +# /opt/sql-ledger/{spool,templates,users,css} \ +# /etc/apache/ssl.key \ +# /etc/audisp/plugins.d \ +# /etc/cups/ssl \ +# /etc/firewall \ +# /etc/polkit-1/rules.d \ +# /etc/skel \ +# /etc/ssl/private \ +# /etc/sudoers.d \ +# /var/lib/{sasl,sudo,net-snmp,udisks{,2},NetworkManager} \ +# /var/log \ +# /usr/lib/pkgusr \ +# /usr/share/polkit-1/rules.d \ +# /var/tmp \ +# /var/{cache,chroot,run,snmp,spool} \ +# /var/lib/{sshd,nfs,spamassassin,pulse}) #NO TRAILING SLASHES!!!! + +prune_prefixes=(\ + /home \ + /root \ + /usr/lib/pkgusr \ + /usr/src) #NO TRAILING SLASHES!!!! + +## NOTE: +# If you are scanning MS-DOS, CD-ROM, or AFS volumes you need +# to set $NOLEAF here to '-noleaf'. Setting this does significantly +# slow down the search so only do so if you really need to. + +# NOLEAF='-noleaf' +NOLEAF= if [ $# -lt 1 -o "$1" = "--help" ]; then echo 1>&2 @@ -72,35 +83,35 @@ if [ $# -lt 1 -o "$1" = "--help" ]; then exit 1 fi -#suppress ugly debug output from shell +# suppress ugly debug output from shell trap ':' SIGPIPE ugname="$1" -shift 1 #remove user_or_group_name from argument list +shift 1 # remove user_or_group_name from argument list ugmatcher=(-false) -#test if find accepts ugname as a user, and append to ugmatcher if it does +# test if find accepts ugname as a user, and append to ugmatcher if it does if find / -maxdepth 0 -user "$ugname" >/dev/null 2>&1 ; then ugmatcher[${#ugmatcher[@]}]="-or" ugmatcher[${#ugmatcher[@]}]="-user" ugmatcher[${#ugmatcher[@]}]="$ugname" fi -#test if find accepts ugname as a group, and append to ugmatcher if it does +# test if find accepts ugname as a group, and append to ugmatcher if it does if find / -maxdepth 0 -group "$ugname" >/dev/null 2>&1 ; then ugmatcher[${#ugmatcher[@]}]="-or" ugmatcher[${#ugmatcher[@]}]="-group" ugmatcher[${#ugmatcher[@]}]="$ugname" fi -#if find accepted ugname as neither user nor group, then exit +# if find accepted ugname as neither user nor group, then exit if [ "${#ugmatcher[@]}" = 1 ]; then echo 1>&2 'find does not accept `'"$ugname'"' as group or user name' exit 1 fi -#construct find commands that match the prune_prefixes. Each prefix will be -#matched as -path -or -path /* -#so that the directory itself and all subdirectories are matched. +# construct find commands that match the prune_prefixes. Each prefix will be +# matched as -path -or -path /* +# so that the directory itself and all subdirectories are matched. y=(\( -false) for ((i=0; $i<${#prune_prefixes[@]}; i=$i+1)) do @@ -113,12 +124,19 @@ do done y[${#y[@]}]=')' -#In the following find command, the part +# The uninstall_package script sets this to `-ignore_readdir_race' so +# that find doesn't print errors when things it is searching for +# disappear. +# IGNORE_READDIR_RACE='-ignore_readdir_race' +IGNORE_READDIR_RACE= + +# In the following find command, the part # -not ( ( "${y[@]}" -prune ) -or "${y[@]}" ) -#is responsible for preventing the files that match prune_prefixes from -#being processed. The 2nd "${y[@]}" may seem redundant, but it isn't, because -#-prune has no effect and is always false when -depth is used. -#The -true before "$@" ensures that -depth can be passed as only parameter. -find "${fs_to_scan[@]}" -xdev -noleaf \ +# is responsible for preventing the files that match prune_prefixes from +# being processed. The 2nd "${y[@]}" may seem redundant, but it isn't, because +# -prune has no effect and is always false when -depth is used. +# The -true before "$@" ensures that -depth can be passed as only parameter. + +find "${fs_to_scan[@]}" -xdev $NOLEAF $IGNORE_READDIR_RACE \ -not \( \( "${y[@]}" -prune \) -or "${y[@]}" \) \ -and \( "${ugmatcher[@]}" \) -and \( -true "$@" \) diff --git a/usr/bin/grep_all_regular_files_for b/usr/bin/grep_all_regular_files_for index 5f741d7..c5e9c71 100755 --- a/usr/bin/grep_all_regular_files_for +++ b/usr/bin/grep_all_regular_files_for @@ -1,33 +1,75 @@ #!/bin/bash +## Originally... # Copyright (c) 2004 Matthias S. Benkmann
# You may do everything with this code except misrepresent its origin. # PROVIDED `AS IS' WITH ABSOLUTELY NO WARRANTY OF ANY KIND! -#The following list should contain the mount points of all filesystems -#that are to be scanned as a space-separated list within parentheses. -#/ will usually be in this list and if you have /usr -#on a separate partition, it will also be in this list. -#Mount points whose filesystems are special, such as procfs or sysfs must -#not be in this list. While a simple find on those special filesystems should -#be harmless, operations such as "-exec grep something" are NOT SAFE and may -#have HARMFUL SIDE-EFFECTS, especially when performed as root. +# Copyright (C) 2014 Steve Youngs +# Many updates/tweaks --SY. + +# The following list should contain the mount points of all +# filesystems that are to be scanned as a space-separated list within +# parentheses. / will usually be in this list and if you have /usr on +# a separate partition, it will also be in this list. Mount points +# whose filesystems are special, such as procfs or sysfs must not be +# in this list. While a simple find on those special filesystems +# should be harmless, operations such as "-exec grep something" are +# NOT SAFE and may have HARMFUL SIDE-EFFECTS, especially when +# performed as root. ## Bastard settings -# fs_to_scan=(/ /opt /usr /usr/local /var) +# fs_to_scan=(/ /opt /usr /var) fs_to_scan=(/) -#Files with a path prefix found in the following list are ignored. As the -#main function of this script is to help you find files that contain -#hardwired paths to /tools or other unwanted references to -#your build system, you will usually prune any directories that don't contain -#files of interest, such as /tools (whose files naturally refer to /tools) -#and your package users' home directories (which may also test positive if -#you have unpacked and configured sources lying around). -#NOTE: The LFS-6.0 book uses a ramfs mounted on /dev and with that setup -#/dev does not need to be in the prune list. But since there is no requirement -#that /dev have its on filesystem it's better to prune it explicitly. -prune_prefixes=(/home /usr/src /dev /tools) #NO TRAILING SLASHES!!! +## NOTE: if any of the directories listed in fs_to_scan contain +## non-UNIX filesystems (MS-DOS, CD-ROM etc) you need to set $NOLEAF +## here to `-noleaf'. But only do so if you really need to as it +## comes with a significant slow down on the find. +# NOLEAF='-noleaf' +NOLEAF= + +# Files with a path prefix found in the following list are ignored. As +# the main function of this script is to help you find files that +# contain hardwired paths to /tools or other unwanted references to +# your build system, you will usually prune any directories that don't +# contain files of interest, such as /tools (whose files naturally +# refer to /tools) and your package users' home directories (which may +# also test positive if you have unpacked and configured sources lying +# around). +# +# NOTE: If a directory you want to prune is on a separate filesystem +# (separate from those listed in fs_to_scan) you don't need to list it +# here because of the -xdev option used in the find command. + +## Bastard settings +# prune_prefixes=(\ +# /{,*/{,*/}}lost+found \ +# /root \ +# /opt/pgsql/data \ +# /opt/sql-ledger/{spool,templates,users,css} \ +# /etc/apache/ssl.key \ +# /etc/audisp/plugins.d \ +# /etc/cups/ssl \ +# /etc/firewall \ +# /etc/polkit-1/rules.d \ +# /etc/skel \ +# /etc/ssl/private \ +# /etc/sudoers.d \ +# /var/lib/{sasl,sudo,net-snmp,udisks{,2},NetworkManager} \ +# /var/log \ +# /usr/lib/pkgusr \ +# /usr/share/polkit-1/rules.d \ +# /var/tmp \ +# /var/{cache,chroot,run,snmp,spool} \ +# /var/lib/{sshd,nfs,spamassassin,pulse}) #NO TRAILING SLASHES!!!! + +prune_prefixes=(\ + /home \ + /usr/lib/pkgusr \ + /usr/src \ + /dev \ + /tools) #NO TRAILING SLASHES!!! if [ $# -lt 1 -o "$1" = "--help" ]; then echo 1>&2 @@ -44,12 +86,12 @@ if [ $# -lt 1 -o "$1" = "--help" ]; then exit 1 fi -#suppress ugly debug output from shell +# suppress ugly debug output from shell trap ':' SIGPIPE -#construct find commands that match the prune_prefixes. Each prefix will be -#matched as -path -or -path /* -#so that the directory itself and all subdirectories are matched. +# construct find commands that match the prune_prefixes. Each prefix will be +# matched as -path -or -path /* +# so that the directory itself and all subdirectories are matched. y=(\( -false) for ((i=0; $i<${#prune_prefixes[@]}; i=$i+1)) do @@ -65,14 +107,14 @@ y[${#y[@]}]=')' cmd_pre=(-type f -exec grep -l) cmd_post=(-- {} \;) -#In the following find command, the part +# In the following find command, the part # -not ( ( "${y[@]}" -prune ) -or "${y[@]}" ) -#is responsible for preventing the files that match prune_prefixes from -#being processed. The 2nd "${y[@]}" may seem redundant, but it isn't, because -#-prune has no effect and is always false when -depth is used (which someone -#might do in the future). -#The -true before "$@" ensures that -depth can be passed as 1st parameter -#of $cmd_pre (should someone change it in the future). -find "${fs_to_scan[@]}" -xdev -noleaf \ +# is responsible for preventing the files that match prune_prefixes from +# being processed. The 2nd "${y[@]}" may seem redundant, but it isn't, because +# -prune has no effect and is always false when -depth is used (which someone +# might do in the future). +# The -true before "$@" ensures that -depth can be passed as 1st parameter +# of $cmd_pre (should someone change it in the future). +find "${fs_to_scan[@]}" -xdev $NOLEAF \ -not \( \( "${y[@]}" -prune \) -or "${y[@]}" \) \ -and \( -true "${cmd_pre[@]}" "$@" "${cmd_post[@]}" \) diff --git a/usr/bin/header-symbol-search b/usr/bin/header-symbol-search index 4856c71..6a22bf8 100755 --- a/usr/bin/header-symbol-search +++ b/usr/bin/header-symbol-search @@ -1,11 +1,11 @@ #!/bin/bash -# Copyright (C) 2008 Steve Youngs +# Copyright (C) 2008 - 2014 Steve Youngs # Author: Steve Youngs # Maintainer: Steve Youngs # Created: <2008-03-10> -# Time-stamp: +# Time-stamp: # Homepage: N/A # Keywords: utils package-management @@ -66,7 +66,12 @@ fi header_dirs=(/usr/include /usr/X11R6/include) ## bastard header directories... -# header_dirs=(/usr/include /usr/X11R6/include /opt/jdk/include /opt/qt/include) +#header_dirs=(\ +# /usr/include \ +# /usr/X11R6/include \ +# /opt/jdk/include \ +# /opt/qt/include \ +# /opt/kde/include) sym=${1} diff --git a/usr/bin/lesspipe.sh b/usr/bin/lesspipe.sh index 7a5e076..5fd8af3 100755 --- a/usr/bin/lesspipe.sh +++ b/usr/bin/lesspipe.sh @@ -55,13 +55,10 @@ lesspipe() { *.bz2) bzip2 -dc "$1" 2>/dev/null ;; *.lzma) lzma -dc "$1" 2>/dev/null ;; *.xz) xz -dc "$1" 2>/dev/null ;; - *) FILE=`file -L "$1"` ; # Check to see if binary, if so -- view with 'strings' - FILE1=`echo $FILE | cut -d ' ' -f 2` - FILE2=`echo $FILE | cut -d ' ' -f 3` - if [ "$FILE1" = "Linux/i386" -o "$FILE2" = "Linux/i386" \ - -o "$FILE1" = "ELF" -o "$FILE2" = "ELF" ]; then - strings "$1" - fi ;; + *) if [ "$(file -li $1|awk -F= '{print $2;}')" = "binary" ]; then + # It is a binary, lets use strings + strings "$1" + fi ;; esac } diff --git a/usr/bin/library-symbol-search b/usr/bin/library-symbol-search index 8cee912..b2f7ced 100755 --- a/usr/bin/library-symbol-search +++ b/usr/bin/library-symbol-search @@ -1,11 +1,11 @@ #!/bin/bash -# Copyright (C) 2008 Steve Youngs +# Copyright (C) 2008 - 2014 Steve Youngs # Author: Steve Youngs # Maintainer: Steve Youngs # Created: <2008-03-10> -# Time-stamp: +# Time-stamp: # Homepage: N/A # Keywords: utils package-management @@ -73,7 +73,12 @@ fi lib_dirs=(/usr/lib /usr/X11R6/lib /lib) # bastard library directories... -#lib_dirs=(/usr/lib /usr/X11R6/lib /lib /opt/qt/lib) +#lib_dirs=(\ +# /usr/lib \ +# /usr/X11R6/lib \ +# /lib \ +# /opt/qt/lib \ +# /opt/kde/lib) if [ "$1" = "-a" ]; then obj_opts="--demangle=gnu-v3 --reloc --syms --debugging" diff --git a/usr/bin/list_suspicious_files b/usr/bin/list_suspicious_files index 380c5dd..0ef1839 100755 --- a/usr/bin/list_suspicious_files +++ b/usr/bin/list_suspicious_files @@ -1,8 +1,12 @@ #!/bin/bash +## Originally... # Copyright (c) 2004 Matthias S. Benkmann
# You may do everything with this code except misrepresent its origin. # PROVIDED `AS IS' WITH ABSOLUTELY NO WARRANTY OF ANY KIND! +# Copyright (C) 2014 Steve Youngs +# many updates/tweaks --SY. + # The following list should contain the mount points of all filesystems # that are to be scanned as a space-separated list within parentheses. # / will usually be in this list and if you have /usr @@ -19,9 +23,6 @@ fs_to_scan=(/) # / \ # /opt \ # /usr \ -# /usr/X11R6 \ -# /usr/lib \ -# /usr/share \ # /usr/src \ # /var) @@ -32,25 +33,42 @@ fs_to_scan=(/) # may have crept in. # Ideally, this list should be empty. -prune_prefixes=(/root /*/lost+found) #NO TRAILING SLASHES!!! +prune_prefixes=(/root /{,*/{,*/}}lost+found) #NO TRAILING SLASHES!!! ## Bastard settings #prune_prefixes=(\ -# /root \ # /{,*/{,*/}}lost+found \ -# /etc/polkit-1/localauthority \ -# /etc/sudoers.d \ +# /root \ # /opt/pgsql/data \ -# /var/lib/{polkit-1,sasl,net-snmp,udisks} \ -# /var/log/syslog-ng \ -# /mnt \ -# /media) +# /opt/sql-ledger/{spool,templates,users,css} \ +# /etc/apache/ssl.key \ +# /etc/audisp/plugins.d \ +# /etc/cups/ssl \ +# /etc/firewall \ +# /etc/polkit-1/rules.d \ +# /etc/skel \ +# /etc/ssl/private \ +# /etc/sudoers.d \ +# /var/lib/{sasl,sudo,net-snmp,udisks{,2},NetworkManager} \ +# /var/log \ +# /usr/lib/pkgusr \ +# /usr/share/polkit-1/rules.d \ +# /var/tmp \ +# /var/{cache,chroot,run,snmp,spool} \ +# /var/lib/{sshd,nfs,spamassassin,pulse}) #NO TRAILING SLASHES!!!! + +# Set the following to `-noleaf' if you are scanning non-UNIX filesystems +# like MS-DOS, CD-ROM etc. But only do so if you really need it as it +# will slow the search significantly. +# NOLEAF='-noleaf' +NOLEAF= # If the following variable is set to "yes", then files that contain # control characters or other non-printable characters (except for space) # will be reported as suspicious. # This test slows down the search considerably! -enable_illchars=yes +#enable_illchars=yes +enable_illchars=no # suppress ugly debug output from shell @@ -73,9 +91,9 @@ if [ "$1" = "-false" ]; then usergroupmatch=(\( "$@" \)) fi -#construct find commands that match the prune_prefixes. Each prefix will be -#matched as -path -or -path /* -#so that the directory itself and all subdirectories are matched. +# construct find commands that match the prune_prefixes. Each prefix will be +# matched as -path -or -path /* +# so that the directory itself and all subdirectories are matched. y=(\( -false) for ((i=0; $i<${#prune_prefixes[@]}; i=$i+1)) do @@ -193,7 +211,7 @@ bad=( OP \( -type d -not -group install -not "${dirgoodperm[@]}" $(report "DIRECTORIES WITH UNUSUAL PERMISSIONS") \) ) -#insert unique codes for the messages +# insert unique codes for the messages code=100 for ((i=0; $i<${#bad[@]}; i=$i+1)) do @@ -218,24 +236,24 @@ do fi done -#Add a default case to onebad. -#This should never be hit, because the explicit cases should catch all -#files, but just in case I've missed something, this will catch it. +# Add a default case to onebad. +# This should never be hit, because the explicit cases should catch all +# files, but just in case I've missed something, this will catch it. onebad=("${onebad[@]}" -or $(report "WEIRD SHIT") ) -#make allbad always return false +# make allbad always return false allbad=("${allbad[@]}" , -false) cmd=( "${usergroupmatch[@]}" -and \( \( "${good[@]}" \) -or \( "${allbad[@]}" \) -or \( "${onebad[@]}" \) \) ) -#In the following find command, the part +# In the following find command, the part # -not ( ( "${y[@]}" -prune ) -or "${y[@]}" ) -#is responsible for preventing the files that match prune_prefixes from -#being processed. The 2nd "${y[@]}" may seem redundant, but it isn't, because -#-prune has no effect and is always false when -depth is used. -find "${fs_to_scan[@]}" -xdev -noleaf \ +# is responsible for preventing the files that match prune_prefixes from +# being processed. The 2nd "${y[@]}" may seem redundant, but it isn't, because +# -prune has no effect and is always false when -depth is used. +find "${fs_to_scan[@]}" -xdev $NOLEAF \ -not \( \( "${y[@]}" -prune \) -or "${y[@]}" \) \ -and \( "${cmd[@]}" \) 2>/dev/null | sed 's/^\(...2\) \([0-9]\+ 2 \)\?\([^ ]\+\) \+[^ ]\+ \+\([^ ]\+\) \+\([^ ]\+\) \+[^"]\+\(".\+\)/\1 \2\3 \6 \4:\5/' | diff --git a/usr/bin/list_suspicious_files_from b/usr/bin/list_suspicious_files_from index 3bf4d3a..408d59f 100755 --- a/usr/bin/list_suspicious_files_from +++ b/usr/bin/list_suspicious_files_from @@ -19,20 +19,20 @@ fi ugname="$1" ugmatcher=(-false) -#test if find accepts ugname as a user, and append to ugmatcher if it does +# test if find accepts ugname as a user, and append to ugmatcher if it does if find / -maxdepth 0 -user "$ugname" >/dev/null 2>&1 ; then ugmatcher[${#ugmatcher[@]}]="-or" ugmatcher[${#ugmatcher[@]}]="-user" ugmatcher[${#ugmatcher[@]}]="$ugname" fi -#test if find accepts ugname as a group, and append to ugmatcher if it does +# test if find accepts ugname as a group, and append to ugmatcher if it does if find / -maxdepth 0 -group "$ugname" >/dev/null 2>&1 ; then ugmatcher[${#ugmatcher[@]}]="-or" ugmatcher[${#ugmatcher[@]}]="-group" ugmatcher[${#ugmatcher[@]}]="$ugname" fi -#if find accepted ugname as neither user nor group, then exit +# if find accepted ugname as neither user nor group, then exit if [ "${#ugmatcher[@]}" = 1 ]; then echo 1>&2 'find does not accept `'"$ugname'"' as group or user name' exit 1 diff --git a/usr/lib/pkgusr/chgrp b/usr/lib/pkgusr/chgrp index 74ccd1c..16e064b 100755 --- a/usr/lib/pkgusr/chgrp +++ b/usr/lib/pkgusr/chgrp @@ -1,8 +1,12 @@ #!/bin/bash +# Original... # Copyright (c) 2000,2004 Matthias S. Benkmann
# You may do everything with this code except misrepresent its origin. # PROVIDED `AS IS' WITH ABSOLUTELY NO WARRANTY OF ANY KIND! +# Copyright (C) 2014 Steve Youngs +# Handle chgrp options and chgrp'ing outside the user's group list. + DAISY_CHAIN="" for p in $(type -ap chgrp) ; do @@ -13,18 +17,52 @@ for p in $(type -ap chgrp) ; do done if [ ! -n "$DAISY_CHAIN" ]; then - echo Cannot find real ${0##*/} command + echo 1>&2 '***' Cannot find real ${0##*/} command + exit 1 +fi + +if [ $(id -u) == 0 ]; then + echo 1>&2 '***' $(dirname $0) should not be in root\'s \$PATH + echo 1>&2 '***' call '"'$DAISY_CHAIN $@'"' directly exit 1 fi -if [ $UID == 0 ]; then - exec $DAISY_CHAIN "$@" +# Preserve the command line because we're about to mess with it. +cmdline=$@ + +# Remove any options so $1 becomes the group name. +while [ -n "$1" ]; do + case $1 in + (-*) shift ;; + (*) break ;; + esac +done + +# If you're not root you can only chgrp to groups you are in, so lets +# find out. +GRP_CHAIN="" +# name or GID? +printf '%d' "$1" &>/dev/null +if [ $? -eq 0 ]; then + GRP_LIST=$(id -G) +else + GRP_LIST=$(id -Gn) fi +for g in ${GRP_LIST}; do + if [ "$1" == "$g" ]; then + GRP_CHAIN=$g + break + fi +done -if [ "$1" == "tty" ]; then - echo 1>&2 '***' chgrp "$@" +if [ -z "$GRP_CHAIN" ]; then + echo 1>&2 '***' chgrp ${cmdline} else - $DAISY_CHAIN "$@" || exit $? + $DAISY_CHAIN ${cmdline} || exit $? fi exit 0 + +# Local variables: +# sh-basic-offset: 4 +# End: diff --git a/usr/lib/pkgusr/chmod b/usr/lib/pkgusr/chmod index 5fdb525..7810d7b 100755 --- a/usr/lib/pkgusr/chmod +++ b/usr/lib/pkgusr/chmod @@ -1,8 +1,13 @@ #!/bin/bash +# Original... # Copyright (c) 2004 Matthias S. Benkmann
# You may do everything with this code except misrepresent its origin. # PROVIDED `AS IS' WITH ABSOLUTELY NO WARRANTY OF ANY KIND! +# Copyright (C) 2014 Steve Youngs +# Handle all possible file modes as well as chmod options and symbolic +# modes. + DAISY_CHAIN="" for p in $(type -ap chmod) ; do @@ -13,31 +18,53 @@ for p in $(type -ap chmod) ; do done if [ ! -n "$DAISY_CHAIN" ]; then - echo Cannot find real ${0##*/} command + echo 1>&2 '***' Cannot find real ${0##*/} command exit 1 fi -if [ $UID == 0 ]; then - exec $DAISY_CHAIN "$@" +if [ $(id -u) -eq 0 ]; then + echo 1>&2 '***' $(dirname $0) should not be in root\'s \$PATH + echo 1>&2 '***' call '"'$DAISY_CHAIN $@'"' directly. + exit 1 fi -report=0 -doit=1 -reportmsg="*** chmod $@" +# Save the original cmdline as we're gonna mess with it +cmdline="$@" + +# Remove any options so $1 becomes the perm arg, however save the +# options for later +opts="" +while [ -n "$1" ]; do + case $1 in + (-[cfvR]|--[chnpqrsv]*) opts="$opts $1" ; shift ;; + (*) break ;; + esac +done -case "$1" in - g+s|u+s) report=1; doit=0 ;; - 4755) shift 1 ; set -- 755 "$@" ; report=1; doit=1 ;; - 4555) shift 1 ; set -- 555 "$@" ; report=1; doit=1 ;; - *) ;; -esac +# $1 should now be the perm arg +perm=$1 -if [ "$report" = 1 ]; then - echo 1>&2 "$reportmsg" +# Octal or symbolic? Nuke the nasty bits (setuid etc) +printf '%o' "0${perm}" &>/dev/null +if [ $? -ne 0 ]; then + perm=${perm//[st]/} +else + if [ ${perm} -gt 777 ]; then + perm=${perm/?/} + fi fi -if [ "$doit" = 1 ]; then - exec $DAISY_CHAIN "$@" +# If we changed the perm, report it and fix $@ +if [ "${perm}" != "$1" ]; then + echo 1>&2 '***' chmod ${cmdline} + shift + set -- $perm "$@" fi +# Finally, run the chmod +$DAISY_CHAIN ${opts} "$@" || exit $? exit 0 + +# Local variables: +# sh-basic-offset: 4 +# End: diff --git a/usr/lib/pkgusr/chown b/usr/lib/pkgusr/chown index 8dfddb4..4fe1671 100755 --- a/usr/lib/pkgusr/chown +++ b/usr/lib/pkgusr/chown @@ -1,8 +1,13 @@ #!/bin/bash +# Original... # Copyright (c) 2000,2004 Matthias S. Benkmann
# You may do everything with this code except misrepresent its origin. # PROVIDED `AS IS' WITH ABSOLUTELY NO WARRANTY OF ANY KIND! +# Copyright (C) 2014 Steve Youngs +# Rewrite, make it a lot more robost and handle most (all?) +# possibilities of chown'ing. --SY. + DAISY_CHAIN="" for p in $(type -ap chown) ; do @@ -13,18 +18,81 @@ for p in $(type -ap chown) ; do done if [ ! -n "$DAISY_CHAIN" ]; then - echo Cannot find real ${0##*/} command + echo 1>&2 '***' Cannot find real ${0##*/} command + exit 1 +fi + +if [ $(id -u) == 0 ]; then + echo 1>&2 '***' $(dirname $0) should not be in root\'s \$PATH + echo 1>&2 '***' call '"'$DAISY_CHAIN $@'"' directly. exit 1 fi -if [ $UID == 0 ]; then - exec $DAISY_CHAIN "$@" +# An ordinary user cannot change the UID of a file if that UID is +# not their own, but chown can also be used to change the GID of a +# file as well so it is feasible that an ordinary user could use +# chown successfully. + +# preseve the command line as we're gonna mess with it. +cmdline="$@" +# strip off the options so that $1 becomes the UID:GID arg +while [ -n "$1" ]; do + case "$1" in + (-*) shift ;; + (*) break ;; + esac +done + +# Split USER:GROUP or USER.GROUP into USER and GROUP +usrgrp="$1" +usr=${usrgrp/[.:]*/} +grp=${usrgrp/*[.:]/} + +report=0 + +# Catch the case where USER is somebody else. +if [ -n "$usr" ]; then + printf '%d' "$usr" &>/dev/null + if [ $? -eq 0 ]; then + if [ $usr -ne $(id -u) ]; then + report=1 + fi + else + if [ "$usr" != "$(id -un)" ]; then + report=1 + fi + fi +fi + +# Catch the case where GROUP isn't in our groups. +if [ -n "$grp" -a $report -eq 0 ]; then + GRP_CHAIN="" + printf '%d' "$grp" &>/dev/null + if [ $? -eq 0 ]; then + GRP_LIST=$(id -G) + else + GRP_LIST=$(id -Gn) + fi + for g in ${GRP_LIST}; do + if [ "$grp" == "$g" ]; then + GRP_CHAIN=$g + break + fi + done + + if [ -z "$GRP_CHAIN" ]; then + report=1 + fi fi -if [ "$1" == "root.root" ]; then - echo 1>&2 '***' chown "$@" +if [ $report -eq 1 ]; then + echo 1>&2 '***' chown ${cmdline} else - $DAISY_CHAIN "$@" || exit $? + $DAISY_CHAIN ${cmdline} || exit $? fi exit 0 + +# Local variables: +# sh-basic-offset: 4 +# End: diff --git a/usr/lib/pkgusr/install b/usr/lib/pkgusr/install index 78f7aeb..ab2986d 100755 --- a/usr/lib/pkgusr/install +++ b/usr/lib/pkgusr/install @@ -1,14 +1,92 @@ #!/bin/bash +# Original... # Copyright (c) 2000,2004 Matthias S. Benkmann
# You may do everything with this code except misrepresent its origin. # PROVIDED `AS IS' WITH ABSOLUTELY NO WARRANTY OF ANY KIND! -manpagesowner=man-pages -localedir=/usr/share/locale -cmdline="$@" +# Copyright (C) 2014 Steve Youngs +# +# Actually there's not much left of Matt's original script... pretty +# much a complete re-write here. :) -DAISY_CHAIN="" +### What this is and what it does: +# +# It is a wrapper around the install binary that comes with the +# coreutils package. It is designed to catch the most common +# problems that pkgusr will face during a package install. +# +# By far, the most common thing this script catches are setuid/gid +# installs. What we do is strip the setuid/gid bit off of the --mode +# option and then go ahead with the install. So the file is still +# installed, there'll be no error, it will just not be setuid/gid. +# +# It also sanitises the --owner and --group options. With the former, +# it changes it to the name of the pkgusr, and with the latter it +# tests if the group is one of the groups that pkgusr belongs to, and +# if it isn't, change the option to the pkgusr's current active group. +# +# It only allows pkgusrs to create directories that don't already +# exist. This stops those packages that try to reset permissions on +# main system directories. +# +# It optionally suppresses installing anything into /**/share/locale. +# See `## locale suppression' below for more details. +# +# ****************************** +# *** S P E C I A L N O T E *** +# ****************************** +# +# Whenever this script changes something on the install command line +# it is reported in the build logs. Everything is prefixed with +# '***' so always grep your logs for that after any and every package +# install to see if there is anything you need to take action on. +# +### + +### Where this differs from Matt's original script: +# +# setuid etc: Matt's script only tested for 4755, 4775, 4711, and +# nothing else. This script tests and does something about _ALL_ +# file mode possibilities, including modes set via symbols instead of +# octal code. +# +# owner/group: Matt simply dropped these options if they were present. +# This script tries to keep them if possible by resetting to a safer +# alternative. Both names and UIDs/GIDs are supported. +# +# locale directories: Matt's approach was to convert any newly created +# directory under /usr/share/locale to an "install" directory. The +# problem with that is the directories were not owned by root because +# they were set by the pkgusr. That would allow one pkgusr to delete +# another's files in that directory. +# +# My approach to locale directories is simple... Just don't install +# them. There are three situations where they are needed... +# +# 1. You're multi-lingual and like switching between languages. +# 2. English is not your 1st or preferred language. (or you can't +# tollerate en_US) +# 3. To satisfy glibc's test suite. +# +# For me, #3 is the only one that is relevant. But don't worry, +# it is configurable via an environment variable. You can turn on +# locale installs either globally or for individual packages. See +# `## locale suppression' below and in /etc/pkgusr/bash_profile. +# +# man pages: Matt tried to catch dups going into /usr/share/man/man?/. +# I'm not bothering with this as it was too much of a "one-off" type +# of occurance to have it scripted. +# +# Running the script as root: Matt allows it, I don't. +# +### + +## Preserve the original command line. +pristinecmd=($@) +cmdopts="" +## Find the real install. +DAISY_CHAIN="" for p in $(type -ap install) ; do if [ ! $p -ef $0 ]; then DAISY_CHAIN=$p @@ -17,119 +95,193 @@ for p in $(type -ap install) ; do done if [ ! -n "$DAISY_CHAIN" ]; then - echo Cannot find real ${0##*/} command + echo 1>&2 '***' Cannot find real ${0##*/} command exit 1 fi -if [ $UID == 0 ]; then - exec $DAISY_CHAIN "$@" +## root has no business installing things here!! +if [ $(id -u) -eq 0 ]; then + echo 1>&2 '***' $(dirname $0) should not be in root\'s \$PATH + echo 1>&2 '***' call '"'$DAISY_CHAIN ${pristinecmd[*]}'"' directly + exit 1 fi -#kill unused -c parameter if we get it -if [ z"$1" = z"-c" ]; then shift 1 ; fi - - #********** test if we create directories ******************** -if [ \( z"$1" = z"-d" \) -o \( z"$1" = z"-m" -a z"$3" = z"-d" \) ]; then - locdirs="" - notify=0 - havedir=0 - for((i=$#; $i>0; )) - do - a="$1" - shift 1; i=$(($i-1)) - case "$a" in - -o|-g|--owner|--group) - notify=1 - shift 1; i=$(($i-1)) - set -- "$@" - ;; - $localedir/*) - if [ ! -d "$a" ]; then - locdirs="$locdirs ""$(expr $a : "$localedir/\(.*\)")" - set -- "$@" "$a" - havedir=1 - else - notify=1 - set -- "$@" - fi - ;; - */*|/sbin) - if [ ! -d "$a" ]; then - set -- "$@" "$a" - havedir=1 - else - notify=1 - set -- "$@" - fi - ;; - *) set -- "$@" "$a" ;; - esac - done - - test $notify -eq 1 -o z"$locdirs" != z && \ - echo 1>&2 '***' install "$cmdline" - - test $havedir -eq 0 && exit 0 - - $DAISY_CHAIN "$@" || exit $? - - test z"$locdirs" != z && - for dir in $locdirs ; do - cumuldir="" - for d in $(echo $locdirs | sed 's#/# #g' -) ; do - cumuldir=$cumuldir$d/ - if [ -d $localedir/$cumuldir ]; then - chgrp install $localedir/$cumuldir - chmod g+w,o+t $localedir/$cumuldir - fi - done - done +## Report +# When we change something, note what the original command was in the +# logs. +report() +{ + echo 1>&2 '***' install ${pristinecmd[*]} + return +} -else #if "$1" != "-d" ,i.e. we do not create directories ***************** - notify=0 - for((i=$# ; $i>0; )) - do - a="$1" - shift 1; i=$(($i-1)) - case "$a" in - -m) - set -- "$@" "$a" - a="$1" - shift 1; i=$(($i-1)) - case "$a" in - 4755) notify=1 ; set -- "$@" "755" ;; - 4775) notify=1 ; set -- "$@" "755" ;; - 4711) notify=1 ; set -- "$@" "711" ;; - *) set -- "$@" "$a" ;; - esac - ;; - -m4755) notify=1 ; set -- "$@" "-m755" ;; - -m4775) notify=1 ; set -- "$@" "-m755" ;; - -m4711) notify=1 ; set -- "$@" "-m711" ;; - -o|-g|--owner|--group) - notify=1 - shift 1; i=$(($i-1)) - set -- "$@" - ;; - */man/man?/*) - if [ -e "$a" -a ! -O "$a" ]; then - if [ $(find "$a" -printf \%u) = $manpagesowner ]; then - notify=1 - set -- "$@" not_installed - else - set -- "$@" "$a" - fi - else - set -- "$@" "$a" - fi - ;; - *) set -- "$@" "$a" ;; - esac +## locale suppression +# $SUPPRESSLOCALEDIR is set in the pkgusr's environment. It defaults +# to `1' (on) which means: DO NOT install locale stuff. To override +# it set SUPPRESSLOCALEDIR=0 in the pkgusr's ~/.pkgusrrc. +# +# For me, at least, the only package I turn off the suppression is +# glibc, and that is only to satisfy glibc's test suite. +if [ ${SUPPRESSLOCALEDIR} -eq 1 ]; then + case "${pristinecmd[-1]}" in + (*/share/locale/*) + echo 1>&2 '***' Suppressed locale installation for: ${pristinecmd[-1]} + report + exit 0 + ;; + esac +fi + +## Directories +# Only allow the creation of directories that don't already exist. +_dirs() +{ + local dir=${pristinecmd[-1]} + + if [ -d ${dir} ]; then + report + exit 0 + else + cmdopts="$cmdopts -d" + fi + return +} + +## Group +# If $group is one of the groups we belong to, use it, otherwise set +# -g to our currently active group and report it. +_group() +{ + local GRP_CHAIN="" + local GRP_LIST + + # GID or name? + printf '%d' "$group" &>/dev/null + if [ $? -eq 0 ]; then + GRP_LIST=$(id -G) + else + GRP_LIST=$(id -Gn) + fi + + for g in ${GRP_LIST}; do + if [ $group == "$g" ]; then + GRP_CHAIN=$g + break + fi done - test $notify -eq 1 && echo 1>&2 '***' install "$cmdline" + if [ -z "$GRP_CHAIN" ]; then + report + cmdopts="$cmdopts -g$(id -gn)" + else + cmdopts="$cmdopts -g$group" + fi + return +} - $DAISY_CHAIN "$@" || exit $? -fi +## Owner +# Set -o to our username and report if it wasn't already our name. +_owner() +{ + local MYNAME + + # UID or name? + printf '%d' "$owner" &>/dev/null + if [ $? -eq 0 ]; then + MYNAME=$(id -u) + else + MYNAME=$(id -un) + fi + + if [ $owner != "$MYNAME" ]; then + report + fi + cmdopts="$cmdopts -o$(id -un)" + return +} + +## Mode +# Remove any nasty bits like setuid, setgid, sticky. +_perms() +{ + local tperm=${perm} + printf '%o' "0${tperm}" &>/dev/null + if [ $? -ne 0 ]; then + tperm=${tperm//[st]/} + else + if [ ${tperm} -gt 777 ]; then + tperm=${tperm/?/} + fi + fi + # Did we change anything? + if [ "${tperm}" != "${perm}" ]; then + report + cmdopts="$cmdopts -m$tperm" + else + cmdopts="$cmdopts -m$perm" + fi + return +} + +## Parse the command line. +# All we really care about here is -d, -o, -g, and -m. -c is +# silently dropped. Unrecognised options cause the script to exit +# with a non-zero return code. +# +# Any other legal options get passed on without alteration. +# +# NOTE: The following long options will most likely cause this script +# to fail (hopefully they are obscure enough to not worry about) +# +# --preserve-timestamps (short opt '-p' is OK) +# --strip-program +# --target-directory (short opt '-t' is OK) +# --no-target-directory (short opt '-T' is OK) +# --preserve-context +# +args=bcCdDpsTvg:m:o:S:t:Z:-: +while getopts $args opts; do + case $opts in + (-) + ## Long options + case $OPTARG in + # Passed through unaltered. + (backup*|compare|strip|suffix*|verbose|context*|version|help) + cmdopts="$cmdopts --${OPTARG}" ;; + # The options we care about. + (directory) _dirs ;; + (group*) group=${OPTARG/group[=[:space:]]/}; _group ;; + (mode*) perm=${OPTARG/mode[=[:space:]]/}; _perms ;; + (owner*) owner=${OPTARG/owner[=[:space:]]/}; _owner ;; + # Anything else errors out. + (*) echo 1>&2 '***' Illegal option -- ${OPTARG} + exit 1 + ;; + esac + ;; + ## Short options + # Passed through unaltered. + (b|C|D|p|s|T|v|S|t|Z) cmdopts="$cmdopts -${opts}${OPTARG}" ;; + # Dropped. + (c) ;; + # The options we care about. + (d) _dirs ;; + (g) group=${OPTARG}; _group ;; + (m) perm=${OPTARG}; _perms ;; + (o) owner=${OPTARG}; _owner ;; + # Illegal options. + (*) exit 1 ;; + esac +done +shift $(( $OPTIND - 1 )) + +# We've done all we can, now lets run install +$DAISY_CHAIN ${cmdopts} $@ || exit $? exit 0 + +### End install + +# Local variables: +# sh-basic-offset: 4 +# End: diff --git a/usr/lib/pkgusr/ldconfig b/usr/lib/pkgusr/ldconfig new file mode 100755 index 0000000..15dc1cb --- /dev/null +++ b/usr/lib/pkgusr/ldconfig @@ -0,0 +1,22 @@ +#!/bin/bash +# Copyright (C) 2014 Steve Youngs +#### +# +# Call ldconfig with sudo to avoid errors and warnings about not +# having permission to change /etc/ld.so.cache +# +#### + +if [ -x $(type -p sudo) ]; then + sudo /sbin/ldconfig "$@" +else + /sbin/ldconfig "$@" || exit $? + echo 1>&2 '***' No sudo available, you need to run ldconfig as root +fi + +exit 0 + + +# Local variables: +# sh-basic-offset: 4 +# End: diff --git a/usr/lib/pkgusr/mkdir b/usr/lib/pkgusr/mkdir index e575adc..34dabba 100755 --- a/usr/lib/pkgusr/mkdir +++ b/usr/lib/pkgusr/mkdir @@ -1,8 +1,12 @@ #!/bin/bash +# Original... # Copyright (c) 2000 Matthias S. Benkmann
# You may do everything with this code except misrepresent its origin. # PROVIDED `AS IS' WITH ABSOLUTELY NO WARRANTY OF ANY KIND! +# Copyright (C) 2014 Steve Youngs +# Optionally nuke locale directories. + watchdir=/usr/share/locale DAISY_CHAIN="" @@ -15,28 +19,30 @@ for p in $(type -ap mkdir) ; do done if [ ! -n "$DAISY_CHAIN" ]; then - echo Cannot find real ${0##*/} command + echo 1>&2 '***' Cannot find real ${0##*/} command exit 1 fi -if [ $UID == 0 ]; then - exec $DAISY_CHAIN "$@" +if [ $(id -u) == 0 ]; then + echo 1>&2 '***' $(dirname $0) should not be in root\'s \$PATH + echo 1>&2 '***' Call '"'$DAISY_CHAIN $@'"' directly. + exit 1 fi cmdline="$@" dirs="" for((i=$#; $i>0;)) -do - a="$1" - shift 1; i=$(($i-1)) - case "$a" in - $watchdir/*) - dirs="$dirs ""$(expr $a : "$watchdir/\(.*\)")" - set -- "$@" "$a" - ;; - *) set -- "$@" "$a" ;; - esac + do + a="$1" + shift 1; i=$(($i-1)) + case "$a" in + ($watchdir/*) + dirs="$dirs ""$(expr $a : "$watchdir/\(.*\)")" + set -- "$@" "$a" + ;; + (*) set -- "$@" "$a" ;; + esac done $DAISY_CHAIN "$@" || exit $? @@ -47,8 +53,19 @@ for dir in $dirs ; do cumuldir="" for d in $(echo $dirs | sed 's#/# #g' -) ; do cumuldir=$cumuldir$d/ - chgrp install $watchdir/$cumuldir - test -k $watchdir/$cumuldir || chmod g+w,o+t $watchdir/$cumuldir + if [ $SUPPRESSLOCALEDIR -eq 0 ]; then + echo 1>&2 '***' Possible root intervention required + echo 1>&2 '***' install -vdm1775 -oroot -ginstall $watchdir/$cumuldir + else + echo 1>&2 '***' Locale directory creation suppressed + echo 1>&2 '***' $watchdir/$cumuldir + rm -rf $watchdir/$cumuldir + fi done done + exit 0 + +# Local variables: +# sh-basic-offset: 4 +# End: diff --git a/usr/bin/uninstall_package b/usr/lib/pkgusr/uninstall_package similarity index 62% rename from usr/bin/uninstall_package rename to usr/lib/pkgusr/uninstall_package index 6c1aae2..c674e39 100755 --- a/usr/bin/uninstall_package +++ b/usr/lib/pkgusr/uninstall_package @@ -1,9 +1,10 @@ #!/bin/sh +# Original... # Copyright (c) 2004 Matthias S. Benkmann
# You may do everything with this code except misrepresent its origin. # PROVIDED `AS IS' WITH ABSOLUTELY NO WARRANTY OF ANY KIND! -# Copyright (c) 2007 Steve Youngs +# Copyright (C) 2007 - 2014 Steve Youngs # Originally, all this script did was to echo a command to stdout. It didn't # actually do any deleting. To remove the package you had to kill/yank that # command and then remove the "echo"s in it to get the job done. @@ -14,19 +15,27 @@ # inspection. And errors are redirected to /tmp/.err during the real # uninstall. -if [ $# = 0 -o "$1" = '--help' ]; then - echo 1>&2 'USAGE: uninstall_package [now]' - echo - echo 1>&2 'Unless you specify "now" as the 2nd arg, nothing will actually' - echo 1>&2 'be deleted.' - exit 1 +if [ $(id -u) -eq 0 ]; then + echo 1>&2 "It is too hazardous to delete packages with root" + echo 1>&2 "Aborting" + exit 1 fi -pkg=$1 +usage() +{ + cat</dev/null \; forall_direntries_from ${pkg} -not -type d -exec echo rm -vf {} 2>/dev/null \; suid=$(forall_direntries_from ${pkg} -not -user ${pkg}) if [ -n "${suid}" ]; then @@ -39,30 +48,29 @@ dry_run() echo '#' echo '# and delete those files manually and individually' echo '###' - else - echo - echo User \"${pkg}\", or \"root\" can safely delete this package. fi echo - echo Use: \"uninstall_package ${pkg} now\" to really remove this package. + echo Use: \"uninstall_package now\" to really remove this package. echo Any errors will be redirected to /tmp/${pkg}.err } run() { - # We have to do it twice to actually get the job done properly. - for (( i=1; i<=2; ++i )); do - forall_direntries_from ${pkg} -type d -exec rm -rvf {} 2>>/tmp/${pkg}.err \; - forall_direntries_from ${pkg} -not -type d -exec rm -vf {} 2>>/tmp/${pkg}.err \; - done + # Delete anything that isn't a directory + forall_direntries_from ${pkg} \ + -not -type d -exec rm -vf {} 2>>/tmp/${pkg}.err \; + # Remove any empty directories, but ONLY empty directories + forall_direntries_from ${pkg} \ + -type d -empty -exec rmdir -v {} 2>>/tmp/${pkg}.err \; - leftovers=$(forall_direntries_from ${pkg}) - if [ -s /tmp/${pkg}.err -a -n "${leftovers}" ]; then - echo Errors were reported. Please inspect /tmp/${pkg}.err - else + leftovers=$(forall_direntries_from ${pkg}) + if [ -s /tmp/${pkg}.err -a -n "${leftovers}" ]; then + echo Errors were reported. Please inspect /tmp/${pkg}.err + else # Bring ~/.project inline with reality sed -i -e 's/\(Last_Updated: \).*$/\1Not Installed/' \ - -e 's/\(Version: \).*$/\1Not Installed/' ${HOME}/.project + -e 's/\(Version: \).*$/\1Not Installed/' \ + -e 's/\(Deps: \).*$/\1Not Installed/' ${HOME}/.project awk '/^CONTENTS:/ { print; exit; } {print}' ${HOME}/.project > ${HOME}/.projtmp echo "--------" >> ${HOME}/.projtmp mv ${HOME}/.projtmp ${HOME}/.project @@ -72,8 +80,9 @@ run() fi } -case $2 in - now) run ;; +case $1 in + now) IGNORE_READDIR_RACE='-ignore_readdir_race'; run ;; + -h|--help|--usage|help|usage) usage ;; *) dry_run|less ;; esac diff --git a/usr/lib/pkgusr/update-pkg-project b/usr/lib/pkgusr/update-pkg-project index 0cd7cf6..cdd1a07 100755 --- a/usr/lib/pkgusr/update-pkg-project +++ b/usr/lib/pkgusr/update-pkg-project @@ -11,7 +11,20 @@ fi pkgdir=/usr/src/${pkg} +upd_pkg_deps() +{ + for file in $(forall_direntries_from $pkg -type f -executable -readable); do + (readelf -d $file ; ldd $file ) | + awk '/NEEDED/ { lib=substr($5,2,length($5)-2); LIBS[lib]=$5 } \ + /.*=>/ {if ( $1 in LIBS ) LIBS[$1]=$3 } END \ + { for (lib in LIBS) print LIBS[lib] }' | + xargs stat --printf "%U:%G\n" + done|sort -u|tr -s '\n' ' ' +} + + sed -i "s/\(Last_Updated: \).*$/\1$(date +%c)/" ${pkgdir}/.project +sed -i s/"\(Deps: \).*$"/"\1$(upd_pkg_deps)"/ ${pkgdir}/.project awk '/^CONTENTS:/ { print; exit; } {print}' ${pkgdir}/.project > ${pkgdir}/.projtmp echo "--------" >> ${pkgdir}/.projtmp list_package ${pkg} >> ${pkgdir}/.projtmp