Changes to bldpkg:
* Added auditd-related code * Added code to move documentation in the staging directory into right subdirectory
This commit is contained in:
parent
5cbcac97e3
commit
0516150d3d
1 changed files with 66 additions and 4 deletions
70
bldpkg
70
bldpkg
|
|
@ -24,6 +24,21 @@
|
|||
# in the test files and also add suitable bldpkg.conf switches for it
|
||||
# -> Give a warning when more than two directories, a source and a staging directory
|
||||
# not belonging to the current build are present inside tmpfs
|
||||
# -> Temporarily create a directory defined as pkgdocs, where licenses go to $pkg/share/doc/<app-version>.
|
||||
# At the end of the build, if $pkg/share/doc/<app> is created, move all the stuff contained in that
|
||||
# directory into $pkg/share/doc/<app-version> and discard $pkg/share/doc/<app>
|
||||
# -> Detect whether the build attempted to write anything outside /tmp. This can
|
||||
# be accomplished via auditd. In the perfect world a sane build system would
|
||||
# keep everything contained to the topmost build directory till DESTDIR is passed.
|
||||
# But in the imperfect world, that is often not the case.
|
||||
# # auditctl -l
|
||||
# -w /bin -p w
|
||||
# -w /lib -p w
|
||||
# -w /share -p w
|
||||
# -w /etc -p w
|
||||
# -w /include -p w
|
||||
# -w /usr -p w
|
||||
# Above output watches for writes to /bin, /lib, /share, /etc, /include and /usr directories
|
||||
|
||||
# Begin subshell
|
||||
(
|
||||
|
|
@ -34,7 +49,7 @@ set -e
|
|||
# Time when the build commenced. Note: elapsed time is logged by the runtime function way below. This output goes
|
||||
# into package build summary.
|
||||
commencedate="$(date '+%a, %d %b %Y, %T')"
|
||||
|
||||
|
||||
# Then source the configuration file holding all values
|
||||
if [[ -f /etc/bldpkg.conf ]] ; then
|
||||
source /etc/bldpkg.conf
|
||||
|
|
@ -251,6 +266,35 @@ fi
|
|||
echo "[INFO] Building package $app version $version ..."
|
||||
sleep 0.5
|
||||
|
||||
# Invoke auditd if useauditd is set to 1 in bldpkg.conf
|
||||
if [[ $useauditd = 1 ]] ; then
|
||||
# First clear out the log file
|
||||
auditlogfile="/var/log/audit/audit.log"
|
||||
echo > $auditlogfile
|
||||
# Now run auditd. Ampersand is needed to log the PID.
|
||||
/bin/auditd -n &
|
||||
# Store the PID inside a variable
|
||||
auditpid=$!
|
||||
# Note: auditd writes 8 lines for our setup when initialized.
|
||||
echo "[INFO] Auditd initialised."
|
||||
fi
|
||||
|
||||
terminateauditd() {
|
||||
if [[ $useauditd = 1 ]] ; then
|
||||
# Terminate auditd, log number of lines inside a variable
|
||||
/bin/kill -15 $auditpid
|
||||
echo "[INFO] Auditd terminated."
|
||||
|
||||
auditlogtermsize="$(wc -l < $auditlogfile)"
|
||||
|
||||
if [[ $auditlogtermsize -gt 10 ]] ; then
|
||||
echo "[WARNING] Auditd log file is greater than 10 lines!"
|
||||
echo "[WARNING] Highly recommend that you examine its file!"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# Now we attempt to split the total time we'll get when making the summary into two times: compile time and
|
||||
# Only verify source checksums if skipchecksum is not set in the build file
|
||||
if [[ -z $skipchecksum ]] ; then
|
||||
if [[ -z $sha512sums ]] ; then
|
||||
|
|
@ -879,7 +923,7 @@ removestaticlibs() {
|
|||
# Function to perform post-compile tasks:
|
||||
# To be invoked inside a package build file.
|
||||
mkfinalpkg() {
|
||||
|
||||
|
||||
# Now we attempt to split the total time we'll get when making the summary into two times: compile time and
|
||||
# packaging time. Here we store the value of $SECONDS variable the moment makefinalpkg is invoked. We use this
|
||||
# value as the compile time, because this is the next function that's called by the build script the moment a
|
||||
|
|
@ -917,14 +961,14 @@ mkfinalpkg() {
|
|||
[[ -e $srcdir/doinst.sh ]] && cp "$srcdir/doinst.sh" "$pkg/install/"
|
||||
|
||||
# If /share/applications directory exists but there is no doinst.sh in the source directory, create one using cat
|
||||
if [[ -d "$pkg/share/applications" ]] && [[ ! -e "$srcdir/doinst.sh" ]] ; then
|
||||
if [[ -d $pkg/share/applications ]] && [[ ! -e $srcdir/doinst.sh ]] ; then
|
||||
echo "[INFO] Found /share/applications but couldn't find any doinst.sh in the source directory."
|
||||
echo "[INFO] Creating one automatically that refreshes GTK cache."
|
||||
cat << EOF >> $pkg/install/doinst.sh
|
||||
[[ -x /etc/rc.d/rc.gtk ]] && /etc/rc.d/rc.gtk
|
||||
EOF
|
||||
|
||||
elif [[ -d "$pkg/share/applications" ]] && [[ -e "$srcdir/doinst.sh" ]] && ! grep -q 'rc.gtk' "$srcdir/doinst.sh" ; then
|
||||
elif [[ -d $pkg/share/applications ]] && [[ -e $srcdir/doinst.sh ]] && ! grep -q 'rc.gtk' "$srcdir/doinst.sh" ; then
|
||||
echo "[INFO] Found /share/applications but couldn't find any rc.gtk lines inside doinst.sh in the source directory."
|
||||
echo "[INFO] Creating one automatically that refreshes GTK cache."
|
||||
cat << EOF >> $pkg/install/doinst.sh
|
||||
|
|
@ -952,6 +996,15 @@ EOF
|
|||
# Provide a copy of the package build file so that users know the build options that went into compiling the package
|
||||
install -Dm 644 "$srcdir/$buildfile" "$pkgdocs/$app.SMBuild"
|
||||
|
||||
# We don't want multiple directories for documentation. Detect if $pkg/share/doc/<app-name> was created.
|
||||
# If it has been created, move its contents into $pkgdocs and discard the old doc directory.
|
||||
if [[ -d $pkg/share/doc/$app ]] ; then
|
||||
echo "[INFO] Found share/doc/$app documentation directory."
|
||||
echo "[INFO] Moving its contents into share/doc/$app-$version/"
|
||||
mv $pkg/share/doc/$app/* $pkgdocs/
|
||||
rmdir $pkg/share/doc/$app
|
||||
fi
|
||||
|
||||
# Normally we'd expect some debug symbols in the newly-produced binaries.
|
||||
# But that isn't always the case with some packages whose build systems
|
||||
# strip objects before hand
|
||||
|
|
@ -1003,6 +1056,9 @@ EOF
|
|||
/bin/makepkg -l y -c n "$newpkglocation"
|
||||
pkgstatus=$?
|
||||
|
||||
# Terminate auditd daemon
|
||||
terminateauditd
|
||||
|
||||
echo "[INFO] Leaving staging directory $pkg"
|
||||
|
||||
# cd back to $srcdir when preservepackagedir is set to 0 to prevent this error: shell-init: error retrieving
|
||||
|
|
@ -1374,8 +1430,13 @@ interruptoutput() {
|
|||
echo ""
|
||||
echo "[INFO] Caught Keyboard Interrupt"
|
||||
wasinterrupted="1"
|
||||
|
||||
# Restore terminal colours
|
||||
echo -e "$colourd"
|
||||
|
||||
# Terminate auditd daemon
|
||||
terminateauditd
|
||||
|
||||
# If installprompt and extractprompt are set and the prompt is invoked after a successful build, hitting
|
||||
# ctrl-C will only set the above sm variable repeatedly and won't return user to the shell because
|
||||
# of the interrupt (SIGINT) trap set way below. Putting exit 0 is a decent way to get out of that prompt
|
||||
|
|
@ -1393,6 +1454,7 @@ interruptoutput() {
|
|||
trap "prepbuildoutput" EXIT
|
||||
trap "interruptoutput" INT
|
||||
|
||||
#build 2>&1 | tee log.txt
|
||||
build
|
||||
|
||||
)
|
||||
|
|
|
|||
Loading…
Reference in a new issue