diff --git a/bldpkg b/bldpkg index 1652b92..96ea2e6 100755 --- a/bldpkg +++ b/bldpkg @@ -24,6 +24,21 @@ # in the test files and also add suitable bldpkg.conf switches for it # -> Give a warning when more than two directories, a source and a staging directory # not belonging to the current build are present inside tmpfs +# -> Temporarily create a directory defined as pkgdocs, where licenses go to $pkg/share/doc/. +# At the end of the build, if $pkg/share/doc/ is created, move all the stuff contained in that +# directory into $pkg/share/doc/ and discard $pkg/share/doc/ +# -> Detect whether the build attempted to write anything outside /tmp. This can +# be accomplished via auditd. In the perfect world a sane build system would +# keep everything contained to the topmost build directory till DESTDIR is passed. +# But in the imperfect world, that is often not the case. +# # auditctl -l +# -w /bin -p w +# -w /lib -p w +# -w /share -p w +# -w /etc -p w +# -w /include -p w +# -w /usr -p w +# Above output watches for writes to /bin, /lib, /share, /etc, /include and /usr directories # Begin subshell ( @@ -34,7 +49,7 @@ set -e # Time when the build commenced. Note: elapsed time is logged by the runtime function way below. This output goes # into package build summary. commencedate="$(date '+%a, %d %b %Y, %T')" - + # Then source the configuration file holding all values if [[ -f /etc/bldpkg.conf ]] ; then source /etc/bldpkg.conf @@ -251,6 +266,35 @@ fi echo "[INFO] Building package $app version $version ..." sleep 0.5 +# Invoke auditd if useauditd is set to 1 in bldpkg.conf +if [[ $useauditd = 1 ]] ; then + # First clear out the log file + auditlogfile="/var/log/audit/audit.log" + echo > $auditlogfile + # Now run auditd. Ampersand is needed to log the PID. + /bin/auditd -n & + # Store the PID inside a variable + auditpid=$! + # Note: auditd writes 8 lines for our setup when initialized. + echo "[INFO] Auditd initialised." +fi + +terminateauditd() { + if [[ $useauditd = 1 ]] ; then + # Terminate auditd, log number of lines inside a variable + /bin/kill -15 $auditpid + echo "[INFO] Auditd terminated." + + auditlogtermsize="$(wc -l < $auditlogfile)" + + if [[ $auditlogtermsize -gt 10 ]] ; then + echo "[WARNING] Auditd log file is greater than 10 lines!" + echo "[WARNING] Highly recommend that you examine its file!" + fi + fi +} + + # Now we attempt to split the total time we'll get when making the summary into two times: compile time and # Only verify source checksums if skipchecksum is not set in the build file if [[ -z $skipchecksum ]] ; then if [[ -z $sha512sums ]] ; then @@ -879,7 +923,7 @@ removestaticlibs() { # Function to perform post-compile tasks: # To be invoked inside a package build file. mkfinalpkg() { - + # Now we attempt to split the total time we'll get when making the summary into two times: compile time and # packaging time. Here we store the value of $SECONDS variable the moment makefinalpkg is invoked. We use this # value as the compile time, because this is the next function that's called by the build script the moment a @@ -917,14 +961,14 @@ mkfinalpkg() { [[ -e $srcdir/doinst.sh ]] && cp "$srcdir/doinst.sh" "$pkg/install/" # If /share/applications directory exists but there is no doinst.sh in the source directory, create one using cat - if [[ -d "$pkg/share/applications" ]] && [[ ! -e "$srcdir/doinst.sh" ]] ; then + if [[ -d $pkg/share/applications ]] && [[ ! -e $srcdir/doinst.sh ]] ; then echo "[INFO] Found /share/applications but couldn't find any doinst.sh in the source directory." echo "[INFO] Creating one automatically that refreshes GTK cache." cat << EOF >> $pkg/install/doinst.sh [[ -x /etc/rc.d/rc.gtk ]] && /etc/rc.d/rc.gtk EOF - elif [[ -d "$pkg/share/applications" ]] && [[ -e "$srcdir/doinst.sh" ]] && ! grep -q 'rc.gtk' "$srcdir/doinst.sh" ; then + elif [[ -d $pkg/share/applications ]] && [[ -e $srcdir/doinst.sh ]] && ! grep -q 'rc.gtk' "$srcdir/doinst.sh" ; then echo "[INFO] Found /share/applications but couldn't find any rc.gtk lines inside doinst.sh in the source directory." echo "[INFO] Creating one automatically that refreshes GTK cache." cat << EOF >> $pkg/install/doinst.sh @@ -952,6 +996,15 @@ EOF # Provide a copy of the package build file so that users know the build options that went into compiling the package install -Dm 644 "$srcdir/$buildfile" "$pkgdocs/$app.SMBuild" + # We don't want multiple directories for documentation. Detect if $pkg/share/doc/ was created. + # If it has been created, move its contents into $pkgdocs and discard the old doc directory. + if [[ -d $pkg/share/doc/$app ]] ; then + echo "[INFO] Found share/doc/$app documentation directory." + echo "[INFO] Moving its contents into share/doc/$app-$version/" + mv $pkg/share/doc/$app/* $pkgdocs/ + rmdir $pkg/share/doc/$app + fi + # Normally we'd expect some debug symbols in the newly-produced binaries. # But that isn't always the case with some packages whose build systems # strip objects before hand @@ -1003,6 +1056,9 @@ EOF /bin/makepkg -l y -c n "$newpkglocation" pkgstatus=$? + # Terminate auditd daemon + terminateauditd + echo "[INFO] Leaving staging directory $pkg" # cd back to $srcdir when preservepackagedir is set to 0 to prevent this error: shell-init: error retrieving @@ -1374,8 +1430,13 @@ interruptoutput() { echo "" echo "[INFO] Caught Keyboard Interrupt" wasinterrupted="1" + # Restore terminal colours echo -e "$colourd" + + # Terminate auditd daemon + terminateauditd + # If installprompt and extractprompt are set and the prompt is invoked after a successful build, hitting # ctrl-C will only set the above sm variable repeatedly and won't return user to the shell because # of the interrupt (SIGINT) trap set way below. Putting exit 0 is a decent way to get out of that prompt @@ -1393,6 +1454,7 @@ interruptoutput() { trap "prepbuildoutput" EXIT trap "interruptoutput" INT +#build 2>&1 | tee log.txt build )