pktsurf/smlinux
1
1
Fork 0
Code Issues 1 Pull requests Wiki Activity

Changes to bldpkg:

Browse source 
* Added auditd-related code
  * Added code to move documentation in the staging directory into right subdirectory
This commit is contained in:
PktSurf 2022-08-25 14:25:45 +05:30
parent 5cbcac97e3
commit 0516150d3d
1 changed files with 66 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
bldpkg
View file

@ -24,6 +24,21 @@
# in the test files and also add suitable bldpkg.conf switches for it # in the test files and also add suitable bldpkg.conf switches for it
# -> Give a warning when more than two directories, a source and a staging directory # -> Give a warning when more than two directories, a source and a staging directory
# not belonging to the current build are present inside tmpfs # not belonging to the current build are present inside tmpfs
# -> Temporarily create a directory defined as pkgdocs, where licenses go to $pkg/share/doc/<app-version>.
# At the end of the build, if $pkg/share/doc/<app> is created, move all the stuff contained in that
# directory into $pkg/share/doc/<app-version> and discard $pkg/share/doc/<app>
# -> Detect whether the build attempted to write anything outside /tmp. This can
# be accomplished via auditd. In the perfect world a sane build system would
# keep everything contained to the topmost build directory till DESTDIR is passed.
# But in the imperfect world, that is often not the case.
# # auditctl -l
# -w /bin -p w
# -w /lib -p w
# -w /share -p w
# -w /etc -p w
# -w /include -p w
# -w /usr -p w
# Above output watches for writes to /bin, /lib, /share, /etc, /include and /usr directories
# Begin subshell # Begin subshell
( (
@ -34,7 +49,7 @@ set -e
# Time when the build commenced. Note: elapsed time is logged by the runtime function way below. This output goes # Time when the build commenced. Note: elapsed time is logged by the runtime function way below. This output goes
# into package build summary. # into package build summary.
commencedate="$(date '+%a, %d %b %Y, %T')" commencedate="$(date '+%a, %d %b %Y, %T')"
# Then source the configuration file holding all values # Then source the configuration file holding all values
if [[ -f /etc/bldpkg.conf ]] ; then if [[ -f /etc/bldpkg.conf ]] ; then
source /etc/bldpkg.conf source /etc/bldpkg.conf
@ -251,6 +266,35 @@ fi
echo "[INFO] Building package $app version $version ..." echo "[INFO] Building package $app version $version ..."
sleep 0.5 sleep 0.5
# Invoke auditd if useauditd is set to 1 in bldpkg.conf
if [[ $useauditd = 1 ]] ; then
# First clear out the log file
auditlogfile="/var/log/audit/audit.log"
echo > $auditlogfile
# Now run auditd. Ampersand is needed to log the PID.
/bin/auditd -n &
# Store the PID inside a variable
auditpid=$!
# Note: auditd writes 8 lines for our setup when initialized.
echo "[INFO] Auditd initialised."
fi
terminateauditd() {
if [[ $useauditd = 1 ]] ; then
# Terminate auditd, log number of lines inside a variable
/bin/kill -15 $auditpid
echo "[INFO] Auditd terminated."
auditlogtermsize="$(wc -l < $auditlogfile)"
if [[ $auditlogtermsize -gt 10 ]] ; then
echo "[WARNING] Auditd log file is greater than 10 lines!"
echo "[WARNING] Highly recommend that you examine its file!"
fi
fi
}
# Now we attempt to split the total time we'll get when making the summary into two times: compile time and
# Only verify source checksums if skipchecksum is not set in the build file # Only verify source checksums if skipchecksum is not set in the build file
if [[ -z $skipchecksum ]] ; then if [[ -z $skipchecksum ]] ; then
if [[ -z $sha512sums ]] ; then if [[ -z $sha512sums ]] ; then
@ -879,7 +923,7 @@ removestaticlibs() {
# Function to perform post-compile tasks: # Function to perform post-compile tasks:
# To be invoked inside a package build file. # To be invoked inside a package build file.
mkfinalpkg() { mkfinalpkg() {
# Now we attempt to split the total time we'll get when making the summary into two times: compile time and # Now we attempt to split the total time we'll get when making the summary into two times: compile time and
# packaging time. Here we store the value of $SECONDS variable the moment makefinalpkg is invoked. We use this # packaging time. Here we store the value of $SECONDS variable the moment makefinalpkg is invoked. We use this
# value as the compile time, because this is the next function that's called by the build script the moment a # value as the compile time, because this is the next function that's called by the build script the moment a
@ -917,14 +961,14 @@ mkfinalpkg() {
[[ -e $srcdir/doinst.sh ]] && cp "$srcdir/doinst.sh" "$pkg/install/" [[ -e $srcdir/doinst.sh ]] && cp "$srcdir/doinst.sh" "$pkg/install/"
# If /share/applications directory exists but there is no doinst.sh in the source directory, create one using cat # If /share/applications directory exists but there is no doinst.sh in the source directory, create one using cat
if [[ -d "$pkg/share/applications" ]] && [[ ! -e "$srcdir/doinst.sh" ]] ; then if [[ -d $pkg/share/applications ]] && [[ ! -e $srcdir/doinst.sh ]] ; then
echo "[INFO] Found /share/applications but couldn't find any doinst.sh in the source directory." echo "[INFO] Found /share/applications but couldn't find any doinst.sh in the source directory."
echo "[INFO] Creating one automatically that refreshes GTK cache." echo "[INFO] Creating one automatically that refreshes GTK cache."
cat << EOF >> $pkg/install/doinst.sh cat << EOF >> $pkg/install/doinst.sh
[[ -x /etc/rc.d/rc.gtk ]] && /etc/rc.d/rc.gtk [[ -x /etc/rc.d/rc.gtk ]] && /etc/rc.d/rc.gtk
EOF EOF
elif [[ -d "$pkg/share/applications" ]] && [[ -e "$srcdir/doinst.sh" ]] && ! grep -q 'rc.gtk' "$srcdir/doinst.sh" ; then elif [[ -d $pkg/share/applications ]] && [[ -e $srcdir/doinst.sh ]] && ! grep -q 'rc.gtk' "$srcdir/doinst.sh" ; then
echo "[INFO] Found /share/applications but couldn't find any rc.gtk lines inside doinst.sh in the source directory." echo "[INFO] Found /share/applications but couldn't find any rc.gtk lines inside doinst.sh in the source directory."
echo "[INFO] Creating one automatically that refreshes GTK cache." echo "[INFO] Creating one automatically that refreshes GTK cache."
cat << EOF >> $pkg/install/doinst.sh cat << EOF >> $pkg/install/doinst.sh
@ -952,6 +996,15 @@ EOF
# Provide a copy of the package build file so that users know the build options that went into compiling the package # Provide a copy of the package build file so that users know the build options that went into compiling the package
install -Dm 644 "$srcdir/$buildfile" "$pkgdocs/$app.SMBuild" install -Dm 644 "$srcdir/$buildfile" "$pkgdocs/$app.SMBuild"
# We don't want multiple directories for documentation. Detect if $pkg/share/doc/<app-name> was created.
# If it has been created, move its contents into $pkgdocs and discard the old doc directory.
if [[ -d $pkg/share/doc/$app ]] ; then
echo "[INFO] Found share/doc/$app documentation directory."
echo "[INFO] Moving its contents into share/doc/$app-$version/"
mv $pkg/share/doc/$app/* $pkgdocs/
rmdir $pkg/share/doc/$app
fi
# Normally we'd expect some debug symbols in the newly-produced binaries. # Normally we'd expect some debug symbols in the newly-produced binaries.
# But that isn't always the case with some packages whose build systems # But that isn't always the case with some packages whose build systems
# strip objects before hand # strip objects before hand
@ -1003,6 +1056,9 @@ EOF
/bin/makepkg -l y -c n "$newpkglocation" /bin/makepkg -l y -c n "$newpkglocation"
pkgstatus=$? pkgstatus=$?
# Terminate auditd daemon
terminateauditd
echo "[INFO] Leaving staging directory $pkg" echo "[INFO] Leaving staging directory $pkg"
# cd back to $srcdir when preservepackagedir is set to 0 to prevent this error: shell-init: error retrieving # cd back to $srcdir when preservepackagedir is set to 0 to prevent this error: shell-init: error retrieving
@ -1374,8 +1430,13 @@ interruptoutput() {
echo "" echo ""
echo "[INFO] Caught Keyboard Interrupt" echo "[INFO] Caught Keyboard Interrupt"
wasinterrupted="1" wasinterrupted="1"
# Restore terminal colours # Restore terminal colours
echo -e "$colourd" echo -e "$colourd"
# Terminate auditd daemon
terminateauditd
# If installprompt and extractprompt are set and the prompt is invoked after a successful build, hitting # If installprompt and extractprompt are set and the prompt is invoked after a successful build, hitting
# ctrl-C will only set the above sm variable repeatedly and won't return user to the shell because # ctrl-C will only set the above sm variable repeatedly and won't return user to the shell because
# of the interrupt (SIGINT) trap set way below. Putting exit 0 is a decent way to get out of that prompt # of the interrupt (SIGINT) trap set way below. Putting exit 0 is a decent way to get out of that prompt
@ -1393,6 +1454,7 @@ interruptoutput() {
trap "prepbuildoutput" EXIT trap "prepbuildoutput" EXIT
trap "interruptoutput" INT trap "interruptoutput" INT
#build 2>&1 | tee log.txt
build build
) )