diff options
author | jlam <jlam@pkgsrc.org> | 2006-04-25 19:54:39 +0000 |
---|---|---|
committer | jlam <jlam@pkgsrc.org> | 2006-04-25 19:54:39 +0000 |
commit | ede4976eb92f1c89fd34dc8908a50d8f4b2b490c (patch) | |
tree | daa56ac17fcede1576b6c565b3b389b7639ba546 /mk | |
parent | 5875fd647ac192d9300c034e02c84e294d30dde4 (diff) | |
download | pkgsrc-ede4976eb92f1c89fd34dc8908a50d8f4b2b490c.tar.gz |
First try at fixing a deficiency in the package +INSTALL scripts,
where they don't verify that any pre-existing config files and
directories have the correct permissions. For example, if you are
upgrading a package to a newer version and the config files and
directories used by the package need to have different permissions
than in previous versions of the package, then the new package may
fail to work because it can't access pre-existing files and directories.
This commit improves on this by doing the following:
(1) Teach the +FILES and +DIRS scriptlets two new actions "PERMS" and
"CHECK-PERMS". "PERMS" fixes permissions on existing files and
directories. "CHECK-PERMS" will verify those same bits and warn
the user when they are wrong. The "CHECK-PERMS" actions for the
two scriptlets are run immediately after the "ADD" actions.
(2) Add a new variable PKG_CONFIG_PERMS that controls whether the
"PERMS" action will automatically fix permissions. PKG_CONFIG_PERMS
is only consulted if PKG_CONFIG is "yes". PKG_CONFIG_PERMS can
be set in the shell environment when running pkg_add, e.g.:
export PKG_CONFIG=yes
export PKG_CONFIG_PERMS=yes
pkg_add /path/to/binary/package.tgz
The default value of PKG_CONFIG_PERMS embedded into the +INSTALL
script may also be set in /etc/mk.conf. This value defaults to
"no", so that by default, the +INSTALL script will not modify or
destroy any existing configuration files or directories.
The +INSTALL script will now always warn you if there are files or
directories whose permissions differ from what the package is expecting
to use, and if PKG_CONFIG_PERMS is set to "yes", then it will go ahead
and fix those permissions for you automatically.
Diffstat (limited to 'mk')
-rw-r--r-- | mk/install/bsd.pkginstall.mk | 10 | ||||
-rw-r--r-- | mk/install/deinstall | 6 | ||||
-rw-r--r-- | mk/install/dirs | 123 | ||||
-rw-r--r-- | mk/install/files | 134 | ||||
-rw-r--r-- | mk/install/install | 14 |
5 files changed, 263 insertions, 24 deletions
diff --git a/mk/install/bsd.pkginstall.mk b/mk/install/bsd.pkginstall.mk index d26962e8046..3d230fdd112 100644 --- a/mk/install/bsd.pkginstall.mk +++ b/mk/install/bsd.pkginstall.mk @@ -1,4 +1,4 @@ -# $NetBSD: bsd.pkginstall.mk,v 1.47 2006/04/23 00:00:43 jlam Exp $ +# $NetBSD: bsd.pkginstall.mk,v 1.48 2006/04/25 19:54:39 jlam Exp $ # # This Makefile fragment is included by bsd.pkg.mk and implements the # common INSTALL/DEINSTALL scripts framework. To use the pkginstall @@ -745,6 +745,12 @@ ${_INSTALL_FONTS_FILE}: ../../mk/install/fonts # directories needed to use the package. It is either YES or NO # and defaults to YES. # +# PKG_CONFIG_PERMS indicates whether to automatically correct permissions +# and ownership on pre-existing files and directories, or if it +# should merely inform the admin of the list of files and +# directories whose permissions and ownership need to be fixed. It +# is either YES or NO and defaults to NO. +# # PKG_RCD_SCRIPTS indicates whether to automatically install rc.d scripts # to ${RCD_SCRIPTS_DIR}. It is either YES or NO and defaults to # NO. This variable only takes effect if ${PKG_CONFIG} == "YES". @@ -761,11 +767,13 @@ ${_INSTALL_FONTS_FILE}: ../../mk/install/fonts # PKG_CREATE_USERGROUP?= YES PKG_CONFIG?= YES +PKG_CONFIG_PERMS?= NO PKG_RCD_SCRIPTS?= NO PKG_REGISTER_SHELLS?= YES PKG_UPDATE_FONTS_DB?= YES FILES_SUBST+= PKG_CREATE_USERGROUP=${PKG_CREATE_USERGROUP:Q} FILES_SUBST+= PKG_CONFIG=${PKG_CONFIG:Q} +FILES_SUBST+= PKG_CONFIG_PERMS=${PKG_CONFIG_PERMS:Q} FILES_SUBST+= PKG_RCD_SCRIPTS=${PKG_RCD_SCRIPTS:Q} FILES_SUBST+= PKG_REGISTER_SHELLS=${PKG_REGISTER_SHELLS:Q} FILES_SUBST+= PKG_UPDATE_FONTS_DB=${PKG_UPDATE_FONTS_DB:Q} diff --git a/mk/install/deinstall b/mk/install/deinstall index ab58a11c723..838149766b5 100644 --- a/mk/install/deinstall +++ b/mk/install/deinstall @@ -1,4 +1,4 @@ -# $NetBSD: deinstall,v 1.39 2006/03/15 04:52:57 jlam Exp $ +# $NetBSD: deinstall,v 1.40 2006/04/25 19:54:39 jlam Exp $ case ${STAGE} in VIEW-DEINSTALL) @@ -37,8 +37,6 @@ DEINSTALL) # ${TEST} ! -x ./+FILES || ./+FILES REMOVE ${PKG_METADATA_DIR} - ${TEST} ! -x ./+RCD_SCRIPTS || - ./+RCD_SCRIPTS REMOVE ${PKG_METADATA_DIR} ;; POST-DEINSTALL) @@ -68,8 +66,6 @@ POST-DEINSTALL) ./+USERGROUP CHECK-REMOVE ${PKG_METADATA_DIR} ${TEST} ! -x ./+FILES || ./+FILES CHECK-REMOVE ${PKG_METADATA_DIR} - ${TEST} ! -x ./+RCD_SCRIPTS || - ./+RCD_SCRIPTS CHECK-REMOVE ${PKG_METADATA_DIR} ${TEST} ! -x ./+DIRS || ./+DIRS CHECK-REMOVE ${PKG_METADATA_DIR} ;; diff --git a/mk/install/dirs b/mk/install/dirs index 451ad9a331b..d916ab94680 100644 --- a/mk/install/dirs +++ b/mk/install/dirs @@ -1,4 +1,4 @@ -# $NetBSD: dirs,v 1.10 2006/03/19 23:58:14 jlam Exp $ +# $NetBSD: dirs,v 1.11 2006/04/25 19:54:39 jlam Exp $ # # Generate a +DIRS script that reference counts directories that are # required for the proper functioning of the package. @@ -10,8 +10,8 @@ UNPACK,|UNPACK,+DIRS) # # +DIRS - reference-counted directory management script # -# Usage: ./+DIRS ADD|REMOVE [metadatadir] -# ./+DIRS CHECK-ADD|CHECK-REMOVE [metadatadir] +# Usage: ./+DIRS ADD|REMOVE|PERMS [metadatadir] +# ./+DIRS CHECK-ADD|CHECK-REMOVE|CHECK-PERMS [metadatadir] # # This script supports two actions, ADD and REMOVE, that will add or # remove the directories needed by the package associated with @@ -21,7 +21,13 @@ UNPACK,|UNPACK,+DIRS) # any directories needed by the package still exist, and print an # informative message noting those directories. The CHECK-ADD and # CHECK-REMOVE actions return non-zero if they detect either missing -# or existing directories, respectively. +# or existing directories, respectively. The PERMS action will correct +# any ownership or permission discrepancies between the existing +# directories and the data in this script, and the CHECK-PERMS action +# will check whether any directories have the wrong ownership or +# permission and print an informative message noting those directories. +# The CHECK-PERMS action will return non-zero if it detects directories +# with wrong ownership or permissions. # # Lines starting with "# DIR: " are data read by this script that # name the directories that this package requires to exist to function @@ -41,12 +47,14 @@ UNPACK,|UNPACK,+DIRS) # m create (make) the directory when ADDing # o directory is owned by the package # +AWK="@AWK@" CAT="@CAT@" CHGRP="@CHGRP@" CHMOD="@CHMOD@" CHOWN="@CHOWN@" ECHO="@ECHO@" GREP="@GREP@" +LS="@LS@" MKDIR="@MKDIR@" MV="@MV@" PWD_CMD="@PWD_CMD@" @@ -75,6 +83,14 @@ case "${PKG_CONFIG:-@PKG_CONFIG@}" in _PKG_CONFIG=no ;; esac +case "${PKG_CONFIG_PERMS:-@PKG_CONFIG_PERMS@}" in +[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + _PKG_CONFIG_PERMS=yes + ;; +[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) + _PKG_CONFIG_PERMS=no + ;; +esac exitcode=0 case $ACTION in @@ -162,6 +178,23 @@ REMOVE) done ;; +PERMS) + ${SED} -n "/^\# DIR: /{s/^\# DIR: //;p;}" ${SELF} | ${SORT} -u | + while read dir d_flags d_user d_group d_mode; do + case $dir in + "") continue ;; + [!/]*) dir="${PKG_PREFIX}/$dir" ;; + esac + case $d_user/$d_group/$d_mode/$_PKG_CONFIG/$_PKG_CONFIG_PERMS in + [!/]*/[!/]*/[!/]*/yes/yes) + ${CHOWN} $d_user $dir + ${CHGRP} $d_group $dir + ${CHMOD} $d_mode $dir + ;; + esac + done + ;; + CHECK-ADD) ${SED} -n "/^\# DIR: /{s/^\# DIR: //;p;}" ${SELF} | ${SORT} -u | { while read dir d_flags d_user d_group d_mode; do @@ -234,9 +267,87 @@ CHECK-REMOVE) ${TEST} $? -eq 0 || exitcode=1 ;; +CHECK-PERMS) + tmpdir="${TMPDIR:-/tmp}/private.$$" + ${MKDIR} -p $tmpdir 2>/dev/null || exit 1 + ${CHMOD} 700 $tmpdir + ${SED} -n "/^\# DIR: /{s/^\# DIR: //;p;}" ${SELF} | ${SORT} -ru | + { while read dir d_flags d_user d_group d_mode; do + case $dir in + "") continue ;; + [!/]*) dir="${PKG_PREFIX}/$dir" ;; + esac + ${TEST} -d "$dir" || continue + case $d_user:$d_group:$d_mode in + ::) continue ;; + esac + + perms=`${LS} -ld $dir | ${AWK} '{ print $1":"$3":"$4 }'` + ${MKDIR} -p $tmpdir/tmp + ${CHMOD} $d_mode $tmpdir/tmp 2>/dev/null + longmode=`${LS} -ld $tmpdir/tmp | ${AWK} '{ print $1 }'` + case $d_mode:$d_user:$d_group in + :[!:]*:) + case "$perms" in + *:$d_user:*) continue ;; + esac + ;; + :[!:]*:[!:]*) + case "$perms" in + *:$d_user:$d_group) continue ;; + esac + ;; + [!:]*::) + case "$perms" in + $longmode:*:*) continue ;; + esac + ;; + [!:]*:[!:]*:) + case "$perms" in + $longmode:$d_user:*) continue ;; + esac + ;; + [!:]*:[!:]*:[!:]*) + case "$perms" in + $longmode:$d_user:$d_group) continue ;; + esac + ;; + esac + + case "$printed_header" in + yes) ;; + *) printed_header=yes + ${ECHO} "===========================================================================" + ${ECHO} "The following directories are used by ${PKGNAME} and" + ${ECHO} "have the wrong ownership and/or permissions:" + ${ECHO} "" + ;; + esac + case $d_mode:$d_user:$d_group in + [!:]*::) + ${ECHO} " $dir (m=$d_mode)" + ;; + [!:]*:[!:]*:) + ${ECHO} " $dir (m=$d_mode, o=$d_user)" + ;; + [!:]*:[!:]*:[!:]*) + ${ECHO} " $dir (m=$d_mode, o=$d_user, g=$d_group)" + ;; + esac + done + case "$printed_header" in + yes) ${ECHO} "" + ${ECHO} "===========================================================================" + exit 1 + ;; + esac; } + rm -rf $tmpdir + ${TEST} $? -eq 0 || exitcode=1 + ;; + *) - ${ECHO} "Usage: ./+DIRS ADD|REMOVE [metadatadir]" - ${ECHO} " ./+DIRS CHECK-ADD|CHECK-REMOVE [metadatadir]" + ${ECHO} "Usage: ./+DIRS ADD|REMOVE|PERMS [metadatadir]" + ${ECHO} " ./+DIRS CHECK-ADD|CHECK-REMOVE|CHECK-PERMS [metadatadir]" ;; esac exit $exitcode diff --git a/mk/install/files b/mk/install/files index 44bf2d2e3d1..b6b924196ce 100644 --- a/mk/install/files +++ b/mk/install/files @@ -1,4 +1,4 @@ -# $NetBSD: files,v 1.10 2006/03/19 23:58:14 jlam Exp $ +# $NetBSD: files,v 1.11 2006/04/25 19:54:39 jlam Exp $ # # Generate a +FILES script that reference counts config files that are # required for the proper functioning of the package. @@ -10,9 +10,9 @@ UNPACK,|UNPACK,+FILES) # # +FILES - reference-counted configuration file management script # -# Usage: ./+FILES ADD|REMOVE [metadatadir] +# Usage: ./+FILES ADD|REMOVE|PERMS [metadatadir] # ./+FILES VIEW-REMOVE depotdir viewdir -# ./+FILES CHECK-ADD|CHECK-REMOVE [metadatadir] +# ./+FILES CHECK-ADD|CHECK-REMOVE|CHECK-PERMS [metadatadir] # # This script supports two actions, ADD and REMOVE, that will add or # remove the configuration files needed by the package associated with @@ -23,7 +23,13 @@ UNPACK,|UNPACK,+FILES) # message noting those files. The CHECK-ADD and CHECK-REMOVE actions # return non-zero if they detect either missing or existing files, # respectively. The VIEW-REMOVE action will remove from <viewdir> the -# links to the configuration files in <depotdir>. +# links to the configuration files in <depotdir>. The PERMS action +# will correct any ownership or permission discrepancies between the +# existing files and the data in this script, and the CHECK-PERMS +# action will check whether any files have the wrong ownership or +# permission and print an informative message noting those files. The +# CHECK-PERMS action will return non-zero if it detects files with +# wrong ownership or permissions. # # Lines starting with "# FILE: " are data read by this script that # name the files that this package requires to exist to function @@ -42,6 +48,7 @@ UNPACK,|UNPACK,+FILES) # f ignore ${PKG_CONFIG} # r file is an rc.d script (consider ${PKG_RCD_SCRIPTS}) # +AWK="@AWK@" CAT="@CAT@" CP="@CP@" CHGRP="@CHGRP@" @@ -50,6 +57,7 @@ CHOWN="@CHOWN@" CMP="@CMP@" ECHO="@ECHO@" GREP="@GREP@" +LS="@LS@" MKDIR="@MKDIR@" MV="@MV@" PWD_CMD="@PWD_CMD@" @@ -73,6 +81,14 @@ case "${PKG_CONFIG:-@PKG_CONFIG@}" in _PKG_CONFIG=no ;; esac +case "${PKG_CONFIG_PERMS:-@PKG_CONFIG_PERMS@}" in +[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + _PKG_CONFIG_PERMS=yes + ;; +[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) + _PKG_CONFIG_PERMS=no + ;; +esac case "${PKG_RCD_SCRIPTS:-@PKG_RCD_SCRIPTS@}" in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) _PKG_RCD_SCRIPTS=yes @@ -86,7 +102,7 @@ case $ACTION in VIEW-REMOVE) DEPOTDIR="$2" VIEWDIR="$3" - ${TEST} -n "${DEPOTDIR}" -a -n "${VIEWDIR}" || exit 0 + ${TEST} -n "${DEPOTDIR}" -a -n "${VIEWDIR}" || exit 0 ;; *) PKG_METADATA_DIR="${2-`${PWD_CMD}`}" @@ -226,6 +242,32 @@ REMOVE) done ;; +PERMS) + ${SED} -n "/^\# FILE: /{s/^\# FILE: //;p;}" ${SELF} | ${SORT} -ru | + while read file f_flags f_eg f_mode f_user f_group; do + case $_PKG_CONFIG/$_PKG_CONFIG_PERMS in + yes/yes) ;; + *) continue ;; + esac + case $file in + "") continue ;; + [!/]*) file="${PKG_PREFIX}/$file" ;; + esac + case $f_user in + "") ;; + *) ${CHOWN} $f_user $file ;; + esac + case $f_group in + "") ;; + *) ${CHGRP} $f_group $file ;; + esac + case $f_mode in + "") ;; + *) ${CHMOD} $f_mode $file ;; + esac + done + ;; + VIEW-REMOVE) ${SED} -n "/^\# FILE: /{s/^\# FILE: //;p;}" ${SELF} | ${SORT} -ru | while read file f_flags f_eg f_mode f_user f_group; do @@ -322,10 +364,88 @@ CHECK-REMOVE) ${TEST} $? -eq 0 || exitcode=1 ;; +CHECK-PERMS) + tmpdir="${TMPDIR:-/tmp}/private.$$" + ${MKDIR} -p $tmpdir 2>/dev/null || exit 1 + ${CHMOD} 700 $tmpdir + ${SED} -n "/^\# FILE: /{s/^\# FILE: //;p;}" ${SELF} | ${SORT} -ru | + { while read file f_flags f_eg f_mode f_user f_group; do + case $file in + "") continue ;; + [!/]*) file="${PKG_PREFIX}/$file" ;; + esac + ${TEST} -f "$file" || continue + case $f_mode:$f_user:$f_group in + ::) continue ;; + esac + + perms=`${LS} -l $file | ${AWK} '{ print $1":"$3":"$4 }'` + ${ECHO} > $tmpdir/tmp + ${CHMOD} $f_mode $tmpdir/tmp 2>/dev/null + longmode=`${LS} -l $tmpdir/tmp | ${AWK} '{ print $1 }'` + case $f_mode:$f_user:$f_group in + :[!:]*:) + case "$perms" in + *:$f_user:*) continue ;; + esac + ;; + :[!:]*:[!:]*) + case "$perms" in + *:$f_user:$f_group) continue ;; + esac + ;; + [!:]*::) + case "$perms" in + $longmode:*:*) continue ;; + esac + ;; + [!:]*:[!:]*:) + case "$perms" in + $longmode:$f_user:*) continue ;; + esac + ;; + [!:]*:[!:]*:[!:]*) + case "$perms" in + $longmode:$f_user:$f_group) continue ;; + esac + ;; + esac + + case "$printed_header" in + yes) ;; + *) printed_header=yes + ${ECHO} "===========================================================================" + ${ECHO} "The following files are used by ${PKGNAME} and have" + ${ECHO} "the wrong ownership and/or permissions:" + ${ECHO} "" + ;; + esac + case $f_mode:$f_user:$f_group in + [!:]*::) + ${ECHO} " $file (m=$f_mode)" + ;; + [!:]*:[!:]*:) + ${ECHO} " $file (m=$f_mode, o=$f_user)" + ;; + [!:]*:[!:]*:[!:]*) + ${ECHO} " $file (m=$f_mode, o=$f_user, g=$f_group)" + ;; + esac + done + case "$printed_header" in + yes) ${ECHO} "" + ${ECHO} "===========================================================================" + exit 1 + ;; + esac; } + rm -rf $tmpdir + ${TEST} $? -eq 0 || exitcode=1 + ;; + *) - ${ECHO} "Usage: ./+FILES ADD|REMOVE [metadatadir]" + ${ECHO} "Usage: ./+FILES ADD|REMOVE|PERMS [metadatadir]" ${ECHO} " ./+FILES VIEW-REMOVE depotdir viewdir" - ${ECHO} " ./+FILES CHECK-ADD|CHECK-REMOVE [metadatadir]" + ${ECHO} " ./+FILES CHECK-ADD|CHECK-REMOVE|CHECK-PERMS [metadatadir]" ;; esac exit $exitcode diff --git a/mk/install/install b/mk/install/install index 713f33cb7b0..3e0e322d4dc 100644 --- a/mk/install/install +++ b/mk/install/install @@ -1,4 +1,4 @@ -# $NetBSD: install,v 1.45 2006/03/19 23:58:14 jlam Exp $ +# $NetBSD: install,v 1.46 2006/04/25 19:54:39 jlam Exp $ case ${STAGE} in PRE-INSTALL) @@ -36,6 +36,8 @@ PRE-INSTALL) fi ${TEST} ! -x ./+DIRS || ./+DIRS ADD ${PKG_METADATA_DIR} + ${TEST} ! -x ./+DIRS || + ./+DIRS PERMS ${PKG_METADATA_DIR} ;; POST-INSTALL) @@ -44,8 +46,8 @@ POST-INSTALL) # ${TEST} ! -x ./+FILES || ./+FILES ADD ${PKG_METADATA_DIR} - ${TEST} ! -x ./+RCD_SCRIPTS || - ./+RCD_SCRIPTS ADD ${PKG_METADATA_DIR} + ${TEST} ! -x ./+FILES || + ./+FILES PERMS ${PKG_METADATA_DIR} # # Set special permissions on any files/directories that need them. # @@ -61,10 +63,12 @@ POST-INSTALL) # ${TEST} ! -x ./+DIRS || ./+DIRS CHECK-ADD ${PKG_METADATA_DIR} + ${TEST} ! -x ./+DIRS || + ./+DIRS CHECK-PERMS ${PKG_METADATA_DIR} ${TEST} ! -x ./+FILES || ./+FILES CHECK-ADD ${PKG_METADATA_DIR} - ${TEST} ! -x ./+RCD_SCRIPTS || - ./+RCD_SCRIPTS CHECK-ADD ${PKG_METADATA_DIR} + ${TEST} ! -x ./+FILES || + ./+FILES CHECK-PERMS ${PKG_METADATA_DIR} ;; VIEW-INSTALL) |