diff options
-rw-r--r-- | mk/check/bsd.check.mk | 3 | ||||
-rw-r--r-- | mk/check/check-perms.mk | 67 | ||||
-rw-r--r-- | mk/install/install.mk | 5 |
3 files changed, 73 insertions, 2 deletions
diff --git a/mk/check/bsd.check.mk b/mk/check/bsd.check.mk index d74d00065ee..0290ac2db4b 100644 --- a/mk/check/bsd.check.mk +++ b/mk/check/bsd.check.mk @@ -1,4 +1,4 @@ -# $NetBSD: bsd.check.mk,v 1.2 2006/06/07 17:04:01 jlam Exp $ +# $NetBSD: bsd.check.mk,v 1.3 2006/10/13 06:32:15 rillig Exp $ # # This Makefile fragment is included by bsd.pkg.mk and provides all # variables and targets related to build and install checks. @@ -11,6 +11,7 @@ .include "${PKGSRCDIR}/mk/check/check-files.mk" .include "${PKGSRCDIR}/mk/check/check-interpreter.mk" +.include "${PKGSRCDIR}/mk/check/check-perms.mk" .include "${PKGSRCDIR}/mk/check/check-shlibs.mk" .include "${PKGSRCDIR}/mk/check/check-vulnerable.mk" .include "${PKGSRCDIR}/mk/check/check-wrkref.mk" diff --git a/mk/check/check-perms.mk b/mk/check/check-perms.mk new file mode 100644 index 00000000000..f5a55c6596e --- /dev/null +++ b/mk/check/check-perms.mk @@ -0,0 +1,67 @@ +# $NetBSD: check-perms.mk,v 1.1 2006/10/13 06:32:15 rillig Exp $ +# +# This file checks that after installation of a package, all files and +# directories of that package have sensible permissions set. +# +# The following variables may be set by a package: +# +# The following variables may be set by the pkgsrc user in mk.conf: +# +# CHECK_PERMS: YesNo (default: yes for PKG_DEVELOPER, no otherwise) +# Specifies whether the permissions check should be run at all. +# +# CHECK_PERMS_SKIP: List of PathMask (default: empty) +# A list of patterns (like man/*) that should be excluded from the +# check. Note that a * in a pattern also matches a slash in a +# pathname. +# + +.if defined(PKG_DEVELOPER) +CHECK_PERMS?= yes +.else +CHECK_PERMS?= no +.endif + +#.if !empty(CHECK_PERMS:M[Yy][Ee][Ss]) +#_POST_INSTALL_CHECKS+= check-perms +#.endif + +_CHECK_PERMS_CMD= ${LOCALBASE}/bin/checkperms +_CHECK_PERMS_GETDIRS_AWK= \ + /.*/ { \ + print $$0; \ + dir = $$0; \ + while (sub("/[^/]*$$", "", dir) && dir != "") { \ + if (!(dir in dirs)) { \ + dirs[dir] = "done"; \ + print dir; \ + } \ + } \ + } + +CHECK_PERMS_SKIP?= # none +_CHECK_PERMS_SKIP_FILTER= case "$$file" in +_CHECK_PERMS_SKIP_FILTER+= ${CHECK_PERMS_SKIP:@.pattern.@${PREFIX}/${.pattern.}|${.pattern.}) continue ;;@} +_CHECK_PERMS_SKIP_FILTER+= *) ;; +_CHECK_PERMS_SKIP_FILTER+= esac + +.PHONY: check-perms +.if exists(${_CHECK_PERMS_CMD}) +check-perms: + @${STEP_MSG} "Checking file permissions in ${PKGNAME}" + ${_PKG_SILENT}${_PKG_DEBUG} \ + set -e; \ + ${PKG_FILELIST_CMD} \ + | sort \ + | sed -e 's,\\,\\\\,g' \ + | while read file; do \ + ${_CHECK_PERMS_SKIP_FILTER}; \ + printf "%s\\n" "$$file"; \ + done \ + | awk ${_CHECK_PERMS_GETDIRS_AWK:Q} \ + | ${_CHECK_PERMS_CMD} +.else +check-perms: + @${WARNING_MSG} "[check-perms.mk] Skipping file permissions check." + @${WARNING_MSG} "[check-perms.mk] Install sysutils/checkperms to enable this check." +.endif diff --git a/mk/install/install.mk b/mk/install/install.mk index 99bed60bcf7..8fdd976df0e 100644 --- a/mk/install/install.mk +++ b/mk/install/install.mk @@ -1,4 +1,4 @@ -# $NetBSD: install.mk,v 1.22 2006/10/09 12:25:44 joerg Exp $ +# $NetBSD: install.mk,v 1.23 2006/10/13 06:32:15 rillig Exp $ ###################################################################### ### install (PUBLIC) @@ -169,6 +169,9 @@ privileged-install-hook: check-files .if empty(CHECK_INTERPRETER:M[nN][oO]) privileged-install-hook: check-interpreter .endif +.if empty(CHECK_PERMS:M[nN][oO]) +privileged-install-hook: check-perms +.endif .PHONY: install-all su-install-all . if !empty(_MAKE_INSTALL_AS_ROOT:M[Yy][Ee][Ss]) |