summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--mk/check/bsd.check.mk3
-rw-r--r--mk/check/check-perms.mk67
-rw-r--r--mk/install/install.mk5
3 files changed, 73 insertions, 2 deletions
diff --git a/mk/check/bsd.check.mk b/mk/check/bsd.check.mk
index d74d00065ee..0290ac2db4b 100644
--- a/mk/check/bsd.check.mk
+++ b/mk/check/bsd.check.mk
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.check.mk,v 1.2 2006/06/07 17:04:01 jlam Exp $
+# $NetBSD: bsd.check.mk,v 1.3 2006/10/13 06:32:15 rillig Exp $
#
# This Makefile fragment is included by bsd.pkg.mk and provides all
# variables and targets related to build and install checks.
@@ -11,6 +11,7 @@
.include "${PKGSRCDIR}/mk/check/check-files.mk"
.include "${PKGSRCDIR}/mk/check/check-interpreter.mk"
+.include "${PKGSRCDIR}/mk/check/check-perms.mk"
.include "${PKGSRCDIR}/mk/check/check-shlibs.mk"
.include "${PKGSRCDIR}/mk/check/check-vulnerable.mk"
.include "${PKGSRCDIR}/mk/check/check-wrkref.mk"
diff --git a/mk/check/check-perms.mk b/mk/check/check-perms.mk
new file mode 100644
index 00000000000..f5a55c6596e
--- /dev/null
+++ b/mk/check/check-perms.mk
@@ -0,0 +1,67 @@
+# $NetBSD: check-perms.mk,v 1.1 2006/10/13 06:32:15 rillig Exp $
+#
+# This file checks that after installation of a package, all files and
+# directories of that package have sensible permissions set.
+#
+# The following variables may be set by a package:
+#
+# The following variables may be set by the pkgsrc user in mk.conf:
+#
+# CHECK_PERMS: YesNo (default: yes for PKG_DEVELOPER, no otherwise)
+# Specifies whether the permissions check should be run at all.
+#
+# CHECK_PERMS_SKIP: List of PathMask (default: empty)
+# A list of patterns (like man/*) that should be excluded from the
+# check. Note that a * in a pattern also matches a slash in a
+# pathname.
+#
+
+.if defined(PKG_DEVELOPER)
+CHECK_PERMS?= yes
+.else
+CHECK_PERMS?= no
+.endif
+
+#.if !empty(CHECK_PERMS:M[Yy][Ee][Ss])
+#_POST_INSTALL_CHECKS+= check-perms
+#.endif
+
+_CHECK_PERMS_CMD= ${LOCALBASE}/bin/checkperms
+_CHECK_PERMS_GETDIRS_AWK= \
+ /.*/ { \
+ print $$0; \
+ dir = $$0; \
+ while (sub("/[^/]*$$", "", dir) && dir != "") { \
+ if (!(dir in dirs)) { \
+ dirs[dir] = "done"; \
+ print dir; \
+ } \
+ } \
+ }
+
+CHECK_PERMS_SKIP?= # none
+_CHECK_PERMS_SKIP_FILTER= case "$$file" in
+_CHECK_PERMS_SKIP_FILTER+= ${CHECK_PERMS_SKIP:@.pattern.@${PREFIX}/${.pattern.}|${.pattern.}) continue ;;@}
+_CHECK_PERMS_SKIP_FILTER+= *) ;;
+_CHECK_PERMS_SKIP_FILTER+= esac
+
+.PHONY: check-perms
+.if exists(${_CHECK_PERMS_CMD})
+check-perms:
+ @${STEP_MSG} "Checking file permissions in ${PKGNAME}"
+ ${_PKG_SILENT}${_PKG_DEBUG} \
+ set -e; \
+ ${PKG_FILELIST_CMD} \
+ | sort \
+ | sed -e 's,\\,\\\\,g' \
+ | while read file; do \
+ ${_CHECK_PERMS_SKIP_FILTER}; \
+ printf "%s\\n" "$$file"; \
+ done \
+ | awk ${_CHECK_PERMS_GETDIRS_AWK:Q} \
+ | ${_CHECK_PERMS_CMD}
+.else
+check-perms:
+ @${WARNING_MSG} "[check-perms.mk] Skipping file permissions check."
+ @${WARNING_MSG} "[check-perms.mk] Install sysutils/checkperms to enable this check."
+.endif
diff --git a/mk/install/install.mk b/mk/install/install.mk
index 99bed60bcf7..8fdd976df0e 100644
--- a/mk/install/install.mk
+++ b/mk/install/install.mk
@@ -1,4 +1,4 @@
-# $NetBSD: install.mk,v 1.22 2006/10/09 12:25:44 joerg Exp $
+# $NetBSD: install.mk,v 1.23 2006/10/13 06:32:15 rillig Exp $
######################################################################
### install (PUBLIC)
@@ -169,6 +169,9 @@ privileged-install-hook: check-files
.if empty(CHECK_INTERPRETER:M[nN][oO])
privileged-install-hook: check-interpreter
.endif
+.if empty(CHECK_PERMS:M[nN][oO])
+privileged-install-hook: check-perms
+.endif
.PHONY: install-all su-install-all
. if !empty(_MAKE_INSTALL_AS_ROOT:M[Yy][Ee][Ss])