PKG_SHORT="$(value SHORT_DESC)" PKG_URL="$(URL)" \
CONTROL_PREIN="$(value CONTROL_PREIN)" CONTROL_PREUN="$(value CONTROL_POSTUN)" \
CONTROL_POSTIN="$(value CONTROL_POSTIN)" CONTROL_POSTUN="$(value CONTROL_POSTUN)" \
+ \
+ QUALITY_AGENT_WHITELIST_EXECSTACK="$(value QUALITY_AGENT_WHITELIST_EXECSTACK)" \
+ QUALITY_AGENT_WHITELIST_RPATH="$(value QUALITY_AGENT_WHITELIST_RPATH)" \
+ QUALITY_AGENT_WHITELIST_SONAME="$(value QUALITY_AGENT_WHITELIST_SONAME)" \
+ \
$(DIR_SOURCE)/pakfire/compressor $(PKG_PACKAGE) $$ROOTFILE
endef
# #
###############################################################################
+PACKAGE_VERSION="0"
+
+function cleanup() {
+ echo " Cleaning up..."
+ for i in $ARCHIEVE $CONTROL $INFO $TMP_DIR; do
+ rm -rf ${i}
+ done
+}
+
while [ $# -gt 0 ]; do
case "$1" in
*)
exit 1
fi
-echo -n "Running for $PKG_TARGET..."
+echo "Packaging $PKG_TARGET..."
if [ -e "/packages/$PKG_TARGET" ]; then
echo "Skip."
INFO=$(mktemp)
TMP_DIR=$(mktemp -d)
+echo " Collecting files..."
for rootfile in $ROOTFILES; do
ERROR=$(cd / && \
grep -v "^#" < $rootfile | \
sed -e "s/KVER/$KVER/g" \
-e "s/IFS_TARGET/$IFS_TARGET/g" | \
- cpio -pdl --quiet $TMP_DIR 2>&1)
+ cpio -pd --quiet $TMP_DIR 2>&1)
if [ -n "${ERROR}" ]; then
echo -e "When copying the files, an error occoured:\n\n${ERROR}" >&2
- rm -rf $ARCHIEVE $CONTROL $INFO $TMP_DIR
+ cleanup
+ exit 1
+ fi
+done
+
+echo " Running quality agent hooks..."
+for hook in $(dirname $0)/compressor.d/*; do
+ [ -x "${hook}" ] || continue
+ ${hook} $TMP_DIR
+ if [ "$?" != "0" ]; then
+ cleanup
exit 1
fi
done
cd $TMP_DIR
+echo " Writing data.img..."
find . | cpio -o -H newc --quiet | lzma -cz - > $ARCHIEVE
+echo " Writing meta-data..."
cat <<EOF >$INFO
### $NAME package
+PACKAGE_VERSION="$PACKAGE_VERSION"
+
BUILD_HOST="$(cat /proc/sys/kernel/hostname)"
BUILD_DATE="$(date -u)"
###
EOF
+echo " Writing control file..."
cat <<EOF >$CONTROL
#!/bin/sh
cat $CONTROL > $TMP_DIR/control
cat $INFO > $TMP_DIR/info
+echo " Packaging archive..."
find . | cpio -o -H newc --quiet > $ARCHIEVE
cat $ARCHIEVE > /packages/$PKG_TARGET
-echo "Done."
-
-rm -rf $ARCHIEVE $CONTROL $INFO $TMP_DIR
+cleanup
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+EXIT_CODE=0
+
+echo " Searching for world-writeable files..."
+
+f=$(find ${1} -type f -perm -2 2>/dev/null)
+if [ -n "$f" ]; then
+ echo " QA Security Notice:"
+ echo " - The folloing files will be world writable."
+ echo " - This may or may not be a security problem, most of the time it is one."
+ echo " - Please double check that these files really need a world writeable bit and file bugs accordingly."
+ echo
+ echo "$f"
+ EXIT_CODE=1
+fi
+
+f=$(find ${1} -type f '(' -perm -2002 -o -perm -4002 ')')
+if [ -n "$f" ]; then
+ echo " QA Notice: Unsafe files detected (set*id and world writable)"
+ echo
+ echo "$f"
+ EXIT_CODE=1
+fi
+
+exit $EXIT_CODE
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+echo " Searching for static libs or *.la-files..."
+
+f=$(find ${1} -name *.{a,la} 2>/dev/null)
+if [ -n "$f" ]; then
+ echo " QA Notice: Excessive files found:"
+ echo "${f}"
+ exit 1
+fi
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+echo " Searching for executeable stacks..."
+
+# Also, executable stacks only matter on linux...
+
+command="scanelf -qyRF '%e %p' ${1} | awk '{ print $NF }'"
+
+for i in $QUALITY_AGENT_WHITELIST_EXECSTACK; do
+ if [ -n "$FILTER" ]; then
+ FILTER="$FILTER|$i"
+ else
+ FILTER="$i"
+ fi
+done
+
+if [ -n "$FILTER" ]; then
+ command="$command | grep -vE \"$FILTER\""
+fi
+
+files=$($command)
+if [ -n "$files" ]; then
+ echo " QA Notice: The following files contain executable stacks"
+ echo " Files with executable stacks will not work properly (or at all!)"
+ echo " on some architectures/operating systems."
+ echo "${files}"
+ echo
+ exit 1
+fi
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+TMP_DIR=$1
+
+echo " Searching for bad RPATH attributes..."
+
+# Make sure we disallow insecure RUNPATH/RPATH's
+# Don't want paths that point to the tree where the package was built
+# (older, broken libtools would do this). Also check for null paths
+# because the loader will search $PWD when it finds null paths.
+
+command="scanelf -qyRF '%r %p' ${TMP_DIR} 2>/dev/null | awk '{ print $NF }'"
+
+for i in $QUALITY_AGENT_WHITELIST_RPATH; do
+ if [ -n "$FILTER" ]; then
+ FILTER="$FILTER|$i"
+ else
+ FILTER="$i"
+ fi
+done
+
+if [ -n "$FILTER" ]; then
+ command="$command | grep -vE \"$FILTER\""
+fi
+
+files=$($command)
+if [ -n "$files" ]; then
+ echo " QA Notice: The following files contain insecure RUNPATH's"
+ echo "${files}"
+ echo
+ exit 1
+fi
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+# TEXTREL's are baaaaaaaad
+
+echo " Searching for bad TEXTRELs..."
+f=$(scanelf -qyRF '%t %p' ${1} 2>/dev/null | awk '{ print $NF }')
+if [ -n "$f" ]; then
+ echo " QA Notice: The following files contain runtime text relocations"
+ echo " Text relocations force the dynamic linker to perform extra"
+ echo " work at startup, waste system resources, and may pose a security"
+ echo " risk. On some architectures, the code may not even function"
+ echo " properly, if at all."
+ echo "${f}"
+
+ exit 1
+fi
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+TMP_DIR=$1
+
+check_files=$(find ${TMP_DIR} -name lib*.so*)
+
+command="scanelf -ByF '%S %p' $check_files | awk '$2 == "" { print }'"
+
+for i in $QUALITY_AGENT_WHITELIST_SONAME; do
+ if [ -n "$FILTER" ]; then
+ FILTER="$FILTER|$i"
+ else
+ FILTER="$i"
+ fi
+done
+
+if [ -n "$FILTER" ]; then
+ command="$command | grep -vE \"$FILTER\""
+fi
+
+echo " Searching bad libs that lack a SONAME..."
+if [ -n "$check_files" ]; then
+ f=$(command)
+ if [ -n "$f" ]; then
+ echo " QA Notice: The following shared libraries lack a SONAME"
+ echo "${f}"
+ exit 1
+ fi
+fi
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+TMP_DIR=$1
+
+check_files=$(find ${TMP_DIR} -name lib*.so*)
+
+echo " Searching bad libs that lack the NEEDED attribute..."
+if [ -n "$check_files" ]; then
+ f=$(scanelf -ByF '%n %p' $check_files | awk '$2 == "" { print }')
+ if [ -n "$f" ]; then
+ echo " QA Notice: The following shared libraries lack NEEDED entries"
+ echo "${f}"
+ exit 1
+ fi
+fi
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+## If the pyc and pyo files are the same, we can hardlink them
+
+echo " Hard-linking python bytecode files..."
+for pyc in $(find ${1} -type f -name "*.pyc"); do
+ pyo=$(echo "$pyc" | sed "s/.pyc$/.pyo/")
+ if cmp -s "$pyc" "$pyo"; then
+ ln -f "$pyc" "$pyo"
+ fi
+done
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+## Strip debugging symbols
+
+echo " Stripping debugging symbols..."
+for f in $(find ${1} -type f \( -perm -0100 -or -perm -0010 -or -perm -0001 \)); do
+ if (file $f | grep -q ' shared object,'); then
+ strip --strip-debug "$f" || :
+ fi
+done
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+## Strip unneeded symbols
+
+echo " Stripping unneeded symbols..."
+for f in $(find ${1} -type f); do
+ if (file $f | grep -q ' shared object,'); then
+ strip --strip-unneeded "$f" || :
+ fi
+done
projects / ipfire-3.x.git / commitdiff
