1 |
commit: 55af0a5a4b0319b75cab06b78b8fc62d135cd0d4 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon May 20 19:46:38 2013 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon May 20 19:46:38 2013 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=55af0a5a |
7 |
|
8 |
scripts/pax-mark: bash utility to do what the eclass does |
9 |
|
10 |
--- |
11 |
scripts/Makefile.am | 2 +- |
12 |
scripts/pax-mark | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++ |
13 |
2 files changed, 112 insertions(+), 1 deletions(-) |
14 |
|
15 |
diff --git a/scripts/Makefile.am b/scripts/Makefile.am |
16 |
index 6728a83..5cef3e1 100644 |
17 |
--- a/scripts/Makefile.am |
18 |
+++ b/scripts/Makefile.am |
19 |
@@ -1,4 +1,4 @@ |
20 |
ACLOCAL_AMFLAGS = -I m4 |
21 |
|
22 |
-dist_sbin_SCRIPTS = pypaxctl migrate-pax revdep-pax |
23 |
+dist_sbin_SCRIPTS = migrate-pax pax-mark pypaxctl revdep-pax |
24 |
EXTRA_DIST = paxmodule.c setup.py |
25 |
|
26 |
diff --git a/scripts/pax-mark b/scripts/pax-mark |
27 |
new file mode 100755 |
28 |
index 0000000..c8fc7ed |
29 |
--- /dev/null |
30 |
+++ b/scripts/pax-mark |
31 |
@@ -0,0 +1,111 @@ |
32 |
+#!/bin/bash -l |
33 |
+ |
34 |
+has() { |
35 |
+ [[ "${2/$1/}" != "$2" ]] && return 0 |
36 |
+ return 1 |
37 |
+} |
38 |
+ |
39 |
+pax-mark() { |
40 |
+ |
41 |
+ local f # loop over paxables |
42 |
+ local flags # pax flags |
43 |
+ local pt_fail=0 pt_failures="" # record PT_PAX failures |
44 |
+ local xt_fail=0 xt_failures="" # record xattr PAX marking failures |
45 |
+ local ret=0 # overal return code of this function |
46 |
+ |
47 |
+ # Only the actual PaX flags and z are accepted |
48 |
+ # 1. The leading '-' is optional |
49 |
+ # 2. -C -c only make sense for paxctl, but are unnecessary |
50 |
+ # because we progressively do -q -qc -qC |
51 |
+ # 3. z is allowed for the default |
52 |
+ |
53 |
+ flags="${1//[!zPpEeMmRrSs]}" |
54 |
+ [[ "${flags}" ]] || return 0 |
55 |
+ shift |
56 |
+ |
57 |
+ # z = default. For XATTR_PAX, the default is no xattr field at all |
58 |
+ local dodefault="" |
59 |
+ [[ "${flags//[!z]}" ]] && dodefault="yes" |
60 |
+ |
61 |
+ if has PT "${PAX_MARKINGS}"; then |
62 |
+ |
63 |
+ #First try paxctl -> this might try to create/convert program headers |
64 |
+ if type -p paxctl > /dev/null; then |
65 |
+ for f in "$@"; do |
66 |
+ # First, try modifying the existing PAX_FLAGS header |
67 |
+ paxctl -q${flags} "${f}" >/dev/null 2>&1 && continue |
68 |
+ # Second, try creating a PT_PAX header (works on ET_EXEC) |
69 |
+ # Even though this is less safe, most exes need it, eg bug #463170 |
70 |
+ paxctl -qC${flags} "${f}" >/dev/null 2>&1 && continue |
71 |
+ # Third, try stealing the (unused under PaX) PT_GNU_STACK header |
72 |
+ paxctl -qc${flags} "${f}" >/dev/null 2>&1 && continue |
73 |
+ pt_fail=1 |
74 |
+ pt_failures="${pt_failures} ${f}" |
75 |
+ done |
76 |
+ |
77 |
+ #Next try paxctl-ng -> this will not create/convert any program headers |
78 |
+ elif type -p paxctl-ng > /dev/null && paxctl-ng -L ; then |
79 |
+ flags="${flags//z}" |
80 |
+ for f in "$@"; do |
81 |
+ [[ ${dodefault} == "yes" ]] && paxctl-ng -L -z "${f}" >/dev/null 2>&1 |
82 |
+ [[ "${flags}" ]] || continue |
83 |
+ paxctl-ng -L -${flags} "${f}" >/dev/null 2>&1 && continue |
84 |
+ pt_fail=1 |
85 |
+ pt_failures="${pt_failures} ${f}" |
86 |
+ done |
87 |
+ |
88 |
+ #Finally fall back on scanelf |
89 |
+ elif type -p scanelf > /dev/null && [[ ${PAX_MARKINGS} != "none" ]]; then |
90 |
+ scanelf -Xxz ${flags} "$@" >/dev/null 2>&1 |
91 |
+ |
92 |
+ #We failed to set PT_PAX flags |
93 |
+ elif [[ ${PAX_MARKINGS} != "none" ]]; then |
94 |
+ pt_failures="$*" |
95 |
+ pt_fail=1 |
96 |
+ fi |
97 |
+ |
98 |
+ if [[ ${pt_fail} == 1 ]]; then |
99 |
+ ret=1 |
100 |
+ fi |
101 |
+ fi |
102 |
+ |
103 |
+ if has XT "${PAX_MARKINGS}"; then |
104 |
+ |
105 |
+ flags="${flags//z}" |
106 |
+ |
107 |
+ #First try paxctl-ng |
108 |
+ if type -p paxctl-ng > /dev/null && paxctl-ng -l ; then |
109 |
+ for f in "$@"; do |
110 |
+ [[ ${dodefault} == "yes" ]] && paxctl-ng -d "${f}" >/dev/null 2>&1 |
111 |
+ [[ "${flags}" ]] || continue |
112 |
+ paxctl-ng -l -${flags} "${f}" >/dev/null 2>&1 && continue |
113 |
+ xt_fail=1 |
114 |
+ xt_failures="${tx_failures} ${f}" |
115 |
+ done |
116 |
+ |
117 |
+ #Next try setfattr |
118 |
+ elif type -p setfattr > /dev/null; then |
119 |
+ [[ "${flags//[!Ee]}" ]] || flags+="e" # bug 447150 |
120 |
+ for f in "$@"; do |
121 |
+ [[ ${dodefault} == "yes" ]] && setfattr -x "user.pax.flags" "${f}" >/dev/null 2>&1 |
122 |
+ setfattr -n "user.pax.flags" -v "${flags}" "${f}" >/dev/null 2>&1 && continue |
123 |
+ xt_fail=1 |
124 |
+ xt_failures="${tx_failures} ${f}" |
125 |
+ done |
126 |
+ |
127 |
+ #We failed to set XATTR_PAX flags |
128 |
+ elif [[ ${PAX_MARKINGS} != "none" ]]; then |
129 |
+ xt_failures="$*" |
130 |
+ xt_fail=1 |
131 |
+ fi |
132 |
+ |
133 |
+ if [[ ${xt_fail} == 1 ]]; then |
134 |
+ ret=1 |
135 |
+ fi |
136 |
+ fi |
137 |
+ |
138 |
+ return ${ret} |
139 |
+} |
140 |
+ |
141 |
+PAX_MARKINGS=${PAX_MARKINGS:="PT XT"} |
142 |
+pax-mark "$@" |