Ian Pratt
2005-Dec-02 02:42 UTC
RE: [Xen-devel] Re: [PATCH] install.sh: install as root with reasonablepermissions
> I played around with a few other ideas and I think that the > /tmp option is a clean and easy solution. Here is a patch > that does this.If this is well tested, and no one else can think of any drawbacks, I suggest we apply. Thanks, Ian> # HG changeset patch > # User Horms <horms@verge.net.au> > # Node ID 651f32f67427ebb167eb2b6d921182bb21da2a7b > # Parent 340bec28050f360b9d800fb354abfd6b5ee80bd2 > [INSTALL] Fix owner and permissions for installed files > > Make sure that installed files have sensible permissions and > are owned by the user running install, presumably root. > > Without this patch, if the user that does the build has a > restrictive umask, say 0077, and the install is done into /, > then /lib, will become only accessable to that user. > > Signed-Off-By: Horms <horms@verge.net.au> > > diff -r 340bec28050f -r 651f32f67427 install.sh > --- a/install.sh Fri Dec 2 02:16:21 2005 > +++ b/install.sh Fri Dec 2 02:21:15 2005 > @@ -22,19 +22,25 @@ > exit 1 > fi > > +tmp="`mktemp -d`" > + > echo "Installing Xen from ''$src'' to ''$dst''..." > -(cd $src; tar -cf - --exclude etc/init.d --exclude > etc/hotplug --exclude etc/udev * ) | tar -C $dst -xf - -cp > -fdRL $src/etc/init.d/* $dst/etc/init.d/ > +(cd $src; tar -cf - --exclude etc/init.d --exclude etc/hotplug > +--exclude etc/udev * ) | tar -C "$tmp" -xf - cp -fdRL > $src/etc/init.d/* > +"$tmp"/etc/init.d/ > echo "All done." > > [ -x "$(which udevinfo)" ] && \ > UDEV_VERSION=$(udevinfo -V | sed -e ''s/^[^0-9]* > \([0-9]\{1,\}\)[^0-9]\{0,\}/\1/'') > > if [ -n "$UDEV_VERSION" ] && [ $UDEV_VERSION -ge 059 ]; then > - cp -f $src/etc/udev/rules.d/*.rules $dst/etc/udev/rules.d/ > + cp -f $src/etc/udev/rules.d/*.rules "$tmp/etc/udev/rules.d/" > else > - cp -f $src/etc/hotplug/*.agent $dst/etc/hotplug/ > + cp -f $src/etc/hotplug/*.agent "$tmp/etc/hotplug/" > fi > + > +chmod -R a+rX "$tmp" > +(cd $tmp; tar -cf - *) | tar --no-same-owner -C "$dst" -xf - rm -r > +"$tmp" > > echo "Checking to see whether prerequisite tools are installed..." > cd $src/../check > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Horms
2005-Dec-02 03:53 UTC
[Xen-devel] Re: [PATCH] install.sh: install as root with?reasonablepermissions
Ian Pratt <m+Ian.Pratt@cl.cam.ac.uk> wrote:> >> I played around with a few other ideas and I think that the >> /tmp option is a clean and easy solution. Here is a patch >> that does this. > > If this is well tested, and no one else can think of any drawbacks, I > suggest we apply.Well, I did test it, though I''m not sure if that counts as well tested. -- Horms _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Horms
2006-Mar-02 07:12 UTC
[Xen-devel] Re: [PATCH] install.sh: install as root?with?reasonablepermissions
[Applologies if this is a duplicate, I thought I sent it earlier today, but it seems to have gone into a black hole, pobably between keyboard and chair] In article <dmogfd$6sb$1@sea.gmane.org> you wrote:> Ian Pratt <m+Ian.Pratt@cl.cam.ac.uk> wrote: >> >>> I played around with a few other ideas and I think that the >>> /tmp option is a clean and easy solution. Here is a patch >>> that does this. >> >> If this is well tested, and no one else can think of any drawbacks, I >> suggest we apply. > > Well, I did test it, though I''m not sure if that counts as well tested.Hi, I''d like to resubmit this patch for consideration. I have been using it without event in a variety of environments since I originally posted it in December. -- Horms # HG changeset patch # User Horms <horms@verge.net.au> # Node ID 5487bd2d2bfc01f0b113d410c5923e736be7fa1c # Parent 9794d56f1b45132d6e3480630d754224cb373814 [INSTALL] Fix owner and permissions for installed files Make sure that installed files have sensible permissions and are owned by the user running install, presumably root. Without this patch, if the user that does the build has a restrictive umask, say 0077, and the install is done into /, then /lib, will become only accessible to that user. Signed-Off-By: Horms <horms@verge.net.au> diff -r 9794d56f1b45 -r 5487bd2d2bfc install.sh --- a/install.sh Fri Dec 16 02:12:45 2005 +++ b/install.sh Fri Dec 16 02:14:09 2005 @@ -22,19 +22,28 @@ exit 1 fi +tmp="`mktemp -d`" + echo "Installing Xen from ''$src'' to ''$dst''..." -(cd $src; tar -cf - --exclude etc/init.d --exclude etc/hotplug --exclude etc/udev * ) | tar -C $dst -xf - -cp -fdRL $src/etc/init.d/* $dst/etc/init.d/ +(cd $src; tar -cf - --exclude etc/init.d --exclude etc/hotplug --exclude etc/udev * ) | tar -C "$tmp" -xf - +mkdir -p "$tmp"/etc/init.d/ +cp -fdRL $src/etc/init.d/* "$tmp"/etc/init.d/ echo "All done." [ -x "$(which udevinfo)" ] && \ UDEV_VERSION=$(udevinfo -V | sed -e ''s/^[^0-9]* \([0-9]\{1,\}\)[^0-9]\{0,\}/\1/'') if [ -n "$UDEV_VERSION" ] && [ $UDEV_VERSION -ge 059 ]; then - cp -f $src/etc/udev/rules.d/*.rules $dst/etc/udev/rules.d/ + mkdir -p "$tmp/etc/udev/rules.d/" + cp -f $src/etc/udev/rules.d/*.rules "$tmp/etc/udev/rules.d/" else - cp -f $src/etc/hotplug/*.agent $dst/etc/hotplug/ + mkdir -p "$tmp/etc/hotplug/" + cp -f $src/etc/hotplug/*.agent "$tmp/etc/hotplug/" fi + +chmod -R a+rX "$tmp" +(cd $tmp; tar -cf - *) | tar --no-same-owner -C "$dst" -xf - +rm -r "$tmp" echo "Checking to see whether prerequisite tools are installed..." cd $src/../check _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel