Index: ebuild.sh =================================================================== RCS file: /home/cvsroot/gentoo-src/portage/bin/ebuild.sh,v retrieving revision 1.133 diff -u -b -B -r1.133 ebuild.sh --- ebuild.sh 2 Jul 2003 03:23:36 -0000 1.133 +++ ebuild.sh 11 Jul 2003 06:39:41 -0000 @@ -252,11 +252,39 @@ } +# the antivirus feature should be disabled by default except when +# overridden in the relevant stages + +antivirus_scan() { + local buf + local ret + local x + + x=$1 + ret=1 + + ebegin ">>> Virus Scanning ${x} " + if [ -x "${AVS_SCANNER}" ]; then + # this assumes the syntax of "execfile options file/dir" + buf=$(${AVS_SCANNER} ${AVS_OPTS} ${x}) + ret=$? + [ ${ret} != 0 ] && myfail="something here " + else + myfail="No usable AVS_SCANNER found: ${AVS_SCANNER}" + fi + eend $ret + if [ "${myfail}" != "" ] ; then + echo "${buf}" + die "${myfail}" + fi +} + unpack() { local x local y local myfail local tarvars + local vscan if [ "$USERLAND" == "BSD" ]; then tarvars="" @@ -264,7 +292,12 @@ tarvars="--no-same-owner" fi + vscan=`has antivirus $FEATURES` + for x in "$@"; do + if [ "${vscan}" != "" ]; then + antivirus_scan $(pwd)/${x} + fi myfail="failure unpacking ${x}" echo ">>> Unpacking ${x} to $(pwd)" y="$(echo $x | sed 's:.*\.\(tar\)\.[a-zA-Z0-9]*:\1:')" @@ -645,7 +678,7 @@ dyn_compile() { trap "abort_compile" SIGINT SIGQUIT - export CFLAGS CXXFLAGS LIBCFLAGS LIBCXXFLAGS + export CFLAGS CXXFLAGS LIBCFLAGS LIBCXXFLAGS LDFLAGS ASFLAGS if has noauto $FEATURES &>/dev/null && [ ! -f ${BUILDDIR}/.unpacked ]; then echo echo "!!! We apparently haven't unpacked... This is probably not what you" @@ -708,6 +741,12 @@ echo "$RDEPEND" > RDEPEND echo "$SLOT" > SLOT echo "$USE" > USE + + # To keep the bugs down only use such flags when absolutely + # neccessary. + [ -n "${LDFLAGS}" ] && echo "${LDFLAGS}" > LDFLAGS + [ -n "${ASFLAGS}" ] && echo "${ASFLAGS}" > ASFLAGS + set | bzip2 -9 - > environment.bzip2 cp ${EBUILD} ${PF}.ebuild if has nostrip $FEATURES $RESTRICT; then @@ -755,6 +794,10 @@ prepall cd ${D} + if [ "`has antivirus $FEATURES`" != "" ]; then + # scan the whole directory + antivirus_scan ${D}/ + fi declare -i UNSAFE=0 for i in $(find ${D}/ -type f -perm -2002); do UNSAFE=$(($UNSAFE + 1)) @@ -775,6 +818,23 @@ else find ${D}/ -group portage -print0 | $XARGS -0 -n100 chgrp root fi + if [ "`has hardened $FEATURES`" != "" ]; then + for i in $(find ${D}/ -type f -perm -4000); do + ebegin ">>> SetUID: [chmod go-r] $i " + chmod go-r $i + eend $? + done + for i in $(find ${D}/ -type f -perm -2000); do + ebegin ">>> SetGID: [chmod o-r] $i " + chmod o-r $i + eend $? + done + # we could hook right in here and display suidperms or keep + # ourselfs a db. -solar + #suids=`find ${D}/ -type f \( -perm -4000 -o -perm -2000 \)` + #ls -ldh ${suids} + #md5sum ${suids} + fi echo ">>> Completed installing into ${D}" echo cd ${BUILDDIR} @@ -822,7 +882,7 @@ dyn_help() { echo echo "Portage" - echo "Copyright 2002 Gentoo Technologies, Inc." + echo "Copyright 1999-2003 Gentoo Technologies, Inc." echo echo "How to use the ebuild command:" echo