forked from archlinuxhardened/selinux
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbuild_and_install_all.sh
executable file
·211 lines (188 loc) · 6.49 KB
/
build_and_install_all.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
#!/bin/sh
# Build and install every package which is not already installed
cd "$(dirname -- "$0")" || exit $?
if [ "$(id -u)" = 0 ]
then
echo >&2 "makepkg does not support building as root. Please run with an other user (e.g. nobody)"
exit 1
fi
# Verify whether a package needs to be installed
needs_install() {
local CURRENT_VERSION PKGREL PKGVER
if "$UPGRADE_GIT_PACKAGE"
then
# Always ugrade -git packages
if [ "${1%-git}" != "$1" ]
then
return 0
fi
fi
CURRENT_VERSION="$(LANG=C pacman -Q "${1##*/}" 2> /dev/null | awk '{print $2}')"
if [ -z "$CURRENT_VERSION" ]
then
# The package was not installed
return 0
fi
PKGVER="$(sed -n 's/^\s*pkgver = \(\S\+\)/\1/p' "$1/.SRCINFO" | head -n1)"
PKGREL="$(sed -n 's/^\s*pkgrel = \(\S\+\)/\1/p' "$1/.SRCINFO" | head -n1)"
if [ "$CURRENT_VERSION" = "$PKGVER-$PKGREL" ]
then
# The package is already installed to the same version as in the tree
return 1
fi
# If the package is a git package, do not install it if the git tree
# contains an older package
if [ "${1%-git}" != "$1" ] && [ "$(vercmp "$CURRENT_VERSION" "$PKGVER-$PKGREL")" -ge 0 ]
then
return 1
fi
return 0
}
# Build a package
# Arguments:
# - package name
# - makepkg environment tweaks
build() {
rm -rf "./$1/src" "./$1/pkg"
rm -f "./$1/"*.pkg.tar.xz "./$1/"*.pkg.tar.xz.sig
(cd "./$1" && shift && makepkg -s -C --noconfirm "$@") || exit $?
}
# Run an install command for a package which may conflict with a base package
# and answer yes to ":: $PKG-selinux and $PKG are in conflict. Remove $PKG? [y/N]"
# Use undocumented pacman's --ask=4 option to do this while in --noconfirm
#
# 4 is ALPM_QUESTION_CONFLICT_PKG in https://git.archlinux.org/pacman.git/tree/lib/libalpm/alpm.h?h=v5.0.2#n602
# and --ask=... inverts the default answer of the interactive question according
# to https://git.archlinux.org/pacman.git/tree/src/pacman/callback.c?h=v5.0.2#n490
run_conflictual_install() {
local SUBCOMMAND
if [ "$1" = "pacman" ] ; then
shift
set pacman '--noconfirm' '--ask=4' "$@"
elif [ "$1" = "sh" ] && [ "$2" = "-c" ] ; then
# run "sh -c 'subcommand with pacman'
SUBCOMMAND="$3"
shift 3
set sh '-c' "$(echo "$SUBCOMMAND" | sed 's/pacman /pacman --noconfirm --ask=4 /g')" "$@"
else
echo >&2 "Internal error: run_conflictual_install without pacman but '$*'"
exit 1
fi
# Invoke pacman with sudo
if ! sudo LANG=C "$@"
then
echo >&2 "Error: the following command failed, sudo LANG=C $*"
exit 1
fi
}
# Build and install a package
build_and_install() {
needs_install "$1" || return 0
build "$@"
run_conflictual_install pacman -U "./$1/"*.pkg.tar.xz
}
# Install python-ipy package from the AUR, if it is not already installed
install_python_ipy() {
local MAKEPKGDIR
if pacman -Qi python-ipy > /dev/null 2>&1
then
return 0
fi
MAKEPKGDIR="$(mktemp -d makepkg-python-ipy-XXXXXX)"
git -C "$MAKEPKGDIR" clone https://aur.archlinux.org/python-ipy.git || exit $?
(cd "$MAKEPKGDIR/python-ipy" && makepkg -si --noconfirm --asdeps) || exit $?
rm -rf "$MAKEPKGDIR"
}
# Parse options
UPGRADE_GIT_PACKAGE=false
while getopts ":gh" OPT
do
case "$OPT" in
h)
echo "Usage: $0 [OPTIONS]"
echo ""
echo "Build and install/upgrade every package which is not already installed"
echo ""
echo "Optional arguments:"
echo " -h display this help and exit"
echo " -g always upgrade -git packages"
echo " (default: upgrade only when pkgver-pkgrel changes)"
exit
;;
g)
UPGRADE_GIT_PACKAGE=true
;;
esac
done
# Install the packages which are needed for the script if they are not already installed
# base and base-devel groups are supposed to be installed
for PKG in expect git
do
if ! pacman -Qi "$PKG" > /dev/null 2>&1
then
sudo pacman --noconfirm -S "$PKG" || exit $?
fi
done
# SELinux userspace packages
build_and_install libsepol
build_and_install libselinux
build_and_install secilc
build_and_install checkpolicy
# setools 3.3.8-5 Makefile has dependencies issues when installing __init__.py for qpol
# (install command can be invoked before the destination directory is created)
build_and_install setools MAKEFLAGS="-j1"
build_and_install libsemanage
build_and_install mcstrans
build_and_install policycoreutils
build_and_install semodule-utils
build_and_install restorecond
install_python_ipy
build_and_install selinux-python
build_and_install selinux-gui
build_and_install selinux-dbus-config
build_and_install selinux-sandbox
# pacman hook
build_and_install selinux-alpm-hook
# Core packages with SELinux support
build_and_install pambase-selinux
build_and_install pam-selinux
build_and_install coreutils-selinux
build_and_install findutils-selinux
build_and_install iproute2-selinux
build_and_install logrotate-selinux
build_and_install openssh-selinux
build_and_install psmisc-selinux
build_and_install shadow-selinux
build_and_install cronie-selinux
if needs_install sudo-selinux
then
# sudo is special because /etc/sudoers gets deleted in the process
# If we are not careful, this is a way to be locked out of a machine
build sudo-selinux
if [ -e "/etc/sudoers.pacsave" ]
then
echo >&2 'Ugh, /etc/sudoers.pacsave exists. Aborting now before breaking the system!'
exit 1
fi
run_conflictual_install sh -c \
'{ pacman -U sudo-selinux/sudo-selinux-*.pkg.tar.xz && if test -e /etc/sudoers.pacsave ; then mv /etc/sudoers.pacsave /etc/sudoers ; fi }'
fi
# Handle util-linux/systemd build-time cycle dependency (https://bugs.archlinux.org/task/39767)
if needs_install util-linux-selinux || needs_install systemd-selinux
then
build util-linux-selinux
run_conflictual_install pacman -U util-linux-selinux/libutil-linux-selinux-*.pkg.tar.xz
build systemd-selinux
run_conflictual_install pacman -U systemd-selinux/libsystemd-selinux-*.pkg.tar.xz
build_and_install util-linux-selinux
build_and_install systemd-selinux
fi
build_and_install dbus-selinux
# Kernel with SELinux support
build_and_install linux-selinux
# Reference policy source package
build_and_install selinux-refpolicy-src
# Refpolicy with Arch Linux patches
build_and_install selinux-refpolicy-arch
# Refpolicy git master
build_and_install selinux-refpolicy-git