linux/scripts/package/builddeb
Sven Joachim d1889589a4 builddeb: Fix rootless build in setuid/setgid directory
Building 5.10-rc1 in a setgid directory failed with the following
error:

dpkg-deb: error: control directory has bad permissions 2755 (must be
>=0755 and <=0775)

When building with fakeroot, the earlier chown call would have removed
the setgid bits, but in a rootless build they remain.

Fixes: 3e8541803624 ("builddeb: Enable rootless builds")
Cc: Guillem Jover <guillem@hadrons.org>
Signed-off-by: Sven Joachim <svenjoac@gmx.de>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2020-11-02 11:31:00 +09:00

238 lines
7.1 KiB
Bash
Executable File

#!/bin/sh
#
# builddeb 1.3
# Copyright 2003 Wichert Akkerman <wichert@wiggy.net>
#
# Simple script to generate a deb package for a Linux kernel. All the
# complexity of what to do with a kernel after it is installed or removed
# is left to other scripts and packages: they can install scripts in the
# /etc/kernel/{pre,post}{inst,rm}.d/ directories (or an alternative location
# specified in KDEB_HOOKDIR) that will be called on package install and
# removal.
set -e
is_enabled() {
grep -q "^$1=y" include/config/auto.conf
}
if_enabled_echo() {
if is_enabled "$1"; then
echo -n "$2"
elif [ $# -ge 3 ]; then
echo -n "$3"
fi
}
create_package() {
local pname="$1" pdir="$2"
local dpkg_deb_opts
mkdir -m 755 -p "$pdir/DEBIAN"
mkdir -p "$pdir/usr/share/doc/$pname"
cp debian/copyright "$pdir/usr/share/doc/$pname/"
cp debian/changelog "$pdir/usr/share/doc/$pname/changelog.Debian"
gzip -n -9 "$pdir/usr/share/doc/$pname/changelog.Debian"
sh -c "cd '$pdir'; find . -type f ! -path './DEBIAN/*' -printf '%P\0' \
| xargs -r0 md5sum > DEBIAN/md5sums"
# Fix ownership and permissions
if [ "$DEB_RULES_REQUIRES_ROOT" = "no" ]; then
dpkg_deb_opts="--root-owner-group"
else
chown -R root:root "$pdir"
fi
chmod -R go-w "$pdir"
# in case we are in a restrictive umask environment like 0077
chmod -R a+rX "$pdir"
# in case we build in a setuid/setgid directory
chmod -R ug-s "$pdir"
# Create the package
dpkg-gencontrol -p$pname -P"$pdir"
dpkg-deb $dpkg_deb_opts ${KDEB_COMPRESS:+-Z$KDEB_COMPRESS} --build "$pdir" ..
}
deploy_kernel_headers () {
pdir=$1
rm -rf $pdir
(
cd $srctree
find . arch/$SRCARCH -maxdepth 1 -name Makefile\*
find include scripts -type f -o -type l
find arch/$SRCARCH -name Kbuild.platforms -o -name Platform
find $(find arch/$SRCARCH -name include -o -name scripts -type d) -type f
) > debian/hdrsrcfiles
{
if is_enabled CONFIG_STACK_VALIDATION; then
echo tools/objtool/objtool
fi
find arch/$SRCARCH/include Module.symvers include scripts -type f
if is_enabled CONFIG_GCC_PLUGINS; then
find scripts/gcc-plugins -name \*.so
fi
} > debian/hdrobjfiles
destdir=$pdir/usr/src/linux-headers-$version
mkdir -p $destdir
tar -c -f - -C $srctree -T debian/hdrsrcfiles | tar -xf - -C $destdir
tar -c -f - -T debian/hdrobjfiles | tar -xf - -C $destdir
rm -f debian/hdrsrcfiles debian/hdrobjfiles
# copy .config manually to be where it's expected to be
cp $KCONFIG_CONFIG $destdir/.config
mkdir -p $pdir/lib/modules/$version/
ln -s /usr/src/linux-headers-$version $pdir/lib/modules/$version/build
}
deploy_libc_headers () {
pdir=$1
rm -rf $pdir
$MAKE -f $srctree/Makefile headers
$MAKE -f $srctree/Makefile headers_install INSTALL_HDR_PATH=$pdir/usr
# move asm headers to /usr/include/<libc-machine>/asm to match the structure
# used by Debian-based distros (to support multi-arch)
host_arch=$(dpkg-architecture -a$(cat debian/arch) -qDEB_HOST_MULTIARCH)
mkdir $pdir/usr/include/$host_arch
mv $pdir/usr/include/asm $pdir/usr/include/$host_arch/
}
version=$KERNELRELEASE
tmpdir=debian/linux-image
dbg_dir=debian/linux-image-dbg
packagename=linux-image-$version
dbg_packagename=$packagename-dbg
if [ "$ARCH" = "um" ] ; then
packagename=user-mode-linux-$version
fi
# Not all arches have the same installed path in debian
# XXX: have each arch Makefile export a variable of the canonical image install
# path instead
case $ARCH in
um)
installed_image_path="usr/bin/linux-$version"
;;
parisc|mips|powerpc)
installed_image_path="boot/vmlinux-$version"
;;
*)
installed_image_path="boot/vmlinuz-$version"
esac
BUILD_DEBUG=$(if_enabled_echo CONFIG_DEBUG_INFO Yes)
# Setup the directory structure
rm -rf "$tmpdir" "$dbg_dir" debian/files
mkdir -m 755 -p "$tmpdir/DEBIAN"
mkdir -p "$tmpdir/lib" "$tmpdir/boot"
# Install the kernel
if [ "$ARCH" = "um" ] ; then
mkdir -p "$tmpdir/usr/lib/uml/modules/$version" "$tmpdir/usr/bin" "$tmpdir/usr/share/doc/$packagename"
cp System.map "$tmpdir/usr/lib/uml/modules/$version/System.map"
cp $KCONFIG_CONFIG "$tmpdir/usr/share/doc/$packagename/config"
gzip "$tmpdir/usr/share/doc/$packagename/config"
else
cp System.map "$tmpdir/boot/System.map-$version"
cp $KCONFIG_CONFIG "$tmpdir/boot/config-$version"
fi
cp "$($MAKE -s -f $srctree/Makefile image_name)" "$tmpdir/$installed_image_path"
if is_enabled CONFIG_OF_EARLY_FLATTREE; then
# Only some architectures with OF support have this target
if [ -d "${srctree}/arch/$SRCARCH/boot/dts" ]; then
$MAKE -f $srctree/Makefile INSTALL_DTBS_PATH="$tmpdir/usr/lib/$packagename" dtbs_install
fi
fi
if is_enabled CONFIG_MODULES; then
INSTALL_MOD_PATH="$tmpdir" $MAKE -f $srctree/Makefile modules_install
rm -f "$tmpdir/lib/modules/$version/build"
rm -f "$tmpdir/lib/modules/$version/source"
if [ "$ARCH" = "um" ] ; then
mv "$tmpdir/lib/modules/$version"/* "$tmpdir/usr/lib/uml/modules/$version/"
rmdir "$tmpdir/lib/modules/$version"
fi
if [ -n "$BUILD_DEBUG" ] ; then
for module in $(find $tmpdir/lib/modules/ -name *.ko -printf '%P\n'); do
module=lib/modules/$module
mkdir -p $(dirname $dbg_dir/usr/lib/debug/$module)
# only keep debug symbols in the debug file
$OBJCOPY --only-keep-debug $tmpdir/$module $dbg_dir/usr/lib/debug/$module
# strip original module from debug symbols
$OBJCOPY --strip-debug $tmpdir/$module
# then add a link to those
$OBJCOPY --add-gnu-debuglink=$dbg_dir/usr/lib/debug/$module $tmpdir/$module
done
# resign stripped modules
if is_enabled CONFIG_MODULE_SIG_ALL; then
INSTALL_MOD_PATH="$tmpdir" $MAKE -f $srctree/Makefile modules_sign
fi
fi
fi
# Install the maintainer scripts
# Note: hook scripts under /etc/kernel are also executed by official Debian
# kernel packages, as well as kernel packages built using make-kpkg.
# make-kpkg sets $INITRD to indicate whether an initramfs is wanted, and
# so do we; recent versions of dracut and initramfs-tools will obey this.
debhookdir=${KDEB_HOOKDIR:-/etc/kernel}
for script in postinst postrm preinst prerm ; do
mkdir -p "$tmpdir$debhookdir/$script.d"
cat <<EOF > "$tmpdir/DEBIAN/$script"
#!/bin/sh
set -e
# Pass maintainer script parameters to hook scripts
export DEB_MAINT_PARAMS="\$*"
# Tell initramfs builder whether it's wanted
export INITRD=$(if_enabled_echo CONFIG_BLK_DEV_INITRD Yes No)
test -d $debhookdir/$script.d && run-parts --arg="$version" --arg="/$installed_image_path" $debhookdir/$script.d
exit 0
EOF
chmod 755 "$tmpdir/DEBIAN/$script"
done
if [ "$ARCH" != "um" ]; then
if is_enabled CONFIG_MODULES; then
deploy_kernel_headers debian/linux-headers
create_package linux-headers-$version debian/linux-headers
fi
deploy_libc_headers debian/linux-libc-dev
create_package linux-libc-dev debian/linux-libc-dev
fi
create_package "$packagename" "$tmpdir"
if [ -n "$BUILD_DEBUG" ] ; then
# Build debug package
# Different tools want the image in different locations
# perf
mkdir -p $dbg_dir/usr/lib/debug/lib/modules/$version/
cp vmlinux $dbg_dir/usr/lib/debug/lib/modules/$version/
# systemtap
mkdir -p $dbg_dir/usr/lib/debug/boot/
ln -s ../lib/modules/$version/vmlinux $dbg_dir/usr/lib/debug/boot/vmlinux-$version
# kdump-tools
ln -s lib/modules/$version/vmlinux $dbg_dir/usr/lib/debug/vmlinux-$version
create_package "$dbg_packagename" "$dbg_dir"
fi
exit 0