[RFC PATCH 1/3] Define a new debhelper dh_installfile-sigs and postinst autoscript

Fri, 08 Aug 2014 09:58:37 -0700 

This patch defines a debhelper dh_installfile-sigs and autoscript
postinst-file-sigs to install the ELF file and script signatures
stored in the sha256sums file.
---
 autoscripts/postinst-file-sigs | 17 ++++++++++++++++
 dh                             |  1 +
 dh_installfile-sigs            | 46 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 64 insertions(+)
 create mode 100644 autoscripts/postinst-file-sigs
 create mode 100755 dh_installfile-sigs

diff --git a/autoscripts/postinst-file-sigs b/autoscripts/postinst-file-sigs
new file mode 100644
index 0000000..8430d0b
--- /dev/null
+++ b/autoscripts/postinst-file-sigs
@@ -0,0 +1,17 @@
+file=$(dpkg-query --control-path #PACKAGE# sha256sums)
+if [ "$1" = "configure" ]; then
+       if [ -e "${file}" ]; then
+               while read -r line; do
+                       fn=$(echo "${line}" | awk '{print $2}')
+                       sig=$(echo "${line}" | awk '{print $3}')
+                       if [ ! -n "$sig" ]; then
+                               continue;
+                       fi
+
+                       file --brief $fn | grep -e 'ELF' -e 'script' > /dev/null
+                       if [ $? -eq 0 ]; then
+                               setfattr -n 'security.ima' -v 0x$sig $fn
+                       fi
+               done < "${file}"
+       fi
+fi
diff --git a/dh b/dh
index f3bd321..4f80f75 100755
--- a/dh
+++ b/dh
@@ -373,6 +373,7 @@ my @i = qw{
        dh_installifupdown
        dh_installinfo
        dh_installinit
+       dh_installfile-sigs
        dh_installmenu
        dh_installmime
        dh_installmodules
diff --git a/dh_installfile-sigs b/dh_installfile-sigs
new file mode 100755
index 0000000..200932d
--- /dev/null
+++ b/dh_installfile-sigs
@@ -0,0 +1,46 @@
+#!/usr/bin/perl -w
+
+=head1 NAME
+
+dh_installfile-sigs - install file signatures in the DEBIAN/sha256sums file as 
xattrs
+
+=cut
+
+use strict;
+use Cwd;
+use Debian::Debhelper::Dh_Lib;
+
+=head1 SYNOPSIS
+
+B<dh_installfile-sigs>
+
+=head1 DESCRIPTION
+
+B<dh_installfile-sigs> is a debhelper program that is responsible for 
automatically
+generating the F<postinst> commands needed to install file signatures 
contained in
+the F<DEBIAN/sha256sums> file.  These commands are inserted into the maintainer
+scripts by L<dh_installdeb(1)>.
+
+=cut
+
+init();
+
+foreach my $package (@{$dh{DOPACKAGES}}) {
+
+       if (! $dh{NOSCRIPTS}) {
+               
autoscript($package,"postinst","postinst-file-sigs","s!#PACKAGE#!$package!g");
+       }
+}
+
+
+=head1 SEE ALSO
+
+L<debhelper(7)>
+
+This program is a part of debhelper.
+
+=head1 AUTHOR
+
+Mimi Zohar <zo...@linux.vnet.ibm.com>
+
+=cut
-- 
1.8.1.4


-- 
To UNSUBSCRIBE, email to debian-dpkg-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/1407517061-22451-2-git-send-email-zo...@linux.vnet.ibm.com

Reply via email to