summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--packaging/baselibs.conf4
-rw-r--r--packaging/qemu-accel-aarch64.spec13
-rw-r--r--packaging/qemu-accel-armv7l.spec13
-rw-r--r--packaging/qemu-accel.spec.in13
4 files changed, 36 insertions, 7 deletions
diff --git a/packaging/baselibs.conf b/packaging/baselibs.conf
index 04aa03a..9decd76 100644
--- a/packaging/baselibs.conf
+++ b/packaging/baselibs.conf
@@ -7,9 +7,11 @@ qemu-accel
targettype 32bit block!
autoreqprov off
+/
- requires "gcc"
+ requires "gcc sudo-rpm"
config -/pkg-config$
post "#PLUGIN_POSTIN#"
+ post "#PLUGIN_POSTIN_ACL#"
+ post "#PLUGIN_POSTIN_SUDO#"
postun "#PLUGIN_POSTUN#"
python-accel
diff --git a/packaging/qemu-accel-aarch64.spec b/packaging/qemu-accel-aarch64.spec
index 27c34cd..74c56b2 100644
--- a/packaging/qemu-accel-aarch64.spec
+++ b/packaging/qemu-accel-aarch64.spec
@@ -55,7 +55,7 @@ BuildRequires: python-xml
BuildRequires: python-magic
BuildRequires: python-rpm
BuildRequires: file
-BuildRequires: sudo
+BuildRequires: sudo acl
Summary: Native binaries for speeding up cross compile
License: GPL-2.0
Group: Development/Cross Compilation
@@ -122,7 +122,8 @@ for executable in $LD \
%{_bindir}/%{target_arch}-{c++,g++,cpp,gcc,gcc-${gcc_version},gcc-ar,gcc-nm,gcc-ranlib,gcov,gfortran} \
%{libdir}/gcc/%{target_arch}/${gcc_version}/{cc1,cc1plus,collect2,f951,lto1,lto-wrapper,liblto_plugin.so} \
%{_bindir}/file \
- %{_bindir}/sudo \
+ %{_bindir}/{sudo,getfacl,setfacl} \
+ %{_libexecdir}/sudo/{group_file.so,sudo_noexec.so,sudoers.so,system_group.so} \
%{_bindir}/{find,xargs}
do
binaries="$binaries $executable `ldd $executable | sed -n 's,.*=> \(/[^ ]*\) .*,\1,p'`"
@@ -138,6 +139,9 @@ do
done | grep -v "not owned" | sed -e "s/-[0-9].*//g" | sort -u
echo ""
+# Create storage for permissions
+mkdir -p %{buildroot}/%{our_path}
+echo '' > %{buildroot}/%{our_path}/permissions.acl
for binary in $binaries
do
@@ -152,6 +156,7 @@ do
echo "ERROR file $binary leaks host information into the guest"
exit 1
fi
+ getfacl $binary | sed -e '/file:/s|: |: %{our_path}/|' >> %{buildroot}%{our_path}/permissions.acl
rm -f $outfile.data
[ "$binary" == "$LD" ] && continue
patchelf --set-rpath "%{our_path}/%{libdir}" $outfile
@@ -184,6 +189,7 @@ ln -s usr/lib %{buildroot}%{our_path}/lib
for binary in addr2line ar as c++filt dwp elfedit gprof ld ld.bfd ld.gold nm objcopy objdump ranlib readelf size strings strip
do
mv %{buildroot}%{our_path}%{_bindir}/%{target_arch}-$binary %{buildroot}%{our_path}%{_bindir}/$binary
+ sed -e "/file:/s|%{_bindir}/%{target_arch}-$binary|%{_bindir}/$binary|" -i %{buildroot}%{our_path}/permissions.acl
done
mkdir -p %{buildroot}/%{our_path}/%{_prefix}/%{target_arch}/bin
@@ -236,6 +242,7 @@ for bin in c++ g++ cpp gcc gcc-ar gcc-nm gcc-ranlib gfortran
do
mv %{buildroot}%{our_path}%{_bindir}/%{target_arch}-$bin %{buildroot}/%{our_path}%{_bindir}/$bin
ln -s $bin %{buildroot}%{our_path}%{_bindir}/%{target_arch}-$bin
+ sed -e "/file:/s|%{_bindir}/%{target_arch}-$bin|%{_bindir}/$bin|" -i %{buildroot}%{our_path}/permissions.acl
done
mv %{buildroot}%{our_path}%{_bindir}/%{target_arch}-gcov %{buildroot}%{our_path}%{_bindir}/gcov
ln -s gcc %{buildroot}%{our_path}/%{_bindir}/cc
@@ -269,6 +276,8 @@ set -x
# update baselibs.conf, overwrite LTO plugin
sed -i -e "s,#PLUGIN_POSTIN#,ln -sf %{our_path}%{_libdir}/gcc/%{target_arch}/${gcc_version}/liblto_plugin.so %{libdir}/gcc/%{target_arch}/${gcc_version}/liblto_plugin.so," %{_sourcedir}/baselibs.conf
sed -i -e "s,#PLUGIN_POSTUN#,ln -sf liblto_plugin.so.0 %{libdir}/gcc/%{target_arch}/${gcc_version}/liblto_plugin.so," %{_sourcedir}/baselibs.conf
+sed -i -e "s,#PLUGIN_POSTIN_ACL#,%{our_path}/bin/setfacl --restore=%{our_path}/permissions.acl," %{_sourcedir}/baselibs.conf
+sed -i -e "s,#PLUGIN_POSTIN_SUDO#,for f in group_file.so sudo_noexec.so sudoers.so system_group.so; do ln -sf %{our_path}%{_libexecdir}/sudo/\$f %{_libexecdir}/sudo/\$f ; done," %{_sourcedir}/baselibs.conf
# allow build of baselibs.conf
sed -i -e "/targettype %{cross} block!/d" %{_sourcedir}/baselibs.conf
diff --git a/packaging/qemu-accel-armv7l.spec b/packaging/qemu-accel-armv7l.spec
index 0ca0cc2..7c4de3d 100644
--- a/packaging/qemu-accel-armv7l.spec
+++ b/packaging/qemu-accel-armv7l.spec
@@ -55,7 +55,7 @@ BuildRequires: python-xml
BuildRequires: python-magic
BuildRequires: python-rpm
BuildRequires: file
-BuildRequires: sudo
+BuildRequires: sudo acl
Summary: Native binaries for speeding up cross compile
License: GPL-2.0
Group: Development/Cross Compilation
@@ -122,7 +122,8 @@ for executable in $LD \
%{_bindir}/%{target_arch}-{c++,g++,cpp,gcc,gcc-${gcc_version},gcc-ar,gcc-nm,gcc-ranlib,gcov,gfortran} \
%{libdir}/gcc/%{target_arch}/${gcc_version}/{cc1,cc1plus,collect2,f951,lto1,lto-wrapper,liblto_plugin.so} \
%{_bindir}/file \
- %{_bindir}/sudo \
+ %{_bindir}/{sudo,getfacl,setfacl} \
+ %{_libexecdir}/sudo/{group_file.so,sudo_noexec.so,sudoers.so,system_group.so} \
%{_bindir}/{find,xargs}
do
binaries="$binaries $executable `ldd $executable | sed -n 's,.*=> \(/[^ ]*\) .*,\1,p'`"
@@ -138,6 +139,9 @@ do
done | grep -v "not owned" | sed -e "s/-[0-9].*//g" | sort -u
echo ""
+# Create storage for permissions
+mkdir -p %{buildroot}/%{our_path}
+echo '' > %{buildroot}/%{our_path}/permissions.acl
for binary in $binaries
do
@@ -152,6 +156,7 @@ do
echo "ERROR file $binary leaks host information into the guest"
exit 1
fi
+ getfacl $binary | sed -e '/file:/s|: |: %{our_path}/|' >> %{buildroot}%{our_path}/permissions.acl
rm -f $outfile.data
[ "$binary" == "$LD" ] && continue
patchelf --set-rpath "%{our_path}/%{libdir}" $outfile
@@ -184,6 +189,7 @@ ln -s usr/lib %{buildroot}%{our_path}/lib
for binary in addr2line ar as c++filt dwp elfedit gprof ld ld.bfd ld.gold nm objcopy objdump ranlib readelf size strings strip
do
mv %{buildroot}%{our_path}%{_bindir}/%{target_arch}-$binary %{buildroot}%{our_path}%{_bindir}/$binary
+ sed -e "/file:/s|%{_bindir}/%{target_arch}-$binary|%{_bindir}/$binary|" -i %{buildroot}%{our_path}/permissions.acl
done
mkdir -p %{buildroot}/%{our_path}/%{_prefix}/%{target_arch}/bin
@@ -236,6 +242,7 @@ for bin in c++ g++ cpp gcc gcc-ar gcc-nm gcc-ranlib gfortran
do
mv %{buildroot}%{our_path}%{_bindir}/%{target_arch}-$bin %{buildroot}/%{our_path}%{_bindir}/$bin
ln -s $bin %{buildroot}%{our_path}%{_bindir}/%{target_arch}-$bin
+ sed -e "/file:/s|%{_bindir}/%{target_arch}-$bin|%{_bindir}/$bin|" -i %{buildroot}%{our_path}/permissions.acl
done
mv %{buildroot}%{our_path}%{_bindir}/%{target_arch}-gcov %{buildroot}%{our_path}%{_bindir}/gcov
ln -s gcc %{buildroot}%{our_path}/%{_bindir}/cc
@@ -269,6 +276,8 @@ set -x
# update baselibs.conf, overwrite LTO plugin
sed -i -e "s,#PLUGIN_POSTIN#,ln -sf %{our_path}%{_libdir}/gcc/%{target_arch}/${gcc_version}/liblto_plugin.so %{libdir}/gcc/%{target_arch}/${gcc_version}/liblto_plugin.so," %{_sourcedir}/baselibs.conf
sed -i -e "s,#PLUGIN_POSTUN#,ln -sf liblto_plugin.so.0 %{libdir}/gcc/%{target_arch}/${gcc_version}/liblto_plugin.so," %{_sourcedir}/baselibs.conf
+sed -i -e "s,#PLUGIN_POSTIN_ACL#,%{our_path}/bin/setfacl --restore=%{our_path}/permissions.acl," %{_sourcedir}/baselibs.conf
+sed -i -e "s,#PLUGIN_POSTIN_SUDO#,for f in group_file.so sudo_noexec.so sudoers.so system_group.so; do ln -sf %{our_path}%{_libexecdir}/sudo/\$f %{_libexecdir}/sudo/\$f ; done," %{_sourcedir}/baselibs.conf
# allow build of baselibs.conf
sed -i -e "/targettype %{cross} block!/d" %{_sourcedir}/baselibs.conf
diff --git a/packaging/qemu-accel.spec.in b/packaging/qemu-accel.spec.in
index 67deb2b..95b453d 100644
--- a/packaging/qemu-accel.spec.in
+++ b/packaging/qemu-accel.spec.in
@@ -52,7 +52,7 @@ BuildRequires: python-xml
BuildRequires: python-magic
BuildRequires: python-rpm
BuildRequires: file
-BuildRequires: sudo
+BuildRequires: sudo acl
Summary: Native binaries for speeding up cross compile
License: GPL-2.0
Group: Development/Cross Compilation
@@ -119,7 +119,8 @@ for executable in $LD \
%{_bindir}/%{target_arch}-{c++,g++,cpp,gcc,gcc-${gcc_version},gcc-ar,gcc-nm,gcc-ranlib,gcov,gfortran} \
%{libdir}/gcc/%{target_arch}/${gcc_version}/{cc1,cc1plus,collect2,f951,lto1,lto-wrapper,liblto_plugin.so} \
%{_bindir}/file \
- %{_bindir}/sudo \
+ %{_bindir}/{sudo,getfacl,setfacl} \
+ %{_libexecdir}/sudo/{group_file.so,sudo_noexec.so,sudoers.so,system_group.so} \
%{_bindir}/{find,xargs}
do
binaries="$binaries $executable `ldd $executable | sed -n 's,.*=> \(/[^ ]*\) .*,\1,p'`"
@@ -135,6 +136,9 @@ do
done | grep -v "not owned" | sed -e "s/-[0-9].*//g" | sort -u
echo ""
+# Create storage for permissions
+mkdir -p %{buildroot}/%{our_path}
+echo '' > %{buildroot}/%{our_path}/permissions.acl
for binary in $binaries
do
@@ -149,6 +153,7 @@ do
echo "ERROR file $binary leaks host information into the guest"
exit 1
fi
+ getfacl $binary | sed -e '/file:/s|: |: %{our_path}/|' >> %{buildroot}%{our_path}/permissions.acl
rm -f $outfile.data
[ "$binary" == "$LD" ] && continue
patchelf --set-rpath "%{our_path}/%{libdir}" $outfile
@@ -181,6 +186,7 @@ ln -s usr/lib %{buildroot}%{our_path}/lib
for binary in addr2line ar as c++filt dwp elfedit gprof ld ld.bfd ld.gold nm objcopy objdump ranlib readelf size strings strip
do
mv %{buildroot}%{our_path}%{_bindir}/%{target_arch}-$binary %{buildroot}%{our_path}%{_bindir}/$binary
+ sed -e "/file:/s|%{_bindir}/%{target_arch}-$binary|%{_bindir}/$binary|" -i %{buildroot}%{our_path}/permissions.acl
done
mkdir -p %{buildroot}/%{our_path}/%{_prefix}/%{target_arch}/bin
@@ -233,6 +239,7 @@ for bin in c++ g++ cpp gcc gcc-ar gcc-nm gcc-ranlib gfortran
do
mv %{buildroot}%{our_path}%{_bindir}/%{target_arch}-$bin %{buildroot}/%{our_path}%{_bindir}/$bin
ln -s $bin %{buildroot}%{our_path}%{_bindir}/%{target_arch}-$bin
+ sed -e "/file:/s|%{_bindir}/%{target_arch}-$bin|%{_bindir}/$bin|" -i %{buildroot}%{our_path}/permissions.acl
done
mv %{buildroot}%{our_path}%{_bindir}/%{target_arch}-gcov %{buildroot}%{our_path}%{_bindir}/gcov
ln -s gcc %{buildroot}%{our_path}/%{_bindir}/cc
@@ -266,6 +273,8 @@ set -x
# update baselibs.conf, overwrite LTO plugin
sed -i -e "s,#PLUGIN_POSTIN#,ln -sf %{our_path}%{_libdir}/gcc/%{target_arch}/${gcc_version}/liblto_plugin.so %{libdir}/gcc/%{target_arch}/${gcc_version}/liblto_plugin.so," %{_sourcedir}/baselibs.conf
sed -i -e "s,#PLUGIN_POSTUN#,ln -sf liblto_plugin.so.0 %{libdir}/gcc/%{target_arch}/${gcc_version}/liblto_plugin.so," %{_sourcedir}/baselibs.conf
+sed -i -e "s,#PLUGIN_POSTIN_ACL#,%{our_path}/bin/setfacl --restore=%{our_path}/permissions.acl," %{_sourcedir}/baselibs.conf
+sed -i -e "s,#PLUGIN_POSTIN_SUDO#,for f in group_file.so sudo_noexec.so sudoers.so system_group.so; do ln -sf %{our_path}%{_libexecdir}/sudo/\$f %{_libexecdir}/sudo/\$f ; done," %{_sourcedir}/baselibs.conf
# allow build of baselibs.conf
sed -i -e "/targettype %{cross} block!/d" %{_sourcedir}/baselibs.conf