diff options
| author | Slava Barinov <v.barinov@samsung.com> | 2017-07-18 13:21:10 +0300 |
|---|---|---|
| committer | Dongkyun Son <dongkyun.s@samsung.com> | 2017-09-04 06:27:21 +0000 |
| commit | 5ed053ed76de004798ba2f2b9302a9a5b5ee83c7 (patch) | |
| tree | f9e8befefae75f75136762e4020927550bd20e5d | |
| parent | 05613e6729bee5382c51138a07014e109a8c15b2 (diff) | |
| download | rpm-accepted/tizen/base/20170908.223808.tar.gz rpm-accepted/tizen/base/20170908.223808.tar.bz2 rpm-accepted/tizen/base/20170908.223808.zip | |
Added _debug_manifest to set SMACK label to "_" for debug packagessubmit/tizen_base/20170830.083645accepted/tizen/base/20170908.223808
Tizen debuginfo and debugsource packages have arbitrary SMACK labels, which are
inherited from the process that performs installation.
Sometimes this leads to "Access denied" while reading debuginfo by tools.
Change-Id: I321a327ba8bf651b4875df42082522f4867cadee
Signed-off-by: Slava Barinov <v.barinov@samsung.com>
| -rw-r--r-- | build/files.c | 3 | ||||
| -rw-r--r-- | macros.in | 4 | ||||
| -rw-r--r-- | packaging/debug.manifest | 5 | ||||
| -rw-r--r-- | packaging/rpm-tizen_macros | 7 | ||||
| -rw-r--r-- | packaging/rpm.spec | 3 |
5 files changed, 20 insertions, 2 deletions
diff --git a/build/files.c b/build/files.c index bb259253c..c4d54fc88 100644 --- a/build/files.c +++ b/build/files.c @@ -2307,6 +2307,9 @@ static void addDebuginfoPackage(rpmSpec spec, Package pkg, char *buildroot) if (access (tmp, F_OK) != 0) continue; + /* Add security manifest to set right SMACK labels */ + argvAdd(&files, "%manifest %{name}-debuginfo.manifest"); + /* Append the file list preamble. */ if (!files) { @@ -185,7 +185,7 @@ %_find_debuginfo_ko_strip_opts %{?_rpm_ko_strip_option:\'--strip-ko-option=%{_rpm_ko_strip_option}\'} %__debug_install_post \ - %{_rpmconfigdir}/find-debuginfo.sh %{?_missing_build_ids_terminate_build:--strict-build-id} %{?_find_debuginfo_opts} %{?_find_debuginfo_strip_opts} %{?_find_debuginfo_ko_strip_opts} "%{_builddir}/%{?buildsubdir}"\ + %{_rpmconfigdir}/find-debuginfo.sh %{?_missing_build_ids_terminate_build:--strict-build-id} %{?_find_debuginfo_opts} %{?_find_debuginfo_strip_opts} %{?_find_debuginfo_ko_strip_opts} "%{_builddir}/%{?buildsubdir}" %{?_install_debug_manifest} \ %{nil} # Template for debug information sub-package. @@ -201,6 +201,7 @@ Debug sources are useful when developing applications that use this\ package or when debugging this package.\ %files debugsource -f debugsources.list\ %defattr(-,root,root)\ +%manifest %{name}-debugsource.manifest \ %{nil} %_defaultdocdir %{_datadir}/doc/packages @@ -1186,4 +1187,3 @@ end} /usr/sbin/groupadd -o -r %{1} 2>/dev/null || :\ /usr/sbin/useradd -o -r -g %{1} -d %{2} -s %{3} -c %{4} %{1} 2>/dev/null || :\ %{nil} - diff --git a/packaging/debug.manifest b/packaging/debug.manifest new file mode 100644 index 000000000..017d22d3a --- /dev/null +++ b/packaging/debug.manifest @@ -0,0 +1,5 @@ +<manifest> + <request> + <domain name="_"/> + </request> +</manifest> diff --git a/packaging/rpm-tizen_macros b/packaging/rpm-tizen_macros index 5df91fbee..fedf7289d 100644 --- a/packaging/rpm-tizen_macros +++ b/packaging/rpm-tizen_macros @@ -325,3 +325,10 @@ to develop applications that require %{name}.\ %posttrans(n:) %%posttrans %{?-n:-n %{-n*}}%{*} \ echo "Running %{?-n:%{-n*}}%{!?-n:%{name}%{?1:-%{1}}} %%posttrans script" \ %{nil} + +%_debug_manifest %{_rpmconfigdir}/debug.manifest + +%_install_debug_manifest \ + cp %{_debug_manifest} %{_builddir}/%{?buildsubdir}/%{name}-debuginfo.manifest \ + cp %{_debug_manifest} %{_builddir}/%{?buildsubdir}/%{name}-debugsource.manifest \ +%{nil} diff --git a/packaging/rpm.spec b/packaging/rpm.spec index b5109ffef..4897db8a1 100644 --- a/packaging/rpm.spec +++ b/packaging/rpm.spec @@ -45,6 +45,7 @@ Source8: rpmconfigcheck Source13: find-docs.sh Source22: device-sec-policy Source23: find-provides.ksyms +Source24: debug.manifest Source1001: rpm.manifest Source0: rpm-%{version}.tar.bz2 Source9: libsymlink.attr @@ -201,6 +202,7 @@ install -m 755 scripts/find-supplements %{buildroot}%{rpmhome} install -m 755 scripts/find-supplements.ksyms %{buildroot}%{rpmhome} install -m 755 scripts/firmware.prov %{buildroot}%{rpmhome} install -m 755 scripts/debuginfo.prov %{buildroot}%{rpmhome} +install -m 644 %{SOURCE24} %{buildroot}%{rpmhome} rm -f %{buildroot}%{rpmlibdir}/locale %{buildroot}%{rpmlibdir}/rpmrc mkdir -p %{buildroot}%{_sysconfdir}/rpm chmod 755 %{buildroot}%{_sysconfdir}/rpm @@ -309,6 +311,7 @@ rm -f %{_dbpath}/Filemd5s \ %{rpmhome}/*.req %{rpmhome}/macros.* %{rpmhome}/fileattrs +%{rpmhome}/debug.manifest %ifarch aarch64 ppc64le %{rpmhome}/config.* %endif |