wok annotate bash/receipt @ rev 17196

bash: apply *all* security fixes (again)
author Pascal Bellard <pascal.bellard@slitaz.org>
date Wed Oct 08 15:03:17 2014 +0200 (2014-10-08)
parents 121d29ca7ca8
children 142a4a0548c5
rev   line source
pankso@14 1 # SliTaz package receipt.
pankso@14 2
pankso@14 3 PACKAGE="bash"
slaxemulator@8720 4 VERSION="4.2"
pankso@202 5 CATEGORY="system-tools"
pankso@14 6 SHORT_DESC="The GNU bourne SHell."
pankso@14 7 MAINTAINER="pankso@slitaz.org"
pascal@15201 8 LICENSE="GPL3"
pankso@14 9 TARBALL="$PACKAGE-$VERSION.tar.gz"
pankso@14 10 WEB_SITE="http://www.gnu.org/software/bash/"
pankso@14 11 WGET_URL="$GNU_MIRROR/$PACKAGE/$TARBALL"
pascal@17195 12 BASHCHECKURL="https://raw.githubusercontent.com/hannob/bashcheck/master/bashcheck"
pascal@17195 13 BASHCHECK="$(basename $BASHCHECKURL)"
pascal@17195 14 BASHPATCHES="$(for i in $(seq 1 53); do printf "bash${VERSION/./}-%03d " $i; done)"
pascal@17195 15 EXTRA_SOURCE_FILES="$BASHCHECK $BASHPATCHES"
pankso@14 16
slaxemulator@10407 17 DEPENDS="readline"
pascal@17195 18 BUILD_DEPENDS="readline bison wget texinfo"
pascal@17195 19
pascal@17195 20 patch_bash()
pascal@17195 21 {
pascal@17195 22 for i in $BASHPATCHES ; do
pascal@17195 23 [ -s "$SOURCES_REPOSITORY/$i" ] ||
pascal@17195 24 wget -O "$SOURCES_REPOSITORY/$i" \
pascal@17195 25 http://ftp.gnu.org/gnu/bash/bash-$VERSION-patches/$i
pascal@17195 26 echo "Apply $i ..."
pascal@17195 27 patch -p0 < $SOURCES_REPOSITORY/$i
pascal@17195 28 done
pascal@17195 29 }
slaxemulator@10407 30
gokhlayeh@8171 31 # Rules to compile & install the temporary toolchain.
gokhlayeh@8171 32 cook_tmp_toolchain()
gokhlayeh@8171 33 {
gokhlayeh@8171 34 cd $src
pascal@17195 35 patch_bash
gokhlayeh@8171 36 ./configure --without-bash-malloc &&
gokhlayeh@8171 37 make && make install
gokhlayeh@8171 38 }
gokhlayeh@8171 39
pankso@14 40 # Rules to configure and make the package.
pankso@14 41 compile_rules()
pankso@14 42 {
pankso@14 43 # Patch and then build.
pankso@14 44 cd $src
pascal@17195 45 patch_bash
pankso@10352 46 # Skip tests that can not run while cross-compiling.
pankso@10352 47 cat > config.cache << "EOF"
pankso@10352 48 ac_cv_func_mmap_fixed_mapped=yes
pankso@10352 49 ac_cv_func_strcoll_works=yes
pankso@10352 50 ac_cv_func_working_mktime=yes
pankso@10352 51 bash_cv_func_sigsetjmp=present
pankso@10352 52 bash_cv_getcwd_malloc=yes
pankso@10352 53 bash_cv_job_control_missing=present
pankso@10352 54 bash_cv_printf_a_format=yes
pankso@10352 55 bash_cv_sys_named_pipes=present
pankso@10352 56 bash_cv_ulimit_maxfds=yes
pankso@10352 57 bash_cv_under_sys_siglist=yes
pankso@10352 58 bash_cv_unusable_rtsigs=no
pankso@10352 59 gt_cv_int_divbyzero_sigfpe=yes
pankso@10352 60 EOF
pankso@10344 61 ./configure \
pankso@10352 62 $CONFIGURE_ARGS \
pankso@10352 63 --cache-file=config.cache \
pankso@10344 64 --bindir=/bin \
gokhlayeh@8171 65 --enable-history --enable-alias \
gokhlayeh@8171 66 --disable-nls --without-bash-malloc \
pankso@10344 67 --disable-help-builtin \
pankso@10344 68 --with-installed-readline &&
pascal@1553 69 make &&
gokhlayeh@8171 70 # Bash doesn't care about DESTDIR in environnment variable.
gokhlayeh@8171 71 make DESTDIR=$DESTDIR install
pascal@17195 72 [ -s "$SOURCES_REPOSITORY/$BASHCHECK" ] ||
pascal@17195 73 wget --no-check-certificate -O "$SOURCES_REPOSITORY/$BASHCHECK" $BASHCHECKURL
pascal@17196 74 $DESTDIR/bin/bash $SOURCES_REPOSITORY/$BASHCHECK $DESTDIR/bin/bash | tee bashcheck.log
pascal@17195 75 grep Vulnerable bashcheck.log && echo "ERROR: Vulnerable"
pankso@14 76 }
pankso@14 77
pankso@14 78 # Rules to gen a SliTaz package suitable for Tazpkg.
pankso@14 79 genpkg_rules()
pankso@14 80 {
pascal@14999 81 cp -a $install/bin $fs
pankso@14 82 # Config files.
pankso@14 83 #
pankso@14 84 mkdir $fs/etc
pankso@9697 85 cp $stuff/example.bashrc $fs/etc/bashrc
pankso@14 86 }
pankso@14 87
xfred222@13689 88
pankso@14 89 post_install()
pankso@14 90 {
pankso@14 91 local root
pankso@14 92 root=$1
pankso@14 93 echo "Processing post-install commands..."
xfred222@13689 94 echo -n "Do you want to set Bash to default (y/N) ? : "
gokhlayeh@7635 95 read -t 30 anser
xfred222@13689 96 if [ "$anser" == "y" ]; then
pankso@14 97 echo ""
xfred222@13689 98 echo "Setting bash as default for all users"
xfred222@13689 99 sed -i "s/:\/bin\/sh$/:\/bin\/bash/g" /etc/passwd
xfred222@13689 100 sed -i "s/:\/bin\/ksh$/:\/bin\/bash/g" /etc/passwd
xfred222@13689 101 sed -i "s/:\/bin\/zsh$/:\/bin\/bash/g" /etc/passwd
xfred222@13689 102 sed -i "s/:\/bin\/csh$/:\/bin\/bash/g" /etc/passwd
xfred222@13689 103 echo "Creating .bashrc file for all users"
xfred222@13689 104 for i in `ls -d /home/*`
xfred222@13689 105 do
xfred222@13689 106 cp /etc/bashrc $i/.bashrc
xfred222@13689 107 done
xfred222@13689 108 cp /etc/bashrc /root/.bashrc
xfred222@13689 109 cp /etc/bashrc /etc/skel/.bashrc
pankso@14 110 fi
pankso@14 111 }
pankso@2156 112
xfred222@13689 113
pankso@2156 114 pre_remove()
pankso@2156 115 {
slaxemulator@9610 116 local root
slaxemulator@9610 117 root=$1
xfred222@13689 118 echo "Setting back sh as default for all users"
xfred222@13689 119 sed -i "s/:\/bin\/bash$/:\/bin\/sh/g" /etc/passwd
mojo@15805 120 if [ -f /etc/skel/.bashrc ]; then
xfred222@13689 121 rm /etc/skel/.bashrc
mojo@15805 122 fi
pankso@2156 123 }