diff options
-rw-r--r-- | system/paxmark/APKBUILD | 23 | ||||
-rw-r--r-- | system/paxmark/paxmark | 33 |
2 files changed, 56 insertions, 0 deletions
diff --git a/system/paxmark/APKBUILD b/system/paxmark/APKBUILD new file mode 100644 index 000000000..767803915 --- /dev/null +++ b/system/paxmark/APKBUILD @@ -0,0 +1,23 @@ +# Contributor: Timo Teräs <timo.teras@iki.fi> +# Maintainer: A. Wilcox <awilfox@adelielinux.org> +pkgname=paxmark +pkgver=0.11 +pkgrel=0 +pkgdesc="Manage PaX marking of executables" +url="https://alpinelinux.org" +arch="noarch" +options="!check" +license="GPL-2.0-only" +depends="attr" +makedepends="" +install="" +subpackages="" +source="paxmark" + +package() { + mkdir -p "$pkgdir"/usr/sbin + install -m755 "$srcdir"/paxmark "$pkgdir"/usr/sbin + ln -s paxmark "$pkgdir"/usr/sbin/paxmark.sh +} + +sha512sums="c43b5a48a8ac14b027114f712820b1fb8b0e209fcfe1a69eb64b4c68289a3bb3f26c3ea40350cbfdaa97329b4a8e1de2582025e5221c3016aff85bb75118e665 paxmark" diff --git a/system/paxmark/paxmark b/system/paxmark/paxmark new file mode 100644 index 000000000..f80eb69ff --- /dev/null +++ b/system/paxmark/paxmark @@ -0,0 +1,33 @@ +#!/bin/sh + +ret=0 +flags="${1//[!zPpEeMmRrSs]}" +[ -n "${flags}" ] || exit 0 +shift + +# Create XATTR_PAX marking using attr +xval="" +[ "${flags//[!P]}" ] && xval="${xval}P" +[ "${flags//[!p]}" -a -z "${flags//[!P]}" ] && xval="${xval}p" +[ "${flags//[!E]}" ] && xval="${xval}E" +[ "${flags//[!e]}" -a -z "${flags//[!E]}" ] && xval="${xval}e" +[ -z "${flags//[!zEe]}" ] && xval="${xval}e" +[ "${flags//[!M]}" ] && xval="${xval}M" +[ "${flags//[!m]}" -a -z "${flags//[!M]}" ] && xval="${xval}m" +[ "${flags//[!R]}" ] && xval="${xval}R" +[ "${flags//[!r]}" -a -z "${flags//[!R]}" ] && xval="${xval}r" +[ "${flags//[!S]}" ] && xval="${xval}S" +[ "${flags//[!s]}" -a -z "${flags//[!S]}" ] && xval="${xval}s" + +for f in "$@"; do + if [ -n "FAKEROOTKEY" ]; then + # fakeroot does not set xattr's on disk. + # explicitly do that, because the marked binary might + # be executed next during install. + LD_PRELOAD="" FAKEROOTKEY="" attr -q -s pax.flags -V "${xval}" "${f}" >/dev/null || ret=1 + fi + attr -q -s pax.flags -V "${xval}" "${f}" >/dev/null || ret=1 +done + +exit $ret + |