From 60b7f2fa7a61a0c2adb439455182dcf6434c8552 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Sun, 19 Oct 2014 19:36:59 -0400 Subject: [PATCH] Added facl function to restore file permissions on files copied to image --- functions.sh | 51 +++- .../extra-whonix-files/.facl | 77 +++++ scripts_debian/extra-qubes-files/.facl | 273 ++++++++++++++++++ 3 files changed, 390 insertions(+), 11 deletions(-) create mode 100644 scripts_debian/custom_wheezy_whonix-gateway/extra-whonix-files/.facl create mode 100644 scripts_debian/extra-qubes-files/.facl diff --git a/functions.sh b/functions.sh index 460ea6b..955f482 100755 --- a/functions.sh +++ b/functions.sh @@ -1,3 +1,6 @@ +#!/bin/bash +# vim: set ts=4 sw=4 sts=4 et : + ################################################################################ # Global functions ################################################################################ @@ -168,24 +171,50 @@ customStep() { # ------------------------------------------------------------------------------ # Copy extra file tree to $INSTALLDIR +# +# To set file permissions is a PITA since git won't save them and will +# complain heavily if they are set to root only read, so this is the procdure: +# +# 1. Change to the directory that you want to have file permissions retained +# 2. Change all the file permissions / ownership as you want +# 3. Change back to the root of the exta directory (IE: extra-qubes-files) +# 4. getfacl -R . > ".facl" +# 5. If git complains; reset file ownership back to user. The .facl file stored +# the file permissions and will be used to reset the file permissions after +# they get copied over to $INSTALLDIR +# NOTE: Don't forget to redo this process if you add -OR- remove files # ------------------------------------------------------------------------------ copy_dirs() { - DIR="$1" - info "Entering Copy extra file tree to $INSTALLDIR..." + dir="$1" + install_dir="$(readlink -m ${INSTALLDIR})" + + info "copy_dirs(): ${install_dir}" if [ -n "${TEMPLATE_FLAVOR}" ]; then - CUSTOMDIR="$SCRIPTSDIR/custom_${DIST}_${TEMPLATE_FLAVOR}/${DIR}" + custom_dir="${SCRIPTSDIR}/custom_${DIST}_${TEMPLATE_FLAVOR}/${dir}" else - CUSTOMDIR="$SCRIPTSDIR/custom_${DIST}/${DIR}" + custom_dir="${SCRIPTSDIR}/custom_${DIST}/${dir}" fi - if [ -d "$CUSTOMDIR" ]; then - debug "Copying $CUSTOMDIR/* $INSTALLDIR..." - cp -rp "$CUSTOMDIR/"* "$INSTALLDIR" - elif [ -d "$SCRIPTSDIR/${DIR}" ]; then - debug "Copying $SCRIPTSDIR/${DIR}/* $INSTALLDIR" - cp -rp "$SCRIPTSDIR/${DIR}/"* "$INSTALLDIR" + if [ -d "${custom_dir}" ]; then + dir="${custom_dir}/" + elif [ -d "${SCRIPTSDIR}/${dir}" ]; then + dir="${SCRIPTSDIR}/${dir}/" else - debug "No extra files to copy" + debug "No extra files to copy for ${dir}" + return 0 + fi + + dir="$(readlink -m $dir)" + debug "Copying ${dir}/* ${install_dir}" + cp -rp "${dir}/"* "${install_dir}" + + if [ -f "${dir}/.facl" ]; then + debug "Restoring file permissions..." + pushd "$install_dir" + { + setfacl --restore="${dir}/.facl" 2>/dev/null ||: + } + popd fi } diff --git a/scripts_debian/custom_wheezy_whonix-gateway/extra-whonix-files/.facl b/scripts_debian/custom_wheezy_whonix-gateway/extra-whonix-files/.facl new file mode 100644 index 0000000..d047a8c --- /dev/null +++ b/scripts_debian/custom_wheezy_whonix-gateway/extra-whonix-files/.facl @@ -0,0 +1,77 @@ +# file: . +# owner: root +# group: root +user::rwx +group::r-x +other::r-x + +# file: etc +# owner: root +# group: root +user::rwx +group::r-x +other::r-x + +# file: etc/udev +# owner: root +# group: root +user::rwx +group::r-x +other::r-x + +# file: etc/udev/rules.d +# owner: root +# group: root +user::rwx +group::r-x +other::r-x + +# file: etc/udev/rules.d/99-qubes-whonix.rules +# owner: root +# group: root +user::rw- +group::r-- +other::r-- + +# file: .facl +# owner: root +# group: root +user::rw- +group::r-- +other::r-- + +# file: usr +# owner: root +# group: root +user::rwx +group::r-x +other::r-x + +# file: usr/lib +# owner: root +# group: root +user::rwx +group::r-x +other::r-x + +# file: usr/lib/whonix +# owner: root +# group: root +user::rwx +group::r-x +other::r-x + +# file: usr/lib/whonix/setup-ip +# owner: root +# group: root +user::rwx +group::r-x +other::r-x + +# file: usr/lib/whonix/replace-ips +# owner: root +# group: root +user::rwx +group::r-x +other::r-x + diff --git a/scripts_debian/extra-qubes-files/.facl b/scripts_debian/extra-qubes-files/.facl new file mode 100644 index 0000000..8e44ed9 --- /dev/null +++ b/scripts_debian/extra-qubes-files/.facl @@ -0,0 +1,273 @@ +# file: . +# owner: user +# group: user +user::rwx +group::r-x +other::r-x + +# file: etc +# owner: root +# group: root +user::rwx +group::r-x +other::r-x + +# file: etc/udev +# owner: root +# group: root +user::rwx +group::r-x +other::r-x + +# file: etc/udev/rules.d +# owner: root +# group: root +user::rwx +group::r-x +other::r-x + +# file: etc/udev/rules.d/xen-backend.rules +# owner: root +# group: root +user::rw- +group::r-- +other::r-- + +# file: etc/udev/rules.d/98-kexec.rules +# owner: root +# group: root +user::rw- +group::r-- +other::r-- + +# file: etc/xen +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/vif-bridge +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/vtpm-delete +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/vif2 +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/vtpm +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/external-device-migrate +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/vif-route-qubes +# owner: root +# group: root +user::rwx +group::r-x +other::r-x + +# file: etc/xen/scripts/network-nat +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/xen-hotplug-common.sh +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/vtpm-common.sh +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/vtpm-impl +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/locking.sh +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/xen-hotplug-cleanup +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/xen-network-common.sh +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/block-nbd +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/block +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/hotplugpath.sh +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/vtpm-migration.sh +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/network-bridge +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/block-enbd +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/vif-common.sh +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/vif-setup +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/vif-nat +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/vif-route +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/vscsi +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/network-route +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/blktap +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/xen-script-common.sh +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/logging.sh +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/block-common.sh +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: etc/xen/scripts/vtpm-hotplug-common.sh +# owner: root +# group: root +user::rwx +group::--- +other::--- + +# file: .facl +# owner: user +# group: user +user::rwx +group::rwx +other::rwx +