QubesOS
/
qubes-linux-template-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added facl function to restore file permissions on files copied to image

Browse Source
pull/1/head
Jason Mehring 10 years ago
parent 86ca300413
commit 60b7f2fa7a
3 changed files with 390 additions and 11 deletions
Show Stats Download Patch File Download Diff File

51
functions.sh
Unescape View File

@ -1,3 +1,6 @@
#!/bin/bash
# vim: set ts=4 sw=4 sts=4 et :
################################################################################ ################################################################################
# Global functions # Global functions
################################################################################ ################################################################################
@ -168,24 +171,50 @@ customStep() {
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Copy extra file tree to $INSTALLDIR # Copy extra file tree to $INSTALLDIR
#
# To set file permissions is a PITA since git won't save them and will
# complain heavily if they are set to root only read, so this is the procdure:
#
# 1. Change to the directory that you want to have file permissions retained
# 2. Change all the file permissions / ownership as you want
# 3. Change back to the root of the exta directory (IE: extra-qubes-files)
# 4. getfacl -R . > ".facl"
# 5. If git complains; reset file ownership back to user. The .facl file stored
# the file permissions and will be used to reset the file permissions after
# they get copied over to $INSTALLDIR
# NOTE: Don't forget to redo this process if you add -OR- remove files
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
copy_dirs() { copy_dirs() {
DIR="$1" dir="$1"
info "Entering Copy extra file tree to $INSTALLDIR..." install_dir="$(readlink -m ${INSTALLDIR})"
info "copy_dirs(): ${install_dir}"
if [ -n "${TEMPLATE_FLAVOR}" ]; then if [ -n "${TEMPLATE_FLAVOR}" ]; then
CUSTOMDIR="$SCRIPTSDIR/custom_${DIST}_${TEMPLATE_FLAVOR}/${DIR}" custom_dir="${SCRIPTSDIR}/custom_${DIST}_${TEMPLATE_FLAVOR}/${dir}"
else else
CUSTOMDIR="$SCRIPTSDIR/custom_${DIST}/${DIR}" custom_dir="${SCRIPTSDIR}/custom_${DIST}/${dir}"
fi fi
if [ -d "$CUSTOMDIR" ]; then if [ -d "${custom_dir}" ]; then
debug "Copying $CUSTOMDIR/* $INSTALLDIR..." dir="${custom_dir}/"
cp -rp "$CUSTOMDIR/"* "$INSTALLDIR" elif [ -d "${SCRIPTSDIR}/${dir}" ]; then
elif [ -d "$SCRIPTSDIR/${DIR}" ]; then dir="${SCRIPTSDIR}/${dir}/"
debug "Copying $SCRIPTSDIR/${DIR}/* $INSTALLDIR"
cp -rp "$SCRIPTSDIR/${DIR}/"* "$INSTALLDIR"
else else
debug "No extra files to copy" debug "No extra files to copy for ${dir}"
return 0
fi
dir="$(readlink -m $dir)"
debug "Copying ${dir}/* ${install_dir}"
cp -rp "${dir}/"* "${install_dir}"
if [ -f "${dir}/.facl" ]; then
debug "Restoring file permissions..."
pushd "$install_dir"
{
setfacl --restore="${dir}/.facl" 2>/dev/null ||:
}
popd
fi fi
} }

77
scripts_debian/custom_wheezy_whonix-gateway/extra-whonix-files/.facl
Unescape View File

@ -0,0 +1,77 @@
# file: .
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/udev
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/udev/rules.d
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/udev/rules.d/99-qubes-whonix.rules
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: .facl
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: usr
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/setup-ip
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/replace-ips
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

273
scripts_debian/extra-qubes-files/.facl
Unescape View File

@ -0,0 +1,273 @@
# file: .
# owner: user
# group: user
user::rwx
group::r-x
other::r-x
# file: etc
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/udev
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/udev/rules.d
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/udev/rules.d/xen-backend.rules
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: etc/udev/rules.d/98-kexec.rules
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: etc/xen
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vif-bridge
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vtpm-delete
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vif2
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vtpm
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/external-device-migrate
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vif-route-qubes
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/xen/scripts/network-nat
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/xen-hotplug-common.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vtpm-common.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vtpm-impl
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/locking.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/xen-hotplug-cleanup
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/xen-network-common.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/block-nbd
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/block
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/hotplugpath.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vtpm-migration.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/network-bridge
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/block-enbd
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vif-common.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vif-setup
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vif-nat
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vif-route
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vscsi
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/network-route
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/blktap
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/xen-script-common.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/logging.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/block-common.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vtpm-hotplug-common.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: .facl
# owner: user
# group: user
user::rwx
group::rwx
other::rwx
Write Preview
Loading…
Cancel
Save