Subject: Portage Toys
Newsgroups: gmane.linux.gentoo.devel, gmane.linux.gentoo.hardened
Date: 2004-09-30 23:43:28 GMT (3 years, 39 weeks, 4 days, 3 hours and 29 minutes ago)
Portage has this really great feature-file that's often overlooked which can be used in almost unlimited ways to customize your gentoo linux install or preform tasks that you would otherwise have to open a bug for. Sometimes your bug may not even be appropriate or suited for the masses. But thankfully there is bashrc to the rescue. quoting from the manpage: "If needed this file can be used to setup a different environment for ebuilds than the root environment. Syntax is the same as any other bash script." Ok sounds good lets take it for a drive..... Yada yada crunch etc and stuff... About a week later here.. Ok so now I want to share an example which I'm now using on my own box which have made my life easier.. these examples require bash3 but that easy enough to backport. ------------------------------------------------------------------------ Per package CFLAGS /etc/portage/package.cflags Like many others I'm always fighting for space. I want some optimizations on some packages but not the same optimizations on others and portage has no way to handle this currently and I got tired of waiting for package.env so I wrote a simple way to handle cflags on a per package or category basis. (this is what started it all) ------------------------------------------------------------------------ I've seen alot of people ask about this feature. Never knew why it does not exists. None the less here you go. FEATURES="distclean" This feature will automatically remove files that portage downloads to $DISTDIR based on what's defined in an ebuilds SRC_URI. In one of the final ebuild phases of ebuild.sh (postinst) we check that file exists and is a regular file then that the user (me) has FEATURES="distclean" defined and all conditions are met we simply remove the file to save space/memory after we don't need it anymore. ------------------------------------------------------------------------- # Source Based Auto Auditing Features. These two features for people who have nothing better to do that look for flaws in packages via portage semi automatically. This feature should not be used by people who have no clue what they are doing. FEATURES=flawfinder Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function. Flawfinder can only process .c / .cpp files. FEATURES=rats This feature is a lot like flawfinder. Only it can process c/cpp/php/pl vs flawfinder c/cpp. Each auditing tool each has it's own advantages and disadvantages. If FEATURE_AUDIT_LOGPATH is found in the environment then we will save the audit logs to the dir defined by that variable. To use either one of these you must have rats || flawfinder installed accordingly. ------------------------------------------------------------------------ This code is all experimental and if it does not work for you, breaks something or you think my bash sucks I really don't care. I just wanted to share the idea that with /etc/portage/bashrc you can do some really cool things. -enjoy -- Ned Ludd <solar <at> gentoo.org> Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $
# - /etc/portage/bashrc
if [ "$0" = "/usr/lib/portage/bin/ebuild.sh" -o "$0" = "/usr/lib/portage/bin/ebuild-daemon.sh" ]; then
if [ "${DEBUG}" != "" ]; then
echo ----------------------------------------------------
echo \$_=$_
echo \$\*=$*
echo \$@=$@
echo PORTDIR=$PORTDIR
echo CATEGORY=$CATEGORY
echo PN=$PN
echo PV=$PV
echo PR=$PR
echo PF=$PF
echo P=$P
echo USER=$USER
echo HOME=$HOME
echo PATH=${PATH}
echo LD_PRELOAD=${LD_PRELOAD}
echo ----------------------------------------------------
fi
eecho() {
[ "$NOCOLOR" = "false" ] && echo -ne '\e[1;34m>\e[1;36m>\e[1;35m>\e[0m ' || echo -n ">>> "
echo "$*"
}
package-pre-compile() {
local i af1 af2 flaws audit line s_files
local save_pwd=$PWD
PATH=$PATH:/usr/sbin:/usr/bin:/bin:/sbin
echo "FEATURES=$FEATURES"
cd ${S} || return 0
[ -z "${FEATURE_AUDIT_LOGPATH}" ] && export FEATURE_AUDIT_LOGPATH="/var/log/ebuildaudit"
addwrite ${FEATURE_AUDIT_LOGPATH}
for audit in flawfinder rats; do
if [ "`has ${audit} ${FEATURES}`" != "" -a -x /usr/bin/${audit} ]; then
flaws=""
case "${audit}" in
flawfinder)
s_files="`find ${S} -name '*.c' -o -name '*.cpp'`"
[ -z "${FEATURE_FLAWFINDER_MINLEVEL}" ] && export FEATURE_FLAWFINDER_MINLEVEL=5
;;
rats)
s_files="`/usr/bin/find ${S} -name '*.c' -o -name '*.cpp' -o -name '*.php' -o -name '*.pl'`"
[ -z "${FEATURE_RATS_WARNLEVEL}" ] && export FEATURE_RATS_WARNLEVEL=1
;;
*) : ;;
esac
if [ -n "$s_files" ]; then
s_count=`echo ${s_files} | tr ' ' '\n' | wc -l | awk '{print $1}'`
eecho "Running ${audit} on [$s_count] files"
flaws=""
[ "${audit}" == "flawfinder" ] &&
flaws=$(/usr/bin/flawfinder --quiet --dataonly
--minlevel=${FEATURE_FLAWFINDER_MINLEVEL} ${s_files})
[ "${audit}" == "rats" ] &&
flaws=$(/usr/bin/rats --quiet --resultsonly --warning ${FEATURE_RATS_WARNLEVEL} ${s_files})
if [ -n "$flaws" ]; then
line="------------------------------------------------------------------------"
i=5;echo;while [ $i != 0 ]; do echo -ne ".\a" ; sleep 0.25 ; i=$(($i - 1)) ; done ;echo
echo ${line}
ewarn "${audit} report for ${PN} on $(date -u)"
echo ${line} ; echo -e "${flaws}" ; echo ${line}
i=5;echo;while [ $i != 0 ]; do echo -ne ".\a" ; sleep 0.25 ; i=$(($i - 1)) ; done ;echo
if [ -d "${FEATURE_AUDIT_LOGPATH}" ]; then
af1="${FEATURE_AUDIT_LOGPATH}/${PN}-${PV}_${audit}"
af2="${FEATURE_AUDIT_LOGPATH}/${audit}.log"
> $af1
for a in $af1 $af2 ; do
eecho "Saving audit data to $a"
echo ${line} >> ${a}
echo " * ${audit} report for ${PN} on $(date -u)" >> ${a}
echo ${line} >> ${a}
echo -e "${flaws}" >> ${a}
echo ${line} >> ${a}
done
fi
fi
fi
fi
done
cd ${save_pwd}
}
package-distdir-clean() {
local a x
for a in ${FEATURES} ; do
if [ "$a" = "distclean" ]; then
for x in ${SRC_URI}; do
x=$(/bin/basename $x)
if [[ -f $DISTDIR/$x ]]; then
size="$(/bin/ls -lh ${DISTDIR}/${x} | /bin/awk '{print $5}')"
eecho "All done with ${x} Removing it to save ${size}"
/bin/rm ${DISTDIR}/${x}
fi
done
fi
done
}
append-cflags() {
export CFLAGS="${CFLAGS} $*"
export CXXFLAGS="${CXXFLAGS} $*"
return 0
}
package-cflags() {
local target flags flag i;
# bail if file does not exist or is not readable.
[ -r ${ROOT}/etc/portage/package.cflags ] || return 0
# need bash >= 3
if [ "${BASH_VERSINFO[0]}" -le 2 ]; then
eecho "Need bash3 for this bashrc script to work"
return 0
fi
while read -a target; do
if [[ ${target[@]%%#*} ]]; then
# valid syntax no >=<! operators
# category CFLAGS
# category/packagename CFLAGS
if [[ ${target%%#*} && ${target%% *} =~ "^(${CATEGORY}|${CATEGORY}/${PN})\>" ]]; then
skip=0
if [[ ${target} != ${CATEGORY} ]] ; then
if [[ ${target} != ${CATEGORY}/${PN} ]] ; then
skip=1
fi
fi
if [ "${skip}" == 0 ] ; then
flags=(${target[@]:1})
if [[ ${flags[@]} =~ 'CFLAGS' ]]; then
for (( i = 0; i < ${#flags[@]}; i++ )); do
if [[ ${flags[$i]} =~ 'CFLAGS' ]]; then
appened-cflags $(eval echo "${flags[$i]}")
unset flags[$i]
fi
done
fi
for flag in ${flags[@]}; do
if [[ ${CFLAGS} =~ ${flag} ]]; then
continue 1
else
append-cflags "${flag}"
fi
done
export -n C{,XX}FLAGS
eecho "Using package.cflags entry for target ${target} for ${CATEGORY}/${PN}"
fi
fi
fi
done < ${ROOT}/etc/portage/package.cflags
}
case "$*" in
# stay really quiet here.
depend) : ;;
*)
if [ "${LD_PRELOAD##*/}" = "libsandbox.so" ]; then
[ "$NOCOLOR" = "false" ] && i=$(echo -ne '\e[1;32m+\e[0m') || i="+"
else
[ "$NOCOLOR" = "false" ] && i=$(echo -ne '\e[1;31m-\e[0m') || i="-"
fi
eecho "$USER ${i}sandbox($*)"
package-cflags
[ "$*" = "postinst" ] && package-distdir-clean
[ "$*" = "compile" ] && package-pre-compile
;;
esac
else
echo "This bashrc does not know anything about $0"
fi
# Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: $ # - /etc/portage/package.cflags ############## # Important: # ############## # >=dev-blah/blah syntax is not supported by this files. # We can take individual category names # Or we can take individual ebuild names # ############## # CATEGORIES # ############## app-editors -Os sys-apps -Os sys-fs -Os dev-libs -O1 net-misc -O2 net-www -O2 sys-boot -fno-stack-protector-all sys-libs -O1 sys-devel -Os gnome-base -Wl,-O1 gnome-extra -Wl,-O1 media-libs -O1 x11-misc -Wl,-O1 x11-wm -Wl,-O1 ################# # PACKAGE NAMES # ################# net-www/mozilla -O3 -Wl,-01 sys-apps/chpax -O1 sys-apps/paxctl -O1 mail-client/evolution -Wl,-O1 media-video/mplayer -O3 -mno-sse2 -fno-stack-protector -fno-stack-protector-all