In der chroot-Umgebung aus der ersten Anleitung kann auch direkt ein rpm Paket erstellen, welches eine saubere Installation der aktualisierten Bash ermöglicht.
Die Anleitung beginnt an Punkt 2 (2. Bash Quellen bereitstellen) der ersten Anleitung!
In der chroot-Umgebung des Build Systems einen Benutzer für den Paketbau anlegen:
chroot /mnt/chroot adduser builder && su builder && cd ~
Im Anschluß werden die für rpmbuild notwendigen Verzeichnisse, die drei Bash Konfigurations-Dateien .bashrc, .bash_profile, .bash_logout und die Specs-Datei für den rpm-Paketbau angelegt und die Bash Quellcodes sowie Patches heruntergeaden.:
mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS} cd ~/rpmbuild/SOURCES/ wget ftp://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz wget ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/ -m -nd
cat <<'EOF' > dot-bash_logout # ~/.bash_logout: executed by bash(1) when login shell exits. # when leaving the console clear the screen to increase privacy if [ "$SHLVL" = 1 ]; then [ -x /usr/bin/clear_console ] && /usr/bin/clear_console -q fi EOF
cat <<'EOF' > dot-bash_profile # .bash_profile # Get the aliases and functions if [ -f ~/.bashrc ]; then . ~/.bashrc fi # User specific environment and startup programs PATH=$PATH:$HOME/bin export PATH EOF
cat <<'EOF' > dot-bashrc # If not running interactively, don't do anything [ -z "$PS1" ] && return # don't put duplicate lines or lines starting with space in the history. # See bash(1) for more options HISTCONTROL=ignoreboth # append to the history file, don't overwrite it shopt -s histappend # for setting history length see HISTSIZE and HISTFILESIZE in bash(1) HISTSIZE=10000 HISTFILESIZE=20000 # check the window size after each command and, if necessary, # update the values of LINES and COLUMNS. shopt -s checkwinsize # make less more friendly for non-text input files, see lesspipe(1) [ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" # set variable identifying the chroot you work in (used in the prompt below) if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then debian_chroot=$(cat /etc/debian_chroot) fi # set a fancy prompt (non-color, unless we know we "want" color) case "$TERM" in xterm-color) color_prompt=yes;; esac # uncomment for a colored prompt, if the terminal has the capability; turned # off by default to not distract the user: the focus in a terminal window # should be on the output of commands, not on the prompt #force_color_prompt=yes if [ -n "$force_color_prompt" ]; then if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then # We have color support; assume it's compliant with Ecma-48 # (ISO/IEC-6429). (Lack of such support is extremely rare, and such # a case would tend to support setf rather than setaf.) color_prompt=yes else color_prompt= fi fi if [ "$color_prompt" = yes ]; then PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' else PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' fi unset color_prompt force_color_prompt # If this is an xterm set the title to user@host:dir case "$TERM" in xterm*|rxvt*) PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" ;; *) ;; esac # enable color support of ls and also add handy aliases if [ -x /usr/bin/dircolors ]; then test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" alias ls='ls --color=auto' #alias dir='dir --color=auto' #alias vdir='vdir --color=auto' alias grep='grep --color=auto' alias fgrep='fgrep --color=auto' alias egrep='egrep --color=auto' fi # some more ls aliases alias ll='ls -alF' alias la='ls -A' alias l='ls -CF' # Add an "alert" alias for long running commands. Use like so: # sleep 10; alert alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"' # Alias definitions. # You may want to put all your additions into a separate file like # ~/.bash_aliases, instead of adding them here directly. # See /usr/share/doc/bash-doc/examples in the bash-doc package. if [ -f ~/.bash_aliases ]; then . ~/.bash_aliases fi # enable programmable completion features (you don't need to enable # this, if it's already enabled in /etc/bash.bashrc and /etc/profile # sources /etc/bash.bashrc). if [ -f /etc/bash_completion ] && ! shopt -oq posix; then . /etc/bash_completion fi export LANG=de_DE.utf8 export LC_CTYPE=de_DE.UTF-8 test "$SSH_AUTH_SOCK" || exec ssh-agent $SHELL -c "ssh-add; exec $SHELL -login" EOF
cd ~/rpmbuild/SPECS cat < <'EOF' > bash.spec # BASH spec File TEST #%define beta_tag rc1 %define patchlevel .30 %define baseversion 4.3 # Build auch mit unpackaged files abschliessen %define _unpackaged_files_terminate_build 0 %define _missing_doc_files_terminate_build 0 Version: %{baseversion}%{patchlevel} Name: bash Summary: The GNU Bourne Again shell Release: 1%{?dist} Group: System Environment/Shells License: GPLv3+ Url: http://www.gnu.org/software/bash Source0: ftp://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz Source1: dot-bashrc Source2: dot-bash_profile Source3: dot-bash_logout # Official upstream patches Patch001: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-001 Patch002: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-002 Patch003: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-003 Patch004: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-004 Patch005: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-005 Patch006: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-006 Patch007: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-007 Patch008: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-008 Patch009: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-009 Patch010: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-010 Patch011: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-011 Patch012: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-012 Patch013: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-013 Patch014: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-014 Patch015: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-015 Patch016: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-016 Patch017: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-017 Patch018: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-018 Patch019: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-019 Patch020: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-020 Patch021: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-021 Patch022: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-022 Patch023: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-023 Patch024: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-024 Patch025: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-025 Patch026: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-026 Patch027: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-027 Patch028: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-028 Patch029: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-029 Patch030: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-030 Requires(post): ncurses-libs BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: ncurses-devel BuildRequires: autoconf, gettext %description The GNU Bourne Again shell (Bash) is a shell or command language interpreter that is compatible with the Bourne shell (sh). Bash incorporates useful features from the Korn shell (ksh) and the C shell (csh). Most sh scripts can be run by bash without modification. %define pkgdocdir %{_datadir}/doc/%{name}-%{version} %prep #%setup -q -a 2 %setup -q -n %{name}-%{baseversion} # Official upstream patches %patch001 -p0 -b .001 %patch002 -p0 -b .002 %patch003 -p0 -b .003 %patch004 -p0 -b .004 %patch005 -p0 -b .005 %patch006 -p0 -b .006 %patch007 -p0 -b .007 %patch008 -p0 -b .008 %patch009 -p0 -b .009 %patch010 -p0 -b .010 %patch011 -p0 -b .011 %patch012 -p0 -b .012 %patch013 -p0 -b .013 %patch014 -p0 -b .014 %patch015 -p0 -b .015 %patch016 -p0 -b .016 %patch017 -p0 -b .017 %patch018 -p0 -b .018 %patch019 -p0 -b .019 %patch020 -p0 -b .020 %patch021 -p0 -b .021 %patch022 -p0 -b .022 %patch023 -p0 -b .023 %patch024 -p0 -b .024 %patch025 -p0 -b .025 %patch026 -p0 -b .026 %patch027 -p0 -b .027 %patch028 -p0 -b .028 %patch029 -p0 -b .029 %patch030 -p0 -b .030 echo %{version} > _distribution echo %{release} > _patchlevel %build autoconf %configure --with-bash-malloc=no --with-afs --with-installed-readline make "CPPFLAGS=-D_GNU_SOURCE -DRECYCLES_PIDS `getconf LFS_CFLAGS`" %check make check strip bash strip bashversion %install rm -rf $RPM_BUILD_ROOT if [ -e autoconf ]; then export PATH=.:$PATH fi # Fix bug #83776 perl -pi -e 's,bashref\.info,bash.info,' doc/bashref.info make DESTDIR=$RPM_BUILD_ROOT install mkdir -p $RPM_BUILD_ROOT/etc # Not for printf, true and false (conflict with coreutils) rm -f $RPM_BUILD_ROOT/%{_mandir}/man1/printf.1 rm -f $RPM_BUILD_ROOT/%{_mandir}/man1/true.1 rm -f $RPM_BUILD_ROOT/%{_mandir}/man1/false.1 pushd $RPM_BUILD_ROOT mkdir ./bin mv ./usr/bin/bash ./bin ln -sf bash ./bin/sh rm -f .%{_infodir}/dir popd mkdir -p $RPM_BUILD_ROOT/etc/skel install -c -m644 %SOURCE1 $RPM_BUILD_ROOT/etc/skel/.bashrc install -c -m644 %SOURCE2 $RPM_BUILD_ROOT/etc/skel/.bash_profile install -c -m644 %SOURCE3 $RPM_BUILD_ROOT/etc/skel/.bash_logout LONG_BIT=$(getconf LONG_BIT) mv $RPM_BUILD_ROOT%{_bindir}/bashbug \ $RPM_BUILD_ROOT%{_bindir}/bashbug-"${LONG_BIT}" %find_lang %{name} # lua-code von Jesse Keating so das keine Externen Abhängigkeiten benötigt werden. # lua-Code von Ignacio Vazquez-Abrams %post -p bashfound = false; shfound = false; f = io.open("/etc/shells", "r"); if f == nil then f = io.open("/etc/shells", "w"); else repeat t = f:read(); if t == "/bin/bash" then bashfound = true; end if t == "/bin/sh" then shfound = true; end until t == nil; end f:close() f = io.open("/etc/shells", "a"); if not bashfound then f:write("/bin/bash\n") end if not shfound then f:write("/bin/sh\n") end f:close() %postun if [ "$1" = 0 ]; then /bin/grep -v '^/bin/bash$' < /etc/shells | \ /bin/grep -v '^/bin/sh$' > /etc/shells.new /bin/mv /etc/shells.new /etc/shells fi %files -f %{name}.lang %defattr(-,root,root) %config(noreplace) /etc/skel/.b* /bin/sh /bin/bash %attr(0755,root,root) %{_bindir}/bashbug-* EOF
Die bash.spec-Datei enthält die Konfigutarion des Paketes sowie die bei der Installation und deinstallation notwendigen Scripte. Die Vorliegende SPECS Datei ist eine bearbeitung der Original Quelle von Fedora Core 12, welche ich für die aktuelle BASH angepasst habe.
Jetzt kann mit rpmbuild das Paket erstellt werden, welches direkt im Anschluss mit rpm Installiert werden kann. Das alte Bash Paket wird hierbei durch das neue Paket ersetzt.
rpmbuild -ba bash.spec rpm -U --force --replacefiles /mnt/chroot/home/builder/rpmbuild/RPMS/armv6l/bash-4.3.30-1.fc12.armv6l.rpm
Das aus diesem Tutorial entstehende Bash-Binary und RPM-Datei zur Installation
4 Antworten auf „shellshock II (RPM-Paket erstellen)“
Auf den Links – nicht verfügbar, überprüfen Sie bitte.
https://dl.loteks.de/fc12_NAS/bash
https://dl.loteks.de/fc12_NAS/bash-4.3.30-1.fc12.armv6l.rpm
Hey sakatgg, Danke für die unermütliche Fehlersuche!
Das SSL-Zertifikat ist jetzt korrigiert!