shellshock II (RPM-Paket erstellen)

In der chroot-Umgebung aus der ersten Anleitung kann auch direkt ein rpm Paket erstellen, welches eine saubere Installation der aktualisierten Bash ermöglicht.

Die Anleitung beginnt an Punkt 2 (2. Bash Quellen bereitstellen) der ersten Anleitung!

In der chroot-Umgebung des Build Systems einen Benutzer für den Paketbau anlegen:

chroot /mnt/chroot
adduser builder  && su builder && cd ~

Im Anschluß werden die für rpmbuild notwendigen Verzeichnisse, die drei Bash Konfigurations-Dateien .bashrc, .bash_profile, .bash_logout und die Specs-Datei für den rpm-Paketbau angelegt und die Bash Quellcodes sowie Patches heruntergeaden.:

mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
cd ~/rpmbuild/SOURCES/
wget ftp://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
wget ftp://ftp.gnu.org/gnu/bash/bash-4.3-patches/ -m -nd
cat <<'EOF' > dot-bash_logout
# ~/.bash_logout: executed by bash(1) when login shell exits.

# when leaving the console clear the screen to increase privacy

if [ "$SHLVL" = 1 ]; then
[ -x /usr/bin/clear_console ] && /usr/bin/clear_console -q
fi
EOF
cat <<'EOF' > dot-bash_profile
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/bin

export PATH
EOF
cat <<'EOF' > dot-bashrc
# If not running interactively, don't do anything
[ -z "$PS1" ] && return

# don't put duplicate lines or lines starting with space in the history.
# See bash(1) for more options
HISTCONTROL=ignoreboth

# append to the history file, don't overwrite it
shopt -s histappend

# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=10000
HISTFILESIZE=20000

# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize

# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"

# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi

# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color) color_prompt=yes;;
esac

# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes

if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi

if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt

# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac

# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
#alias vdir='vdir --color=auto'

alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
fi

# some more ls aliases
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -CF'

# Add an "alert" alias for long running commands. Use like so:
# sleep 10; alert
alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'

# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.

if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi

# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
. /etc/bash_completion
fi

export LANG=de_DE.utf8
export LC_CTYPE=de_DE.UTF-8

test "$SSH_AUTH_SOCK" || exec ssh-agent $SHELL -c "ssh-add; exec $SHELL -login"
EOF
cd ~/rpmbuild/SPECS
cat < <'EOF' > bash.spec
# BASH spec File TEST
#%define beta_tag rc1
%define patchlevel .30
%define baseversion 4.3

# Build auch mit unpackaged files abschliessen
%define _unpackaged_files_terminate_build 0
%define _missing_doc_files_terminate_build 0

Version: %{baseversion}%{patchlevel}
Name: bash
Summary: The GNU Bourne Again shell
Release: 1%{?dist}
Group: System Environment/Shells
License: GPLv3+
Url: http://www.gnu.org/software/bash
Source0: ftp://ftp.gnu.org/gnu/bash/bash-%{baseversion}.tar.gz

Source1: dot-bashrc
Source2: dot-bash_profile
Source3: dot-bash_logout

# Official upstream patches
Patch001: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-001
Patch002: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-002
Patch003: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-003
Patch004: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-004
Patch005: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-005
Patch006: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-006
Patch007: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-007
Patch008: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-008
Patch009: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-009
Patch010: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-010
Patch011: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-011
Patch012: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-012
Patch013: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-013
Patch014: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-014
Patch015: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-015
Patch016: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-016
Patch017: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-017
Patch018: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-018
Patch019: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-019
Patch020: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-020
Patch021: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-021
Patch022: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-022
Patch023: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-023
Patch024: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-024
Patch025: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-025
Patch026: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-026
Patch027: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-027
Patch028: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-028
Patch029: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-029
Patch030: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-030

Requires(post): ncurses-libs
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

BuildRequires: ncurses-devel
BuildRequires: autoconf, gettext

%description
The GNU Bourne Again shell (Bash) is a shell or command language
interpreter that is compatible with the Bourne shell (sh). Bash
incorporates useful features from the Korn shell (ksh) and the C shell
(csh). Most sh scripts can be run by bash without modification.

%define pkgdocdir %{_datadir}/doc/%{name}-%{version}

%prep
#%setup -q -a 2
%setup -q -n %{name}-%{baseversion}

# Official upstream patches
%patch001 -p0 -b .001
%patch002 -p0 -b .002
%patch003 -p0 -b .003
%patch004 -p0 -b .004
%patch005 -p0 -b .005
%patch006 -p0 -b .006
%patch007 -p0 -b .007
%patch008 -p0 -b .008
%patch009 -p0 -b .009
%patch010 -p0 -b .010
%patch011 -p0 -b .011
%patch012 -p0 -b .012
%patch013 -p0 -b .013
%patch014 -p0 -b .014
%patch015 -p0 -b .015
%patch016 -p0 -b .016
%patch017 -p0 -b .017
%patch018 -p0 -b .018
%patch019 -p0 -b .019
%patch020 -p0 -b .020
%patch021 -p0 -b .021
%patch022 -p0 -b .022
%patch023 -p0 -b .023
%patch024 -p0 -b .024
%patch025 -p0 -b .025
%patch026 -p0 -b .026
%patch027 -p0 -b .027
%patch028 -p0 -b .028
%patch029 -p0 -b .029
%patch030 -p0 -b .030

echo %{version} > _distribution
echo %{release} > _patchlevel

%build
autoconf
%configure --with-bash-malloc=no --with-afs --with-installed-readline
make "CPPFLAGS=-D_GNU_SOURCE -DRECYCLES_PIDS `getconf LFS_CFLAGS`"
%check
make check
strip bash
strip bashversion

%install
rm -rf $RPM_BUILD_ROOT

if [ -e autoconf ]; then
  export PATH=.:$PATH
fi

# Fix bug #83776
perl -pi -e 's,bashref\.info,bash.info,' doc/bashref.info

make DESTDIR=$RPM_BUILD_ROOT install

mkdir -p $RPM_BUILD_ROOT/etc

# Not for printf, true and false (conflict with coreutils)
rm -f $RPM_BUILD_ROOT/%{_mandir}/man1/printf.1
rm -f $RPM_BUILD_ROOT/%{_mandir}/man1/true.1
rm -f $RPM_BUILD_ROOT/%{_mandir}/man1/false.1

pushd $RPM_BUILD_ROOT
mkdir ./bin
mv ./usr/bin/bash ./bin
ln -sf bash ./bin/sh
rm -f .%{_infodir}/dir
popd
mkdir -p $RPM_BUILD_ROOT/etc/skel
install -c -m644 %SOURCE1 $RPM_BUILD_ROOT/etc/skel/.bashrc
install -c -m644 %SOURCE2 $RPM_BUILD_ROOT/etc/skel/.bash_profile
install -c -m644 %SOURCE3 $RPM_BUILD_ROOT/etc/skel/.bash_logout
LONG_BIT=$(getconf LONG_BIT)
mv $RPM_BUILD_ROOT%{_bindir}/bashbug \
   $RPM_BUILD_ROOT%{_bindir}/bashbug-"${LONG_BIT}"

%find_lang %{name}

# lua-code von Jesse Keating  so das keine Externen Abhängigkeiten benötigt werden.
# lua-Code von Ignacio Vazquez-Abrams
%post -p 
bashfound = false;
shfound = false;

f = io.open("/etc/shells", "r");
if f == nil
then
  f = io.open("/etc/shells", "w");
else
  repeat
    t = f:read();
    if t == "/bin/bash"
    then
      bashfound = true;
    end
    if t == "/bin/sh"
    then
      shfound = true;
    end
  until t == nil;
end
f:close()

f = io.open("/etc/shells", "a");
if not bashfound
then
  f:write("/bin/bash\n")
end
if not shfound
then
  f:write("/bin/sh\n")
end
f:close()

%postun
if [ "$1" = 0 ]; then
    /bin/grep -v '^/bin/bash$' < /etc/shells | \       /bin/grep -v '^/bin/sh$' > /etc/shells.new
    /bin/mv /etc/shells.new /etc/shells
fi

%files -f %{name}.lang
%defattr(-,root,root)
%config(noreplace) /etc/skel/.b*
/bin/sh
/bin/bash
%attr(0755,root,root) %{_bindir}/bashbug-*
EOF

Die bash.spec-Datei enthält die Konfigutarion des Paketes sowie die bei der Installation und deinstallation notwendigen Scripte. Die Vorliegende SPECS Datei ist eine bearbeitung der Original Quelle von Fedora Core 12, welche ich für die aktuelle BASH angepasst habe.

Jetzt kann mit rpmbuild das Paket erstellt werden, welches direkt im Anschluss mit rpm Installiert werden kann. Das alte Bash Paket wird hierbei durch das neue Paket ersetzt.

rpmbuild -ba  bash.spec
rpm -U --force --replacefiles /mnt/chroot/home/builder/rpmbuild/RPMS/armv6l/bash-4.3.30-1.fc12.armv6l.rpm

Das aus diesem Tutorial entstehende Bash-Binary und RPM-Datei zur Installation

4 Antworten auf „shellshock II (RPM-Paket erstellen)“

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.