diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2019-09-30 16:01:39 +0300 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2019-09-30 16:03:12 +0300 |
| commit | b6675e264d92ec37140b35ba36ffc75c7bdb9acb (patch) | |
| tree | 6fe223ddbf01fe17d2ae557b0937fdced0c94381 /main/paxmark | |
| parent | cd93854ae9cb7352a8acec42f8816093d3dcb36c (diff) | |
| download | aports-b6675e264d92ec37140b35ba36ffc75c7bdb9acb.tar.bz2 aports-b6675e264d92ec37140b35ba36ffc75c7bdb9acb.tar.xz | |
main/paxmark: don't fail if kernel does not support xattr
If builder does not support xattrs, it's not running hardened
kernel, and does not require runtime markings. Treat it as soft
error.
Ref #10828
Diffstat (limited to 'main/paxmark')
| -rw-r--r-- | main/paxmark/APKBUILD | 6 | ||||
| -rw-r--r-- | main/paxmark/paxmark | 5 |
2 files changed, 6 insertions, 5 deletions
diff --git a/main/paxmark/APKBUILD b/main/paxmark/APKBUILD index e1f703a300..0192ef9140 100644 --- a/main/paxmark/APKBUILD +++ b/main/paxmark/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Timo Teräs <timo.teras@iki.fi> pkgname=paxmark -pkgver=0.11 -pkgrel=1 +pkgver=0.12 +pkgrel=0 pkgdesc="Manage PaX marking of executables" url="https://alpinelinux.org" arch="noarch" @@ -16,4 +16,4 @@ package() { ln -s paxmark "$pkgdir"/usr/sbin/paxmark.sh } -sha512sums="c43b5a48a8ac14b027114f712820b1fb8b0e209fcfe1a69eb64b4c68289a3bb3f26c3ea40350cbfdaa97329b4a8e1de2582025e5221c3016aff85bb75118e665 paxmark" +sha512sums="8bbae69e8159a75abd24b461994ad2c1995529fac1457c48845eec43b7f03b4fe50f49992810978ae15b1854bdf97ed86948f1b48209fd26baabb39384384d52 paxmark" diff --git a/main/paxmark/paxmark b/main/paxmark/paxmark index f80eb69ffe..03e244bc09 100644 --- a/main/paxmark/paxmark +++ b/main/paxmark/paxmark @@ -23,8 +23,9 @@ for f in "$@"; do if [ -n "FAKEROOTKEY" ]; then # fakeroot does not set xattr's on disk. # explicitly do that, because the marked binary might - # be executed next during install. - LD_PRELOAD="" FAKEROOTKEY="" attr -q -s pax.flags -V "${xval}" "${f}" >/dev/null || ret=1 + # be executed next during install. But don't fail on it + # because if xattr is not supported it's not hardened kernel. + LD_PRELOAD="" FAKEROOTKEY="" attr -q -s pax.flags -V "${xval}" "${f}" &>/dev/null fi attr -q -s pax.flags -V "${xval}" "${f}" >/dev/null || ret=1 done |