443 lines
18 KiB
Text
443 lines
18 KiB
Text
# Copyright (c) 2022 Alex313031
|
|
# Shows the output of a given command only on failure, or when VERBOSE is set.
|
|
log_cmd() {
|
|
if [ "${VERBOSE:-}" ]; then
|
|
"$@"
|
|
else
|
|
# Record $- into a separate variable because it gets reset in the subshell.
|
|
FORWARD_SHELL_OPTS=$-
|
|
ERREXIT=$(echo ${FORWARD_SHELL_OPTS} | grep -o e || true)
|
|
set +${ERREXIT}
|
|
CMD_OUTPUT=$("$@" 2>&1)
|
|
ERRCODE=$?
|
|
set -${ERREXIT}
|
|
if [ ${ERRCODE} -ne 0 ]; then
|
|
echo "$@"
|
|
echo "${CMD_OUTPUT}"
|
|
if [ ${ERREXIT} ]; then
|
|
exit ${ERRCODE}
|
|
fi
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# Recursively replace @@include@@ template variables with the referenced file,
|
|
# and write the resulting text to stdout.
|
|
process_template_includes() {
|
|
INCSTACK+="$1->"
|
|
# Includes are relative to the file that does the include.
|
|
INCDIR=$(dirname $1)
|
|
# Clear IFS so 'read' doesn't trim whitespace
|
|
local OLDIFS="$IFS"
|
|
IFS=''
|
|
while read -r LINE
|
|
do
|
|
INCLINE=$(sed -e '/^[[:space:]]*@@include@@/!d' <<<$LINE)
|
|
if [ -n "$INCLINE" ]; then
|
|
INCFILE=$(echo $INCLINE | sed -e "s#@@include@@\(.*\)#\1#")
|
|
# Simple filename match to detect cyclic includes.
|
|
CYCLE=$(sed -e "\#$INCFILE#"'!d' <<<$INCSTACK)
|
|
if [ "$CYCLE" ]; then
|
|
echo "ERROR: Possible cyclic include detected." 1>&2
|
|
echo "$INCSTACK$INCFILE" 1>&2
|
|
exit 1
|
|
fi
|
|
if [ ! -r "$INCDIR/$INCFILE" ]; then
|
|
echo "ERROR: Couldn't read include file: $INCDIR/$INCFILE" 1>&2
|
|
exit 1
|
|
fi
|
|
process_template_includes "$INCDIR/$INCFILE"
|
|
else
|
|
echo "$LINE"
|
|
fi
|
|
done < "$1"
|
|
IFS="$OLDIFS"
|
|
INCSTACK=${INCSTACK%"$1->"}
|
|
}
|
|
|
|
# Replace template variables (@@VARNAME@@) in the given template file. If a
|
|
# second argument is given, save the processed text to that filename, otherwise
|
|
# modify the template file in place.
|
|
process_template() (
|
|
# Don't worry if some of these substitution variables aren't set.
|
|
# Note that this function is run in a sub-shell so we don't leak this
|
|
# setting, since we still want unbound variables to be an error elsewhere.
|
|
set +u
|
|
|
|
local TMPLIN="$1"
|
|
if [ -z "$2" ]; then
|
|
local TMPLOUT="$TMPLIN"
|
|
else
|
|
local TMPLOUT="$2"
|
|
fi
|
|
# Process includes first so included text also gets substitutions.
|
|
TMPLINCL="$(process_template_includes "$TMPLIN")"
|
|
sed \
|
|
-e "s#@@PACKAGE@@#${PACKAGE}#g" \
|
|
-e "s#@@PACKAGE_ORIG@@#${PACKAGE_ORIG}#g" \
|
|
-e "s#@@PACKAGE_FILENAME@@#${PACKAGE_FILENAME}#g" \
|
|
-e "s#@@SNAPNAME@@#${SNAPNAME}#g" \
|
|
-e "s#@@PROGNAME@@#${PROGNAME}#g" \
|
|
-e "s#@@CHANNEL@@#${CHANNEL}#g" \
|
|
-e "s#@@COMPANY_FULLNAME@@#${COMPANY_FULLNAME}#g" \
|
|
-e "s#@@VERSION@@#${VERSION}#g" \
|
|
-e "s#@@PACKAGE_RELEASE@@#${PACKAGE_RELEASE}#g" \
|
|
-e "s#@@VERSIONFULL@@#${VERSIONFULL}#g" \
|
|
-e "s#@@INSTALLDIR@@#${INSTALLDIR}#g" \
|
|
-e "s#@@BUILDDIR@@#${OUTPUTDIR}#g" \
|
|
-e "s#@@STAGEDIR@@#${STAGEDIR}#g" \
|
|
-e "s#@@SCRIPTDIR@@#${SCRIPTDIR}#g" \
|
|
-e "s#@@MENUNAME@@#${MENUNAME}#g" \
|
|
-e "s#@@PRODUCTURL@@#${PRODUCTURL}#g" \
|
|
-e "s#@@PREDEPENDS@@#${PREDEPENDS}#g" \
|
|
-e "s#@@DEPENDS@@#${DEPENDS}#g" \
|
|
-e "s#@@RECOMMENDS@@#${RECOMMENDS}#g" \
|
|
-e "s#@@PROVIDES@@#${PROVIDES}#g" \
|
|
-e "s#@@ARCHITECTURE@@#${ARCHITECTURE}#g" \
|
|
-e "s#@@MAINTNAME@@#${MAINTNAME}#g" \
|
|
-e "s#@@MAINTMAIL@@#${MAINTMAIL}#g" \
|
|
-e "s#@@REPOCONFIG@@#${REPOCONFIG}#g" \
|
|
-e "s#@@REPOCONFIGREGEX@@#${REPOCONFIGREGEX}#g" \
|
|
-e "s#@@SHORTDESC@@#${SHORTDESC}#g" \
|
|
-e "s#@@FULLDESC@@#${FULLDESC}#g" \
|
|
-e "s#@@USR_BIN_SYMLINK_NAME@@#${USR_BIN_SYMLINK_NAME:-}#g" \
|
|
-e "s#@@LOGO_RESOURCES_PNG@@#${LOGO_RESOURCES_PNG}#g" \
|
|
-e "s#@@LOGO_RESOURCE_XPM@@#${LOGO_RESOURCE_XPM}#g" \
|
|
-e "s#@@DATE_RFC5322@@#$(date --rfc-email)#g" \
|
|
> "$TMPLOUT" <<< "$TMPLINCL"
|
|
)
|
|
|
|
# Setup the installation directory hierarchy in the package staging area.
|
|
prep_staging_common() {
|
|
install -m 755 -d "${STAGEDIR}/${INSTALLDIR}" \
|
|
"${STAGEDIR}/usr/bin" \
|
|
"${STAGEDIR}/usr/share/applications" \
|
|
"${STAGEDIR}/usr/share/appdata" \
|
|
"${STAGEDIR}/usr/share/gnome-control-center/default-apps" \
|
|
"${STAGEDIR}/usr/share/man/man1"
|
|
}
|
|
|
|
get_version_info() {
|
|
source "${OUTPUTDIR}/installer/version.txt"
|
|
VERSION="${MAJOR}.${MINOR}.${BUILD}.${PATCH}"
|
|
# TODO(phajdan.jr): Provide a mechanism to pass a different package
|
|
# release number if needed. The meaning of it is to bump it for
|
|
# packaging-only changes while the underlying software has the same version.
|
|
# This corresponds to the Release field in RPM spec files and debian_revision
|
|
# component of the Version field for DEB control file.
|
|
# Generally with Chrome's fast release cycle it'd be more hassle to try
|
|
# to bump this number between releases.
|
|
PACKAGE_RELEASE="1"
|
|
}
|
|
|
|
stage_install_common() {
|
|
log_cmd echo "Staging common install files in '${STAGEDIR}'..."
|
|
|
|
# Note: Changes here may also need to be applied to ChromeOS's
|
|
# chromite/lib/chrome_util.py.
|
|
|
|
# Note: This only supports static binaries and does not work when the GN
|
|
# is_component_build flag is true.
|
|
|
|
# app
|
|
STRIPPEDFILE="${OUTPUTDIR}/${PROGNAME}.stripped"
|
|
install -m 755 "${STRIPPEDFILE}" "${STAGEDIR}/${INSTALLDIR}/${PROGNAME}"
|
|
|
|
# crashpad
|
|
strippedfile="${OUTPUTDIR}/chrome_crashpad_handler.stripped"
|
|
install -m 755 "${strippedfile}" "${STAGEDIR}/${INSTALLDIR}/chrome_crashpad_handler"
|
|
|
|
# resources
|
|
install -m 644 "${OUTPUTDIR}/resources.pak" "${STAGEDIR}/${INSTALLDIR}/"
|
|
# TODO(mmoss): This has broken a couple times on adding new .pak files. Maybe
|
|
# we should flag all installer files in FILES.cfg and get them from there, so
|
|
# there's only one place people need to keep track of such things (and in
|
|
# only the public repository).
|
|
if [ -r "${OUTPUTDIR}/chrome_100_percent.pak" ]; then
|
|
install -m 644 "${OUTPUTDIR}/chrome_100_percent.pak" "${STAGEDIR}/${INSTALLDIR}/"
|
|
install -m 644 "${OUTPUTDIR}/chrome_200_percent.pak" "${STAGEDIR}/${INSTALLDIR}/"
|
|
install -m 644 "${OUTPUTDIR}/content_shell.pak" "${STAGEDIR}/${INSTALLDIR}/"
|
|
install -m 644 "${OUTPUTDIR}/shell_resources.pak" "${STAGEDIR}/${INSTALLDIR}/"
|
|
install -m 644 "${OUTPUTDIR}/ui_resources_100_percent.pak" "${STAGEDIR}/${INSTALLDIR}/"
|
|
install -m 755 "${OUTPUTDIR}/content_shell" "${STAGEDIR}/${INSTALLDIR}/"
|
|
install -m 644 "${OUTPUTDIR}/libffmpeg.so" "${STAGEDIR}/${INSTALLDIR}/"
|
|
install -m 644 "${OUTPUTDIR}/chrome-devtools.svg" "${STAGEDIR}/${INSTALLDIR}/"
|
|
install -m 644 "${OUTPUTDIR}/thorium-shell.desktop" "${STAGEDIR}/usr/share/applications/"
|
|
install -m 755 "${OUTPUTDIR}/thorium-shell" "${STAGEDIR}/usr/bin/"
|
|
install -m 755 "${OUTPUTDIR}/chromedriver" "${STAGEDIR}/usr/bin/"
|
|
else
|
|
install -m 644 "${OUTPUTDIR}/theme_resources_100_percent.pak" "${STAGEDIR}/${INSTALLDIR}/"
|
|
install -m 644 "${OUTPUTDIR}/ui_resources_100_percent.pak" "${STAGEDIR}/${INSTALLDIR}/"
|
|
fi
|
|
|
|
# ICU data file; Necessary when the GN icu_use_data_file flag is true.
|
|
install -m 644 "${OUTPUTDIR}/icudtl.dat" "${STAGEDIR}/${INSTALLDIR}/"
|
|
|
|
# V8 snapshot files; Necessary when the GN v8_use_external_startup_data flag
|
|
# is true.
|
|
# Use v8_context_snapshot.bin instead of snapshot_blob.bin if it is available.
|
|
# TODO(crbug.com/764576): Unship snapshot_blob.bin on ChromeOS and drop this branch
|
|
if [ -f "${OUTPUTDIR}/v8_context_snapshot.bin" ]; then
|
|
install -m 644 "${OUTPUTDIR}/v8_context_snapshot.bin" "${STAGEDIR}/${INSTALLDIR}/"
|
|
else
|
|
install -m 644 "${OUTPUTDIR}/snapshot_blob.bin" "${STAGEDIR}/${INSTALLDIR}/"
|
|
fi
|
|
|
|
# sandbox
|
|
# Rename sandbox binary with hyphen instead of underscore because that's what
|
|
# the code looks for. Originally, the SCons build system may have had a bug
|
|
# where it did not support hyphens, so this is stuck as is to avoid breaking
|
|
# anyone who expects the build artifact to have the underscore.
|
|
# the code looks for, but the build targets can't use hyphens (scons bug?)
|
|
strippedfile="${OUTPUTDIR}/${PROGNAME}_sandbox.stripped"
|
|
install -m 4755 "${strippedfile}" "${STAGEDIR}/${INSTALLDIR}/chrome-sandbox"
|
|
|
|
# l10n paks
|
|
install -m 755 -d "${STAGEDIR}/${INSTALLDIR}/locales/"
|
|
find "${OUTPUTDIR}/locales" -type f -name '*.pak' -exec \
|
|
cp -a '{}' "${STAGEDIR}/${INSTALLDIR}/locales/" \;
|
|
find "${STAGEDIR}/${INSTALLDIR}/locales" -type f -exec chmod 644 '{}' \;
|
|
|
|
# TODO(https://crbug.com/1077934): The below conditions check for the
|
|
# existence of files to determine if they should be copied to the staging
|
|
# directory. However, these may be stale if the build config no longer
|
|
# builds these files. The build config should be obtained from gn rather than
|
|
# guessed based on the presence of files.
|
|
|
|
# MEI Preload
|
|
if [ -f "${OUTPUTDIR}/MEIPreload/manifest.json" ]; then
|
|
install -m 755 -d "${STAGEDIR}/${INSTALLDIR}/MEIPreload/"
|
|
install -m 644 "${OUTPUTDIR}/MEIPreload/manifest.json" "${STAGEDIR}/${INSTALLDIR}/MEIPreload/"
|
|
install -m 644 "${OUTPUTDIR}/MEIPreload/preloaded_data.pb" "${STAGEDIR}/${INSTALLDIR}/MEIPreload/"
|
|
fi
|
|
|
|
# Widevine CDM.
|
|
if [ -d "${OUTPUTDIR}/WidevineCdm" ]; then
|
|
# No need to strip; libwidevinecdm.so starts out stripped.
|
|
cp -a "${OUTPUTDIR}/WidevineCdm" "${STAGEDIR}/${INSTALLDIR}/"
|
|
find "${STAGEDIR}/${INSTALLDIR}/WidevineCdm" -type d -exec chmod 755 '{}' \;
|
|
find "${STAGEDIR}/${INSTALLDIR}/WidevineCdm" -type f -exec chmod 644 '{}' \;
|
|
find "${STAGEDIR}/${INSTALLDIR}/WidevineCdm" -name libwidevinecdm.so \
|
|
-exec chmod ${SHLIB_PERMS} '{}' \;
|
|
fi
|
|
|
|
# ANGLE
|
|
if [ -f "${OUTPUTDIR}/libEGL.so" ]; then
|
|
for file in libEGL.so libGLESv2.so; do
|
|
strippedfile="${OUTPUTDIR}/${file}.stripped"
|
|
install -m ${SHLIB_PERMS} "${strippedfile}" "${STAGEDIR}/${INSTALLDIR}/${file}"
|
|
done
|
|
fi
|
|
|
|
# ANGLE's libvulkan library
|
|
if [ -f "${OUTPUTDIR}/libvulkan.so.1" ]; then
|
|
file="libvulkan.so.1"
|
|
strippedfile="${OUTPUTDIR}/${file}.stripped"
|
|
install -m 755 "${strippedfile}" "${STAGEDIR}/${INSTALLDIR}/${file}"
|
|
fi
|
|
|
|
# SwiftShader ES
|
|
if [ -f "${OUTPUTDIR}/swiftshader/libEGL.so" ]; then
|
|
install -m 755 -d "${STAGEDIR}/${INSTALLDIR}/swiftshader/"
|
|
for file in libEGL.so libGLESv2.so; do
|
|
strippedfile="${OUTPUTDIR}/swiftshader/${file}.stripped"
|
|
install -m ${SHLIB_PERMS} "${strippedfile}" "${STAGEDIR}/${INSTALLDIR}/swiftshader/${file}"
|
|
done
|
|
fi
|
|
|
|
# SwiftShader VK
|
|
if [ -f "${OUTPUTDIR}/libvk_swiftshader.so" ]; then
|
|
install -m 755 -d "${STAGEDIR}/${INSTALLDIR}/"
|
|
file="libvk_swiftshader.so"
|
|
strippedfile="${OUTPUTDIR}/${file}.stripped"
|
|
install -m ${SHLIB_PERMS} "${strippedfile}" "${STAGEDIR}/${INSTALLDIR}/${file}"
|
|
# Install the ICD json file to point ANGLE to libvk_swiftshader.so
|
|
install -m 644 "${OUTPUTDIR}/vk_swiftshader_icd.json" "${STAGEDIR}/${INSTALLDIR}/"
|
|
fi
|
|
|
|
# Optimization Guide Internal
|
|
if [ -f "${OUTPUTDIR}/liboptimization_guide_internal.so" ]; then
|
|
file="liboptimization_guide_internal.so"
|
|
strippedfile="${OUTPUTDIR}/${file}.stripped"
|
|
install -m ${SHLIB_PERMS} "${strippedfile}" "${STAGEDIR}/${INSTALLDIR}/${file}"
|
|
fi
|
|
|
|
# libc++
|
|
if [ -f "${OUTPUTDIR}/lib/libc++.so" ]; then
|
|
install -m 755 -d "${STAGEDIR}/${INSTALLDIR}/lib/"
|
|
install -m ${SHLIB_PERMS} -s "${OUTPUTDIR}/lib/libc++.so" "${STAGEDIR}/${INSTALLDIR}/lib/"
|
|
fi
|
|
|
|
# nacl_helper and nacl_helper_bootstrap
|
|
# Don't use "-s" (strip) because this runs binutils "strip", which
|
|
# mangles the special ELF program headers of nacl_helper_bootstrap.
|
|
# Explicitly use eu-strip instead, because it doesn't have that problem.
|
|
for file in nacl_helper nacl_helper_bootstrap; do
|
|
buildfile="${OUTPUTDIR}/${file}"
|
|
if [ -f "${buildfile}" ]; then
|
|
strippedfile="${buildfile}.stripped"
|
|
install -m 755 "${strippedfile}" "${STAGEDIR}/${INSTALLDIR}/${file}"
|
|
fi
|
|
done
|
|
# Don't use "-s" (strip) because this would use the Linux toolchain to
|
|
# strip the NaCl binary, which has the potential to break it. It
|
|
# certainly resets the OSABI and ABIVERSION fields to non-NaCl values,
|
|
# although the NaCl IRT loader doesn't care about these fields. In any
|
|
# case, the IRT binaries are already stripped by NaCl's build process.
|
|
for filename in ${OUTPUTDIR}/nacl_irt_*.nexe; do
|
|
# Re-check the filename in case globbing matched nothing.
|
|
if [ -f "$filename" ]; then
|
|
install -m 644 "$filename" "${STAGEDIR}/${INSTALLDIR}/`basename "$filename"`"
|
|
fi
|
|
done
|
|
|
|
# default apps
|
|
if [ -d "${OUTPUTDIR}/default_apps" ]; then
|
|
cp -a "${OUTPUTDIR}/default_apps" "${STAGEDIR}/${INSTALLDIR}/"
|
|
find "${STAGEDIR}/${INSTALLDIR}/default_apps" -type d -exec chmod 755 '{}' \;
|
|
find "${STAGEDIR}/${INSTALLDIR}/default_apps" -type f -exec chmod 644 '{}' \;
|
|
fi
|
|
|
|
# launcher script and symlink
|
|
process_template "${OUTPUTDIR}/installer/common/wrapper" \
|
|
"${STAGEDIR}/${INSTALLDIR}/${PACKAGE}"
|
|
chmod 755 "${STAGEDIR}/${INSTALLDIR}/${PACKAGE}"
|
|
if [ ! -z "${PACKAGE_ORIG}" ]; then
|
|
if [ ! -f "${STAGEDIR}/${INSTALLDIR}/${PACKAGE_ORIG}" ]; then
|
|
ln -sn "${INSTALLDIR}/${PACKAGE}" \
|
|
"${STAGEDIR}/${INSTALLDIR}/${PACKAGE_ORIG}"
|
|
fi
|
|
fi
|
|
if [ ! -z "${USR_BIN_SYMLINK_NAME}" ]; then
|
|
ln -snf "${INSTALLDIR}/${PACKAGE}" \
|
|
"${STAGEDIR}/usr/bin/${USR_BIN_SYMLINK_NAME}"
|
|
fi
|
|
|
|
# app icons
|
|
local icon_regex=".*product_logo_[0-9]\+\."
|
|
if [ "$BRANDING" = "google_chrome" ]; then
|
|
if [ "$CHANNEL" = "beta" ]; then
|
|
icon_regex=".*product_logo_[0-9]\+_beta\."
|
|
elif [ "$CHANNEL" = "unstable" ]; then
|
|
icon_regex=".*product_logo_[0-9]\+_dev\."
|
|
fi
|
|
fi
|
|
LOGO_RESOURCES_PNG=$(find "${OUTPUTDIR}/installer/theme/" \
|
|
-regextype sed -regex "${icon_regex}png" -printf "%f ")
|
|
LOGO_RESOURCE_XPM=$(find "${OUTPUTDIR}/installer/theme/" \
|
|
-regextype sed -regex "${icon_regex}xpm" -printf "%f")
|
|
for logo in ${LOGO_RESOURCES_PNG} ${LOGO_RESOURCE_XPM}; do
|
|
install -m 644 \
|
|
"${OUTPUTDIR}/installer/theme/${logo}" \
|
|
"${STAGEDIR}/${INSTALLDIR}/"
|
|
done
|
|
|
|
# desktop integration
|
|
install -m 755 "${OUTPUTDIR}/xdg-mime" "${STAGEDIR}${INSTALLDIR}/"
|
|
install -m 755 "${OUTPUTDIR}/xdg-settings" "${STAGEDIR}${INSTALLDIR}/"
|
|
|
|
if [ ${PACKAGE:0:6} = google ]; then
|
|
process_template "${OUTPUTDIR}/installer/common/google-chrome.appdata.xml.template" \
|
|
"${STAGEDIR}/usr/share/appdata/${PACKAGE}.appdata.xml"
|
|
chmod 644 "${STAGEDIR}/usr/share/appdata/${PACKAGE}.appdata.xml"
|
|
else
|
|
install -m 644 "${OUTPUTDIR}/installer/common/chromium-browser.appdata.xml" \
|
|
"${STAGEDIR}/usr/share/appdata/${PACKAGE}.appdata.xml"
|
|
fi
|
|
|
|
process_template "${OUTPUTDIR}/installer/common/desktop.template" \
|
|
"${STAGEDIR}/usr/share/applications/${PACKAGE}.desktop"
|
|
chmod 644 "${STAGEDIR}/usr/share/applications/${PACKAGE}.desktop"
|
|
process_template "${OUTPUTDIR}/installer/common/default-app.template" \
|
|
"${STAGEDIR}/usr/share/gnome-control-center/default-apps/${PACKAGE}.xml"
|
|
chmod 644 "${STAGEDIR}/usr/share/gnome-control-center/default-apps/${PACKAGE}.xml"
|
|
process_template "${OUTPUTDIR}/installer/common/default-app-block.template" \
|
|
"${STAGEDIR}${INSTALLDIR}/default-app-block"
|
|
chmod 644 "${STAGEDIR}${INSTALLDIR}/default-app-block"
|
|
|
|
# documentation
|
|
process_template "${OUTPUTDIR}/installer/common/manpage.1.in" \
|
|
"${STAGEDIR}/usr/share/man/man1/${USR_BIN_SYMLINK_NAME}.1"
|
|
gzip -9n "${STAGEDIR}/usr/share/man/man1/${USR_BIN_SYMLINK_NAME}.1"
|
|
chmod 644 "${STAGEDIR}/usr/share/man/man1/${USR_BIN_SYMLINK_NAME}.1.gz"
|
|
# The stable channel allows launching the app without the "-stable"
|
|
# suffix like the other channels. Create a linked man page for the
|
|
# app-without-the-channel case.
|
|
if [ ! -f "${STAGEDIR}/usr/share/man/man1/${PACKAGE}.1.gz" ]; then
|
|
ln -s "${USR_BIN_SYMLINK_NAME}.1.gz" \
|
|
"${STAGEDIR}/usr/share/man/man1/${PACKAGE}.1.gz"
|
|
fi
|
|
|
|
# Check to make sure all the ELF binaries are stripped.
|
|
UNSTRIPPED=$(find "${STAGEDIR}/${INSTALLDIR}/" -type f | xargs file |
|
|
grep ELF | grep -c "not stripped" || true)
|
|
if [ "${UNSTRIPPED}" != "0" ]; then
|
|
echo "NOTICE: Found ${UNSTRIPPED} unstripped ELF files." 1>&2
|
|
fi
|
|
|
|
# Check to make sure no ELF binaries set RPATH.
|
|
if [ "${TARGET_OS}" != "chromeos" ]; then
|
|
RPATH_BINS=
|
|
for elf in $(find "${STAGEDIR}/${INSTALLDIR}/" -type f | xargs file |
|
|
grep ELF | awk '{print $1;}' | sed 's/:$//'); do
|
|
if readelf -d ${elf} | grep "(RPATH)" >/dev/null; then
|
|
RPATH_BINS="${RPATH_BINS} $(basename ${elf})"
|
|
fi
|
|
done
|
|
if [ -n "${RPATH_BINS}" ]; then
|
|
echo "NOTICE: Found binaries with RPATH set:${RPATH_BINS}" 1>&2
|
|
fi
|
|
fi
|
|
|
|
# Make sure ELF binaries live in INSTALLDIR exclusively.
|
|
ELF_OUTSIDE_INSTALLDIR=$(find "${STAGEDIR}/" -not -path \
|
|
"${STAGEDIR}${INSTALLDIR}/*" -type f | xargs file -b |
|
|
grep -ce "^ELF" || true)
|
|
if [ "${ELF_OUTSIDE_INSTALLDIR}" -ne 0 ]; then
|
|
echo "NOTICE: Found ${ELF_OUTSIDE_INSTALLDIR} ELF binaries" \
|
|
"outside of ${INSTALLDIR}" 1>&2
|
|
fi
|
|
|
|
# Verify file permissions.
|
|
for file in $(find "${STAGEDIR}" -mindepth 1); do
|
|
local actual_perms=$(stat -c "%a" "${file}")
|
|
local file_type="$(file -b "${file}")"
|
|
local base_name=$(basename "${file}")
|
|
if [[ "${file_type}" = "directory"* ]]; then
|
|
local expected_perms=755
|
|
elif [[ "${file_type}" = *"symbolic link"* ]]; then
|
|
if [[ "$(readlink ${file})" = "/"* ]]; then
|
|
# Absolute symlink.
|
|
local expect_exists="${STAGEDIR}/$(readlink "${file}")"
|
|
else
|
|
# Relative symlink.
|
|
local expect_exists="$(dirname "${file}")/$(readlink "${file}")"
|
|
fi
|
|
if [ ! -f "${expect_exists}" ]; then
|
|
echo "Broken symlink: ${file}" 1>&2
|
|
exit 1
|
|
fi
|
|
local expected_perms=777
|
|
elif [ "${base_name}" = "chrome-sandbox" ]; then
|
|
local expected_perms=4755
|
|
elif [[ "${base_name}" = "nacl_irt_"*".nexe" ]]; then
|
|
local expected_perms=644
|
|
elif [[ "${file_type}" = *"shell script"* ]]; then
|
|
local expected_perms=755
|
|
elif [[ "${file_type}" = ELF* ]]; then
|
|
if [[ "${base_name}" = *".so" ]]; then
|
|
local expected_perms=${SHLIB_PERMS}
|
|
else
|
|
local expected_perms=755
|
|
fi
|
|
else
|
|
# Regular data file.
|
|
local expected_perms=644
|
|
fi
|
|
if [ ${expected_perms} -ne ${actual_perms} ]; then
|
|
echo Expected permissions on ${base_name} to be \
|
|
${expected_perms}, but they were ${actual_perms} 1>&2
|
|
exit 1
|
|
fi
|
|
done
|
|
}
|