#!/bin/bash export GK_WORKER_MASTER_PID=${BASHPID} trap 'exit 1' SIGTERM # Prevent aliases from causing portage to act inappropriately. # Make sure it's before everything so we don't mess aliases that follow. unalias -a # Make sure this isn't exported to scripts we execute. unset BASH_COMPAT source "${GK_SHARE}"/gen_funcs.sh || exit 1 # Unset some variables that break things. unset GZIP BZIP BZIP2 CDPATH GREP_OPTIONS GREP_COLOR GLOBIGNORE die() { set +x if [ "$#" -gt '0' ] then print_error 1 "ERROR: ${1}" fi [[ -n "${GK_WORKER_MASTER_PID}" && ${BASHPID} == ${GK_WORKER_MASTER_PID} ]] || kill -s SIGTERM ${GK_WORKER_MASTER_PID} exit 1 } # Make sure genkernel's gen_die() won't be used -- make it an alias of # this script's die function. gen_die() { die "$@" } # @FUNCTION: gkexec # @USAGE: [] # @DESCRIPTION: # Executes command with support for genkernel's logging. # Will die when command will exit with nonzero exit status. # # Genkernel has its own logfile and loglevel handling # with things like color/nocolor support. # To support this, we cannot just execute commands. Depending # on loglevel for example, we maybe have to use pipes. # To avoid writing complex statements each time, gkexec # wrapper was created. # # Command to execute. # # By default, the first command's # exit status will be checked. When executing multiple # commands with pipes, this argument controls which # command's exit status will be checked to decide if # command has been successfully executed. gkexec() { if [ ${#} -gt 2 ] then # guard against ${array[@]}, first argument must be seen as a single word (${array[*]}) die "$(get_useful_function_stack "${FUNCNAME}")Invalid usage of ${FUNCNAME}(): Function takes at most three arguments (${#} given)!" fi local -a command=( "${1}" ) local pipes=${2:-0} print_info 3 "COMMAND: ${command[@]}" 1 0 1 command+=( "$(catch_output_and_failures "Command '${command[@]}' failed!" ${pipes})" ) eval "${command[@]}" } # Prevent recursion. unset -f cleanup gkbuild unpack if [[ -s "${SANDBOX_LOG}" ]] then print_warning 3 "Stale sandbox log '${SANDBOX_LOG}' detected, removing ..." # We use SANDBOX_LOG to check for sandbox violations, # so we ensure that there can't be a stale log to # interfere with our logic. x= if [[ -n ${SANDBOX_ON} ]] then x=${SANDBOX_ON} export SANDBOX_ON=0 fi rm -f "${SANDBOX_LOG}" \ || die "Failed to remove stale sandbox log: '${SANDBOX_LOG}'!" if [[ -n ${x} ]] then export SANDBOX_ON=${x} fi unset x fi __sb_append_var() { local _v=$1 ; shift local var="SANDBOX_${_v}" [[ -z $1 || -n $2 ]] && die "Usage: add$(LC_ALL=C tr "[:upper:]" "[:lower:]" <<< "${_v}") " export ${var}="${!var:+${!var}:}$1" } # addread() { __sb_append_var ${0#add} "$@" ; } addread() { __sb_append_var READ "$@" ; } addwrite() { __sb_append_var WRITE "$@" ; } adddeny() { __sb_append_var DENY "$@" ; } addpredict() { __sb_append_var PREDICT "$@" ; } catch_output_and_failures() { local error_msg=${1:-"Command failed!"} local pipes=${2:-0} local output_processor= if [[ ${LOGLEVEL} -ge 4 ]] then output_processor="2>&1 | tee -a \"${LOGFILE}\"; [[ \${PIPESTATUS[${pipes}]} -ne 0 ]] && die \"${error_msg}\" || true" else output_processor=">> \"${LOGFILE}\" 2>&1 || die \"${error_msg}\"" fi echo ${output_processor} } # the sandbox is ENABLED by default export SANDBOX_ON=1 #if no perms are specified, dirs/files will have decent defaults #(not secretive, but not stupid) umask 022 if [[ "${#}" -lt 1 ]] then die 'No module specified!' fi case "${1}" in build) MODULE="${GK_SHARE}/worker_modules/gkbuild.sh" ;; dropbear) MODULE="${GK_SHARE}/worker_modules/dropbear.sh" ;; unpack) MODULE="${GK_SHARE}/worker_modules/unpack.sh" ;; *) die "Unknown module '${1}' specified!" ;; esac source "${MODULE}" || die "Failed to source '${MODULE}'!" __module_main exit $?