Commit b6675e26 authored by Timo Teräs's avatar Timo Teräs
Browse files

main/paxmark: don't fail if kernel does not support xattr

If builder does not support xattrs, it's not running hardened
kernel, and does not require runtime markings. Treat it as soft
error.

Ref #10828
parent cd93854a
# Maintainer: Timo Teräs <timo.teras@iki.fi>
pkgname=paxmark
pkgver=0.11
pkgrel=1
pkgver=0.12
pkgrel=0
pkgdesc="Manage PaX marking of executables"
url="https://alpinelinux.org"
arch="noarch"
......@@ -16,4 +16,4 @@ package() {
ln -s paxmark "$pkgdir"/usr/sbin/paxmark.sh
}
sha512sums="c43b5a48a8ac14b027114f712820b1fb8b0e209fcfe1a69eb64b4c68289a3bb3f26c3ea40350cbfdaa97329b4a8e1de2582025e5221c3016aff85bb75118e665 paxmark"
sha512sums="8bbae69e8159a75abd24b461994ad2c1995529fac1457c48845eec43b7f03b4fe50f49992810978ae15b1854bdf97ed86948f1b48209fd26baabb39384384d52 paxmark"
......@@ -23,8 +23,9 @@ for f in "$@"; do
if [ -n "FAKEROOTKEY" ]; then
# fakeroot does not set xattr's on disk.
# explicitly do that, because the marked binary might
# be executed next during install.
LD_PRELOAD="" FAKEROOTKEY="" attr -q -s pax.flags -V "${xval}" "${f}" >/dev/null || ret=1
# be executed next during install. But don't fail on it
# because if xattr is not supported it's not hardened kernel.
LD_PRELOAD="" FAKEROOTKEY="" attr -q -s pax.flags -V "${xval}" "${f}" &>/dev/null
fi
attr -q -s pax.flags -V "${xval}" "${f}" >/dev/null || ret=1
done
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment