]> git.plutz.net Git - bootimage/commitdiff
projects / bootimage / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a41f69a)
make sure config trees have correct permission
authorPaul Hänsch <paul@plutz.net>
Sun, 24 Jun 2018 16:52:30 +0000 (18:52 +0200)
committerPaul Hänsch <paul@plutz.net>
Sun, 24 Jun 2018 16:52:30 +0000 (18:52 +0200)
Makefile patch | blob | history
permissions.mk [new file with mode: 0644] patch | blob

diff --git a/Makefile b/Makefile
index a80a8a73fac6f26b11b3c992c99d400f97fcd6df..9b3579004d63ddc815a0325a3888ac0568a0a7b4 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -16,7 +16,7 @@ stretch_%_root/bin/sh:
        chmod 755 "$(subst bin/sh,,$@)"
        debootstrap --arch=${ARCH} --variant=minbase stretch "$(subst bin/sh,,$@)"
 
-stretch_%_root/: stretch_%_root/bin/sh ${CONFIG} .FORCE
+stretch_%_root/: stretch_%_root/bin/sh ${CONFIG} permissions .FORCE
        for tree in ${CONFIG}; do for file in apt default timezone; do cp -av "$$tree/etc/$$file" "$@/etc/" || true; done; done
        chroot "$@" ln -sf /bin/true /usr/local/sbin/invoke-rc.d
        chroot "$@" sh -c 'apt-mark showmanual |xargs apt-mark auto || true'
@@ -32,7 +32,7 @@ stretch_%_root/: stretch_%_root/bin/sh ${CONFIG} .FORCE
        chroot "$@" apt-get clean
        touch "$@"
 
-stretch_%_config/: stretch_%_root/ ${CONFIG} .FORCE
+stretch_%_config/: stretch_%_root/ ${CONFIG} permissions .FORCE
        btrfs subvolume delete "$@" || rm -r "$@" || true
        btrfs subvolume snapshot "$<" "$@" || cp -rlv "$<" "$@"
        cp -av $(addsuffix /*, ${CONFIG}) "$@"
diff --git a/permissions.mk b/permissions.mk
new file mode 100644 (file)
index 0000000..92a8ee0
--- /dev/null
+++ b/permissions.mk
@@ -0,0 +1,17 @@
+.PHONY: permissions
+
+permissions: ${CONFIG} .FORCE                                                                                           
+       chown -R root:root config_*/ 
+       chmod 0755 config_*/
+       -chmod -R a+rX config_*/etc/
+       -chmod -R a+rX config_*/var/
+       -chmod 0700 config_*/var/lib/polkit-1/
+       -chmod 0750 config_*/root/
+       -chmod 0700 config_*/root/.ssh/
+       -chmod 0600 config_*/root/.ssh/authorized_keys
+       -chmod 0750 config_*/home/*/
+       -chmod 0700 config_*/home/*/.ssh/
+       -chmod 0600 config_*/home/*/.ssh/authorized_keys
+       -chgrp -R 107 config_*/var/spool/cron/crontabs/
+       -chmod 1730 config_*/var/spool/cron/crontabs/
+       -chmod 0600 config_*/var/spool/cron/crontabs/*
Build uniform system images for booting linux from network and hdd.