From 353ce2e521f57318c502c862457dc859d8d181a6 Mon Sep 17 00:00:00 2001
From: Paul Spooren <mail@aparcar.org>
Date: Fri, 7 Aug 2020 11:13:00 -1000
Subject: [PATCH] build: ipkg-build use fakeroot with PKG_FILE_MODES

The `ipkg-build` script converts a folder into a `opkg` installable
package. Until now it would use root:root for all packages and try to
preserve file modes.

This has the two drawbacks of packages want to add non-root files or add
SUID files, like the `sudo` package does.

To give more flexibility regarding file modes and avoid init script
hacks, a new variable called `PKG_FILE_MODES`. The variable contains a
list of files modes in the format `path:owner:group:mode`.

An example for the `sudo` package below:

```
PKG_FILE_MODES:=\
        /usr/bin/sudo:root:root:4755 \
        /etc/sudoers:root:root:0440
```

The `ipkg-build` now runs within a fakeroot environment to set any mode
and directly store it in the resulting `ipk` package archive.

Both options `-o` and `-g` are no longer required due to the introduction
of the more flexible `-m` options, which takes the `PKG_FILE_MODES` as
input.

Lastly the option `-c` is removed as it's unused within the script.

Signed-off-by: Paul Spooren <mail@aparcar.org>
---
 include/package-ipkg.mk |  6 +-----
 scripts/ipkg-build      | 41 +++++++++++++++++++++++++----------------
 2 files changed, 26 insertions(+), 21 deletions(-)

diff --git a/include/package-ipkg.mk b/include/package-ipkg.mk
index 622cbf3223..d8b65433c2 100644
--- a/include/package-ipkg.mk
+++ b/include/package-ipkg.mk
@@ -9,10 +9,6 @@ ifndef DUMP
   include $(INCLUDE_DIR)/feeds.mk
 endif
 
-# invoke ipkg-build with some default options
-IPKG_BUILD:= \
-  $(SCRIPT_DIR)/ipkg-build -c -o 0 -g 0
-
 IPKG_REMOVE:= \
   $(SCRIPT_DIR)/ipkg-remove
 
@@ -262,7 +258,7 @@ $(_endef)
     endif
 
 	$(INSTALL_DIR) $$(PDIR_$(1))
-	$(IPKG_BUILD) $$(IDIR_$(1)) $$(PDIR_$(1))
+	$(FAKEROOT) $(SCRIPT_DIR)/ipkg-build -m "$(PKG_FILE_MODES)" $$(IDIR_$(1)) $$(PDIR_$(1))
 	@[ -f $$(IPKG_$(1)) ]
 
     $(1)-clean:
diff --git a/scripts/ipkg-build b/scripts/ipkg-build
index 6e027bc546..0cbab9074e 100755
--- a/scripts/ipkg-build
+++ b/scripts/ipkg-build
@@ -77,23 +77,15 @@ pkg_appears_sane() {
 ###
 # ipkg-build "main"
 ###
-ogargs=""
-noclean=0
-usage="Usage: $0 [-c] [-C] [-o owner] [-g group] <pkg_directory> [<destination_directory>]"
-while getopts "cg:ho:v" opt; do
+file_modes=""
+usage="Usage: $0 [-v] [-h] [-m] <pkg_directory> [<destination_directory>]"
+while getopts "hvm:" opt; do
     case $opt in
-	o ) owner=$OPTARG
-	    ogargs="--owner=$owner"
-	    ;;
-	g ) group=$OPTARG
-	    ogargs="$ogargs --group=$group"
-	    ;;
-	c ) ;;
-	C ) noclean=1;;
 	v ) echo $version
 	    exit 0
 	    ;;
 	h ) 	echo $usage  >&2 ;;
+	m )	file_modes=$OPTARG ;;
 	\? ) 	echo $usage  >&2
 	esac
 done
@@ -144,21 +136,38 @@ tmp_dir=$dest_dir/IPKG_BUILD.$$
 mkdir $tmp_dir
 
 echo $CONTROL > $tmp_dir/tarX
-# Preserve permissions (-p) when creating data.tar.gz as non-root user
-( cd $pkg_dir && $TAR $ogargs -X $tmp_dir/tarX --format=gnu --sort=name -cpf -  --mtime="$TIMESTAMP" . | $GZIP -n - > $tmp_dir/data.tar.gz )
+cd $pkg_dir
+for file_mode in $file_modes; do
+	case $file_mode in
+	/*:*:*:*)
+	    ;;
+	*)
+	    echo "ERROR: file modes must use absolute path and contain user:group:mode"
+	    echo "$file_mode"
+	    exit 1
+	    ;;
+	esac
+	path=$(echo "$file_mode" | cut -d ':' -f 1)
+	user_group=$(echo "$file_mode" | cut -d ':' -f 2-3)
+	mode=$(echo "$file_mode" | cut -d ':' -f 4)
+
+	chown "$user_group" "$pkg_dir/$path"
+	chmod  "$mode" "$pkg_dir/$path"
+done
+$TAR -X $tmp_dir/tarX --format=gnu --sort=name -cpf - --mtime="$TIMESTAMP" . | $GZIP -n - > $tmp_dir/data.tar.gz
 
 installed_size=`stat -c "%s" $tmp_dir/data.tar.gz`
 sed -i -e "s/^Installed-Size: .*/Installed-Size: $installed_size/" \
 	$pkg_dir/$CONTROL/control
 
-( cd $pkg_dir/$CONTROL && $TAR $ogargs --format=gnu --sort=name -cf -  --mtime="$TIMESTAMP" . | $GZIP -n - > $tmp_dir/control.tar.gz )
+( cd $pkg_dir/$CONTROL && $TAR --format=gnu --sort=name -cf -  --mtime="$TIMESTAMP" . | $GZIP -n - > $tmp_dir/control.tar.gz )
 rm $tmp_dir/tarX
 
 echo "2.0" > $tmp_dir/debian-binary
 
 pkg_file=$dest_dir/${pkg}_${version}_${arch}.ipk
 rm -f $pkg_file
-( cd $tmp_dir && $TAR $ogargs --format=gnu --sort=name -cf -  --mtime="$TIMESTAMP" ./debian-binary ./data.tar.gz ./control.tar.gz | $GZIP -n - > $pkg_file )
+( cd $tmp_dir && $TAR --format=gnu --sort=name -cf -  --mtime="$TIMESTAMP" ./debian-binary ./data.tar.gz ./control.tar.gz | $GZIP -n - > $pkg_file )
 
 rm $tmp_dir/debian-binary $tmp_dir/data.tar.gz $tmp_dir/control.tar.gz
 rmdir $tmp_dir
-- 
2.30.2