Added _debug_manifest to set SMACK label to "_" for debug packages

Tizen debuginfo and debugsource packages have arbitrary SMACK labels, which are
inherited from the process that performs installation.

Sometimes this leads to "Access denied" while reading debuginfo by tools.

Change-Id: I321a327ba8bf651b4875df42082522f4867cadee
Signed-off-by: Slava Barinov <v.barinov@samsung.com>

diff --git a/build/files.c b/build/files.c
index bb25925..c4d54fc 100644 (file)
--- a/build/files.c
+++ b/build/files.c
@@ -2307,6 +2307,9 @@ static void addDebuginfoPackage(rpmSpec spec, Package pkg, char *buildroot)
            if (access (tmp, F_OK) != 0)
              continue;
 
+           /* Add security manifest to set right SMACK labels */
+           argvAdd(&files, "%manifest %{name}-debuginfo.manifest");
+
            /* Append the file list preamble.  */
            if (!files)
              {

diff --git a/macros.in b/macros.in
index 789b33d..063e7d4 100644 (file)
--- a/macros.in
+++ b/macros.in
@@ -185,7 +185,7 @@
 %_find_debuginfo_ko_strip_opts %{?_rpm_ko_strip_option:\'--strip-ko-option=%{_rpm_ko_strip_option}\'}
 
 %__debug_install_post   \
-   %{_rpmconfigdir}/find-debuginfo.sh %{?_missing_build_ids_terminate_build:--strict-build-id} %{?_find_debuginfo_opts} %{?_find_debuginfo_strip_opts} %{?_find_debuginfo_ko_strip_opts} "%{_builddir}/%{?buildsubdir}"\
+   %{_rpmconfigdir}/find-debuginfo.sh %{?_missing_build_ids_terminate_build:--strict-build-id} %{?_find_debuginfo_opts} %{?_find_debuginfo_strip_opts} %{?_find_debuginfo_ko_strip_opts} "%{_builddir}/%{?buildsubdir}" %{?_install_debug_manifest} \
 %{nil}
 
 #      Template for debug information sub-package.
@@ -201,6 +201,7 @@ Debug sources are useful when developing applications that use this\
 package or when debugging this package.\
 %files debugsource -f debugsources.list\
 %defattr(-,root,root)\
+%manifest %{name}-debugsource.manifest \
 %{nil}
 
 %_defaultdocdir                %{_datadir}/doc/packages
@@ -1186,4 +1187,3 @@ end}
 /usr/sbin/groupadd -o -r %{1} 2>/dev/null || :\
 /usr/sbin/useradd -o -r -g %{1} -d %{2} -s %{3} -c %{4} %{1} 2>/dev/null || :\
 %{nil}
-

diff --git a/packaging/debug.manifest b/packaging/debug.manifest
new file mode 100644 (file)
index 0000000..017d22d
--- /dev/null
+++ b/packaging/debug.manifest
@@ -0,0 +1,5 @@
+<manifest>
+ <request>
+    <domain name="_"/>
+ </request>
+</manifest>

diff --git a/packaging/rpm-tizen_macros b/packaging/rpm-tizen_macros
index 5df91fb..fedf728 100644 (file)
--- a/packaging/rpm-tizen_macros
+++ b/packaging/rpm-tizen_macros
@@ -325,3 +325,10 @@ to develop applications that require %{name}.\
 %posttrans(n:) %%posttrans %{?-n:-n %{-n*}}%{*} \
 echo "Running %{?-n:%{-n*}}%{!?-n:%{name}%{?1:-%{1}}} %%posttrans script" \
 %{nil}
+
+%_debug_manifest %{_rpmconfigdir}/debug.manifest
+
+%_install_debug_manifest \
+   cp %{_debug_manifest} %{_builddir}/%{?buildsubdir}/%{name}-debuginfo.manifest \
+   cp %{_debug_manifest} %{_builddir}/%{?buildsubdir}/%{name}-debugsource.manifest \
+%{nil}

diff --git a/packaging/rpm.spec b/packaging/rpm.spec
index b5109ff..4897db8 100644 (file)
--- a/packaging/rpm.spec
+++ b/packaging/rpm.spec
@@ -45,6 +45,7 @@ Source8:        rpmconfigcheck
 Source13:       find-docs.sh
 Source22:       device-sec-policy
 Source23:       find-provides.ksyms
+Source24:       debug.manifest
 Source1001:     rpm.manifest
 Source0:        rpm-%{version}.tar.bz2
 Source9:        libsymlink.attr
@@ -201,6 +202,7 @@ install -m 755 scripts/find-supplements %{buildroot}%{rpmhome}
 install -m 755 scripts/find-supplements.ksyms %{buildroot}%{rpmhome}
 install -m 755 scripts/firmware.prov %{buildroot}%{rpmhome}
 install -m 755 scripts/debuginfo.prov %{buildroot}%{rpmhome}
+install -m 644 %{SOURCE24} %{buildroot}%{rpmhome}
 rm -f %{buildroot}%{rpmlibdir}/locale %{buildroot}%{rpmlibdir}/rpmrc
 mkdir -p %{buildroot}%{_sysconfdir}/rpm
 chmod 755 %{buildroot}%{_sysconfdir}/rpm
@@ -309,6 +311,7 @@ rm -f %{_dbpath}/Filemd5s \
 %{rpmhome}/*.req
 %{rpmhome}/macros.*
 %{rpmhome}/fileattrs
+%{rpmhome}/debug.manifest
 %ifarch aarch64 ppc64le
 %{rpmhome}/config.*
 %endif