I would like to create a package containing a program that is owned by root
and is setuid to run as root. Up to now I have been setting the setuid bit
in the post-install script, but this causes the program to be spilled, which
is annoying down the road when overwriting the package with a newer one. Is
there a way to ensure that the program will be setuid in the package file
system?
Thanks,
Andrew
Hi Andrew. You can add a permissions=“u+s” to your QPG:
<QPG:Add file=“myfile” permissions=“u+s” install="/usr/bin/"/>
Jerry Chappell
jchappell@qnx.com
Actually, you can even do this:
<QPG:Add file=“myfile” permissions=“u+s” user=“root:root”
install="/usr/bin/"/>
Also, make sure you run packager as root.
Jerry Chappell
“Jerry Chappell” <jchappell@cyberus.ca> wrote in message
news:ac0p7f$rei$1@nntp.qnx.com…
Actually, you can even do this:
QPG:Add file=“myfile” permissions=“u+s” user=“root:root”
install="/usr/bin/"/Also, make sure you run packager as root.
Thanks, Jerry. I knew you’d have an answer for that one. 
I couldn’t
find your white
papers on the .qpg format. Can you remind me where they are? BTW, the link
on the
QNX web site to the white papers is broken: go to
http://qdn.qnx.com/support/docs/index.html
and click on “white papers” to see what I mean.
Best regards,
Andrew
“Jerry Chappell” <jchappell@cyberus.ca> wrote in message
news:ac0p7f$rei$1@nntp.qnx.com…
Actually, you can even do this:
QPG:Add file=“myfile” permissions=“u+s” user=“root:root”
install="/usr/bin/"/
Of course, now another question…
Is there a way to tell the packager that I want a particular file to be
setuid without
"Add"ing it? I put all the files into the package using directories and
wildcards, so
the setuid files are grabbed as part of that. If I “Add” them again, will
this cause a
problem?
Thanks,
Andrew
Ah, now you’re getting complicated. Thus, a complicated solution:
<QPG:Add type=“tree” file=“mydirectory” install="/">
<QPG:Rule argument="*/x86/myapp" user=“root:root” permissions=“u+s”/>
</QPG:Add>
So that any file in the tree that matches the regexp argument specified will
have the attributes specified in the rule applied to that file.
Jerry
Now that’s cool!
“Jerry Chappell” <jchappell@cyberus.ca> wrote in message
news:ac0qom$snp$1@nntp.qnx.com…
Ah, now you’re getting complicated. Thus, a complicated solution:
QPG:Add type=“tree” file=“mydirectory” install="/"
QPG:Rule argument="*/x86/myapp" user=“root:root” permissions=“u+s”/
/QPG:AddSo that any file in the tree that matches the regexp argument specified
will
have the attributes specified in the rule applied to that file.Jerry
“Jerry Chappell” <jchappell@cyberus.ca> wrote in message
news:ac0qom$snp$1@nntp.qnx.com…
Ah, now you’re getting complicated. Thus, a complicated solution:
QPG:Add type=“tree” file=“mydirectory” install="/"
QPG:Rule argument="*/x86/myapp" user=“root:root” permissions=“u+s”/
/QPG:AddSo that any file in the tree that matches the regexp argument specified
will
have the attributes specified in the rule applied to that file.
That worked perfectly. Thanks for the quick feedback. This one has been
niggling
at me forever and I’m glad to have it fixed.
Thanks a lot,
Andrew
Thanks, that was one of my own additions to packager. There are also options
to be able to prevent packages from being packaged, and to skip subsequent
rules, to make a type of interpreted interaction:
<QPG:Add type=“tree” file=“mydirectory” install="/">
<QPG:Rule argument=“config/" match=“skip” skip=“2”
component=“config”/>
<QPG:Rule argument="special/” match=“skip” skip=“1”/>
<QPG:Rule argument="/x86/myapp" user=“root:root”
permissions=“u+s”/>
<QPG:Rule argument="/CVS/*" match=“exclude”/>
</QPG:Add>
Jerry Chappell
“Bill Caroselli (Q-TPS)” <QTPS@EarthLink.net> wrote in message
news:ac0s1r$hgk$1@inn.qnx.com…
Now that’s cool!
“Jerry Chappell” <> jchappell@cyberus.ca> > wrote in message
news:ac0qom$snp$> 1@nntp.qnx.com> …
Ah, now you’re getting complicated. Thus, a complicated solution:QPG:Add type=“tree” file=“mydirectory” install="/"
QPG:Rule argument="*/x86/myapp" user=“root:root”
permissions=“u+s”/
/QPG:AddSo that any file in the tree that matches the regexp argument specified
will
have the attributes specified in the rule applied to that file.Jerry
\
Huh what?
I never run packager as root and it works fine anyway Jerry.
regards,
Alain.
Jerry Chappell wrote:
Actually, you can even do this:
QPG:Add file=“myfile” permissions=“u+s” user=“root:root”
install="/usr/bin/"/Also, make sure you run packager as root.
Jerry Chappell
\
Houla, not too fast!
Could you tell a little bit more about match=“skip”, skip=“1”?
As we are on the package subject, would it be possible to add some other
application’s categories more industry oriented. Existing ones are very
‘specific’ to desktop.
Thanks,
Alain.
Jerry Chappell wrote:
Thanks, that was one of my own additions to packager. There are also options
to be able to prevent packages from being packaged, and to skip subsequent
rules, to make a type of interpreted interaction:QPG:Add type=“tree” file=“mydirectory” install="/"
QPG:Rule argument=“config/" match=“skip” skip=“2”
component=“config”/
QPG:Rule argument="special/” match=“skip” skip=“1”/
QPG:Rule argument="/x86/myapp" user=“root:root”
permissions=“u+s”/
QPG:Rule argument="/CVS/*" match=“exclude”/
/QPG:AddJerry Chappell
“Bill Caroselli (Q-TPS)” <> QTPS@EarthLink.net> > wrote in message
news:ac0s1r$hgk$> 1@inn.qnx.com> …Now that’s cool!
“Jerry Chappell” <> jchappell@cyberus.ca> > wrote in message
news:ac0qom$snp$> 1@nntp.qnx.com> …Ah, now you’re getting complicated. Thus, a complicated solution:
QPG:Add type=“tree” file=“mydirectory” install="/"
QPG:Rule argument="*/x86/myapp" user=“root:root”permissions=“u+s”/
/QPG:Add
So that any file in the tree that matches the regexp argument specified
will
have the attributes specified in the rule applied to that file.
Jerry
\
Sure it works fine. But as soon as you want to put a file into that package
which is owned by root, and/or has setuid or similar priviledges, then
you’re going to have to run packager as root for it to copy those files
around and create the packages.
Jerry
The QPG:Rule line(s) inside a QPG:Add element defines:
(1) The type of search to perform (search=“pattern”) is the default, meaning
that whatever argument you specify must match against the filename.
(search=“path”) means it has to match using ‘/’ as a special delimiter (see
docs for fnmatch for how this works).
(2) What argument to apply (argument=“regexp/filename”).
(3) What to do when a match is found (match=“stop”) says to stop processing
rules, (match=“skip”) indicates that control will not go to the next rule
(see below), (match=“exclude”) stops rule processing and removes this file
from the list of files to be packaged.
(4) If you selected (match=“skip”), then you also specify to which rule the
processing should skip. You can put (skip=“3”) to skip the next 3 rules, or
(skip=“config”) tells it to move to the first rule in this block with a
(label=“config”) matching attribute.
Rules are normally used only with (type=“tree”) Add lines, so that you can
define how to handle certain types of files within a tree of files to be
packaged. The QPG:Rule line is documented at the end of this document
(http://qdn.qnx.com/articles/sep1401/QPGtags.htm).
For the industry-oriented topics, why don’t you suggest some new ones and
I’ll try to add them for the next release (no promises, okay?) Maybe you
could generate some gif icons too, just like the ones in
/usr/share/icons/topics?
Jerry
I forgot to mention that match=" " is optional, and if it’s not specified,
then all attributes on the line (besides the ones mentioned as part of the
QPG:Rule will be applied to the file being added, so that you can change
its options to packager.
Also, if you use the $(PROCESSOR) macro in an argument attribute, it will
match any packager-known processor, and then if you use the $(PROCESSOR)
macro in another attribute, it will be substituted with the same processor
that was matched in the argument. This allows you to put files into a
proc-specific package even if it isn’t a proc-specific file inherently.
<QPG:Rule argument="/$(PROCESSOR)/usr/bin/*" proc="$(PROCESSOR"/>