OLD | NEW |
| (Empty) |
1 #!/bin/bash -p | |
2 | |
3 # Copyright (c) 2009 The Chromium Authors. All rights reserved. | |
4 # Use of this source code is governed by a BSD-style license that can be | |
5 # found in the LICENSE file. | |
6 | |
7 # Called as root before Keystone ticket promotion to ensure a suitable | |
8 # environment for Keystone installation. Ultimately, these features should be | |
9 # integrated directly into the Keystone installation. | |
10 # | |
11 # If the two branding paths are given, then the branding information is also | |
12 # copied and the permissions on the system branding file are set to be owned by | |
13 # root, but readable by anyone. | |
14 # | |
15 # Note that this script will be invoked with the real user ID set to the | |
16 # user's ID, but the effective user ID set to 0 (root). bash -p is used on | |
17 # the first line to prevent bash from setting the effective user ID to the | |
18 # real user ID (dropping root privileges). | |
19 # | |
20 # TODO(mark): Remove this script when able. See http://b/2285921 and | |
21 # http://b/2289908. | |
22 | |
23 set -e | |
24 | |
25 # This script runs as root, so be paranoid about things like ${PATH}. | |
26 export PATH="/usr/bin:/usr/sbin:/bin:/sbin" | |
27 | |
28 # Output the pid to stdout before doing anything else. See | |
29 # chrome/browser/cocoa/authorization_util.h. | |
30 echo "${$}" | |
31 | |
32 if [ ${#} -ne 0 ] && [ ${#} -ne 2 ] ; then | |
33 echo "usage: ${0} [USER_BRAND SYSTEM_BRAND]" >& 2 | |
34 exit 2 | |
35 fi | |
36 | |
37 if [ ${#} -eq 2 ] ; then | |
38 USER_BRAND="${1}" | |
39 SYSTEM_BRAND="${2}" | |
40 | |
41 # Make sure that USER_BRAND is an absolute path and that it exists. | |
42 if [ -z "${USER_BRAND}" ] || \ | |
43 [ "${USER_BRAND:0:1}" != "/" ] || \ | |
44 [ ! -f "${USER_BRAND}" ] ; then | |
45 echo "${0}: must provide an absolute path naming an existing user file" >& 2 | |
46 exit 3 | |
47 fi | |
48 | |
49 # Make sure that SYSTEM_BRAND is an absolute path. | |
50 if [ -z "${SYSTEM_BRAND}" ] || [ "${SYSTEM_BRAND:0:1}" != "/" ] ; then | |
51 echo "${0}: must provide an absolute path naming a system file" >& 2 | |
52 exit 4 | |
53 fi | |
54 | |
55 # Make sure the directory for the system brand file exists. | |
56 SYSTEM_BRAND_DIR=$(dirname "${SYSTEM_BRAND}") | |
57 if [ ! -e "${SYSTEM_BRAND_DIR}" ] ; then | |
58 mkdir -p "${SYSTEM_BRAND_DIR}" | |
59 # Permissions on this directory will be fixed up at the end of this script. | |
60 fi | |
61 | |
62 # Copy the brand file | |
63 cp "${USER_BRAND}" "${SYSTEM_BRAND}" >& /dev/null | |
64 | |
65 # Ensure the right ownership and permissions | |
66 chown "root:wheel" "${SYSTEM_BRAND}" >& /dev/null | |
67 chmod "a+r,u+w,go-w" "${SYSTEM_BRAND}" >& /dev/null | |
68 | |
69 fi | |
70 | |
71 OWNER_GROUP="root:admin" | |
72 CHMOD_MODE="a+rX,u+w,go-w" | |
73 | |
74 LIB_GOOG="/Library/Google" | |
75 if [ -d "${LIB_GOOG}" ] ; then | |
76 # Just work with the directory. Don't do anything recursively here, so as | |
77 # to leave other things in /Library/Google alone. | |
78 chown -h "${OWNER_GROUP}" "${LIB_GOOG}" >& /dev/null | |
79 chmod -h "${CHMOD_MODE}" "${LIB_GOOG}" >& /dev/null | |
80 | |
81 LIB_GOOG_GSU="${LIB_GOOG}/GoogleSoftwareUpdate" | |
82 if [ -d "${LIB_GOOG_GSU}" ] ; then | |
83 chown -Rh "${OWNER_GROUP}" "${LIB_GOOG_GSU}" >& /dev/null | |
84 chmod -R "${CHMOD_MODE}" "${LIB_GOOG_GSU}" >& /dev/null | |
85 | |
86 # On the Mac, or at least on HFS+, symbolic link permissions are | |
87 # significant, but chmod -R and -h can't be used together. Do another | |
88 # pass to fix the permissions on any symbolic links. | |
89 find "${LIB_GOOG_GSU}" -type l -exec chmod -h "${CHMOD_MODE}" {} + >& \ | |
90 /dev/null | |
91 | |
92 # TODO(mark): If GoogleSoftwareUpdate.bundle is missing, dump TicketStore | |
93 # too? | |
94 fi | |
95 fi | |
96 | |
97 exit 0 | |
OLD | NEW |