Linux Malware Detect on shared hosting - linux

I am trying to install the excellent http://www.rfxn.com/projects/linux-malware-detect/ on a shared hosting.
I have changed the inspath to my local dir but it gives errors on creating symbolic links, read only on /usr/lib/, and finally /usr/local/maldetect/conf.maldet not found.
Thanks for any help. I think solving this would prove very useful to a lot of people.
Here's the error:
./install.sh
ln: creating symbolic link `/usr/local/sbin/maldet' to `/home6/anton/mal/maldet': No such file or directory
ln: creating symbolic link `/usr/local/sbin/lmd' to `/home6/anton/mal/maldet': No such file or directory
cp: cannot create regular file `/usr/lib/libinotifytools.so.0': Read-only file system
Linux Malware Detect v1.3.9
(C) 2002-2011, R-fx Networks <proj#r-fx.org>
(C) 2011, Ryan MacDonald <ryan#r-fx.org>
inotifywait (C) 2007, Rohan McGovern <rohan#mcgovern.id.au>
This program may be freely redistributed under the terms of the GNU GPL v2
maldet(15528): {glob} /usr/local/maldetect/conf.maldet not found, aborting.
installation completed to /home6/anton/mal
config file: /home6/anton/mal/conf.maldet
exec file: /home6/anton/mal/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
.ca.def: line 1: /usr/local/maldetect/conf.maldet: No such file or directory
imported config options from /home6/anton/mal.last/conf.maldet
maldet(15578): {glob} /usr/local/maldetect/conf.maldet not found, aborting.
And here's the install bash:
#!/bin/bash
#
##
# Linux Malware Detect v1.3.9
# (C) 2002-2011, R-fx Networks <proj#r-fx.org>
# (C) 2011, Ryan MacDonald <ryan#r-fx.org>
# inotifywait (C) 2007, Rohan McGovern <rohan#mcgovern.id.au>
# This program may be freely redistributed under the terms of the GNU GPL v2
##
#
inspath=/home6/anton/mal
logf=$inspath/event_log
cnftemp=.ca.def
if [ ! -d "$inspath" ] && [ -d "files" ]; then
mkdir -p $inspath
chmod 750 $inspath
cp -pR files/* $inspath
chmod 750 $inspath/maldet
ln -fs $inspath/maldet /usr/local/sbin/maldet
ln -fs $inspath/maldet /usr/local/sbin/lmd
cp $inspath/inotify/libinotifytools.so.0 /usr/lib/
else
$inspath/maldet -k >> /dev/null 2>&1
mv $inspath $inspath.bk$$
rm -f $inspath.last
ln -fs $inspath.bk$$ $inspath.last
mkdir -p $inspath
chmod 750 $inspath
cp -pR files/* $inspath
chmod 750 $inspath/maldet
ln -fs $inspath/maldet /usr/local/sbin/maldet
ln -fs $inspath/maldet /usr/local/sbin/lmd
cp $inspath/inotify/libinotifytools.so.0 /usr/lib/
cp -f $inspath.bk$$/sess/* $inspath/sess/ >> /dev/null 2>&1
cp -f $inspath.bk$$/tmp/* $inspath/tmp/ >> /dev/null 2>&1
cp -f $inspath.bk$$/quarantine/* $inspath/quarantine/ >> /dev/null 2>&1
fi
if [ -d "/etc/cron.daily" ]; then
cp -f cron.daily /etc/cron.daily/maldet
chmod 755 /etc/cron.daily/maldet
fi
touch $logf
$inspath/maldet --alert-daily
$inspath/maldet --alert-weekly
echo "Linux Malware Detect v1.3.9"
echo " (C) 2002-2011, R-fx Networks <proj#r-fx.org>"
echo " (C) 2011, Ryan MacDonald <ryan#r-fx.org>"
echo "inotifywait (C) 2007, Rohan McGovern <rohan#mcgovern.id.au>"
echo "This program may be freely redistributed under the terms of the GNU GPL"
echo ""
echo "installation completed to $inspath"
echo "config file: $inspath/conf.maldet"
echo "exec file: $inspath/maldet"
echo "exec link: /usr/local/sbin/maldet"
echo "exec link: /usr/local/sbin/lmd"
echo "cron.daily: /etc/cron.daily/maldet"
echo ""
if [ -f "$cnftemp" ] && [ -f "$inspath.bk$$/conf.maldet" ]; then
. files/conf.maldet
. $inspath.bk$$/conf.maldet
. $cnftemp
echo "imported config options from $inspath.last/conf.maldet"
fi
$inspath/maldet --update 1

Most shared hosting doesn't allow its user to access the system folder.
/usr/lib/
/usr/local/
is one example of the system folder. So, I guess you can't install that software due to this limitation.

Related

Identifying architecture dependent location of nsswitch libraries

I have a DEB package which dynamically creates a chroot filesystem in package postinst helper script. The package works fine for x86, amd64, and arm64 on Debian Stretch/Buster/Bullseye and Ubuntu Bionic/Focal/Jammy. However, I recently tried to install it on Raspbian arm32 and it failed.
The problem is that the pathname of the nsswitch libraries is constructed differently than on the other platforms. In other words, the piece meal assembly of the library path using uname -m is not matching what's present in the file-system.
#!/bin/bash -eu
U=chroot_user
UHOME=/home/$U
ARCH=$(uname -m)
function add_executable () {
FROM="$1"; shift
TO="$(basename $FROM)"
if [ $# -ge 1 ]; then
TO=$1; shift
fi
cp "$FROM" "$UHOME/bin/$TO"
ldd "$FROM" | grep "=> /" | awk '{print $3}' | xargs -I '{}' cp '{}' $UHOME/lib/
LIBNAME="ld-linux-$(echo $ARCH | tr '_' '-').so*"
if compgen -G "/lib64/${LIBNAME}" > /dev/null; then
cp /lib64/${LIBNAME} $UHOME/lib64/
elif compgen -G "/lib/${LIBNAME}" > /dev/null; then
cp /lib/${LIBNAME} $UHOME/lib/
fi
}
if [ "$1" = "configure" ]; then
# Create a system user that has restricted bash as its login shell.
IS_USER=$(grep $U /etc/passwd || true)
if [ ! -z "$IS_USER" ]; then
killall -u $U || true
userdel -f $U > /dev/null 2>&1 || true
fi
adduser --system --home ${UHOME} --no-create-home --group --shell /bin/rbash ${U}
# Create a clean usable chroot
rm -rf $UHOME
mkdir -p $UHOME
mkdir -p $UHOME/dev/
mknod -m 666 $UHOME/dev/null c 1 3
mknod -m 666 $UHOME/dev/tty c 5 0
mknod -m 666 $UHOME/dev/zero c 1 5
mknod -m 666 $UHOME/dev/random c 1 8
mknod -m 644 $UHOME/dev/urandom c 1 9
chown root:root $UHOME
chmod 0755 $UHOME
mkdir -p $UHOME/bin
mkdir -p $UHOME/etc
mkdir -p $UHOME/lib
mkdir -p $UHOME/usr
cd $UHOME/usr
ln -s ../bin bin
cd - > /dev/null
cd $UHOME
ln -s lib lib64
cd - > /dev/null
mkdir $UHOME/lib/${ARCH}-linux-gnu
cp /lib/${ARCH}-linux-gnu/libnss* $UHOME/lib/${ARCH}-linux-gnu
cat <<EOT>$UHOME/etc/nsswitch.conf
passwd: files
group: files
EOT
chmod 0444 $UHOME/etc/nsswitch.conf
echo "127.0.0.1 localhost" > $UHOME/etc/hosts
chmod 0444 $UHOME/etc/hosts
if [ -d /etc/terminfo/ ]; then
cp -R /etc/terminfo $UHOME/etc
fi
if [ -d /lib/terminfo/ ]; then
cp -R /lib/terminfo $UHOME/lib
fi
# Add restricted bash and ssh/scp executables into the chroot. There is no
# need for any other executable.
add_executable /bin/bash rbash
add_executable /usr/bin/ssh
add_executable /usr/bin/scp
add_executable /bin/date
add_executable /bin/ls
add_executable /bin/rm
add_executable /bin/mv
add_executable /bin/cp
grep $U /etc/passwd > $UHOME/etc/passwd
grep $U /etc/group > $UHOME/etc/group
mkdir -p $UHOME/.ssh
chmod 700 $UHOME/.ssh
chown -R $U:$U $UHOME/.ssh
# When using SSH to get out of the jail onto localhost machine, we don't want
# to be constantly told about fingerprints and permanently added hosts
mkdir -p $UHOME/home/$U/.ssh
chmod 0700 $UHOME/home/$U/.ssh
chown -R $U:$U $UHOME/home/$U
fi
#DEBHELPER#
exit 0
# vim: set ts=2 sw=2 tw=0 et :
Not in the expected location ... well, more like: the architecture type in uname's output doesn't match the directory name you want to construct ...
But you could find the directory in a different way, since you're on apt based distros.
dpkg -L libnss3 | awk '/libnss3.so/{gsub(/\/libnss3.so/,"",$0);print}'
This worked for me on both Ubuntu 20.04 and Raspbian GNU/Linux 10 (buster)
Raspbian:
$ dpkg -L libnss3 | awk '/libnss3.so/{gsub(/\/libnss3.so/,"",$0);print}'
/usr/lib/arm-linux-gnueabihf
Ubuntu:
$ dpkg -L libnss3 | awk '/libnss3.so/{gsub(/\/libnss3.so/,"",$0);print}'
/usr/lib/x86_64-linux-gnu

Linux shell script to know if the directory (or file) has 777 permission

We give the upmost permission to a file or directory, using this command:
sudo chmod -R 777 directory
Now I want to know if this command is already executed for a given directory.
I know I can use -r for read, -w for write, and -x for execution, in [ test ] blocks.
But I want to know two things:
Is it also a directory?
Does it have those permissions for everyone?
How can I get that info?
Update
Based on #Barmar comment, I came up with this. But it's not working:
if [ stat /Temp | grep -oP "(?<=Access: \()[^)]*" == '' ]; then
echo '/Temp folder has full access'
else
sudo chmod -R 777 /Temp
fi
This command works though:
stat /Temp | grep -oP "(?<=Access: \()[^)]*"
# prints => 0777/drwxrwxrwx
How should I fix the syntax error of my if-else statement?
You don't need to process the output of stat with grep; you can ask stat to only produce the specific information you want. See the man page regarding the --format option. We can for example write:
# ask stat for the file type and mode, and put those values into $1
# and $2
set -- $(stat --format '%F %a' /Temp)
if [[ $1 == directory ]]; then
if [[ $2 == 777 ]]; then
echo "/Temp folder has full access"
else
sudo chmod -R 777 /Temp
fi
else
echo "ERROR: /Temp is not a directory!" >&2
fi
A simple example:
#!/bin/bash
function setfullperm(){
[ -d $1 ] && \
(
[ "$(stat --format '%a' $1)" == "777" ] && \
echo "Full permissions are applied." || \
( echo "Setting full permissions" && sudo chmod -R 777 $1 )
) || \
( echo "$1 is not a directory !" && mkdir $1 && setfullperm $1 )
}
export setfullperm
Source the script:
$ source example.sh
Set full permissions (777) on any directory, it tests if the directory exists in the first place, if not it will create it and set the permissions.
It will export the function setfullperm to the shell so you can run it:
>$ setfullperm ali
ali is not a directory !
mkdir: created directory 'ali'
Setting full permissions
>$ setfullperm ali
Full permissions are applied.
If using zsh (But not other shells), you can do it with just a glob pattern:
setopt extended_glob null_glob
if [[ -n /Temp(#q/f777) ]]; then
echo '/Temp folder has full access'
else
sudo chmod -R 777 /Temp
fi
The pattern /Temp(#q/f777) will, with the null_glob and extended_glob options set, expand to an empty string if /Temp is anything but a directory with the exact octal permissions 0777 (And to /Temp if the criteria are met). For more details, see Glob Qualifiers in the zsh manual.
I don't recommend using stat for this. Though widespread, stat isn't POSIX, which means there's no guarantee that your script will work in the future or work on other platforms. If you're writing scripts for a production environment, I'd urge you to consider a different approach.
You're better off using ls(1)'s -l option and passing the file as an argument. From there you can use cut(1)'s -c option to grab the file mode flags.
Get file type:
ls -l <file> | cut -c1
Also, don't forget about test's -d operator, which tests if a file is a directory.
Get owner permissions:
ls -l <file> | cut -c2-4
and so on.
This approach is POSIX compliant and it avoids the shortcomings of using stat.

why one linux command is working inside conatiner but not in entrpoint.sh

I am using ubuntu 16.04 OS as VM.
While creating container, i have some commands in entrpoint.sh which is not working or behaving as expected but the same command is working when i am manually running inside the container, to be precise below is my simple linux cp command which recursively copy from source to destination and also unzip command.
In my entrypoint.sh I have three commands :
cd /tmp/localization/Tpae7610
unzip \*.zip
cp -r /tmp/localization/Tpae7610/* /home/db2inst1/maximo/
Last two commands are not working when container starts, when I say it's not working it means it is not giving any error but not copying the source contents to destinations as expected also it is not unzipping the .zip files
NOTE: But same command is working as expected when i manually run inside the container.
entrypoint.sh
#!/bin/bash
sysctl -w kernel.shmmni=1024
sysctl -w kernel.shmall=2097152
sysctl -w kernel.msgmnb=65536
sysctl -w kernel.msgmax=65536
sysctl -w kernel.msgmni=4096
sysctl -w kernel.shmmax=4294967296
#set -e
#
# Initialize DB2 instance in a Docker container
#
# # Authors:
# *
#
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
mkdir -p /db2fs
chown db2inst1:db2iadm1 /db2fs
chmod -R 755 /db2fs
#cp /tmp/maxinst.sh /home/db2inst1/maximo/Maximo-7.6-CD/tools/maximo/maxinst.sh
if [ -z "$DB2INST1_PASSWORD" ]; then
echo ""
echo >&2 'error: DB2INST1_PASSWORD not set'
echo >&2 'Did you forget to add -e DB2INST1_PASSWORD=... ?'
exit 1
else
echo "db2inst1:$DB2INST1_PASSWORD" | chpasswd
fi
if [ -z "$LICENSE" ];then
echo ""
echo >&2 'error: LICENSE not set'
echo >&2 "Did you forget to add '-e LICENSE=accept' ?"
exit 1
fi
if [ "${LICENSE}" != "accept" ];then
echo ""
echo >&2 "error: LICENSE not set to 'accept'"
echo >&2 "Please set '-e LICENSE=accept' to accept License before use the DB2 software contained in this image."
exit 1
fi
if [[ $1 = "db2start" ]]; then
echo "Performing botc database start"
if [ ! -d /db2fs/db2inst1 ]; then
echo "Database location does not exist, creating database"
chown -R db2inst1:db2iadm1 /maxdb7605
chown -R db2inst1:db2iadm1 /home/db2inst1/maximo
find /maxdb7605 -type d -exec chmod 755 \{\} \;
find /maxdb7605 -type f -exec chmod 644 \{\} \;
cd /home/db2inst1/maximo
#unzip -o tools.zip && rm tools.zip
#unzip -o applications.zip && rm applications.zip
set -x
cd /home/db2inst1/maximo/tools
if [ ! -f java ]; then
ln -s /home/db2inst1/sqllib/java java
fi
su - db2inst1 <<EOH
db2start
db2 create database maxdb76 on /db2fs dbpath on /db2fs using codeset UTF-8 territory us pagesize 32 K
db2 connect to maxdb76
db2 create bufferpool MAXBUFFPOOL pagesize 32K
db2 grant connect on database to user maximo
db2 GRANT DBADM,SECADM, CREATETAB,BINDADD,CONNECT,CREATE_NOT_FENCED_ROUTINE,IMPLICIT_SCHEMA,LOAD,CREATE_EXTERNAL_ROUTINE,QUIESCE_CONNECT ON DATABASE TO USER maximo
db2 GRANT USAGE on WORKLOAD SYSDEFAULTUSERWORKLOAD TO USER maximo;
db2 create schema maximo authorization maximo
db2 create regular tablespace MAXDATA pagesize 32k managed by automatic storage extentsize 16 overhead 12.67 prefetchsize 16 transferrate 0.18 bufferpool MAXBUFFPOOL dropped table recovery on NO FILE SYSTEM CACHING
db2 grant use of tablespace MAXDATA to user maximo
db2 update db cfg using LOGFILSIZ 5000
db2 update db cfg using LOGPRIMARY 50
db2 update db cfg using LOGSECOND 50
db2 connect reset
db2stop force
db2start
cd /maxdb7605
db2set DB2CODEPAGE=1208
db2 connect to maxdb76
db2 -t -f /maxdb7605/dbschema.sql
db2 -t -f /maxdb7605/dev_grants.sql
db2move maxdb76 LOAD -u maximo -p maximo -l lobs
db2 connect to maxdb76 user maximo using maximo
db2 -x "select 'values nextval for MAXIMO.',sequencename,';' from maxsequence" > /maxdb7605/sequence_update.sql
db2 -t -f /maxdb7605/sequence_update.sql
db2 connect reset
EOH
rm -rf /maxdb7605
set +x
nohup /usr/sbin/sshd -D 2>&1 > /dev/null &
cd /home/db2inst1/maximo/tools/maximo
chmod +x TDToolkit.sh
chmod +x updatedb.sh
dos2unix TDToolkit.sh
dos2unix updatedb.sh
./updatedb.sh
export JAVA_HOME=/opt/ibm/java-x86_64-70
export JRE_HOME=/opt//home/db2inst1/maximoibm/java-x86_64-70/jre
export PATH=${JAVA_HOME}/bin:$PATH
cd /
cd /tmp/localization/Tpae7610
unzip \*.zip
cp -a /tmp/localization/Tpae7610/* /home/db2inst1/maximo/
cd /tmp/localization/Lightning7604
unzip \*.zip
cp -a /tmp/localization/Lightning7604/* /home/db2inst1/maximo/
cd /tmp/localization/BOTC7610
unzip \*.zip
cp -a /tmp/localization/BOTC7610/* /home/db2inst1/maximo/
cd /tmp
#remove localization folder from tmp folder
rm -rf localization
cd /home/db2inst1/maximo/tools/maximo
#./TDToolkit.sh -addlangPT -useexpander
#./TDToolkit.sh -addlangJA -useexpander
#./TDToolkit.sh -addlangDE -useexpander
#./TDToolkit.sh -addlangIT -useexpander
#./TDToolkit.sh -addlangFR -useexpander
#./TDToolkit.sh -addlangES -useexpander
#./TDToolkit.sh -pmpupdatenxtgenui -useexpander
# ./TDToolkit.sh -pmpupdatez_botc -useexpander
chmod -R 777 /home/db2inst1/maximo/tools/maximo/log
#healthcheck looks for this file to indicate the container is initialized
touch /tmp/container_started
while true; do sleep 1000; done
exec "/bin/bash"
#statements
else
su - db2inst1 <<EOH
db2start
db2 catalog db maxdb76 on /db2fs
db2 terminate
db2 connect to maxdb76
EOH
touch /tmp/container_started
while true; do sleep 1000; done
exec "/bin/bash"
fi
sleep 10
fi
Either the files under the directory /tmp/localization/Tpae7610/ are not having permissions.
Try the command cp -v ( verbose will show the file copied)
Comment the rm -rf localization in the script. Then debug the script.

Creating a docker Base Image

I have a private Linux distribution (based on redhat7).
I have an ISO file which holds the installation of that distribution, which can be used to install the OS on a clear system only.
I have some programs I would like to run as images on docker, each program on a different image.
Each program can only run on my Linux environment and so I am looking for a way to create the appropriate images, so they can be ran under docker.
I tried following Solomon instructions here:
mkdir rootfs
mount -o loop /path/to/iso rootfs
tar -C rootfs -c . | docker import - rich/mybase
But I don't know how to proceed. I can't run any command since the machine isn't running yet (no /bin/bash/ etc.)
How can I open the installation shell?
Is there a better way to run programs via docker on a private Linux distribution?
(Just to be clear, the programs can run only on that specific OS and that OS can only be installed on a clear machine. Not sure if I need a base image but I'd like to run these programs with Docker and that is possible only over this OS)
I ran into many questions like mine (like this) but I couldn't find answer that helped me.
Assumption
Server A where the ISO will be mount
Server R your private repositoy
Server N where container will be run
All server can connect to server R.
How to
build a base image as mentioned in your OP (named base/myimage)
Push the image to your private repository https://docs.docker.com/registry/deploying/
Create application images from your base base/myimage then push them to your private repo
From Server N, run the application image
docker run application/myapp
This script is from the official Docker contrib repo. It's used to create CentOS images from scratch. It should work with any Redhat/Centos based system and gives you plenty of control over the various steps. Anything beyond that you can then modify post-base-image through a Dockerfile.
The file is here
#!/usr/bin/env bash
#
# Create a base CentOS Docker image.
#
# This script is useful on systems with yum installed (e.g., building
# a CentOS image on CentOS). See contrib/mkimage-rinse.sh for a way
# to build CentOS images on other systems.
usage() {
cat <<EOOPTS
$(basename $0) [OPTIONS] <name>
OPTIONS:
-p "<packages>" The list of packages to install in the container.
The default is blank.
-g "<groups>" The groups of packages to install in the container.
The default is "Core".
-y <yumconf> The path to the yum config to install packages from. The
default is /etc/yum.conf for Centos/RHEL and /etc/dnf/dnf.conf for Fedora
EOOPTS
exit 1
}
# option defaults
yum_config=/etc/yum.conf
if [ -f /etc/dnf/dnf.conf ] && command -v dnf &> /dev/null; then
yum_config=/etc/dnf/dnf.conf
alias yum=dnf
fi
install_groups="Core"
while getopts ":y:p:g:h" opt; do
case $opt in
y)
yum_config=$OPTARG
;;
h)
usage
;;
p)
install_packages="$OPTARG"
;;
g)
install_groups="$OPTARG"
;;
\?)
echo "Invalid option: -$OPTARG"
usage
;;
esac
done
shift $((OPTIND - 1))
name=$1
if [[ -z $name ]]; then
usage
fi
target=$(mktemp -d --tmpdir $(basename $0).XXXXXX)
set -x
mkdir -m 755 "$target"/dev
mknod -m 600 "$target"/dev/console c 5 1
mknod -m 600 "$target"/dev/initctl p
mknod -m 666 "$target"/dev/full c 1 7
mknod -m 666 "$target"/dev/null c 1 3
mknod -m 666 "$target"/dev/ptmx c 5 2
mknod -m 666 "$target"/dev/random c 1 8
mknod -m 666 "$target"/dev/tty c 5 0
mknod -m 666 "$target"/dev/tty0 c 4 0
mknod -m 666 "$target"/dev/urandom c 1 9
mknod -m 666 "$target"/dev/zero c 1 5
# amazon linux yum will fail without vars set
if [ -d /etc/yum/vars ]; then
mkdir -p -m 755 "$target"/etc/yum
cp -a /etc/yum/vars "$target"/etc/yum/
fi
if [[ -n "$install_groups" ]];
then
yum -c "$yum_config" --installroot="$target" --releasever=/ --setopt=tsflags=nodocs \
--setopt=group_package_types=mandatory -y groupinstall $install_groups
fi
if [[ -n "$install_packages" ]];
then
yum -c "$yum_config" --installroot="$target" --releasever=/ --setopt=tsflags=nodocs \
--setopt=group_package_types=mandatory -y install $install_packages
fi
yum -c "$yum_config" --installroot="$target" -y clean all
cat > "$target"/etc/sysconfig/network <<EOF
NETWORKING=yes
HOSTNAME=localhost.localdomain
EOF
# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb --keep-services "$target".
# locales
rm -rf "$target"/usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
# docs and man pages
rm -rf "$target"/usr/share/{man,doc,info,gnome/help}
# cracklib
rm -rf "$target"/usr/share/cracklib
# i18n
rm -rf "$target"/usr/share/i18n
# yum cache
rm -rf "$target"/var/cache/yum
mkdir -p --mode=0755 "$target"/var/cache/yum
# sln
rm -rf "$target"/sbin/sln
# ldconfig
rm -rf "$target"/etc/ld.so.cache "$target"/var/cache/ldconfig
mkdir -p --mode=0755 "$target"/var/cache/ldconfig
version=
for file in "$target"/etc/{redhat,system}-release
do
if [ -r "$file" ]; then
version="$(sed 's/^[^0-9\]*\([0-9.]\+\).*$/\1/' "$file")"
break
fi
done
if [ -z "$version" ]; then
echo >&2 "warning: cannot autodetect OS version, using '$name' as tag"
version=$name
fi
tar --numeric-owner -c -C "$target" . | docker import - $name:$version
docker run -i -t --rm $name:$version /bin/bash -c 'echo success'
rm -rf "$target"

Installing a custom RPM hangs when trying to run a post-install script

I'm building an RPM with my own code and am running into an issue where the RPM is hanging when I install it with yum if I try to launch something as part of the post-install script. For some background, this is a virtual appliance where we've replaced the shell with a program with minimal configuration options. Previously, I couldn't get the program to load via the post-install options in my spec file; it causes the 'installing' line during a yum install to hang. I put a bandaid on it by having a reboot occur. I need this menu to load after installation, but everything I've tried results in yum hanging on the 'installing' line. My latest attempt; using the trap command, causes the same hang. Does anyone have any other ideas?
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}
%description
Installs the program.
%prep
%setup -q
%install
rsync -ar /home/makerpm/rpmbuild/BUILD/%{name}-%{version}/ /home/makerpm/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64
find $RPM_BUILD_ROOT -not -type d -printf "%%%attr(%%m,root,root) %%p\n" | sed -e "s|$RPM_BUILD_ROOT||g" > %{_tmppath}/%{name}_contents.txt
%clean
rm -rf ${RPM_BUILD_ROOT}
rm -rf %{_tmppath}/*
rm -rf ${RPM_BUILD_DIR}/*
%changelog
* Sun Jan 25 2014 - %{version} - Modified menu with trap ability so the first reboot isn't required.
%post
function finish {
/bin/launcher
}
chmod 755 /bin/launcher
cat /etc/shells | grep "/bin/launcher"
if [ $? -eq 1 ]
then
echo "/bin/bash" >> /etc/shells
fi
chsh -s /bin/launcher root
trap finish EXIT
#List of all files to be extracted
%files -f %{_tmppath}/%{name}_contents.txt

Resources