aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Ciaran McCreesh <ciaran.mccreesh@googlemail.com> 2007-03-22 19:40:24 +0000
committerAvatar Ciaran McCreesh <ciaran.mccreesh@googlemail.com> 2007-03-22 19:40:24 +0000
commit175c799239294d202f0482fd5704b529fd0830de (patch)
treead6b9daa455c396cd7c54fd258b4903c85565361
parent906f9be9f7b137bb5350a20676a833a26454fca8 (diff)
downloadpaludis-175c799239294d202f0482fd5704b529fd0830de.tar.gz
paludis-175c799239294d202f0482fd5704b529fd0830de.tar.xz
More userpriv work
-rw-r--r--paludis/repositories/gentoo/ebuild.cc6
-rw-r--r--paludis/repositories/gentoo/ebuild.sr1
-rw-r--r--paludis/repositories/gentoo/ebuild_entries.cc44
3 files changed, 44 insertions, 7 deletions
diff --git a/paludis/repositories/gentoo/ebuild.cc b/paludis/repositories/gentoo/ebuild.cc
index d652a48..9634dc1 100644
--- a/paludis/repositories/gentoo/ebuild.cc
+++ b/paludis/repositories/gentoo/ebuild.cc
@@ -286,8 +286,10 @@ EbuildFetchCommand::extend_command(const Command & cmd)
.with_setenv("PALUDIS_USE_SAFE_RESUME", fetch_params.safe_resume ? "oohyesplease" : "")
.with_setenv("PALUDIS_PROFILE_DIR", stringify(*fetch_params.profiles->begin()))
.with_setenv("PALUDIS_PROFILE_DIRS", join(fetch_params.profiles->begin(),
- fetch_params.profiles->end(), " "))
- .with_uid_gid(params.environment->reduced_uid(), params.environment->reduced_gid()));
+ fetch_params.profiles->end(), " ")));
+
+ if (fetch_params.userpriv)
+ result.with_uid_gid(params.environment->reduced_uid(), params.environment->reduced_gid());
for (AssociativeCollection<std::string, std::string>::Iterator
i(fetch_params.expand_vars->begin()),
diff --git a/paludis/repositories/gentoo/ebuild.sr b/paludis/repositories/gentoo/ebuild.sr
index 2bc5012..ba8ad2b 100644
--- a/paludis/repositories/gentoo/ebuild.sr
+++ b/paludis/repositories/gentoo/ebuild.sr
@@ -37,6 +37,7 @@ make_class_EbuildFetchCommandParams()
key expand_vars "std::tr1::shared_ptr<const AssociativeCollection<std::string, std::string> >"
key no_fetch bool
key safe_resume bool
+ key userpriv bool
doxygen_comment << "END"
/**
diff --git a/paludis/repositories/gentoo/ebuild_entries.cc b/paludis/repositories/gentoo/ebuild_entries.cc
index 3102e7d..51cc0a5 100644
--- a/paludis/repositories/gentoo/ebuild_entries.cc
+++ b/paludis/repositories/gentoo/ebuild_entries.cc
@@ -35,6 +35,8 @@
#include <fstream>
#include <list>
#include <set>
+#include <sys/types.h>
+#include <grp.h>
using namespace paludis;
@@ -461,6 +463,26 @@ EbuildEntries::install(const QualifiedPackageName & q, const VersionSpec & v,
.distdir(_imp->params.distdir)
.buildroot(_imp->params.buildroot));
+ bool fetch_userpriv_ok(_imp->environment->reduced_gid() != getgid());
+ if (fetch_userpriv_ok)
+ {
+ FSEntry f(_imp->params.distdir);
+ if (f.group() != _imp->environment->reduced_gid())
+ {
+ Log::get_instance()->message(ll_warning, lc_context, "Directory '" +
+ stringify(_imp->params.buildroot) + "' not owned by group '" +
+ stringify(getgrgid(_imp->environment->reduced_gid())->gr_name) + "', cannot enable userpriv");
+ fetch_userpriv_ok = false;
+ }
+ else if (! f.has_permission(fs_ug_group, fs_perm_write))
+ {
+ Log::get_instance()->message(ll_warning, lc_context, "Directory '" +
+ stringify(_imp->params.buildroot) + "' does not group write permission," +
+ "cannot enable userpriv");
+ fetch_userpriv_ok = false;
+ }
+ }
+
EbuildFetchCommand fetch_cmd(command_params,
EbuildFetchCommandParams::create()
.a(archives)
@@ -472,6 +494,7 @@ EbuildEntries::install(const QualifiedPackageName & q, const VersionSpec & v,
.root(stringify(get_root(o.destinations)))
.profiles(_imp->params.profiles)
.no_fetch(fetch_restrict)
+ .userpriv(fetch_userpriv_ok)
.safe_resume(o.safe_resume));
fetch_cmd();
@@ -484,12 +507,23 @@ EbuildEntries::install(const QualifiedPackageName & q, const VersionSpec & v,
+ stringify(v) + "' because no destinations were provided");
bool userpriv_ok((! userpriv_restrict) && (_imp->environment->reduced_gid() != getgid()));
- if (userpriv_ok && FSEntry(_imp->params.buildroot).group() != _imp->environment->reduced_gid())
+ if (userpriv_ok)
{
- Log::get_instance()->message(ll_warning, lc_context, "Directory '" +
- stringify(_imp->params.buildroot) + "' does not have gid '" +
- stringify(_imp->environment->reduced_gid()) + "', cannot enable userpriv");
- userpriv_ok = false;
+ FSEntry f(_imp->params.buildroot);
+ if (f.group() != _imp->environment->reduced_gid())
+ {
+ Log::get_instance()->message(ll_warning, lc_context, "Directory '" +
+ stringify(_imp->params.buildroot) + "' not owned by group '" +
+ stringify(getgrgid(_imp->environment->reduced_gid())->gr_name) + "', cannot enable userpriv");
+ userpriv_ok = false;
+ }
+ else if (! f.has_permission(fs_ug_group, fs_perm_write))
+ {
+ Log::get_instance()->message(ll_warning, lc_context, "Directory '" +
+ stringify(_imp->params.buildroot) + "' does not group write permission," +
+ "cannot enable userpriv");
+ userpriv_ok = false;
+ }
}
EbuildInstallCommandParams install_params(