aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Wouter van Kesteren <woutershep@gmail.com> 2015-12-10 23:25:20 +0100
committerAvatar Wouter van Kesteren <woutershep@gmail.com> 2016-01-08 18:59:45 +0100
commitd8b7236f585e5bdcc8446b4cc73a8ec1b32aa887 (patch)
tree2734112e94a6394e70774633c5c9bc94394a8fae
parent5cd1f72f94ddc2858ce5612db967ec62db3bed76 (diff)
downloadpaludis-d8b7236f585e5bdcc8446b4cc73a8ec1b32aa887.tar.gz
paludis-d8b7236f585e5bdcc8446b4cc73a8ec1b32aa887.tar.xz
Let merger check dirnames instead of actual dirs
This should be safe because we dont allow empty directories. So installing a directory into an illegal place would error. The moment a keepdir is done it gets a file in it and then we validate this file instead. So this all works out nicely. Change-Id: I205b21d21a08f0e6afa702f0dc28b8f1d54f047b Reviewed-on: https://galileo.mailstation.de/gerrit/4660 Reviewed-by: Bo ├śrsted Andresen <zlin@exherbo.org>
-rw-r--r--paludis/merger.cc25
-rw-r--r--paludis/repositories/e/permitted_directories.cc4
2 files changed, 16 insertions, 13 deletions
diff --git a/paludis/merger.cc b/paludis/merger.cc
index 333c64e..04f16da 100644
--- a/paludis/merger.cc
+++ b/paludis/merger.cc
@@ -160,9 +160,6 @@ Merger::do_dir_recursive(bool is_check, const FSPath & src, const FSPath & dst)
else
on_error(is_check, "Attempted to install empty directory '" + stringify(dst) + "'");
}
-
- if (! _imp->params.permit_destination()(dst.strip_leading(_imp->params.root().realpath())))
- on_error(is_check, "Not allowed to merge '" + stringify(src) + "' to '" + stringify(dst) + "'");
}
for ( ; d != d_end ; ++d)
@@ -243,13 +240,18 @@ Merger::on_file(bool is_check, const FSPath & src, const FSPath & dst)
Context context("When handling file '" + stringify(src) + "' to '" + stringify(dst) + "':");
const auto staged(dst / src.basename());
- if (is_check &&
- 0 != _imp->params.environment()->perform_hook(extend_hook(
+ if (is_check)
+ {
+ if (0 != _imp->params.environment()->perform_hook(extend_hook(
Hook("merger_check_file_pre")
("INSTALL_SOURCE", stringify(src))
("INSTALL_DESTINATION", stringify(staged))),
_imp->params.maybe_output_manager()).max_exit_status())
- make_check_fail();
+ make_check_fail();
+
+ if (! _imp->params.permit_destination()(dst.strip_leading(_imp->params.root().realpath())))
+ on_error(is_check, "Not allowed to merge '" + stringify(src) + "' to '" + stringify(dst) + "'");
+ }
if (! is_check)
{
@@ -338,13 +340,18 @@ Merger::on_sym(bool is_check, const FSPath & src, const FSPath & dst)
Context context("When handling sym '" + stringify(src) + "' to '" + stringify(dst) + "':");
const auto staged(dst / src.basename());
- if (is_check &&
- 0 != _imp->params.environment()->perform_hook(extend_hook(
+ if (is_check)
+ {
+ if (0 != _imp->params.environment()->perform_hook(extend_hook(
Hook("merger_check_sym_pre")
("INSTALL_SOURCE", stringify(src))
("INSTALL_DESTINATION", stringify(staged))),
_imp->params.maybe_output_manager()).max_exit_status())
- make_check_fail();
+ make_check_fail();
+
+ if (! _imp->params.permit_destination()(dst.strip_leading(_imp->params.root().realpath())))
+ on_error(is_check, "Not allowed to merge '" + stringify(src) + "' to '" + stringify(dst) + "'");
+ }
if (! is_check)
{
diff --git a/paludis/repositories/e/permitted_directories.cc b/paludis/repositories/e/permitted_directories.cc
index 5a17843..bb2d76f 100644
--- a/paludis/repositories/e/permitted_directories.cc
+++ b/paludis/repositories/e/permitted_directories.cc
@@ -51,10 +51,6 @@ PermittedDirectories::add(const FSPath & p, bool b)
bool
PermittedDirectories::permit(const FSPath & p) const
{
- /* otherwise we can't just -/ for "explicit only" */
- if (p == FSPath("/"))
- return true;
-
bool result(true);
for (auto r(_imp->rules.begin()), r_end(_imp->rules.end()) ;