From 572d4cdd84a8ac620f3f74a68fb669b8e4d61a35 Mon Sep 17 00:00:00 2001
From: Ciaran McCreesh <ciaran.mccreesh@googlemail.com>
Date: Sat, 3 Sep 2011 00:38:56 +0100
Subject: Ban most directories for exheres-0

---
 paludis/repositories/e/do_install_action.cc     | 16 ++++++++++++++++
 paludis/repositories/e/eapi.cc                  |  1 +
 paludis/repositories/e/eapi.hh                  |  2 ++
 paludis/repositories/e/eapis/exheres-0.conf     |  3 +++
 paludis/repositories/e/permitted_directories.cc |  4 ++++
 5 files changed, 26 insertions(+)

diff --git a/paludis/repositories/e/do_install_action.cc b/paludis/repositories/e/do_install_action.cc
index ae3ab0c12..fd241738f 100644
--- a/paludis/repositories/e/do_install_action.cc
+++ b/paludis/repositories/e/do_install_action.cc
@@ -40,6 +40,7 @@
 #include <paludis/util/join.hh>
 #include <paludis/util/make_null_shared_ptr.hh>
 #include <paludis/util/return_literal_function.hh>
+#include <paludis/util/tokeniser.hh>
 
 #include <paludis/action.hh>
 #include <paludis/dep_spec_flattener.hh>
@@ -48,6 +49,7 @@
 #include <paludis/elike_choices.hh>
 #include <paludis/output_manager.hh>
 
+#include <vector>
 #include <algorithm>
 #include <set>
 
@@ -197,6 +199,20 @@ paludis::erepository::do_install_action(
     auto merged_entries(std::make_shared<FSPathSet>());
 
     auto permitted_directories(std::make_shared<PermittedDirectories>());
+    {
+        std::vector<std::string> tokens;
+        tokenise_whitespace(id->eapi()->supported()->permitted_directories(), std::back_inserter(tokens));
+        for (auto t(tokens.begin()), t_end(tokens.end()) ;
+                t != t_end ; ++t)
+        {
+            if (t->at(0) == '-')
+                permitted_directories->add(FSPath(t->substr(1)), false);
+            else if (t->at(0) == '+')
+                permitted_directories->add(FSPath(t->substr(1)), true);
+            else
+                throw InternalError(PALUDIS_HERE, "bad permitted_directories");
+        }
+    }
 
     auto choices(id->choices_key()->parse_value());
     std::shared_ptr<const ChoiceValue> preserve_work_choice(choices->find_by_name_with_prefix(ELikePreserveWorkChoiceValue::canonical_name_with_prefix()));
diff --git a/paludis/repositories/e/eapi.cc b/paludis/repositories/e/eapi.cc
index 1463f1259..aeabc5d07 100644
--- a/paludis/repositories/e/eapi.cc
+++ b/paludis/repositories/e/eapi.cc
@@ -352,6 +352,7 @@ namespace
                         n::iuse_flag_parse_options() = iuse_flag_parse_options,
                         n::merger_options() = merger_options,
                         n::package_dep_spec_parse_options() = package_dep_spec_parse_options,
+                        n::permitted_directories() = check_get(k, "permitted_directories"),
                         n::pipe_commands() = make_pipe_commands(k),
                         n::tools_options() = make_tool_options(k),
                         n::uri_labels() = std::make_shared<const EAPILabels>(check_get(k, "uri_labels")),
diff --git a/paludis/repositories/e/eapi.hh b/paludis/repositories/e/eapi.hh
index ce126c41f..fbdd87789 100644
--- a/paludis/repositories/e/eapi.hh
+++ b/paludis/repositories/e/eapi.hh
@@ -169,6 +169,7 @@ namespace paludis
         typedef Name<struct name_non_empty_variables> non_empty_variables;
         typedef Name<struct name_package_dep_spec_parse_options> package_dep_spec_parse_options;
         typedef Name<struct name_pdepend> pdepend;
+        typedef Name<struct name_permitted_directories> permitted_directories;
         typedef Name<struct name_pipe_commands> pipe_commands;
         typedef Name<struct name_profile_iuse_injection> profile_iuse_injection;
         typedef Name<struct name_properties> properties;
@@ -300,6 +301,7 @@ namespace paludis
             NamedValue<n::iuse_flag_parse_options, IUseFlagParseOptions> iuse_flag_parse_options;
             NamedValue<n::merger_options, MergerOptions> merger_options;
             NamedValue<n::package_dep_spec_parse_options, ELikePackageDepSpecOptions> package_dep_spec_parse_options;
+            NamedValue<n::permitted_directories, std::string> permitted_directories;
             NamedValue<n::pipe_commands, std::shared_ptr<const EAPIPipeCommands> > pipe_commands;
             NamedValue<n::tools_options, std::shared_ptr<const EAPIToolsOptions> > tools_options;
             NamedValue<n::uri_labels, std::shared_ptr<const EAPILabels> > uri_labels;
diff --git a/paludis/repositories/e/eapis/exheres-0.conf b/paludis/repositories/e/eapis/exheres-0.conf
index 603d87e43..18d426f1a 100644
--- a/paludis/repositories/e/eapis/exheres-0.conf
+++ b/paludis/repositories/e/eapis/exheres-0.conf
@@ -37,6 +37,9 @@ fs_location_name = EXHERES
 fs_location_description = Exheres Location
 allow_tokens_in_mask_files = true
 
+permitted_directories = \
+    -/ +/bin +/lib +/lib64 +/lib32 +/var -/var/run -/var/lock +/etc +/sbin +/usr
+
 vdb_from_env_variables = \
     CATEGORY CHOST DEPENDENCIES SUMMARY EAPI \
     HOMEPAGE INHERITED MYOPTIONS PLATFORMS LICENCES PNVR \
diff --git a/paludis/repositories/e/permitted_directories.cc b/paludis/repositories/e/permitted_directories.cc
index bb2d76f8a..5a178439c 100644
--- a/paludis/repositories/e/permitted_directories.cc
+++ b/paludis/repositories/e/permitted_directories.cc
@@ -51,6 +51,10 @@ PermittedDirectories::add(const FSPath & p, bool b)
 bool
 PermittedDirectories::permit(const FSPath & p) const
 {
+    /* otherwise we can't just -/ for "explicit only" */
+    if (p == FSPath("/"))
+        return true;
+
     bool result(true);
 
     for (auto r(_imp->rules.begin()), r_end(_imp->rules.end()) ;
-- 
cgit v1.2.3