<pre style='margin:0'>
Rainer Müller (raimue) pushed a commit to branch release-2.4
in repository macports-base.
</pre>
<p><a href="https://github.com/macports/macports-base/commit/578f0b41323b74ec01c393323254d485ab550433">https://github.com/macports/macports-base/commit/578f0b41323b74ec01c393323254d485ab550433</a></p>
<pre style="white-space: pre; background: #F8F8F8"><span style='display:block; white-space:pre;color:#808000;'>commit 578f0b41323b74ec01c393323254d485ab550433
</span>Author: Rainer Müller <raimue@macports.org>
AuthorDate: Sun Oct 1 21:19:40 2017 +0200
<span style='display:block; white-space:pre;color:#404040;'> sandbox: Add file-write-setugid for macOS 10.13
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> On macOS 10.13 High Sierra, file-write* does not seem to include
</span><span style='display:block; white-space:pre;color:#404040;'> file-write-setugid, therefore adding it explicitly to allow build
</span><span style='display:block; white-space:pre;color:#404040;'> scripts to produce suid/sgid binaries.
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> Closes: https://trac.macports.org/ticket/54963
</span><span style='display:block; white-space:pre;color:#404040;'> (cherry picked from commit d72ad486b428570538ae0403675271242985c42f)
</span>---
src/port1.0/portsandbox.tcl | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/src/port1.0/portsandbox.tcl b/src/port1.0/portsandbox.tcl
</span><span style='display:block; white-space:pre;color:#808080;'>index 6d0c841..fcded1f 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/src/port1.0/portsandbox.tcl
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/src/port1.0/portsandbox.tcl
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -87,12 +87,19 @@ proc portsandbox::set_profile {target} {
</span> (regex #\"^/dev/fd/\")) (allow file-write* \
(regex #\"^(/private)?(/var)?/tmp/\" #\"^(/private)?/var/folders/\"))"
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ set perms [list file-write*]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {${os.major} >= 17} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ lappend perms file-write-setugid
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> foreach dir $allow_dirs {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- append portsandbox_profile " (allow file-write* ("
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- if {${os.major} > 9} {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- append portsandbox_profile "subpath \"${dir}\"))"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- } else {
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- append portsandbox_profile "regex #\"^${dir}/\"))"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach perm $perms {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ append portsandbox_profile " (allow $perm ("
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {${os.major} > 9} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ append portsandbox_profile "subpath \"${dir}\"))"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } else {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ append portsandbox_profile "regex #\"^${dir}/\"))"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span> }
}
}
</pre><pre style='margin:0'>
</pre>