<pre style='margin:0'>
Joshua Root (jmroot) pushed a commit to branch master
in repository macports-base.
</pre>
<p><a href="https://github.com/macports/macports-base/commit/ebdb6aedea4d6a599a85d885e4526dd1e4f10aab">https://github.com/macports/macports-base/commit/ebdb6aedea4d6a599a85d885e4526dd1e4f10aab</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new ebdb6aede diagnose: add permissions check
</span>ebdb6aede is described below
<span style='display:block; white-space:pre;color:#808000;'>commit ebdb6aedea4d6a599a85d885e4526dd1e4f10aab
</span>Author: Joshua Root <jmr@macports.org>
AuthorDate: Sat Oct 14 17:59:20 2023 +1100
<span style='display:block; white-space:pre;color:#404040;'> diagnose: add permissions check
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> Closes: https://trac.macports.org/ticket/57075
</span>---
src/macports1.0/diagnose.tcl | 80 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 79 insertions(+), 1 deletion(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/src/macports1.0/diagnose.tcl b/src/macports1.0/diagnose.tcl
</span><span style='display:block; white-space:pre;color:#808080;'>index f78d413ff..3c2ac6b0b 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/src/macports1.0/diagnose.tcl
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/src/macports1.0/diagnose.tcl
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -118,11 +118,12 @@ namespace eval diagnose {
</span>
# Start the checks
check_path $config_options(macports_location) $config_options(profile_path) $config_options(shell_location)
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ check_macports_location
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ check_permissions
</span> check_xcode config_options
check_for_app curl
check_for_app rsync
check_for_app openssl
<span style='display:block; white-space:pre;background:#ffe0e0;'>- check_macports_location
</span> check_free_space
check_for_x11
check_for_files_in_usr_local
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -766,4 +767,81 @@ namespace eval diagnose {
</span> }
}
}
<span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proc check_permissions {} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # check that everyone has rx permissions on macports directories,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # and that they are not world writable
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set no_r_dirs [list]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set no_x_dirs [list]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set ww_dirs [list]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach subdir [list build distfiles incoming logs registry software] {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ lappend check_paths [file join $macports::portdbpath $subdir]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ while {[llength $check_paths] > 0} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set path [lindex $check_paths end]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set check_paths [lreplace ${check_paths}[set check_paths {}] end end]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set perms [file attributes $path -permissions]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {$perms & 0002 && $path ni $ww_dirs} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ lappend ww_dirs $path
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {!($perms & 0001) && $path ni $no_x_dirs} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ lappend no_x_dirs $path
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {!($perms & 0004) && $path ni $no_r_dirs} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ lappend no_r_dirs $path
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set parent [file dirname $path]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {$parent ni $check_paths && $path ne $macports::prefix && $parent ne "/"} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ lappend check_paths $parent
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # don't complain about writable parent dirs of prefix or sources
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set check_paths [list [file dirname $macports::prefix]]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach source $macports::sources {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set sourcedir [macports::getportdir [lindex $source 0]]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {$sourcedir ni $check_paths} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ lappend check_paths $sourcedir
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ while {[llength $check_paths] > 0} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set path [lindex $check_paths end]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set check_paths [lreplace ${check_paths}[set check_paths {}] end end]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set perms [file attributes $path -permissions]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {!($perms & 0001) && $path ni $no_x_dirs} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ lappend no_x_dirs $path
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {!($perms & 0004) && $path ni $no_r_dirs} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ lappend no_r_dirs $path
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set parent [file dirname $path]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {$parent ni $check_paths && $parent ne "/"} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ lappend check_paths $parent
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set problem 0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[llength $no_r_dirs] > 0} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set problem 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_warn "The following directories are not readable by all users:"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach p $no_r_dirs {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_msg " $p"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[llength $no_x_dirs] > 0} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set problem 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_warn "The following directories are not searchable by all users:"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach p $no_x_dirs {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_msg " $p"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[llength $ww_dirs] > 0} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set problem 1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_warn "The following directories are writable by all users:"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach p $ww_dirs {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_msg " $p"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {$problem} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_warn "Recommended directory permissions are 0755; use 'chmod 0755 <path>' to correct."
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span> }
</pre><pre style='margin:0'>
</pre>