[51924] trunk/base/src/port1.0
jmr at macports.org
jmr at macports.org
Sat Jun 6 08:24:16 PDT 2009
Revision: 51924
http://trac.macports.org/changeset/51924
Author: jmr at macports.org
Date: 2009-06-06 08:24:16 -0700 (Sat, 06 Jun 2009)
Log Message:
-----------
yet more privilege dropping fixes, seems to actually work well with a non-root macportsuser now
Modified Paths:
--------------
trunk/base/src/port1.0/portbuild.tcl
trunk/base/src/port1.0/portconfigure.tcl
trunk/base/src/port1.0/portdestroot.tcl
trunk/base/src/port1.0/portfetch.tcl
trunk/base/src/port1.0/portinstall.tcl
trunk/base/src/port1.0/portpatch.tcl
trunk/base/src/port1.0/portutil.tcl
Modified: trunk/base/src/port1.0/portbuild.tcl
===================================================================
--- trunk/base/src/port1.0/portbuild.tcl 2009-06-06 14:54:02 UTC (rev 51923)
+++ trunk/base/src/port1.0/portbuild.tcl 2009-06-06 15:24:16 UTC (rev 51924)
@@ -144,17 +144,9 @@
}
proc portbuild::build_start {args} {
- global UI_PREFIX build.asroot
+ global UI_PREFIX
ui_msg "$UI_PREFIX [format [msgcat::mc "Building %s"] [option name]]"
-
- # start gsoc08-privileges
- if { [tbool build.asroot] } {
- # if port is marked as needing root
- elevateToRoot "build"
- }
- # end gsoc08-privileges
-
}
proc portbuild::build_main {args} {
Modified: trunk/base/src/port1.0/portconfigure.tcl
===================================================================
--- trunk/base/src/port1.0/portconfigure.tcl 2009-06-06 14:54:02 UTC (rev 51923)
+++ trunk/base/src/port1.0/portconfigure.tcl 2009-06-06 15:24:16 UTC (rev 51924)
@@ -182,13 +182,6 @@
default { return -code error "Invalid value for configure.compiler" }
}
ui_debug "Using compiler '$name'"
-
- # start gsoc08-privileges
- if { [tbool configure.asroot] } {
- # if port is marked as needing root
- elevateToRoot "configure"
- }
- # end gsoc08-privileges
}
# internal function to determine the "-arch xy" flags for the compiler
Modified: trunk/base/src/port1.0/portdestroot.tcl
===================================================================
--- trunk/base/src/port1.0/portdestroot.tcl 2009-06-06 14:54:02 UTC (rev 51923)
+++ trunk/base/src/port1.0/portdestroot.tcl 2009-06-06 15:24:16 UTC (rev 51924)
@@ -325,9 +325,5 @@
# Restore umask
umask $oldmask
- # start gsoc08-privileges
- chownAsRoot $destroot
- # end gsoc08-privileges
-
return 0
}
Modified: trunk/base/src/port1.0/portfetch.tcl
===================================================================
--- trunk/base/src/port1.0/portfetch.tcl 2009-06-06 14:54:02 UTC (rev 51923)
+++ trunk/base/src/port1.0/portfetch.tcl 2009-06-06 15:24:16 UTC (rev 51924)
@@ -631,9 +631,17 @@
if {![file isdirectory $distpath]} {
if {[catch {file mkdir $distpath} result]} {
- return -code error [format [msgcat::mc "Unable to create distribution files path: %s"] $result]
+ elevateToRoot "fetch"
+ set elevated yes
+ if {[catch {file mkdir $distpath} result]} {
+ return -code error [format [msgcat::mc "Unable to create distribution files path: %s"] $result]
+ }
}
}
+ chownAsRoot $distpath
+ if {[info exists elevated] && $elevated == yes} {
+ dropPrivileges
+ }
set fetch_options {}
if {[string length ${fetch.user}] || [string length ${fetch.password}]} {
Modified: trunk/base/src/port1.0/portinstall.tcl
===================================================================
--- trunk/base/src/port1.0/portinstall.tcl 2009-06-06 14:54:02 UTC (rev 51923)
+++ trunk/base/src/port1.0/portinstall.tcl 2009-06-06 15:24:16 UTC (rev 51924)
@@ -56,14 +56,11 @@
proc portinstall::install_start {args} {
global UI_PREFIX name version revision variations portvariants
- global install.asroot prefix
+ global prefix
ui_msg "$UI_PREFIX [format [msgcat::mc "Installing %s @%s_%s%s"] $name $version $revision $portvariants]"
# start gsoc08-privileges
- if { [tbool install.asroot] } {
- # if port is marked as needing root
- elevateToRoot "install"
- } elseif { ![file writable $prefix] } {
+ if { ![file writable $prefix] } {
# if install location is not writable, need root privileges to install
elevateToRoot "install"
}
Modified: trunk/base/src/port1.0/portpatch.tcl
===================================================================
--- trunk/base/src/port1.0/portpatch.tcl 2009-06-06 14:54:02 UTC (rev 51923)
+++ trunk/base/src/port1.0/portpatch.tcl 2009-06-06 15:24:16 UTC (rev 51924)
@@ -62,13 +62,6 @@
ui_msg "$UI_PREFIX [format [msgcat::mc "Applying patches to %s"] [option name]]"
- # start gsoc08-privileges
- if { [tbool patch.asroot] } {
- # if port is marked as needing root
- elevateToRoot "patch"
- }
- # end gsoc08-privileges
-
foreach patch [option patchfiles] {
set patch_file [getdistname $patch]
if {[file exists [option filespath]/$patch_file]} {
Modified: trunk/base/src/port1.0/portutil.tcl
===================================================================
--- trunk/base/src/port1.0/portutil.tcl 2009-06-06 14:54:02 UTC (rev 51923)
+++ trunk/base/src/port1.0/portutil.tcl 2009-06-06 15:24:16 UTC (rev 51924)
@@ -1219,6 +1219,9 @@
if {$procedure != ""} {
set targetname [ditem_key $ditem name]
+ if { [tbool ${targetname}.asroot] } {
+ elevateToRoot $targetname
+ }
if {[ditem_contains $ditem init]} {
set result [catch {[ditem_key $ditem init] $targetname} errstr]
@@ -1496,10 +1499,6 @@
ui_debug "mkdir $workpath: $errorInfo"
}
}
- chownAsRoot $workpath
-
- # de-escalate privileges - only run if MacPorts was started with sudo
- dropPrivileges
# if unable to write to workpath, implies running without either root privileges
# or a shared directory owned by the group so use ~/.macports
@@ -1567,6 +1566,7 @@
if {![file isdirectory $workpath]} {
file mkdir $workpath
}
+
# flock Portfile
set statefile [file join $workpath .macports.${name}.state]
if {[file exists $statefile]} {
@@ -1580,20 +1580,23 @@
file mkdir [file join $workpath]
}
}
+ chownAsRoot $workpath
# Create a symlink to the workpath for port authors
if {[tbool place_worksymlink] && ![file isdirectory $worksymlink]} {
ui_debug "Attempting ln -sf $workpath $worksymlink"
ln -sf $workpath $worksymlink
}
+ # de-escalate privileges - only run if MacPorts was started with sudo
+ dropPrivileges
set fd [open $statefile a+]
if {[catch {flock $fd -exclusive -noblock} result]} {
if {"$result" == "EAGAIN"} {
ui_msg "Waiting for lock on $statefile"
- } elseif {"$result" == "EOPNOTSUPP"} {
- # Locking not supported, just return
- return $fd
+ } elseif {"$result" == "EOPNOTSUPP"} {
+ # Locking not supported, just return
+ return $fd
} else {
return -code error "$result obtaining lock on $statefile"
}
@@ -2424,10 +2427,6 @@
seteuid [name_to_uid "$macportsuser"]
ui_debug "egid changed to: [getegid]"
ui_debug "euid changed to: [geteuid]"
-
- if {![file writable $workpath]} {
- ui_debug "Privileges successfully de-escalated. Unable to write to default workpath."
- }
}]
} {
ui_debug "$::errorInfo"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-changes/attachments/20090606/6c2ba7fc/attachment.html>
More information about the macports-changes
mailing list