Changeset 37794


Ignore:
Timestamp:
Jun 23, 2008, 6:58:48 PM (12 years ago)
Author:
pmagrath@…
Message:

Most actions are now performed using user privileges, up to and including the destroot stage. For install, the original root privileges are recovered and the install takes place as per usual.

Location:
branches/gsoc08-privileges/base/src/port1.0
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • branches/gsoc08-privileges/base/src/port1.0/portclean.tcl

    r26395 r37794  
    4747
    4848proc clean_start {args} {
    49     global UI_PREFIX
     49    global UI_PREFIX macportsuser euid egid
    5050   
    5151    ui_msg "$UI_PREFIX [format [msgcat::mc "Cleaning %s"] [option portname]]"
     52   
     53        # start gsoc08-privileges
     54        if { [getuid] == 0 && [geteuid] == [name_to_uid "$macportsuser"] } {
     55        # if started with sudo but have dropped the privileges
     56                ui_debug "Can't guarantee a good clean without elevated privileges."
     57                # TODO: modify so that privilege descalation is conditional on needing
     58                # to clean a directory in the /opt hierarchy.
     59                ui_debug "Going to escalate privileges back to root."
     60                seteuid $euid   
     61                setegid $egid
     62                ui_debug "euid changed to: [geteuid]"
     63                ui_debug "egid changed to: [getegid]"
     64        }
     65        # end gsoc08-privileges
    5266}
    5367
  • branches/gsoc08-privileges/base/src/port1.0/portdestroot.tcl

    r36914 r37794  
    8888proc destroot_start {args} {
    8989    global UI_PREFIX prefix portname destroot portresourcepath os.platform destroot.clean
    90     global destroot::oldmask destroot.umask
     90    global destroot::oldmask destroot.umask macportsuser euid egid
    9191   
    9292    ui_msg "$UI_PREFIX [format [msgcat::mc "Staging %s into destroot"] ${portname}]"
     93
     94        # start gsoc08-privileges
     95        if { [getuid] == 0 && [geteuid] == [name_to_uid "$macportsuser"] } {
     96        # if started with sudo but have dropped the privileges
     97                ui_debug "Can't run destroot under sudo without elevated privileges (due to mtree)."
     98                ui_debug "Run destroot without sudo to avoid root privileges."
     99                ui_debug "Going to escalate privileges back to root."
     100                seteuid $euid   
     101                seteuid $egid   
     102                ui_debug "euid changed to: [geteuid]"
     103                ui_debug "egid changed to: [getegid]"
     104        }
     105        # end gsoc08-privileges
    93106
    94107    set oldmask [umask ${destroot.umask}]
     
    100113   
    101114    file mkdir "${destroot}"
     115
    102116    if { ${os.platform} == "darwin" } {
    103117        system "cd \"${destroot}\" && ${mtree} -e -U -f ${portresourcepath}/install/macosx.mtree"
    104118    }
    105119    file mkdir "${destroot}/${prefix}"
     120
    106121    system "cd \"${destroot}/${prefix}\" && ${mtree} -e -U -f ${portresourcepath}/install/prefix.mtree"
    107122}
     
    109124proc destroot_main {args} {
    110125    command_exec destroot
     126    ui_debug "destroot_main finished."
    111127    return 0
    112128}
  • branches/gsoc08-privileges/base/src/port1.0/portextract.tcl

    r36708 r37794  
    9393
    9494proc extract_main {args} {
    95     global UI_PREFIX
     95    global UI_PREFIX euid egid worksrcpath macportsuser
    9696   
    9797    if {![exists distfiles] && ![exists extract.only]} {
     
    9999        return 0
    100100    }
    101    
     101
    102102    foreach distfile [option extract.only] {
    103103        ui_info "$UI_PREFIX [format [msgcat::mc "Extracting %s"] $distfile]"
     
    106106            return -code error "$result"
    107107        }
     108       
     109        # start gsoc08-privileges
     110        if { [getuid] == 0 && [geteuid] == [name_to_uid "$macportsuser"] } {
     111        # if started with sudo but have dropped the privileges
     112                seteuid $euid   
     113                ui_debug "euid changed to: [geteuid]"
     114                file attributes "${worksrcpath}" -owner [name_to_uid "$macportsuser"]
     115                ui_debug "chowned $worksrcpath to $macportsuser"
     116                seteuid [name_to_uid "$macportsuser"]
     117                ui_debug "euid changed to: [geteuid]"
     118        }
     119        # end gsoc08-privileges
     120       
    108121    }
    109122    return 0
  • branches/gsoc08-privileges/base/src/port1.0/portfetch.tcl

    r37344 r37794  
    569569                                set file_url [portfetch::assemble_url $site $distfile]
    570570                                set effectiveURL ""
     571                               
    571572                                if {![catch {eval curl fetch --effective-url effectiveURL $fetch_options {$file_url} ${distpath}/${distfile}.TMP} result] &&
    572573                                        ![catch {system "mv ${distpath}/${distfile}.TMP ${distpath}/${distfile}"}]} {
     
    626627# Initialize fetch target and call checkfiles.
    627628proc fetch_init {args} {
    628     global distfiles distname distpath all_dist_files dist_subdir fetch.type fetch_init_done
     629    global usealtworkpath distfiles distname distpath all_dist_files dist_subdir fetch.type fetch_init_done
    629630   
    630631    if {[info exists distpath] && [info exists dist_subdir] && ![info exists fetch_init_done]} {
     632
    631633                # start gsoc08-privileges
    632         if {![file writable $distpath]} {
     634        if { $usealtworkpath} {
     635        # I have removed ![file writable $distpath] from the if condition as
     636        # the writable condition seems to get confused by effective uids.
    633637                        set distpath "/Users/[exec whoami]/.macports/[ string range $distpath 1 end ]"
    634                         ui_warn "Going to use $distpath for fetch."
     638                        ui_debug "Going to use $distpath for fetch."
    635639        }
    636640        # end gsoc08-privileges
  • branches/gsoc08-privileges/base/src/port1.0/portinstall.tcl

    r36379 r37794  
    4848
    4949proc install_start {args} {
    50         global UI_PREFIX portname portversion portrevision variations portvariants
     50        global UI_PREFIX portname portversion portrevision variations portvariants macportsuser euid egid
    5151        ui_msg "$UI_PREFIX [format [msgcat::mc "Installing %s @%s_%s%s"] $portname $portversion $portrevision $portvariants]"
     52       
     53        # start gsoc08-privileges
     54        if { [getuid] == 0 && [geteuid] == [name_to_uid "$macportsuser"] } {
     55        # if started with sudo but have dropped the privileges
     56                ui_debug "Can't run install without elevated privileges."
     57                ui_debug "Going to escalate privileges back to root."
     58                seteuid $euid   
     59                setegid $egid
     60                ui_debug "euid changed to: [geteuid]"
     61                ui_debug "egid changed to: [getegid]"
     62        }
     63        # end gsoc08-privileges
     64       
    5265}
    5366
  • branches/gsoc08-privileges/base/src/port1.0/portutil.tcl

    r37620 r37794  
    13791379# open file to store name of completed targets
    13801380proc open_statefile {args} {
    1381     global workpath worksymlink place_worksymlink portname portpath ports_ignore_older
    1382    
    1383     # start gsoc08-privileges
    1384     if {![file writable $workpath] && [string first "~/.macports" $workpath] == -1} {
    1385    
    1386         set userhome "/Users/[exec whoami]"
     1381    global macportsuser euid egid usealtworkpath workpath worksymlink place_worksymlink portname portpath ports_ignore_older
     1382   
     1383        # start gsoc08-privileges
     1384       
     1385        # TODO: move the macportsuser setting to macports.conf
     1386        set macportsuser "paul"
     1387
     1388        # descalate privileges - only ran if macports stated with sudo
     1389        if { [geteuid] == 0 } {
     1390                if { [catch {
     1391                                set euid [geteuid]
     1392                                set egid [getegid]
     1393                                ui_debug "changing euid/egid - current euid: $euid - current egid: $egid"
     1394       
     1395                                #seteuid [name_to_uid [file attributes $workpath -owner]]
     1396                                #setegid [name_to_gid [file attributes $workpath -group]]
     1397       
     1398                                setegid [name_to_gid "$macportsuser"]
     1399                                seteuid [name_to_uid "$macportsuser"]
     1400                                ui_debug "egid changed to: [getegid]"
     1401                                ui_debug "euid changed to: [geteuid]"
     1402                               
     1403                                if {![file writable $workpath]} {
     1404                                        ui_debug "Privileges successfully descalated. Unable to write to workpath."
     1405                                }
     1406                        }]
     1407                } {
     1408                        ui_debug "$::errorInfo"
     1409                        ui_error "Failed to descalate privileges."
     1410                }
     1411        } else {
     1412                ui_debug "Privilege desclation not attempted as not running as root."
     1413        }
     1414   
     1415    # if unable to write to workpath, implies running without root privileges so use ~/.macports
     1416    if { ![file writable $workpath] } {
    13871417       
    1388         set newworkpath "$userhome/.macports/[ string range $workpath 1 end ]"
    1389                 set newworksymlink "$userhome/.macports/[ string range $worksymlink 1 end ]"
    1390        
    1391         set sourcepath [string map {"work" ""} $worksymlink]
    1392         set newsourcepath "$userhome/.macports/[ string range $sourcepath 1 end ]"
    1393        
    1394         if {![file exists ${sourcepath}Portfile] } {
    1395                         file mkdir $newsourcepath
    1396                         ui_debug "$newsourcepath created"
    1397                 ui_debug "Going to copy: ${sourcepath}Portfile"
    1398                 file copy ${sourcepath}Portfile $newsourcepath
    1399         }
    1400        
    1401         set workpath $newworkpath
    1402         set worksymlink $newworksymlink
    1403        
    1404         ui_warn "Going to use $newworkpath for statefile."
    1405     } else {
    1406         set notroot no
     1418        if { [getuid] !=0 } {
     1419                ui_msg "Insufficient privileges to perform action for all users."
     1420                ui_msg "Action will be performed for current user only."
     1421                ui_msg "Install actions should be executed using sudo."
     1422   
     1423                #set usealtworkpath [gets stdin]
     1424                set usealtworkpath yes
     1425        } else {
     1426                set usealtworkpath yes
     1427        }
     1428       
     1429                if {$usealtworkpath} {
     1430   
     1431                # do tilde expansion manually - tcl won't expand tildes automatically for curl, etc.
     1432                        set userhome "/Users/[exec whoami]"
     1433                       
     1434                        # get alternative paths
     1435                        set newworkpath "$userhome/.macports/[ string range $workpath 1 end ]"
     1436                        set newworksymlink "$userhome/.macports/[ string range $worksymlink 1 end ]"
     1437                       
     1438                        set sourcepath [string map {"work" ""} $worksymlink]
     1439                        set newsourcepath "$userhome/.macports/[ string range $sourcepath 1 end ]"
     1440       
     1441                        # copy Portfile if not there already
     1442                        # note to self: should this be done always in case existing Portfile is out of date?
     1443                        if {![file exists ${newsourcepath}Portfile] } {
     1444                                file mkdir $newsourcepath
     1445                                ui_debug "$newsourcepath created"
     1446                                ui_debug "Going to copy: ${sourcepath}Portfile"
     1447                                file copy ${sourcepath}Portfile $newsourcepath
     1448                        }
     1449                       
     1450                        set workpath $newworkpath
     1451                        set worksymlink $newworksymlink
     1452                       
     1453                        ui_debug "Going to use $newworkpath for statefile."
     1454                } else {
     1455                        return -code error "Insufficient privileges."
     1456                }
    14071457    }
    14081458    # end gsoc08-privileges
     
    14291479    # Create a symlink to the workpath for port authors
    14301480    if {[tbool place_worksymlink] && ![file isdirectory $worksymlink]} {
    1431         #pmagrath TODO: fix this quick hack.
    1432                 #exec ln -sf $workpath $worksymlink
     1481                exec ln -sf $workpath $worksymlink
    14331482    }
    14341483   
Note: See TracChangeset for help on using the changeset viewer.