[pacman-dev] [PATCH] check_pkg_full: check user/group names

Thu Jun 12 09:57:23 EDT 2014

The effect on MTREE file size is negligible and this provides a more
reliable way to verify file ownership given that user/group ids are not
standardized.

Signed-off-by: Andrew Gregory <andrew.gregory.8 at gmail.com>
---
 scripts/makepkg.sh.in |  2 +-
 src/pacman/check.c    | 24 ++++++++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index e20b707..c77b28b 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1999,7 +1999,7 @@ create_package() {
 
 	msg2 "$(gettext "Generating .MTREE file...")"
 	LANG=C bsdtar -czf .MTREE --format=mtree \
-		--options='!all,use-set,type,uid,gid,mode,time,size,md5,sha256,link' \
+		--options='!all,use-set,type,uid,uname,gid,gname,mode,time,size,md5,sha256,link' \
 		"${comp_files[@]}" *
 	comp_files+=(".MTREE")
 
diff --git a/src/pacman/check.c b/src/pacman/check.c
index a7c66ba..d4a11a5 100644
--- a/src/pacman/check.c
+++ b/src/pacman/check.c
@@ -20,6 +20,8 @@
 #include <limits.h>
 #include <string.h>
 #include <errno.h>
+#include <grp.h>
+#include <pwd.h>
 
 /* pacman */
 #include "check.h"
@@ -69,6 +71,10 @@ static int check_file_permissions(const char *pkgname, const char *filepath,
 {
 	int errors = 0;
 	mode_t fsmode;
+	struct passwd *pw = getpwuid(st->st_uid);
+	struct group *gr = getgrgid(st->st_gid);
+	const char *uname = archive_entry_uname(entry);
+	const char *gname = archive_entry_gname(entry);
 
 	/* uid */
 	if(st->st_uid != archive_entry_uid(entry)) {
@@ -79,6 +85,15 @@ static int check_file_permissions(const char *pkgname, const char *filepath,
 		}
 	}
 
+	/* owner name */
+	if(uname && (!pw || strcmp(pw->pw_name, uname) != 0)) {
+		errors++;
+		if(!config->quiet) {
+			pm_printf(ALPM_LOG_WARNING, _("%s: %s (Owner mismatch)\n"),
+					pkgname, filepath);
+		}
+	}
+
 	/* gid */
 	if(st->st_gid != archive_entry_gid(entry)) {
 		errors++;
@@ -88,6 +103,15 @@ static int check_file_permissions(const char *pkgname, const char *filepath,
 		}
 	}
 
+	/* group name */
+	if(gname && (!gr || strcmp(gr->gr_name, gname) != 0)) {
+		errors++;
+		if(!config->quiet) {
+			pm_printf(ALPM_LOG_WARNING, _("%s: %s (Group mismatch)\n"),
+					pkgname, filepath);
+		}
+	}
+
 	/* mode */
 	fsmode = st->st_mode & (S_ISUID | S_ISGID | S_ISVTX | S_IRWXU | S_IRWXG | S_IRWXO);
 	if(fsmode != (~AE_IFMT & archive_entry_mode(entry))) {
-- 
2.0.0

