[pacman-dev] [PATCH] check_pkg_full: check user/group names

Thu Jun 12 10:05:00 EDT 2014

On 12/06/14 23:57, Andrew Gregory wrote:
> The effect on MTREE file size is negligible and this provides a more
> reliable way to verify file ownership given that user/group ids are not
> standardized.

Being too lazy to check myself...

How does this work with packages like openlap which does this in the
PKGBUILD:

chown root:439
"${pkgdir}"/etc/openldap/{slapd.{conf,ldif},DB_CONFIG.example}

and then creates the group in the install file:

groupadd -g 439 ldap &>/dev/null

Allan

> Signed-off-by: Andrew Gregory <andrew.gregory.8 at gmail.com>
> ---
>  scripts/makepkg.sh.in |  2 +-
>  src/pacman/check.c    | 24 ++++++++++++++++++++++++
>  2 files changed, 25 insertions(+), 1 deletion(-)
> 
> diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
> index e20b707..c77b28b 100644
> --- a/scripts/makepkg.sh.in
> +++ b/scripts/makepkg.sh.in
> @@ -1999,7 +1999,7 @@ create_package() {
>  
>  	msg2 "$(gettext "Generating .MTREE file...")"
>  	LANG=C bsdtar -czf .MTREE --format=mtree \
> -		--options='!all,use-set,type,uid,gid,mode,time,size,md5,sha256,link' \
> +		--options='!all,use-set,type,uid,uname,gid,gname,mode,time,size,md5,sha256,link' \
>  		"${comp_files[@]}" *
>  	comp_files+=(".MTREE")
>  
> diff --git a/src/pacman/check.c b/src/pacman/check.c
> index a7c66ba..d4a11a5 100644
> --- a/src/pacman/check.c
> +++ b/src/pacman/check.c
> @@ -20,6 +20,8 @@
>  #include <limits.h>
>  #include <string.h>
>  #include <errno.h>
> +#include <grp.h>
> +#include <pwd.h>
>  
>  /* pacman */
>  #include "check.h"
> @@ -69,6 +71,10 @@ static int check_file_permissions(const char *pkgname, const char *filepath,
>  {
>  	int errors = 0;
>  	mode_t fsmode;
> +	struct passwd *pw = getpwuid(st->st_uid);
> +	struct group *gr = getgrgid(st->st_gid);
> +	const char *uname = archive_entry_uname(entry);
> +	const char *gname = archive_entry_gname(entry);
>  
>  	/* uid */
>  	if(st->st_uid != archive_entry_uid(entry)) {
> @@ -79,6 +85,15 @@ static int check_file_permissions(const char *pkgname, const char *filepath,
>  		}
>  	}
>  
> +	/* owner name */
> +	if(uname && (!pw || strcmp(pw->pw_name, uname) != 0)) {
> +		errors++;
> +		if(!config->quiet) {
> +			pm_printf(ALPM_LOG_WARNING, _("%s: %s (Owner mismatch)\n"),
> +					pkgname, filepath);
> +		}
> +	}
> +
>  	/* gid */
>  	if(st->st_gid != archive_entry_gid(entry)) {
>  		errors++;
> @@ -88,6 +103,15 @@ static int check_file_permissions(const char *pkgname, const char *filepath,
>  		}
>  	}
>  
> +	/* group name */
> +	if(gname && (!gr || strcmp(gr->gr_name, gname) != 0)) {
> +		errors++;
> +		if(!config->quiet) {
> +			pm_printf(ALPM_LOG_WARNING, _("%s: %s (Group mismatch)\n"),
> +					pkgname, filepath);
> +		}
> +	}
> +
>  	/* mode */
>  	fsmode = st->st_mode & (S_ISUID | S_ISGID | S_ISVTX | S_IRWXU | S_IRWXG | S_IRWXO);
>  	if(fsmode != (~AE_IFMT & archive_entry_mode(entry))) {
> 