mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-30 09:36:15 +02:00
* When not running as root, call the setuid helper to change the
ownership of the build result after the build.
This commit is contained in:
parent
6a07ff1ec0
commit
a0a43c3206
2 changed files with 13 additions and 7 deletions
|
@ -1398,7 +1398,7 @@ void DerivationGoal::startBuilder()
|
||||||
safe. Also note that setuid() when run as root sets
|
safe. Also note that setuid() when run as root sets
|
||||||
the real, effective and saved UIDs. */
|
the real, effective and saved UIDs. */
|
||||||
if (buildUser.enabled()) {
|
if (buildUser.enabled()) {
|
||||||
printMsg(lvlInfo, format("switching to uid `%1%'") % buildUser.getUID());
|
printMsg(lvlInfo, format("switching to user `%1%'") % buildUser.getUser());
|
||||||
|
|
||||||
if (amPrivileged()) {
|
if (amPrivileged()) {
|
||||||
|
|
||||||
|
@ -1544,6 +1544,12 @@ void DerivationGoal::computeClosure()
|
||||||
throw Error(format("suspicious ownership or permission on `%1%'; rejecting this build output") % path);
|
throw Error(format("suspicious ownership or permission on `%1%'; rejecting this build output") % path);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (buildUser.enabled() && !amPrivileged())
|
||||||
|
/* Call the setuid helper to change ownership from the
|
||||||
|
build user to our uid. If we *are* root, then
|
||||||
|
canonicalisePathMetaData() will take care of this. */
|
||||||
|
getOwnership(path);
|
||||||
|
|
||||||
/* Get rid of all weird permissions. */
|
/* Get rid of all weird permissions. */
|
||||||
canonicalisePathMetaData(path);
|
canonicalisePathMetaData(path);
|
||||||
|
|
||||||
|
|
|
@ -223,6 +223,12 @@ void canonicalisePathMetaData(const Path & path)
|
||||||
|
|
||||||
if (!S_ISLNK(st.st_mode)) {
|
if (!S_ISLNK(st.st_mode)) {
|
||||||
|
|
||||||
|
if (st.st_uid != geteuid()) {
|
||||||
|
if (chown(path.c_str(), geteuid(), -1) == -1)
|
||||||
|
throw SysError(format("changing owner of `%1%' to %2%")
|
||||||
|
% path % geteuid());
|
||||||
|
}
|
||||||
|
|
||||||
/* Mask out all type related bits. */
|
/* Mask out all type related bits. */
|
||||||
mode_t mode = st.st_mode & ~S_IFMT;
|
mode_t mode = st.st_mode & ~S_IFMT;
|
||||||
|
|
||||||
|
@ -234,12 +240,6 @@ void canonicalisePathMetaData(const Path & path)
|
||||||
throw SysError(format("changing mode of `%1%' to %2$o") % path % mode);
|
throw SysError(format("changing mode of `%1%' to %2$o") % path % mode);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (st.st_uid != geteuid() || st.st_gid != getegid()) {
|
|
||||||
if (chown(path.c_str(), geteuid(), getegid()) == -1)
|
|
||||||
throw SysError(format("changing owner/group of `%1%' to %2%/%3%")
|
|
||||||
% path % geteuid() % getegid());
|
|
||||||
}
|
|
||||||
|
|
||||||
if (st.st_mtime != 0) {
|
if (st.st_mtime != 0) {
|
||||||
struct utimbuf utimbuf;
|
struct utimbuf utimbuf;
|
||||||
utimbuf.actime = st.st_atime;
|
utimbuf.actime = st.st_atime;
|
||||||
|
|
Loading…
Reference in a new issue