commit: 22810df27703dd8d270c4072cc14e4f6e4241c39 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> AuthorDate: Thu Apr 2 19:33:58 2020 +0000 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> CommitDate: Thu Apr 2 19:40:27 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22810df2
net-misc/dhcpcd: Added privsep support to live ebuild Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> net-misc/dhcpcd/dhcpcd-9999.ebuild | 32 ++++++++++++++++++++++++++++++-- net-misc/dhcpcd/metadata.xml | 3 +++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/net-misc/dhcpcd/dhcpcd-9999.ebuild b/net-misc/dhcpcd/dhcpcd-9999.ebuild index 573ee2cc786..9656eabee92 100644 --- a/net-misc/dhcpcd/dhcpcd-9999.ebuild +++ b/net-misc/dhcpcd/dhcpcd-9999.ebuild @@ -21,11 +21,17 @@ DESCRIPTION="A fully featured, yet light weight RFC2131 compliant DHCP client" HOMEPAGE="https://roy.marples.name/projects/dhcpcd"; LICENSE="BSD-2" SLOT="0" -IUSE="debug elibc_glibc +embedded ipv6 kernel_linux +udev" +IUSE="debug elibc_glibc +embedded ipv6 kernel_linux +privsep +udev" COMMON_DEPEND="udev? ( virtual/udev )" DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" +RDEPEND=" + ${COMMON_DEPEND} + privsep? ( + acct-group/dhcpcd + acct-user/dhcpcd + ) +" src_configure() { local myeconfargs=( @@ -37,8 +43,10 @@ src_configure() { $(use_enable debug) $(use_enable embedded) $(use_enable ipv6) + $(use_enable privsep) $(usex elibc_glibc '--with-hook=yp.conf' '') $(usex kernel_linux '--rundir=${EPREFIX}/run' '') + $(usex privsep '--privsepuser=dhcpcd' '') $(usex udev '' '--without-dev --without-udev') CC="$(tc-getCC)" ) @@ -105,6 +113,26 @@ pkg_postinst() { cp "${lease}" "${dbdir}/${new_lease}" done + # dhcpcd-9 introduced privesep support in a chroot + if use privsep ; then + local dhcpcd_libdir="/var/lib/dhcpcd" + local chroot_base="${EROOT}/var/chroot/dhcpcd" + local chroot_dir="${chroot_base}${dhcpcd_libdir}" + local chroot_retval=0 + # Set up proper chroot. + if [[ ! -e "${chroot_dir}" ]] ; then + mkdir -p "${chroot_dir}" || chroot_retval=1 + cp -a "${EROOT}${dhcpcd_libdir}" "${chroot_dir}" || chroot_retval=1 + chown -R dhcpcd:dhcpcd "${chroot_dir}" || chroot_retval=1 + elif [[ ! -d "${chroot_dir}" ]] ; then + ewarn "${chroot_dir} is not a directory!" + ewarn "Did not set up ${PN} chroot!" + fi + if [[ "${chroot_retval}" -ne 0 ]] ; then + ewarn "There were issues setting up ${PN} chroot." + fi + fi + # Warn about removing stale files if [[ -n "${old_files[@]}" ]] ; then elog diff --git a/net-misc/dhcpcd/metadata.xml b/net-misc/dhcpcd/metadata.xml index 783090038ed..48f8ca1c55a 100644 --- a/net-misc/dhcpcd/metadata.xml +++ b/net-misc/dhcpcd/metadata.xml @@ -16,5 +16,8 @@ <flag name="embedded"> Embed the definitions of dhcp options in the dhcpcd executable </flag> + <flag name="privsep"> + Enable support for privilege separation through chroot + </flag> </use> </pkgmetadata>
