[pacman-dev] [PATCH] check_pkg_full: check user/group names

Thu, 12 Jun 2014 06:53:35 -0700 

The effect on MTREE file size is negligible and this provides a more
reliable way to verify file ownership given that user/group ids are not
standardized.

Signed-off-by: Andrew Gregory <[email protected]>
---
 scripts/makepkg.sh.in |  2 +-
 src/pacman/check.c    | 24 ++++++++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index e20b707..c77b28b 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1999,7 +1999,7 @@ create_package() {
 
        msg2 "$(gettext "Generating .MTREE file...")"
        LANG=C bsdtar -czf .MTREE --format=mtree \
-               
--options='!all,use-set,type,uid,gid,mode,time,size,md5,sha256,link' \
+               
--options='!all,use-set,type,uid,uname,gid,gname,mode,time,size,md5,sha256,link'
 \
                "${comp_files[@]}" *
        comp_files+=(".MTREE")
 
diff --git a/src/pacman/check.c b/src/pacman/check.c
index a7c66ba..d4a11a5 100644
--- a/src/pacman/check.c
+++ b/src/pacman/check.c
@@ -20,6 +20,8 @@
 #include <limits.h>
 #include <string.h>
 #include <errno.h>
+#include <grp.h>
+#include <pwd.h>
 
 /* pacman */
 #include "check.h"
@@ -69,6 +71,10 @@ static int check_file_permissions(const char *pkgname, const 
char *filepath,
 {
        int errors = 0;
        mode_t fsmode;
+       struct passwd *pw = getpwuid(st->st_uid);
+       struct group *gr = getgrgid(st->st_gid);
+       const char *uname = archive_entry_uname(entry);
+       const char *gname = archive_entry_gname(entry);
 
        /* uid */
        if(st->st_uid != archive_entry_uid(entry)) {
@@ -79,6 +85,15 @@ static int check_file_permissions(const char *pkgname, const 
char *filepath,
                }
        }
 
+       /* owner name */
+       if(uname && (!pw || strcmp(pw->pw_name, uname) != 0)) {
+               errors++;
+               if(!config->quiet) {
+                       pm_printf(ALPM_LOG_WARNING, _("%s: %s (Owner 
mismatch)\n"),
+                                       pkgname, filepath);
+               }
+       }
+
        /* gid */
        if(st->st_gid != archive_entry_gid(entry)) {
                errors++;
@@ -88,6 +103,15 @@ static int check_file_permissions(const char *pkgname, 
const char *filepath,
                }
        }
 
+       /* group name */
+       if(gname && (!gr || strcmp(gr->gr_name, gname) != 0)) {
+               errors++;
+               if(!config->quiet) {
+                       pm_printf(ALPM_LOG_WARNING, _("%s: %s (Group 
mismatch)\n"),
+                                       pkgname, filepath);
+               }
+       }
+
        /* mode */
        fsmode = st->st_mode & (S_ISUID | S_ISGID | S_ISVTX | S_IRWXU | S_IRWXG 
| S_IRWXO);
        if(fsmode != (~AE_IFMT & archive_entry_mode(entry))) {
-- 
2.0.0

Reply via email to