meson: cherry picked commit to not drop privileges
This commit is contained in:
parent
536ec4df1c
commit
51ffb5180d
@ -1,5 +1,6 @@
|
||||
untrusted comment: verify with /etc/ports/core.pub
|
||||
RWRJc1FUaeVequz/hMZIHNXaRGHtqx2kJUMz7NORNWgscp7POaJXgoUADMVM6EH2jihQIHMbEe/CMxwa6LrqSzZjEnMGOfnF4QY=
|
||||
SHA256 (Pkgfile) = 72248a1cbc83419d0d594f929af8c0b96a20059dd9bbd0a99bf44969871399e4
|
||||
RWRJc1FUaeVeqvmYbE2CqwGUSEADno/HEglN87D84HhRG51YSrVgf9LYMpQZOQ193sLy59gEEeeiO8DdS9dps1pbhtD8rxdyIws=
|
||||
SHA256 (Pkgfile) = fd027de480edfed08052af5891ea903a73532d525d19340b48ae4448b0576fee
|
||||
SHA256 (.footprint) = a4885781bf4feba5b0d00c7d7a6162e37307d77a40091ee53a3c2ed58bad090a
|
||||
SHA256 (meson-1.1.0.tar.gz) = d9616c44cd6c53689ff8f05fc6958a693f2e17c3472a8daf83cee55dabff829f
|
||||
SHA256 (11667.patch) = fc97514ba63212919c455a5a97d61b395ff69610c9d198af48a02c3fa8cd359b
|
||||
|
82
meson/11667.patch
Normal file
82
meson/11667.patch
Normal file
@ -0,0 +1,82 @@
|
||||
From 9a77c45e4192df1b89a3631aa3ce379922c4bf5c Mon Sep 17 00:00:00 2001
|
||||
From: Eli Schwartz <eschwartz@archlinux.org>
|
||||
Date: Tue, 11 Apr 2023 13:11:00 -0400
|
||||
Subject: [PATCH 1/2] minstall: do not drop privileges if msetup also ran under
|
||||
sudo
|
||||
|
||||
A user might run `sudo somewrapper` to build and install something with
|
||||
meson, and it is not actually possible to drop privileges and build,
|
||||
since the build directory is also owned by root.
|
||||
|
||||
A common case of this is `sudo pip install` for projects using
|
||||
meson-python or other python build-backends that wrap around meson.
|
||||
|
||||
Fixes #11665
|
||||
---
|
||||
mesonbuild/minstall.py | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/mesonbuild/minstall.py b/mesonbuild/minstall.py
|
||||
index c4de5c2c25b..04726b08af7 100644
|
||||
--- a/mesonbuild/minstall.py
|
||||
+++ b/mesonbuild/minstall.py
|
||||
@@ -788,6 +788,10 @@ def drop_privileges() -> T.Tuple[T.Optional[EnvironOrDict], T.Optional[T.Callabl
|
||||
else:
|
||||
return None, None
|
||||
|
||||
+ if os.stat(os.path.join(wd, 'build.ninja')).st_uid != int(orig_uid):
|
||||
+ # the entire build process is running with sudo, we can't drop privileges
|
||||
+ return None, None
|
||||
+
|
||||
env['USER'] = orig_user
|
||||
env['HOME'] = homedir
|
||||
|
||||
|
||||
From 3bc2236c59249f44f20f8b52ddcd7a44938ea2f0 Mon Sep 17 00:00:00 2001
|
||||
From: Eli Schwartz <eschwartz@archlinux.org>
|
||||
Date: Tue, 11 Apr 2023 12:42:36 -0400
|
||||
Subject: [PATCH 2/2] minstall: work around broken environments with missing
|
||||
UIDs
|
||||
|
||||
Running some container-like mechanisms such as chroot(1) from sudo, can
|
||||
result in a new isolated environment where the environment variables
|
||||
exist but no users exist. From there, a build is performed as root but
|
||||
installation fails when we try to look up the passwd database entry for
|
||||
the user outside of the chroot.
|
||||
|
||||
Proper container mechanisms such as systemd-nspawn, and even improper
|
||||
ones like docker, sanitize this and ensure those stale environment
|
||||
variables don't exist anymore. But chroot is very low-level.
|
||||
|
||||
Avoid crashing when this happens.
|
||||
|
||||
Fixes #11662
|
||||
---
|
||||
mesonbuild/minstall.py | 12 ++++++++++--
|
||||
1 file changed, 10 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/mesonbuild/minstall.py b/mesonbuild/minstall.py
|
||||
index 04726b08af7..b9fe7d58d8d 100644
|
||||
--- a/mesonbuild/minstall.py
|
||||
+++ b/mesonbuild/minstall.py
|
||||
@@ -778,10 +778,18 @@ def drop_privileges() -> T.Tuple[T.Optional[EnvironOrDict], T.Optional[T.Callabl
|
||||
orig_user = env.pop('SUDO_USER')
|
||||
orig_uid = env.pop('SUDO_UID', 0)
|
||||
orig_gid = env.pop('SUDO_GID', 0)
|
||||
- homedir = pwd.getpwuid(int(orig_uid)).pw_dir
|
||||
+ try:
|
||||
+ homedir = pwd.getpwuid(int(orig_uid)).pw_dir
|
||||
+ except KeyError:
|
||||
+ # `sudo chroot` leaves behind stale variable and builds as root without a user
|
||||
+ return None, None
|
||||
elif os.environ.get('DOAS_USER') is not None:
|
||||
orig_user = env.pop('DOAS_USER')
|
||||
- pwdata = pwd.getpwnam(orig_user)
|
||||
+ try:
|
||||
+ pwdata = pwd.getpwnam(orig_user)
|
||||
+ except KeyError:
|
||||
+ # `doas chroot` leaves behind stale variable and builds as root without a user
|
||||
+ return None, None
|
||||
orig_uid = pwdata.pw_uid
|
||||
orig_gid = pwdata.pw_gid
|
||||
homedir = pwdata.pw_dir
|
@ -5,12 +5,15 @@
|
||||
|
||||
name=meson
|
||||
version=1.1.0
|
||||
release=1
|
||||
source=(https://github.com/mesonbuild/meson/releases/download/$version/$name-$version.tar.gz)
|
||||
release=2
|
||||
source=(https://github.com/mesonbuild/meson/releases/download/$version/$name-$version.tar.gz
|
||||
11667.patch)
|
||||
|
||||
build() {
|
||||
cd $name-$version
|
||||
|
||||
patch -Np1 -i $SRC/11667.patch
|
||||
|
||||
/usr/bin/python3 setup.py build
|
||||
|
||||
/usr/bin/python3 setup.py install \
|
||||
|
Loading…
Reference in New Issue
Block a user