Subject: Unprivileged user per-package custom groups
To: None <tech-pkg@NetBSD.org>
From: None <david.sainty@dtsp.co.nz>
List: tech-pkg
Date: 10/14/2007 16:39:02
I propose the following change. Currently mk/unprivileged.mk will
override all per-package groups. This is not always desirable - in
fact it can be a real nuisance :)
The patch below allows a package to use its custom group so long as
the group is in the UNPRIVILEGED_GROUPS list.
In addition, the value of UNPRIVILEGED_GROUPS is defaulted to all the
groups the installing user is a member of, in a similar mold to
UNPRIVILEGED_GROUP and UNPRIVILEGED_USER.
Any dissent?
Cheers,
Dave
--- mk/unprivileged.mk.orig 2007-09-09 15:53:15.000000000 +1200
+++ mk/unprivileged.mk 2007-10-14 16:05:40.000000000 +1300
@@ -24,6 +24,16 @@
#
# Default: The primary group of the user building the package
#
+# UNPRIVILEGED_GROUPS
+# The group names that can be used to install files. Where a
+# per-package custom group is declared that matches a group name
+# in this variable, it will be left unmodified. Any per-package
+# custom group not in this list will be forced to the value of
+# UNPRIVILEGED_GROUP.
+#
+# Default: The complete group membership of the user building
+# the package
+#
# === Package-settable variables ===
#
# PKG_USERS_VARS
@@ -112,6 +122,9 @@
. if !defined(UNPRIVILEGED_GROUP) || empty(UNPRIVILEGED_GROUP)
UNPRIVILEGED_GROUP!= ${ID} -n -g
. endif
+. if !defined(UNPRIVILEGED_GROUPS) || empty(UNPRIVILEGED_GROUPS)
+UNPRIVILEGED_GROUPS!= ${ID} -n -G
+. endif
. if empty(_UNPRIVILEGED:Munprivileged) && !empty(_UNPRIVILEGED:Muser-destdir)
# Only do following for privileged, user-destdir builds.
@@ -148,12 +161,15 @@
PKG_GROUPS_VARS?= # empty
BUILD_DEFS+= ${PKG_USERS_VARS} ${PKG_GROUPS_VARS}
-# Override per-package, custom users and groups.
+# Override per-package custom users and groups, except for groups listed
+# in UNPRIVILEGED_GROUPS.
. for _var_ in ${PKG_USERS_VARS}
${_var_}= ${UNPRIVILEGED_USER}
. endfor
. for _var_ in ${PKG_GROUPS_VARS}
+. if empty(UNPRIVILEGED_GROUPS:M${${_var_}})
${_var_}= ${UNPRIVILEGED_GROUP}
+. endif
. endfor
. endif