summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wendler <polynomial-c@gentoo.org>2020-04-02 21:33:58 +0200
committerLars Wendler <polynomial-c@gentoo.org>2020-04-02 21:40:27 +0200
commit22810df27703dd8d270c4072cc14e4f6e4241c39 (patch)
tree190bee6d2df218eea1fc83fd458294cdfcca1420
parentnet-misc/dhcpcd: Removed old (diff)
downloadgentoo-22810df27703dd8d270c4072cc14e4f6e4241c39.tar.gz
gentoo-22810df27703dd8d270c4072cc14e4f6e4241c39.tar.bz2
gentoo-22810df27703dd8d270c4072cc14e4f6e4241c39.zip
net-misc/dhcpcd: Added privsep support to live ebuild
Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
-rw-r--r--net-misc/dhcpcd/dhcpcd-9999.ebuild32
-rw-r--r--net-misc/dhcpcd/metadata.xml3
2 files changed, 33 insertions, 2 deletions
diff --git a/net-misc/dhcpcd/dhcpcd-9999.ebuild b/net-misc/dhcpcd/dhcpcd-9999.ebuild
index 573ee2cc7867..9656eabee928 100644
--- a/net-misc/dhcpcd/dhcpcd-9999.ebuild
+++ b/net-misc/dhcpcd/dhcpcd-9999.ebuild
@@ -21,11 +21,17 @@ DESCRIPTION="A fully featured, yet light weight RFC2131 compliant DHCP client"
HOMEPAGE="https://roy.marples.name/projects/dhcpcd"
LICENSE="BSD-2"
SLOT="0"
-IUSE="debug elibc_glibc +embedded ipv6 kernel_linux +udev"
+IUSE="debug elibc_glibc +embedded ipv6 kernel_linux +privsep +udev"
COMMON_DEPEND="udev? ( virtual/udev )"
DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
+RDEPEND="
+ ${COMMON_DEPEND}
+ privsep? (
+ acct-group/dhcpcd
+ acct-user/dhcpcd
+ )
+"
src_configure() {
local myeconfargs=(
@@ -37,8 +43,10 @@ src_configure() {
$(use_enable debug)
$(use_enable embedded)
$(use_enable ipv6)
+ $(use_enable privsep)
$(usex elibc_glibc '--with-hook=yp.conf' '')
$(usex kernel_linux '--rundir=${EPREFIX}/run' '')
+ $(usex privsep '--privsepuser=dhcpcd' '')
$(usex udev '' '--without-dev --without-udev')
CC="$(tc-getCC)"
)
@@ -105,6 +113,26 @@ pkg_postinst() {
cp "${lease}" "${dbdir}/${new_lease}"
done
+ # dhcpcd-9 introduced privesep support in a chroot
+ if use privsep ; then
+ local dhcpcd_libdir="/var/lib/dhcpcd"
+ local chroot_base="${EROOT}/var/chroot/dhcpcd"
+ local chroot_dir="${chroot_base}${dhcpcd_libdir}"
+ local chroot_retval=0
+ # Set up proper chroot.
+ if [[ ! -e "${chroot_dir}" ]] ; then
+ mkdir -p "${chroot_dir}" || chroot_retval=1
+ cp -a "${EROOT}${dhcpcd_libdir}" "${chroot_dir}" || chroot_retval=1
+ chown -R dhcpcd:dhcpcd "${chroot_dir}" || chroot_retval=1
+ elif [[ ! -d "${chroot_dir}" ]] ; then
+ ewarn "${chroot_dir} is not a directory!"
+ ewarn "Did not set up ${PN} chroot!"
+ fi
+ if [[ "${chroot_retval}" -ne 0 ]] ; then
+ ewarn "There were issues setting up ${PN} chroot."
+ fi
+ fi
+
# Warn about removing stale files
if [[ -n "${old_files[@]}" ]] ; then
elog
diff --git a/net-misc/dhcpcd/metadata.xml b/net-misc/dhcpcd/metadata.xml
index 783090038eda..48f8ca1c55a8 100644
--- a/net-misc/dhcpcd/metadata.xml
+++ b/net-misc/dhcpcd/metadata.xml
@@ -16,5 +16,8 @@
<flag name="embedded">
Embed the definitions of dhcp options in the dhcpcd executable
</flag>
+ <flag name="privsep">
+ Enable support for privilege separation through chroot
+ </flag>
</use>
</pkgmetadata>