Differential D3005
Add warnings for writable WWWDIR to qa.sh Authored by feld on Jul 6 2015, 8:52 PM. Tags None Referenced Files
Subscribers None
Details
This is my 5 minute mock-up of trying to detect when a port creates a Any ideas on how to properly integrate this into qa.sh would be great!
Diff Detail
Event TimelineComment Actions I think bsd.port.mk has to be changed so that QA_ENV would include WWWOWN/WWWGRP. How do we make this work if uidfix is used though: perhaps we should really check plist instead? Comment Actions Actually the real issue on web related ports is that they should not be owned at all by WWWOWN/WWWGRP, but owned by root:wheel if you are willing to make a qa test it should actually test for those ownership and warn about it. Because 99% of the time the number of directories that really needs write access should be really isolated Comment Actions I passed WWWDIR to QA_ENV but that doesn't help because in ${STAGEDIR} the permissions are always going to be correct (unless you were running poudriere as non-root, but that's a different story). They're only different at install-time as dictated by the pkg-plist. I have no idea how to detect this because it's not a simple as looking for @dir(nonroot,,) %%WWWDIR%% -- you have to also consider people setting @owner and @group around sections in the plist. This is harder than I thought it would be. Comment Actions Running poudriere as non root is going to be the default very soon, so, it'd be so much better if it worked in that case. Comment Actions Should'nt those kind of checks be done by pkg plugins instead of in the stage? With @(user,group,perm) in plist permission of what is in stage can be different from what is packaged |