aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess <joey@kodama.kitenet.net>2007-11-14 09:27:11 -0500
committerJoey Hess <joey@kodama.kitenet.net>2007-11-14 09:27:11 -0500
commitcb80809aec56e1b6f0194f3d6f778fc8db3c7783 (patch)
tree9153eb779c632d7b99d5702202ec8dca4707c5b2
parentebac5236869862d7f7e776402212f6b9731b326a (diff)
downloadikiwiki-cb80809aec56e1b6f0194f3d6f778fc8db3c7783.tar
ikiwiki-cb80809aec56e1b6f0194f3d6f778fc8db3c7783.tar.gz
* Add wrappergroup config option, which can be used to cause wrappers
to be created owned by some group other than the default. Useful then there's a shared repository with access controlled by a group, to let ikiwiki run setgid to that group. * ikiwiki-mass-rebuild: Run build with the user in all their groups.
-rw-r--r--IkiWiki/Wrapper.pm18
-rw-r--r--debian/changelog7
-rw-r--r--doc/usage.mdwn8
-rwxr-xr-xikiwiki-mass-rebuild21
-rw-r--r--po/ikiwiki.pot4
5 files changed, 50 insertions, 8 deletions
diff --git a/IkiWiki/Wrapper.pm b/IkiWiki/Wrapper.pm
index 558cdb1cc..6687cace2 100644
--- a/IkiWiki/Wrapper.pm
+++ b/IkiWiki/Wrapper.pm
@@ -102,14 +102,26 @@ $envsave
}
EOF
close OUT;
- if (system("gcc", "$wrapper.c", "-o", $wrapper) != 0) {
+ if (system("gcc", "$wrapper.c", "-o", "$wrapper.new") != 0) {
#translators: The parameter is a C filename.
error(sprintf(gettext("failed to compile %s"), "$wrapper.c"));
}
unlink("$wrapper.c");
+ if (defined $config{wrappergroup}) {
+ my $gid=(getgrnam($config{wrappergroup}))[2];
+ if (! defined $gid) {
+ error(sprintf("bad wrappergroup"));
+ }
+ if (! chown(-1, $gid, "$wrapper.new")) {
+ error("chown $wrapper.new: $!");
+ }
+ }
if (defined $config{wrappermode} &&
- ! chmod(oct($config{wrappermode}), $wrapper)) {
- error("chmod $wrapper: $!");
+ ! chmod(oct($config{wrappermode}), "$wrapper.new")) {
+ error("chmod $wrapper.new: $!");
+ }
+ if (! rename("$wrapper.new", $wrapper)) {
+ error("rename $wrapper.new $wrapper: $!");
}
#translators: The parameter is a filename.
printf(gettext("successfully generated %s"), $wrapper);
diff --git a/debian/changelog b/debian/changelog
index 749db67e0..3de7ea785 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,8 +5,13 @@ ikiwiki (2.13) UNRELEASED; urgency=low
* ikiwiki.setup is licensed same as the basewiki, not GPLed.
* inline: Add timeformat parameter to control how the ctime of
inlined pages is displayed. Closes: #451019
+ * Add wrappergroup config option, which can be used to cause wrappers
+ to be created owned by some group other than the default. Useful
+ then there's a shared repository with access controlled by a group,
+ to let ikiwiki run setgid to that group.
+ * ikiwiki-mass-rebuild: Run build with the user in all their groups.
- -- Joey Hess <joeyh@debian.org> Tue, 13 Nov 2007 16:11:54 -0500
+ -- Joey Hess <joeyh@debian.org> Wed, 14 Nov 2007 08:37:03 -0500
ikiwiki (2.12) unstable; urgency=low
diff --git a/doc/usage.mdwn b/doc/usage.mdwn
index 4fb91b89b..af3634e13 100644
--- a/doc/usage.mdwn
+++ b/doc/usage.mdwn
@@ -125,6 +125,14 @@ configuration options of their own.
Specify a mode to chmod the wrapper to after creating it.
+* --wrappergroup group
+
+ Specify what unix group the wrapper should be owned by. This can be
+ useful if the wrapper needs to be owned by a group other than the default.
+ For example, if a project has a repository with multiple committers with
+ access controlled by a group, it makes sense for the ikiwiki wrappers
+ to run setgid to that group.
+
* --notify, --no-notify
Enable email notification of commits. This should be used when running
diff --git a/ikiwiki-mass-rebuild b/ikiwiki-mass-rebuild
index 1ec90b3c0..710db4eac 100755
--- a/ikiwiki-mass-rebuild
+++ b/ikiwiki-mass-rebuild
@@ -2,6 +2,19 @@
use warnings;
use strict;
+sub supplemental_groups {
+ my $user=shift;
+
+ my @list;
+ while (my @fields=getgrent()) {
+ if (grep { $_ eq $user } split(' ', $fields[3])) {
+ push @list, $fields[2];
+ }
+ }
+
+ return @list;
+}
+
sub processline {
my $user=shift;
my $setup=shift;
@@ -20,11 +33,15 @@ sub processline {
defined(my $pid = fork) or die "Can’t fork: $!";
if (! $pid) {
my ($uuid, $ugid) = (getpwnam($user))[2, 3];
- $)="$ugid $ugid";
+ my $grouplist=join(" ", $ugid, $ugid, supplemental_groups($user));
+ $)=$grouplist;
+ if ($!) {
+ die "failed to set egid $grouplist";
+ }
$(=$ugid;
$<=$uuid;
$>=$uuid;
- if ($< != $uuid || $> != $uuid || $( != $ugid || $) ne "$ugid $ugid") {
+ if ($< != $uuid || $> != $uuid || $( != $ugid) {
die "failed to drop permissions to $user";
}
%ENV=(
diff --git a/po/ikiwiki.pot b/po/ikiwiki.pot
index 3448cda19..c20db1ac4 100644
--- a/po/ikiwiki.pot
+++ b/po/ikiwiki.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2007-11-13 16:14-0500\n"
+"POT-Creation-Date: 2007-11-14 09:23-0500\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -589,7 +589,7 @@ msgid "failed to compile %s"
msgstr ""
#. translators: The parameter is a filename.
-#: ../IkiWiki/Wrapper.pm:115
+#: ../IkiWiki/Wrapper.pm:127
#, perl-format
msgid "successfully generated %s"
msgstr ""