diff options
author | Joey Hess <joey@kodama.kitenet.net> | 2007-11-14 09:27:11 -0500 |
---|---|---|
committer | Joey Hess <joey@kodama.kitenet.net> | 2007-11-14 09:27:11 -0500 |
commit | cb80809aec56e1b6f0194f3d6f778fc8db3c7783 (patch) | |
tree | 9153eb779c632d7b99d5702202ec8dca4707c5b2 | |
parent | ebac5236869862d7f7e776402212f6b9731b326a (diff) | |
download | ikiwiki-cb80809aec56e1b6f0194f3d6f778fc8db3c7783.tar ikiwiki-cb80809aec56e1b6f0194f3d6f778fc8db3c7783.tar.gz |
* Add wrappergroup config option, which can be used to cause wrappers
to be created owned by some group other than the default. Useful
then there's a shared repository with access controlled by a group,
to let ikiwiki run setgid to that group.
* ikiwiki-mass-rebuild: Run build with the user in all their groups.
-rw-r--r-- | IkiWiki/Wrapper.pm | 18 | ||||
-rw-r--r-- | debian/changelog | 7 | ||||
-rw-r--r-- | doc/usage.mdwn | 8 | ||||
-rwxr-xr-x | ikiwiki-mass-rebuild | 21 | ||||
-rw-r--r-- | po/ikiwiki.pot | 4 |
5 files changed, 50 insertions, 8 deletions
diff --git a/IkiWiki/Wrapper.pm b/IkiWiki/Wrapper.pm index 558cdb1cc..6687cace2 100644 --- a/IkiWiki/Wrapper.pm +++ b/IkiWiki/Wrapper.pm @@ -102,14 +102,26 @@ $envsave } EOF close OUT; - if (system("gcc", "$wrapper.c", "-o", $wrapper) != 0) { + if (system("gcc", "$wrapper.c", "-o", "$wrapper.new") != 0) { #translators: The parameter is a C filename. error(sprintf(gettext("failed to compile %s"), "$wrapper.c")); } unlink("$wrapper.c"); + if (defined $config{wrappergroup}) { + my $gid=(getgrnam($config{wrappergroup}))[2]; + if (! defined $gid) { + error(sprintf("bad wrappergroup")); + } + if (! chown(-1, $gid, "$wrapper.new")) { + error("chown $wrapper.new: $!"); + } + } if (defined $config{wrappermode} && - ! chmod(oct($config{wrappermode}), $wrapper)) { - error("chmod $wrapper: $!"); + ! chmod(oct($config{wrappermode}), "$wrapper.new")) { + error("chmod $wrapper.new: $!"); + } + if (! rename("$wrapper.new", $wrapper)) { + error("rename $wrapper.new $wrapper: $!"); } #translators: The parameter is a filename. printf(gettext("successfully generated %s"), $wrapper); diff --git a/debian/changelog b/debian/changelog index 749db67e0..3de7ea785 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,8 +5,13 @@ ikiwiki (2.13) UNRELEASED; urgency=low * ikiwiki.setup is licensed same as the basewiki, not GPLed. * inline: Add timeformat parameter to control how the ctime of inlined pages is displayed. Closes: #451019 + * Add wrappergroup config option, which can be used to cause wrappers + to be created owned by some group other than the default. Useful + then there's a shared repository with access controlled by a group, + to let ikiwiki run setgid to that group. + * ikiwiki-mass-rebuild: Run build with the user in all their groups. - -- Joey Hess <joeyh@debian.org> Tue, 13 Nov 2007 16:11:54 -0500 + -- Joey Hess <joeyh@debian.org> Wed, 14 Nov 2007 08:37:03 -0500 ikiwiki (2.12) unstable; urgency=low diff --git a/doc/usage.mdwn b/doc/usage.mdwn index 4fb91b89b..af3634e13 100644 --- a/doc/usage.mdwn +++ b/doc/usage.mdwn @@ -125,6 +125,14 @@ configuration options of their own. Specify a mode to chmod the wrapper to after creating it. +* --wrappergroup group + + Specify what unix group the wrapper should be owned by. This can be + useful if the wrapper needs to be owned by a group other than the default. + For example, if a project has a repository with multiple committers with + access controlled by a group, it makes sense for the ikiwiki wrappers + to run setgid to that group. + * --notify, --no-notify Enable email notification of commits. This should be used when running diff --git a/ikiwiki-mass-rebuild b/ikiwiki-mass-rebuild index 1ec90b3c0..710db4eac 100755 --- a/ikiwiki-mass-rebuild +++ b/ikiwiki-mass-rebuild @@ -2,6 +2,19 @@ use warnings; use strict; +sub supplemental_groups { + my $user=shift; + + my @list; + while (my @fields=getgrent()) { + if (grep { $_ eq $user } split(' ', $fields[3])) { + push @list, $fields[2]; + } + } + + return @list; +} + sub processline { my $user=shift; my $setup=shift; @@ -20,11 +33,15 @@ sub processline { defined(my $pid = fork) or die "Can’t fork: $!"; if (! $pid) { my ($uuid, $ugid) = (getpwnam($user))[2, 3]; - $)="$ugid $ugid"; + my $grouplist=join(" ", $ugid, $ugid, supplemental_groups($user)); + $)=$grouplist; + if ($!) { + die "failed to set egid $grouplist"; + } $(=$ugid; $<=$uuid; $>=$uuid; - if ($< != $uuid || $> != $uuid || $( != $ugid || $) ne "$ugid $ugid") { + if ($< != $uuid || $> != $uuid || $( != $ugid) { die "failed to drop permissions to $user"; } %ENV=( diff --git a/po/ikiwiki.pot b/po/ikiwiki.pot index 3448cda19..c20db1ac4 100644 --- a/po/ikiwiki.pot +++ b/po/ikiwiki.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2007-11-13 16:14-0500\n" +"POT-Creation-Date: 2007-11-14 09:23-0500\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -589,7 +589,7 @@ msgid "failed to compile %s" msgstr "" #. translators: The parameter is a filename. -#: ../IkiWiki/Wrapper.pm:115 +#: ../IkiWiki/Wrapper.pm:127 #, perl-format msgid "successfully generated %s" msgstr "" |