Hi all,
First of all, I'm sorry about not using bug tracker, but I have the
reason: I suppose that this patch will cause some sort of debates,
and mailing list fits it best. And I hate www technique for conversation
purposes. ;-)
Second - pkgutils have [security] flaw. One package can seriously damage
whole system without any warnings. Is conflicts catching should be done
in pkgutils or not is arguable, but we have some sort of it already, thus
we should make it more consistent.
This patch fixes bugs mentioned in subject.
The patch is about the same size as summary sizes of all *.cc files.
But! Please, don't be scared, there are really small amount of logic
changes. Most line-consuming changes are: new types, old types typedef'ed,
long functions splitting, new debugging code, pkgadd.cc changes regarding
indentation and long lines.
The real change is that pkgutils now reclines not only on filenames but
on `file_t' type, which is pair: filename and `fileinfo_t'. fileinfo_t
is a struct that contains mode, uid and gid fields (others can be added);
Another new type is fileconflict_t, which is pair of file_t and conflict_t.
conflict_t may be: none, database, filesystem and mode.
Plural forms of above types also introduced.
There are ~280 lines added, but I repeat: nothing grandeur happened.
I'm attaching the patch and test-case Pkgfile.
pkgadd's output will be:
# pkgutils/pkgadd foo#1.0-1.pkg.tar.gz
Following files conflicts with database records:
usr/sbin/zic
Following files conflicts with filesystem files:
dev/tty0
Following files conflicts by mode or ownership:
drwxr-xrwx uid: 0 gid: 0 bin/
drwxr-xrwx uid: 0 gid: 0 sbin/
pkgadd: use -f to ignore and overwrite
If there are permissions changes during update of the package, pkgadd will
complain about it. I'm (as a user) believe that I should be warned about
permission changes. Though, it's trivial to disable this feature, if
anyone will insist.
Hope somebody from core development team will able to review and apply it.
I'm ready to answer any questions regarding changes.
Good luck,
-- Anton (irc: bd2)
p.s. Also, I hope I'm not introduced new bugs. If so, please tell me.
