Mercurial > hg
annotate contrib/fixpax.py @ 23940:d0ef40776999 stable
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
The packages has to be installed by root but they would be installed
insecurely, owned by the uid of the unprivileged user that made the package.
The local user with that uid could thus write to /usr/local/bin/hg .
bdist_mpkg calls out to pax to create the package, but pax do apparently not
have the power to control what it is writing.
Instead, patch the pax files and set their uid fields to 0 before they are
wrapped in a dmg.
| author | Mads Kiilerich <madski@unity3d.com> |
|---|---|
| date | Fri, 23 Jan 2015 06:28:28 +0100 |
| parents | |
| children | 58eb1c5bba58 |
| rev | line source |
|---|---|
|
23940
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
1 # fixpax - fix ownership in bdist_mpkg output |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
2 # |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
3 # Copyright 2015 Matt Mackall <mpm@selenic.com> |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
4 # |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
5 # This software may be used and distributed according to the terms of the |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
6 # MIT license (http://opensource.org/licenses/MIT) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
7 |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
8 """Set file ownership to 0 in an Archive.pax.gz. |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
9 Suitable for fixing files bdist_mpkg output: |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
10 *.mpkg/Contents/Packages/*.pkg/Contents/Archive.pax.gz |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
11 """ |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
12 |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
13 import sys, os, gzip |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
14 |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
15 def fixpax(iname, oname): |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
16 i = gzip.GzipFile(iname) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
17 o = gzip.GzipFile(oname, "w") |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
18 |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
19 while True: |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
20 magic = i.read(6) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
21 dev = i.read(6) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
22 ino = i.read(6) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
23 mode = i.read(6) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
24 i.read(6) # uid |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
25 i.read(6) # gid |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
26 nlink = i.read(6) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
27 rdev = i.read(6) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
28 mtime = i.read(11) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
29 namesize = i.read(6) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
30 filesize = i.read(11) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
31 name = i.read(int(namesize, 8)) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
32 data = i.read(int(filesize, 8)) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
33 |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
34 o.write(magic) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
35 o.write(dev) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
36 o.write(ino) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
37 o.write(mode) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
38 o.write("000000") |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
39 o.write("000000") |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
40 o.write(nlink) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
41 o.write(rdev) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
42 o.write(mtime) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
43 o.write(namesize) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
44 o.write(filesize) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
45 o.write(name) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
46 o.write(data) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
47 |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
48 if name.startswith("TRAILER!!!"): |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
49 o.write(i.read()) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
50 break |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
51 |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
52 o.close() |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
53 i.close() |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
54 |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
55 if __name__ == '__main__': |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
56 for iname in sys.argv[1:]: |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
57 print 'fixing file ownership in %s' % iname |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
58 oname = sys.argv[1] + '.tmp' |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
59 fixpax(iname, oname) |
|
d0ef40776999
osx: patch .pax.gz files in pkg bundles so they extract as root (issue4081)
Mads Kiilerich <madski@unity3d.com>
parents:
diff
changeset
|
60 os.rename(oname, iname) |