net-misc/dhcpcd: Added privsep support to live ebuild

Package-Manager: Portage-2.3.96, Repoman-2.3.22
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

diff --git a/net-misc/dhcpcd/dhcpcd-9999.ebuild b/net-misc/dhcpcd/dhcpcd-9999.ebuild
index 573ee2cc786733f922702e37f9b1d1138890c9e2..9656eabee928b2784c254ff214f14da77f97dfe8 100644 (file)
--- a/net-misc/dhcpcd/dhcpcd-9999.ebuild
+++ b/net-misc/dhcpcd/dhcpcd-9999.ebuild
@@ -21,11 +21,17 @@ DESCRIPTION="A fully featured, yet light weight RFC2131 compliant DHCP client"
 HOMEPAGE="https://roy.marples.name/projects/dhcpcd"
 LICENSE="BSD-2"
 SLOT="0"
-IUSE="debug elibc_glibc +embedded ipv6 kernel_linux +udev"
+IUSE="debug elibc_glibc +embedded ipv6 kernel_linux +privsep +udev"
 
 COMMON_DEPEND="udev? ( virtual/udev )"
 DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
+RDEPEND="
+       ${COMMON_DEPEND}
+       privsep? (
+               acct-group/dhcpcd
+               acct-user/dhcpcd
+       )
+"
 
 src_configure() {
        local myeconfargs=(
@@ -37,8 +43,10 @@ src_configure() {
                $(use_enable debug)
                $(use_enable embedded)
                $(use_enable ipv6)
+               $(use_enable privsep)
                $(usex elibc_glibc '--with-hook=yp.conf' '')
                $(usex kernel_linux '--rundir=${EPREFIX}/run' '')
+               $(usex privsep '--privsepuser=dhcpcd' '')
                $(usex udev '' '--without-dev --without-udev')
                CC="$(tc-getCC)"
        )
@@ -105,6 +113,26 @@ pkg_postinst() {
                cp "${lease}" "${dbdir}/${new_lease}"
        done
 
+       # dhcpcd-9 introduced privesep support in a chroot
+       if use privsep ; then
+               local dhcpcd_libdir="/var/lib/dhcpcd"
+               local chroot_base="${EROOT}/var/chroot/dhcpcd"
+               local chroot_dir="${chroot_base}${dhcpcd_libdir}"
+               local chroot_retval=0
+               # Set up proper chroot.
+               if [[ ! -e "${chroot_dir}" ]] ; then
+                       mkdir -p "${chroot_dir}" || chroot_retval=1
+                       cp -a "${EROOT}${dhcpcd_libdir}" "${chroot_dir}" || chroot_retval=1
+                       chown -R dhcpcd:dhcpcd "${chroot_dir}" || chroot_retval=1
+               elif [[ ! -d "${chroot_dir}" ]] ; then
+                       ewarn "${chroot_dir} is not a directory!"
+                       ewarn "Did not set up ${PN} chroot!"
+               fi
+               if [[ "${chroot_retval}" -ne 0 ]] ; then
+                       ewarn "There were issues setting up ${PN} chroot."
+               fi
+       fi
+
        # Warn about removing stale files
        if [[ -n "${old_files[@]}" ]] ; then
                elog

diff --git a/net-misc/dhcpcd/metadata.xml b/net-misc/dhcpcd/metadata.xml
index 783090038eda258f6be08ec47acfaa6dc43631f5..48f8ca1c55a8b0b60b2083e419eeec52237df2f8 100644 (file)
--- a/net-misc/dhcpcd/metadata.xml
+++ b/net-misc/dhcpcd/metadata.xml
@@ -16,5 +16,8 @@
                <flag name="embedded">
                        Embed the definitions of dhcp options in the dhcpcd executable
                </flag>
+               <flag name="privsep">
+                       Enable support for privilege separation through chroot
+               </flag>
        </use>
 </pkgmetadata>