ports-mgmt/pkg: add upstream patch to unbreak fetch

It would drop privileges, but it would prevent to read package files...
opnsense · Nov 24, 2016 · 3249295 · 3249295
1 parent 9bdc172
commit 3249295
Showing 1 changed file with 117 additions and 0 deletions.
diff --git a/ports-mgmt/pkg/files/patch-upstream-504cff9 b/ports-mgmt/pkg/files/patch-upstream-504cff9
@@ -0,0 +1,117 @@
+From 504cff94c1e975d805cc31a0de5e38111ac58622 Mon Sep 17 00:00:00 2001
+From: Baptiste Daroussin <bapt@FreeBSD.org>
+Date: Fri, 11 Nov 2016 22:18:25 +0100
+Subject: [PATCH] Stop dropping privileges when fetching as it causes more
+ issues than it solved
+
+---
+ libpkg/fetch.c | 53 -----------------------------------------------------
+ 1 file changed, 53 deletions(-)
+
+diff --git a/libpkg/fetch.c b/libpkg/fetch.c
+index 5beaa29..185e5b8 100644
+--- libpkg/fetch.c
++++ libpkg/fetch.c
+@@ -30,7 +30,6 @@
+ #include <sys/wait.h>
+ #include <sys/socket.h>
+ #include <sys/time.h>
+-#include <sys/resource.h>
+
+ #include <ctype.h>
+ #include <fcntl.h>
+@@ -40,8 +39,6 @@
+ #include <fetch.h>
+ #include <paths.h>
+ #include <poll.h>
+-#include <pwd.h>
+-#include <err.h>
+
+ #include <bsd_compat.h>
+
+@@ -464,7 +461,6 @@ pkg_fetch_file_to_fd(struct pkg_repo *repo, const char *url, int dest,
+ 	FILE		*remote = NULL;
+ 	struct url	*u = NULL;
+ 	struct url_stat	 st;
+-	struct stat	 sb;
+ 	off_t		 done = 0;
+ 	off_t		 r;
+ 	int64_t		 max_retry, retry;
+@@ -473,7 +469,6 @@ pkg_fetch_file_to_fd(struct pkg_repo *repo, const char *url, int dest,
+ 	char		*doc = NULL;
+ 	char		 docpath[MAXPATHLEN];
+ 	int		 retcode = EPKG_OK;
+-	int		 pstat;
+ 	char		 zone[MAXHOSTNAMELEN + 13];
+ 	struct dns_srvinfo	*srv_current = NULL;
+ 	struct http_mirror	*http_current = NULL;
+@@ -481,10 +476,7 @@ pkg_fetch_file_to_fd(struct pkg_repo *repo, const char *url, int dest,
+ 	size_t		 buflen = 0;
+ 	size_t		 left = 0;
+ 	bool		 pkg_url_scheme = false;
+-	pid_t		 pid;
+ 	struct sbuf	*fetchOpts = NULL;
+-	struct passwd	*nobody;
+-	struct rlimit	rl_zero;
+
+ 	max_retry = pkg_object_int(pkg_config_get("FETCH_RETRY"));
+ 	fetch_timeout = pkg_object_int(pkg_config_get("FETCH_TIMEOUT"));
+@@ -536,44 +528,6 @@ pkg_fetch_file_to_fd(struct pkg_repo *repo, const char *url, int dest,
+ 		if ((retcode = start_ssh(repo, u, &sz)) != EPKG_OK)
+ 			goto cleanup;
+ 		remote = repo->ssh;
+-	} else {
+-		pid = fork();
+-		switch (pid) {
+-		case -1:
+-			pkg_emit_error("Unable to fork");
+-			return (EPKG_FATAL);
+-		case 0:
+-			if (geteuid() == 0) {
+-				nobody = getpwnam("nobody");
+-				if (nobody == NULL)
+-					err(2, "Unable to drop priviledges");
+-				setgroups(1, &nobody->pw_gid);
+-				setegid(nobody->pw_gid);
+-				setgid(nobody->pw_gid);
+-				seteuid(nobody->pw_uid);
+-				setuid(nobody->pw_uid);
+-			}
+-			rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+-			if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
+-				err(2, "Unable to setrlimit(RLIMIT_NPROC)");
+-			break;
+-		default:
+-			while (waitpid(pid, &pstat, 0) == -1 && errno == EINTR)
+-				;
+-			/* restore original doc */
+-			u->doc = doc;
+-			fetchFreeURL(u);
+-			switch (WEXITSTATUS(pstat)) {
+-			case 0:
+-				fstat(dest, &sb);
+-				*t = st.mtime;
+-				return (EPKG_OK);
+-			case 1:
+-				return (EPKG_UPTODATE);
+-			default:
+-				return (EPKG_FATAL);
+-			}
+-		}
+ 	}
+
+ 	doc = u->doc;
+@@ -747,13 +701,6 @@ pkg_fetch_file_to_fd(struct pkg_repo *repo, const char *url, int dest,
+ 		};
+ 		futimes(dest, ftimes);
+ 	}
+-	if (strcmp(u->scheme, "ssh") != 0) {
+-		if (retcode == EPKG_OK)
+-			exit(0);
+-		if (retcode == EPKG_UPTODATE)
+-			exit(1);
+-		exit(2);
+-	}
+
+ 	/* restore original doc */
+ 	u->doc = doc;