From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1158467-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 72A9D138350
	for <garchives@archives.gentoo.org>; Thu,  2 Apr 2020 19:40:37 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id A8862E0B6F;
	Thu,  2 Apr 2020 19:40:36 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 80913E0AE8
	for <gentoo-commits@lists.gentoo.org>; Thu,  2 Apr 2020 19:40:36 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 917AA34EF9F
	for <gentoo-commits@lists.gentoo.org>; Thu,  2 Apr 2020 19:40:34 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id B7B451AF
	for <gentoo-commits@lists.gentoo.org>; Thu,  2 Apr 2020 19:40:32 +0000 (UTC)
From: "Lars Wendler" <polynomial-c@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Lars Wendler" <polynomial-c@gentoo.org>
Message-ID: <1585856427.22810df27703dd8d270c4072cc14e4f6e4241c39.polynomial-c@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/dhcpcd/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-misc/dhcpcd/dhcpcd-9999.ebuild net-misc/dhcpcd/metadata.xml
X-VCS-Directories: net-misc/dhcpcd/
X-VCS-Committer: polynomial-c
X-VCS-Committer-Name: Lars Wendler
X-VCS-Revision: 22810df27703dd8d270c4072cc14e4f6e4241c39
X-VCS-Branch: master
Date: Thu,  2 Apr 2020 19:40:32 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 65139752-b350-4e43-91e1-be59975d958c
X-Archives-Hash: f7bb1d9c91a305fd98e2729eb7de0055

commit:     22810df27703dd8d270c4072cc14e4f6e4241c39
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Apr  2 19:33:58 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Apr  2 19:40:27 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22810df2

net-misc/dhcpcd: Added privsep support to live ebuild

Package-Manager: Portage-2.3.96, Repoman-2.3.22
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 net-misc/dhcpcd/dhcpcd-9999.ebuild | 32 ++++++++++++++++++++++++++++++--
 net-misc/dhcpcd/metadata.xml       |  3 +++
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/net-misc/dhcpcd/dhcpcd-9999.ebuild b/net-misc/dhcpcd/dhcpcd-9999.ebuild
index 573ee2cc786..9656eabee92 100644
--- a/net-misc/dhcpcd/dhcpcd-9999.ebuild
+++ b/net-misc/dhcpcd/dhcpcd-9999.ebuild
@@ -21,11 +21,17 @@ DESCRIPTION="A fully featured, yet light weight RFC2131 compliant DHCP client"
 HOMEPAGE="https://roy.marples.name/projects/dhcpcd"
 LICENSE="BSD-2"
 SLOT="0"
-IUSE="debug elibc_glibc +embedded ipv6 kernel_linux +udev"
+IUSE="debug elibc_glibc +embedded ipv6 kernel_linux +privsep +udev"
 
 COMMON_DEPEND="udev? ( virtual/udev )"
 DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
+RDEPEND="
+	${COMMON_DEPEND}
+	privsep? (
+		acct-group/dhcpcd
+		acct-user/dhcpcd
+	)
+"
 
 src_configure() {
 	local myeconfargs=(
@@ -37,8 +43,10 @@ src_configure() {
 		$(use_enable debug)
 		$(use_enable embedded)
 		$(use_enable ipv6)
+		$(use_enable privsep)
 		$(usex elibc_glibc '--with-hook=yp.conf' '')
 		$(usex kernel_linux '--rundir=${EPREFIX}/run' '')
+		$(usex privsep '--privsepuser=dhcpcd' '')
 		$(usex udev '' '--without-dev --without-udev')
 		CC="$(tc-getCC)"
 	)
@@ -105,6 +113,26 @@ pkg_postinst() {
 		cp "${lease}" "${dbdir}/${new_lease}"
 	done
 
+	# dhcpcd-9 introduced privesep support in a chroot
+	if use privsep ; then
+		local dhcpcd_libdir="/var/lib/dhcpcd"
+		local chroot_base="${EROOT}/var/chroot/dhcpcd"
+		local chroot_dir="${chroot_base}${dhcpcd_libdir}"
+		local chroot_retval=0
+		# Set up proper chroot.
+		if [[ ! -e "${chroot_dir}" ]] ; then
+			mkdir -p "${chroot_dir}" || chroot_retval=1
+			cp -a "${EROOT}${dhcpcd_libdir}" "${chroot_dir}" || chroot_retval=1
+			chown -R dhcpcd:dhcpcd "${chroot_dir}" || chroot_retval=1
+		elif [[ ! -d "${chroot_dir}" ]] ; then
+			ewarn "${chroot_dir} is not a directory!"
+			ewarn "Did not set up ${PN} chroot!"
+		fi
+		if [[ "${chroot_retval}" -ne 0 ]] ; then
+			ewarn "There were issues setting up ${PN} chroot."
+		fi
+	fi
+
 	# Warn about removing stale files
 	if [[ -n "${old_files[@]}" ]] ; then
 		elog

diff --git a/net-misc/dhcpcd/metadata.xml b/net-misc/dhcpcd/metadata.xml
index 783090038ed..48f8ca1c55a 100644
--- a/net-misc/dhcpcd/metadata.xml
+++ b/net-misc/dhcpcd/metadata.xml
@@ -16,5 +16,8 @@
 		<flag name="embedded">
 			Embed the definitions of dhcp options in the dhcpcd executable
 		</flag>
+		<flag name="privsep">
+			Enable support for privilege separation through chroot
+		</flag>
 	</use>
 </pkgmetadata>