summaryrefslogtreecommitdiff
path: root/abuild-sudo.c
AgeCommit message (Collapse)AuthorFilesLines
2019-06-20abuild-sudo: don't allow --keys-dirMax Rees1-3/+15
Not allowing --allow-untrusted is obviously a good idea, but it can be trivially bypassed if --keys-dir is allowed: $ abuild-apk add foo-1-r0.apk ERROR: foo-1-r0.apk: UNTRUSTED signature $ abuild-apk --allow-untrusted add foo-1-r0.apk abuild-apk: --allow-untrusted: not allowed option $ cp -rp /etc/apk/keys /tmp/keys $ cp untrusted.pub /tmp/keys $ abuild-apk --keys-dir /tmp/keys add foo-1-r0.apk (1/1) Installing foo (1-r0) OK: 4319 MiB in 806 packages If both --allow-untrusted and --keys-dir are not allowed, then it should no longer be possible for an unprivileged member of the abuild group to add an untrusted package. $ abuild-apk --keys-dir /tmp/keys add foo-1-r0.apk abuild-apk: --keys-dir: not allowed option
2019-03-14abuild-sudo: remove unused variableRobert Hencke1-1/+1
This prevents clang from issuing a warning here.
2017-07-20abuild-sudo: prevent forging of user nameKaarle Ritvanen1-10/+7
2017-07-17abuild-sudo: fix segfault when there are no controlling termv3.0.0_rc4Natanael Copa1-1/+13
if there are no controlling reminal getlogin() may return NULL. We use getpwuid() to try figure out the username and verify that we actually have a username before we set environment USER.
2017-06-27abuild: build in chrootKaarle Ritvanen1-0/+1
This patch is based on earlier work by Timo Teräs.
2017-06-27abuild-sudo: enforce correct value for USERKaarle Ritvanen1-1/+2
2017-06-27abuild-sudo: allow commands with '-' in the nameKaarle Ritvanen1-1/+6
2017-06-21abuild-sudo.c: setgid as wellHenrik Riomar1-0/+2
set our gid to root so apk commit hooks run with the same gid as when running "sudo apk add ..." from command line.
2016-04-14abuild-sudo: error check getlogin()Natanael Copa1-1/+2
2016-04-14abuild-sudo: make error msg "Not a member of group abuild" more clearJakub Jirutka1-2/+4
Few days ago some user on IRC pointed out that the current error message: abuild-apk: Not a member of group abuild is confusing. He was trying to build a package using abuild -r and didn't know what this message means. fixes #5408
2013-12-16abuild-sudo: forbid use of --allow-untrustedNatanael Copa1-0/+6
It means that home built packages cannot be installed with abuild-apk unless the key is installed system-wide.
2013-07-08various: add descriptions, attribution, licenseDubiousjim1-0/+9
2013-07-08abuild-sudo, abuild-tar: cosmetic changesDubiousjim1-2/+2
2013-05-29abuild-sudo: also look for adduser/group in /usr/sbinNatanael Copa1-0/+4
seems like it moved in recent busybox. we need to support both variants
2013-05-29abuild-sudo: print error message if execv failsNatanael Copa1-1/+1
2012-02-17abuild-sudo: new toolNatanael Copa1-0/+81
mini sudo that checks if user is in "abuild" group and allows it to run apk, adduser adn addgroup as root ref #951