From 2d6126bf674107764a4ea4d2dff592c0e193056d Mon Sep 17 00:00:00 2001 From: Kate Date: Tue, 6 Dec 2022 19:42:26 +0000 Subject: [PATCH] Fix opam unable to find executables on systems where users belong to more than 32 groups when opam is built using musl libc Details of the issue in musl described in https://www.openwall.com/lists/musl/2021/07/03/1 --- .gitignore | 2 - Makefile | 2 +- configure | 291 +-------------------------- configure.ac | 27 --- master_changes.md | 28 +++ src/core/dune | 3 - src/core/opamACL.dummy.ml | 11 - src/core/opamACL.libacl.ml | 11 - src/core/opamACL.mli | 22 -- src/core/opamStd.ml | 31 +-- src/stubs/libacl/c-libraries.sexp.in | 1 - src/stubs/libacl/dune-libacl | 22 -- src/stubs/libacl/opamACL.c | 127 ------------ src/stubs/libacl/opamlibACL.ml | 11 - 14 files changed, 37 insertions(+), 552 deletions(-) delete mode 100644 src/core/opamACL.dummy.ml delete mode 100644 src/core/opamACL.libacl.ml delete mode 100644 src/core/opamACL.mli delete mode 100644 src/stubs/libacl/c-libraries.sexp.in delete mode 100644 src/stubs/libacl/dune-libacl delete mode 100644 src/stubs/libacl/opamACL.c delete mode 100644 src/stubs/libacl/opamlibACL.ml diff --git a/.gitignore b/.gitignore index e572afb4dd9..511177abdc4 100644 --- a/.gitignore +++ b/.gitignore @@ -83,8 +83,6 @@ src/client/no-git-version src/core/developer src/manifest/dune src/manifest/install.inc -src/stubs/libacl/dune -src/stubs/libacl/c-libraries.sexp src/stubs/win32/cc64 src/stubs/win32/dune src/stubs/c-flags.sexp diff --git a/Makefile b/Makefile index 9ba7c088aa3..1a60ac4a015 100644 --- a/Makefile +++ b/Makefile @@ -96,7 +96,7 @@ clean: distclean: clean clean-ext rm -rf autom4te.cache bootstrap rm -f Makefile.config config.log config.status aclocal.m4 - rm -f src/*.META src/*/.merlin src/manifest/dune src/manifest/install.inc src/stubs/libacl/dune src/stubs/win32/dune src/stubs/win32/cc64 src/ocaml-flags-configure.sexp src/stubs/libacl/c-libraries.sexp + rm -f src/*.META src/*/.merlin src/manifest/dune src/manifest/install.inc src/stubs/win32/dune src/stubs/win32/cc64 src/ocaml-flags-configure.sexp rm -f src/client/linking.sexp src/stubs/c-flags.sexp src/core/developer src/core/version OPAMINSTALLER_FLAGS = --prefix "$(call CYGPATH,$(DESTDIR)$(prefix))" diff --git a/configure b/configure index 6a916830055..5d5ccbfa733 100755 --- a/configure +++ b/configure @@ -615,38 +615,6 @@ PACKAGE_BUGREPORT='' PACKAGE_URL='' ac_default_prefix=`echo "os_type: ${OCAML_OS_TYPE}" | sed -e "s;^os_type: Win32;C:/OPAM;" -e "s;^os_type:.*;/usr/local;"` -# Factoring default headers for most tests. -ac_includes_default="\ -#include -#ifdef HAVE_STDIO_H -# include -#endif -#ifdef HAVE_STDLIB_H -# include -#endif -#ifdef HAVE_STRING_H -# include -#endif -#ifdef HAVE_INTTYPES_H -# include -#endif -#ifdef HAVE_STDINT_H -# include -#endif -#ifdef HAVE_STRINGS_H -# include -#endif -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#ifdef HAVE_SYS_STAT_H -# include -#endif -#ifdef HAVE_UNISTD_H -# include -#endif" - -ac_header_c_list= ac_subst_vars='LTLIBOBJS LIBOBJS VENDORED @@ -687,7 +655,6 @@ PATH_PREPEND CC64 CONF_CFLAGS CONF_OCAMLFLAGS -CONF_LIBACL_LINK MCCS_ENABLED DEVELOPER OBJEXT @@ -767,7 +734,6 @@ enable_checks enable_developer_mode with_mccs with_0install_solver -with_libacl with_private_runtime enable_static enable_cold_check @@ -1428,7 +1394,6 @@ Optional Packages: --without-0install-solver Legacy option (does nothing) - --with-libacl Compile opam with libacl support --with-private-runtime For a mingw-w64 build, manifest the runtime DLLs locally in Opam.Runtime.arch --without-dune Compile using vendored Dune instead of any in PATH @@ -1568,86 +1533,6 @@ fi } # ac_fn_c_try_compile -# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES -# ------------------------------------------------------- -# Tests whether HEADER exists and can be compiled using the include files in -# INCLUDES, setting the cache variable VAR accordingly. -ac_fn_c_check_header_compile () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -printf %s "checking for $2... " >&6; } -if eval test \${$3+y} -then : - printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -#include <$2> -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - eval "$3=yes" -else $as_nop - eval "$3=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext -fi -eval ac_res=\$$3 - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -printf "%s\n" "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_header_compile - -# ac_fn_c_try_link LINENO -# ----------------------- -# Try to link conftest.$ac_ext, and return whether this succeeded. -ac_fn_c_try_link () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext - if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -printf "%s\n" "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { - test -z "$ac_c_werror_flag" || - test ! -s conftest.err - } && test -s conftest$ac_exeext && { - test "$cross_compiling" = yes || - test -x conftest$ac_exeext - } -then : - ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information - # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would - # interfere with the next link command; also delete a directory that is - # left behind by Apple's compiler. We do this before executing the actions. - rm -rf conftest.dSYM conftest_ipa8_conftest.oo - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_link - # ac_fn_cxx_try_compile LINENO # ---------------------------- # Try to compile conftest.$ac_ext, and return whether this succeeded. @@ -2289,15 +2174,6 @@ main (int argc, char **argv) } " -as_fn_append ac_header_c_list " stdio.h stdio_h HAVE_STDIO_H" -as_fn_append ac_header_c_list " stdlib.h stdlib_h HAVE_STDLIB_H" -as_fn_append ac_header_c_list " string.h string_h HAVE_STRING_H" -as_fn_append ac_header_c_list " inttypes.h inttypes_h HAVE_INTTYPES_H" -as_fn_append ac_header_c_list " stdint.h stdint_h HAVE_STDINT_H" -as_fn_append ac_header_c_list " strings.h strings_h HAVE_STRINGS_H" -as_fn_append ac_header_c_list " sys/stat.h sys_stat_h HAVE_SYS_STAT_H" -as_fn_append ac_header_c_list " sys/types.h sys_types_h HAVE_SYS_TYPES_H" -as_fn_append ac_header_c_list " unistd.h unistd_h HAVE_UNISTD_H" # Test code for whether the C++ compiler supports C++98 (global declarations) ac_cxx_conftest_cxx98_globals=' // Does the compiler advertise C++98 conformance? @@ -4021,16 +3897,6 @@ fi -# Check whether --with-libacl was given. -if test ${with_libacl+y} -then : - withval=$with_libacl; -else $as_nop - with_libacl=auto -fi - - - # Check whether --with-private_runtime was given. if test ${with_private_runtime+y} then : @@ -4973,143 +4839,6 @@ else $as_nop fi - -ac_header= ac_cache= -for ac_item in $ac_header_c_list -do - if test $ac_cache; then - ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default" - if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then - printf "%s\n" "#define $ac_item 1" >> confdefs.h - fi - ac_header= ac_cache= - elif test $ac_header; then - ac_cache=$ac_item - else - ac_header=$ac_item - fi -done - - - - - - - - -if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes -then : - -printf "%s\n" "#define STDC_HEADERS 1" >>confdefs.h - -fi -if test "x${with_libacl}" != "xno" -then : - - have_libacl=yes - ac_fn_c_check_header_compile "$LINENO" "acl/libacl.h" "ac_cv_header_acl_libacl_h" "$ac_includes_default" -if test "x$ac_cv_header_acl_libacl_h" = xyes -then : - -else $as_nop - have_libacl=no -fi - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing acl_get_perm" >&5 -printf %s "checking for library containing acl_get_perm... " >&6; } -if test ${ac_cv_search_acl_get_perm+y} -then : - printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char acl_get_perm (); -int -main (void) -{ -return acl_get_perm (); - ; - return 0; -} -_ACEOF -for ac_lib in '' acl -do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO" -then : - ac_cv_search_acl_get_perm=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext - if test ${ac_cv_search_acl_get_perm+y} -then : - break -fi -done -if test ${ac_cv_search_acl_get_perm+y} -then : - -else $as_nop - ac_cv_search_acl_get_perm=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_acl_get_perm" >&5 -printf "%s\n" "$ac_cv_search_acl_get_perm" >&6; } -ac_res=$ac_cv_search_acl_get_perm -if test "$ac_res" != no -then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -else $as_nop - have_libacl=no -fi - - if test "x${SYSTEM}" = "xcygwin" -then : - - if test "x${have_libacl}" = "xno" -then : - as_fn_error $? "opam on Cygwin requires libacl" "$LINENO" 5 -else $as_nop - with_libacl=yes -fi - -fi - if test "x${with_libacl}${have_libacl}" = "xyesno" -then : - as_fn_error $? "libacl not found" "$LINENO" 5 -fi - -fi -if test "x${with_libacl}" = "xyes" -then : - - if test "x${ac_cv_search_acl_get_perm}" = "xnone required" -then : - - - -else $as_nop - - CONF_LIBACL_LINK=${ac_cv_search_acl_get_perm} - - -fi - -fi - CONF_OCAMLFLAGS='' if test "x${CI}" != "x" -o "x${enable_developer_mode}" = "xyes" @@ -7108,11 +6837,11 @@ if test x$ac_prog_cxx_stdcxx = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CXX option to enable C++11 features" >&5 printf %s "checking for $CXX option to enable C++11 features... " >&6; } -if test ${ac_cv_prog_cxx_11+y} +if test ${ac_cv_prog_cxx_cxx11+y} then : printf %s "(cached) " >&6 else $as_nop - ac_cv_prog_cxx_11=no + ac_cv_prog_cxx_cxx11=no ac_save_CXX=$CXX cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7154,11 +6883,11 @@ if test x$ac_prog_cxx_stdcxx = xno then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CXX option to enable C++98 features" >&5 printf %s "checking for $CXX option to enable C++98 features... " >&6; } -if test ${ac_cv_prog_cxx_98+y} +if test ${ac_cv_prog_cxx_cxx98+y} then : printf %s "(cached) " >&6 else $as_nop - ac_cv_prog_cxx_98=no + ac_cv_prog_cxx_cxx98=no ac_save_CXX=$CXX cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7307,7 +7036,7 @@ if test "x$prefix" = "xNONE"; then prefix=$ac_default_prefix fi -ac_config_files="$ac_config_files Makefile.config src/ocaml-flags-configure.sexp src/stubs/c-flags.sexp src/stubs/libacl/c-libraries.sexp" +ac_config_files="$ac_config_files Makefile.config src/ocaml-flags-configure.sexp src/stubs/c-flags.sexp" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -8013,7 +7742,6 @@ do "Makefile.config") CONFIG_FILES="$CONFIG_FILES Makefile.config" ;; "src/ocaml-flags-configure.sexp") CONFIG_FILES="$CONFIG_FILES src/ocaml-flags-configure.sexp" ;; "src/stubs/c-flags.sexp") CONFIG_FILES="$CONFIG_FILES src/stubs/c-flags.sexp" ;; - "src/stubs/libacl/c-libraries.sexp") CONFIG_FILES="$CONFIG_FILES src/stubs/libacl/c-libraries.sexp" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac @@ -8493,15 +8221,6 @@ then : ${LN_S} -f dune-win32 dune cd ../../.. -fi -rm -f src/stubs/libacl/dune -if test "x${with_libacl}" = "xyes" -then : - - cd src/stubs/libacl - ${LN_S} -f dune-libacl dune - cd ../../.. - fi echo diff --git a/configure.ac b/configure.ac index 1dd909807d4..32f9c76353b 100644 --- a/configure.ac +++ b/configure.ac @@ -69,9 +69,6 @@ AS_IF([test "x$with_0install_solver" = xno], ) -AC_ARG_WITH([libacl], - AS_HELP_STRING([--with-libacl],[Compile opam with libacl support]),,[with_libacl=auto]) - AC_ARG_WITH([private_runtime], AS_HELP_STRING([--with-private-runtime],[For a mingw-w64 build, manifest the runtime DLLs locally in Opam.Runtime.arch]),,[with_private_runtime=no] ) @@ -165,23 +162,6 @@ AS_IF([test "x${enable_developer_mode}" = "xyes"],[ AS_IF([test "x${with_mccs}" = "xno"], [AC_SUBST(MCCS_ENABLED,false)], [AC_SUBST(MCCS_ENABLED,true)]) -AS_IF([test "x${with_libacl}" != "xno"],[ - have_libacl=yes - AC_CHECK_HEADER([acl/libacl.h],,[have_libacl=no]) - AC_SEARCH_LIBS([acl_get_perm],[acl],,[have_libacl=no]) - AS_IF([test "x${SYSTEM}" = "xcygwin"],[ - AS_IF([test "x${have_libacl}" = "xno"],[AC_MSG_ERROR([opam on Cygwin requires libacl])],[with_libacl=yes]) - ]) - AS_IF([test "x${with_libacl}${have_libacl}" = "xyesno"],[AC_MSG_ERROR([libacl not found])]) -]) -AS_IF([test "x${with_libacl}" = "xyes"],[ - AS_IF([test "x${ac_cv_search_acl_get_perm}" = "xnone required"],[ - AC_SUBST(CONF_LIBACL_LINK,[]) - ],[ - AC_SUBST(CONF_LIBACL_LINK,[${ac_cv_search_acl_get_perm}]) - ]) -]) - CONF_OCAMLFLAGS='' AS_IF([test "x${CI}" != "x" -o "x${enable_developer_mode}" = "xyes"],[ @@ -449,7 +429,6 @@ AC_CONFIG_FILES( Makefile.config src/ocaml-flags-configure.sexp src/stubs/c-flags.sexp - src/stubs/libacl/c-libraries.sexp ) AC_OUTPUT @@ -471,12 +450,6 @@ AS_IF([ test ${WIN32} -eq 1],[ ${LN_S} -f dune-win32 dune cd ../../.. ]) -rm -f src/stubs/libacl/dune -AS_IF([ test "x${with_libacl}" = "xyes" ],[ - cd src/stubs/libacl - ${LN_S} -f dune-libacl dune - cd ../../.. -]) echo diff --git a/master_changes.md b/master_changes.md index ccd176df09f..e70a1ada40c 100644 --- a/master_changes.md +++ b/master_changes.md @@ -141,3 +141,31 @@ users) ## opam-format ## opam-core + * OpamSystem: avoid calling Unix.environment at top level [#4789 @hannesm] + * `OpamStd.ABSTRACT`: add `compare` and `equal`, that added those functions to `OpamFilename`, `OpamHash`, `OpamStd`, `OpamStd`, `OpamUrl`, and `OpamVersion` [#4918 @rjbou] + * `OpamHash`: add `sort` from strongest to weakest kind + * `OpamSystem.real_path`: Remove the double chdir trick on OCaml >= 4.13.0 [#4961 @kit-ty-kate] + * `OpamProcess.wait_one`: display command in verbose mode for finished found process [#5091 @rjbou] + * `OpamStd.Config.E`: add a `REMOVED` variant to allow removing completely an environment variable handling [#5112 @rjbou] + * `OpamHash`: add `is_null` + * `OpamStd.Sys`: add `get_windows_executable_variant` to use instead of `is_cygwin_variant` [#4817 @jonahbeckford] + * `OpamSystem.copy_dir`: two-pass `rsync` copy for `MSYS2`, to handle symlinks [#4817 @jonahbeckford] + * `OpamSHA`: use now only `sha`, some function removed (`shaxxx`, `shaxxx_bytes`, etc.) [#5042 @kit-ty-kate] + * `OpamCoreConfig.r`: remove openssl related config: `use_openssl` parameter & config field, and `OPAMUSEOPENSSL` environment variable [#5042 @kit-ty-kate] + * `OpamFilename`: add a `SubPath` submodule to handle multi-platform subpath specifications. It has an effect on a lot of functions signatures [#4876 @rjbou] + * `OpamDirTrack`: Add `to_summary_string` to summarise changes [#5144 @na4zagin3] + * `OpamJson`: use `Jsonm` and add an `of_string` function [#5142 @rjbou] + * `OpamStd.Config.E`: add `value_t` to allow getting environment variable value dynamically [#5111 @rjbou] + * `OpamCompat.Unix`: add `realpath` for ocaml < 4.13, and use it in `OpamSystem` [#5152 @rjbou] + * `OpamCompat`: add `Lazy` module and `Lazy.map` function [#5176 @dra27] + * `OpamStd.Sys`: add `all_shells` list of all supported shells [#5217 @dra27] + * `OpamUrl`: add `to_string_w_subpath` to display subpath inside urls (before hash) [#5219 @rjbou] + * `OpamFilename.SubPath`: remove `pretty_string` in favor to `OpamUrl.to_string_w_subpath` [#5219 @rjbou] + * `OpamConsole`: add a `Tree` submodule to draw a unicode/ascii-art tree [#5171 @cannorin] + * `OpamStd.List`: add `find_map_opt` (for ocaml < 4.10) and `fold_left_map` (for ocaml < 4.11) [#5171 @cannorin] + * `OpamCompat`: add `Int.equal` (for ocaml < 4.12) + * `OpamFilename.clean_dir`: as the directory is recreated after removal, checks that the directory exists beforhand. It avoid creating a new empty directory uselessly [#4967 @rjbou] + * `OpamStd.Map`: add `filter_map` [#5337 @rjbou] + * `OpamStd.Set`: Add `to_list_map` [#5308 @kit-ty-kate] + * `OpamConsole.header_msg`: remove trailing space when there is no left padding [#5363 @rjbou] + * Fix opam unable to find executables on systems where users belong to more than 32 groups when opam is built using musl libc [#5381 @kit-ty-kate - fix #5373] diff --git a/src/core/dune b/src/core/dune index 226611716d8..ebfd92e433d 100644 --- a/src/core/dune +++ b/src/core/dune @@ -4,9 +4,6 @@ (synopsis "OCaml Package Manager core internal stdlib") ; TODO: Remove (re_export ...) when CI uses the OCaml version that includes https://github.com/ocaml/ocaml/pull/11989 (libraries re (re_export ocamlgraph) unix sha jsonm swhid_core uutf - (select opamACL.ml from - (opam-core.libacl -> opamACL.libacl.ml) - ( -> opamACL.dummy.ml)) (select opamStubs.ml from (opam-core.stubs -> opamStubs.win32.ml) ( -> opamStubs.dummy.ml))) diff --git a/src/core/opamACL.dummy.ml b/src/core/opamACL.dummy.ml deleted file mode 100644 index 7d780f43da0..00000000000 --- a/src/core/opamACL.dummy.ml +++ /dev/null @@ -1,11 +0,0 @@ -(**************************************************************************) -(* *) -(* Copyright 2020 David Allsopp Ltd. *) -(* *) -(* All rights reserved. This file is distributed under the terms of the *) -(* GNU Lesser General Public License version 2.1, with the special *) -(* exception on linking described in the file LICENSE. *) -(* *) -(**************************************************************************) - -let get_acl_executable_info _ _ = None diff --git a/src/core/opamACL.libacl.ml b/src/core/opamACL.libacl.ml deleted file mode 100644 index 4cc599b5efc..00000000000 --- a/src/core/opamACL.libacl.ml +++ /dev/null @@ -1,11 +0,0 @@ -(**************************************************************************) -(* *) -(* Copyright 2020 David Allsopp Ltd. *) -(* *) -(* All rights reserved. This file is distributed under the terms of the *) -(* GNU Lesser General Public License version 2.1, with the special *) -(* exception on linking described in the file LICENSE. *) -(* *) -(**************************************************************************) - -include OpamlibACL diff --git a/src/core/opamACL.mli b/src/core/opamACL.mli deleted file mode 100644 index 4fb451be994..00000000000 --- a/src/core/opamACL.mli +++ /dev/null @@ -1,22 +0,0 @@ -(**************************************************************************) -(* *) -(* Copyright 2020 David Allsopp Ltd. *) -(* *) -(* All rights reserved. This file is distributed under the terms of the *) -(* GNU Lesser General Public License version 2.1, with the special *) -(* exception on linking described in the file LICENSE. *) -(* *) -(**************************************************************************) - -(** C auxiliary function used for POSIX 1003.1e DRAFT 17 permission checking. *) - -val get_acl_executable_info : string -> int -> int list option - (** If compiled without libacl support, this function always returns None - When opam is built with libacl support, - [get_acl_executable_info file owner] takes a filename and the uid of the - owner of that file (this is passed since the caller will have already - called {!Unix.stat}). The function returns [Some []] if the process can - execute [file] or [Some gids] if the process can execute [file] if one - of its groups matches [gids]. If the process cannot under any - circumstances execute [file] (or if an unexpected error occurred), then - [None] is returned. *) diff --git a/src/core/opamStd.ml b/src/core/opamStd.ml index ddcf8c3de41..2f9a449f9bc 100644 --- a/src/core/opamStd.ml +++ b/src/core/opamStd.ml @@ -1246,34 +1246,9 @@ module OpamSys = struct (* OCaml 4.05.0 no longer follows the updated PATH to resolve commands. This makes unqualified commands absolute as a workaround. *) let resolve_command = - let check_perms = - if Sys.win32 then fun f -> - try (Unix.stat f).Unix.st_kind = Unix.S_REG - with e -> fatal e; false - else fun f -> - try - let {Unix.st_uid; st_gid; st_perm; st_kind; _} = Unix.stat f in - if st_kind <> Unix.S_REG then false else - let groups = - IntSet.of_list (Unix.getegid () :: Array.to_list (Unix.getgroups ())) - in - let mask = - if Unix.geteuid () = (st_uid : int) then - 0o100 - else if IntSet.mem st_gid groups then - 0o010 - else - 0o001 - in - if (st_perm land mask) <> 0 then - true - else - match OpamACL.get_acl_executable_info f st_uid with - | None -> false - | Some [] -> true - | Some gids -> - not (IntSet.is_empty (IntSet.inter (IntSet.of_list gids) groups)) - with e -> fatal e; false + let check_perms f = + try Unix.access f (Unix.R_OK :: if Sys.win32 then [] else [Unix.X_OK]); true + with Unix.Unix_error _ -> false in let resolve ?dir env name = if not (Filename.is_relative name) then begin diff --git a/src/stubs/libacl/c-libraries.sexp.in b/src/stubs/libacl/c-libraries.sexp.in deleted file mode 100644 index 3cb0baa5e78..00000000000 --- a/src/stubs/libacl/c-libraries.sexp.in +++ /dev/null @@ -1 +0,0 @@ -(@CONF_LIBACL_LINK@) diff --git a/src/stubs/libacl/dune-libacl b/src/stubs/libacl/dune-libacl deleted file mode 100644 index 93b27ee5833..00000000000 --- a/src/stubs/libacl/dune-libacl +++ /dev/null @@ -1,22 +0,0 @@ -(library - (name opam_stubs_libacl) - (public_name opam-core.libacl) - (synopsis "OCaml Package Manager libacl C stubs") - (flags (:standard - (:include ../../ocaml-flags-standard.sexp) - (:include ../../ocaml-flags-configure.sexp) - (:include ../../ocaml-context-flags.sexp))) - (modules opamlibACL) - (foreign_stubs - (language c) - (names opamACL) - (flags :standard - (:include ../c-flags.sexp))) - (c_library_flags :standard - (:include c-libraries.sexp)) - (wrapped false)) - -(rule - (targets c-libraries.sexp) - (mode fallback) - (action (with-stdout-to %{targets} (echo "()")))) diff --git a/src/stubs/libacl/opamACL.c b/src/stubs/libacl/opamACL.c deleted file mode 100644 index e9652868dfa..00000000000 --- a/src/stubs/libacl/opamACL.c +++ /dev/null @@ -1,127 +0,0 @@ -/**************************************************************************/ -/* */ -/* Copyright 2020 David Allsopp Ltd. */ -/* */ -/* All rights reserved. This file is distributed under the terms of the */ -/* GNU Lesser General Public License version 2.1, with the special */ -/* exception on linking described in the file LICENSE. */ -/* */ -/**************************************************************************/ - -#include -#include -#include - -#define CAML_NAME_SPACE -#include -#include -#include - -#ifndef Val_none -#define Val_none Val_int(0) -#endif - -/* OPAM_get_acl_executable_info(file, owner) takes a filename and the uid of - * the file's owner (this saves a call to stat on both the OCaml and C sides). - * The result is: - * None - the process cannot execute file - * Some [] - the process can execute file - * Some gids - the process can execute file if it is any of these gids - */ -CAMLprim value OPAM_get_acl_executable_info(value file, value owner) -{ - CAMLparam2(file, owner); - CAMLlocal2(result, cell); - acl_t acl = acl_get_file(String_val(file), ACL_TYPE_ACCESS); - uid_t owner_uid = Int_val(owner); - uid_t uid = geteuid(); - - result = Val_none; - - if (acl) - { - acl_entry_t entry; - - if (acl_get_entry(acl, ACL_FIRST_ENTRY, &entry) == 1) - { - int mask = 1; - int user = 0; - do - { - acl_tag_t tag; - acl_permset_t perms; - if (acl_get_tag_type(entry, &tag) == 0 && - acl_get_permset(entry, &perms) == 0) - { - void *qualifier = NULL; - int executable = acl_get_perm(perms, ACL_EXECUTE); - - switch(tag) - { - case ACL_USER: - if (executable && (qualifier = acl_get_qualifier(entry))) - { - uid_t entry_uid = *((uid_t *)qualifier); - /* NB ACL_USER entries do not override ACL_USER_OBJ */ - if (entry_uid != owner_uid && entry_uid == uid) - { - /* result = Some [] */ - if (!Is_block(result)) - { - result = caml_alloc_small(1, 0); - Field(result, 0) = Val_int(0); - } else { - caml_modify(&Field(result, 0), Val_int(0)); - } - user = 1; - } - } - break; - case ACL_GROUP: - if (!user && executable && (qualifier = acl_get_qualifier(entry))) - { - gid_t entry_gid = *((gid_t *)qualifier); - /* Construct a cons cell */ - cell = caml_alloc_small(2, 0); - Field(cell, 0) = Val_int(entry_gid); - if (Is_block(result)) - { - /* Put cons cell at head of existing list */ - Field(cell, 1) = Field(result, 0); - caml_modify(&Field(result, 0), cell); - } - else - { - /* result = Some [cell] */ - Field(cell, 1) = Val_int(0); - result = caml_alloc_small(1, 0); - Field(result, 0) = cell; - } - } - break; - case ACL_USER_OBJ: - case ACL_GROUP_OBJ: - /* These have already been done by the stat check */ - break; - case ACL_MASK: - if (!(mask = executable)) - { - result = Val_none; - } - break; - default: - /* ACL_UNDEFINED_TAG or ACL_OTHER */ - break; - } - - if (qualifier) - acl_free(qualifier); - } - } while (mask && acl_get_entry(acl, ACL_NEXT_ENTRY, &entry) == 1); - } - - acl_free((void *)acl); - } - - CAMLreturn(result); -} diff --git a/src/stubs/libacl/opamlibACL.ml b/src/stubs/libacl/opamlibACL.ml deleted file mode 100644 index a31e7cdf30e..00000000000 --- a/src/stubs/libacl/opamlibACL.ml +++ /dev/null @@ -1,11 +0,0 @@ -(**************************************************************************) -(* *) -(* Copyright 2020 David Allsopp Ltd. *) -(* *) -(* All rights reserved. This file is distributed under the terms of the *) -(* GNU Lesser General Public License version 2.1, with the special *) -(* exception on linking described in the file LICENSE. *) -(* *) -(**************************************************************************) - -external get_acl_executable_info : string -> int -> int list option = "OPAM_get_acl_executable_info"