From cb80809aec56e1b6f0194f3d6f778fc8db3c7783 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kodama.kitenet.net>
Date: Wed, 14 Nov 2007 09:27:11 -0500
Subject: [PATCH] * Add wrappergroup config option, which can be used to cause
 wrappers   to be created owned by some group other than the default. Useful  
 then there's a shared repository with access controlled by a group,   to let
 ikiwiki run setgid to that group. * ikiwiki-mass-rebuild: Run build with the
 user in all their groups.

---
 IkiWiki/Wrapper.pm   | 18 +++++++++++++++---
 debian/changelog     |  7 ++++++-
 doc/usage.mdwn       |  8 ++++++++
 ikiwiki-mass-rebuild | 21 +++++++++++++++++++--
 po/ikiwiki.pot       |  4 ++--
 5 files changed, 50 insertions(+), 8 deletions(-)

diff --git a/IkiWiki/Wrapper.pm b/IkiWiki/Wrapper.pm
index 558cdb1cc..6687cace2 100644
--- a/IkiWiki/Wrapper.pm
+++ b/IkiWiki/Wrapper.pm
@@ -102,14 +102,26 @@ $envsave
 }
 EOF
 	close OUT;
-	if (system("gcc", "$wrapper.c", "-o", $wrapper) != 0) {
+	if (system("gcc", "$wrapper.c", "-o", "$wrapper.new") != 0) {
 		#translators: The parameter is a C filename.
 		error(sprintf(gettext("failed to compile %s"), "$wrapper.c"));
 	}
 	unlink("$wrapper.c");
+	if (defined $config{wrappergroup}) {
+		my $gid=(getgrnam($config{wrappergroup}))[2];
+		if (! defined $gid) {
+			error(sprintf("bad wrappergroup"));
+		}
+		if (! chown(-1, $gid, "$wrapper.new")) {
+			error("chown $wrapper.new: $!");
+		}
+	}
 	if (defined $config{wrappermode} &&
-	    ! chmod(oct($config{wrappermode}), $wrapper)) {
-		error("chmod $wrapper: $!");
+	    ! chmod(oct($config{wrappermode}), "$wrapper.new")) {
+		error("chmod $wrapper.new: $!");
+	}
+	if (! rename("$wrapper.new", $wrapper)) {
+		error("rename $wrapper.new $wrapper: $!");
 	}
 	#translators: The parameter is a filename.
 	printf(gettext("successfully generated %s"), $wrapper);
diff --git a/debian/changelog b/debian/changelog
index 749db67e0..3de7ea785 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,8 +5,13 @@ ikiwiki (2.13) UNRELEASED; urgency=low
   * ikiwiki.setup is licensed same as the basewiki, not GPLed.
   * inline: Add timeformat parameter to control how the ctime of
     inlined pages is displayed. Closes: #451019
+  * Add wrappergroup config option, which can be used to cause wrappers
+    to be created owned by some group other than the default. Useful
+    then there's a shared repository with access controlled by a group,
+    to let ikiwiki run setgid to that group.
+  * ikiwiki-mass-rebuild: Run build with the user in all their groups.
 
- -- Joey Hess <joeyh@debian.org>  Tue, 13 Nov 2007 16:11:54 -0500
+ -- Joey Hess <joeyh@debian.org>  Wed, 14 Nov 2007 08:37:03 -0500
 
 ikiwiki (2.12) unstable; urgency=low
 
diff --git a/doc/usage.mdwn b/doc/usage.mdwn
index 4fb91b89b..af3634e13 100644
--- a/doc/usage.mdwn
+++ b/doc/usage.mdwn
@@ -125,6 +125,14 @@ configuration options of their own.
 
   Specify a mode to chmod the wrapper to after creating it.
 
+* --wrappergroup group
+
+  Specify what unix group the wrapper should be owned by. This can be
+  useful if the wrapper needs to be owned by a group other than the default.
+  For example, if a project has a repository with multiple committers with
+  access controlled by a group, it makes sense for the ikiwiki wrappers
+  to run setgid to that group.
+
 * --notify, --no-notify
 
   Enable email notification of commits. This should be used when running
diff --git a/ikiwiki-mass-rebuild b/ikiwiki-mass-rebuild
index 1ec90b3c0..710db4eac 100755
--- a/ikiwiki-mass-rebuild
+++ b/ikiwiki-mass-rebuild
@@ -2,6 +2,19 @@
 use warnings;
 use strict;
 
+sub supplemental_groups {
+	my $user=shift;
+
+	my @list;
+	while (my @fields=getgrent()) {
+		if (grep { $_ eq $user } split(' ', $fields[3])) {
+			push @list, $fields[2];
+		}
+	}
+
+	return @list;
+}
+
 sub processline {
 	my $user=shift;
 	my $setup=shift;
@@ -20,11 +33,15 @@ sub processline {
 	defined(my $pid = fork) or die "Canât fork: $!";
 	if (! $pid) {
 		my ($uuid, $ugid) = (getpwnam($user))[2, 3];
-		$)="$ugid $ugid";
+		my $grouplist=join(" ", $ugid, $ugid, supplemental_groups($user));
+		$)=$grouplist;
+		if ($!) {
+			die "failed to set egid $grouplist";
+		}
 		$(=$ugid;
 		$<=$uuid;
 		$>=$uuid;
-		if ($< != $uuid || $> != $uuid || $( != $ugid || $) ne "$ugid $ugid") {
+		if ($< != $uuid || $> != $uuid || $( != $ugid) {
 			die "failed to drop permissions to $user";
 		}
 		%ENV=(
diff --git a/po/ikiwiki.pot b/po/ikiwiki.pot
index 3448cda19..c20db1ac4 100644
--- a/po/ikiwiki.pot
+++ b/po/ikiwiki.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2007-11-13 16:14-0500\n"
+"POT-Creation-Date: 2007-11-14 09:23-0500\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -589,7 +589,7 @@ msgid "failed to compile %s"
 msgstr ""
 
 #. translators: The parameter is a filename.
-#: ../IkiWiki/Wrapper.pm:115
+#: ../IkiWiki/Wrapper.pm:127
 #, perl-format
 msgid "successfully generated %s"
 msgstr ""
-- 
2.32.0.93.g670b81a890