From a61164b5078323a759851d1a924586d6542557eb Mon Sep 17 00:00:00 2001
From: sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org>
Date: Sat, 10 Apr 2021 16:39:21 +0200
Subject: pkgs/sternenseemann/mandoc: use new READ_ALLOWED_PATH approach

This patch version implements Ingo's suggestion of READ_ALLOWED_PATH:
https://inbox.vuxu.org/mandoc-tech/20210331173434.GA57338@athene.usta.de/
---
 pkgs/sternenseemann/default.nix                    |   2 +-
 pkgs/sternenseemann/patches/mandoc-nix-store.patch | 144 ++++++++++++---------
 2 files changed, 82 insertions(+), 64 deletions(-)

(limited to 'pkgs/sternenseemann')

diff --git a/pkgs/sternenseemann/default.nix b/pkgs/sternenseemann/default.nix
index cb0ca269..81f0c46c 100644
--- a/pkgs/sternenseemann/default.nix
+++ b/pkgs/sternenseemann/default.nix
@@ -63,7 +63,7 @@ lib.fix (self: {
     patches = [ ./patches/mandoc-nix-store.patch ];
     patchFlags = [ "-p0" ];
     preConfigure = old.preConfigure + ''
-      echo NIXSTOREDIR="$(dirname "$out")" >> configure.local
+      echo READ_ALLOWED_PATH=\"$(dirname "$out")\" >> configure.local
     '';
   });
 
diff --git a/pkgs/sternenseemann/patches/mandoc-nix-store.patch b/pkgs/sternenseemann/patches/mandoc-nix-store.patch
index 22be8fcc..7fdee18c 100644
--- a/pkgs/sternenseemann/patches/mandoc-nix-store.patch
+++ b/pkgs/sternenseemann/patches/mandoc-nix-store.patch
@@ -2,74 +2,92 @@ Index: configure
 ===================================================================
 RCS file: /cvs/mandoc/configure,v
 retrieving revision 1.77
-diff -u -r1.77 configure
---- configure	20 Jul 2020 16:57:30 -0000	1.77
-+++ configure	8 Feb 2021 17:51:07 -0000
-@@ -108,6 +108,7 @@
- LIBDIR=
- MANDIR=
- HOMEBREWDIR=
-+NIXSTOREDIR=
- 
- WWWPREFIX="/var/www"
- HTDOCDIR=
-@@ -462,6 +463,7 @@
- [ -n "${OSNAME}" ] && echo "#define OSNAME \"${OSNAME}\""
- [ -n "${UTF8_LOCALE}" ] && echo "#define UTF8_LOCALE \"${UTF8_LOCALE}\""
- [ -n "${HOMEBREWDIR}" ] && echo "#define HOMEBREWDIR \"${HOMEBREWDIR}\""
-+[ -n "${NIXSTOREDIR}" ] && echo "#define NIXSTOREDIR \"${NIXSTOREDIR}\""
- [ ${HAVE_ATTRIBUTE} -eq 0 ] && echo "#define __attribute__(x)"
- [ ${HAVE_EFTYPE} -eq 0 ] && echo "#define EFTYPE EINVAL"
- [ ${HAVE_O_DIRECTORY} -eq 0 ] && echo "#define O_DIRECTORY 0"
+diff -r1.77 configure
+464c464,469
+< [ -n "${HOMEBREWDIR}" ] && echo "#define HOMEBREWDIR \"${HOMEBREWDIR}\""
+---
+> if [ -n "${HOMEBREWDIR}" ]; then
+>   # support deprecated configuration variable HOMEBREWDIR
+>   # by appending it to READ_ALLOWED_PATH
+>   READ_ALLOWED_PATH="${READ_ALLOWED_PATH:+$READ_ALLOWED_PATH:}${HOMEBREWDIR}"
+> fi
+> [ -n "${READ_ALLOWED_PATH}" ] && echo "#define READ_ALLOWED_PATH \"${READ_ALLOWED_PATH}\""
 Index: configure.local.example
 ===================================================================
 RCS file: /cvs/mandoc/configure.local.example,v
 retrieving revision 1.39
-diff -u -r1.39 configure.local.example
---- configure.local.example	20 Jul 2020 16:57:30 -0000	1.39
-+++ configure.local.example	8 Feb 2021 17:51:07 -0000
-@@ -218,6 +218,16 @@
- PREFIX="/usr/local"
- HOMEBREWDIR="${PREFIX}/Cellar"
- 
-+# Similarly, when using the nix package manager or the NixOS linux
-+# distribution, man pages are stored in the packages' output store
-+# path in /nix/store.  The globally installed man pages under
-+# /run/current-system/sw/share/man are thus symlinks to files under
-+# /nix/store.  By setting NIXSTOREDIR, mandoc won't ignore these
-+# symlinks.
-+# This setting can also be used to support Guix which is derived
-+# from NixOS, but uses /gnu/store instead of /nix/store.
-+NIXSTOREDIR="/nix/store"
-+
- # --- user settings for the mandoc(3) library --------------------------
- 
- # By default, libmandoc.a is not installed.  It is almost never needed
+diff -r1.39 configure.local.example
+214,216c214,220
+< # into the manual trees.  To allow mandoc to follow such symlinks,
+< # you have to specify the physical location of the cellar as returned
+< # by realpath(3), for example:
+---
+> # into the manual trees.  A similar situation arises on Linux
+> # distribution such as NixOS and Guix where all man pages are in a
+> # so-called “store” directory which are then symlinked into the man
+> # basedir. To allow mandoc to follow such symlinks, you have to specify
+> # the physical location of the cellar / store directory as returned by
+> # realpath(3) like in the following example. You can specify multiple
+> # locations by separating them with colons.
+219c223
+< HOMEBREWDIR="${PREFIX}/Cellar"
+---
+> READ_ALLOWED_PATH="/nix/store:/gnu/store:${PREFIX}/Cellar"
 Index: mandocdb.c
 ===================================================================
 RCS file: /cvs/mandoc/mandocdb.c,v
 retrieving revision 1.267
-diff -u -r1.267 mandocdb.c
---- mandocdb.c	3 Apr 2020 11:35:01 -0000	1.267
-+++ mandocdb.c	8 Feb 2021 17:51:08 -0000
-@@ -615,6 +615,9 @@
- #ifdef HOMEBREWDIR
- 			    && strncmp(buf, HOMEBREWDIR, strlen(HOMEBREWDIR))
- #endif
-+#ifdef NIXSTOREDIR
-+			    && strncmp(buf, NIXSTOREDIR, strlen(NIXSTOREDIR))
-+#endif
- 			) {
- 				if (warnings) say("",
- 				    "%s: outside base directory", buf);
-@@ -825,6 +828,10 @@
- 		start = usefile + basedir_len;
- #ifdef HOMEBREWDIR
- 	else if (strncmp(usefile, HOMEBREWDIR, strlen(HOMEBREWDIR)) == 0)
-+		start = usefile;
-+#endif
-+#ifdef NIXSTOREDIR
-+	else if (strncmp(usefile, NIXSTOREDIR, strlen(NIXSTOREDIR)) == 0)
- 		start = usefile;
- #endif
- 	else {
+diff -r1.267 mandocdb.c
+167a168
+> static	int	 read_allowed(char *);
+614,618c615
+< 			if (strncmp(buf, basedir, basedir_len) != 0
+< #ifdef HOMEBREWDIR
+< 			    && strncmp(buf, HOMEBREWDIR, strlen(HOMEBREWDIR))
+< #endif
+< 			) {
+---
+> 			if (!read_allowed(buf)) {
+824c821
+< 	else if (strncmp(usefile, basedir, basedir_len) == 0)
+---
+> 	else if (read_allowed(usefile))
+826,829d822
+< #ifdef HOMEBREWDIR
+< 	else if (strncmp(usefile, HOMEBREWDIR, strlen(HOMEBREWDIR)) == 0)
+< 		start = usefile;
+< #endif
+1947a1941,1973
+> }
+> 
+> /*
+>  * Checks if we may read from a given realpath when
+>  * constructing a database. This checks if the given
+>  * path is in the current set basedir or any directory
+>  * in READ_ALLOWED_PATH if it is defined.
+>  */
+> static int
+> read_allowed(char *realpath)
+> {
+> 	// if we have no basedir, don't check
+> 	if(basedir_len == 0 || basedir == NULL || *basedir == '\0')
+> 		return 1;
+> 
+> 	if(strncmp(realpath, basedir, basedir_len) == 0)
+> 		return 1;
+> 
+> #ifdef READ_ALLOWED_PATH
+> 	const char *pb = READ_ALLOWED_PATH;
+> 
+> 	while (*pb != '\0') {
+> 		size_t len = strcspn(pb, ":");
+> 
+> 		if (len > 0 && strncmp(realpath, pb, len) == 0)
+> 			return 1;
+> 
+> 		pb += len;
+> 		pb += strspn(pb, ":");
+> 	}
+> #endif
+> 
+> 	return 0;
-- 
cgit 1.4.1