[gentoo-commits] repo/gentoo:master commit in: sys-apps/util-linux/ - gentoo-commits

From:	Sam James <sam@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: sys-apps/util-linux/
Date:	Fri, 28 Jan 2022 05:30:48
Message-Id:	`1643347643.e0862b8a3b3df10038b5dea127018415cdb94f63.sam@gentoo`

1

commit:     e0862b8a3b3df10038b5dea127018415cdb94f63

2

Author:     Sam James <sam <AT> gentoo <DOT> org>

3

AuthorDate: Fri Jan 28 05:27:23 2022 +0000

4

Commit:     Sam James <sam <AT> gentoo <DOT> org>

5

CommitDate: Fri Jan 28 05:27:23 2022 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0862b8a

7

8

sys-apps/util-linux: force installed su(1) to be suid

9

10

su(1) is almost useless without suid and on balance, it's more likely

11

that people will have USE="-suid" in make.conf (globally) rather than

12

desperately wanting to strip su(1) of its suid bits.

13

14

This avoids such users having a "broken" (or dysfunctional) su(1).

15

16

Users wishing to truly have a no-suid su(1) can e.g. use Portage's

17

'suidctl' feature or strip it out via e.g. a bashrc hook.

18

19

Note that shadow's su(1) (the default implementation until recently)

20

always forced suid su anyway.

21

22

Closes: https://bugs.gentoo.org/832092

23

Signed-off-by: Sam James <sam <AT> gentoo.org>

24

25

 ...nux-9999.ebuild => util-linux-2.37.3-r1.ebuild} | 23 +++++++++++++++++++++-

26

 sys-apps/util-linux/util-linux-9999.ebuild         | 16 +++++++++++++++

27

 2 files changed, 38 insertions(+), 1 deletion(-)

28

29

diff --git a/sys-apps/util-linux/util-linux-9999.ebuild b/sys-apps/util-linux/util-linux-2.37.3-r1.ebuild

30

similarity index 91%

31

copy from sys-apps/util-linux/util-linux-9999.ebuild

32

copy to sys-apps/util-linux/util-linux-2.37.3-r1.ebuild

33

index 3fdf6c85b949..bc61b04a195e 100644

34

--- a/sys-apps/util-linux/util-linux-9999.ebuild

35

+++ b/sys-apps/util-linux/util-linux-2.37.3-r1.ebuild

36

@@ -16,7 +16,7 @@ if [[ ${PV} == 9999 ]] ; then

37

 	EGIT_REPO_URI="https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git"

38

 else

39

 	[[ "${PV}" = *_rc* ]] || \

40

-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"

41

+	KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"

42

 	SRC_URI="https://www.kernel.org/pub/linux/utils/util-linux/v${PV:0:4}/${MY_P}.tar.xz"

43

fi

44

45

@@ -84,6 +84,18 @@ RESTRICT="!test? ( test )"

46

47

 S="${WORKDIR}/${MY_P}"

48

49

+PATCHES=(

50

+	"${FILESDIR}"/${PN}-2.37.1-agetty_ctrl-c_erase.patch #804972

51

+	"${FILESDIR}"/${PN}-2.37.2-ioctl_ns-test-hang.patch # upstream test hang patch

52

+)

53

+

54

+pkg_pretend() {

55

+	if use su && ! use suid ; then

56

+		elog "su will be installed as suid despite USE=-suid (bug #832092)"

57

+		elog "To use su without suid, see e.g. Portage's suidctl feature."

58

+	fi

59

+}

60

+

61

 src_prepare() {

62

 	default

63

64

@@ -291,6 +303,15 @@ multilib_src_install_all() {

65

 		newpamd "${FILESDIR}/su-l.pamd" su-l

66

fi

67

68

+	if use su && ! use suid ; then

69

+		# Always force suid su, even when USE=-suid, as su is useless

70

+		# for the overwhelming-majority case without suid.

71

+		# Users who wish to truly have a no-suid su can strip it out

72

+		# via e.g. Portage's suidctl or some other hook.

73

+		# See bug #832092

74

+		fperms u+s /bin/su

75

+	fi

76

+

77

 	# Note:

78

 	# Bash completion for "runuser" command is provided by same file which

79

 	# would also provide bash completion for "su" command. However, we don't

80

81

diff --git a/sys-apps/util-linux/util-linux-9999.ebuild b/sys-apps/util-linux/util-linux-9999.ebuild

82

index 3fdf6c85b949..658e0639ff89 100644

83

--- a/sys-apps/util-linux/util-linux-9999.ebuild

84

+++ b/sys-apps/util-linux/util-linux-9999.ebuild

85

@@ -84,6 +84,13 @@ RESTRICT="!test? ( test )"

86

87

 S="${WORKDIR}/${MY_P}"

88

89

+pkg_pretend() {

90

+	if use su && ! use suid ; then

91

+		elog "su will be installed as suid despite USE=-suid (bug #832092)"

92

+		elog "To use su without suid, see e.g. Portage's suidctl feature."

93

+	fi

94

+}

95

+

96

 src_prepare() {

97

 	default

98

99

@@ -291,6 +298,15 @@ multilib_src_install_all() {

100

 		newpamd "${FILESDIR}/su-l.pamd" su-l

101

fi

102

103

+	if use su && ! use suid ; then

104

+		# Always force suid su, even when USE=-suid, as su is useless

105

+		# for the overwhelming-majority case without suid.

106

+		# Users who wish to truly have a no-suid su can strip it out

107

+		# via e.g. Portage's suidctl or some other hook.

108

+		# See bug #832092

109

+		fperms u+s /bin/su

110

+	fi

111

+

112

 	# Note:

113

 	# Bash completion for "runuser" command is provided by same file which

114

 	# would also provide bash completion for "su" command. However, we don't

1	commit: e0862b8a3b3df10038b5dea127018415cdb94f63
2	Author: Sam James <sam <AT> gentoo <DOT> org>
3	AuthorDate: Fri Jan 28 05:27:23 2022 +0000
4	Commit: Sam James <sam <AT> gentoo <DOT> org>
5	CommitDate: Fri Jan 28 05:27:23 2022 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0862b8a
7
8	sys-apps/util-linux: force installed su(1) to be suid
9
10	su(1) is almost useless without suid and on balance, it's more likely
11	that people will have USE="-suid" in make.conf (globally) rather than
12	desperately wanting to strip su(1) of its suid bits.
13
14	This avoids such users having a "broken" (or dysfunctional) su(1).
15
16	Users wishing to truly have a no-suid su(1) can e.g. use Portage's
17	'suidctl' feature or strip it out via e.g. a bashrc hook.
18
19	Note that shadow's su(1) (the default implementation until recently)
20	always forced suid su anyway.
21
22	Closes: https://bugs.gentoo.org/832092
23	Signed-off-by: Sam James <sam <AT> gentoo.org>
24
25	...nux-9999.ebuild => util-linux-2.37.3-r1.ebuild} \| 23 +++++++++++++++++++++-
26	sys-apps/util-linux/util-linux-9999.ebuild \| 16 +++++++++++++++
27	2 files changed, 38 insertions(+), 1 deletion(-)
28
29	diff --git a/sys-apps/util-linux/util-linux-9999.ebuild b/sys-apps/util-linux/util-linux-2.37.3-r1.ebuild
30	similarity index 91%
31	copy from sys-apps/util-linux/util-linux-9999.ebuild
32	copy to sys-apps/util-linux/util-linux-2.37.3-r1.ebuild
33	index 3fdf6c85b949..bc61b04a195e 100644
34	--- a/sys-apps/util-linux/util-linux-9999.ebuild
35	+++ b/sys-apps/util-linux/util-linux-2.37.3-r1.ebuild
36	@@ -16,7 +16,7 @@ if [[ ${PV} == 9999 ]] ; then
37	EGIT_REPO_URI="https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git"
38	else
39	[[ "${PV}" = _rc ]] \|\| \
40	- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
41	+ KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
42	SRC_URI="https://www.kernel.org/pub/linux/utils/util-linux/v${PV:0:4}/${MY_P}.tar.xz"
43	fi
44
45	@@ -84,6 +84,18 @@ RESTRICT="!test? ( test )"
46
47	S="${WORKDIR}/${MY_P}"
48
49	+PATCHES=(
50	+ "${FILESDIR}"/${PN}-2.37.1-agetty_ctrl-c_erase.patch #804972
51	+ "${FILESDIR}"/${PN}-2.37.2-ioctl_ns-test-hang.patch # upstream test hang patch
52	+)
53	+
54	+pkg_pretend() {
55	+ if use su && ! use suid ; then
56	+ elog "su will be installed as suid despite USE=-suid (bug #832092)"
57	+ elog "To use su without suid, see e.g. Portage's suidctl feature."
58	+ fi
59	+}
60	+
61	src_prepare() {
62	default
63
64	@@ -291,6 +303,15 @@ multilib_src_install_all() {
65	newpamd "${FILESDIR}/su-l.pamd" su-l
66	fi
67
68	+ if use su && ! use suid ; then
69	+ # Always force suid su, even when USE=-suid, as su is useless
70	+ # for the overwhelming-majority case without suid.
71	+ # Users who wish to truly have a no-suid su can strip it out
72	+ # via e.g. Portage's suidctl or some other hook.
73	+ # See bug #832092
74	+ fperms u+s /bin/su
75	+ fi
76	+
77	# Note:
78	# Bash completion for "runuser" command is provided by same file which
79	# would also provide bash completion for "su" command. However, we don't
80
81	diff --git a/sys-apps/util-linux/util-linux-9999.ebuild b/sys-apps/util-linux/util-linux-9999.ebuild
82	index 3fdf6c85b949..658e0639ff89 100644
83	--- a/sys-apps/util-linux/util-linux-9999.ebuild
84	+++ b/sys-apps/util-linux/util-linux-9999.ebuild
85	@@ -84,6 +84,13 @@ RESTRICT="!test? ( test )"
86
87	S="${WORKDIR}/${MY_P}"
88
89	+pkg_pretend() {
90	+ if use su && ! use suid ; then
91	+ elog "su will be installed as suid despite USE=-suid (bug #832092)"
92	+ elog "To use su without suid, see e.g. Portage's suidctl feature."
93	+ fi
94	+}
95	+
96	src_prepare() {
97	default
98
99	@@ -291,6 +298,15 @@ multilib_src_install_all() {
100	newpamd "${FILESDIR}/su-l.pamd" su-l
101	fi
102
103	+ if use su && ! use suid ; then
104	+ # Always force suid su, even when USE=-suid, as su is useless
105	+ # for the overwhelming-majority case without suid.
106	+ # Users who wish to truly have a no-suid su can strip it out
107	+ # via e.g. Portage's suidctl or some other hook.
108	+ # See bug #832092
109	+ fperms u+s /bin/su
110	+ fi
111	+
112	# Note:
113	# Bash completion for "runuser" command is provided by same file which
114	# would also provide bash completion for "su" command. However, we don't

Gentoo Archives: gentoo-commits