1 |
commit: ef7c4bacba33dac9ad48e980d68cfe57e2bf6858 |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Mar 31 22:54:33 2021 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Mar 31 22:54:44 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef7c4bac |
7 |
|
8 |
sys-apps/busybox: security cleanup |
9 |
|
10 |
Bug: https://bugs.gentoo.org/777255 |
11 |
Package-Manager: Portage-3.0.18, Repoman-3.0.3 |
12 |
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org> |
13 |
|
14 |
sys-apps/busybox/Manifest | 1 - |
15 |
sys-apps/busybox/busybox-1.32.0-r1.ebuild | 337 ------------------------------ |
16 |
2 files changed, 338 deletions(-) |
17 |
|
18 |
diff --git a/sys-apps/busybox/Manifest b/sys-apps/busybox/Manifest |
19 |
index 42946ab9197..b15a4a97e0d 100644 |
20 |
--- a/sys-apps/busybox/Manifest |
21 |
+++ b/sys-apps/busybox/Manifest |
22 |
@@ -1,3 +1,2 @@ |
23 |
-DIST busybox-1.32.0.tar.bz2 2439463 BLAKE2B 75937ae6e1401d7ab947d80f4b206112023ff2b7d04257ffa2c254cadabb92282ba04d5d608659b6c98fade1ccd0b0f6b204c8758263d59dea6508a3157a7c69 SHA512 1b1227af69a97e820e28f5f1c62413e4e179202ab525725ea0b1afe9b9f9a5f00e5e32f4603e804ba1596b0fedd60d60457a6d2b8fcedfab45b6e049caeb319b |
24 |
DIST busybox-1.32.1.tar.bz2 2444679 BLAKE2B b0258345d40628d8c12b4cc5c3efdb318cfb469e029242942cdad22aeec5142963291a746fbac450b43a4a1f2f7e9204442456691fa98f18eeaa58c70d714caf SHA512 3a33e99adaf7cbd51dcbeb31b5361123bf61ac040c0a032656c654ddb69c4074af75fb4335ba63f283067f61a22d7d7cbca8e1ed265c9522982c453ce48ea2fd |
25 |
DIST busybox-1.33.0.tar.bz2 2448841 BLAKE2B bc25c2187cd7e357dd2f75b3eaae33ab9da318bbcec861e0b6b00da8466a86a17a71933035958f70badb9f1f143fa7f11f114c12a52f3680042730471f56cefe SHA512 20f8f5197c5cbc8b244f69d82d6628066296c7306a9736ee1344cb555882854412cf7f264490f9a735251c139b9621004f48e972d06ef2623a3c99278f8e765a |
26 |
|
27 |
diff --git a/sys-apps/busybox/busybox-1.32.0-r1.ebuild b/sys-apps/busybox/busybox-1.32.0-r1.ebuild |
28 |
deleted file mode 100644 |
29 |
index a0431ffc93b..00000000000 |
30 |
--- a/sys-apps/busybox/busybox-1.32.0-r1.ebuild |
31 |
+++ /dev/null |
32 |
@@ -1,337 +0,0 @@ |
33 |
-# Copyright 1999-2021 Gentoo Authors |
34 |
-# Distributed under the terms of the GNU General Public License v2 |
35 |
- |
36 |
-# See `man savedconfig.eclass` for info on how to use USE=savedconfig. |
37 |
- |
38 |
-EAPI=7 |
39 |
- |
40 |
-inherit flag-o-matic savedconfig toolchain-funcs |
41 |
- |
42 |
-DESCRIPTION="Utilities for rescue and embedded systems" |
43 |
-HOMEPAGE="https://www.busybox.net/" |
44 |
-if [[ ${PV} == "9999" ]] ; then |
45 |
- MY_P=${P} |
46 |
- EGIT_REPO_URI="https://git.busybox.net/busybox" |
47 |
- inherit git-r3 |
48 |
-else |
49 |
- MY_P=${PN}-${PV/_/-} |
50 |
- SRC_URI="https://www.busybox.net/downloads/${MY_P}.tar.bz2" |
51 |
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~amd64-linux ~x86-linux" |
52 |
-fi |
53 |
- |
54 |
-LICENSE="GPL-2" # GPL-2 only |
55 |
-SLOT="0" |
56 |
-IUSE="debug ipv6 livecd make-symlinks math mdev pam selinux sep-usr static syslog systemd" |
57 |
-REQUIRED_USE="pam? ( !static )" |
58 |
-RESTRICT="test" |
59 |
- |
60 |
-COMMON_DEPEND="!static? ( selinux? ( sys-libs/libselinux ) ) |
61 |
- pam? ( sys-libs/pam ) |
62 |
- virtual/libcrypt:=" |
63 |
-DEPEND="${COMMON_DEPEND} |
64 |
- static? ( |
65 |
- virtual/libcrypt[static-libs] |
66 |
- selinux? ( sys-libs/libselinux[static-libs(+)] ) |
67 |
- ) |
68 |
- >=sys-kernel/linux-headers-2.6.39" |
69 |
-RDEPEND="${COMMON_DEPEND} |
70 |
- mdev? ( !<sys-apps/openrc-0.13 )" |
71 |
- |
72 |
-S="${WORKDIR}/${MY_P}" |
73 |
- |
74 |
-busybox_config_option() { |
75 |
- local flag=$1 ; shift |
76 |
- if [[ ${flag} != [yn] && ${flag} != \"* ]] ; then |
77 |
- busybox_config_option $(usex ${flag} y n) "$@" |
78 |
- return |
79 |
- fi |
80 |
- local expr |
81 |
- while [[ $# -gt 0 ]] ; do |
82 |
- case ${flag} in |
83 |
- y) expr="s:.*\<CONFIG_$1\>.*set:CONFIG_$1=y:g" ;; |
84 |
- n) expr="s:CONFIG_$1=y:# CONFIG_$1 is not set:g" ;; |
85 |
- *) expr="s:.*\<CONFIG_$1\>.*:CONFIG_$1=${flag}:g" ;; |
86 |
- esac |
87 |
- sed -i -e "${expr}" .config || die |
88 |
- einfo "$(grep "CONFIG_$1[= ]" .config || echo "Could not find CONFIG_$1 ...")" |
89 |
- shift |
90 |
- done |
91 |
-} |
92 |
- |
93 |
-busybox_config_enabled() { |
94 |
- local val=$(sed -n "/^CONFIG_$1=/s:^[^=]*=::p" .config) |
95 |
- case ${val} in |
96 |
- "") return 1 ;; |
97 |
- y) return 0 ;; |
98 |
- *) echo "${val}" | sed -r 's:^"(.*)"$:\1:' ;; |
99 |
- esac |
100 |
-} |
101 |
- |
102 |
-# patches go here! |
103 |
-PATCHES=( |
104 |
- "${FILESDIR}"/${PN}-1.26.2-bb.patch |
105 |
- # "${FILESDIR}"/${P}-*.patch |
106 |
-) |
107 |
- |
108 |
-src_prepare() { |
109 |
- default |
110 |
- unset KBUILD_OUTPUT #88088 |
111 |
- append-flags -fno-strict-aliasing #310413 |
112 |
- use ppc64 && append-flags -mminimal-toc #130943 |
113 |
- |
114 |
- cp "${FILESDIR}"/ginit.c init/ || die |
115 |
- |
116 |
- # flag cleanup |
117 |
- sed -i -r \ |
118 |
- -e 's:[[:space:]]?-(Werror|Os|falign-(functions|jumps|loops|labels)=1|fomit-frame-pointer)\>::g' \ |
119 |
- Makefile.flags || die |
120 |
- #sed -i '/bbsh/s:^//::' include/applets.h |
121 |
- sed -i '/^#error Aborting compilation./d' applets/applets.c || die |
122 |
- use elibc_glibc && sed -i 's:-Wl,--gc-sections::' Makefile |
123 |
- sed -i \ |
124 |
- -e "/^CROSS_COMPILE/s:=.*:= ${CHOST}-:" \ |
125 |
- -e "/^AR\>/s:=.*:= $(tc-getAR):" \ |
126 |
- -e "/^CC\>/s:=.*:= $(tc-getCC):" \ |
127 |
- -e "/^HOSTCC/s:=.*:= $(tc-getBUILD_CC):" \ |
128 |
- -e "/^PKG_CONFIG\>/s:=.*:= $(tc-getPKG_CONFIG):" \ |
129 |
- Makefile || die |
130 |
- sed -i \ |
131 |
- -e 's:-static-libgcc::' \ |
132 |
- Makefile.flags || die |
133 |
-} |
134 |
- |
135 |
-src_configure() { |
136 |
- # check for a busybox config before making one of our own. |
137 |
- # if one exist lets return and use it. |
138 |
- |
139 |
- restore_config .config |
140 |
- if [ -f .config ]; then |
141 |
- yes "" | emake -j1 -s oldconfig >/dev/null |
142 |
- return 0 |
143 |
- else |
144 |
- ewarn "Could not locate user configfile, so we will save a default one" |
145 |
- fi |
146 |
- |
147 |
- # setup the config file |
148 |
- emake -j1 -s allyesconfig >/dev/null |
149 |
- # nommu forces a bunch of things off which we want on #387555 |
150 |
- busybox_config_option n NOMMU |
151 |
- sed -i '/^#/d' .config |
152 |
- yes "" | emake -j1 -s oldconfig >/dev/null |
153 |
- |
154 |
- # now turn off stuff we really don't want |
155 |
- busybox_config_option n DMALLOC |
156 |
- busybox_config_option n FEATURE_2_4_MODULES #607548 |
157 |
- busybox_config_option n FEATURE_SUID_CONFIG |
158 |
- busybox_config_option n BUILD_AT_ONCE |
159 |
- busybox_config_option n BUILD_LIBBUSYBOX |
160 |
- busybox_config_option n FEATURE_CLEAN_UP |
161 |
- busybox_config_option n MONOTONIC_SYSCALL |
162 |
- busybox_config_option n USE_PORTABLE_CODE |
163 |
- busybox_config_option n WERROR |
164 |
- # triming the BSS size may be dangerous |
165 |
- busybox_config_option n FEATURE_USE_BSS_TAIL |
166 |
- |
167 |
- # These cause trouble with musl. |
168 |
- if use elibc_musl; then |
169 |
- busybox_config_option n FEATURE_UTMP |
170 |
- busybox_config_option n EXTRA_COMPAT |
171 |
- busybox_config_option n FEATURE_VI_REGEX_SEARCH |
172 |
- fi |
173 |
- |
174 |
- # If these are not set and we are using a uclibc/busybox setup |
175 |
- # all calls to system() will fail. |
176 |
- busybox_config_option y ASH |
177 |
- busybox_config_option y SH_IS_ASH |
178 |
- busybox_config_option n HUSH |
179 |
- busybox_config_option n SH_IS_HUSH |
180 |
- |
181 |
- busybox_config_option '"/run"' PID_FILE_PATH |
182 |
- busybox_config_option '"/run/ifstate"' IFUPDOWN_IFSTATE_PATH |
183 |
- |
184 |
- # disable ipv6 applets |
185 |
- if ! use ipv6; then |
186 |
- busybox_config_option n FEATURE_IPV6 |
187 |
- busybox_config_option n TRACEROUTE6 |
188 |
- busybox_config_option n PING6 |
189 |
- busybox_config_option n UDHCPC6 |
190 |
- fi |
191 |
- |
192 |
- busybox_config_option pam PAM |
193 |
- busybox_config_option static STATIC |
194 |
- busybox_config_option syslog {K,SYS}LOGD LOGGER |
195 |
- busybox_config_option systemd FEATURE_SYSTEMD |
196 |
- busybox_config_option math FEATURE_AWK_LIBM |
197 |
- |
198 |
- # disable features that uClibc doesn't (yet?) provide. |
199 |
- if use elibc_uclibc; then |
200 |
- busybox_config_option n FEATURE_SYNC_FANCY #567598 |
201 |
- busybox_config_option n NSENTER |
202 |
- fi |
203 |
- |
204 |
- # all the debug options are compiler related, so punt them |
205 |
- busybox_config_option n DEBUG_SANITIZE |
206 |
- busybox_config_option n DEBUG |
207 |
- busybox_config_option y NO_DEBUG_LIB |
208 |
- busybox_config_option n DMALLOC |
209 |
- busybox_config_option n EFENCE |
210 |
- busybox_config_option $(usex debug y n) TFTP_DEBUG |
211 |
- |
212 |
- busybox_config_option selinux SELINUX |
213 |
- |
214 |
- # this opt only controls mounting with <linux-2.6.23 |
215 |
- busybox_config_option n FEATURE_MOUNT_NFS |
216 |
- |
217 |
- # glibc-2.26 and later does not ship RPC implientation |
218 |
- busybox_config_option n FEATURE_HAVE_RPC |
219 |
- busybox_config_option n FEATURE_INETD_RPC |
220 |
- |
221 |
- # default a bunch of uncommon options to off |
222 |
- local opt |
223 |
- for opt in \ |
224 |
- ADD_SHELL \ |
225 |
- BEEP BOOTCHARTD \ |
226 |
- CRONTAB \ |
227 |
- DC DEVFSD DNSD DPKG{,_DEB} \ |
228 |
- FAKEIDENTD FBSPLASH FOLD FSCK_MINIX FTP{GET,PUT} \ |
229 |
- FEATURE_DEVFS \ |
230 |
- HOSTID HUSH \ |
231 |
- INETD INOTIFYD IPCALC \ |
232 |
- LOCALE_SUPPORT LOGNAME LPD \ |
233 |
- MAKEMIME MKFS_MINIX MSH \ |
234 |
- OD \ |
235 |
- RDEV READPROFILE REFORMIME REMOVE_SHELL RFKILL RUN_PARTS RUNSV{,DIR} \ |
236 |
- SLATTACH SMEMCAP SULOGIN SV{,LOGD} \ |
237 |
- TASKSET TCPSVD \ |
238 |
- RPM RPM2CPIO \ |
239 |
- UDPSVD UUDECODE UUENCODE |
240 |
- do |
241 |
- busybox_config_option n ${opt} |
242 |
- done |
243 |
- |
244 |
- emake -j1 oldconfig > /dev/null |
245 |
-} |
246 |
- |
247 |
-src_compile() { |
248 |
- unset KBUILD_OUTPUT #88088 |
249 |
- export SKIP_STRIP=y |
250 |
- |
251 |
- emake V=1 busybox |
252 |
-} |
253 |
- |
254 |
-src_install() { |
255 |
- unset KBUILD_OUTPUT #88088 |
256 |
- save_config .config |
257 |
- |
258 |
- into / |
259 |
- dodir /bin |
260 |
- if use sep-usr ; then |
261 |
- # install /ginit to take care of mounting stuff |
262 |
- exeinto / |
263 |
- newexe busybox_unstripped ginit |
264 |
- dosym /ginit /bin/bb |
265 |
- dosym bb /bin/busybox |
266 |
- else |
267 |
- newbin busybox_unstripped busybox |
268 |
- dosym busybox /bin/bb |
269 |
- fi |
270 |
- if use mdev ; then |
271 |
- dodir /$(get_libdir)/mdev/ |
272 |
- use make-symlinks || dosym /bin/bb /sbin/mdev |
273 |
- cp "${S}"/examples/mdev_fat.conf "${ED}"/etc/mdev.conf |
274 |
- |
275 |
- exeinto /$(get_libdir)/mdev/ |
276 |
- doexe "${FILESDIR}"/mdev/* |
277 |
- |
278 |
- newinitd "${FILESDIR}"/mdev.initd mdev |
279 |
- fi |
280 |
- if use livecd ; then |
281 |
- dosym busybox /bin/vi |
282 |
- fi |
283 |
- |
284 |
- # add busybox daemon's, bug #444718 |
285 |
- if busybox_config_enabled FEATURE_NTPD_SERVER; then |
286 |
- newconfd "${FILESDIR}/ntpd.confd" "busybox-ntpd" |
287 |
- newinitd "${FILESDIR}/ntpd.initd" "busybox-ntpd" |
288 |
- fi |
289 |
- if busybox_config_enabled SYSLOGD; then |
290 |
- newconfd "${FILESDIR}/syslogd.confd" "busybox-syslogd" |
291 |
- newinitd "${FILESDIR}/syslogd.initd" "busybox-syslogd" |
292 |
- fi |
293 |
- if busybox_config_enabled KLOGD; then |
294 |
- newconfd "${FILESDIR}/klogd.confd" "busybox-klogd" |
295 |
- newinitd "${FILESDIR}/klogd.initd" "busybox-klogd" |
296 |
- fi |
297 |
- if busybox_config_enabled WATCHDOG; then |
298 |
- newconfd "${FILESDIR}/watchdog.confd" "busybox-watchdog" |
299 |
- newinitd "${FILESDIR}/watchdog.initd" "busybox-watchdog" |
300 |
- fi |
301 |
- if busybox_config_enabled UDHCPC; then |
302 |
- local path=$(busybox_config_enabled UDHCPC_DEFAULT_SCRIPT) |
303 |
- exeinto "${path%/*}" |
304 |
- newexe examples/udhcp/simple.script "${path##*/}" |
305 |
- fi |
306 |
- if busybox_config_enabled UDHCPD; then |
307 |
- insinto /etc |
308 |
- doins examples/udhcp/udhcpd.conf |
309 |
- fi |
310 |
- |
311 |
- # bundle up the symlink files for use later |
312 |
- emake DESTDIR="${ED}" install |
313 |
- rm _install/bin/busybox |
314 |
- # for compatibility, provide /usr/bin/env |
315 |
- mkdir -p _install/usr/bin |
316 |
- ln -s /bin/env _install/usr/bin/env |
317 |
- tar cf busybox-links.tar -C _install . || : #;die |
318 |
- insinto /usr/share/${PN} |
319 |
- use make-symlinks && doins busybox-links.tar |
320 |
- |
321 |
- dodoc AUTHORS README TODO |
322 |
- |
323 |
- cd docs |
324 |
- docinto txt |
325 |
- dodoc *.txt |
326 |
- docinto pod |
327 |
- dodoc *.pod |
328 |
- docinto html |
329 |
- dodoc *.html |
330 |
- |
331 |
- cd ../examples |
332 |
- docinto examples |
333 |
- dodoc inittab depmod.pl *.conf *.script undeb unrpm |
334 |
-} |
335 |
- |
336 |
-pkg_preinst() { |
337 |
- if use make-symlinks && [[ ! ${VERY_BRAVE_OR_VERY_DUMB} == "yes" ]] && [[ -z "${ROOT}" ]] ; then |
338 |
- ewarn "setting USE=make-symlinks and emerging to / is very dangerous." |
339 |
- ewarn "it WILL overwrite lots of system programs like: ls bash awk grep (bug 60805 for full list)." |
340 |
- ewarn "If you are creating a binary only and not merging this is probably ok." |
341 |
- ewarn "set env VERY_BRAVE_OR_VERY_DUMB=yes if this is really what you want." |
342 |
- die "silly options will destroy your system" |
343 |
- fi |
344 |
- |
345 |
- if use make-symlinks ; then |
346 |
- mv "${ED}"/usr/share/${PN}/busybox-links.tar "${T}"/ || die |
347 |
- fi |
348 |
-} |
349 |
- |
350 |
-pkg_postinst() { |
351 |
- savedconfig_pkg_postinst |
352 |
- |
353 |
- if use make-symlinks ; then |
354 |
- cd "${T}" || die |
355 |
- mkdir _install |
356 |
- tar xf busybox-links.tar -C _install || die |
357 |
- cp -vpPR _install/* "${ROOT}"/ || die "copying links for ${x} failed" |
358 |
- fi |
359 |
- |
360 |
- if use sep-usr ; then |
361 |
- elog "In order to use the sep-usr support, you have to update your" |
362 |
- elog "kernel command line. Add the option:" |
363 |
- elog " init=/ginit" |
364 |
- elog "To launch a different init than /sbin/init, use:" |
365 |
- elog " init=/ginit /sbin/yourinit" |
366 |
- elog "To get a rescue shell, you may boot with:" |
367 |
- elog " init=/ginit bb" |
368 |
- fi |
369 |
-} |