1 |
commit: 70b4da0962bc78298d6bdec9af2229c637748d61 |
2 |
Author: Mart Raudsepp <leio <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Apr 28 14:40:59 2019 +0000 |
4 |
Commit: Mart Raudsepp <leio <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Apr 28 14:40:59 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70b4da09 |
7 |
|
8 |
net-misc/networkmanager: security cleanup |
9 |
|
10 |
Bug: https://bugs.gentoo.org/670042 |
11 |
Package-Manager: Portage-2.3.62, Repoman-2.3.12 |
12 |
Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org> |
13 |
|
14 |
net-misc/networkmanager/Manifest | 1 - |
15 |
.../networkmanager/networkmanager-1.14.4.ebuild | 339 --------------------- |
16 |
2 files changed, 340 deletions(-) |
17 |
|
18 |
diff --git a/net-misc/networkmanager/Manifest b/net-misc/networkmanager/Manifest |
19 |
index 97aa28094c9..637b9440c4f 100644 |
20 |
--- a/net-misc/networkmanager/Manifest |
21 |
+++ b/net-misc/networkmanager/Manifest |
22 |
@@ -1,3 +1,2 @@ |
23 |
-DIST NetworkManager-1.14.4.tar.xz 4414196 BLAKE2B 31b236ee143892725cccccfe26a83bc75f938e19f52c5d09fb6ea3635f517feb5bab428eec4ee5e617920a8a8dd6bfe72bf9b760ecf16dec0bac4bb8663c58e4 SHA512 4199d6d7bbbee318b0f69cf2c1bf46cc3721c764121634751753c3cc833c4c5ac0856467896536e3d403ba8783fe452aaa79bfcd71a5ec324a4274989fb656c7 |
24 |
DIST NetworkManager-1.14.6.tar.xz 4426540 BLAKE2B 29709005f4143bb4a9ef2348c2da062ea741111bdd54400f199e057317dff12fe9b0d3ab7795b21e93217076a0b338a18d99c7d2c2514d138aaf5bf41aa71c5a SHA512 e5e11eed6366eb185691102c89732a458f3a01aa979e724f7415d237e0ba1a811ac78bb17d9cf1b11181ec6e3f82cb5f1c86b624d3c2b2c7c1b72549653309c9 |
25 |
DIST NetworkManager-1.16.0.tar.xz 4793620 BLAKE2B 554559eefbfa489cf01067bd2c32e4b06fed076d38920b41f2d0005873ff913c0af2babcc3d9b463a4b636ca82e5c27ee20ab5768fcfb2c6b79e003d7fdc224d SHA512 e9d8365d8e59e5bc7c0bc13482139fb96b1d87183c8884e71e84eaf05fe121f2bcac519edd916bd242be4e9a9e2d2140a1065f529a9a02bda87b6d2bd4192584 |
26 |
|
27 |
diff --git a/net-misc/networkmanager/networkmanager-1.14.4.ebuild b/net-misc/networkmanager/networkmanager-1.14.4.ebuild |
28 |
deleted file mode 100644 |
29 |
index e613de34612..00000000000 |
30 |
--- a/net-misc/networkmanager/networkmanager-1.14.4.ebuild |
31 |
+++ /dev/null |
32 |
@@ -1,339 +0,0 @@ |
33 |
-# Copyright 1999-2018 Gentoo Authors |
34 |
-# Distributed under the terms of the GNU General Public License v2 |
35 |
- |
36 |
-EAPI=6 |
37 |
-GNOME_ORG_MODULE="NetworkManager" |
38 |
-GNOME2_LA_PUNT="yes" |
39 |
-VALA_USE_DEPEND="vapigen" |
40 |
-PYTHON_COMPAT=( python{2_7,3_5,3_6,3_7} ) |
41 |
- |
42 |
-inherit bash-completion-r1 gnome2 linux-info multilib python-any-r1 systemd \ |
43 |
- user readme.gentoo-r1 vala virtualx udev multilib-minimal |
44 |
- |
45 |
-DESCRIPTION="A set of co-operative tools that make networking simple and straightforward" |
46 |
-HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager" |
47 |
- |
48 |
-LICENSE="GPL-2+" |
49 |
-SLOT="0" # add subslot if libnm-util.so.2 or libnm-glib.so.4 bumps soname version |
50 |
- |
51 |
-IUSE="audit bluetooth connection-sharing consolekit +dhclient dhcpcd elogind gnutls +introspection iwd json kernel_linux +nss +modemmanager ncurses ofono ovs policykit +ppp resolvconf selinux systemd teamd test vala +wext +wifi" |
52 |
- |
53 |
-REQUIRED_USE=" |
54 |
- iwd? ( wifi ) |
55 |
- modemmanager? ( ppp ) |
56 |
- vala? ( introspection ) |
57 |
- wext? ( wifi ) |
58 |
- ^^ ( nss gnutls ) |
59 |
- ?? ( consolekit elogind systemd ) |
60 |
-" |
61 |
- |
62 |
-KEYWORDS="~alpha amd64 arm ~arm64 ~ia64 ppc ppc64 ~sparc x86" |
63 |
- |
64 |
-# gobject-introspection-0.10.3 is needed due to gnome bug 642300 |
65 |
-# wpa_supplicant-0.7.3-r3 is needed due to bug 359271 |
66 |
-COMMON_DEPEND=" |
67 |
- >=sys-apps/dbus-1.2[${MULTILIB_USEDEP}] |
68 |
- >=dev-libs/dbus-glib-0.100[${MULTILIB_USEDEP}] |
69 |
- >=dev-libs/glib-2.40:2[${MULTILIB_USEDEP}] |
70 |
- policykit? ( >=sys-auth/polkit-0.106 ) |
71 |
- net-libs/libndp[${MULTILIB_USEDEP}] |
72 |
- >=net-misc/curl-7.24 |
73 |
- net-misc/iputils |
74 |
- sys-apps/util-linux[${MULTILIB_USEDEP}] |
75 |
- sys-libs/readline:0= |
76 |
- >=virtual/libudev-175:=[${MULTILIB_USEDEP}] |
77 |
- audit? ( sys-process/audit ) |
78 |
- bluetooth? ( >=net-wireless/bluez-5 ) |
79 |
- connection-sharing? ( |
80 |
- net-dns/dnsmasq[dbus,dhcp] |
81 |
- net-firewall/iptables ) |
82 |
- consolekit? ( >=sys-auth/consolekit-1.0.0 ) |
83 |
- dhclient? ( >=net-misc/dhcp-4[client] ) |
84 |
- dhcpcd? ( net-misc/dhcpcd ) |
85 |
- elogind? ( >=sys-auth/elogind-219 ) |
86 |
- gnutls? ( |
87 |
- dev-libs/libgcrypt:0=[${MULTILIB_USEDEP}] |
88 |
- >=net-libs/gnutls-2.12:=[${MULTILIB_USEDEP}] ) |
89 |
- introspection? ( >=dev-libs/gobject-introspection-0.10.3:= ) |
90 |
- json? ( >=dev-libs/jansson-2.5[${MULTILIB_USEDEP}] ) |
91 |
- modemmanager? ( >=net-misc/modemmanager-0.7.991:0= ) |
92 |
- ncurses? ( >=dev-libs/newt-0.52.15 ) |
93 |
- nss? ( >=dev-libs/nss-3.11:=[${MULTILIB_USEDEP}] ) |
94 |
- ofono? ( net-misc/ofono ) |
95 |
- ovs? ( dev-libs/jansson ) |
96 |
- ppp? ( >=net-dialup/ppp-2.4.5:=[ipv6] ) |
97 |
- resolvconf? ( net-dns/openresolv ) |
98 |
- selinux? ( sys-libs/libselinux ) |
99 |
- systemd? ( >=sys-apps/systemd-209:0= ) |
100 |
- teamd? ( |
101 |
- dev-libs/jansson |
102 |
- >=net-misc/libteam-1.9 |
103 |
- ) |
104 |
-" |
105 |
-RDEPEND="${COMMON_DEPEND} |
106 |
- || ( |
107 |
- net-misc/iputils[arping(+)] |
108 |
- net-analyzer/arping |
109 |
- ) |
110 |
- wifi? ( |
111 |
- !iwd? ( >=net-wireless/wpa_supplicant-0.7.3-r3[dbus] ) |
112 |
- iwd? ( net-wireless/iwd ) |
113 |
- ) |
114 |
-" |
115 |
-DEPEND="${COMMON_DEPEND} |
116 |
- dev-util/gdbus-codegen |
117 |
- dev-util/glib-utils |
118 |
- dev-util/gtk-doc-am |
119 |
- >=dev-util/intltool-0.40 |
120 |
- >=sys-devel/gettext-0.17 |
121 |
- >=sys-kernel/linux-headers-2.6.29 |
122 |
- virtual/pkgconfig[${MULTILIB_USEDEP}] |
123 |
- introspection? ( |
124 |
- $(python_gen_any_dep 'dev-python/pygobject:3[${PYTHON_USEDEP}]') |
125 |
- dev-lang/perl |
126 |
- dev-libs/libxslt |
127 |
- ) |
128 |
- vala? ( $(vala_depend) ) |
129 |
- test? ( |
130 |
- $(python_gen_any_dep ' |
131 |
- dev-python/dbus-python[${PYTHON_USEDEP}] |
132 |
- dev-python/pygobject:3[${PYTHON_USEDEP}]') |
133 |
- ) |
134 |
-" |
135 |
- |
136 |
-python_check_deps() { |
137 |
- if use introspection; then |
138 |
- has_version "dev-python/pygobject:3[${PYTHON_USEDEP}]" || return |
139 |
- fi |
140 |
- if use test; then |
141 |
- has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && |
142 |
- has_version "dev-python/pygobject:3[${PYTHON_USEDEP}]" |
143 |
- fi |
144 |
-} |
145 |
- |
146 |
-sysfs_deprecated_check() { |
147 |
- ebegin "Checking for SYSFS_DEPRECATED support" |
148 |
- |
149 |
- if { linux_chkconfig_present SYSFS_DEPRECATED_V2; }; then |
150 |
- eerror "Please disable SYSFS_DEPRECATED_V2 support in your kernel config and recompile your kernel" |
151 |
- eerror "or NetworkManager will not work correctly." |
152 |
- eerror "See https://bugs.gentoo.org/333639 for more info." |
153 |
- die "CONFIG_SYSFS_DEPRECATED_V2 support detected!" |
154 |
- fi |
155 |
- eend $? |
156 |
-} |
157 |
- |
158 |
-pkg_pretend() { |
159 |
- if use kernel_linux; then |
160 |
- get_version |
161 |
- if linux_config_exists; then |
162 |
- sysfs_deprecated_check |
163 |
- else |
164 |
- ewarn "Was unable to determine your kernel .config" |
165 |
- ewarn "Please note that if CONFIG_SYSFS_DEPRECATED_V2 is set in your kernel .config, NetworkManager will not work correctly." |
166 |
- ewarn "See https://bugs.gentoo.org/333639 for more info." |
167 |
- fi |
168 |
- |
169 |
- fi |
170 |
-} |
171 |
- |
172 |
-pkg_setup() { |
173 |
- if use connection-sharing; then |
174 |
- CONFIG_CHECK="~NF_NAT_IPV4 ~NF_NAT_MASQUERADE_IPV4" |
175 |
- linux-info_pkg_setup |
176 |
- fi |
177 |
- enewgroup plugdev |
178 |
- if use introspection || use test; then |
179 |
- python-any-r1_pkg_setup |
180 |
- fi |
181 |
-} |
182 |
- |
183 |
-src_prepare() { |
184 |
- DOC_CONTENTS="To modify system network connections without needing to enter the |
185 |
- root password, add your user account to the 'plugdev' group." |
186 |
- |
187 |
- use vala && vala_src_prepare |
188 |
- gnome2_src_prepare |
189 |
-} |
190 |
- |
191 |
-multilib_src_configure() { |
192 |
- local myconf=( |
193 |
- --disable-more-warnings |
194 |
- --disable-static |
195 |
- --localstatedir=/var |
196 |
- --disable-lto |
197 |
- --disable-config-plugin-ibft |
198 |
- --disable-qt |
199 |
- --without-netconfig |
200 |
- --with-dbus-sys-dir=/etc/dbus-1/system.d |
201 |
- # We need --with-libnm-glib (and dbus-glib dep) as reverse deps are |
202 |
- # still not ready for removing that lib, bug #665338 |
203 |
- --with-libnm-glib |
204 |
- --with-nmcli=yes |
205 |
- --with-udev-dir="$(get_udevdir)" |
206 |
- --with-config-plugins-default=keyfile |
207 |
- --with-iptables=/sbin/iptables |
208 |
- $(multilib_native_enable concheck) |
209 |
- --with-crypto=$(usex nss nss gnutls) |
210 |
- --with-session-tracking=$(multilib_native_usex systemd systemd $(multilib_native_usex elogind elogind $(multilib_native_usex consolekit consolekit no))) |
211 |
- --with-suspend-resume=$(multilib_native_usex systemd systemd $(multilib_native_usex elogind elogind consolekit)) |
212 |
- $(multilib_native_use_with audit libaudit) |
213 |
- $(multilib_native_use_enable bluetooth bluez5-dun) |
214 |
- $(use_with dhclient) |
215 |
- $(use_with dhcpcd) |
216 |
- $(multilib_native_use_enable introspection) |
217 |
- $(use_enable json json-validation) |
218 |
- $(multilib_native_use_enable ppp) |
219 |
- --without-libpsl |
220 |
- $(multilib_native_use_with modemmanager modem-manager-1) |
221 |
- $(multilib_native_use_with ncurses nmtui) |
222 |
- $(multilib_native_use_with ofono) |
223 |
- $(multilib_native_use_enable ovs) |
224 |
- $(multilib_native_use_with resolvconf) |
225 |
- $(multilib_native_use_with selinux) |
226 |
- $(multilib_native_use_with systemd systemd-journal) |
227 |
- $(multilib_native_use_enable teamd teamdctl) |
228 |
- $(multilib_native_use_enable test tests) |
229 |
- $(multilib_native_use_enable vala) |
230 |
- --without-valgrind |
231 |
- $(multilib_native_use_with wifi iwd) |
232 |
- $(multilib_native_use_with wext) |
233 |
- $(multilib_native_use_enable wifi) |
234 |
- ) |
235 |
- |
236 |
- if multilib_is_native_abi && use policykit; then |
237 |
- myconf+=( --enable-polkit=yes ) |
238 |
- else |
239 |
- myconf+=( --enable-polkit=disabled ) |
240 |
- fi |
241 |
- |
242 |
- # Same hack as net-dialup/pptpd to get proper plugin dir for ppp, bug #519986 |
243 |
- if use ppp; then |
244 |
- local PPPD_VER=`best_version net-dialup/ppp` |
245 |
- PPPD_VER=${PPPD_VER#*/*-} #reduce it to ${PV}-${PR} |
246 |
- PPPD_VER=${PPPD_VER%%[_-]*} # main version without beta/pre/patch/revision |
247 |
- myconf+=( --with-pppd-plugin-dir=/usr/$(get_libdir)/pppd/${PPPD_VER} ) |
248 |
- fi |
249 |
- |
250 |
- # unit files directory needs to be passed only when systemd is enabled, |
251 |
- # otherwise systemd support is not disabled completely, bug #524534 |
252 |
- use systemd && myconf+=( --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" ) |
253 |
- |
254 |
- if multilib_is_native_abi; then |
255 |
- # work-around man out-of-source brokenness, must be done before configure |
256 |
- ln -s "${S}/docs" docs || die |
257 |
- ln -s "${S}/man" man || die |
258 |
- fi |
259 |
- |
260 |
- ECONF_SOURCE=${S} runstatedir="/run" gnome2_src_configure "${myconf[@]}" |
261 |
-} |
262 |
- |
263 |
-multilib_src_compile() { |
264 |
- if multilib_is_native_abi; then |
265 |
- emake |
266 |
- else |
267 |
- local targets=( |
268 |
- libnm/libnm.la |
269 |
- libnm-util/libnm-util.la |
270 |
- libnm-glib/libnm-glib.la |
271 |
- libnm-glib/libnm-glib-vpn.la |
272 |
- ) |
273 |
- emake "${targets[@]}" |
274 |
- fi |
275 |
-} |
276 |
- |
277 |
-multilib_src_test() { |
278 |
- if use test && multilib_is_native_abi; then |
279 |
- python_setup |
280 |
- virtx emake check |
281 |
- fi |
282 |
-} |
283 |
- |
284 |
-multilib_src_install() { |
285 |
- if multilib_is_native_abi; then |
286 |
- # Install completions at proper place, bug #465100 |
287 |
- gnome2_src_install completiondir="$(get_bashcompdir)" |
288 |
- else |
289 |
- local targets=( |
290 |
- install-libLTLIBRARIES |
291 |
- install-libdeprecatedHEADERS |
292 |
- install-libnm_glib_libnmvpnHEADERS |
293 |
- install-libnm_glib_libnmincludeHEADERS |
294 |
- install-libnm_util_libnm_util_includeHEADERS |
295 |
- install-libnmincludeHEADERS |
296 |
- install-nodist_libnm_glib_libnmincludeHEADERS |
297 |
- install-nodist_libnm_glib_libnmvpnHEADERS |
298 |
- install-nodist_libnm_util_libnm_util_includeHEADERS |
299 |
- install-nodist_libnmincludeHEADERS |
300 |
- install-pkgconfigDATA |
301 |
- ) |
302 |
- emake DESTDIR="${D}" "${targets[@]}" |
303 |
- fi |
304 |
-} |
305 |
- |
306 |
-multilib_src_install_all() { |
307 |
- einstalldocs |
308 |
- ! use systemd && readme.gentoo_create_doc |
309 |
- |
310 |
- newinitd "${FILESDIR}/init.d.NetworkManager-r1" NetworkManager |
311 |
- newconfd "${FILESDIR}/conf.d.NetworkManager" NetworkManager |
312 |
- |
313 |
- # Need to keep the /etc/NetworkManager/dispatched.d for dispatcher scripts |
314 |
- keepdir /etc/NetworkManager/dispatcher.d |
315 |
- |
316 |
- # Provide openrc net dependency only when nm is connected |
317 |
- exeinto /etc/NetworkManager/dispatcher.d |
318 |
- newexe "${FILESDIR}/10-openrc-status-r4" 10-openrc-status |
319 |
- sed -e "s:@EPREFIX@:${EPREFIX}:g" \ |
320 |
- -i "${ED}/etc/NetworkManager/dispatcher.d/10-openrc-status" || die |
321 |
- |
322 |
- keepdir /etc/NetworkManager/system-connections |
323 |
- chmod 0600 "${ED}"/etc/NetworkManager/system-connections/.keep* # bug #383765, upstream bug #754594 |
324 |
- |
325 |
- # Allow users in plugdev group to modify system connections |
326 |
- insinto /usr/share/polkit-1/rules.d/ |
327 |
- doins "${FILESDIR}/01-org.freedesktop.NetworkManager.settings.modify.system.rules" |
328 |
- |
329 |
- if use iwd; then |
330 |
- # This goes to $nmlibdir/conf.d/ and $nmlibdir is '${prefix}'/lib/$PACKAGE, thus always lib, not get_libdir |
331 |
- cat <<-EOF > "${ED%/}"/usr/lib/NetworkManager/conf.d/iwd.conf |
332 |
- [device] |
333 |
- wifi.backend=iwd |
334 |
- EOF |
335 |
- fi |
336 |
- |
337 |
- # Empty |
338 |
- rmdir "${ED%/}"/var{/lib{/NetworkManager,},} || die |
339 |
-} |
340 |
- |
341 |
-pkg_postinst() { |
342 |
- gnome2_pkg_postinst |
343 |
- systemd_reenable NetworkManager.service |
344 |
- ! use systemd && readme.gentoo_print_elog |
345 |
- |
346 |
- if [[ -e "${EROOT}etc/NetworkManager/nm-system-settings.conf" ]]; then |
347 |
- ewarn "The ${PN} system configuration file has moved to a new location." |
348 |
- ewarn "You must migrate your settings from ${EROOT}/etc/NetworkManager/nm-system-settings.conf" |
349 |
- ewarn "to ${EROOT}etc/NetworkManager/NetworkManager.conf" |
350 |
- ewarn |
351 |
- ewarn "After doing so, you can remove ${EROOT}etc/NetworkManager/nm-system-settings.conf" |
352 |
- fi |
353 |
- |
354 |
- # NM fallbacks to plugin specified at compile time (upstream bug #738611) |
355 |
- # but still show a warning to remember people to have cleaner config file |
356 |
- if [[ -e "${EROOT}etc/NetworkManager/NetworkManager.conf" ]]; then |
357 |
- if grep plugins "${EROOT}etc/NetworkManager/NetworkManager.conf" | grep -q ifnet; then |
358 |
- ewarn |
359 |
- ewarn "You seem to use 'ifnet' plugin in ${EROOT}etc/NetworkManager/NetworkManager.conf" |
360 |
- ewarn "Since it won't be used, you will need to stop setting ifnet plugin there." |
361 |
- ewarn |
362 |
- fi |
363 |
- fi |
364 |
- |
365 |
- # NM shows lots of errors making nmcli neither unusable, bug #528748 upstream bug #690457 |
366 |
- if grep -r "psk-flags=1" "${EROOT}"/etc/NetworkManager/; then |
367 |
- ewarn "You have psk-flags=1 setting in above files, you will need to" |
368 |
- ewarn "either reconfigure affected networks or, at least, set the flag" |
369 |
- ewarn "value to '0'." |
370 |
- fi |
371 |
-} |