| 1 |
commit: 70b4da0962bc78298d6bdec9af2229c637748d61 |
| 2 |
Author: Mart Raudsepp <leio <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sun Apr 28 14:40:59 2019 +0000 |
| 4 |
Commit: Mart Raudsepp <leio <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Apr 28 14:40:59 2019 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70b4da09 |
| 7 |
|
| 8 |
net-misc/networkmanager: security cleanup |
| 9 |
|
| 10 |
Bug: https://bugs.gentoo.org/670042 |
| 11 |
Package-Manager: Portage-2.3.62, Repoman-2.3.12 |
| 12 |
Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org> |
| 13 |
|
| 14 |
net-misc/networkmanager/Manifest | 1 - |
| 15 |
.../networkmanager/networkmanager-1.14.4.ebuild | 339 --------------------- |
| 16 |
2 files changed, 340 deletions(-) |
| 17 |
|
| 18 |
diff --git a/net-misc/networkmanager/Manifest b/net-misc/networkmanager/Manifest |
| 19 |
index 97aa28094c9..637b9440c4f 100644 |
| 20 |
--- a/net-misc/networkmanager/Manifest |
| 21 |
+++ b/net-misc/networkmanager/Manifest |
| 22 |
@@ -1,3 +1,2 @@ |
| 23 |
-DIST NetworkManager-1.14.4.tar.xz 4414196 BLAKE2B 31b236ee143892725cccccfe26a83bc75f938e19f52c5d09fb6ea3635f517feb5bab428eec4ee5e617920a8a8dd6bfe72bf9b760ecf16dec0bac4bb8663c58e4 SHA512 4199d6d7bbbee318b0f69cf2c1bf46cc3721c764121634751753c3cc833c4c5ac0856467896536e3d403ba8783fe452aaa79bfcd71a5ec324a4274989fb656c7 |
| 24 |
DIST NetworkManager-1.14.6.tar.xz 4426540 BLAKE2B 29709005f4143bb4a9ef2348c2da062ea741111bdd54400f199e057317dff12fe9b0d3ab7795b21e93217076a0b338a18d99c7d2c2514d138aaf5bf41aa71c5a SHA512 e5e11eed6366eb185691102c89732a458f3a01aa979e724f7415d237e0ba1a811ac78bb17d9cf1b11181ec6e3f82cb5f1c86b624d3c2b2c7c1b72549653309c9 |
| 25 |
DIST NetworkManager-1.16.0.tar.xz 4793620 BLAKE2B 554559eefbfa489cf01067bd2c32e4b06fed076d38920b41f2d0005873ff913c0af2babcc3d9b463a4b636ca82e5c27ee20ab5768fcfb2c6b79e003d7fdc224d SHA512 e9d8365d8e59e5bc7c0bc13482139fb96b1d87183c8884e71e84eaf05fe121f2bcac519edd916bd242be4e9a9e2d2140a1065f529a9a02bda87b6d2bd4192584 |
| 26 |
|
| 27 |
diff --git a/net-misc/networkmanager/networkmanager-1.14.4.ebuild b/net-misc/networkmanager/networkmanager-1.14.4.ebuild |
| 28 |
deleted file mode 100644 |
| 29 |
index e613de34612..00000000000 |
| 30 |
--- a/net-misc/networkmanager/networkmanager-1.14.4.ebuild |
| 31 |
+++ /dev/null |
| 32 |
@@ -1,339 +0,0 @@ |
| 33 |
-# Copyright 1999-2018 Gentoo Authors |
| 34 |
-# Distributed under the terms of the GNU General Public License v2 |
| 35 |
- |
| 36 |
-EAPI=6 |
| 37 |
-GNOME_ORG_MODULE="NetworkManager" |
| 38 |
-GNOME2_LA_PUNT="yes" |
| 39 |
-VALA_USE_DEPEND="vapigen" |
| 40 |
-PYTHON_COMPAT=( python{2_7,3_5,3_6,3_7} ) |
| 41 |
- |
| 42 |
-inherit bash-completion-r1 gnome2 linux-info multilib python-any-r1 systemd \ |
| 43 |
- user readme.gentoo-r1 vala virtualx udev multilib-minimal |
| 44 |
- |
| 45 |
-DESCRIPTION="A set of co-operative tools that make networking simple and straightforward" |
| 46 |
-HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager" |
| 47 |
- |
| 48 |
-LICENSE="GPL-2+" |
| 49 |
-SLOT="0" # add subslot if libnm-util.so.2 or libnm-glib.so.4 bumps soname version |
| 50 |
- |
| 51 |
-IUSE="audit bluetooth connection-sharing consolekit +dhclient dhcpcd elogind gnutls +introspection iwd json kernel_linux +nss +modemmanager ncurses ofono ovs policykit +ppp resolvconf selinux systemd teamd test vala +wext +wifi" |
| 52 |
- |
| 53 |
-REQUIRED_USE=" |
| 54 |
- iwd? ( wifi ) |
| 55 |
- modemmanager? ( ppp ) |
| 56 |
- vala? ( introspection ) |
| 57 |
- wext? ( wifi ) |
| 58 |
- ^^ ( nss gnutls ) |
| 59 |
- ?? ( consolekit elogind systemd ) |
| 60 |
-" |
| 61 |
- |
| 62 |
-KEYWORDS="~alpha amd64 arm ~arm64 ~ia64 ppc ppc64 ~sparc x86" |
| 63 |
- |
| 64 |
-# gobject-introspection-0.10.3 is needed due to gnome bug 642300 |
| 65 |
-# wpa_supplicant-0.7.3-r3 is needed due to bug 359271 |
| 66 |
-COMMON_DEPEND=" |
| 67 |
- >=sys-apps/dbus-1.2[${MULTILIB_USEDEP}] |
| 68 |
- >=dev-libs/dbus-glib-0.100[${MULTILIB_USEDEP}] |
| 69 |
- >=dev-libs/glib-2.40:2[${MULTILIB_USEDEP}] |
| 70 |
- policykit? ( >=sys-auth/polkit-0.106 ) |
| 71 |
- net-libs/libndp[${MULTILIB_USEDEP}] |
| 72 |
- >=net-misc/curl-7.24 |
| 73 |
- net-misc/iputils |
| 74 |
- sys-apps/util-linux[${MULTILIB_USEDEP}] |
| 75 |
- sys-libs/readline:0= |
| 76 |
- >=virtual/libudev-175:=[${MULTILIB_USEDEP}] |
| 77 |
- audit? ( sys-process/audit ) |
| 78 |
- bluetooth? ( >=net-wireless/bluez-5 ) |
| 79 |
- connection-sharing? ( |
| 80 |
- net-dns/dnsmasq[dbus,dhcp] |
| 81 |
- net-firewall/iptables ) |
| 82 |
- consolekit? ( >=sys-auth/consolekit-1.0.0 ) |
| 83 |
- dhclient? ( >=net-misc/dhcp-4[client] ) |
| 84 |
- dhcpcd? ( net-misc/dhcpcd ) |
| 85 |
- elogind? ( >=sys-auth/elogind-219 ) |
| 86 |
- gnutls? ( |
| 87 |
- dev-libs/libgcrypt:0=[${MULTILIB_USEDEP}] |
| 88 |
- >=net-libs/gnutls-2.12:=[${MULTILIB_USEDEP}] ) |
| 89 |
- introspection? ( >=dev-libs/gobject-introspection-0.10.3:= ) |
| 90 |
- json? ( >=dev-libs/jansson-2.5[${MULTILIB_USEDEP}] ) |
| 91 |
- modemmanager? ( >=net-misc/modemmanager-0.7.991:0= ) |
| 92 |
- ncurses? ( >=dev-libs/newt-0.52.15 ) |
| 93 |
- nss? ( >=dev-libs/nss-3.11:=[${MULTILIB_USEDEP}] ) |
| 94 |
- ofono? ( net-misc/ofono ) |
| 95 |
- ovs? ( dev-libs/jansson ) |
| 96 |
- ppp? ( >=net-dialup/ppp-2.4.5:=[ipv6] ) |
| 97 |
- resolvconf? ( net-dns/openresolv ) |
| 98 |
- selinux? ( sys-libs/libselinux ) |
| 99 |
- systemd? ( >=sys-apps/systemd-209:0= ) |
| 100 |
- teamd? ( |
| 101 |
- dev-libs/jansson |
| 102 |
- >=net-misc/libteam-1.9 |
| 103 |
- ) |
| 104 |
-" |
| 105 |
-RDEPEND="${COMMON_DEPEND} |
| 106 |
- || ( |
| 107 |
- net-misc/iputils[arping(+)] |
| 108 |
- net-analyzer/arping |
| 109 |
- ) |
| 110 |
- wifi? ( |
| 111 |
- !iwd? ( >=net-wireless/wpa_supplicant-0.7.3-r3[dbus] ) |
| 112 |
- iwd? ( net-wireless/iwd ) |
| 113 |
- ) |
| 114 |
-" |
| 115 |
-DEPEND="${COMMON_DEPEND} |
| 116 |
- dev-util/gdbus-codegen |
| 117 |
- dev-util/glib-utils |
| 118 |
- dev-util/gtk-doc-am |
| 119 |
- >=dev-util/intltool-0.40 |
| 120 |
- >=sys-devel/gettext-0.17 |
| 121 |
- >=sys-kernel/linux-headers-2.6.29 |
| 122 |
- virtual/pkgconfig[${MULTILIB_USEDEP}] |
| 123 |
- introspection? ( |
| 124 |
- $(python_gen_any_dep 'dev-python/pygobject:3[${PYTHON_USEDEP}]') |
| 125 |
- dev-lang/perl |
| 126 |
- dev-libs/libxslt |
| 127 |
- ) |
| 128 |
- vala? ( $(vala_depend) ) |
| 129 |
- test? ( |
| 130 |
- $(python_gen_any_dep ' |
| 131 |
- dev-python/dbus-python[${PYTHON_USEDEP}] |
| 132 |
- dev-python/pygobject:3[${PYTHON_USEDEP}]') |
| 133 |
- ) |
| 134 |
-" |
| 135 |
- |
| 136 |
-python_check_deps() { |
| 137 |
- if use introspection; then |
| 138 |
- has_version "dev-python/pygobject:3[${PYTHON_USEDEP}]" || return |
| 139 |
- fi |
| 140 |
- if use test; then |
| 141 |
- has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && |
| 142 |
- has_version "dev-python/pygobject:3[${PYTHON_USEDEP}]" |
| 143 |
- fi |
| 144 |
-} |
| 145 |
- |
| 146 |
-sysfs_deprecated_check() { |
| 147 |
- ebegin "Checking for SYSFS_DEPRECATED support" |
| 148 |
- |
| 149 |
- if { linux_chkconfig_present SYSFS_DEPRECATED_V2; }; then |
| 150 |
- eerror "Please disable SYSFS_DEPRECATED_V2 support in your kernel config and recompile your kernel" |
| 151 |
- eerror "or NetworkManager will not work correctly." |
| 152 |
- eerror "See https://bugs.gentoo.org/333639 for more info." |
| 153 |
- die "CONFIG_SYSFS_DEPRECATED_V2 support detected!" |
| 154 |
- fi |
| 155 |
- eend $? |
| 156 |
-} |
| 157 |
- |
| 158 |
-pkg_pretend() { |
| 159 |
- if use kernel_linux; then |
| 160 |
- get_version |
| 161 |
- if linux_config_exists; then |
| 162 |
- sysfs_deprecated_check |
| 163 |
- else |
| 164 |
- ewarn "Was unable to determine your kernel .config" |
| 165 |
- ewarn "Please note that if CONFIG_SYSFS_DEPRECATED_V2 is set in your kernel .config, NetworkManager will not work correctly." |
| 166 |
- ewarn "See https://bugs.gentoo.org/333639 for more info." |
| 167 |
- fi |
| 168 |
- |
| 169 |
- fi |
| 170 |
-} |
| 171 |
- |
| 172 |
-pkg_setup() { |
| 173 |
- if use connection-sharing; then |
| 174 |
- CONFIG_CHECK="~NF_NAT_IPV4 ~NF_NAT_MASQUERADE_IPV4" |
| 175 |
- linux-info_pkg_setup |
| 176 |
- fi |
| 177 |
- enewgroup plugdev |
| 178 |
- if use introspection || use test; then |
| 179 |
- python-any-r1_pkg_setup |
| 180 |
- fi |
| 181 |
-} |
| 182 |
- |
| 183 |
-src_prepare() { |
| 184 |
- DOC_CONTENTS="To modify system network connections without needing to enter the |
| 185 |
- root password, add your user account to the 'plugdev' group." |
| 186 |
- |
| 187 |
- use vala && vala_src_prepare |
| 188 |
- gnome2_src_prepare |
| 189 |
-} |
| 190 |
- |
| 191 |
-multilib_src_configure() { |
| 192 |
- local myconf=( |
| 193 |
- --disable-more-warnings |
| 194 |
- --disable-static |
| 195 |
- --localstatedir=/var |
| 196 |
- --disable-lto |
| 197 |
- --disable-config-plugin-ibft |
| 198 |
- --disable-qt |
| 199 |
- --without-netconfig |
| 200 |
- --with-dbus-sys-dir=/etc/dbus-1/system.d |
| 201 |
- # We need --with-libnm-glib (and dbus-glib dep) as reverse deps are |
| 202 |
- # still not ready for removing that lib, bug #665338 |
| 203 |
- --with-libnm-glib |
| 204 |
- --with-nmcli=yes |
| 205 |
- --with-udev-dir="$(get_udevdir)" |
| 206 |
- --with-config-plugins-default=keyfile |
| 207 |
- --with-iptables=/sbin/iptables |
| 208 |
- $(multilib_native_enable concheck) |
| 209 |
- --with-crypto=$(usex nss nss gnutls) |
| 210 |
- --with-session-tracking=$(multilib_native_usex systemd systemd $(multilib_native_usex elogind elogind $(multilib_native_usex consolekit consolekit no))) |
| 211 |
- --with-suspend-resume=$(multilib_native_usex systemd systemd $(multilib_native_usex elogind elogind consolekit)) |
| 212 |
- $(multilib_native_use_with audit libaudit) |
| 213 |
- $(multilib_native_use_enable bluetooth bluez5-dun) |
| 214 |
- $(use_with dhclient) |
| 215 |
- $(use_with dhcpcd) |
| 216 |
- $(multilib_native_use_enable introspection) |
| 217 |
- $(use_enable json json-validation) |
| 218 |
- $(multilib_native_use_enable ppp) |
| 219 |
- --without-libpsl |
| 220 |
- $(multilib_native_use_with modemmanager modem-manager-1) |
| 221 |
- $(multilib_native_use_with ncurses nmtui) |
| 222 |
- $(multilib_native_use_with ofono) |
| 223 |
- $(multilib_native_use_enable ovs) |
| 224 |
- $(multilib_native_use_with resolvconf) |
| 225 |
- $(multilib_native_use_with selinux) |
| 226 |
- $(multilib_native_use_with systemd systemd-journal) |
| 227 |
- $(multilib_native_use_enable teamd teamdctl) |
| 228 |
- $(multilib_native_use_enable test tests) |
| 229 |
- $(multilib_native_use_enable vala) |
| 230 |
- --without-valgrind |
| 231 |
- $(multilib_native_use_with wifi iwd) |
| 232 |
- $(multilib_native_use_with wext) |
| 233 |
- $(multilib_native_use_enable wifi) |
| 234 |
- ) |
| 235 |
- |
| 236 |
- if multilib_is_native_abi && use policykit; then |
| 237 |
- myconf+=( --enable-polkit=yes ) |
| 238 |
- else |
| 239 |
- myconf+=( --enable-polkit=disabled ) |
| 240 |
- fi |
| 241 |
- |
| 242 |
- # Same hack as net-dialup/pptpd to get proper plugin dir for ppp, bug #519986 |
| 243 |
- if use ppp; then |
| 244 |
- local PPPD_VER=`best_version net-dialup/ppp` |
| 245 |
- PPPD_VER=${PPPD_VER#*/*-} #reduce it to ${PV}-${PR} |
| 246 |
- PPPD_VER=${PPPD_VER%%[_-]*} # main version without beta/pre/patch/revision |
| 247 |
- myconf+=( --with-pppd-plugin-dir=/usr/$(get_libdir)/pppd/${PPPD_VER} ) |
| 248 |
- fi |
| 249 |
- |
| 250 |
- # unit files directory needs to be passed only when systemd is enabled, |
| 251 |
- # otherwise systemd support is not disabled completely, bug #524534 |
| 252 |
- use systemd && myconf+=( --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" ) |
| 253 |
- |
| 254 |
- if multilib_is_native_abi; then |
| 255 |
- # work-around man out-of-source brokenness, must be done before configure |
| 256 |
- ln -s "${S}/docs" docs || die |
| 257 |
- ln -s "${S}/man" man || die |
| 258 |
- fi |
| 259 |
- |
| 260 |
- ECONF_SOURCE=${S} runstatedir="/run" gnome2_src_configure "${myconf[@]}" |
| 261 |
-} |
| 262 |
- |
| 263 |
-multilib_src_compile() { |
| 264 |
- if multilib_is_native_abi; then |
| 265 |
- emake |
| 266 |
- else |
| 267 |
- local targets=( |
| 268 |
- libnm/libnm.la |
| 269 |
- libnm-util/libnm-util.la |
| 270 |
- libnm-glib/libnm-glib.la |
| 271 |
- libnm-glib/libnm-glib-vpn.la |
| 272 |
- ) |
| 273 |
- emake "${targets[@]}" |
| 274 |
- fi |
| 275 |
-} |
| 276 |
- |
| 277 |
-multilib_src_test() { |
| 278 |
- if use test && multilib_is_native_abi; then |
| 279 |
- python_setup |
| 280 |
- virtx emake check |
| 281 |
- fi |
| 282 |
-} |
| 283 |
- |
| 284 |
-multilib_src_install() { |
| 285 |
- if multilib_is_native_abi; then |
| 286 |
- # Install completions at proper place, bug #465100 |
| 287 |
- gnome2_src_install completiondir="$(get_bashcompdir)" |
| 288 |
- else |
| 289 |
- local targets=( |
| 290 |
- install-libLTLIBRARIES |
| 291 |
- install-libdeprecatedHEADERS |
| 292 |
- install-libnm_glib_libnmvpnHEADERS |
| 293 |
- install-libnm_glib_libnmincludeHEADERS |
| 294 |
- install-libnm_util_libnm_util_includeHEADERS |
| 295 |
- install-libnmincludeHEADERS |
| 296 |
- install-nodist_libnm_glib_libnmincludeHEADERS |
| 297 |
- install-nodist_libnm_glib_libnmvpnHEADERS |
| 298 |
- install-nodist_libnm_util_libnm_util_includeHEADERS |
| 299 |
- install-nodist_libnmincludeHEADERS |
| 300 |
- install-pkgconfigDATA |
| 301 |
- ) |
| 302 |
- emake DESTDIR="${D}" "${targets[@]}" |
| 303 |
- fi |
| 304 |
-} |
| 305 |
- |
| 306 |
-multilib_src_install_all() { |
| 307 |
- einstalldocs |
| 308 |
- ! use systemd && readme.gentoo_create_doc |
| 309 |
- |
| 310 |
- newinitd "${FILESDIR}/init.d.NetworkManager-r1" NetworkManager |
| 311 |
- newconfd "${FILESDIR}/conf.d.NetworkManager" NetworkManager |
| 312 |
- |
| 313 |
- # Need to keep the /etc/NetworkManager/dispatched.d for dispatcher scripts |
| 314 |
- keepdir /etc/NetworkManager/dispatcher.d |
| 315 |
- |
| 316 |
- # Provide openrc net dependency only when nm is connected |
| 317 |
- exeinto /etc/NetworkManager/dispatcher.d |
| 318 |
- newexe "${FILESDIR}/10-openrc-status-r4" 10-openrc-status |
| 319 |
- sed -e "s:@EPREFIX@:${EPREFIX}:g" \ |
| 320 |
- -i "${ED}/etc/NetworkManager/dispatcher.d/10-openrc-status" || die |
| 321 |
- |
| 322 |
- keepdir /etc/NetworkManager/system-connections |
| 323 |
- chmod 0600 "${ED}"/etc/NetworkManager/system-connections/.keep* # bug #383765, upstream bug #754594 |
| 324 |
- |
| 325 |
- # Allow users in plugdev group to modify system connections |
| 326 |
- insinto /usr/share/polkit-1/rules.d/ |
| 327 |
- doins "${FILESDIR}/01-org.freedesktop.NetworkManager.settings.modify.system.rules" |
| 328 |
- |
| 329 |
- if use iwd; then |
| 330 |
- # This goes to $nmlibdir/conf.d/ and $nmlibdir is '${prefix}'/lib/$PACKAGE, thus always lib, not get_libdir |
| 331 |
- cat <<-EOF > "${ED%/}"/usr/lib/NetworkManager/conf.d/iwd.conf |
| 332 |
- [device] |
| 333 |
- wifi.backend=iwd |
| 334 |
- EOF |
| 335 |
- fi |
| 336 |
- |
| 337 |
- # Empty |
| 338 |
- rmdir "${ED%/}"/var{/lib{/NetworkManager,},} || die |
| 339 |
-} |
| 340 |
- |
| 341 |
-pkg_postinst() { |
| 342 |
- gnome2_pkg_postinst |
| 343 |
- systemd_reenable NetworkManager.service |
| 344 |
- ! use systemd && readme.gentoo_print_elog |
| 345 |
- |
| 346 |
- if [[ -e "${EROOT}etc/NetworkManager/nm-system-settings.conf" ]]; then |
| 347 |
- ewarn "The ${PN} system configuration file has moved to a new location." |
| 348 |
- ewarn "You must migrate your settings from ${EROOT}/etc/NetworkManager/nm-system-settings.conf" |
| 349 |
- ewarn "to ${EROOT}etc/NetworkManager/NetworkManager.conf" |
| 350 |
- ewarn |
| 351 |
- ewarn "After doing so, you can remove ${EROOT}etc/NetworkManager/nm-system-settings.conf" |
| 352 |
- fi |
| 353 |
- |
| 354 |
- # NM fallbacks to plugin specified at compile time (upstream bug #738611) |
| 355 |
- # but still show a warning to remember people to have cleaner config file |
| 356 |
- if [[ -e "${EROOT}etc/NetworkManager/NetworkManager.conf" ]]; then |
| 357 |
- if grep plugins "${EROOT}etc/NetworkManager/NetworkManager.conf" | grep -q ifnet; then |
| 358 |
- ewarn |
| 359 |
- ewarn "You seem to use 'ifnet' plugin in ${EROOT}etc/NetworkManager/NetworkManager.conf" |
| 360 |
- ewarn "Since it won't be used, you will need to stop setting ifnet plugin there." |
| 361 |
- ewarn |
| 362 |
- fi |
| 363 |
- fi |
| 364 |
- |
| 365 |
- # NM shows lots of errors making nmcli neither unusable, bug #528748 upstream bug #690457 |
| 366 |
- if grep -r "psk-flags=1" "${EROOT}"/etc/NetworkManager/; then |
| 367 |
- ewarn "You have psk-flags=1 setting in above files, you will need to" |
| 368 |
- ewarn "either reconfigure affected networks or, at least, set the flag" |
| 369 |
- ewarn "value to '0'." |
| 370 |
- fi |
| 371 |
-} |
Archives