1 |
commit: 822e317acd15429c57cf09cf448b1ce99cf33147 |
2 |
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Sep 20 08:12:48 2015 +0000 |
4 |
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Sep 20 08:48:22 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=822e317a |
7 |
|
8 |
sys-apps/sandbox: version bump |
9 |
|
10 |
sys-apps/sandbox/Manifest | 1 + |
11 |
.../sandbox/files/sandbox-2.8-write-ptmx.patch | 34 ++++++ |
12 |
sys-apps/sandbox/sandbox-2.8.ebuild | 124 +++++++++++++++++++++ |
13 |
3 files changed, 159 insertions(+) |
14 |
|
15 |
diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest |
16 |
index 42c825a..e0fd4ea 100644 |
17 |
--- a/sys-apps/sandbox/Manifest |
18 |
+++ b/sys-apps/sandbox/Manifest |
19 |
@@ -4,3 +4,4 @@ DIST sandbox-2.4.tar.xz 344664 SHA256 450599cb3052296d42f81a04dbbda82d220415fc2d |
20 |
DIST sandbox-2.5.tar.xz 355680 SHA256 c0e98767fb70750d79591a6d08f81d5c2f13ce783bf94bd90677022e9103878a SHA512 7b870295bb78c1da5550b650a3983d93e503935a8e8452a29a5c6310cc2c2d569a898ea1534e2c670b4a3e5607504fac55f69da6878e0adc9c2c65a5476b4fb0 WHIRLPOOL 887d36638111b09d77674002c07ebad84c24bc4f645d9fb78e180a6c6e7407eb3fb6857877bc152e0cefb676f01df60b20857b8487ce28ff3e4438aef744fe53 |
21 |
DIST sandbox-2.6.tar.xz 366356 SHA256 95615c5879dfc419713f22ba5506a2802a50ea0ce8a2f57c656354f2e50b1c4d SHA512 32ba7fb675c67fdc8bc52da1db7ed6878e5fea8753accb30d9aca00f708e0dde03287b5962caf5ef031bea6934d6ef3e18404b015c70ebd551d3fd8109ad2371 WHIRLPOOL bab2d015fb0de92a2266408ca7941c8fb66b599179040cfc727ffce5b2424a9722dc55ba89d198e3361044d8cb357314205488d2a980c7b8af063fd8940f0c03 |
22 |
DIST sandbox-2.7.tar.xz 390304 SHA256 d6e1230180d84fb64c9788dd372a73a1cd2496ead91cad333a211320d3041149 SHA512 81056460afabe3f9163594f662f5faf87b6dfe8511a001fc4d6ce0171492eb29f3b645a45320032d34475bb2c24bf212d1d05b50878a340f1e2ca580f8f8f38a WHIRLPOOL ad070df6351537e49f939ba195f27ccf5e4566bb8b6e4ba391ab8174771eacf909571284c6fa873d5b55e8540605d2766a3de5d451b6af132c0ff6d96e43f554 |
23 |
+DIST sandbox-2.8.tar.xz 410588 SHA256 f01dcac27a4641d1898c4a19bf3a0572f8ec85c3ba12e6ede8af36f6bc047165 SHA512 73a21e72f5825f43ee887efbe73f4ccd8771c7f45438104077aa83448d0a2727ab65be89a7a1a690d3662594df680ca4dc29908763e5abe2a81594b6f8f6ff2e WHIRLPOOL 6c93a0d8737bab4e710f0f20645514c9a5413a2d357a64c2e8b8428567221b949134881e705f979aa374635a278c0b3c646a6cffaf1015024db8f2aab2ec7c74 |
24 |
|
25 |
diff --git a/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch b/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch |
26 |
new file mode 100644 |
27 |
index 0000000..d22f53b |
28 |
--- /dev/null |
29 |
+++ b/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch |
30 |
@@ -0,0 +1,34 @@ |
31 |
+From 6b9b505f4a7716a50ff9e63c85f2c4882987a732 Mon Sep 17 00:00:00 2001 |
32 |
+From: Mike Frysinger <vapier@g.o> |
33 |
+Date: Sun, 20 Sep 2015 04:40:39 -0400 |
34 |
+Subject: [PATCH] sandbox.conf: allow writing to /dev/ptmx |
35 |
+ |
36 |
+We implicitly permit write access to this node by not catching functions |
37 |
+like openpty and posix_openpt, but when projects try to access the node |
38 |
+directly (due to legacy/fallback logic), the sandbox would reject them. |
39 |
+Make access to the node explicit since it's generally harmless. |
40 |
+ |
41 |
+URL: https://bugs.gentoo.org/413327 |
42 |
+URL: https://bugs.gentoo.org/550650 |
43 |
+URL: https://bugs.gentoo.org/550670 |
44 |
+Signed-off-by: Mike Frysinger <vapier@g.o> |
45 |
+--- |
46 |
+ etc/sandbox.conf | 2 +- |
47 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
48 |
+ |
49 |
+diff --git a/etc/sandbox.conf b/etc/sandbox.conf |
50 |
+index dc460f0..1d7655c 100644 |
51 |
+--- a/etc/sandbox.conf |
52 |
++++ b/etc/sandbox.conf |
53 |
+@@ -64,7 +64,7 @@ SANDBOX_WRITE="/dev/zero:/dev/null:/dev/full" |
54 |
+ # Console device nodes |
55 |
+ SANDBOX_WRITE="/dev/console:/dev/tty:/dev/vc/:/dev/pty:/dev/tts" |
56 |
+ # Device filesystems |
57 |
+-SANDBOX_WRITE="/dev/pts/:/dev/shm" |
58 |
++SANDBOX_WRITE="/dev/ptmx:/dev/pts/:/dev/shm" |
59 |
+ # Tempory storage |
60 |
+ SANDBOX_WRITE="/tmp/:/var/tmp/" |
61 |
+ # Needed for shells |
62 |
+-- |
63 |
+2.5.2 |
64 |
+ |
65 |
|
66 |
diff --git a/sys-apps/sandbox/sandbox-2.8.ebuild b/sys-apps/sandbox/sandbox-2.8.ebuild |
67 |
new file mode 100644 |
68 |
index 0000000..4f3de07 |
69 |
--- /dev/null |
70 |
+++ b/sys-apps/sandbox/sandbox-2.8.ebuild |
71 |
@@ -0,0 +1,124 @@ |
72 |
+# Copyright 1999-2015 Gentoo Foundation |
73 |
+# Distributed under the terms of the GNU General Public License v2 |
74 |
+# $Id$ |
75 |
+ |
76 |
+# |
77 |
+# don't monkey with this ebuild unless contacting portage devs. |
78 |
+# period. |
79 |
+# |
80 |
+ |
81 |
+inherit eutils flag-o-matic toolchain-funcs multilib unpacker multiprocessing |
82 |
+ |
83 |
+DESCRIPTION="sandbox'd LD_PRELOAD hack" |
84 |
+HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/" |
85 |
+SRC_URI="mirror://gentoo/${P}.tar.xz |
86 |
+ https://dev.gentoo.org/~vapier/dist/${P}.tar.xz" |
87 |
+ |
88 |
+LICENSE="GPL-2" |
89 |
+SLOT="0" |
90 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" |
91 |
+IUSE="multilib" |
92 |
+ |
93 |
+DEPEND="app-arch/xz-utils |
94 |
+ >=app-misc/pax-utils-0.1.19" #265376 |
95 |
+RDEPEND="" |
96 |
+ |
97 |
+EMULTILIB_PKG="true" |
98 |
+has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice" |
99 |
+ |
100 |
+sandbox_death_notice() { |
101 |
+ ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:" |
102 |
+ ewarn "FEATURES=-sandbox emerge sandbox" |
103 |
+} |
104 |
+ |
105 |
+sb_get_install_abis() { use multilib && get_install_abis || echo ${ABI:-default} ; } |
106 |
+ |
107 |
+sb_foreach_abi() { |
108 |
+ local OABI=${ABI} |
109 |
+ for ABI in $(sb_get_install_abis) ; do |
110 |
+ cd "${WORKDIR}/build-${ABI}" |
111 |
+ einfo "Running $1 for ABI=${ABI}..." |
112 |
+ "$@" |
113 |
+ done |
114 |
+ ABI=${OABI} |
115 |
+} |
116 |
+ |
117 |
+src_unpack() { |
118 |
+ unpacker |
119 |
+ cd "${S}" |
120 |
+ epatch "${FILESDIR}"/${P}-write-ptmx.patch #413327 |
121 |
+ epatch_user |
122 |
+} |
123 |
+ |
124 |
+sb_configure() { |
125 |
+ mkdir "${WORKDIR}/build-${ABI}" |
126 |
+ cd "${WORKDIR}/build-${ABI}" |
127 |
+ |
128 |
+ use multilib && multilib_toolchain_setup ${ABI} |
129 |
+ |
130 |
+ einfo "Configuring sandbox for ABI=${ABI}..." |
131 |
+ ECONF_SOURCE="${S}" \ |
132 |
+ econf ${myconf} || die |
133 |
+} |
134 |
+ |
135 |
+sb_compile() { |
136 |
+ emake || die |
137 |
+} |
138 |
+ |
139 |
+src_compile() { |
140 |
+ filter-lfs-flags #90228 |
141 |
+ |
142 |
+ # Run configures in parallel! |
143 |
+ multijob_init |
144 |
+ local OABI=${ABI} |
145 |
+ for ABI in $(sb_get_install_abis) ; do |
146 |
+ multijob_child_init sb_configure |
147 |
+ done |
148 |
+ ABI=${OABI} |
149 |
+ multijob_finish |
150 |
+ |
151 |
+ sb_foreach_abi sb_compile |
152 |
+} |
153 |
+ |
154 |
+sb_test() { |
155 |
+ emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" || die |
156 |
+} |
157 |
+ |
158 |
+src_test() { |
159 |
+ sb_foreach_abi sb_test |
160 |
+} |
161 |
+ |
162 |
+sb_install() { |
163 |
+ emake DESTDIR="${D}" install || die |
164 |
+ insinto /etc/sandbox.d #333131 |
165 |
+ doins etc/sandbox.d/00default || die |
166 |
+} |
167 |
+ |
168 |
+src_install() { |
169 |
+ sb_foreach_abi sb_install |
170 |
+ |
171 |
+ doenvd "${FILESDIR}"/09sandbox |
172 |
+ |
173 |
+ keepdir /var/log/sandbox |
174 |
+ fowners root:portage /var/log/sandbox |
175 |
+ fperms 0770 /var/log/sandbox |
176 |
+ |
177 |
+ cd "${S}" |
178 |
+ dodoc AUTHORS ChangeLog* NEWS README |
179 |
+} |
180 |
+ |
181 |
+pkg_preinst() { |
182 |
+ chown root:portage "${D}"/var/log/sandbox |
183 |
+ chmod 0770 "${D}"/var/log/sandbox |
184 |
+ |
185 |
+ local old=$(find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*') |
186 |
+ if [[ -n ${old} ]] ; then |
187 |
+ elog "Removing old sandbox libraries for you:" |
188 |
+ elog ${old//${ROOT}} |
189 |
+ find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \; |
190 |
+ fi |
191 |
+} |
192 |
+ |
193 |
+pkg_postinst() { |
194 |
+ chmod 0755 "${ROOT}"/etc/sandbox.d #265376 |
195 |
+} |