[gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/files/, sys-apps/sandbox/ - gentoo-commits

From:	Mike Frysinger <vapier@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: sys-apps/sandbox/files/, sys-apps/sandbox/
Date:	Sun, 20 Sep 2015 08:48:44
Message-Id:	`1442738902.822e317acd15429c57cf09cf448b1ce99cf33147.vapier@gentoo`

1

commit:     822e317acd15429c57cf09cf448b1ce99cf33147

2

Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>

3

AuthorDate: Sun Sep 20 08:12:48 2015 +0000

4

Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>

5

CommitDate: Sun Sep 20 08:48:22 2015 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=822e317a

7

8

sys-apps/sandbox: version bump

9

10

 sys-apps/sandbox/Manifest                          |   1 +

11

 .../sandbox/files/sandbox-2.8-write-ptmx.patch     |  34 ++++++

12

 sys-apps/sandbox/sandbox-2.8.ebuild                | 124 +++++++++++++++++++++

13

 3 files changed, 159 insertions(+)

14

15

diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest

16

index 42c825a..e0fd4ea 100644

17

--- a/sys-apps/sandbox/Manifest

18

+++ b/sys-apps/sandbox/Manifest

19

@@ -4,3 +4,4 @@ DIST sandbox-2.4.tar.xz 344664 SHA256 450599cb3052296d42f81a04dbbda82d220415fc2d

20

 DIST sandbox-2.5.tar.xz 355680 SHA256 c0e98767fb70750d79591a6d08f81d5c2f13ce783bf94bd90677022e9103878a SHA512 7b870295bb78c1da5550b650a3983d93e503935a8e8452a29a5c6310cc2c2d569a898ea1534e2c670b4a3e5607504fac55f69da6878e0adc9c2c65a5476b4fb0 WHIRLPOOL 887d36638111b09d77674002c07ebad84c24bc4f645d9fb78e180a6c6e7407eb3fb6857877bc152e0cefb676f01df60b20857b8487ce28ff3e4438aef744fe53

21

 DIST sandbox-2.6.tar.xz 366356 SHA256 95615c5879dfc419713f22ba5506a2802a50ea0ce8a2f57c656354f2e50b1c4d SHA512 32ba7fb675c67fdc8bc52da1db7ed6878e5fea8753accb30d9aca00f708e0dde03287b5962caf5ef031bea6934d6ef3e18404b015c70ebd551d3fd8109ad2371 WHIRLPOOL bab2d015fb0de92a2266408ca7941c8fb66b599179040cfc727ffce5b2424a9722dc55ba89d198e3361044d8cb357314205488d2a980c7b8af063fd8940f0c03

22

 DIST sandbox-2.7.tar.xz 390304 SHA256 d6e1230180d84fb64c9788dd372a73a1cd2496ead91cad333a211320d3041149 SHA512 81056460afabe3f9163594f662f5faf87b6dfe8511a001fc4d6ce0171492eb29f3b645a45320032d34475bb2c24bf212d1d05b50878a340f1e2ca580f8f8f38a WHIRLPOOL ad070df6351537e49f939ba195f27ccf5e4566bb8b6e4ba391ab8174771eacf909571284c6fa873d5b55e8540605d2766a3de5d451b6af132c0ff6d96e43f554

23

+DIST sandbox-2.8.tar.xz 410588 SHA256 f01dcac27a4641d1898c4a19bf3a0572f8ec85c3ba12e6ede8af36f6bc047165 SHA512 73a21e72f5825f43ee887efbe73f4ccd8771c7f45438104077aa83448d0a2727ab65be89a7a1a690d3662594df680ca4dc29908763e5abe2a81594b6f8f6ff2e WHIRLPOOL 6c93a0d8737bab4e710f0f20645514c9a5413a2d357a64c2e8b8428567221b949134881e705f979aa374635a278c0b3c646a6cffaf1015024db8f2aab2ec7c74

24

25

diff --git a/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch b/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch

26

new file mode 100644

27

index 0000000..d22f53b

28

--- /dev/null

29

+++ b/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch

30

@@ -0,0 +1,34 @@

31

+From 6b9b505f4a7716a50ff9e63c85f2c4882987a732 Mon Sep 17 00:00:00 2001

32

+From: Mike Frysinger <vapier@g.o>

33

+Date: Sun, 20 Sep 2015 04:40:39 -0400

34

+Subject: [PATCH] sandbox.conf: allow writing to /dev/ptmx

35

+

36

+We implicitly permit write access to this node by not catching functions

37

+like openpty and posix_openpt, but when projects try to access the node

38

+directly (due to legacy/fallback logic), the sandbox would reject them.

39

+Make access to the node explicit since it's generally harmless.

40

+

41

+URL: https://bugs.gentoo.org/413327

42

+URL: https://bugs.gentoo.org/550650

43

+URL: https://bugs.gentoo.org/550670

44

+Signed-off-by: Mike Frysinger <vapier@g.o>

45

+---

46

+ etc/sandbox.conf | 2 +-

47

+ 1 file changed, 1 insertion(+), 1 deletion(-)

48

+

49

+diff --git a/etc/sandbox.conf b/etc/sandbox.conf

50

+index dc460f0..1d7655c 100644

51

+--- a/etc/sandbox.conf

52

++++ b/etc/sandbox.conf

53

+@@ -64,7 +64,7 @@ SANDBOX_WRITE="/dev/zero:/dev/null:/dev/full"

54

+ # Console device nodes

55

+ SANDBOX_WRITE="/dev/console:/dev/tty:/dev/vc/:/dev/pty:/dev/tts"

56

+ # Device filesystems

57

+-SANDBOX_WRITE="/dev/pts/:/dev/shm"

58

++SANDBOX_WRITE="/dev/ptmx:/dev/pts/:/dev/shm"

59

+ # Tempory storage

60

+ SANDBOX_WRITE="/tmp/:/var/tmp/"

61

+ # Needed for shells

62

+--

63

+2.5.2

64

+

65

66

diff --git a/sys-apps/sandbox/sandbox-2.8.ebuild b/sys-apps/sandbox/sandbox-2.8.ebuild

67

new file mode 100644

68

index 0000000..4f3de07

69

--- /dev/null

70

+++ b/sys-apps/sandbox/sandbox-2.8.ebuild

71

@@ -0,0 +1,124 @@

72

+# Copyright 1999-2015 Gentoo Foundation

73

+# Distributed under the terms of the GNU General Public License v2

74

+# $Id$

75

+

76

+#

77

+# don't monkey with this ebuild unless contacting portage devs.

78

+# period.

79

+#

80

+

81

+inherit eutils flag-o-matic toolchain-funcs multilib unpacker multiprocessing

82

+

83

+DESCRIPTION="sandbox'd LD_PRELOAD hack"

84

+HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/"

85

+SRC_URI="mirror://gentoo/${P}.tar.xz

86

+	https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"

87

+

88

+LICENSE="GPL-2"

89

+SLOT="0"

90

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"

91

+IUSE="multilib"

92

+

93

+DEPEND="app-arch/xz-utils

94

+	>=app-misc/pax-utils-0.1.19" #265376

95

+RDEPEND=""

96

+

97

+EMULTILIB_PKG="true"

98

+has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"

99

+

100

+sandbox_death_notice() {

101

+	ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"

102

+	ewarn "FEATURES=-sandbox emerge sandbox"

103

+}

104

+

105

+sb_get_install_abis() { use multilib && get_install_abis || echo ${ABI:-default} ; }

106

+

107

+sb_foreach_abi() {

108

+	local OABI=${ABI}

109

+	for ABI in $(sb_get_install_abis) ; do

110

+		cd "${WORKDIR}/build-${ABI}"

111

+		einfo "Running $1 for ABI=${ABI}..."

112

+		"$@"

113

+	done

114

+	ABI=${OABI}

115

+}

116

+

117

+src_unpack() {

118

+	unpacker

119

+	cd "${S}"

120

+	epatch "${FILESDIR}"/${P}-write-ptmx.patch #413327

121

+	epatch_user

122

+}

123

+

124

+sb_configure() {

125

+	mkdir "${WORKDIR}/build-${ABI}"

126

+	cd "${WORKDIR}/build-${ABI}"

127

+

128

+	use multilib && multilib_toolchain_setup ${ABI}

129

+

130

+	einfo "Configuring sandbox for ABI=${ABI}..."

131

+	ECONF_SOURCE="${S}" \

132

+	econf ${myconf} || die

133

+}

134

+

135

+sb_compile() {

136

+	emake || die

137

+}

138

+

139

+src_compile() {

140

+	filter-lfs-flags #90228

141

+

142

+	# Run configures in parallel!

143

+	multijob_init

144

+	local OABI=${ABI}

145

+	for ABI in $(sb_get_install_abis) ; do

146

+		multijob_child_init sb_configure

147

+	done

148

+	ABI=${OABI}

149

+	multijob_finish

150

+

151

+	sb_foreach_abi sb_compile

152

+}

153

+

154

+sb_test() {

155

+	emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" || die

156

+}

157

+

158

+src_test() {

159

+	sb_foreach_abi sb_test

160

+}

161

+

162

+sb_install() {

163

+	emake DESTDIR="${D}" install || die

164

+	insinto /etc/sandbox.d #333131

165

+	doins etc/sandbox.d/00default || die

166

+}

167

+

168

+src_install() {

169

+	sb_foreach_abi sb_install

170

+

171

+	doenvd "${FILESDIR}"/09sandbox

172

+

173

+	keepdir /var/log/sandbox

174

+	fowners root:portage /var/log/sandbox

175

+	fperms 0770 /var/log/sandbox

176

+

177

+	cd "${S}"

178

+	dodoc AUTHORS ChangeLog* NEWS README

179

+}

180

+

181

+pkg_preinst() {

182

+	chown root:portage "${D}"/var/log/sandbox

183

+	chmod 0770 "${D}"/var/log/sandbox

184

+

185

+	local old=$(find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*')

186

+	if [[ -n ${old} ]] ; then

187

+		elog "Removing old sandbox libraries for you:"

188

+		elog ${old//${ROOT}}

189

+		find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \;

190

+	fi

191

+}

192

+

193

+pkg_postinst() {

194

+	chmod 0755 "${ROOT}"/etc/sandbox.d #265376

195

+}

1	commit: 822e317acd15429c57cf09cf448b1ce99cf33147
2	Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
3	AuthorDate: Sun Sep 20 08:12:48 2015 +0000
4	Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
5	CommitDate: Sun Sep 20 08:48:22 2015 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=822e317a
7
8	sys-apps/sandbox: version bump
9
10	sys-apps/sandbox/Manifest \| 1 +
11	.../sandbox/files/sandbox-2.8-write-ptmx.patch \| 34 ++++++
12	sys-apps/sandbox/sandbox-2.8.ebuild \| 124 +++++++++++++++++++++
13	3 files changed, 159 insertions(+)
14
15	diff --git a/sys-apps/sandbox/Manifest b/sys-apps/sandbox/Manifest
16	index 42c825a..e0fd4ea 100644
17	--- a/sys-apps/sandbox/Manifest
18	+++ b/sys-apps/sandbox/Manifest
19	@@ -4,3 +4,4 @@ DIST sandbox-2.4.tar.xz 344664 SHA256 450599cb3052296d42f81a04dbbda82d220415fc2d
20	DIST sandbox-2.5.tar.xz 355680 SHA256 c0e98767fb70750d79591a6d08f81d5c2f13ce783bf94bd90677022e9103878a SHA512 7b870295bb78c1da5550b650a3983d93e503935a8e8452a29a5c6310cc2c2d569a898ea1534e2c670b4a3e5607504fac55f69da6878e0adc9c2c65a5476b4fb0 WHIRLPOOL 887d36638111b09d77674002c07ebad84c24bc4f645d9fb78e180a6c6e7407eb3fb6857877bc152e0cefb676f01df60b20857b8487ce28ff3e4438aef744fe53
21	DIST sandbox-2.6.tar.xz 366356 SHA256 95615c5879dfc419713f22ba5506a2802a50ea0ce8a2f57c656354f2e50b1c4d SHA512 32ba7fb675c67fdc8bc52da1db7ed6878e5fea8753accb30d9aca00f708e0dde03287b5962caf5ef031bea6934d6ef3e18404b015c70ebd551d3fd8109ad2371 WHIRLPOOL bab2d015fb0de92a2266408ca7941c8fb66b599179040cfc727ffce5b2424a9722dc55ba89d198e3361044d8cb357314205488d2a980c7b8af063fd8940f0c03
22	DIST sandbox-2.7.tar.xz 390304 SHA256 d6e1230180d84fb64c9788dd372a73a1cd2496ead91cad333a211320d3041149 SHA512 81056460afabe3f9163594f662f5faf87b6dfe8511a001fc4d6ce0171492eb29f3b645a45320032d34475bb2c24bf212d1d05b50878a340f1e2ca580f8f8f38a WHIRLPOOL ad070df6351537e49f939ba195f27ccf5e4566bb8b6e4ba391ab8174771eacf909571284c6fa873d5b55e8540605d2766a3de5d451b6af132c0ff6d96e43f554
23	+DIST sandbox-2.8.tar.xz 410588 SHA256 f01dcac27a4641d1898c4a19bf3a0572f8ec85c3ba12e6ede8af36f6bc047165 SHA512 73a21e72f5825f43ee887efbe73f4ccd8771c7f45438104077aa83448d0a2727ab65be89a7a1a690d3662594df680ca4dc29908763e5abe2a81594b6f8f6ff2e WHIRLPOOL 6c93a0d8737bab4e710f0f20645514c9a5413a2d357a64c2e8b8428567221b949134881e705f979aa374635a278c0b3c646a6cffaf1015024db8f2aab2ec7c74
24
25	diff --git a/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch b/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch
26	new file mode 100644
27	index 0000000..d22f53b
28	--- /dev/null
29	+++ b/sys-apps/sandbox/files/sandbox-2.8-write-ptmx.patch
30	@@ -0,0 +1,34 @@
31	+From 6b9b505f4a7716a50ff9e63c85f2c4882987a732 Mon Sep 17 00:00:00 2001
32	+From: Mike Frysinger <vapier@g.o>
33	+Date: Sun, 20 Sep 2015 04:40:39 -0400
34	+Subject: [PATCH] sandbox.conf: allow writing to /dev/ptmx
35	+
36	+We implicitly permit write access to this node by not catching functions
37	+like openpty and posix_openpt, but when projects try to access the node
38	+directly (due to legacy/fallback logic), the sandbox would reject them.
39	+Make access to the node explicit since it's generally harmless.
40	+
41	+URL: https://bugs.gentoo.org/413327
42	+URL: https://bugs.gentoo.org/550650
43	+URL: https://bugs.gentoo.org/550670
44	+Signed-off-by: Mike Frysinger <vapier@g.o>
45	+---
46	+ etc/sandbox.conf \| 2 +-
47	+ 1 file changed, 1 insertion(+), 1 deletion(-)
48	+
49	+diff --git a/etc/sandbox.conf b/etc/sandbox.conf
50	+index dc460f0..1d7655c 100644
51	+--- a/etc/sandbox.conf
52	++++ b/etc/sandbox.conf
53	+@@ -64,7 +64,7 @@ SANDBOX_WRITE="/dev/zero:/dev/null:/dev/full"
54	+ # Console device nodes
55	+ SANDBOX_WRITE="/dev/console:/dev/tty:/dev/vc/:/dev/pty:/dev/tts"
56	+ # Device filesystems
57	+-SANDBOX_WRITE="/dev/pts/:/dev/shm"
58	++SANDBOX_WRITE="/dev/ptmx:/dev/pts/:/dev/shm"
59	+ # Tempory storage
60	+ SANDBOX_WRITE="/tmp/:/var/tmp/"
61	+ # Needed for shells
62	+--
63	+2.5.2
64	+
65
66	diff --git a/sys-apps/sandbox/sandbox-2.8.ebuild b/sys-apps/sandbox/sandbox-2.8.ebuild
67	new file mode 100644
68	index 0000000..4f3de07
69	--- /dev/null
70	+++ b/sys-apps/sandbox/sandbox-2.8.ebuild
71	@@ -0,0 +1,124 @@
72	+# Copyright 1999-2015 Gentoo Foundation
73	+# Distributed under the terms of the GNU General Public License v2
74	+# $Id$
75	+
76	+#
77	+# don't monkey with this ebuild unless contacting portage devs.
78	+# period.
79	+#
80	+
81	+inherit eutils flag-o-matic toolchain-funcs multilib unpacker multiprocessing
82	+
83	+DESCRIPTION="sandbox'd LD_PRELOAD hack"
84	+HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/"
85	+SRC_URI="mirror://gentoo/${P}.tar.xz
86	+ https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
87	+
88	+LICENSE="GPL-2"
89	+SLOT="0"
90	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
91	+IUSE="multilib"
92	+
93	+DEPEND="app-arch/xz-utils
94	+ >=app-misc/pax-utils-0.1.19" #265376
95	+RDEPEND=""
96	+
97	+EMULTILIB_PKG="true"
98	+has sandbox_death_notice ${EBUILD_DEATH_HOOKS} \|\| EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"
99	+
100	+sandbox_death_notice() {
101	+ ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
102	+ ewarn "FEATURES=-sandbox emerge sandbox"
103	+}
104	+
105	+sb_get_install_abis() { use multilib && get_install_abis \|\| echo ${ABI:-default} ; }
106	+
107	+sb_foreach_abi() {
108	+ local OABI=${ABI}
109	+ for ABI in $(sb_get_install_abis) ; do
110	+ cd "${WORKDIR}/build-${ABI}"
111	+ einfo "Running $1 for ABI=${ABI}..."
112	+ "$@"
113	+ done
114	+ ABI=${OABI}
115	+}
116	+
117	+src_unpack() {
118	+ unpacker
119	+ cd "${S}"
120	+ epatch "${FILESDIR}"/${P}-write-ptmx.patch #413327
121	+ epatch_user
122	+}
123	+
124	+sb_configure() {
125	+ mkdir "${WORKDIR}/build-${ABI}"
126	+ cd "${WORKDIR}/build-${ABI}"
127	+
128	+ use multilib && multilib_toolchain_setup ${ABI}
129	+
130	+ einfo "Configuring sandbox for ABI=${ABI}..."
131	+ ECONF_SOURCE="${S}" \
132	+ econf ${myconf} \|\| die
133	+}
134	+
135	+sb_compile() {
136	+ emake \|\| die
137	+}
138	+
139	+src_compile() {
140	+ filter-lfs-flags #90228
141	+
142	+ # Run configures in parallel!
143	+ multijob_init
144	+ local OABI=${ABI}
145	+ for ABI in $(sb_get_install_abis) ; do
146	+ multijob_child_init sb_configure
147	+ done
148	+ ABI=${OABI}
149	+ multijob_finish
150	+
151	+ sb_foreach_abi sb_compile
152	+}
153	+
154	+sb_test() {
155	+ emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" \|\| die
156	+}
157	+
158	+src_test() {
159	+ sb_foreach_abi sb_test
160	+}
161	+
162	+sb_install() {
163	+ emake DESTDIR="${D}" install \|\| die
164	+ insinto /etc/sandbox.d #333131
165	+ doins etc/sandbox.d/00default \|\| die
166	+}
167	+
168	+src_install() {
169	+ sb_foreach_abi sb_install
170	+
171	+ doenvd "${FILESDIR}"/09sandbox
172	+
173	+ keepdir /var/log/sandbox
174	+ fowners root:portage /var/log/sandbox
175	+ fperms 0770 /var/log/sandbox
176	+
177	+ cd "${S}"
178	+ dodoc AUTHORS ChangeLog* NEWS README
179	+}
180	+
181	+pkg_preinst() {
182	+ chown root:portage "${D}"/var/log/sandbox
183	+ chmod 0770 "${D}"/var/log/sandbox
184	+
185	+ local old=$(find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*')
186	+ if [[ -n ${old} ]] ; then
187	+ elog "Removing old sandbox libraries for you:"
188	+ elog ${old//${ROOT}}
189	+ find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \;
190	+ fi
191	+}
192	+
193	+pkg_postinst() {
194	+ chmod 0755 "${ROOT}"/etc/sandbox.d #265376
195	+}

Gentoo Archives: gentoo-commits