[gentoo-commits] repo/gentoo:master commit in: profiles/, sys-apps/sandbox/files/, sys-apps/sandbox/ - gentoo-commits

From:	Mart Raudsepp <leio@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: profiles/, sys-apps/sandbox/files/, sys-apps/sandbox/
Date:	Fri, 30 Dec 2016 17:08:08
Message-Id:	`1483087788.3a9eb02cfe4cde0373b309d67fe1fb83c68d7ec5.leio@gentoo`

1

commit:     3a9eb02cfe4cde0373b309d67fe1fb83c68d7ec5

2

Author:     Mart Raudsepp <leio <AT> gentoo <DOT> org>

3

AuthorDate: Fri Dec 30 08:35:38 2016 +0000

4

Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>

5

CommitDate: Fri Dec 30 08:49:48 2016 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a9eb02c

7

8

sys-apps/sandbox: Fix opendir sandbox abort with long paths

9

10

Shell globbing code could end up calling opendir on a whole command line

11

with arguments, exceeding 8k characters - for example when libtool gets

12

passed an -export-symbols-regex with a wildcard.

13

Due to the length exceeding sandbox internal SB_PATH_MAX, it gets trimmed

14

internally in sandbox syscall checks (even though opendir isn't an actual

15

syscall), gets confused and throws an ISE abort.

16

Fix it by adding a precheck that simply fails early with ENAMETOOLONG on

17

too long paths, as the real glibc function would do the same.

18

19

Fixes large projects hitting sandbox abort inside the driving POSIX shell

20

globbing function due to a long list of linker arguments (such as many object

21

files) being passed to libtool together with an -export-symbols-regex with

22

a wildcard. Known affected packages include graphicsmagick and newer

23

gnome-builder.

24

25

p.masked for a short time as a maintainer timeout, seeking independent

26

validation as a critical packages non-maintainer revbump.

27

28

Gentoo-Bug: 553092

29

Package-Manager: portage-2.3.3

30

Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org>

31

32

 profiles/package.mask                              |  4 +

33

 .../sandbox/files/sandbox-2.10-fix-opendir.patch   | 79 ++++++++++++++++++++

34

 sys-apps/sandbox/sandbox-2.10-r3.ebuild            | 84 +++++++++++++++++++++

35

 sys-apps/sandbox/sandbox-2.11-r4.ebuild            | 85 ++++++++++++++++++++++

36

 4 files changed, 252 insertions(+)

37

38

diff --git a/profiles/package.mask b/profiles/package.mask

39

index 438ba4f..979a785 100644

40

--- a/profiles/package.mask

41

+++ b/profiles/package.mask

42

@@ -30,6 +30,10 @@

43

44

 #--- END OF EXAMPLES ---

45

46

+# Mart Raudsepp <leio@g.o> (30 Dec 2016)

47

+# Temporary testing mask for non-maintainer commit of a bugfix, #553092

48

+=sys-apps/sandbox-2.10-r3

49

+

50

 # David Seifert <soap@g.o> (29 Dec 2016)

51

 # Ancient codebase, maintenance nightmare, dead

52

 # upstream, games-emulation/vbam is spiritual successor

53

54

diff --git a/sys-apps/sandbox/files/sandbox-2.10-fix-opendir.patch b/sys-apps/sandbox/files/sandbox-2.10-fix-opendir.patch

55

new file mode 100644

56

index 00000000..2ff89bc

57

--- /dev/null

58

+++ b/sys-apps/sandbox/files/sandbox-2.10-fix-opendir.patch

59

@@ -0,0 +1,79 @@

60

+From 3f668dc6ba1910085e61b3a24167ab1352c60d92 Mon Sep 17 00:00:00 2001

61

+From: Mart Raudsepp <leio@g.o>

62

+Date: Fri, 11 Nov 2016 12:34:48 +0200

63

+Subject: [PATCH] libsandbox: do not abort with a long name to opendir

64

+

65

+Add a pre-check for opendir that catches too long name arguments

66

+given to opendir, as it would get messed up and abort before it

67

+even gets to the open*() syscall (which would handle it correctly),

68

+due to opendir going through before_syscall/check_syscall, even

69

+though it isn't a true syscall and it getting cut to SB_PATH_MAX

70

+inbetween and getting confused somewhere.

71

+

72

+URL: https://bugs.gentoo.org/553092

73

+Signed-off-by: Mart Raudsepp <leio@g.o>

74

+---

75

+ libsandbox/wrapper-funcs/opendir.c           |  2 ++

76

+ libsandbox/wrapper-funcs/opendir_pre_check.c | 26 ++++++++++++++++++++++++++

77

+ libsandbox/wrappers.h                        |  1 +

78

+ 3 files changed, 29 insertions(+)

79

+ create mode 100644 libsandbox/wrapper-funcs/opendir_pre_check.c

80

+

81

+diff --git a/libsandbox/wrapper-funcs/opendir.c b/libsandbox/wrapper-funcs/opendir.c

82

+index 7670775..70c2692 100644

83

+--- a/libsandbox/wrapper-funcs/opendir.c

84

++++ b/libsandbox/wrapper-funcs/opendir.c

85

+@@ -10,4 +10,6 @@

86

+ #define WRAPPER_SAFE() SB_SAFE(name)

87

+ #define WRAPPER_RET_TYPE DIR *

88

+ #define WRAPPER_RET_DEFAULT NULL

89

++#define WRAPPER_PRE_CHECKS() sb_opendir_pre_check(STRING_NAME, name)

90

++

91

+ #include "__wrapper_simple.c"

92

+diff --git a/libsandbox/wrapper-funcs/opendir_pre_check.c b/libsandbox/wrapper-funcs/opendir_pre_check.c

93

+new file mode 100644

94

+index 0000000..60c869f

95

+--- /dev/null

96

++++ b/libsandbox/wrapper-funcs/opendir_pre_check.c

97

+@@ -0,0 +1,26 @@

98

++/*

99

++ * opendir() pre-check.

100

++ *

101

++ * Copyright 1999-2016 Gentoo Foundation

102

++ * Licensed under the GPL-2

103

++ */

104

++

105

++bool sb_opendir_pre_check(const char *func, const char *name)

106

++{

107

++	/* If length of name is larger than PATH_MAX, we would mess it up

108

++	 * before it reaches the open syscall, which would cleanly error out

109

++	 * via sandbox as well (actually with much smaller lengths than even

110

++	 * PATH_MAX).

111

++	 * So error out early in this case, in order to avoid an abort in

112

++	 * check_syscall later on, which gets ran for opendir, despite it not

113

++	 * being a syscall.

114

++	 */

115

++	if (strnlen(name, PATH_MAX) == PATH_MAX) {

116

++		errno = ENAMETOOLONG;

117

++		sb_debug_dyn("EARLY FAIL: %s(%s): %s\n",

118

++			func, name, strerror(errno));

119

++		return false;

120

++	}

121

++

122

++	return true;

123

++}

124

+diff --git a/libsandbox/wrappers.h b/libsandbox/wrappers.h

125

+index 0aa58bb..bf5bf64 100644

126

+--- a/libsandbox/wrappers.h

127

++++ b/libsandbox/wrappers.h

128

+@@ -27,6 +27,7 @@ attribute_hidden bool sb_fopen64_pre_check  (const char *func, const char *pathn

129

+ attribute_hidden bool sb_mkdirat_pre_check  (const char *func, const char *pathname, int dirfd);

130

+ attribute_hidden bool sb_openat_pre_check   (const char *func, const char *pathname, int dirfd, int flags);

131

+ attribute_hidden bool sb_openat64_pre_check (const char *func, const char *pathname, int dirfd, int flags);

132

++attribute_hidden bool sb_opendir_pre_check  (const char *func, const char *name);

133

+ attribute_hidden bool sb_unlinkat_pre_check (const char *func, const char *pathname, int dirfd);

134

+ attribute_hidden bool sb_common_at_pre_check(const char *func, const char **pathname, int dirfd,

135

+                                              char *dirfd_path, size_t dirfd_path_len);

136

+--

137

+2.9.0

138

+

139

140

diff --git a/sys-apps/sandbox/sandbox-2.10-r3.ebuild b/sys-apps/sandbox/sandbox-2.10-r3.ebuild

141

new file mode 100644

142

index 00000000..910a931

143

--- /dev/null

144

+++ b/sys-apps/sandbox/sandbox-2.10-r3.ebuild

145

@@ -0,0 +1,84 @@

146

+# Copyright 1999-2016 Gentoo Foundation

147

+# Distributed under the terms of the GNU General Public License v2

148

+

149

+#

150

+# don't monkey with this ebuild unless contacting portage devs.

151

+# period.

152

+#

153

+

154

+EAPI="5"

155

+

156

+inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils

157

+

158

+DESCRIPTION="sandbox'd LD_PRELOAD hack"

159

+HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/"

160

+SRC_URI="mirror://gentoo/${P}.tar.xz

161

+	https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"

162

+

163

+LICENSE="GPL-2"

164

+SLOT="0"

165

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"

166

+IUSE=""

167

+

168

+DEPEND="app-arch/xz-utils

169

+	>=app-misc/pax-utils-0.1.19" #265376

170

+RDEPEND=""

171

+

172

+has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"

173

+

174

+sandbox_death_notice() {

175

+	ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"

176

+	ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox"

177

+}

178

+

179

+src_prepare() {

180

+	epatch "${FILESDIR}"/${P}-memory-corruption.patch #568714

181

+	epatch "${FILESDIR}"/${P}-disable-same.patch

182

+	epatch "${FILESDIR}"/${P}-fix-opendir.patch #553092

183

+	epatch_user

184

+}

185

+

186

+multilib_src_configure() {

187

+	filter-lfs-flags #90228

188

+

189

+	local myconf=()

190

+	host-is-pax && myconf+=( --disable-pch ) #301299 #425524 #572092

191

+

192

+	ECONF_SOURCE="${S}" \

193

+	econf "${myconf[@]}"

194

+}

195

+

196

+multilib_src_test() {

197

+	# Default sandbox build will run with --jobs set to # cpus.

198

+	emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)"

199

+}

200

+

201

+multilib_src_install_all() {

202

+	doenvd "${FILESDIR}"/09sandbox

203

+

204

+	keepdir /var/log/sandbox

205

+	fowners root:portage /var/log/sandbox

206

+	fperms 0770 /var/log/sandbox

207

+

208

+	cd "${S}"

209

+	dodoc AUTHORS ChangeLog* NEWS README

210

+}

211

+

212

+pkg_preinst() {

213

+	chown root:portage "${ED}"/var/log/sandbox

214

+	chmod 0770 "${ED}"/var/log/sandbox

215

+

216

+	if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then

217

+		local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*')

218

+		if [[ -n ${old} ]] ; then

219

+			elog "Removing old sandbox libraries for you:"

220

+			find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -print -delete

221

+		fi

222

+	fi

223

+}

224

+

225

+pkg_postinst() {

226

+	if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then

227

+		chmod 0755 "${EROOT}"/etc/sandbox.d #265376

228

+	fi

229

+}

230

231

diff --git a/sys-apps/sandbox/sandbox-2.11-r4.ebuild b/sys-apps/sandbox/sandbox-2.11-r4.ebuild

232

new file mode 100644

233

index 00000000..0cba4b7

234

--- /dev/null

235

+++ b/sys-apps/sandbox/sandbox-2.11-r4.ebuild

236

@@ -0,0 +1,85 @@

237

+# Copyright 1999-2016 Gentoo Foundation

238

+# Distributed under the terms of the GNU General Public License v2

239

+

240

+#

241

+# don't monkey with this ebuild unless contacting portage devs.

242

+# period.

243

+#

244

+

245

+EAPI="5"

246

+

247

+inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils

248

+

249

+DESCRIPTION="sandbox'd LD_PRELOAD hack"

250

+HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/"

251

+SRC_URI="mirror://gentoo/${P}.tar.xz

252

+	https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"

253

+

254

+LICENSE="GPL-2"

255

+SLOT="0"

256

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"

257

+IUSE=""

258

+

259

+DEPEND="app-arch/xz-utils

260

+	>=app-misc/pax-utils-0.1.19" #265376

261

+RDEPEND=""

262

+

263

+has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"

264

+

265

+sandbox_death_notice() {

266

+	ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"

267

+	ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox"

268

+}

269

+

270

+src_prepare() {

271

+	epatch "${FILESDIR}"/${P}-execvpe.patch #578516

272

+	epatch "${FILESDIR}"/${P}-exec-hash.patch #578524

273

+	epatch "${FILESDIR}"/${P}-exec-prelink.patch #599894

274

+	epatch "${FILESDIR}"/${PN}-2.10-fix-opendir.patch #553092

275

+	epatch_user

276

+}

277

+

278

+multilib_src_configure() {

279

+	filter-lfs-flags #90228

280

+

281

+	local myconf=()

282

+	host-is-pax && myconf+=( --disable-pch ) #301299 #425524 #572092

283

+

284

+	ECONF_SOURCE="${S}" \

285

+	econf "${myconf[@]}"

286

+}

287

+

288

+multilib_src_test() {

289

+	# Default sandbox build will run with --jobs set to # cpus.

290

+	emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)"

291

+}

292

+

293

+multilib_src_install_all() {

294

+	doenvd "${FILESDIR}"/09sandbox

295

+

296

+	keepdir /var/log/sandbox

297

+	fowners root:portage /var/log/sandbox

298

+	fperms 0770 /var/log/sandbox

299

+

300

+	cd "${S}"

301

+	dodoc AUTHORS ChangeLog* NEWS README

302

+}

303

+

304

+pkg_preinst() {

305

+	chown root:portage "${ED}"/var/log/sandbox

306

+	chmod 0770 "${ED}"/var/log/sandbox

307

+

308

+	if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then

309

+		local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*')

310

+		if [[ -n ${old} ]] ; then

311

+			elog "Removing old sandbox libraries for you:"

312

+			find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -print -delete

313

+		fi

314

+	fi

315

+}

316

+

317

+pkg_postinst() {

318

+	if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then

319

+		chmod 0755 "${EROOT}"/etc/sandbox.d #265376

320

+	fi

321

+}

1	commit: 3a9eb02cfe4cde0373b309d67fe1fb83c68d7ec5
2	Author: Mart Raudsepp <leio <AT> gentoo <DOT> org>
3	AuthorDate: Fri Dec 30 08:35:38 2016 +0000
4	Commit: Mart Raudsepp <leio <AT> gentoo <DOT> org>
5	CommitDate: Fri Dec 30 08:49:48 2016 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a9eb02c
7
8	sys-apps/sandbox: Fix opendir sandbox abort with long paths
9
10	Shell globbing code could end up calling opendir on a whole command line
11	with arguments, exceeding 8k characters - for example when libtool gets
12	passed an -export-symbols-regex with a wildcard.
13	Due to the length exceeding sandbox internal SB_PATH_MAX, it gets trimmed
14	internally in sandbox syscall checks (even though opendir isn't an actual
15	syscall), gets confused and throws an ISE abort.
16	Fix it by adding a precheck that simply fails early with ENAMETOOLONG on
17	too long paths, as the real glibc function would do the same.
18
19	Fixes large projects hitting sandbox abort inside the driving POSIX shell
20	globbing function due to a long list of linker arguments (such as many object
21	files) being passed to libtool together with an -export-symbols-regex with
22	a wildcard. Known affected packages include graphicsmagick and newer
23	gnome-builder.
24
25	p.masked for a short time as a maintainer timeout, seeking independent
26	validation as a critical packages non-maintainer revbump.
27
28	Gentoo-Bug: 553092
29	Package-Manager: portage-2.3.3
30	Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org>
31
32	profiles/package.mask \| 4 +
33	.../sandbox/files/sandbox-2.10-fix-opendir.patch \| 79 ++++++++++++++++++++
34	sys-apps/sandbox/sandbox-2.10-r3.ebuild \| 84 +++++++++++++++++++++
35	sys-apps/sandbox/sandbox-2.11-r4.ebuild \| 85 ++++++++++++++++++++++
36	4 files changed, 252 insertions(+)
37
38	diff --git a/profiles/package.mask b/profiles/package.mask
39	index 438ba4f..979a785 100644
40	--- a/profiles/package.mask
41	+++ b/profiles/package.mask
42	@@ -30,6 +30,10 @@
43
44	#--- END OF EXAMPLES ---
45
46	+# Mart Raudsepp <leio@g.o> (30 Dec 2016)
47	+# Temporary testing mask for non-maintainer commit of a bugfix, #553092
48	+=sys-apps/sandbox-2.10-r3
49	+
50	# David Seifert <soap@g.o> (29 Dec 2016)
51	# Ancient codebase, maintenance nightmare, dead
52	# upstream, games-emulation/vbam is spiritual successor
53
54	diff --git a/sys-apps/sandbox/files/sandbox-2.10-fix-opendir.patch b/sys-apps/sandbox/files/sandbox-2.10-fix-opendir.patch
55	new file mode 100644
56	index 00000000..2ff89bc
57	--- /dev/null
58	+++ b/sys-apps/sandbox/files/sandbox-2.10-fix-opendir.patch
59	@@ -0,0 +1,79 @@
60	+From 3f668dc6ba1910085e61b3a24167ab1352c60d92 Mon Sep 17 00:00:00 2001
61	+From: Mart Raudsepp <leio@g.o>
62	+Date: Fri, 11 Nov 2016 12:34:48 +0200
63	+Subject: [PATCH] libsandbox: do not abort with a long name to opendir
64	+
65	+Add a pre-check for opendir that catches too long name arguments
66	+given to opendir, as it would get messed up and abort before it
67	+even gets to the open*() syscall (which would handle it correctly),
68	+due to opendir going through before_syscall/check_syscall, even
69	+though it isn't a true syscall and it getting cut to SB_PATH_MAX
70	+inbetween and getting confused somewhere.
71	+
72	+URL: https://bugs.gentoo.org/553092
73	+Signed-off-by: Mart Raudsepp <leio@g.o>
74	+---
75	+ libsandbox/wrapper-funcs/opendir.c \| 2 ++
76	+ libsandbox/wrapper-funcs/opendir_pre_check.c \| 26 ++++++++++++++++++++++++++
77	+ libsandbox/wrappers.h \| 1 +
78	+ 3 files changed, 29 insertions(+)
79	+ create mode 100644 libsandbox/wrapper-funcs/opendir_pre_check.c
80	+
81	+diff --git a/libsandbox/wrapper-funcs/opendir.c b/libsandbox/wrapper-funcs/opendir.c
82	+index 7670775..70c2692 100644
83	+--- a/libsandbox/wrapper-funcs/opendir.c
84	++++ b/libsandbox/wrapper-funcs/opendir.c
85	+@@ -10,4 +10,6 @@
86	+ #define WRAPPER_SAFE() SB_SAFE(name)
87	+ #define WRAPPER_RET_TYPE DIR *
88	+ #define WRAPPER_RET_DEFAULT NULL
89	++#define WRAPPER_PRE_CHECKS() sb_opendir_pre_check(STRING_NAME, name)
90	++
91	+ #include "__wrapper_simple.c"
92	+diff --git a/libsandbox/wrapper-funcs/opendir_pre_check.c b/libsandbox/wrapper-funcs/opendir_pre_check.c
93	+new file mode 100644
94	+index 0000000..60c869f
95	+--- /dev/null
96	++++ b/libsandbox/wrapper-funcs/opendir_pre_check.c
97	+@@ -0,0 +1,26 @@
98	++/*
99	++ * opendir() pre-check.
100	++ *
101	++ * Copyright 1999-2016 Gentoo Foundation
102	++ * Licensed under the GPL-2
103	++ */
104	++
105	++bool sb_opendir_pre_check(const char func, const char name)
106	++{
107	++ /* If length of name is larger than PATH_MAX, we would mess it up
108	++ * before it reaches the open syscall, which would cleanly error out
109	++ * via sandbox as well (actually with much smaller lengths than even
110	++ * PATH_MAX).
111	++ * So error out early in this case, in order to avoid an abort in
112	++ * check_syscall later on, which gets ran for opendir, despite it not
113	++ * being a syscall.
114	++ */
115	++ if (strnlen(name, PATH_MAX) == PATH_MAX) {
116	++ errno = ENAMETOOLONG;
117	++ sb_debug_dyn("EARLY FAIL: %s(%s): %s\n",
118	++ func, name, strerror(errno));
119	++ return false;
120	++ }
121	++
122	++ return true;
123	++}
124	+diff --git a/libsandbox/wrappers.h b/libsandbox/wrappers.h
125	+index 0aa58bb..bf5bf64 100644
126	+--- a/libsandbox/wrappers.h
127	++++ b/libsandbox/wrappers.h
128	+@@ -27,6 +27,7 @@ attribute_hidden bool sb_fopen64_pre_check (const char func, const char pathn
129	+ attribute_hidden bool sb_mkdirat_pre_check (const char func, const char pathname, int dirfd);
130	+ attribute_hidden bool sb_openat_pre_check (const char func, const char pathname, int dirfd, int flags);
131	+ attribute_hidden bool sb_openat64_pre_check (const char func, const char pathname, int dirfd, int flags);
132	++attribute_hidden bool sb_opendir_pre_check (const char func, const char name);
133	+ attribute_hidden bool sb_unlinkat_pre_check (const char func, const char pathname, int dirfd);
134	+ attribute_hidden bool sb_common_at_pre_check(const char func, const char *pathname, int dirfd,
135	+ char *dirfd_path, size_t dirfd_path_len);
136	+--
137	+2.9.0
138	+
139
140	diff --git a/sys-apps/sandbox/sandbox-2.10-r3.ebuild b/sys-apps/sandbox/sandbox-2.10-r3.ebuild
141	new file mode 100644
142	index 00000000..910a931
143	--- /dev/null
144	+++ b/sys-apps/sandbox/sandbox-2.10-r3.ebuild
145	@@ -0,0 +1,84 @@
146	+# Copyright 1999-2016 Gentoo Foundation
147	+# Distributed under the terms of the GNU General Public License v2
148	+
149	+#
150	+# don't monkey with this ebuild unless contacting portage devs.
151	+# period.
152	+#
153	+
154	+EAPI="5"
155	+
156	+inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils
157	+
158	+DESCRIPTION="sandbox'd LD_PRELOAD hack"
159	+HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/"
160	+SRC_URI="mirror://gentoo/${P}.tar.xz
161	+ https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
162	+
163	+LICENSE="GPL-2"
164	+SLOT="0"
165	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
166	+IUSE=""
167	+
168	+DEPEND="app-arch/xz-utils
169	+ >=app-misc/pax-utils-0.1.19" #265376
170	+RDEPEND=""
171	+
172	+has sandbox_death_notice ${EBUILD_DEATH_HOOKS} \|\| EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"
173	+
174	+sandbox_death_notice() {
175	+ ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
176	+ ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox"
177	+}
178	+
179	+src_prepare() {
180	+ epatch "${FILESDIR}"/${P}-memory-corruption.patch #568714
181	+ epatch "${FILESDIR}"/${P}-disable-same.patch
182	+ epatch "${FILESDIR}"/${P}-fix-opendir.patch #553092
183	+ epatch_user
184	+}
185	+
186	+multilib_src_configure() {
187	+ filter-lfs-flags #90228
188	+
189	+ local myconf=()
190	+ host-is-pax && myconf+=( --disable-pch ) #301299 #425524 #572092
191	+
192	+ ECONF_SOURCE="${S}" \
193	+ econf "${myconf[@]}"
194	+}
195	+
196	+multilib_src_test() {
197	+ # Default sandbox build will run with --jobs set to # cpus.
198	+ emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)"
199	+}
200	+
201	+multilib_src_install_all() {
202	+ doenvd "${FILESDIR}"/09sandbox
203	+
204	+ keepdir /var/log/sandbox
205	+ fowners root:portage /var/log/sandbox
206	+ fperms 0770 /var/log/sandbox
207	+
208	+ cd "${S}"
209	+ dodoc AUTHORS ChangeLog* NEWS README
210	+}
211	+
212	+pkg_preinst() {
213	+ chown root:portage "${ED}"/var/log/sandbox
214	+ chmod 0770 "${ED}"/var/log/sandbox
215	+
216	+ if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then
217	+ local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*')
218	+ if [[ -n ${old} ]] ; then
219	+ elog "Removing old sandbox libraries for you:"
220	+ find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -print -delete
221	+ fi
222	+ fi
223	+}
224	+
225	+pkg_postinst() {
226	+ if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then
227	+ chmod 0755 "${EROOT}"/etc/sandbox.d #265376
228	+ fi
229	+}
230
231	diff --git a/sys-apps/sandbox/sandbox-2.11-r4.ebuild b/sys-apps/sandbox/sandbox-2.11-r4.ebuild
232	new file mode 100644
233	index 00000000..0cba4b7
234	--- /dev/null
235	+++ b/sys-apps/sandbox/sandbox-2.11-r4.ebuild
236	@@ -0,0 +1,85 @@
237	+# Copyright 1999-2016 Gentoo Foundation
238	+# Distributed under the terms of the GNU General Public License v2
239	+
240	+#
241	+# don't monkey with this ebuild unless contacting portage devs.
242	+# period.
243	+#
244	+
245	+EAPI="5"
246	+
247	+inherit eutils flag-o-matic multilib-minimal multiprocessing pax-utils
248	+
249	+DESCRIPTION="sandbox'd LD_PRELOAD hack"
250	+HOMEPAGE="https://www.gentoo.org/proj/en/portage/sandbox/"
251	+SRC_URI="mirror://gentoo/${P}.tar.xz
252	+ https://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
253	+
254	+LICENSE="GPL-2"
255	+SLOT="0"
256	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
257	+IUSE=""
258	+
259	+DEPEND="app-arch/xz-utils
260	+ >=app-misc/pax-utils-0.1.19" #265376
261	+RDEPEND=""
262	+
263	+has sandbox_death_notice ${EBUILD_DEATH_HOOKS} \|\| EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"
264	+
265	+sandbox_death_notice() {
266	+ ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
267	+ ewarn "FEATURES='-sandbox -usersandbox' emerge sandbox"
268	+}
269	+
270	+src_prepare() {
271	+ epatch "${FILESDIR}"/${P}-execvpe.patch #578516
272	+ epatch "${FILESDIR}"/${P}-exec-hash.patch #578524
273	+ epatch "${FILESDIR}"/${P}-exec-prelink.patch #599894
274	+ epatch "${FILESDIR}"/${PN}-2.10-fix-opendir.patch #553092
275	+ epatch_user
276	+}
277	+
278	+multilib_src_configure() {
279	+ filter-lfs-flags #90228
280	+
281	+ local myconf=()
282	+ host-is-pax && myconf+=( --disable-pch ) #301299 #425524 #572092
283	+
284	+ ECONF_SOURCE="${S}" \
285	+ econf "${myconf[@]}"
286	+}
287	+
288	+multilib_src_test() {
289	+ # Default sandbox build will run with --jobs set to # cpus.
290	+ emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)"
291	+}
292	+
293	+multilib_src_install_all() {
294	+ doenvd "${FILESDIR}"/09sandbox
295	+
296	+ keepdir /var/log/sandbox
297	+ fowners root:portage /var/log/sandbox
298	+ fperms 0770 /var/log/sandbox
299	+
300	+ cd "${S}"
301	+ dodoc AUTHORS ChangeLog* NEWS README
302	+}
303	+
304	+pkg_preinst() {
305	+ chown root:portage "${ED}"/var/log/sandbox
306	+ chmod 0770 "${ED}"/var/log/sandbox
307	+
308	+ if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then
309	+ local old=$(find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*')
310	+ if [[ -n ${old} ]] ; then
311	+ elog "Removing old sandbox libraries for you:"
312	+ find "${EROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -print -delete
313	+ fi
314	+ fi
315	+}
316	+
317	+pkg_postinst() {
318	+ if [[ ${REPLACING_VERSIONS} == 1.* ]] ; then
319	+ chmod 0755 "${EROOT}"/etc/sandbox.d #265376
320	+ fi
321	+}

Gentoo Archives: gentoo-commits