| 1 |
libcap-ng-0.7.10 changed the output format slightly (in upstream commit |
| 2 |
bc1a9c07ebf5 "- Add capng_have_permitted_capabilities function and use |
| 3 |
it in filecap"), breaking our usage of it. It's obvious that it's not |
| 4 |
supposed to be used programmatically given the awful sed'ing we were |
| 5 |
already doing. It doesn't seem like there was a compelling reason why it |
| 6 |
was added either (bug #454908), so let's just get rid of it. |
| 7 |
|
| 8 |
At the same time, fix the dependency on sys-libs/libcap by moving it to |
| 9 |
RDEPEND, as dependencies in DEPEND/BDEPEND are not guaranteed to exist |
| 10 |
during pkg_postinst() when this eclass is intended to run. |
| 11 |
|
| 12 |
Signed-off-by: Matt Turner <mattst88@g.o> |
| 13 |
--- |
| 14 |
eclass/fcaps.eclass | 95 +++++++++++++-------------------------------- |
| 15 |
1 file changed, 27 insertions(+), 68 deletions(-) |
| 16 |
|
| 17 |
diff --git a/eclass/fcaps.eclass b/eclass/fcaps.eclass |
| 18 |
index 0bb23f8cca7..43a76e253df 100644 |
| 19 |
--- a/eclass/fcaps.eclass |
| 20 |
+++ b/eclass/fcaps.eclass |
| 21 |
@@ -33,11 +33,8 @@ _FCAPS_ECLASS=1 |
| 22 |
|
| 23 |
IUSE="+filecaps" |
| 24 |
|
| 25 |
-# We can't use libcap-ng atm due to #471414. |
| 26 |
-case "${EAPI:-0}" in |
| 27 |
- [0-6]) DEPEND="filecaps? ( sys-libs/libcap )" ;; |
| 28 |
- *) BDEPEND="filecaps? ( sys-libs/libcap )" ;; |
| 29 |
-esac |
| 30 |
+# Since it is needed in pkg_postinst() it must be in RDEPEND |
| 31 |
+RDEPEND="filecaps? ( sys-libs/libcap )" |
| 32 |
|
| 33 |
# @ECLASS-VARIABLE: FILECAPS |
| 34 |
# @DEFAULT_UNSET |
| 35 |
@@ -134,69 +131,31 @@ fcaps() { |
| 36 |
# by people. |
| 37 |
chmod ${caps_mode} "${file}" || die |
| 38 |
|
| 39 |
- # Set/verify funcs for sys-libs/libcap. |
| 40 |
- _libcap() { setcap "${caps}" "${file}" ; } |
| 41 |
- _libcap_verify() { setcap -v "${caps}" "${file}" >/dev/null ; } |
| 42 |
- |
| 43 |
- # Set/verify funcs for sys-libs/libcap-ng. |
| 44 |
- # Note: filecap only supports =ep mode. |
| 45 |
- # It also expects a different form: |
| 46 |
- # setcap cap_foo,cap_bar |
| 47 |
- # filecap foo bar |
| 48 |
- _libcap_ng() { |
| 49 |
- local caps=",${caps%=ep}" |
| 50 |
- filecap "${file}" "${caps//,cap_}" |
| 51 |
- } |
| 52 |
- _libcap_ng_verify() { |
| 53 |
- # libcap-ng has a crappy interface |
| 54 |
- local rcaps icaps caps=",${caps%=ep}" |
| 55 |
- rcaps=$(filecap "${file}" | \ |
| 56 |
- sed -nr \ |
| 57 |
- -e "s:^.{${#file}} +::" \ |
| 58 |
- -e 's:, +:\n:g' \ |
| 59 |
- -e 2p | \ |
| 60 |
- LC_ALL=C sort) |
| 61 |
- [[ ${PIPESTATUS[0]} -eq 0 ]] || return 1 |
| 62 |
- icaps=$(echo "${caps//,cap_}" | LC_ALL=C sort) |
| 63 |
- [[ ${rcaps} == ${icaps} ]] |
| 64 |
- } |
| 65 |
- |
| 66 |
- local out cmd notfound=0 |
| 67 |
- for cmd in _libcap _libcap_ng ; do |
| 68 |
- if ! out=$(LC_ALL=C ${cmd} 2>&1) ; then |
| 69 |
- case ${out} in |
| 70 |
- *"command not found"*) |
| 71 |
- : $(( ++notfound )) |
| 72 |
- continue |
| 73 |
- ;; |
| 74 |
- # ENOTSUP and EOPNOTSUPP might be the same value which means |
| 75 |
- # strerror() on them is unstable -- we can get both. #559608 |
| 76 |
- *"Not supported"*|\ |
| 77 |
- *"Operation not supported"*) |
| 78 |
- local fstype=$(stat -f -c %T "${file}") |
| 79 |
- ewarn "Could not set caps on '${file}' due to missing filesystem support:" |
| 80 |
- ewarn "* enable XATTR support for '${fstype}' in your kernel (if configurable)" |
| 81 |
- ewarn "* mount the fs with the user_xattr option (if not the default)" |
| 82 |
- ewarn "* enable the relevant FS_SECURITY option (if configurable)" |
| 83 |
- break |
| 84 |
- ;; |
| 85 |
- *) |
| 86 |
- eerror "Setting caps '${caps}' on file '${file}' failed:" |
| 87 |
- eerror "${out}" |
| 88 |
- die "could not set caps" |
| 89 |
- ;; |
| 90 |
- esac |
| 91 |
- else |
| 92 |
- # Sanity check that everything took. |
| 93 |
- ${cmd}_verify || die "Checking caps '${caps}' on '${file}' failed" |
| 94 |
- |
| 95 |
- # Everything worked. Move on to the next file. |
| 96 |
- continue 2 |
| 97 |
- fi |
| 98 |
- done |
| 99 |
- if [[ ${notfound} -eq 2 ]] && [[ -z ${_FCAPS_WARNED} ]] ; then |
| 100 |
- _FCAPS_WARNED="true" |
| 101 |
- ewarn "Could not find cap utils; make sure libcap or libcap-ng is available." |
| 102 |
+ if ! out=$(LC_ALL=C /sbin/setcap "${caps}" "${file}" 2>&1) ; then |
| 103 |
+ case ${out} in |
| 104 |
+ # ENOTSUP and EOPNOTSUPP might be the same value which means |
| 105 |
+ # strerror() on them is unstable -- we can get both. #559608 |
| 106 |
+ *"Not supported"*|\ |
| 107 |
+ *"Operation not supported"*) |
| 108 |
+ local fstype=$(stat -f -c %T "${file}") |
| 109 |
+ ewarn "Could not set caps on '${file}' due to missing filesystem support:" |
| 110 |
+ ewarn "* enable XATTR support for '${fstype}' in your kernel (if configurable)" |
| 111 |
+ ewarn "* mount the fs with the user_xattr option (if not the default)" |
| 112 |
+ ewarn "* enable the relevant FS_SECURITY option (if configurable)" |
| 113 |
+ ;; |
| 114 |
+ *) |
| 115 |
+ eerror "Setting caps '${caps}' on file '${file}' failed:" |
| 116 |
+ eerror "${out}" |
| 117 |
+ die "could not set caps" |
| 118 |
+ ;; |
| 119 |
+ esac |
| 120 |
+ else |
| 121 |
+ # Sanity check that everything took. |
| 122 |
+ /sbin/setcap -v "${caps}" "${file}" >/dev/null \ |
| 123 |
+ || die "Checking caps '${caps}' on '${file}' failed" |
| 124 |
+ |
| 125 |
+ # Everything worked. Move on to the next file. |
| 126 |
+ continue |
| 127 |
fi |
| 128 |
fi |
| 129 |
|
| 130 |
-- |
| 131 |
2.24.1 |
Archives