Package: libarchive13 Version: 3.1.2-11ghigo Severity: normal Tags: patch libarchive in linux doesn't support properly the ACL. This is a bug alredy solved in upstream [1][2]. The problem is that the code which handles ACLs depend by the definition of the macro ACL_TYPE_NFS4. However in linux this macro is not defined.
During the packaging build, dpkg-shlibdeps warns abou the fact the the "acl" library is unused: --- dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/libarchive13/usr/lib/x86_64-linux-gnu/libarchive.so.13.1.2 was not linked against libacl.so.1 (it uses none of the library's symbols) --- In upstream the problem is solved by the patch [2]. Fedora solved this issue cherry-picking the same patch [4]. I made a new version the libarchive package: I put the commit [2] in debian/patches/, I update debian/patches/series adding the new patch, and finally I updated the debian/changelog file. The package compiled and now my tests showed ACL seems supported. BR G.Baroncelli [1] https://code.google.com/p/libarchive/issues/detail?id=329 [2] See commit b45c3ae1825c8cedc7cde2972a04974f73b08315 [3] https://bugzilla.redhat.com/show_bug.cgi?id=993048 [4] http://pkgs.fedoraproject.org/cgit/libarchive.git/commit/?id=da58d4e8afce6acca54475be528f6b948aa2951a -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: armhf Kernel: Linux 3.18.5 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libarchive13 depends on: ii libacl1 2.2.52-2 ii libattr1 1:2.4.47-2 ii libbz2-1.0 1.0.6-7+b2 ii libc6 2.19-15 ii liblzma5 5.1.1alpha+20120614-2+b3 ii liblzo2-2 2.08-1.2 ii libnettle4 2.7.1-5 ii libxml2 2.9.2+dfsg1-3 ii multiarch-support 2.19-15 ii zlib1g 1:1.2.8.dfsg-2+b1 libarchive13 recommends no packages. Versions of packages libarchive13 suggests: pn lrzip <none> -- no debconf information
commit b45c3ae1825c8cedc7cde2972a04974f73b08315 Author: Tim Kientzle <kient...@acm.org> Date: Sat Jan 4 21:46:57 2014 -0800 Issue #329: https://code.google.com/p/libarchive/issues/detail?id=329 Fix POSIX.1e draft ACL handling on Linux systems that lack NFSv4 ACL libraries. diff --git a/libarchive/archive_read_disk_entry_from_file.c b/libarchive/archive_read_disk_entry_from_file.c index e984aaa..e81cbec 100644 --- a/libarchive/archive_read_disk_entry_from_file.c +++ b/libarchive/archive_read_disk_entry_from_file.c @@ -399,7 +399,7 @@ setup_mac_metadata(struct archive_read_disk *a, #endif -#if defined(HAVE_POSIX_ACL) && defined(ACL_TYPE_NFS4) +#ifdef HAVE_POSIX_ACL static int translate_acl(struct archive_read_disk *a, struct archive_entry *entry, acl_t acl, int archive_entry_acl_type); @@ -419,6 +419,7 @@ setup_acls(struct archive_read_disk *a, archive_entry_acl_clear(entry); +#ifdef ACL_TYPE_NFS4 /* Try NFS4 ACL first. */ if (*fd >= 0) acl = acl_get_fd(*fd); @@ -447,6 +448,7 @@ setup_acls(struct archive_read_disk *a, acl_free(acl); return (ARCHIVE_OK); } +#endif /* Retrieve access ACL from file. */ if (*fd >= 0) @@ -492,6 +494,7 @@ static struct { {ARCHIVE_ENTRY_ACL_EXECUTE, ACL_EXECUTE}, {ARCHIVE_ENTRY_ACL_WRITE, ACL_WRITE}, {ARCHIVE_ENTRY_ACL_READ, ACL_READ}, +#ifdef ACL_TYPE_NFS4 {ARCHIVE_ENTRY_ACL_READ_DATA, ACL_READ_DATA}, {ARCHIVE_ENTRY_ACL_LIST_DIRECTORY, ACL_LIST_DIRECTORY}, {ARCHIVE_ENTRY_ACL_WRITE_DATA, ACL_WRITE_DATA}, @@ -508,8 +511,10 @@ static struct { {ARCHIVE_ENTRY_ACL_WRITE_ACL, ACL_WRITE_ACL}, {ARCHIVE_ENTRY_ACL_WRITE_OWNER, ACL_WRITE_OWNER}, {ARCHIVE_ENTRY_ACL_SYNCHRONIZE, ACL_SYNCHRONIZE} +#endif }; +#ifdef ACL_TYPE_NFS4 static struct { int archive_inherit; int platform_inherit; @@ -519,21 +524,25 @@ static struct { {ARCHIVE_ENTRY_ACL_ENTRY_NO_PROPAGATE_INHERIT, ACL_ENTRY_NO_PROPAGATE_INHERIT}, {ARCHIVE_ENTRY_ACL_ENTRY_INHERIT_ONLY, ACL_ENTRY_INHERIT_ONLY} }; - +#endif static int translate_acl(struct archive_read_disk *a, struct archive_entry *entry, acl_t acl, int default_entry_acl_type) { acl_tag_t acl_tag; +#ifdef ACL_TYPE_NFS4 acl_entry_type_t acl_type; acl_flagset_t acl_flagset; + int brand, r; +#endif acl_entry_t acl_entry; acl_permset_t acl_permset; - int brand, i, r, entry_acl_type; + int i, entry_acl_type; int s, ae_id, ae_tag, ae_perm; const char *ae_name; +#ifdef ACL_TYPE_NFS4 // FreeBSD "brands" ACLs as POSIX.1e or NFSv4 // Make sure the "brand" on this ACL is consistent // with the default_entry_acl_type bits provided. @@ -560,6 +569,7 @@ translate_acl(struct archive_read_disk *a, return ARCHIVE_FAILED; break; } +#endif s = acl_get_entry(acl, ACL_FIRST_ENTRY, &acl_entry); @@ -592,9 +602,11 @@ translate_acl(struct archive_read_disk *a, case ACL_OTHER: ae_tag = ARCHIVE_ENTRY_ACL_OTHER; break; +#ifdef ACL_TYPE_NFS4 case ACL_EVERYONE: ae_tag = ARCHIVE_ENTRY_ACL_EVERYONE; break; +#endif default: /* Skip types that libarchive can't support. */ s = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry); @@ -605,6 +617,7 @@ translate_acl(struct archive_read_disk *a, // XXX acl_get_entry_type_np on FreeBSD returns EINVAL for // non-NFSv4 ACLs entry_acl_type = default_entry_acl_type; +#ifdef ACL_TYPE_NFS4 r = acl_get_entry_type_np(acl_entry, &acl_type); if (r == 0) { switch (acl_type) { @@ -634,9 +647,10 @@ translate_acl(struct archive_read_disk *a, ae_perm |= acl_inherit_map[i].archive_inherit; } +#endif acl_get_permset(acl_entry, &acl_permset); - for (i = 0; i < (int)(sizeof(acl_perm_map) / sizeof(acl_perm_map[0])); ++i) { + for (i = 0; i < (int)(sizeof(acl_perm_map) / sizeof(acl_perm_map[0])); ++i) { /* * acl_get_perm() is spelled differently on different * platforms; see above. diff --git a/libarchive/archive_write_disk_acl.c b/libarchive/archive_write_disk_acl.c index 9797203..5cbba54 100644 --- a/libarchive/archive_write_disk_acl.c +++ b/libarchive/archive_write_disk_acl.c @@ -43,7 +43,7 @@ __FBSDID("$FreeBSD: head/lib/libarchive/archive_write_disk.c 201159 2009-12-29 0 #include "archive_acl_private.h" #include "archive_write_disk_private.h" -#if !defined(HAVE_POSIX_ACL) || !defined(ACL_TYPE_NFS4) +#ifndef HAVE_POSIX_ACL /* Default empty function body to satisfy mainline code. */ int archive_write_disk_set_acls(struct archive *a, int fd, const char *name, @@ -79,10 +79,12 @@ archive_write_disk_set_acls(struct archive *a, int fd, const char *name, ret = set_acl(a, fd, name, abstract_acl, ACL_TYPE_DEFAULT, ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default"); return (ret); +#ifdef ACL_TYPE_NFS4 } else if (archive_acl_count(abstract_acl, ARCHIVE_ENTRY_ACL_TYPE_NFS4) > 0) { ret = set_acl(a, fd, name, abstract_acl, ACL_TYPE_NFS4, ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4"); return (ret); +#endif } else return ARCHIVE_OK; } @@ -94,6 +96,7 @@ static struct { {ARCHIVE_ENTRY_ACL_EXECUTE, ACL_EXECUTE}, {ARCHIVE_ENTRY_ACL_WRITE, ACL_WRITE}, {ARCHIVE_ENTRY_ACL_READ, ACL_READ}, +#ifdef ACL_TYPE_NFS4 {ARCHIVE_ENTRY_ACL_READ_DATA, ACL_READ_DATA}, {ARCHIVE_ENTRY_ACL_LIST_DIRECTORY, ACL_LIST_DIRECTORY}, {ARCHIVE_ENTRY_ACL_WRITE_DATA, ACL_WRITE_DATA}, @@ -110,8 +113,10 @@ static struct { {ARCHIVE_ENTRY_ACL_WRITE_ACL, ACL_WRITE_ACL}, {ARCHIVE_ENTRY_ACL_WRITE_OWNER, ACL_WRITE_OWNER}, {ARCHIVE_ENTRY_ACL_SYNCHRONIZE, ACL_SYNCHRONIZE} +#endif }; +#ifdef ACL_TYPE_NFS4 static struct { int archive_inherit; int platform_inherit; @@ -121,6 +126,7 @@ static struct { {ARCHIVE_ENTRY_ACL_ENTRY_NO_PROPAGATE_INHERIT, ACL_ENTRY_NO_PROPAGATE_INHERIT}, {ARCHIVE_ENTRY_ACL_ENTRY_INHERIT_ONLY, ACL_ENTRY_INHERIT_ONLY} }; +#endif static int set_acl(struct archive *a, int fd, const char *name, @@ -130,7 +136,9 @@ set_acl(struct archive *a, int fd, const char *name, acl_t acl; acl_entry_t acl_entry; acl_permset_t acl_permset; +#ifdef ACL_TYPE_NFS4 acl_flagset_t acl_flagset; +#endif int ret; int ae_type, ae_permset, ae_tag, ae_id; uid_t ae_uid; @@ -171,14 +179,17 @@ set_acl(struct archive *a, int fd, const char *name, case ARCHIVE_ENTRY_ACL_OTHER: acl_set_tag_type(acl_entry, ACL_OTHER); break; +#ifdef ACL_TYPE_NFS4 case ARCHIVE_ENTRY_ACL_EVERYONE: acl_set_tag_type(acl_entry, ACL_EVERYONE); break; +#endif default: /* XXX */ break; } +#ifdef ACL_TYPE_NFS4 switch (ae_type) { case ARCHIVE_ENTRY_ACL_TYPE_ALLOW: acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_ALLOW); @@ -200,6 +211,7 @@ set_acl(struct archive *a, int fd, const char *name, // XXX error handling here. break; } +#endif acl_get_permset(acl_entry, &acl_permset); acl_clear_perms(acl_permset); @@ -210,6 +222,7 @@ set_acl(struct archive *a, int fd, const char *name, acl_perm_map[i].platform_perm); } +#ifdef ACL_TYPE_NFS4 acl_get_flagset_np(acl_entry, &acl_flagset); acl_clear_flags_np(acl_flagset); for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) { @@ -217,6 +230,7 @@ set_acl(struct archive *a, int fd, const char *name, acl_add_flag_np(acl_flagset, acl_inherit_map[i].platform_inherit); } +#endif } /* Try restoring the ACL through 'fd' if we can. */