Date: Saturday, November 21, 2020 @ 19:54:09 Author: heftig Revision: 401651
archrelease: copy trunk to testing-x86_64 Added: gnome-keyring/repos/testing-x86_64/PKGBUILD (from rev 401650, gnome-keyring/trunk/PKGBUILD) gnome-keyring/repos/testing-x86_64/add-cinnamon.diff (from rev 401650, gnome-keyring/trunk/add-cinnamon.diff) gnome-keyring/repos/testing-x86_64/gnome-keyring.install (from rev 401650, gnome-keyring/trunk/gnome-keyring.install) Deleted: gnome-keyring/repos/testing-x86_64/33.patch gnome-keyring/repos/testing-x86_64/PKGBUILD gnome-keyring/repos/testing-x86_64/add-cinnamon.diff gnome-keyring/repos/testing-x86_64/gnome-keyring.install -----------------------+ 33.patch | 109 ----------------------------------------- PKGBUILD | 127 +++++++++++++++++++++++------------------------- add-cinnamon.diff | 88 ++++++++++++++++----------------- gnome-keyring.install | 14 ++--- 4 files changed, 113 insertions(+), 225 deletions(-) Deleted: 33.patch =================================================================== --- 33.patch 2020-11-21 19:53:56 UTC (rev 401650) +++ 33.patch 2020-11-21 19:54:09 UTC (rev 401651) @@ -1,109 +0,0 @@ -From dad072e1f7f6d640f4d6b52408b485ea34229f15 Mon Sep 17 00:00:00 2001 -From: Steve Grubb <sgr...@redhat.com> -Date: Thu, 29 Oct 2020 16:26:21 -0400 -Subject: [PATCH] Update libcap-ng capability handling - -There is a change coming in libcap-ng-0.8.1 that causes gnome-keyring to -not work correctly. The capng_apply function now returns an error if it -cannot change the bounding set. Previously this was ignored. Which means -now gnome-keyring exits when it shouldn't. - -The new patch adds troubleshooting info to the error message. And it checks -to see if we have CAP_SETPCAP. If we do not, then we cannot change the -capabilities so we just bypass the whole thing that was causing an error. -On the setuid side, it now drops the bounding set and clears any -supplemental groups that may be left over as an accident. ---- - daemon/gkd-capability.c | 44 +++++++++++++++++++++++------------------ - 1 file changed, 25 insertions(+), 19 deletions(-) - -diff --git a/daemon/gkd-capability.c b/daemon/gkd-capability.c -index 9afe3039..9ceaecee 100644 ---- a/daemon/gkd-capability.c -+++ b/daemon/gkd-capability.c -@@ -1,7 +1,7 @@ - /* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */ - /* gkd-capability.c - the security-critical initial phase of the daemon - * -- * Copyright (C) 2011 Steve Grubb -+ * Copyright (C) 2011,2020 Steve Grubb - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as -@@ -35,9 +35,10 @@ - - /* No logging, no gettext */ - static void --early_error (const char *err_string) -+early_error (const char *err_string, int rc) - { -- fprintf (stderr, "gnome-keyring-daemon: %s, aborting\n", err_string); -+ fprintf (stderr, "gnome-keyring-daemon: %s - %d, aborting\n", -+ err_string, rc); - exit (1); - } - -@@ -64,6 +65,8 @@ void - gkd_capability_obtain_capability_and_drop_privileges (void) - { - #ifdef HAVE_LIBCAPNG -+ int rc; -+ - capng_get_caps_process (); - switch (capng_have_capabilities (CAPNG_SELECT_CAPS)) - { -@@ -73,32 +76,35 @@ gkd_capability_obtain_capability_and_drop_privileges (void) - capng_update (CAPNG_ADD, - CAPNG_EFFECTIVE|CAPNG_PERMITTED, - CAP_IPC_LOCK); -- if (capng_change_id (getuid (), getgid (), 0)) -- early_error ("failed dropping capabilities"); -+ if ((rc = capng_change_id (getuid (), getgid (), -+ CAPNG_DROP_SUPP_GRP| -+ CAPNG_CLEAR_BOUNDING))) -+ early_error ("failed dropping capabilities", -+ rc); - break; - case CAPNG_FAIL: -- early_error ("error getting process capabilities"); -+ early_error ("error getting process capabilities", 0); - break; - case CAPNG_NONE: - early_warning ("insufficient process capabilities, insecure memory might get used"); - break; - case CAPNG_PARTIAL: /* File system based capabilities */ -- if (!capng_have_capability (CAPNG_EFFECTIVE, CAP_IPC_LOCK)) { -+ if (!capng_have_capability (CAPNG_EFFECTIVE, -+ CAP_IPC_LOCK)) - early_warning ("insufficient process capabilities, insecure memory might get used"); -- /* Drop all capabilities */ -+ -+ /* If we don't have CAP_SETPCAP, we can't do anything */ -+ if (capng_have_capability (CAPNG_EFFECTIVE, -+ CAP_SETPCAP)) { -+ /* Drop all capabilities except ipc_lock */ - capng_clear (CAPNG_SELECT_BOTH); -- capng_apply (CAPNG_SELECT_BOTH); -- break; -+ if ((rc = capng_update (CAPNG_ADD, -+ CAPNG_EFFECTIVE|CAPNG_PERMITTED, -+ CAP_IPC_LOCK)) != 0) -+ early_error ("error updating process capabilities", rc); -+ if ((rc = capng_apply (CAPNG_SELECT_BOTH)) != 0) -+ early_error ("error dropping process capabilities", rc); - } -- -- /* Drop all capabilities except ipc_lock */ -- capng_clear (CAPNG_SELECT_BOTH); -- if (capng_update (CAPNG_ADD, -- CAPNG_EFFECTIVE|CAPNG_PERMITTED, -- CAP_IPC_LOCK) != 0) -- early_error ("error dropping process capabilities"); -- if (capng_apply (CAPNG_SELECT_BOTH) != 0) -- early_error ("error dropping process capabilities"); - break; - } - #endif /* HAVE_LIBCAPNG */ --- -GitLab - Deleted: PKGBUILD =================================================================== --- PKGBUILD 2020-11-21 19:53:56 UTC (rev 401650) +++ PKGBUILD 2020-11-21 19:54:09 UTC (rev 401651) @@ -1,65 +0,0 @@ -# Maintainer: Jan Alexander Steffens (heftig) <hef...@archlinux.org> -# Contributor: Jan De Groot <j...@archlinux.org> - -pkgname=gnome-keyring -pkgver=3.36.0 -pkgrel=2 -epoch=1 -pkgdesc="Stores passwords and encryption keys" -url="https://wiki.gnome.org/Projects/GnomeKeyring" -arch=(x86_64) -license=(GPL LGPL) -depends=(gcr libcap-ng pam openssh) -makedepends=(git docbook-xsl python) -provides=(org.freedesktop.secrets) -groups=(gnome) -install=gnome-keyring.install -_commit=6cc50f97575d1d978cd7d24e6466f585d37947ed # tags/3.36.0^0 -source=("git+https://gitlab.gnome.org/GNOME/gnome-keyring.git#commit=$_commit" - 33.patch - add-cinnamon.diff) -sha256sums=('SKIP' - '23294d6569bb7c8297cc2f95071576fac48ee82ec1ead1b818dd69fbbc72b069' - 'd05210f5b0a7d4b22c0dff2854854af2eb5708aa2b296095e070dca68e9f815a') - -pkgver() { - cd $pkgname - git describe --tags | sed 's/-/+/g' -} - -prepare() { - cd $pkgname - - # https://bugs.archlinux.org/task/68664 - # https://gitlab.gnome.org/GNOME/gnome-keyring/-/merge_requests/33 - git apply -3 ../33.patch - - # Autolaunch in Cinnamon - git apply -3 ../add-cinnamon.diff - - NOCONFIGURE=1 ./autogen.sh -} - -build() { - cd $pkgname - ./configure --prefix=/usr \ - --sysconfdir=/etc \ - --localstatedir=/var \ - --libexecdir=/usr/lib \ - --with-pam-dir=/usr/lib/security \ - --disable-static \ - --disable-schemas-compile - sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool - make -} - -check() { - cd $pkgname - # Secure memory tests fail - dbus-run-session make -k check || : -} - -package() { - cd $pkgname - make DESTDIR="$pkgdir" install -} Copied: gnome-keyring/repos/testing-x86_64/PKGBUILD (from rev 401650, gnome-keyring/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2020-11-21 19:54:09 UTC (rev 401651) @@ -0,0 +1,62 @@ +# Maintainer: Jan Alexander Steffens (heftig) <hef...@archlinux.org> +# Contributor: Jan De Groot <j...@archlinux.org> + +pkgname=gnome-keyring +pkgver=3.36.0 +pkgrel=3 +epoch=1 +pkgdesc="Stores passwords and encryption keys" +url="https://wiki.gnome.org/Projects/GnomeKeyring" +arch=(x86_64) +license=(GPL LGPL) +depends=(gcr libcap-ng pam openssh) +makedepends=(git docbook-xsl python) +provides=(org.freedesktop.secrets) +groups=(gnome) +install=gnome-keyring.install +_commit=6cc50f97575d1d978cd7d24e6466f585d37947ed # tags/3.36.0^0 +source=("git+https://gitlab.gnome.org/GNOME/gnome-keyring.git#commit=$_commit" + add-cinnamon.diff) +sha256sums=('SKIP' + 'd05210f5b0a7d4b22c0dff2854854af2eb5708aa2b296095e070dca68e9f815a') + +pkgver() { + cd $pkgname + git describe --tags | sed 's/-/+/g' +} + +prepare() { + cd $pkgname + + # https://bugs.archlinux.org/task/68664 + git cherry-pick -n ebc7bc9efacc17049e54da8d96a4a29943621113 + + # Autolaunch in Cinnamon + git apply -3 ../add-cinnamon.diff + + NOCONFIGURE=1 ./autogen.sh +} + +build() { + cd $pkgname + ./configure --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --libexecdir=/usr/lib \ + --with-pam-dir=/usr/lib/security \ + --disable-static \ + --disable-schemas-compile + sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool + make +} + +check() { + cd $pkgname + # Secure memory tests fail + dbus-run-session make -k check || : +} + +package() { + cd $pkgname + make DESTDIR="$pkgdir" install +} Deleted: add-cinnamon.diff =================================================================== --- add-cinnamon.diff 2020-11-21 19:53:56 UTC (rev 401650) +++ add-cinnamon.diff 2020-11-21 19:54:09 UTC (rev 401651) @@ -1,44 +0,0 @@ - daemon/gnome-keyring-pkcs11.desktop.in.in | 2 +- - daemon/gnome-keyring-secrets.desktop.in.in | 2 +- - daemon/gnome-keyring-ssh.desktop.in.in | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git c/daemon/gnome-keyring-pkcs11.desktop.in.in i/daemon/gnome-keyring-pkcs11.desktop.in.in -index b43e1e9d..80434cbd 100644 ---- c/daemon/gnome-keyring-pkcs11.desktop.in.in -+++ i/daemon/gnome-keyring-pkcs11.desktop.in.in -@@ -3,7 +3,7 @@ Type=Application - Name=Certificate and Key Storage - Comment=GNOME Keyring: PKCS#11 Component - Exec=@bindir@/gnome-keyring-daemon --start --components=pkcs11 --OnlyShowIn=GNOME;Unity;MATE; -+OnlyShowIn=GNOME;Unity;MATE;Cinnamon; - NoDisplay=true - X-GNOME-Autostart-Phase=PreDisplayServer - X-GNOME-AutoRestart=false -diff --git c/daemon/gnome-keyring-secrets.desktop.in.in i/daemon/gnome-keyring-secrets.desktop.in.in -index dd9deec7..b6d7b2d0 100644 ---- c/daemon/gnome-keyring-secrets.desktop.in.in -+++ i/daemon/gnome-keyring-secrets.desktop.in.in -@@ -3,7 +3,7 @@ Type=Application - Name=Secret Storage Service - Comment=GNOME Keyring: Secret Service - Exec=@bindir@/gnome-keyring-daemon --start --components=secrets --OnlyShowIn=GNOME;Unity;MATE; -+OnlyShowIn=GNOME;Unity;MATE;Cinnamon; - NoDisplay=true - X-GNOME-Autostart-Phase=PreDisplayServer - X-GNOME-AutoRestart=false -diff --git c/daemon/gnome-keyring-ssh.desktop.in.in i/daemon/gnome-keyring-ssh.desktop.in.in -index 38aa24cb..163ff554 100644 ---- c/daemon/gnome-keyring-ssh.desktop.in.in -+++ i/daemon/gnome-keyring-ssh.desktop.in.in -@@ -3,7 +3,7 @@ Type=Application - Name=SSH Key Agent - Comment=GNOME Keyring: SSH Agent - Exec=@bindir@/gnome-keyring-daemon --start --components=ssh --OnlyShowIn=GNOME;Unity;MATE; -+OnlyShowIn=GNOME;Unity;MATE;Cinnamon; - X-GNOME-Autostart-Phase=PreDisplayServer - X-GNOME-AutoRestart=false - X-GNOME-Autostart-Notify=true Copied: gnome-keyring/repos/testing-x86_64/add-cinnamon.diff (from rev 401650, gnome-keyring/trunk/add-cinnamon.diff) =================================================================== --- add-cinnamon.diff (rev 0) +++ add-cinnamon.diff 2020-11-21 19:54:09 UTC (rev 401651) @@ -0,0 +1,44 @@ + daemon/gnome-keyring-pkcs11.desktop.in.in | 2 +- + daemon/gnome-keyring-secrets.desktop.in.in | 2 +- + daemon/gnome-keyring-ssh.desktop.in.in | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git c/daemon/gnome-keyring-pkcs11.desktop.in.in i/daemon/gnome-keyring-pkcs11.desktop.in.in +index b43e1e9d..80434cbd 100644 +--- c/daemon/gnome-keyring-pkcs11.desktop.in.in ++++ i/daemon/gnome-keyring-pkcs11.desktop.in.in +@@ -3,7 +3,7 @@ Type=Application + Name=Certificate and Key Storage + Comment=GNOME Keyring: PKCS#11 Component + Exec=@bindir@/gnome-keyring-daemon --start --components=pkcs11 +-OnlyShowIn=GNOME;Unity;MATE; ++OnlyShowIn=GNOME;Unity;MATE;Cinnamon; + NoDisplay=true + X-GNOME-Autostart-Phase=PreDisplayServer + X-GNOME-AutoRestart=false +diff --git c/daemon/gnome-keyring-secrets.desktop.in.in i/daemon/gnome-keyring-secrets.desktop.in.in +index dd9deec7..b6d7b2d0 100644 +--- c/daemon/gnome-keyring-secrets.desktop.in.in ++++ i/daemon/gnome-keyring-secrets.desktop.in.in +@@ -3,7 +3,7 @@ Type=Application + Name=Secret Storage Service + Comment=GNOME Keyring: Secret Service + Exec=@bindir@/gnome-keyring-daemon --start --components=secrets +-OnlyShowIn=GNOME;Unity;MATE; ++OnlyShowIn=GNOME;Unity;MATE;Cinnamon; + NoDisplay=true + X-GNOME-Autostart-Phase=PreDisplayServer + X-GNOME-AutoRestart=false +diff --git c/daemon/gnome-keyring-ssh.desktop.in.in i/daemon/gnome-keyring-ssh.desktop.in.in +index 38aa24cb..163ff554 100644 +--- c/daemon/gnome-keyring-ssh.desktop.in.in ++++ i/daemon/gnome-keyring-ssh.desktop.in.in +@@ -3,7 +3,7 @@ Type=Application + Name=SSH Key Agent + Comment=GNOME Keyring: SSH Agent + Exec=@bindir@/gnome-keyring-daemon --start --components=ssh +-OnlyShowIn=GNOME;Unity;MATE; ++OnlyShowIn=GNOME;Unity;MATE;Cinnamon; + X-GNOME-Autostart-Phase=PreDisplayServer + X-GNOME-AutoRestart=false + X-GNOME-Autostart-Notify=true Deleted: gnome-keyring.install =================================================================== --- gnome-keyring.install 2020-11-21 19:53:56 UTC (rev 401650) +++ gnome-keyring.install 2020-11-21 19:54:09 UTC (rev 401651) @@ -1,7 +0,0 @@ -post_install() { - setcap cap_ipc_lock+ep usr/bin/gnome-keyring-daemon -} - -post_upgrade() { - post_install -} Copied: gnome-keyring/repos/testing-x86_64/gnome-keyring.install (from rev 401650, gnome-keyring/trunk/gnome-keyring.install) =================================================================== --- gnome-keyring.install (rev 0) +++ gnome-keyring.install 2020-11-21 19:54:09 UTC (rev 401651) @@ -0,0 +1,7 @@ +post_install() { + setcap cap_ipc_lock+ep usr/bin/gnome-keyring-daemon +} + +post_upgrade() { + post_install +}