commit: 2fcd58b2c05b0bedd594dbaabd99e7d5f30644de
Author: David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 21 23:37:35 2021 +0000
Commit: David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Sun Nov 21 23:37:35 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2fcd58b2
sys-libs/libcap: add 2.61
Signed-off-by: David Seifert <soap <AT> gentoo.org>
sys-libs/libcap/Manifest | 1 +
....61-ignore-RAISE_SETFCAP-install-failures.patch | 24 ++++++
sys-libs/libcap/files/libcap-2.61-no_perl.patch | 62 +++++++++++++++
sys-libs/libcap/libcap-2.61.ebuild | 90 ++++++++++++++++++++++
4 files changed, 177 insertions(+)
diff --git a/sys-libs/libcap/Manifest b/sys-libs/libcap/Manifest
index 4f4e42436180..a96b565578d0 100644
--- a/sys-libs/libcap/Manifest
+++ b/sys-libs/libcap/Manifest
@@ -1,2 +1,3 @@
DIST libcap-2.49.tar.xz 139568 BLAKE2B
5746dcdf2a737e747450bd50a701ee8543277b17b7fbf1304b79f707a088ea74dc6dc79c61ff89b55b718a460a7b0814f960f44d07944a97b832b78f4e14e07f
SHA512
2934a2ded1370edeb9603dbf43d8ca23a2eb5d67efc5cec5d4ba96c707a8db2702da8aa9be0cb86c5ff100d37ec96115c7777a7566ad0ab2e0b4a288bbe357d0
DIST libcap-2.60.tar.xz 170744 BLAKE2B
858b5133a5cb2f3b30dab569a6c9f2097034318c90419fa2372e0b28c891160f5e84b54b302b2d98664df8f7c44df78eb3cb4e47b328cecd4c27e7ab223045ae
SHA512
f2ff0d81df7251c05decda706ccc6463ce58df6a3c542fe479328dce5416f77aa5c6a09a1ab05a1d1a3638e6dae5c0e546aaa4824843a570700a8927fb7f73e6
+DIST libcap-2.61.tar.xz 173892 BLAKE2B
50874d3510ab2476aaceb775314d98744736aacd7364a23827756caa160c101e8bc890b7c33b5e19df8b30bb6b3b1c2be323e4b6a963f97e9ee557e86b4f13a0
SHA512
40096bf511d1c45e36f5d7f24e49c709528f3f01fcadd47b6ac40a7e8d5f1705b29b4cc56356b030639f67d0641b9f4e7c19449c3c7f4f77a4070c35745b465c
diff --git
a/sys-libs/libcap/files/libcap-2.61-ignore-RAISE_SETFCAP-install-failures.patch
b/sys-libs/libcap/files/libcap-2.61-ignore-RAISE_SETFCAP-install-failures.patch
new file mode 100644
index 000000000000..25f853b2a982
--- /dev/null
+++
b/sys-libs/libcap/files/libcap-2.61-ignore-RAISE_SETFCAP-install-failures.patch
@@ -0,0 +1,24 @@
+From 8dfcdcfdcb9c462a05566aa8d3c6eca871f0ddbf Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vap...@gentoo.org>
+Date: Wed, 10 Feb 2016 09:52:45 +0100
+Subject: [PATCH] ignore RAISE_SETFCAP install failures
+
+While the new RAISE_SETFCAP feature is nifty, its failure to run (often
+due to the fs not supporting it) shouldn't impair the default install.
+
+Signed-off-by: Mike Frysinger <vap...@gentoo.org>
+
+Forward ported from libcap-2.20 to libcap-2.25
+
+Signed-off-by: Lars Wendler <polynomia...@gentoo.org>
+--- a/progs/Makefile
++++ b/progs/Makefile
+@@ -39,7 +39,7 @@
+ install -m 0755 $$p $(FAKEROOT)$(SBINDIR) ; \
+ done
+ ifeq ($(RAISE_SETFCAP),yes)
+- $(FAKEROOT)$(SBINDIR)/setcap cap_setfcap=i $(FAKEROOT)$(SBINDIR)/setcap
++ -$(FAKEROOT)$(SBINDIR)/setcap cap_setfcap=i $(FAKEROOT)$(SBINDIR)/setcap
+ endif
+
+ test:
diff --git a/sys-libs/libcap/files/libcap-2.61-no_perl.patch
b/sys-libs/libcap/files/libcap-2.61-no_perl.patch
new file mode 100644
index 000000000000..deda35db8e31
--- /dev/null
+++ b/sys-libs/libcap/files/libcap-2.61-no_perl.patch
@@ -0,0 +1,62 @@
+From 3f76418eaf73896489129c529fac021e4f3a03c0 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vap...@gentoo.org>
+Date: Wed, 21 Nov 2018 11:00:54 +0100
+Subject: [PATCH] use awk/sed instead of perl for creating header files
+
+More systems should have awk/sed than perl.
+
+Signed-off-by: Mike Frysinger <vap...@gentoo.org>
+
+Forward ported from libcap-2.22 to libcap-2.26
+and incorporated the gperf-3.1 fix provided by Mike Gilbert
+<flop...@gentoo.org>
+Forward ported from libcap-2.26 to libcap-2.28
+Forward ported from libcap-2.28 to libcap-2.38
+
+Signed-off-by: Lars Wendler <polynomia...@gentoo.org>
+--- a/libcap/Makefile
++++ b/libcap/Makefile
+@@ -20,6 +20,8 @@
+
+ # Always build libcap sources this way:
+ CFLAGS += -fPIC
++AWK = awk
++SED = sed
+
+ # The linker magic needed to build a dynamic library as independently
+ # executable
+@@ -82,17 +84,27 @@
+ ./_makenames > cap_names.h
+
+ $(GPERF_OUTPUT): cap_names.list.h
+- perl -e 'print "struct __cap_token_s { const char *name; int index;
};\n%{\nconst struct __cap_token_s *__cap_lookup_name(const char *,
size_t);\n%}\n%%\n"; while ($$l = <>) { $$l =~ s/[\{\"]//g; $$l =~ s/\}.*// ;
print $$l; }' < $< | gperf --ignore-case --language=ANSI-C --readonly
--null-strings --global-table --hash-function-name=__cap_hash_name
--lookup-function-name="__cap_lookup_name" -c -t -m20 $(INDENT) > $@
+- sed -e 's/unsigned int len/size_t len/' -i $@
++ (printf "%b" "struct __cap_token_s { const char *name; int index;
};\n%%\n"; \
++ $(SED) -e 's:["{}]::g' -e 's:,$$::' $<) | \
++ gperf \
++ --ignore-case \
++ --language=ANSI-C \
++ --includes \
++ --readonly \
++ --null-strings \
++ --global-table \
++ --hash-function-name=__cap_hash_name \
++ --lookup-function-name="__cap_lookup_name" \
++ -c -t -m20 $(INDENT) > $@
+
+-# Intention is that libcap keeps up with torvalds' tree, as reflected
+-# by this maintained version of the kernel header. libcap dynamically
+-# trims the meaning of "all" capabilities down to that of the running
+-# kernel as of 2.30.
+ UAPI_HEADER := $(topdir)/libcap/include/uapi/linux/capability.h
+ cap_names.list.h: Makefile $(UAPI_HEADER)
+ @echo "=> making $@ from $(UAPI_HEADER)"
+- perl -e 'while ($$l=<>) { if ($$l =~ /^\#define[ \t](CAP[_A-Z]+)[
\t]+([0-9]+)\s+$$/) { $$tok=$$1; $$val=$$2; $$tok =~ tr/A-Z/a-z/; print
"{\"$$tok\",$$val},\n"; } }' $(UAPI_HEADER) | fgrep -v 0x > $@
++ $(AWK) '($$0 ~
/^#define[[:space:]]+CAP[_A-Z]+[[:space:]]+[0-9]+[[:space:]]*$$/) { printf
"{\"%s\",%s},\n", tolower($$2), $$3 }' $(UAPI_HEADER) > $@
++
++cap_names.list.h: $(KERNEL_HEADERS)/linux/capability.h Makefile
++ @echo "=> making $@ from $<"
++ $(AWK) '($$0 ~
/^#define[[:space:]]+CAP[_A-Z]+[[:space:]]+[0-9]+[[:space:]]*$$/) { printf
"{\"%s\",%s},\n", tolower($$2), $$3 }' $< > $@
+
+ $(STACAPLIBNAME): $(CAPOBJS)
+ $(AR) rcs $@ $^
diff --git a/sys-libs/libcap/libcap-2.61.ebuild
b/sys-libs/libcap/libcap-2.61.ebuild
new file mode 100644
index 000000000000..d7182a35dc5b
--- /dev/null
+++ b/sys-libs/libcap/libcap-2.61.ebuild
@@ -0,0 +1,90 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit multilib-minimal toolchain-funcs pam usr-ldscript
+
+DESCRIPTION="POSIX 1003.1e capabilities"
+HOMEPAGE="https://sites.google.com/site/fullycapable/";
+SRC_URI="https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/${P}.tar.xz";
+
+# it's available under either of the licenses
+LICENSE="|| ( GPL-2 BSD )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv
~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="pam static-libs tools"
+
+# While the build system optionally uses gperf, we don't DEPEND on it because
+# the build automatically falls back when it's unavailable. #604802
+PDEPEND="pam? ( sys-libs/pam[${MULTILIB_USEDEP}] )"
+DEPEND="${PDEPEND}
+ sys-kernel/linux-headers"
+BDEPEND="
+ sys-apps/diffutils
+ tools? ( dev-lang/go )"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.61-no_perl.patch
+ "${FILESDIR}"/${PN}-2.61-ignore-RAISE_SETFCAP-install-failures.patch
+)
+
+QA_FLAGS_IGNORED="sbin/captree" # go binaries don't use LDFLAGS
+
+src_prepare() {
+ default
+ multilib_copy_sources
+}
+
+run_emake() {
+ local args=(
+ AR="$(tc-getAR)"
+ CC="$(tc-getCC)"
+ OBJCOPY="$(tc-getOBJCOPY)"
+ RANLIB="$(tc-getRANLIB)"
+ exec_prefix="${EPREFIX}"
+ lib_prefix="${EPREFIX}/usr"
+ lib="$(get_libdir)"
+ prefix="${EPREFIX}/usr"
+ PAM_CAP="$(usex pam yes no)"
+ DYNAMIC=yes
+ GOLANG="$(multilib_native_usex tools yes no)"
+ )
+ emake "${args[@]}" "$@"
+}
+
+src_configure() {
+ tc-export_build_env BUILD_CC
+ multilib-minimal_src_configure
+}
+
+multilib_src_compile() {
+ run_emake
+}
+
+multilib_src_test() {
+ run_emake test
+}
+
+multilib_src_install() {
+ # no configure, needs explicit install line #444724#c3
+ run_emake DESTDIR="${D}" install
+
+ gen_usr_ldscript -a cap
+ gen_usr_ldscript -a psx
+ if ! use static-libs ; then
+ rm "${ED}"/usr/$(get_libdir)/lib{cap,psx}.a || die
+ fi
+
+ # install pam plugins ourselves
+ rm -rf "${ED}"/usr/$(get_libdir)/security || die
+
+ if use pam ; then
+ dopammod pam_cap/pam_cap.so
+ dopamsecurity '' pam_cap/capability.conf
+ fi
+}
+
+multilib_src_install_all() {
+ dodoc CHANGELOG README doc/capability.notes
+}
