[gentoo-commits] repo/gentoo:master commit in: x11-misc/colord/files/, x11-misc/colord/

Sam James Fri, 01 Mar 2024 16:56:03 -0800

commit:     107eb89b10059098953c805aa775ddbd2ffaaff0
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Mar  2 00:55:33 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Mar  2 00:55:33 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=107eb89b


x11-misc/colord: backport systemd permission fixes

Signed-off-by: Sam James <sam <AT> gentoo.org>

 x11-misc/colord/colord-1.4.7-r1.ebuild             | 130 +++++++++++++++++++++
 .../files/colord-1.4.7-systemd-permissions.patch   |  51 ++++++++
 2 files changed, 181 insertions(+)

diff --git a/x11-misc/colord/colord-1.4.7-r1.ebuild 
b/x11-misc/colord/colord-1.4.7-r1.ebuild
new file mode 100644
index 000000000000..e6bb102d0a39
--- /dev/null
+++ b/x11-misc/colord/colord-1.4.7-r1.ebuild
@@ -0,0 +1,130 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+VALA_USE_DEPEND="vapigen"
+
+inherit bash-completion-r1 meson-multilib tmpfiles udev vala
+
+DESCRIPTION="System service to accurately color manage input and output 
devices"
+HOMEPAGE="https://www.freedesktop.org/software/colord/";
+SRC_URI="https://www.freedesktop.org/software/colord/releases/${P}.tar.xz";
+
+LICENSE="GPL-2+"
+SLOT="0/2" # subslot = libcolord soname version
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 
~riscv ~sparc ~x86"
+
+IUSE="gtk-doc argyllcms examples extra-print-profiles +introspection scanner 
selinux systemd test vala"
+RESTRICT="!test? ( test ) test" # Tests try to read and write files in /tmp
+REQUIRED_USE="vala? ( introspection )"
+
+DEPEND="
+       >=dev-libs/glib-2.58.0:2[${MULTILIB_USEDEP}]
+       >=media-libs/lcms-2.6:2=[${MULTILIB_USEDEP}]
+       dev-db/sqlite:3=[${MULTILIB_USEDEP}]
+       >=dev-libs/libgusb-0.2.7[introspection?,${MULTILIB_USEDEP}]
+
+       dev-libs/libgudev:=[${MULTILIB_USEDEP}]
+       virtual/libudev:=[${MULTILIB_USEDEP}]
+       virtual/udev
+
+       systemd? ( >=sys-apps/systemd-44:0= )
+       scanner? (
+               media-gfx/sane-backends
+               sys-apps/dbus
+       )
+       >=sys-auth/polkit-0.114
+       argyllcms? ( media-gfx/argyllcms )
+       introspection? ( >=dev-libs/gobject-introspection-1.56:= )
+"
+RDEPEND="${DEPEND}
+       acct-group/colord
+       acct-user/colord
+       selinux? ( sec-policy/selinux-colord )
+"
+BDEPEND="
+       acct-group/colord
+       acct-user/colord
+       app-text/docbook-xsl-ns-stylesheets
+       dev-libs/libxslt
+       >=sys-devel/gettext-0.17
+       virtual/pkgconfig
+       extra-print-profiles? ( media-gfx/argyllcms )
+       gtk-doc? (
+               dev-util/gtk-doc
+               app-text/docbook-xml-dtd:4.1.2
+       )
+       vala? ( $(vala_depend) )
+"
+
+PATCHES=(
+       "${FILESDIR}"/${PN}-1.4.7-systemd-permissions.patch
+)
+
+pkg_setup() {
+       use vala && vala_setup
+}
+
+src_prepare() {
+       default
+
+       # Test requires a running session
+       # https://github.com/hughsie/colord/issues/94
+       sed -i -e "/test('colord-test-daemon'/d" lib/colord/meson.build || die
+
+       # Adapt to Gentoo paths
+       sed -i \
+               -e "s|find_program('spotread'|find_program('argyll-spotread'|" \
+               -e "s|find_program('colprof'|find_program('argyll-colprof'|" \
+               meson.build || die
+
+       # meson gnome.generate_vapi properly handles VAPIGEN and other vala
+       # environment variables. It is counter-productive to check for an
+       # unversioned vapigen, as that breaks versioned VAPIGEN usages.
+       sed -i -e "/find_program('vapigen')/d" meson.build || die
+}
+
+multilib_src_configure() {
+       local emesonargs=(
+               $(meson_native_true daemon)
+               -Dbash_completion=false
+               $(meson_native_true udev_rules) # Install udev rules only from 
native build
+               $(meson_native_use_bool systemd)
+               -Dlibcolordcompat=true
+               $(meson_native_use_bool argyllcms argyllcms_sensor)
+               $(meson_native_use_bool scanner sane)
+               $(meson_native_use_bool introspection)
+               $(meson_native_use_bool vala vapi)
+               $(meson_native_use_bool extra-print-profiles print_profiles)
+               $(meson_use test tests)
+               -Dinstalled_tests=false
+               -Ddaemon_user=colord
+               $(meson_native_true man)
+               $(meson_use gtk-doc docs)
+               --localstatedir="${EPREFIX}"/var
+       )
+       meson_src_configure
+}
+
+multilib_src_install_all() {
+       newbashcomp data/colormgr colormgr
+
+       # Ensure config and profile directories exist and /var/lib/colord/*
+       # is writable by colord user
+       keepdir /var/lib/color{,d}/icc
+       fowners colord:colord /var/lib/colord{,/icc}
+
+       if use examples; then
+               docinto examples
+               dodoc examples/*.c
+       fi
+}
+
+pkg_postinst() {
+       udev_reload
+       tmpfiles_process colord.conf
+}
+
+pkg_postrm() {
+       udev_reload
+}

diff --git a/x11-misc/colord/files/colord-1.4.7-systemd-permissions.patch 
b/x11-misc/colord/files/colord-1.4.7-systemd-permissions.patch
new file mode 100644
index 000000000000..0a97d8ac579d
--- /dev/null
+++ b/x11-misc/colord/files/colord-1.4.7-systemd-permissions.patch
@@ -0,0 +1,51 @@
+https://github.com/hughsie/colord/commit/08a32b2379fb5582f4312e59bf51a2823df56276
+https://github.com/hughsie/colord/commit/9283abd9c00468edb94d2a06d6fa3681cae2700d
+
+From 08a32b2379fb5582f4312e59bf51a2823df56276 Mon Sep 17 00:00:00 2001
+From: Richard Hughes <rich...@hughsie.com>
+Date: Mon, 29 Jan 2024 10:37:11 +0000
+Subject: [PATCH] Fix writing to the database with ProtectSystem=strict
+
+Fixes https://github.com/hughsie/colord/issues/166
+--- a/data/colord.service.in
++++ b/data/colord.service.in
+@@ -17,6 +17,10 @@ ProtectControlGroups=true
+ RestrictRealtime=true
+ RestrictAddressFamilies=AF_UNIX
+ 
++ConfigurationDirectory=colord
++StateDirectory=colord
++CacheDirectory=colord
++
+ # drop all capabilities
+ CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN 
CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE 
CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_SYS_RAWIO 
CAP_SYS_TIME CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL 
CAP_MKNOD CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE 
CAP_SYS_RESOURCE CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_BOOT 
CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE 
CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM
+ 
+
+From 9283abd9c00468edb94d2a06d6fa3681cae2700d Mon Sep 17 00:00:00 2001
+From: Ferdinand Bachmann <ferdinand.bachm...@yrlf.at>
+Date: Tue, 30 Jan 2024 12:44:18 +0100
+Subject: [PATCH] Fix USB scanners not working with RestrictAddressFamilies
+
+colord-sane scanner drivers using libusb can't initialize properly with
+RestrictAddressFamilies set to AF_UNIX. Remove that line to ensure those
+can work properly.
+
+This also avoids a crash in HPLIP due to unchecked calls to libusb_init().
+
+Fixes #165
+---
+ data/colord.service.in | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/data/colord.service.in b/data/colord.service.in
+index c358dc4b..45ec5811 100644
+--- a/data/colord.service.in
++++ b/data/colord.service.in
+@@ -15,7 +15,6 @@ ProtectKernelModules=true
+ ProtectKernelLogs=true
+ ProtectControlGroups=true
+ RestrictRealtime=true
+-RestrictAddressFamilies=AF_UNIX
+ 
+ ConfigurationDirectory=colord
+ StateDirectory=colord

[gentoo-commits] repo/gentoo:master commit in: x11-misc/colord/files/, x11-misc/colord/

Reply via email to