commit: 8b19280613e0efdbd5dd39860e835565e6a48c0e Author: Hans de Graaff <graaff <AT> gentoo <DOT> org> AuthorDate: Sun Apr 28 09:44:36 2024 +0000 Commit: Hans de Graaff <graaff <AT> gentoo <DOT> org> CommitDate: Sun Apr 28 09:47:33 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b192806
eclass/apache2.eclass: use fcaps eclass to set capabilities Thanks to Manuel Mausz for the bug report and initial patch. Closes: https://bugs.gentoo.org/930455 Signed-off-by: Hans de Graaff <graaff <AT> gentoo.org> eclass/apache-2.eclass | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/eclass/apache-2.eclass b/eclass/apache-2.eclass index 17b8b0e2a64a..9c7369514c5d 100644 --- a/eclass/apache-2.eclass +++ b/eclass/apache-2.eclass @@ -13,7 +13,7 @@ # and inter-module dependency checking. LUA_COMPAT=( lua5-{1..4} ) -inherit autotools flag-o-matic lua-single multilib ssl-cert toolchain-funcs +inherit autotools fcaps flag-o-matic lua-single multilib ssl-cert toolchain-funcs [[ ${CATEGORY}/${PN} != www-servers/apache ]] \ && die "Do not use this eclass with anything else than www-servers/apache ebuilds!" @@ -666,6 +666,8 @@ apache-2_src_install() { fperms 4710 /usr/sbin/suexec # provide legacy symlink for suexec, bug 177697 dosym /usr/sbin/suexec /usr/sbin/suexec2 + else + FILECAPS=( cap_setgid,cap_setuid=ep usr/sbin/suexec ) fi fi @@ -685,6 +687,8 @@ apache-2_src_install() { # because the default webroot is a copy of the files that exist elsewhere and we # don't want them to be managed/removed by portage when apache is upgraded. apache-2_pkg_postinst() { + fcaps_pkg_postinst || die "fcaps_pkg_postinst" + if use ssl && [[ ! -e "${EROOT}/etc/ssl/apache2/server.pem" ]]; then SSL_ORGANIZATION="${SSL_ORGANIZATION:-Apache HTTP Server}" install_cert /etc/ssl/apache2/server