[gentoo-commits] dev/bircoph:master commit in: app-admin/clsync/files/, app-admin/clsync/, profiles/

[gentoo-commits] dev/bircoph:master commit in: app-admin/clsync/files/, app-admin/clsync/, profiles/

[Andrew Savchenko]

commit:     c2472a6c064a9d2f8539cb518a926b964a81d174
Author:     Andrew Savchenko <bircoph <AT> gmail <DOT> com>
AuthorDate: Tue Jan 27 18:04:58 2015 +0000
Commit:     Andrew Savchenko <bircoph <AT> gmail <DOT> com>
CommitDate: Tue Jan 27 18:04:58 2015 +0000
URL:        http://sources.gentoo.org/gitweb/?p=dev/bircoph.git;a=commit;h=c2472a6c

clnyc: version bump

New flags are added, new bugfixes and security features.

---
 app-admin/clsync/ChangeLog                         |  9 ++++-
 app-admin/clsync/Manifest                          | 10 +++--
 .../{clsync-9999.ebuild => clsync-0.4.ebuild}      | 46 +++++++++++++++-------
 app-admin/clsync/clsync-9999.ebuild                | 43 +++++++++++++-------
 .../files/clsync-0.4-unshare-configure.patch       | 38 ++++++++++++++++++
 .../clsync/files/clsync-0.4-unshare-ifdef.patch    | 34 ++++++++++++++++
 app-admin/clsync/metadata.xml                      |  8 +++-
 profiles/package.use.mask                          |  4 +-
 8 files changed, 157 insertions(+), 35 deletions(-)

diff --git a/app-admin/clsync/ChangeLog b/app-admin/clsync/ChangeLog
index f830377..f3e300e 100644
--- a/app-admin/clsync/ChangeLog
+++ b/app-admin/clsync/ChangeLog
@@ -1,7 +1,14 @@
 # ChangeLog for app-admin/clsync
-# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
+# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
 # $Header: $
 
+*clsync-0.4 (27 Jan 2015)
+
+  27 Jan 2015; Andrew Savchenko <bircoph@gentoo.org> +clsync-0.4.ebuild,
+  clsync-9999.ebuild, +files/clsync-0.4-unshare-configure.patch,
+  +files/clsync-0.4-unshare-ifdef.patch, metadata.xml:
+  Version bump.
+
 *clsync-0.3 (15 May 2014)
 
   15 May 2014; Andrew Savchenko <bircoph@gmail.com> clsync-0.2.1.ebuild,

diff --git a/app-admin/clsync/Manifest b/app-admin/clsync/Manifest
index e7a8556..0d284f2 100644
--- a/app-admin/clsync/Manifest
+++ b/app-admin/clsync/Manifest
@@ -1,3 +1,5 @@
+AUX clsync-0.4-unshare-configure.patch 1198 SHA256 c60e2f8e33e1ca04d27e8887982d83eb5efb8a3f3f6871f97feba931aaa0db74 SHA512 c0be6a085a33e3c09bfe52fc5aff3a1136fbbdde7cf928bd1ff21c7e435ae8562a626ed7d561c83e74580f17e2ad1c61be778d0a7f01b2ad0890a9d5cc1e54cd WHIRLPOOL 826d597da90d8f71b3ff902c5c55bbd3ae82bae33157f99469bfe8dec4ad93f16a1f2d10c0b78f561c58f6d01832ed2bbc2267ab619e21bd19c939034ae8b401
+AUX clsync-0.4-unshare-ifdef.patch 989 SHA256 2fc98fa742ed24068af39c950eb7fa33a048a2cbb3aab44b074928cd86c5cefb SHA512 2a6e98a2ea8d1dd663fdaf6eed0d6706c61b646c4178ca8be5598d1d6a3dd8023b92f02858f7324c5ceab601ed5c8ec1ee6bcc7210664cd57dc281a116bbde3c WHIRLPOOL 9535ac8e746e4ce980d4f17c05f554e55f5ab717d79e20ba09751f176383e46c2b52777cccce10f28422b4d459f0ef8c8a5f900c4857994a8bab5c6108bd5e27
 AUX clsync.conf 586 SHA256 da5b5611d9253094828ef4ff66d72cd36e807f36c218807d8da6386f45a56dab SHA512 ecaacdd5869a3c9552dd4a1441ed313e0e2f977c82b0a19ea1300f069e45ba6b49bcc9f6b35ab3031727fe7a09af0c647b9b34248d14f3e30701746170874e6d WHIRLPOOL e6b2ea8d0267051049152fa8e2dedcec89bc7be6cab48a9a91a39810de12094b1499a622cb0b8b6c3c0880a2e82713fed834bdf4337241f46c9673d1b2fc71eb
 AUX clsync.conf-2 589 SHA256 1a8689b86cf9475ef72ef42a623a1bb1ae55abff31578dcfdf3537331c681815 SHA512 46d8d786378eed0bfa46195e45f764015258ba55b35a5acf2685967e9fbd1fc7656c6aeba26b06889fa2f7c62cb11ecb84b10b856356ea3c0d463eaa4980c33d WHIRLPOOL cd9a0800b75eab476d7feec079f23538295dca5067f979ce4280c3188b9a24adf7c78e0c2ec5e2e8cadd71d11be181d873bc462d9fe321ada85e4e11690272db
 AUX clsync.confd 645 SHA256 ae7e9cacf618f9a32a4a1580580a901831aaaa0abb9de9e0379fbcc6a7359b0d SHA512 75dcc49d51f6da94d42eb501f1ad2868f163405dd7aa933f4c8078ec18f5b54eb6c66ff796ee744f7751699162627af843edbe5de5adf99c23712cedaebaddc5 WHIRLPOOL 06289c7645430d10b242983daa9cd2d4c2f327b34ede308012354947c64c654a7864586743ae6de7c02770a8b1c22de04b63404a6431b317b328ac6ac1e121ce
@@ -5,8 +7,10 @@ AUX clsync.initd 566 SHA256 4c33a75d993246a5a9cd2cc0da83a5ba23e9e9f34ad0da4b033a
 AUX clsync.initd-2 573 SHA256 9200ac5bff76111853317f87f728029f6f20cafa52a0b2f90fe28e85b4780cd5 SHA512 5588dbe8d414f553692a79dcde2f147f8693235b39e166fa7f5e4e8b1dfaf7c134861d84792bbfc19fea9689ca0d428caf98b6830661bd46fdc98b410bbcc3b3 WHIRLPOOL c89f913b1bc166ab4631476d0be1da5af136da95b1319319a93e74488a8c4fc9763c215d538f9e2889c9a87a7c5cf459fcfd0e38421c34a1bcc8dc79c9343aef
 DIST clsync-0.2.1.tar.gz 105886 SHA256 7fc9257a24855a0b350937bc0667a326182e84a1ba922f41b41266aeb5b2c738 SHA512 8f8b926df6b4fc1424427aa6a504527a1f10a01a9108c512968148bf5552a429f7f9bc58f46730219a9be303b3314c8c3b55747c7c4ef5832bd175f70bdf2763 WHIRLPOOL 4f8f5c7e88983bbadb3263e245f424fb9e8fb140cb6bac78702a7d572f69856ccdac68fb6cd9249193af09d0b2bf224827bd05530a0cbec99bfc3fa7138e23fa
 DIST clsync-0.3.tar.gz 122664 SHA256 054f7032993f51a35cf3fdc91aeb3ad358f63432f8d1d1cbe4b75e664450b5bf SHA512 b05b41815fcaa623a794d2f9a9f2d2a02867d4ee5685488a0693b017773c2fe7da81d1d322a166bf34aa4570039f542a61362e70db4df2d2c08b721d4ddad254 WHIRLPOOL a3b401772b05dc47e0f6f9253471204ed655a3dbd06213c107ce3d760a1f4bc3bd577438748a177ccf10eec046a35688a91b0d7bbf5413c20b4d2a75ec0f5487
+DIST clsync-0.4.tar.gz 253396 SHA256 6f0ce7a5f61fbb50db53b787b62cf5347870f3be315acb02c4aee6b76206d19e SHA512 9b17f5f8f0bfc48531f3d8cb4f1c1edd3116e0b7d140e8ab2465dd1c590521c9857202ed3f36466f13fb3309abb9232fb4acbe25b5652914a816fac498f74a48 WHIRLPOOL 18ae12df2d7e0403b21c5d4ab7352cd81446729d94fb300a799b98dad9f88aeaa98deb2ba5f52858d3b6ba7406d777e53e97dae5c3a4802a229511db9c8a3482
 EBUILD clsync-0.2.1.ebuild 2148 SHA256 9069d6bbba621a368ce6f1fd1602d984aa0c37a5297df7ff43598b53603ca726 SHA512 9ab6e36e094c43f7e506c743a0159ab00e09a216676b0693a8f2f3a0df8160c5c706122bb9e36e754c0e50a6dc63856dae86743e6e3a22be80b2bbf7ef21523f WHIRLPOOL 27b60f03a084a821dda72799540605266557fae9b5379bfaa5c0601c42894d84d1ddd68d9dd6f2f8cf72f3cf7dc38cfc7e75821416290b2c8bf8c74af50b8543
 EBUILD clsync-0.3.ebuild 2219 SHA256 71f1c52b62d0379c1bf03ce4a49fe2cc612697008aabbf58d3b7b882952c35ec SHA512 2cb4ce6f305a1ebb020157915324f824cf554ccd95761ebe13b4099f8418676173b9953994095c29c16b11942d7fb6a3029cdb5b94c572803ca0af183d16c659 WHIRLPOOL 37766e003335286b13a4dad913d838f3cb4b75d3b216b5b3265d93a36353f15e365c93d0768341d6bbaaf4fbb785ff2774f554fd57d009fc396ae2fb6aaacac3
-EBUILD clsync-9999.ebuild 2377 SHA256 3eed168b2767423b503bae15755605f0d0f166afe1d7827a1c883c373701597e SHA512 aea27f2c4a0b7a931ea2db7cdc66ed57162df806290dac37a59bc055b14bedd2097d31dfb41c6a8322f3391e0c3e8af9e6188be27dd97c25b7a38e637f8382b6 WHIRLPOOL 09ce09a6d845433c5fb8d1f153b6b4c559653414214fa4a4d0b10d95a1f87f54bccfeb0a7a5360a98e406dd93ed21168ccbd05b4647b2abbefb4fc3fb9b6b304
-MISC ChangeLog 3180 SHA256 3ac24f5999bd203f1810c7e13978ff4f2d44880d43122a40c63356182dcae0de SHA512 604a94db29f8dd489a72cac09aa7ab30922f28afa4ce196977ec2c1911b14f4a710711b6d01207c68dfe12917225cd45f847cc0fce97bdeb8043bd737f731848 WHIRLPOOL 94e7f6db0bece6ce953b98be99680c189cc0707bf7862f500d19cb5e6d866e5fdaee5454976ba1b1d19847b730d70da38acf16c5d2290403798797d56dea99cc
-MISC metadata.xml 1069 SHA256 8080d77dd918f6b2933b601d2fdc18fee12d43a651e82883e1794585690984a8 SHA512 ec5dac71adde7f3a72f96d98d5bf03f8ff1333db026a39e5d15d6ca91d057cc6eb8c164d02839668ea0dd5b723150970dca1b9bbc0b5f8a00bd0131371eb234c WHIRLPOOL 856907418a21242faded7879875dc2e48bf6be6547d36799ae7ab765991c1730acfcd56ffa9720ec52f79623a0819d32254d432168c9fe0cad25bb971f8c8e14
+EBUILD clsync-0.4.ebuild 3022 SHA256 5f37b67ff04238d0681b06ff0640dcd5580dcda5fee8c667765c55d85e37307f SHA512 472ac3e43d6299c0dba35e25731bfbb0cf0034f23f5145613982e0bcdf1eebbd7aa35df1f77a08d55683fb80f976368565e01da22f30b01b10e6cd1b0f411aa0 WHIRLPOOL f4cee7978cc87273e0b30ead8f7c099af78eb6d4a9cf30a0dbc041cb029f9e1d54e52e16939e219e87c7a587f3de5313b04ebf5777fa7ff57cbfb67c528e45c8
+EBUILD clsync-9999.ebuild 2917 SHA256 67a2fc9dd44ad4a7ee1dd54a9c99ae2c369465f538de56c714b3a546f6938b9d SHA512 2195e92ecfd36f53792274d1d4e72bc7ff4d0630a9b93682e4e3e468ed3fec00bd5a91fc7aca2f339ae7f26075e62da35e761c6a3adc86bed8cc3bbb6a96e6b5 WHIRLPOOL ddfc61dc7d868078fb5e05c86a737bf97014cfeeaeb8d5f35ea993e40d42d2a75091e49d51ece16e6b6473c0964f6d4ccd1c9ba2059b8c2b2743eec5fee6ca86
+MISC ChangeLog 3417 SHA256 63c87c3e76debccc662e80304ddd13ed08752f0580358b899aff2ddb94908608 SHA512 9d63aff9f912b5a76950b8433f226996dd6242e0bf1f363cd9070572be70f559d22a849b1102208e99fae4d8dd045381554af9db969ff8963a70436a314823e2 WHIRLPOOL a0ffa1924b4b0a4bc99b5b91588ef739cd9bcb75f48e8ade139e31ebe2f8b892d8a524cb398145b6aea576780349453313f3109df116e78d1bfde99d30823be0
+MISC metadata.xml 1597 SHA256 f52db37e96b97ff21e5ab5b4aa17bffe3663cb1227cd29b930c6ccef7af07045 SHA512 4935fa33dbacd7a29092234f48654b023aa9b87f8d91639c82c101738c19b293112e156beb6d9e93d55304f9abd7fe5c92692361306bb14e166d854230913e53 WHIRLPOOL 1a0aeb1e8c92087a16e445e74a867511bbdc9bc23dcc3881ce2398fe2ee6299728420ceb824e9f582b8dcec8082ec46eaad10dcdff7091d8d6af5a04ac747363

diff --git a/app-admin/clsync/clsync-9999.ebuild b/app-admin/clsync/clsync-0.4.ebuild
similarity index 64%
copy from app-admin/clsync/clsync-9999.ebuild
copy to app-admin/clsync/clsync-0.4.ebuild
index 5682776..380c8f1 100644
--- a/app-admin/clsync/clsync-9999.ebuild
+++ b/app-admin/clsync/clsync-0.4.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Header: $
 
@@ -11,31 +11,45 @@ if [[ ${PV} == "9999" ]] ; then
 	KEYWORDS=""
 else
 	SRC_URI="https://github.com/xaionaro/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-	KEYWORDS="~x86 ~amd64"
+	KEYWORDS="~amd64 ~x86"
 fi
 
-inherit autotools
+inherit autotools eutils linux-info
 
 DESCRIPTION="Live sync tool based on inotify, written in GNU C"
 HOMEPAGE="http://ut.mephi.ru/oss/clsync https://github.com/xaionaro/clsync"
 LICENSE="GPL-3+"
 SLOT="0"
-IUSE="caps cluster control-socket debug doc +examples extra-hardened hardened mhash"
+IUSE="+caps cluster control-socket cgroups debug doc +examples
+extra-hardened gio hardened +highload-locks +inotify mhash
+namespaces seccomp"
 REQUIRED_USE="
 	extra-hardened? ( hardened )
 	mhash? ( cluster )"
 
 RDEPEND="
+	dev-libs/glib:2
 	caps? ( sys-libs/libcap )
+	cgroups? ( dev-libs/libcgroup )
 	mhash? ( app-crypt/mhash )
-	dev-libs/glib:2
+	seccomp? ( sys-libs/libseccomp )
 "
 DEPEND="${RDEPEND}
 	virtual/pkgconfig
-	doc? ( app-doc/clsync-docs )
+	doc? ( ~app-doc/clsync-docs-${PV} )
 "
 
+pkg_pretend() {
+	if use namespaces; then
+		CONFIG_CHECK="~NAMESPACES ~UTS_NS ~IPC_NS ~USER_NS ~PID_NS ~NET_NS"
+		check_extra_config
+	fi
+}
+
 src_prepare() {
+	epatch \
+		"${FILESDIR}/${P}-unshare-configure.patch" \
+		"${FILESDIR}/${P}-unshare-ifdef.patch"
 	eautoreconf
 }
 
@@ -49,25 +63,26 @@ src_configure() {
 		--disable-socket-library \
 		--enable-clsync \
 		--enable-paranoid=${harden_level} \
-		--with-inotify=native \
 		--without-bsm \
 		--without-kqueue \
 		$(use_enable cluster) \
 		$(use_enable control-socket socket) \
 		$(use_enable debug) \
+		$(use_enable highload-locks) \
+		$(use_enable namespaces unshare) \
 		$(use_with caps capabilities) \
-		$(use_with mhash)
-}
-
-src_compile() {
-	emake
+		$(use_with cgroups libcgroup) \
+		$(use_with gio) \
+		$(use_with inotify inotify native) \
+		$(use_with mhash) \
+		$(use_with seccomp libseccomp)
 }
 
 src_install() {
 	emake DESTDIR="${D}" install
 
 	# remove unwanted docs
-	rm "${ED}/usr/share/doc/${PF}"/{LICENSE,TODO} || die "failed to cleanup docs"
+	rm "${ED}/usr/share/doc/${PF}/LICENSE" || die "failed to cleanup docs"
 	use examples || rm -r "${ED}/usr/share/doc/${PF}/examples" || die "failed to remove examples"
 
 	newinitd "${FILESDIR}/${PN}.initd-2" "${PN}"
@@ -85,6 +100,9 @@ pkg_postinst() {
 	einfo "data transfer. Usually net-misc/rsync is a good choise, but ${PN} is"
 	einfo "is flexible enough to use any user tool, see manual page for details."
 	einfo
-	einfo "${PN} init script can now be multiplexed, to use symlink init script to"
+	einfo "${PN} init script can be multiplexed, to use symlink init script to"
 	einfo "othername and use conf.d/othername to configure it."
+	einfo
+	einfo "If you're interested in improved security, enable"
+	einfo "USE=\"caps cgroups hardened namespaces seccomp\""
 }

diff --git a/app-admin/clsync/clsync-9999.ebuild b/app-admin/clsync/clsync-9999.ebuild
index 5682776..e37bbac 100644
--- a/app-admin/clsync/clsync-9999.ebuild
+++ b/app-admin/clsync/clsync-9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Header: $
 
@@ -11,30 +11,41 @@ if [[ ${PV} == "9999" ]] ; then
 	KEYWORDS=""
 else
 	SRC_URI="https://github.com/xaionaro/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-	KEYWORDS="~x86 ~amd64"
+	KEYWORDS="~amd64 ~x86"
 fi
 
-inherit autotools
+inherit autotools linux-info
 
 DESCRIPTION="Live sync tool based on inotify, written in GNU C"
 HOMEPAGE="http://ut.mephi.ru/oss/clsync https://github.com/xaionaro/clsync"
 LICENSE="GPL-3+"
 SLOT="0"
-IUSE="caps cluster control-socket debug doc +examples extra-hardened hardened mhash"
+IUSE="+caps cluster control-socket cgroups debug doc +examples
+extra-hardened gio hardened +highload-locks +inotify mhash
+namespaces seccomp"
 REQUIRED_USE="
 	extra-hardened? ( hardened )
 	mhash? ( cluster )"
 
 RDEPEND="
+	dev-libs/glib:2
 	caps? ( sys-libs/libcap )
+	cgroups? ( dev-libs/libcgroup )
 	mhash? ( app-crypt/mhash )
-	dev-libs/glib:2
+	seccomp? ( sys-libs/libseccomp )
 "
 DEPEND="${RDEPEND}
 	virtual/pkgconfig
-	doc? ( app-doc/clsync-docs )
+	doc? ( ~app-doc/clsync-docs-${PV} )
 "
 
+pkg_pretend() {
+	if use namespaces; then
+		CONFIG_CHECK="~NAMESPACES ~UTS_NS ~IPC_NS ~USER_NS ~PID_NS ~NET_NS"
+		check_extra_config
+	fi
+}
+
 src_prepare() {
 	eautoreconf
 }
@@ -49,25 +60,26 @@ src_configure() {
 		--disable-socket-library \
 		--enable-clsync \
 		--enable-paranoid=${harden_level} \
-		--with-inotify=native \
 		--without-bsm \
 		--without-kqueue \
 		$(use_enable cluster) \
 		$(use_enable control-socket socket) \
 		$(use_enable debug) \
+		$(use_enable highload-locks) \
+		$(use_enable namespaces unshare) \
 		$(use_with caps capabilities) \
-		$(use_with mhash)
-}
-
-src_compile() {
-	emake
+		$(use_with cgroups libcgroup) \
+		$(use_with gio) \
+		$(use_with inotify inotify native) \
+		$(use_with mhash) \
+		$(use_with seccomp libseccomp)
 }
 
 src_install() {
 	emake DESTDIR="${D}" install
 
 	# remove unwanted docs
-	rm "${ED}/usr/share/doc/${PF}"/{LICENSE,TODO} || die "failed to cleanup docs"
+	rm "${ED}/usr/share/doc/${PF}/LICENSE" || die "failed to cleanup docs"
 	use examples || rm -r "${ED}/usr/share/doc/${PF}/examples" || die "failed to remove examples"
 
 	newinitd "${FILESDIR}/${PN}.initd-2" "${PN}"
@@ -85,6 +97,9 @@ pkg_postinst() {
 	einfo "data transfer. Usually net-misc/rsync is a good choise, but ${PN} is"
 	einfo "is flexible enough to use any user tool, see manual page for details."
 	einfo
-	einfo "${PN} init script can now be multiplexed, to use symlink init script to"
+	einfo "${PN} init script can be multiplexed, to use symlink init script to"
 	einfo "othername and use conf.d/othername to configure it."
+	einfo
+	einfo "If you're interested in improved security, enable"
+	einfo "USE=\"caps cgroups hardened namespaces seccomp\""
 }

diff --git a/app-admin/clsync/files/clsync-0.4-unshare-configure.patch b/app-admin/clsync/files/clsync-0.4-unshare-configure.patch
new file mode 100644
index 0000000..11d8f01
--- /dev/null
+++ b/app-admin/clsync/files/clsync-0.4-unshare-configure.patch
@@ -0,0 +1,38 @@
+commit a13f929cfe4a7fad58c7d814a139efff091601e0
+Author: Dmitry Yu Okunev <dyokunev@ut.mephi.ru>
+Date:   Tue Jan 27 15:51:18 2015 +0300
+
+    "unshare()" support is configurable now
+
+diff --git a/configure.ac b/configure.ac
+index f474478..059ade0 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -87,6 +87,17 @@ AS_HELP_STRING(--enable-socket-library,
+ [build libclsync socket library, default: no]))
+ AM_CONDITIONAL([LIBCLSYNC], [test "x$enable_socket_library" = "xyes"])
+ 
++dnl --enable-unshare
++AC_ARG_ENABLE(unshare,
++AS_HELP_STRING(--enable-unshare,
++[enable support of unshare(), default: yes]), [], [enable_unshare="yes"])
++
++HAVE_UNSHARE=0
++AS_IF([ test "x$enable_unshare" = "xyes" ],
++[
++	AC_CHECK_FUNC([unshare], [HAVE_UNSHARE=1], [AC_MSG_FAILURE([Cannot find function unshare()])])
++])
++
+ dnl --enable-highload-locks
+ AC_ARG_ENABLE(highload-locks,
+ AS_HELP_STRING(--enable-highload-locks,
+@@ -155,9 +166,6 @@ AC_CHECK_FUNC([getmntent], [HAVE_GETMNTENT=1])
+ dnl searching for pivot_root
+ AC_CHECK_FUNC([pivot_root], [HAVE_PIVOTROOT=1])
+ 
+-dnl searching for unshare
+-AC_CHECK_FUNC([unshare], [HAVE_UNSHARE=1])
+-
+ dnl libcgroup check
+ AC_ARG_WITH(libcgroup,
+ 	AS_HELP_STRING(--with-libcgroup,

diff --git a/app-admin/clsync/files/clsync-0.4-unshare-ifdef.patch b/app-admin/clsync/files/clsync-0.4-unshare-ifdef.patch
new file mode 100644
index 0000000..84116dd
--- /dev/null
+++ b/app-admin/clsync/files/clsync-0.4-unshare-ifdef.patch
@@ -0,0 +1,34 @@
+commit a437518de6813202ab9cef124a6ca085d3eb555d
+Author: Dmitry Yu Okunev <dyokunev@ut.mephi.ru>
+Date:   Tue Jan 27 18:56:02 2015 +0300
+
+    Added missed "#ifdef"-s for unshare()
+
+diff --git a/privileged.c b/privileged.c
+index 4b35514..fafd5b7 100644
+--- a/privileged.c
++++ b/privileged.c
+@@ -1747,7 +1747,9 @@ int privileged_init(ctx_t *ctx_p)
+ 
+ 	SAFE ( pthread_mutex_lock(pthread_mutex_runner_p),		return errno;);
+ 
++# ifdef UNSHARE_SUPPORT
+ 	unshare(CLONE_NEWIPC);
++# endif
+ 
+ 	switch (ctx_p->flags[SPLITTING]) {
+ 		case SM_THREAD: {
+@@ -1792,11 +1794,13 @@ int privileged_init(ctx_t *ctx_p)
+ 	}
+ 	critical_on(!helper_isalive());
+ 
++# ifdef UNSHARE_SUPPORT
+ 	// The rest routines
+ 	if (ctx_p->flags[DETACH_NETWORK] == DN_NONPRIVILEGED) {
+ 		SAFE ( cap_enable(CAP_TO_MASK(CAP_SYS_ADMIN)),	return errno; );
+ 		SAFE ( unshare(CLONE_NEWNET),			return errno; );
+ 	}
++# endif
+ 	SAFE ( cap_drop(ctx_p, 0),				return errno; );
+ 
+ 	debug(4, "Waiting for the privileged thread to get prepared");

diff --git a/app-admin/clsync/metadata.xml b/app-admin/clsync/metadata.xml
index 1e7dfa2..170733c 100644
--- a/app-admin/clsync/metadata.xml
+++ b/app-admin/clsync/metadata.xml
@@ -11,12 +11,18 @@
   This utility is much more lightweight than competitors and supports such
   features as separate queue for big files, regex file filter, multi-threading
   and multicast notifing clsync instances on another nodes to prevent loop
-  syncing.
+  syncing. Clsync can use advanced features for isolation: capabilities, cgroups,
+  namespaces, seccomp, code hardening.
 </longdescription>
 <use>
 	<flag name="caps">Capabilities support. Under development, may not work properly now.</flag>
 	<flag name="cluster">Enable clustering support (allows master-master clsync on multiple hosts). Not fully implemented yet.</flag>
 	<flag name="control-socket">Enable AF_UNIX control socket support.</flag>
+	<flag name="cgroups">Use cgroups to limit /dev access.</flag>
 	<flag name="extra-hardened">Enable extra security checks. This may hurt performance.</flag>
+	<flag name="gio">Enable GIO for FS monitoring (glib based alternative to inotify interface).</flag>
+	<flag name="highload-locks">Allows to use spinlocks for short delays instead of mutexes, but only on SMP systems.</flag>
+	<flag name="namespaces">Enable namespaces isolation.</flag>
+	<flag name="seccomp">Enable seccomp for system call filtering.</flag>
 </use>
 </pkgmetadata>

diff --git a/profiles/package.use.mask b/profiles/package.use.mask
index 2df15cd..a41d893 100644
--- a/profiles/package.use.mask
+++ b/profiles/package.use.mask
@@ -1,5 +1,5 @@
 # Only real codecs are affected by GLSA 201312-11
 media-libs/win32codecs real
 
-# Features are still under development and not working properly
-app-admin/clsync caps cluster
+# cluster code is still under development and not fully implemented
+app-admin/clsync cluster mhash