[gentoo-commits] repo/gentoo:master commit in: sys-apps/file/files/, sys-apps/file/

["Lars Wendler" <polynomial-c@gentoo.org>]

commit:     0e7234f3304d3a7471390c4699892d49d41028e2
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 24 09:26:16 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Jun 24 09:27:50 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e7234f3

sys-apps/file: Attempt to fix seccomp in portage's sandbox

Thanks-to: tka <tka <AT> kamph.org>
Bug: https://bugs.gentoo.org/728978
Package-Manager: Portage-2.3.102, Repoman-2.3.23
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 sys-apps/file/file-5.39-r1.ebuild                  | 140 +++++++++++++++++++++
 .../file/files/file-5.39-portage_sandbox.patch     |  28 +++++
 2 files changed, 168 insertions(+)

diff --git a/sys-apps/file/file-5.39-r1.ebuild b/sys-apps/file/file-5.39-r1.ebuild
new file mode 100644
index 00000000000..8333fd922e2
--- /dev/null
+++ b/sys-apps/file/file-5.39-r1.ebuild
@@ -0,0 +1,140 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6..9} )
+DISTUTILS_OPTIONAL=1
+
+inherit autotools distutils-r1 libtool toolchain-funcs multilib-minimal
+
+if [[ ${PV} == "9999" ]] ; then
+	EGIT_REPO_URI="https://github.com/glensc/file.git"
+	inherit git-r3
+else
+	SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+fi
+
+DESCRIPTION="identify a file's format by scanning binary data for patterns"
+HOMEPAGE="https://www.darwinsys.com/file/"
+
+LICENSE="BSD-2"
+SLOT="0"
+IUSE="bzip2 lzma python seccomp static-libs zlib"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+DEPEND="
+	bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] )
+	lzma? ( app-arch/xz-utils[${MULTILIB_USEDEP}] )
+	python? (
+		${PYTHON_DEPS}
+		dev-python/setuptools[${PYTHON_USEDEP}]
+	)
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"
+RDEPEND="${DEPEND}
+	python? ( !dev-python/python-magic )
+	seccomp? ( sys-libs/libseccomp[${MULTILIB_USEDEP}] )"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-5.39-portage_sandbox.patch" #713710 #728978
+)
+
+src_prepare() {
+	default
+	eautoreconf
+	elibtoolize
+
+	# don't let python README kill main README #60043
+	mv python/README.md python/README.python.md || die
+	sed 's@README.md@README.python.md@' -i python/setup.py || die #662090
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		--enable-fsect-man5
+		$(use_enable bzip2 bzlib)
+		$(use_enable lzma xzlib)
+		$(use_enable seccomp libseccomp)
+		$(use_enable static-libs static)
+		$(use_enable zlib)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+build_src_configure() {
+	local myeconfargs=(
+		--disable-shared
+		--disable-libseccomp
+		--disable-bzlib
+		--disable-xzlib
+		--disable-zlib
+	)
+	tc-env_build econf "${myeconfargs[@]}"
+}
+
+need_build_file() {
+	# when cross-compiling, we need to build up our own file
+	# because people often don't keep matching host/target
+	# file versions #362941
+	tc-is-cross-compiler && ! has_version -b "~${CATEGORY}/${P}"
+}
+
+src_configure() {
+	local ECONF_SOURCE=${S}
+
+	if need_build_file; then
+		mkdir -p "${WORKDIR}"/build || die
+		cd "${WORKDIR}"/build || die
+		build_src_configure
+	fi
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_compile() {
+	if multilib_is_native_abi ; then
+		emake
+	else
+		cd src || die
+		emake magic.h #586444
+		emake libmagic.la
+	fi
+}
+
+src_compile() {
+	if need_build_file; then
+		emake -C "${WORKDIR}"/build/src magic.h #586444
+		emake -C "${WORKDIR}"/build/src file
+		local -x PATH="${WORKDIR}/build/src:${PATH}"
+	fi
+	multilib-minimal_src_compile
+
+	if use python ; then
+		cd python || die
+		distutils-r1_src_compile
+	fi
+}
+
+multilib_src_install() {
+	if multilib_is_native_abi ; then
+		default
+	else
+		emake -C src install-{nodist_includeHEADERS,libLTLIBRARIES} DESTDIR="${D}"
+	fi
+}
+
+multilib_src_install_all() {
+	dodoc ChangeLog MAINT README
+
+	# Required for `file -C`
+	dodir /usr/share/misc/magic
+	insinto /usr/share/misc/magic
+	doins -r magic/Magdir/*
+
+	if use python ; then
+		cd python || die
+		distutils-r1_src_install
+	fi
+	find "${ED}" -type f -name "*.la" -delete || die
+}

diff --git a/sys-apps/file/files/file-5.39-portage_sandbox.patch b/sys-apps/file/files/file-5.39-portage_sandbox.patch
new file mode 100644
index 00000000000..ff2caed413f
--- /dev/null
+++ b/sys-apps/file/files/file-5.39-portage_sandbox.patch
@@ -0,0 +1,28 @@
+From 7e1d9d51329a0e0f3d9cd1dbc3f9509251950e81 Mon Sep 17 00:00:00 2001
+From: tka <tka@kamph.org>
+Date: Wed, 24 Jun 2020 11:18:45 +0200
+Subject: [PATCH] Allow getcwd for Gentoo's portage sandbox
+
+Gentoo-bug: https://bugs.gentoo.org/728978
+Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+---
+ src/seccomp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/seccomp.c b/src/seccomp.c
+index 68c56485..af55918e 100644
+--- a/src/seccomp.c
++++ b/src/seccomp.c
+@@ -227,6 +227,9 @@ enable_sandbox_full(void)
+ 	ALLOW_RULE(unlink);
+ 	ALLOW_RULE(write);
+ 
++	// needed by Gentoo's portage sandbox
++	ALLOW_RULE(getcwd);
++
+ 
+ #if 0
+ 	// needed by valgrind
+-- 
+2.27.0
+