From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 8A71E158089 for ; Wed, 4 Oct 2023 17:01:29 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D011D2BC0A9; Wed, 4 Oct 2023 17:01:28 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id AEBBE2BC0A9 for ; Wed, 4 Oct 2023 17:01:28 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id C35A2335C67 for ; Wed, 4 Oct 2023 17:01:27 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 301A48EB for ; Wed, 4 Oct 2023 17:01:26 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1696438705.79853c374d5f3e0cf1a73a17fec44912739b7012.sam@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-fs/cifs-utils/, net-fs/cifs-utils/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-fs/cifs-utils/cifs-utils-7.0-r1.ebuild net-fs/cifs-utils/files/cifs-utils-7.0-no-clobber-fortify-source.patch X-VCS-Directories: net-fs/cifs-utils/ net-fs/cifs-utils/files/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 79853c374d5f3e0cf1a73a17fec44912739b7012 X-VCS-Branch: master Date: Wed, 4 Oct 2023 17:01:26 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 92212ca9-80c8-4ef3-a52e-18a09700952a X-Archives-Hash: dc58d60b07b2733e053b08dc2b5b7bb0 commit: 79853c374d5f3e0cf1a73a17fec44912739b7012 Author: Sam James gentoo org> AuthorDate: Wed Oct 4 16:58:25 2023 +0000 Commit: Sam James gentoo org> CommitDate: Wed Oct 4 16:58:25 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=79853c37 net-fs/cifs-utils: don't redefine _FORTIFY_SOURCE Closes: https://bugs.gentoo.org/890278 Signed-off-by: Sam James gentoo.org> net-fs/cifs-utils/cifs-utils-7.0-r1.ebuild | 143 +++++++++++++++++++++ .../cifs-utils-7.0-no-clobber-fortify-source.patch | 11 ++ 2 files changed, 154 insertions(+) diff --git a/net-fs/cifs-utils/cifs-utils-7.0-r1.ebuild b/net-fs/cifs-utils/cifs-utils-7.0-r1.ebuild new file mode 100644 index 000000000000..0dc48d00b48e --- /dev/null +++ b/net-fs/cifs-utils/cifs-utils-7.0-r1.ebuild @@ -0,0 +1,143 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{9..11} ) + +inherit autotools bash-completion-r1 linux-info pam python-single-r1 + +DESCRIPTION="Tools for Managing Linux CIFS Client Filesystems" +HOMEPAGE="https://wiki.samba.org/index.php/LinuxCIFS_utils https://git.samba.org/cifs-utils.git/?p=cifs-utils.git" +SRC_URI="https://ftp.samba.org/pub/linux-cifs/${PN}/${P}.tar.bz2" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x86-linux" +IUSE="+acl +ads +caps creds pam +python systemd" + +RDEPEND=" + ads? ( + sys-apps/keyutils:= + sys-libs/talloc + virtual/krb5 + ) + caps? ( sys-libs/libcap-ng ) + creds? ( sys-apps/keyutils:= ) + pam? ( + sys-apps/keyutils:= + sys-libs/pam + ) + python? ( ${PYTHON_DEPS} ) +" +DEPEND="${RDEPEND}" +BDEPEND="dev-python/docutils" +PDEPEND=" + acl? ( >=net-fs/samba-4.0.0_alpha1 ) +" + +REQUIRED_USE=" + acl? ( ads ) + python? ( ${PYTHON_REQUIRED_USE} ) +" + +DOCS="doc/linux-cifs-client-guide.odt" + +PATCHES=( + "${FILESDIR}/${PN}-6.12-ln_in_destdir.patch" #766594 + "${FILESDIR}/${PN}-6.15-musl.patch" + "${FILESDIR}/${PN}-7.0-no-clobber-fortify-source.patch" +) + +pkg_setup() { + linux-info_pkg_setup + + if ! linux_config_exists || ! linux_chkconfig_present CIFS; then + ewarn "You must enable CIFS support in your kernel config, " + ewarn "to be able to mount samba shares. You can find it at" + ewarn + ewarn " File systems" + ewarn " Network File Systems" + ewarn " CIFS support" + ewarn + ewarn "and recompile your kernel ..." + fi + + use python && python-single-r1_pkg_setup +} + +src_prepare() { + default + + if has_version app-crypt/heimdal ; then + # https://bugs.gentoo.org/612584 + eapply "${FILESDIR}/${PN}-6.7-heimdal.patch" + fi + + eautoreconf +} + +src_configure() { + local myeconfargs=( + --enable-man + --enable-smbinfo + $(use_enable acl cifsacl cifsidmap) + $(use_enable ads cifsupcall) + $(use_with caps libcap) + $(use_enable creds cifscreds) + $(use_enable pam) + $(use_with pam pamdir $(getpam_mod_dir)) + $(use_enable python pythontools) + # mount.cifs can get passwords from systemd + $(use_enable systemd) + ) + ROOTSBINDIR="${EPREFIX}"/sbin \ + econf "${myeconfargs[@]}" +} + +src_install() { + default + + # remove empty directories + find "${ED}" -type d -empty -delete || die + + if use acl ; then + dodir /etc/cifs-utils + dosym ../../usr/$(get_libdir)/cifs-utils/idmapwb.so \ + /etc/cifs-utils/idmap-plugin + dodir /etc/request-key.d + echo 'create cifs.idmap * * /usr/sbin/cifs.idmap %k' \ + > "${ED}/etc/request-key.d/cifs.idmap.conf" + fi + + if use ads ; then + dodir /etc/request-key.d + echo 'create dns_resolver * * /usr/sbin/cifs.upcall %k' \ + > "${ED}/etc/request-key.d/cifs.upcall.conf" + echo 'create cifs.spnego * * /usr/sbin/cifs.upcall %k' \ + > "${ED}/etc/request-key.d/cifs.spnego.conf" + fi + + dobashcomp bash-completion/smbinfo + use python && python_fix_shebang "${ED}" +} + +pkg_postinst() { + # Inform about set-user-ID bit of mount.cifs + ewarn "setuid use flag was dropped due to multiple security implications" + ewarn "such as CVE-2009-2948, CVE-2011-3585 and CVE-2012-1586" + ewarn "You are free to set setuid flags by yourself" + + # Inform about upcall usage + if use acl ; then + einfo "The cifs.idmap utility has been enabled by creating the" + einfo "configuration file /etc/request-key.d/cifs.idmap.conf" + einfo "This enables you to get and set CIFS acls." + fi + + if use ads ; then + einfo "The cifs.upcall utility has been enabled by creating the" + einfo "configuration file /etc/request-key.d/cifs.upcall.conf" + einfo "This enables you to mount DFS shares." + fi +} diff --git a/net-fs/cifs-utils/files/cifs-utils-7.0-no-clobber-fortify-source.patch b/net-fs/cifs-utils/files/cifs-utils-7.0-no-clobber-fortify-source.patch new file mode 100644 index 000000000000..07661cf9dd02 --- /dev/null +++ b/net-fs/cifs-utils/files/cifs-utils-7.0-no-clobber-fortify-source.patch @@ -0,0 +1,11 @@ +Don't clobber toolchain defaults. + +https://bugs.gentoo.org/890278 +--- a/Makefile.am ++++ b/Makefile.am +@@ -1,4 +1,4 @@ +-AM_CFLAGS = -Wall -Wextra -D_FORTIFY_SOURCE=2 $(PIE_CFLAGS) $(RELRO_CFLAGS) ++AM_CFLAGS = -Wall -Wextra $(PIE_CFLAGS) $(RELRO_CFLAGS) + ACLOCAL_AMFLAGS = -I aclocal + + root_sbindir = $(ROOTSBINDIR)