From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: x11-misc/colord/files/, x11-misc/colord/
Date: Sat, 2 Mar 2024 00:55:57 +0000 (UTC) [thread overview]
Message-ID: <1709340933.107eb89b10059098953c805aa775ddbd2ffaaff0.sam@gentoo> (raw)
commit: 107eb89b10059098953c805aa775ddbd2ffaaff0
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 2 00:55:33 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Mar 2 00:55:33 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=107eb89b
x11-misc/colord: backport systemd permission fixes
Signed-off-by: Sam James <sam <AT> gentoo.org>
x11-misc/colord/colord-1.4.7-r1.ebuild | 130 +++++++++++++++++++++
.../files/colord-1.4.7-systemd-permissions.patch | 51 ++++++++
2 files changed, 181 insertions(+)
diff --git a/x11-misc/colord/colord-1.4.7-r1.ebuild b/x11-misc/colord/colord-1.4.7-r1.ebuild
new file mode 100644
index 000000000000..e6bb102d0a39
--- /dev/null
+++ b/x11-misc/colord/colord-1.4.7-r1.ebuild
@@ -0,0 +1,130 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+VALA_USE_DEPEND="vapigen"
+
+inherit bash-completion-r1 meson-multilib tmpfiles udev vala
+
+DESCRIPTION="System service to accurately color manage input and output devices"
+HOMEPAGE="https://www.freedesktop.org/software/colord/"
+SRC_URI="https://www.freedesktop.org/software/colord/releases/${P}.tar.xz"
+
+LICENSE="GPL-2+"
+SLOT="0/2" # subslot = libcolord soname version
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+
+IUSE="gtk-doc argyllcms examples extra-print-profiles +introspection scanner selinux systemd test vala"
+RESTRICT="!test? ( test ) test" # Tests try to read and write files in /tmp
+REQUIRED_USE="vala? ( introspection )"
+
+DEPEND="
+ >=dev-libs/glib-2.58.0:2[${MULTILIB_USEDEP}]
+ >=media-libs/lcms-2.6:2=[${MULTILIB_USEDEP}]
+ dev-db/sqlite:3=[${MULTILIB_USEDEP}]
+ >=dev-libs/libgusb-0.2.7[introspection?,${MULTILIB_USEDEP}]
+
+ dev-libs/libgudev:=[${MULTILIB_USEDEP}]
+ virtual/libudev:=[${MULTILIB_USEDEP}]
+ virtual/udev
+
+ systemd? ( >=sys-apps/systemd-44:0= )
+ scanner? (
+ media-gfx/sane-backends
+ sys-apps/dbus
+ )
+ >=sys-auth/polkit-0.114
+ argyllcms? ( media-gfx/argyllcms )
+ introspection? ( >=dev-libs/gobject-introspection-1.56:= )
+"
+RDEPEND="${DEPEND}
+ acct-group/colord
+ acct-user/colord
+ selinux? ( sec-policy/selinux-colord )
+"
+BDEPEND="
+ acct-group/colord
+ acct-user/colord
+ app-text/docbook-xsl-ns-stylesheets
+ dev-libs/libxslt
+ >=sys-devel/gettext-0.17
+ virtual/pkgconfig
+ extra-print-profiles? ( media-gfx/argyllcms )
+ gtk-doc? (
+ dev-util/gtk-doc
+ app-text/docbook-xml-dtd:4.1.2
+ )
+ vala? ( $(vala_depend) )
+"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-1.4.7-systemd-permissions.patch
+)
+
+pkg_setup() {
+ use vala && vala_setup
+}
+
+src_prepare() {
+ default
+
+ # Test requires a running session
+ # https://github.com/hughsie/colord/issues/94
+ sed -i -e "/test('colord-test-daemon'/d" lib/colord/meson.build || die
+
+ # Adapt to Gentoo paths
+ sed -i \
+ -e "s|find_program('spotread'|find_program('argyll-spotread'|" \
+ -e "s|find_program('colprof'|find_program('argyll-colprof'|" \
+ meson.build || die
+
+ # meson gnome.generate_vapi properly handles VAPIGEN and other vala
+ # environment variables. It is counter-productive to check for an
+ # unversioned vapigen, as that breaks versioned VAPIGEN usages.
+ sed -i -e "/find_program('vapigen')/d" meson.build || die
+}
+
+multilib_src_configure() {
+ local emesonargs=(
+ $(meson_native_true daemon)
+ -Dbash_completion=false
+ $(meson_native_true udev_rules) # Install udev rules only from native build
+ $(meson_native_use_bool systemd)
+ -Dlibcolordcompat=true
+ $(meson_native_use_bool argyllcms argyllcms_sensor)
+ $(meson_native_use_bool scanner sane)
+ $(meson_native_use_bool introspection)
+ $(meson_native_use_bool vala vapi)
+ $(meson_native_use_bool extra-print-profiles print_profiles)
+ $(meson_use test tests)
+ -Dinstalled_tests=false
+ -Ddaemon_user=colord
+ $(meson_native_true man)
+ $(meson_use gtk-doc docs)
+ --localstatedir="${EPREFIX}"/var
+ )
+ meson_src_configure
+}
+
+multilib_src_install_all() {
+ newbashcomp data/colormgr colormgr
+
+ # Ensure config and profile directories exist and /var/lib/colord/*
+ # is writable by colord user
+ keepdir /var/lib/color{,d}/icc
+ fowners colord:colord /var/lib/colord{,/icc}
+
+ if use examples; then
+ docinto examples
+ dodoc examples/*.c
+ fi
+}
+
+pkg_postinst() {
+ udev_reload
+ tmpfiles_process colord.conf
+}
+
+pkg_postrm() {
+ udev_reload
+}
diff --git a/x11-misc/colord/files/colord-1.4.7-systemd-permissions.patch b/x11-misc/colord/files/colord-1.4.7-systemd-permissions.patch
new file mode 100644
index 000000000000..0a97d8ac579d
--- /dev/null
+++ b/x11-misc/colord/files/colord-1.4.7-systemd-permissions.patch
@@ -0,0 +1,51 @@
+https://github.com/hughsie/colord/commit/08a32b2379fb5582f4312e59bf51a2823df56276
+https://github.com/hughsie/colord/commit/9283abd9c00468edb94d2a06d6fa3681cae2700d
+
+From 08a32b2379fb5582f4312e59bf51a2823df56276 Mon Sep 17 00:00:00 2001
+From: Richard Hughes <richard@hughsie.com>
+Date: Mon, 29 Jan 2024 10:37:11 +0000
+Subject: [PATCH] Fix writing to the database with ProtectSystem=strict
+
+Fixes https://github.com/hughsie/colord/issues/166
+--- a/data/colord.service.in
++++ b/data/colord.service.in
+@@ -17,6 +17,10 @@ ProtectControlGroups=true
+ RestrictRealtime=true
+ RestrictAddressFamilies=AF_UNIX
+
++ConfigurationDirectory=colord
++StateDirectory=colord
++CacheDirectory=colord
++
+ # drop all capabilities
+ CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_SYS_RAWIO CAP_SYS_TIME CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_MKNOD CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_RESOURCE CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_BOOT CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM
+
+
+From 9283abd9c00468edb94d2a06d6fa3681cae2700d Mon Sep 17 00:00:00 2001
+From: Ferdinand Bachmann <ferdinand.bachmann@yrlf.at>
+Date: Tue, 30 Jan 2024 12:44:18 +0100
+Subject: [PATCH] Fix USB scanners not working with RestrictAddressFamilies
+
+colord-sane scanner drivers using libusb can't initialize properly with
+RestrictAddressFamilies set to AF_UNIX. Remove that line to ensure those
+can work properly.
+
+This also avoids a crash in HPLIP due to unchecked calls to libusb_init().
+
+Fixes #165
+---
+ data/colord.service.in | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/data/colord.service.in b/data/colord.service.in
+index c358dc4b..45ec5811 100644
+--- a/data/colord.service.in
++++ b/data/colord.service.in
+@@ -15,7 +15,6 @@ ProtectKernelModules=true
+ ProtectKernelLogs=true
+ ProtectControlGroups=true
+ RestrictRealtime=true
+-RestrictAddressFamilies=AF_UNIX
+
+ ConfigurationDirectory=colord
+ StateDirectory=colord
next reply other threads:[~2024-03-02 0:56 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-02 0:55 Sam James [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-12-02 5:14 [gentoo-commits] repo/gentoo:master commit in: x11-misc/colord/files/, x11-misc/colord/ Sam James
2021-04-18 21:54 Matt Turner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1709340933.107eb89b10059098953c805aa775ddbd2ffaaff0.sam@gentoo \
--to=sam@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox