From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1625817-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 739FC1581E7
	for <garchives@archives.gentoo.org>; Sun, 28 Apr 2024 09:47:42 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 6A100E2A25;
	Sun, 28 Apr 2024 09:47:41 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 490F0E2A25
	for <gentoo-commits@lists.gentoo.org>; Sun, 28 Apr 2024 09:47:41 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 4FA79342FFC
	for <gentoo-commits@lists.gentoo.org>; Sun, 28 Apr 2024 09:47:40 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id A726E1497
	for <gentoo-commits@lists.gentoo.org>; Sun, 28 Apr 2024 09:47:38 +0000 (UTC)
From: "Hans de Graaff" <graaff@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Hans de Graaff" <graaff@gentoo.org>
Message-ID: <1714297653.8b19280613e0efdbd5dd39860e835565e6a48c0e.graaff@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: eclass/
X-VCS-Repository: repo/gentoo
X-VCS-Files: eclass/apache-2.eclass
X-VCS-Directories: eclass/
X-VCS-Committer: graaff
X-VCS-Committer-Name: Hans de Graaff
X-VCS-Revision: 8b19280613e0efdbd5dd39860e835565e6a48c0e
X-VCS-Branch: master
Date: Sun, 28 Apr 2024 09:47:38 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: a44a34b5-e1e7-409a-8009-25f377efe0cc
X-Archives-Hash: 98135b8d24dd3cb7e4c32a08eecdf2c1

commit:     8b19280613e0efdbd5dd39860e835565e6a48c0e
Author:     Hans de Graaff <graaff <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 28 09:44:36 2024 +0000
Commit:     Hans de Graaff <graaff <AT> gentoo <DOT> org>
CommitDate: Sun Apr 28 09:47:33 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b192806

eclass/apache2.eclass: use fcaps eclass to set capabilities

Thanks to Manuel Mausz for the bug report and initial patch.

Closes: https://bugs.gentoo.org/930455
Signed-off-by: Hans de Graaff <graaff <AT> gentoo.org>

 eclass/apache-2.eclass | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/eclass/apache-2.eclass b/eclass/apache-2.eclass
index 17b8b0e2a64a..9c7369514c5d 100644
--- a/eclass/apache-2.eclass
+++ b/eclass/apache-2.eclass
@@ -13,7 +13,7 @@
 # and inter-module dependency checking.
 
 LUA_COMPAT=( lua5-{1..4} )
-inherit autotools flag-o-matic lua-single multilib ssl-cert toolchain-funcs
+inherit autotools fcaps flag-o-matic lua-single multilib ssl-cert toolchain-funcs
 
 [[ ${CATEGORY}/${PN} != www-servers/apache ]] \
 	&& die "Do not use this eclass with anything else than www-servers/apache ebuilds!"
@@ -666,6 +666,8 @@ apache-2_src_install() {
 			fperms 4710 /usr/sbin/suexec
 			# provide legacy symlink for suexec, bug 177697
 			dosym /usr/sbin/suexec /usr/sbin/suexec2
+		else
+			FILECAPS=( cap_setgid,cap_setuid=ep usr/sbin/suexec )
 		fi
 	fi
 
@@ -685,6 +687,8 @@ apache-2_src_install() {
 # because the default webroot is a copy of the files that exist elsewhere and we
 # don't want them to be managed/removed by portage when apache is upgraded.
 apache-2_pkg_postinst() {
+	fcaps_pkg_postinst || die "fcaps_pkg_postinst"
+
 	if use ssl && [[ ! -e "${EROOT}/etc/ssl/apache2/server.pem" ]]; then
 		SSL_ORGANIZATION="${SSL_ORGANIZATION:-Apache HTTP Server}"
 		install_cert /etc/ssl/apache2/server