From: "Alexandre Restovtsev" <tetromino@gmail.com>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/gnome:master commit in: gnome-base/gnome-keyring/
Date: Wed, 5 Oct 2011 21:41:28 +0000 (UTC) [thread overview]
Message-ID: <fecbc8f9ef9e3f8adcdd64d5fbd7f0d2cfbb47b0.tetromino@gentoo> (raw)
commit: fecbc8f9ef9e3f8adcdd64d5fbd7f0d2cfbb47b0
Author: Alexandre Rostovtsev <tetromino <AT> gmail <DOT> com>
AuthorDate: Wed Oct 5 21:29:59 2011 +0000
Commit: Alexandre Restovtsev <tetromino <AT> gmail <DOT> com>
CommitDate: Wed Oct 5 21:34:01 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/gnome.git;a=commit;h=fecbc8f9
gnome-base/gnome-keyring: fcaps in pkg_postinst
Add the GSoC 2010 fcaps() function and call it in pkg_postinst to set the
cap_ipc_lock capability on /usr/bin/gnome-keyring-daemon, as upstream
intended.
Thanks to Marien Zwart for the patch.
---
.../gnome-keyring/gnome-keyring-3.2.0-r1.ebuild | 120 ++++++++++++++++++++
.../gnome-keyring/gnome-keyring-3.2.0.ebuild | 76 ------------
gnome-base/gnome-keyring/gnome-keyring-9999.ebuild | 44 +++++++
3 files changed, 164 insertions(+), 76 deletions(-)
diff --git a/gnome-base/gnome-keyring/gnome-keyring-3.2.0-r1.ebuild b/gnome-base/gnome-keyring/gnome-keyring-3.2.0-r1.ebuild
new file mode 100644
index 0000000..f0f0572
--- /dev/null
+++ b/gnome-base/gnome-keyring/gnome-keyring-3.2.0-r1.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild,v 1.4 2011/01/02 21:32:23 mr_bones_ Exp $
+
+EAPI="4"
+GCONF_DEBUG="no"
+GNOME2_LA_PUNT="yes"
+
+inherit gnome2 multilib pam virtualx
+if [[ ${PV} = 9999 ]]; then
+ inherit gnome2-live
+fi
+
+DESCRIPTION="Password and keyring managing daemon"
+HOMEPAGE="http://www.gnome.org/"
+
+LICENSE="GPL-2 LGPL-2"
+SLOT="0"
+IUSE="+caps debug doc pam test"
+if [[ ${PV} = 9999 ]]; then
+ KEYWORDS=""
+else
+ KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sh ~sparc ~x86"
+fi
+
+# USE=valgrind is probably not a good idea for the tree
+RDEPEND=">=dev-libs/glib-2.25:2
+ >=x11-libs/gtk+-2.90.0:3
+ >=app-crypt/p11-kit-0.6
+ app-misc/ca-certificates
+ >=dev-libs/libgcrypt-1.2.2
+ >=dev-libs/libtasn1-1
+ >=sys-apps/dbus-1.0
+ caps? ( sys-libs/libcap-ng )
+ pam? ( virtual/pam )
+"
+# valgrind? ( dev-util/valgrind )
+DEPEND="${RDEPEND}
+ sys-devel/gettext
+ >=dev-util/gtk-doc-am-1.9
+ >=dev-util/intltool-0.35
+ >=dev-util/pkgconfig-0.9
+ doc? ( >=dev-util/gtk-doc-1.9 )"
+PDEPEND="gnome-base/libgnome-keyring"
+# eautoreconf needs:
+# >=dev-util/gtk-doc-am-1.9
+
+pkg_setup() {
+ DOCS="AUTHORS ChangeLog NEWS README"
+ G2CONF="${G2CONF}
+ $(use_enable debug)
+ $(use_enable test tests)
+ $(use_with caps libcap-ng)
+ $(use_enable pam)
+ $(use_with pam pam-dir $(getpam_mod_dir))
+ --with-root-certs=${EPREFIX}/etc/ssl/certs/
+ --enable-ssh-agent
+ --enable-gpg-agent
+ --disable-update-mime"
+# $(use_enable valgrind)
+}
+
+src_prepare() {
+ # Disable gcr tests due to weirdness with opensc
+ # ** WARNING **: couldn't load PKCS#11 module: /usr/lib64/pkcs11/gnome-keyring-pkcs11.so: Couldn't initialize module: The device was removed or unplugged
+ sed -e 's/^\(SUBDIRS = \.\)\(.*\)/\1/' \
+ -i gcr/Makefile.* || die "sed failed"
+
+ gnome2_src_prepare
+}
+
+src_test() {
+ # FIXME: /gkm/transaction/ tests fail
+ unset DBUS_SESSION_BUS_ADDRESS
+ Xemake check || die "emake check failed!"
+}
+
+pkg_postinst() {
+ use caps && fcaps 0:0 755 cap_ipc_lock "${ROOT}"/usr/bin/gnome-keyring-daemon
+
+ gnome2_pkg_postinst
+}
+
+# borrowed from GSoC2010_Gentoo_Capabilities by constanze and flameyeys
+# @FUNCTION: fcaps
+# @USAGE: fcaps {uid:gid} {file-mode} {cap1[,cap2,...]} {file}
+# @RETURN: 0 if all okay; non-zero if failure and fallback
+# @DESCRIPTION:
+# fcaps sets the specified capabilities in the effective and permitted set of
+# the given file. In case of failure fcaps sets the given file-mode.
+fcaps() {
+ local uid_gid=$1
+ local perms=$2
+ local capset=$3
+ local path=$4
+ local res
+
+ chmod $perms $path && \
+ chown $uid_gid $path
+ res=$?
+
+ use caps || return $res
+
+ #set the capability
+ setcap "$capset=ep" "$path" &> /dev/null
+ #check if the capabilitiy got set correctly
+ setcap -v "$capset=ep" "$path" &> /dev/null
+ res=$?
+
+ if [ $res -ne 0 ]; then
+ ewarn "Failed to set capabilities. Probable reason is missed kernel support."
+ ewarn "Kernel must have SECURITY_FILE_CAPABILITIES, and <FS>_FS_SECURITY"
+ ewarn "enabled (e.g. EXT3_FS_SECURITY) where <FS> is the filesystem to store"
+ ewarn "${path}"
+ ewarn
+ ewarn "Falling back to suid now..."
+ chmod u+s ${path}
+ fi
+ return $res
+}
diff --git a/gnome-base/gnome-keyring/gnome-keyring-3.2.0.ebuild b/gnome-base/gnome-keyring/gnome-keyring-3.2.0.ebuild
deleted file mode 100644
index ca7f9ef..0000000
--- a/gnome-base/gnome-keyring/gnome-keyring-3.2.0.ebuild
+++ /dev/null
@@ -1,76 +0,0 @@
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild,v 1.4 2011/01/02 21:32:23 mr_bones_ Exp $
-
-EAPI="4"
-GCONF_DEBUG="no"
-GNOME2_LA_PUNT="yes"
-
-inherit gnome2 multilib pam virtualx
-if [[ ${PV} = 9999 ]]; then
- inherit gnome2-live
-fi
-
-DESCRIPTION="Password and keyring managing daemon"
-HOMEPAGE="http://www.gnome.org/"
-
-LICENSE="GPL-2 LGPL-2"
-SLOT="0"
-IUSE="+caps debug doc pam test"
-if [[ ${PV} = 9999 ]]; then
- KEYWORDS=""
-else
- KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sh ~sparc ~x86"
-fi
-
-# USE=valgrind is probably not a good idea for the tree
-RDEPEND=">=dev-libs/glib-2.25:2
- >=x11-libs/gtk+-2.90.0:3
- >=app-crypt/p11-kit-0.6
- app-misc/ca-certificates
- >=dev-libs/libgcrypt-1.2.2
- >=dev-libs/libtasn1-1
- >=sys-apps/dbus-1.0
- caps? ( sys-libs/libcap-ng )
- pam? ( virtual/pam )
-"
-# valgrind? ( dev-util/valgrind )
-DEPEND="${RDEPEND}
- sys-devel/gettext
- >=dev-util/gtk-doc-am-1.9
- >=dev-util/intltool-0.35
- >=dev-util/pkgconfig-0.9
- doc? ( >=dev-util/gtk-doc-1.9 )"
-PDEPEND="gnome-base/libgnome-keyring"
-# eautoreconf needs:
-# >=dev-util/gtk-doc-am-1.9
-
-pkg_setup() {
- DOCS="AUTHORS ChangeLog NEWS README"
- G2CONF="${G2CONF}
- $(use_enable debug)
- $(use_enable test tests)
- $(use_with caps libcap-ng)
- $(use_enable pam)
- $(use_with pam pam-dir $(getpam_mod_dir))
- --with-root-certs=${EPREFIX}/etc/ssl/certs/
- --enable-ssh-agent
- --enable-gpg-agent
- --disable-update-mime"
-# $(use_enable valgrind)
-}
-
-src_prepare() {
- # Disable gcr tests due to weirdness with opensc
- # ** WARNING **: couldn't load PKCS#11 module: /usr/lib64/pkcs11/gnome-keyring-pkcs11.so: Couldn't initialize module: The device was removed or unplugged
- sed -e 's/^\(SUBDIRS = \.\)\(.*\)/\1/' \
- -i gcr/Makefile.* || die "sed failed"
-
- gnome2_src_prepare
-}
-
-src_test() {
- # FIXME: /gkm/transaction/ tests fail
- unset DBUS_SESSION_BUS_ADDRESS
- Xemake check || die "emake check failed!"
-}
diff --git a/gnome-base/gnome-keyring/gnome-keyring-9999.ebuild b/gnome-base/gnome-keyring/gnome-keyring-9999.ebuild
index ca7f9ef..f0f0572 100644
--- a/gnome-base/gnome-keyring/gnome-keyring-9999.ebuild
+++ b/gnome-base/gnome-keyring/gnome-keyring-9999.ebuild
@@ -74,3 +74,47 @@ src_test() {
unset DBUS_SESSION_BUS_ADDRESS
Xemake check || die "emake check failed!"
}
+
+pkg_postinst() {
+ use caps && fcaps 0:0 755 cap_ipc_lock "${ROOT}"/usr/bin/gnome-keyring-daemon
+
+ gnome2_pkg_postinst
+}
+
+# borrowed from GSoC2010_Gentoo_Capabilities by constanze and flameyeys
+# @FUNCTION: fcaps
+# @USAGE: fcaps {uid:gid} {file-mode} {cap1[,cap2,...]} {file}
+# @RETURN: 0 if all okay; non-zero if failure and fallback
+# @DESCRIPTION:
+# fcaps sets the specified capabilities in the effective and permitted set of
+# the given file. In case of failure fcaps sets the given file-mode.
+fcaps() {
+ local uid_gid=$1
+ local perms=$2
+ local capset=$3
+ local path=$4
+ local res
+
+ chmod $perms $path && \
+ chown $uid_gid $path
+ res=$?
+
+ use caps || return $res
+
+ #set the capability
+ setcap "$capset=ep" "$path" &> /dev/null
+ #check if the capabilitiy got set correctly
+ setcap -v "$capset=ep" "$path" &> /dev/null
+ res=$?
+
+ if [ $res -ne 0 ]; then
+ ewarn "Failed to set capabilities. Probable reason is missed kernel support."
+ ewarn "Kernel must have SECURITY_FILE_CAPABILITIES, and <FS>_FS_SECURITY"
+ ewarn "enabled (e.g. EXT3_FS_SECURITY) where <FS> is the filesystem to store"
+ ewarn "${path}"
+ ewarn
+ ewarn "Falling back to suid now..."
+ chmod u+s ${path}
+ fi
+ return $res
+}
next reply other threads:[~2011-10-05 21:41 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-05 21:41 Alexandre Restovtsev [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-01-12 12:46 [gentoo-commits] proj/gnome:master commit in: gnome-base/gnome-keyring/ Dennis Lamm
2016-03-26 22:54 Ole Reifschneider
2015-05-10 17:20 Gilles Dartiguelongue
2014-12-22 23:11 Gilles Dartiguelongue
2014-10-26 15:46 Gilles Dartiguelongue
2014-04-16 22:27 Gilles Dartiguelongue
2014-02-12 20:58 Gilles Dartiguelongue
2013-12-11 23:44 Gilles Dartiguelongue
2013-10-13 22:22 Gilles Dartiguelongue
2012-12-17 8:14 Gilles Dartiguelongue
2012-11-25 15:46 Gilles Dartiguelongue
2012-10-24 8:10 Alexandre Rostovtsev
2012-09-27 22:32 Alexandre Rostovtsev
2012-09-22 15:54 Nirbheek Chauhan
2012-09-05 15:48 Nirbheek Chauhan
2012-05-14 6:38 Alexandre Restovtsev
2012-04-20 7:29 Alexandre Restovtsev
2012-03-26 8:20 Nirbheek Chauhan
2012-02-27 2:24 Alexandre Restovtsev
2011-10-21 4:01 Alexandre Restovtsev
2011-10-18 7:37 Alexandre Restovtsev
2011-10-06 5:22 Priit Laes
2011-05-28 3:40 Gilles Dartiguelongue
2011-04-11 22:25 Gilles Dartiguelongue
2011-04-10 18:04 Gilles Dartiguelongue
2011-04-05 0:57 Nirbheek Chauhan
2011-02-15 23:45 Nirbheek Chauhan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fecbc8f9ef9e3f8adcdd64d5fbd7f0d2cfbb47b0.tetromino@gentoo \
--to=tetromino@gmail.com \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox