From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RBZDh-0002Ka-2Y for garchives@archives.gentoo.org; Wed, 05 Oct 2011 21:41:41 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 98AFB21C109; Wed, 5 Oct 2011 21:41:30 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 5229321C109 for ; Wed, 5 Oct 2011 21:41:30 +0000 (UTC) Received: from pelican.gentoo.org (unknown [66.219.59.40]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id AB0111B401A for ; Wed, 5 Oct 2011 21:41:29 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by pelican.gentoo.org (Postfix) with ESMTP id BDBF780042 for ; Wed, 5 Oct 2011 21:41:28 +0000 (UTC) From: "Alexandre Restovtsev" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Alexandre Restovtsev" Message-ID: Subject: [gentoo-commits] proj/gnome:master commit in: gnome-base/gnome-keyring/ X-VCS-Repository: proj/gnome X-VCS-Files: gnome-base/gnome-keyring/gnome-keyring-3.2.0-r1.ebuild gnome-base/gnome-keyring/gnome-keyring-3.2.0.ebuild gnome-base/gnome-keyring/gnome-keyring-9999.ebuild X-VCS-Directories: gnome-base/gnome-keyring/ X-VCS-Committer: tetromino X-VCS-Committer-Name: Alexandre Restovtsev X-VCS-Revision: fecbc8f9ef9e3f8adcdd64d5fbd7f0d2cfbb47b0 Date: Wed, 5 Oct 2011 21:41:28 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: b5bcd5b4b9ccda0f825a63cd398c878e commit: fecbc8f9ef9e3f8adcdd64d5fbd7f0d2cfbb47b0 Author: Alexandre Rostovtsev gmail com> AuthorDate: Wed Oct 5 21:29:59 2011 +0000 Commit: Alexandre Restovtsev gmail com> CommitDate: Wed Oct 5 21:34:01 2011 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/gnome.git;a=3D= commit;h=3Dfecbc8f9 gnome-base/gnome-keyring: fcaps in pkg_postinst Add the GSoC 2010 fcaps() function and call it in pkg_postinst to set the cap_ipc_lock capability on /usr/bin/gnome-keyring-daemon, as upstream intended. Thanks to Marien Zwart for the patch. --- .../gnome-keyring/gnome-keyring-3.2.0-r1.ebuild | 120 ++++++++++++++= ++++++ .../gnome-keyring/gnome-keyring-3.2.0.ebuild | 76 ------------ gnome-base/gnome-keyring/gnome-keyring-9999.ebuild | 44 +++++++ 3 files changed, 164 insertions(+), 76 deletions(-) diff --git a/gnome-base/gnome-keyring/gnome-keyring-3.2.0-r1.ebuild b/gno= me-base/gnome-keyring/gnome-keyring-3.2.0-r1.ebuild new file mode 100644 index 0000000..f0f0572 --- /dev/null +++ b/gnome-base/gnome-keyring/gnome-keyring-3.2.0-r1.ebuild @@ -0,0 +1,120 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyrin= g-2.32.1.ebuild,v 1.4 2011/01/02 21:32:23 mr_bones_ Exp $ + +EAPI=3D"4" +GCONF_DEBUG=3D"no" +GNOME2_LA_PUNT=3D"yes" + +inherit gnome2 multilib pam virtualx +if [[ ${PV} =3D 9999 ]]; then + inherit gnome2-live +fi + +DESCRIPTION=3D"Password and keyring managing daemon" +HOMEPAGE=3D"http://www.gnome.org/" + +LICENSE=3D"GPL-2 LGPL-2" +SLOT=3D"0" +IUSE=3D"+caps debug doc pam test" +if [[ ${PV} =3D 9999 ]]; then + KEYWORDS=3D"" +else + KEYWORDS=3D"~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sh ~sparc ~x86" +fi + +# USE=3Dvalgrind is probably not a good idea for the tree +RDEPEND=3D">=3Ddev-libs/glib-2.25:2 + >=3Dx11-libs/gtk+-2.90.0:3 + >=3Dapp-crypt/p11-kit-0.6 + app-misc/ca-certificates + >=3Ddev-libs/libgcrypt-1.2.2 + >=3Ddev-libs/libtasn1-1 + >=3Dsys-apps/dbus-1.0 + caps? ( sys-libs/libcap-ng ) + pam? ( virtual/pam ) +" +# valgrind? ( dev-util/valgrind ) +DEPEND=3D"${RDEPEND} + sys-devel/gettext + >=3Ddev-util/gtk-doc-am-1.9 + >=3Ddev-util/intltool-0.35 + >=3Ddev-util/pkgconfig-0.9 + doc? ( >=3Ddev-util/gtk-doc-1.9 )" +PDEPEND=3D"gnome-base/libgnome-keyring" +# eautoreconf needs: +# >=3Ddev-util/gtk-doc-am-1.9 + +pkg_setup() { + DOCS=3D"AUTHORS ChangeLog NEWS README" + G2CONF=3D"${G2CONF} + $(use_enable debug) + $(use_enable test tests) + $(use_with caps libcap-ng) + $(use_enable pam) + $(use_with pam pam-dir $(getpam_mod_dir)) + --with-root-certs=3D${EPREFIX}/etc/ssl/certs/ + --enable-ssh-agent + --enable-gpg-agent + --disable-update-mime" +# $(use_enable valgrind) +} + +src_prepare() { + # Disable gcr tests due to weirdness with opensc + # ** WARNING **: couldn't load PKCS#11 module: /usr/lib64/pkcs11/gnome-= keyring-pkcs11.so: Couldn't initialize module: The device was removed or = unplugged + sed -e 's/^\(SUBDIRS =3D \.\)\(.*\)/\1/' \ + -i gcr/Makefile.* || die "sed failed" + + gnome2_src_prepare +} + +src_test() { + # FIXME: /gkm/transaction/ tests fail + unset DBUS_SESSION_BUS_ADDRESS + Xemake check || die "emake check failed!" +} + +pkg_postinst() { + use caps && fcaps 0:0 755 cap_ipc_lock "${ROOT}"/usr/bin/gnome-keyring-= daemon + + gnome2_pkg_postinst +} + +# borrowed from GSoC2010_Gentoo_Capabilities by constanze and flameyeys +# @FUNCTION: fcaps +# @USAGE: fcaps {uid:gid} {file-mode} {cap1[,cap2,...]} {file} +# @RETURN: 0 if all okay; non-zero if failure and fallback +# @DESCRIPTION: +# fcaps sets the specified capabilities in the effective and permitted s= et of +# the given file. In case of failure fcaps sets the given file-mode. +fcaps() { + local uid_gid=3D$1 + local perms=3D$2 + local capset=3D$3 + local path=3D$4 + local res + + chmod $perms $path && \ + chown $uid_gid $path + res=3D$? + + use caps || return $res + + #set the capability + setcap "$capset=3Dep" "$path" &> /dev/null + #check if the capabilitiy got set correctly + setcap -v "$capset=3Dep" "$path" &> /dev/null + res=3D$? + + if [ $res -ne 0 ]; then + ewarn "Failed to set capabilities. Probable reason is missed kernel su= pport." + ewarn "Kernel must have SECURITY_FILE_CAPABILITIES, and _FS_SECURI= TY" + ewarn "enabled (e.g. EXT3_FS_SECURITY) where is the filesystem to= store" + ewarn "${path}" + ewarn + ewarn "Falling back to suid now..." + chmod u+s ${path} + fi + return $res +} diff --git a/gnome-base/gnome-keyring/gnome-keyring-3.2.0.ebuild b/gnome-= base/gnome-keyring/gnome-keyring-3.2.0.ebuild deleted file mode 100644 index ca7f9ef..0000000 --- a/gnome-base/gnome-keyring/gnome-keyring-3.2.0.ebuild +++ /dev/null @@ -1,76 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyrin= g-2.32.1.ebuild,v 1.4 2011/01/02 21:32:23 mr_bones_ Exp $ - -EAPI=3D"4" -GCONF_DEBUG=3D"no" -GNOME2_LA_PUNT=3D"yes" - -inherit gnome2 multilib pam virtualx -if [[ ${PV} =3D 9999 ]]; then - inherit gnome2-live -fi - -DESCRIPTION=3D"Password and keyring managing daemon" -HOMEPAGE=3D"http://www.gnome.org/" - -LICENSE=3D"GPL-2 LGPL-2" -SLOT=3D"0" -IUSE=3D"+caps debug doc pam test" -if [[ ${PV} =3D 9999 ]]; then - KEYWORDS=3D"" -else - KEYWORDS=3D"~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sh ~sparc ~x86" -fi - -# USE=3Dvalgrind is probably not a good idea for the tree -RDEPEND=3D">=3Ddev-libs/glib-2.25:2 - >=3Dx11-libs/gtk+-2.90.0:3 - >=3Dapp-crypt/p11-kit-0.6 - app-misc/ca-certificates - >=3Ddev-libs/libgcrypt-1.2.2 - >=3Ddev-libs/libtasn1-1 - >=3Dsys-apps/dbus-1.0 - caps? ( sys-libs/libcap-ng ) - pam? ( virtual/pam ) -" -# valgrind? ( dev-util/valgrind ) -DEPEND=3D"${RDEPEND} - sys-devel/gettext - >=3Ddev-util/gtk-doc-am-1.9 - >=3Ddev-util/intltool-0.35 - >=3Ddev-util/pkgconfig-0.9 - doc? ( >=3Ddev-util/gtk-doc-1.9 )" -PDEPEND=3D"gnome-base/libgnome-keyring" -# eautoreconf needs: -# >=3Ddev-util/gtk-doc-am-1.9 - -pkg_setup() { - DOCS=3D"AUTHORS ChangeLog NEWS README" - G2CONF=3D"${G2CONF} - $(use_enable debug) - $(use_enable test tests) - $(use_with caps libcap-ng) - $(use_enable pam) - $(use_with pam pam-dir $(getpam_mod_dir)) - --with-root-certs=3D${EPREFIX}/etc/ssl/certs/ - --enable-ssh-agent - --enable-gpg-agent - --disable-update-mime" -# $(use_enable valgrind) -} - -src_prepare() { - # Disable gcr tests due to weirdness with opensc - # ** WARNING **: couldn't load PKCS#11 module: /usr/lib64/pkcs11/gnome-= keyring-pkcs11.so: Couldn't initialize module: The device was removed or = unplugged - sed -e 's/^\(SUBDIRS =3D \.\)\(.*\)/\1/' \ - -i gcr/Makefile.* || die "sed failed" - - gnome2_src_prepare -} - -src_test() { - # FIXME: /gkm/transaction/ tests fail - unset DBUS_SESSION_BUS_ADDRESS - Xemake check || die "emake check failed!" -} diff --git a/gnome-base/gnome-keyring/gnome-keyring-9999.ebuild b/gnome-b= ase/gnome-keyring/gnome-keyring-9999.ebuild index ca7f9ef..f0f0572 100644 --- a/gnome-base/gnome-keyring/gnome-keyring-9999.ebuild +++ b/gnome-base/gnome-keyring/gnome-keyring-9999.ebuild @@ -74,3 +74,47 @@ src_test() { unset DBUS_SESSION_BUS_ADDRESS Xemake check || die "emake check failed!" } + +pkg_postinst() { + use caps && fcaps 0:0 755 cap_ipc_lock "${ROOT}"/usr/bin/gnome-keyring-= daemon + + gnome2_pkg_postinst +} + +# borrowed from GSoC2010_Gentoo_Capabilities by constanze and flameyeys +# @FUNCTION: fcaps +# @USAGE: fcaps {uid:gid} {file-mode} {cap1[,cap2,...]} {file} +# @RETURN: 0 if all okay; non-zero if failure and fallback +# @DESCRIPTION: +# fcaps sets the specified capabilities in the effective and permitted s= et of +# the given file. In case of failure fcaps sets the given file-mode. +fcaps() { + local uid_gid=3D$1 + local perms=3D$2 + local capset=3D$3 + local path=3D$4 + local res + + chmod $perms $path && \ + chown $uid_gid $path + res=3D$? + + use caps || return $res + + #set the capability + setcap "$capset=3Dep" "$path" &> /dev/null + #check if the capabilitiy got set correctly + setcap -v "$capset=3Dep" "$path" &> /dev/null + res=3D$? + + if [ $res -ne 0 ]; then + ewarn "Failed to set capabilities. Probable reason is missed kernel su= pport." + ewarn "Kernel must have SECURITY_FILE_CAPABILITIES, and _FS_SECURI= TY" + ewarn "enabled (e.g. EXT3_FS_SECURITY) where is the filesystem to= store" + ewarn "${path}" + ewarn + ewarn "Falling back to suid now..." + chmod u+s ${path} + fi + return $res +}