diff options
author | Lars Wendler <polynomial-c@gentoo.org> | 2020-06-24 11:26:16 +0200 |
---|---|---|
committer | Lars Wendler <polynomial-c@gentoo.org> | 2020-06-24 11:27:50 +0200 |
commit | 0e7234f3304d3a7471390c4699892d49d41028e2 (patch) | |
tree | 2ea66dbc2e474a823feaf085a0cac5d9fce04780 | |
parent | www-client/vivaldi: Version 3.1.1929.45_p1 (diff) | |
download | gentoo-0e7234f3304d3a7471390c4699892d49d41028e2.tar.gz gentoo-0e7234f3304d3a7471390c4699892d49d41028e2.tar.bz2 gentoo-0e7234f3304d3a7471390c4699892d49d41028e2.zip |
sys-apps/file: Attempt to fix seccomp in portage's sandbox
Thanks-to: tka <tka@kamph.org>
Bug: https://bugs.gentoo.org/728978
Package-Manager: Portage-2.3.102, Repoman-2.3.23
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
-rw-r--r-- | sys-apps/file/file-5.39-r1.ebuild | 140 | ||||
-rw-r--r-- | sys-apps/file/files/file-5.39-portage_sandbox.patch | 28 |
2 files changed, 168 insertions, 0 deletions
diff --git a/sys-apps/file/file-5.39-r1.ebuild b/sys-apps/file/file-5.39-r1.ebuild new file mode 100644 index 000000000000..8333fd922e2c --- /dev/null +++ b/sys-apps/file/file-5.39-r1.ebuild @@ -0,0 +1,140 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{6..9} ) +DISTUTILS_OPTIONAL=1 + +inherit autotools distutils-r1 libtool toolchain-funcs multilib-minimal + +if [[ ${PV} == "9999" ]] ; then + EGIT_REPO_URI="https://github.com/glensc/file.git" + inherit git-r3 +else + SRC_URI="ftp://ftp.astron.com/pub/file/${P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +fi + +DESCRIPTION="identify a file's format by scanning binary data for patterns" +HOMEPAGE="https://www.darwinsys.com/file/" + +LICENSE="BSD-2" +SLOT="0" +IUSE="bzip2 lzma python seccomp static-libs zlib" +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +DEPEND=" + bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] ) + lzma? ( app-arch/xz-utils[${MULTILIB_USEDEP}] ) + python? ( + ${PYTHON_DEPS} + dev-python/setuptools[${PYTHON_USEDEP}] + ) + zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )" +RDEPEND="${DEPEND} + python? ( !dev-python/python-magic ) + seccomp? ( sys-libs/libseccomp[${MULTILIB_USEDEP}] )" + +PATCHES=( + "${FILESDIR}/${PN}-5.39-portage_sandbox.patch" #713710 #728978 +) + +src_prepare() { + default + eautoreconf + elibtoolize + + # don't let python README kill main README #60043 + mv python/README.md python/README.python.md || die + sed 's@README.md@README.python.md@' -i python/setup.py || die #662090 +} + +multilib_src_configure() { + local myeconfargs=( + --enable-fsect-man5 + $(use_enable bzip2 bzlib) + $(use_enable lzma xzlib) + $(use_enable seccomp libseccomp) + $(use_enable static-libs static) + $(use_enable zlib) + ) + econf "${myeconfargs[@]}" +} + +build_src_configure() { + local myeconfargs=( + --disable-shared + --disable-libseccomp + --disable-bzlib + --disable-xzlib + --disable-zlib + ) + tc-env_build econf "${myeconfargs[@]}" +} + +need_build_file() { + # when cross-compiling, we need to build up our own file + # because people often don't keep matching host/target + # file versions #362941 + tc-is-cross-compiler && ! has_version -b "~${CATEGORY}/${P}" +} + +src_configure() { + local ECONF_SOURCE=${S} + + if need_build_file; then + mkdir -p "${WORKDIR}"/build || die + cd "${WORKDIR}"/build || die + build_src_configure + fi + + multilib-minimal_src_configure +} + +multilib_src_compile() { + if multilib_is_native_abi ; then + emake + else + cd src || die + emake magic.h #586444 + emake libmagic.la + fi +} + +src_compile() { + if need_build_file; then + emake -C "${WORKDIR}"/build/src magic.h #586444 + emake -C "${WORKDIR}"/build/src file + local -x PATH="${WORKDIR}/build/src:${PATH}" + fi + multilib-minimal_src_compile + + if use python ; then + cd python || die + distutils-r1_src_compile + fi +} + +multilib_src_install() { + if multilib_is_native_abi ; then + default + else + emake -C src install-{nodist_includeHEADERS,libLTLIBRARIES} DESTDIR="${D}" + fi +} + +multilib_src_install_all() { + dodoc ChangeLog MAINT README + + # Required for `file -C` + dodir /usr/share/misc/magic + insinto /usr/share/misc/magic + doins -r magic/Magdir/* + + if use python ; then + cd python || die + distutils-r1_src_install + fi + find "${ED}" -type f -name "*.la" -delete || die +} diff --git a/sys-apps/file/files/file-5.39-portage_sandbox.patch b/sys-apps/file/files/file-5.39-portage_sandbox.patch new file mode 100644 index 000000000000..ff2caed413fc --- /dev/null +++ b/sys-apps/file/files/file-5.39-portage_sandbox.patch @@ -0,0 +1,28 @@ +From 7e1d9d51329a0e0f3d9cd1dbc3f9509251950e81 Mon Sep 17 00:00:00 2001 +From: tka <tka@kamph.org> +Date: Wed, 24 Jun 2020 11:18:45 +0200 +Subject: [PATCH] Allow getcwd for Gentoo's portage sandbox + +Gentoo-bug: https://bugs.gentoo.org/728978 +Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> +--- + src/seccomp.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/seccomp.c b/src/seccomp.c +index 68c56485..af55918e 100644 +--- a/src/seccomp.c ++++ b/src/seccomp.c +@@ -227,6 +227,9 @@ enable_sandbox_full(void) + ALLOW_RULE(unlink); + ALLOW_RULE(write); + ++ // needed by Gentoo's portage sandbox ++ ALLOW_RULE(getcwd); ++ + + #if 0 + // needed by valgrind +-- +2.27.0 + |