summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys-apps/gawk/gawk-4.2.1-r1.ebuild20
-rw-r--r--sys-apps/gawk/gawk-5.0.1.ebuild20
-rw-r--r--sys-apps/gawk/gawk-5.1.0.ebuild20
-rw-r--r--sys-apps/gawk/metadata.xml1
4 files changed, 58 insertions, 3 deletions
diff --git a/sys-apps/gawk/gawk-4.2.1-r1.ebuild b/sys-apps/gawk/gawk-4.2.1-r1.ebuild
index 807061875e31..6982b29dc59b 100644
--- a/sys-apps/gawk/gawk-4.2.1-r1.ebuild
+++ b/sys-apps/gawk/gawk-4.2.1-r1.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://gnu/gawk/${P}.tar.xz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="mpfr nls readline"
+IUSE="forced-sandbox mpfr nls readline"
RDEPEND="
dev-libs/gmp:0=
@@ -38,6 +38,16 @@ src_prepare() {
-e '/\<_XOPEN_SOURCE_EXTENDED\>/s/1//' \
extension/inplace.c || die
fi
+
+ if use forced-sandbox ; then
+ # Upstream doesn't want to add a configure flag for this.
+ # https://lists.gnu.org/archive/html/bug-sed/2018-03/msg00001.html
+ sed -i \
+ -e '/^int do_flags = false;/s:false:DO_SANDBOX:' \
+ main.c || die
+ # Make sure the sed took.
+ grep -q '^int do_flags = DO_SANDBOX;' main.c || die "forcing sandbox failed"
+ fi
}
src_configure() {
@@ -61,6 +71,14 @@ src_install() {
rm "${ED%/}"/usr/include/awk/config.h || die
}
+src_test() {
+ if use forced-sandbox ; then
+ ewarn "Tests disabled as they don't account for this mode."
+ return
+ fi
+ default
+}
+
pkg_postinst() {
# symlink creation here as the links do not belong to gawk, but to any awk
if has_version app-admin/eselect \
diff --git a/sys-apps/gawk/gawk-5.0.1.ebuild b/sys-apps/gawk/gawk-5.0.1.ebuild
index b44a5513e78b..42d0a4c55254 100644
--- a/sys-apps/gawk/gawk-5.0.1.ebuild
+++ b/sys-apps/gawk/gawk-5.0.1.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://gnu/gawk/${P}.tar.xz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="mpfr nls readline"
+IUSE="forced-sandbox mpfr nls readline"
RDEPEND="
dev-libs/gmp:0=
@@ -40,6 +40,16 @@ src_prepare() {
-e '/\<_XOPEN_SOURCE_EXTENDED\>/s/1//' \
extension/inplace.c || die
fi
+
+ if use forced-sandbox ; then
+ # Upstream doesn't want to add a configure flag for this.
+ # https://lists.gnu.org/archive/html/bug-sed/2018-03/msg00001.html
+ sed -i \
+ -e '/^int do_flags = false;/s:false:DO_SANDBOX:' \
+ main.c || die
+ # Make sure the sed took.
+ grep -q '^int do_flags = DO_SANDBOX;' main.c || die "forcing sandbox failed"
+ fi
}
src_configure() {
@@ -63,6 +73,14 @@ src_install() {
rm "${ED}"/usr/include/awk/config.h || die
}
+src_test() {
+ if use forced-sandbox ; then
+ ewarn "Tests disabled as they don't account for this mode."
+ return
+ fi
+ default
+}
+
pkg_postinst() {
# symlink creation here as the links do not belong to gawk, but to any awk
if has_version app-admin/eselect && has_version app-eselect/eselect-awk ; then
diff --git a/sys-apps/gawk/gawk-5.1.0.ebuild b/sys-apps/gawk/gawk-5.1.0.ebuild
index 850ebc1769ed..d0cc5570fb28 100644
--- a/sys-apps/gawk/gawk-5.1.0.ebuild
+++ b/sys-apps/gawk/gawk-5.1.0.ebuild
@@ -12,7 +12,7 @@ SRC_URI="mirror://gnu/gawk/${P}.tar.xz"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="mpfr nls readline"
+IUSE="forced-sandbox mpfr nls readline"
RDEPEND="
dev-libs/gmp:0=
@@ -42,6 +42,16 @@ src_prepare() {
-e '/\<_XOPEN_SOURCE_EXTENDED\>/s/1//' \
extension/inplace.c || die
fi
+
+ if use forced-sandbox ; then
+ # Upstream doesn't want to add a configure flag for this.
+ # https://lists.gnu.org/archive/html/bug-sed/2018-03/msg00001.html
+ sed -i \
+ -e '/^int do_flags = false;/s:false:DO_SANDBOX:' \
+ main.c || die
+ # Make sure the sed took.
+ grep -q '^int do_flags = DO_SANDBOX;' main.c || die "forcing sandbox failed"
+ fi
}
src_configure() {
@@ -65,6 +75,14 @@ src_install() {
rm "${ED}"/usr/include/awk/config.h || die
}
+src_test() {
+ if use forced-sandbox ; then
+ ewarn "Tests disabled as they don't account for this mode."
+ return
+ fi
+ default
+}
+
pkg_postinst() {
# symlink creation here as the links do not belong to gawk, but to any awk
if has_version app-admin/eselect && has_version app-eselect/eselect-awk ; then
diff --git a/sys-apps/gawk/metadata.xml b/sys-apps/gawk/metadata.xml
index 3fa1f9889991..58cec04bdcb0 100644
--- a/sys-apps/gawk/metadata.xml
+++ b/sys-apps/gawk/metadata.xml
@@ -6,6 +6,7 @@
<name>Gentoo Base System</name>
</maintainer>
<use>
+ <flag name="forced-sandbox">Always enable --sandbox mode for simpler/secure runtime (disables e/r/w commands)</flag>
<flag name="mpfr">use mpfr for high precision arithmetic (-M / --bignum)</flag>
</use>
</pkgmetadata>