Am 16.04.2014 12:21, schrieb Allan McRae:
Just submitted a patch to pacman that will allow setting capabilites in the package() function.
Since we want PAX support to remain optional, we'd still need hooks so that after each upgrade, a script can adjust the flags appropriately.
Sure... I really don't care about PAX (and think it should just be packaged in a separate repo...). I just wanted pacman to support setting capabilities during packaging.
I am not sure that your patch will work at all due to limitations of fakeroot. I just tested this shortly, and fakeroot supports setting file capabilities using setcap, but not setting ACLs using setfacl. So, support for extended attributes in fakeroot is incomplete at best. A further look indicates that this may simply be stupidity on the side of fakeroot: it explicitly hardcodes ENOTSUP for acl_{s,g}et_f{ile,d}, while the now implemented f{s,g}etxattr support should be sufficient in order to support ACLs entirely. I guess these acl overrides are remnants of the days when xattr support was missing. Anyway, we need to fix fakeroot before this makepkg feature can be useful.