File capabilities can now be set in the package() function. Makepkg stores and restores these when stripping the file. We pass the --format=pax options to bsdtar when creating the package so that the capabilities are stored in the package. libalpm uses ARCHIVE_EXTRACT_XATTR when extracting the file to set the capabilities. Signed-off-by: Allan McRae --- lib/libalpm/add.c | 3 ++- scripts/makepkg.sh.in | 9 ++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/libalpm/add.c b/lib/libalpm/add.c index 4f557a4..cb1427e 100644 --- a/lib/libalpm/add.c +++ b/lib/libalpm/add.c @@ -112,7 +112,8 @@ static int perform_extraction(alpm_handle_t *handle, struct archive *archive, int ret; const int archive_flags = ARCHIVE_EXTRACT_OWNER | ARCHIVE_EXTRACT_PERM | - ARCHIVE_EXTRACT_TIME; + ARCHIVE_EXTRACT_TIME | + ARCHIVE_EXTRACT_XATTR; archive_entry_set_pathname(entry, filename); diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in index 95994dd..a7dd8f8 100644 --- a/scripts/makepkg.sh.in +++ b/scripts/makepkg.sh.in @@ -1527,6 +1527,9 @@ build_id() { strip_file() { local binary=$1; shift + local cap=$(getcap "$binary") + cap=${cap##* = } + if check_option "debug" "y"; then local bid=$(build_id "$binary") @@ -1566,6 +1569,10 @@ strip_file() { fi strip $@ "$binary" + + if [[ -n $cap ]]; then + setcap $cap "$binary" + fi } tidy_install() { @@ -1929,7 +1936,7 @@ create_package() { # bsdtar's gzip compression always saves the time stamp, making one # archive created using the same command line distinct from another. # Disable bsdtar compression and use gzip -n for now. - bsdtar -cf - "${comp_files[@]}" * | + bsdtar -c --format=pax -f - "${comp_files[@]}" * | case "$PKGEXT" in *tar.gz) ${COMPRESSGZ[@]:-gzip -c -f -n} ;; *tar.bz2) ${COMPRESSBZ2[@]:-bzip2 -c -f} ;; -- 1.9.2