[arch-commits] Commit in shadow/trunk (PKGBUILD shadow.install)

Dave Reisner dreisner at archlinux.org
Thu Aug 1 18:04:21 UTC 2019


    Date: Thursday, August 1, 2019 @ 18:04:21
  Author: dreisner
Revision: 358862

upgpkg: shadow 4.7-2

- apply filecaps to newuidmap/newgidmap instead of setuid (FS#63248)

Added:
  shadow/trunk/shadow.install
Modified:
  shadow/trunk/PKGBUILD

----------------+
 PKGBUILD       |    3 ++-
 shadow.install |   15 +++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2019-08-01 14:12:28 UTC (rev 358861)
+++ PKGBUILD	2019-08-01 18:04:21 UTC (rev 358862)
@@ -3,7 +3,7 @@
 
 pkgname=shadow
 pkgver=4.7
-pkgrel=1
+pkgrel=2
 pkgdesc="Password and account management tool suite with support for shadow files and PAM"
 arch=('x86_64')
 url='https://github.com/shadow-maint/shadow'
@@ -28,6 +28,7 @@
         passwd
         shadow.{timer,service}
         useradd.defaults)
+install=shadow.install
 sha1sums=('SKIP'
           '33a6cf1e44a1410e5c9726c89e5de68b78f5f922'
           '4ad0e059406a305c8640ed30d93c2a1f62c2f4ad'

Added: shadow.install
===================================================================
--- shadow.install	                        (rev 0)
+++ shadow.install	2019-08-01 18:04:21 UTC (rev 358862)
@@ -0,0 +1,15 @@
+setcaps() {
+  # shadow ships these as setuid, but if we can apply file caps, use those instead.
+  setcap cap_setuid+ep usr/bin/newuidmap 2>/dev/null && chmod -s usr/bin/newuidmap
+  setcap cap_setgid+ep usr/bin/newgidmap 2>/dev/null && chmod -s usr/bin/newgidmap 
+}
+
+post_install() {
+  setcaps
+}
+
+post_upgrade() {
+  setcaps
+}
+
+# vim:set ts=2 sw=2 et:


More information about the arch-commits mailing list