[arch-commits] Commit in cifs-utils/repos/extra-x86_64 (5 files)

Tobias Powalowski tpowa at archlinux.org
Thu Dec 17 09:37:56 UTC 2020


    Date: Thursday, December 17, 2020 @ 09:37:56
  Author: tpowa
Revision: 404432

archrelease: copy trunk to extra-x86_64

Added:
  cifs-utils/repos/extra-x86_64/PKGBUILD
    (from rev 404431, cifs-utils/trunk/PKGBUILD)
  cifs-utils/repos/extra-x86_64/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch
    (from rev 404431, cifs-utils/trunk/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch)
  cifs-utils/repos/extra-x86_64/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch
    (from rev 404431, cifs-utils/trunk/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch)
Deleted:
  cifs-utils/repos/extra-x86_64/PKGBUILD
  cifs-utils/repos/extra-x86_64/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch

------------------------------------------------------------------+
 PKGBUILD                                                         |   95 ++--
 cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch        |  202 +++++-----
 cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch |   58 ++
 3 files changed, 208 insertions(+), 147 deletions(-)

Deleted: PKGBUILD
===================================================================
--- PKGBUILD	2020-12-17 09:37:48 UTC (rev 404431)
+++ PKGBUILD	2020-12-17 09:37:56 UTC (rev 404432)
@@ -1,46 +0,0 @@
-# Maintainer: Tobias Powalowski <tpowa at archlinux.org>
-pkgname=cifs-utils
-pkgver=6.11
-pkgrel=2
-pkgdesc="CIFS filesystem user-space tools"
-arch=(x86_64)
-url="https://wiki.samba.org/index.php/LinuxCIFS_utils"
-license=('GPL')
-depends=('libcap-ng' 'keyutils' 'krb5' 'talloc' 'libwbclient' 'pam')
-makedepends=('python-docutils')
-source=("https://download.samba.org/pub/linux-cifs/$pkgname/$pkgname-$pkgver.tar.bz2"{,.asc}
-	"cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch")
-
-validpgpkeys=('C699981A31F338706C817650DF5BA9D30642D5A0') #cifs-utils Distribution Verification Key <cifs-utils at samba.org>
-sha256sums=('b859239a3f204f8220d3e54ed43bf8109e1ef202042dd87ba87492f8878728d9'
-            'SKIP'
-            '0edcd01eb3e721a5726cc00160667dc2f7c935883bad71711288488081f81e5b')
-
-prepare() {
-  # Fix install to honor DESTDIR
-  sed -e 's|\$(man8dir)|$(DESTDIR)$(man8dir)|g' -e 's|cd \$(ROOTSBINDIR)|cd $(DESTDIR)$(ROOTSBINDIR)|g' -i $pkgname-$pkgver/Makefile.am
-  cd "$srcdir/$pkgname-$pkgver"
-  patch -Np1 -i $srcdir/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch
-}
-
-build() {
-  cd "$srcdir/$pkgname-$pkgver"
-  # systemd support is broken in mount.cifs
-  # https://bugs.archlinux.org/task/30958
-  autoreconf -i
-  ./configure --prefix=/usr --sbindir=/usr/bin --disable-systemd
-  make
-}
-
-package() {
-  cd "$srcdir/$pkgname-$pkgver"
-  make DESTDIR="$pkgdir" ROOTSBINDIR=/usr/bin install
-  mkdir -p "$pkgdir"/etc/request-key.d
-  install -m 644 contrib/request-key.d/cifs.idmap.conf "$pkgdir"/etc/request-key.d
-  install -m 644 contrib/request-key.d/cifs.spnego.conf "$pkgdir"/etc/request-key.d
-  # set mount.cifs uid, to enable none root mounting form fstab
-  chmod +s "$pkgdir"/usr/bin/mount.cifs
-  # fix idmap-plugin #42052
-  mkdir -p "$pkgdir"/etc/cifs-utils
-  ln -s /usr/lib/cifs-utils/idmapwb.so "${pkgdir}"/etc/cifs-utils/idmap-plugin
-}

Copied: cifs-utils/repos/extra-x86_64/PKGBUILD (from rev 404431, cifs-utils/trunk/PKGBUILD)
===================================================================
--- PKGBUILD	                        (rev 0)
+++ PKGBUILD	2020-12-17 09:37:56 UTC (rev 404432)
@@ -0,0 +1,49 @@
+# Maintainer: Tobias Powalowski <tpowa at archlinux.org>
+pkgname=cifs-utils
+pkgver=6.11
+pkgrel=3
+pkgdesc="CIFS filesystem user-space tools"
+arch=(x86_64)
+url="https://wiki.samba.org/index.php/LinuxCIFS_utils"
+license=('GPL')
+depends=('libcap-ng' 'keyutils' 'krb5' 'talloc' 'libwbclient' 'pam')
+makedepends=('python-docutils')
+source=("https://download.samba.org/pub/linux-cifs/$pkgname/$pkgname-$pkgver.tar.bz2"{,.asc}
+	"cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch"
+        "cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch")
+
+validpgpkeys=('C699981A31F338706C817650DF5BA9D30642D5A0') #cifs-utils Distribution Verification Key <cifs-utils at samba.org>
+sha256sums=('b859239a3f204f8220d3e54ed43bf8109e1ef202042dd87ba87492f8878728d9'
+            'SKIP'
+            '0edcd01eb3e721a5726cc00160667dc2f7c935883bad71711288488081f81e5b'
+            'acdf75f2d3895d60414f19b2401f3349af23252717bf669529848f9d35d70604')
+
+prepare() {
+  # Fix install to honor DESTDIR
+  sed -e 's|\$(man8dir)|$(DESTDIR)$(man8dir)|g' -e 's|cd \$(ROOTSBINDIR)|cd $(DESTDIR)$(ROOTSBINDIR)|g' -i $pkgname-$pkgver/Makefile.am
+  cd "$srcdir/$pkgname-$pkgver"
+  patch -Np1 -i "$srcdir/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch"
+  patch -Np1 -i "$srcdir/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch"
+}
+
+build() {
+  cd "$srcdir/$pkgname-$pkgver"
+  # systemd support is broken in mount.cifs
+  # https://bugs.archlinux.org/task/30958
+  autoreconf -i
+  ./configure --prefix=/usr --sbindir=/usr/bin --disable-systemd
+  make
+}
+
+package() {
+  cd "$srcdir/$pkgname-$pkgver"
+  make DESTDIR="$pkgdir" ROOTSBINDIR=/usr/bin install
+  mkdir -p "$pkgdir"/etc/request-key.d
+  install -m 644 contrib/request-key.d/cifs.idmap.conf "$pkgdir"/etc/request-key.d
+  install -m 644 contrib/request-key.d/cifs.spnego.conf "$pkgdir"/etc/request-key.d
+  # set mount.cifs uid, to enable none root mounting form fstab
+  chmod +s "$pkgdir"/usr/bin/mount.cifs
+  # fix idmap-plugin #42052
+  mkdir -p "$pkgdir"/etc/cifs-utils
+  ln -s /usr/lib/cifs-utils/idmapwb.so "${pkgdir}"/etc/cifs-utils/idmap-plugin
+}

Deleted: cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch
===================================================================
--- cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch	2020-12-17 09:37:48 UTC (rev 404431)
+++ cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch	2020-12-17 09:37:56 UTC (rev 404432)
@@ -1,101 +0,0 @@
-From f4e7c84467152624a288351321c8664dbf3364af Mon Sep 17 00:00:00 2001
-From: Jonas Witschel <diabonas at archlinux.org>
-Date: Sat, 21 Nov 2020 11:41:26 +0100
-Subject: [PATCH 1/2] mount.cifs: update the cap bounding set only when
- CAP_SETPCAP is given
-
-libcap-ng 0.8.1 tightened the error checking on capng_apply, returning an error
-of -4 when trying to update the capability bounding set without having the
-CAP_SETPCAP capability to be able to do so. Previous versions of libcap-ng
-silently skipped updating the bounding set and only updated the normal
-CAPNG_SELECT_CAPS capabilities instead.
-
-Check beforehand whether we have CAP_SETPCAP, in which case we can use
-CAPNG_SELECT_BOTH to update both the normal capabilities and the bounding set.
-Otherwise, we can at least update the normal capabilities, but refrain from
-trying to update the bounding set to avoid getting an error.
-
-Signed-off-by: Jonas Witschel <diabonas at archlinux.org>
----
- mount.cifs.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/mount.cifs.c b/mount.cifs.c
-index 4feb397..88b8b69 100644
---- a/mount.cifs.c
-+++ b/mount.cifs.c
-@@ -338,6 +338,8 @@ static int set_password(struct parsed_mount_info *parsed_info, const char *src)
- static int
- drop_capabilities(int parent)
- {
-+	capng_select_t set = CAPNG_SELECT_CAPS;
-+
- 	capng_setpid(getpid());
- 	capng_clear(CAPNG_SELECT_BOTH);
- 	if (parent) {
-@@ -355,7 +357,10 @@ drop_capabilities(int parent)
- 			return EX_SYSERR;
- 		}
- 	}
--	if (capng_apply(CAPNG_SELECT_BOTH)) {
-+	if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
-+		set = CAPNG_SELECT_BOTH;
-+	}
-+	if (capng_apply(set)) {
- 		fprintf(stderr, "Unable to apply new capability set.\n");
- 		return EX_SYSERR;
- 	}
--- 
-2.29.2
-
-
-From 64dfbafe7a0639a96d67f0b840b6e6498e1f68a9 Mon Sep 17 00:00:00 2001
-From: Jonas Witschel <diabonas at archlinux.org>
-Date: Sat, 21 Nov 2020 11:48:33 +0100
-Subject: [PATCH 2/2] cifs.upall: update the cap bounding set only when
- CAP_SETPCAP is given
-
-libcap-ng 0.8.1 tightened the error checking on capng_apply, returning an error
-of -4 when trying to update the capability bounding set without having the
-CAP_SETPCAP capability to be able to do so. Previous versions of libcap-ng
-silently skipped updating the bounding set and only updated the normal
-CAPNG_SELECT_CAPS capabilities instead.
-
-Check beforehand whether we have CAP_SETPCAP, in which case we can use
-CAPNG_SELECT_BOTH to update both the normal capabilities and the bounding set.
-Otherwise, we can at least update the normal capabilities, but refrain from
-trying to update the bounding set to avoid getting an error.
-
-Signed-off-by: Jonas Witschel <diabonas at archlinux.org>
----
- cifs.upcall.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/cifs.upcall.c b/cifs.upcall.c
-index 1559434..af1a0b0 100644
---- a/cifs.upcall.c
-+++ b/cifs.upcall.c
-@@ -88,6 +88,8 @@ typedef enum _sectype {
- static int
- trim_capabilities(bool need_environ)
- {
-+	capng_select_t set = CAPNG_SELECT_CAPS;
-+
- 	capng_clear(CAPNG_SELECT_BOTH);
- 
- 	/* SETUID and SETGID to change uid, gid, and grouplist */
-@@ -105,7 +107,10 @@ trim_capabilities(bool need_environ)
- 		return 1;
- 	}
- 
--	if (capng_apply(CAPNG_SELECT_BOTH)) {
-+	if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
-+		set = CAPNG_SELECT_BOTH;
-+	}
-+	if (capng_apply(set)) {
- 		syslog(LOG_ERR, "%s: Unable to apply capability set: %m\n", __func__);
- 		return 1;
- 	}
--- 
-2.29.2
-

Copied: cifs-utils/repos/extra-x86_64/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch (from rev 404431, cifs-utils/trunk/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch)
===================================================================
--- cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch	                        (rev 0)
+++ cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1.patch	2020-12-17 09:37:56 UTC (rev 404432)
@@ -0,0 +1,101 @@
+From f4e7c84467152624a288351321c8664dbf3364af Mon Sep 17 00:00:00 2001
+From: Jonas Witschel <diabonas at archlinux.org>
+Date: Sat, 21 Nov 2020 11:41:26 +0100
+Subject: [PATCH 1/2] mount.cifs: update the cap bounding set only when
+ CAP_SETPCAP is given
+
+libcap-ng 0.8.1 tightened the error checking on capng_apply, returning an error
+of -4 when trying to update the capability bounding set without having the
+CAP_SETPCAP capability to be able to do so. Previous versions of libcap-ng
+silently skipped updating the bounding set and only updated the normal
+CAPNG_SELECT_CAPS capabilities instead.
+
+Check beforehand whether we have CAP_SETPCAP, in which case we can use
+CAPNG_SELECT_BOTH to update both the normal capabilities and the bounding set.
+Otherwise, we can at least update the normal capabilities, but refrain from
+trying to update the bounding set to avoid getting an error.
+
+Signed-off-by: Jonas Witschel <diabonas at archlinux.org>
+---
+ mount.cifs.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/mount.cifs.c b/mount.cifs.c
+index 4feb397..88b8b69 100644
+--- a/mount.cifs.c
++++ b/mount.cifs.c
+@@ -338,6 +338,8 @@ static int set_password(struct parsed_mount_info *parsed_info, const char *src)
+ static int
+ drop_capabilities(int parent)
+ {
++	capng_select_t set = CAPNG_SELECT_CAPS;
++
+ 	capng_setpid(getpid());
+ 	capng_clear(CAPNG_SELECT_BOTH);
+ 	if (parent) {
+@@ -355,7 +357,10 @@ drop_capabilities(int parent)
+ 			return EX_SYSERR;
+ 		}
+ 	}
+-	if (capng_apply(CAPNG_SELECT_BOTH)) {
++	if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
++		set = CAPNG_SELECT_BOTH;
++	}
++	if (capng_apply(set)) {
+ 		fprintf(stderr, "Unable to apply new capability set.\n");
+ 		return EX_SYSERR;
+ 	}
+-- 
+2.29.2
+
+
+From 64dfbafe7a0639a96d67f0b840b6e6498e1f68a9 Mon Sep 17 00:00:00 2001
+From: Jonas Witschel <diabonas at archlinux.org>
+Date: Sat, 21 Nov 2020 11:48:33 +0100
+Subject: [PATCH 2/2] cifs.upall: update the cap bounding set only when
+ CAP_SETPCAP is given
+
+libcap-ng 0.8.1 tightened the error checking on capng_apply, returning an error
+of -4 when trying to update the capability bounding set without having the
+CAP_SETPCAP capability to be able to do so. Previous versions of libcap-ng
+silently skipped updating the bounding set and only updated the normal
+CAPNG_SELECT_CAPS capabilities instead.
+
+Check beforehand whether we have CAP_SETPCAP, in which case we can use
+CAPNG_SELECT_BOTH to update both the normal capabilities and the bounding set.
+Otherwise, we can at least update the normal capabilities, but refrain from
+trying to update the bounding set to avoid getting an error.
+
+Signed-off-by: Jonas Witschel <diabonas at archlinux.org>
+---
+ cifs.upcall.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/cifs.upcall.c b/cifs.upcall.c
+index 1559434..af1a0b0 100644
+--- a/cifs.upcall.c
++++ b/cifs.upcall.c
+@@ -88,6 +88,8 @@ typedef enum _sectype {
+ static int
+ trim_capabilities(bool need_environ)
+ {
++	capng_select_t set = CAPNG_SELECT_CAPS;
++
+ 	capng_clear(CAPNG_SELECT_BOTH);
+ 
+ 	/* SETUID and SETGID to change uid, gid, and grouplist */
+@@ -105,7 +107,10 @@ trim_capabilities(bool need_environ)
+ 		return 1;
+ 	}
+ 
+-	if (capng_apply(CAPNG_SELECT_BOTH)) {
++	if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
++		set = CAPNG_SELECT_BOTH;
++	}
++	if (capng_apply(set)) {
+ 		syslog(LOG_ERR, "%s: Unable to apply capability set: %m\n", __func__);
+ 		return 1;
+ 	}
+-- 
+2.29.2
+

Copied: cifs-utils/repos/extra-x86_64/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch (from rev 404431, cifs-utils/trunk/cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch)
===================================================================
--- cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch	                        (rev 0)
+++ cifs-utils-6.11_fix_capng_apply_for_libcap-ng-0.8.1_part-2.patch	2020-12-17 09:37:56 UTC (rev 404432)
@@ -0,0 +1,58 @@
+From 0fddcee4b1b9c9f16b3cfe1b2daec87d2b8b19dd Mon Sep 17 00:00:00 2001
+From: Alexander Koch <mail at alexanderkoch.net>
+Date: Wed, 16 Dec 2020 18:02:31 +0100
+Subject: [PATCH] cifs.upcall: drop bounding capabilities only if CAP_SETPCAP
+ is given
+
+Make drop_call_capabilities() in cifs.upcall update the bounding capabilities
+only if CAP_SETCAP is present.
+
+This is an addendum to the patch recently provided in [1]. Without this
+additional change, cifs.upcall can still fail while trying to mount a CIFS
+network share with krb5:
+
+  kernel: CIFS: Attempting to mount //server.domain.lan/myshare
+  cifs.upcall[39484]: key description: cifs.spnego;0;0;39010000;ver=0x2;host=server.domain.lan>
+  cifs.upcall[39484]: ver=2
+  cifs.upcall[39484]: host=server.domain.lan
+  cifs.upcall[39484]: ip=172.22.3.14
+  cifs.upcall[39484]: sec=1
+  cifs.upcall[39484]: uid=1000
+  cifs.upcall[39484]: creduid=1000
+  cifs.upcall[39484]: user=username
+  cifs.upcall[39484]: pid=39481
+  cifs.upcall[39484]: get_cachename_from_process_env: pathname=/proc/39481/environ
+  cifs.upcall[39484]: get_cachename_from_process_env: cachename = FILE:/tmp/.krb5cc_1000
+  cifs.upcall[39484]: drop_all_capabilities: Unable to apply capability set: Success
+  cifs.upcall[39484]: Exit status 1
+
+[1] https://marc.info/?l=linux-cifs&m=160595758021261
+
+Signed-off-by: Alexander Koch <mail at alexanderkoch.net>
+Signed-off-by: Jonas Witschel <diabonas at archlinux.org>
+---
+ cifs.upcall.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/cifs.upcall.c b/cifs.upcall.c
+index 1559434..b62ab50 100644
+--- a/cifs.upcall.c
++++ b/cifs.upcall.c
+@@ -115,8 +115,13 @@ trim_capabilities(bool need_environ)
+ static int
+ drop_all_capabilities(void)
+ {
++	capng_select_t set = CAPNG_SELECT_CAPS;
++
+ 	capng_clear(CAPNG_SELECT_BOTH);
+-	if (capng_apply(CAPNG_SELECT_BOTH)) {
++	if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
++		set = CAPNG_SELECT_BOTH;
++	}
++	if (capng_apply(set)) {
+ 		syslog(LOG_ERR, "%s: Unable to apply capability set: %m\n", __func__);
+ 		return 1;
+ 	}
+-- 
+2.29.2
+



More information about the arch-commits mailing list