[arch-commits] Commit in shadow/trunk (PKGBUILD shadow.install)
Dave Reisner
dreisner at archlinux.org
Sun Jul 12 14:10:45 UTC 2020
Date: Sunday, July 12, 2020 @ 14:10:45
Author: dreisner
Revision: 391755
upgpkg: shadow 4.8.1-2
- use libcap-ng to set filecaps rather than libcap (FS#63920)
Modified:
shadow/trunk/PKGBUILD
shadow/trunk/shadow.install
----------------+
PKGBUILD | 5 +++--
shadow.install | 11 +++++++++--
2 files changed, 12 insertions(+), 4 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2020-07-12 13:02:37 UTC (rev 391754)
+++ PKGBUILD 2020-07-12 14:10:45 UTC (rev 391755)
@@ -3,12 +3,13 @@
pkgname=shadow
pkgver=4.8.1
-pkgrel=1
+pkgrel=2
pkgdesc="Password and account management tool suite with support for shadow files and PAM"
arch=('x86_64')
url='https://github.com/shadow-maint/shadow'
license=('BSD')
-depends=('pam' 'acl' 'audit' 'libaudit.so')
+# libcap-ng needed by install scriptlet for 'filecap'
+depends=('pam' 'acl' 'audit' 'libaudit.so' 'libcap-ng')
makedepends=('git' 'itstool' 'libxslt' 'docbook-xsl')
backup=(etc/login.defs
etc/pam.d/{chage,passwd,shadow,useradd,usermod,userdel}
Modified: shadow.install
===================================================================
--- shadow.install 2020-07-12 13:02:37 UTC (rev 391754)
+++ shadow.install 2020-07-12 14:10:45 UTC (rev 391755)
@@ -1,7 +1,14 @@
setcaps() {
+ _setcap() {
+ if filecap "$1" "$2"; then
+ chmod -s "$1"
+ fi
+ }
+
# shadow ships these as setuid, but if we can apply file caps, use those instead.
- setcap cap_setuid+ep usr/bin/newuidmap 2>/dev/null && chmod -s usr/bin/newuidmap
- setcap cap_setgid+ep usr/bin/newgidmap 2>/dev/null && chmod -s usr/bin/newgidmap
+ # 'filecap' insists on absolute paths
+ _setcap /usr/bin/newuidmap setuid
+ _setcap /usr/bin/newgidmap setgid
}
post_install() {
More information about the arch-commits
mailing list