[arch-commits] Commit in gnome-keyring/repos/testing-x86_64 (7 files)
Jan Steffens
heftig at archlinux.org
Sat Nov 21 19:54:09 UTC 2020
Date: Saturday, November 21, 2020 @ 19:54:09
Author: heftig
Revision: 401651
archrelease: copy trunk to testing-x86_64
Added:
gnome-keyring/repos/testing-x86_64/PKGBUILD
(from rev 401650, gnome-keyring/trunk/PKGBUILD)
gnome-keyring/repos/testing-x86_64/add-cinnamon.diff
(from rev 401650, gnome-keyring/trunk/add-cinnamon.diff)
gnome-keyring/repos/testing-x86_64/gnome-keyring.install
(from rev 401650, gnome-keyring/trunk/gnome-keyring.install)
Deleted:
gnome-keyring/repos/testing-x86_64/33.patch
gnome-keyring/repos/testing-x86_64/PKGBUILD
gnome-keyring/repos/testing-x86_64/add-cinnamon.diff
gnome-keyring/repos/testing-x86_64/gnome-keyring.install
-----------------------+
33.patch | 109 -----------------------------------------
PKGBUILD | 127 +++++++++++++++++++++++-------------------------
add-cinnamon.diff | 88 ++++++++++++++++-----------------
gnome-keyring.install | 14 ++---
4 files changed, 113 insertions(+), 225 deletions(-)
Deleted: 33.patch
===================================================================
--- 33.patch 2020-11-21 19:53:56 UTC (rev 401650)
+++ 33.patch 2020-11-21 19:54:09 UTC (rev 401651)
@@ -1,109 +0,0 @@
-From dad072e1f7f6d640f4d6b52408b485ea34229f15 Mon Sep 17 00:00:00 2001
-From: Steve Grubb <sgrubb at redhat.com>
-Date: Thu, 29 Oct 2020 16:26:21 -0400
-Subject: [PATCH] Update libcap-ng capability handling
-
-There is a change coming in libcap-ng-0.8.1 that causes gnome-keyring to
-not work correctly. The capng_apply function now returns an error if it
-cannot change the bounding set. Previously this was ignored. Which means
-now gnome-keyring exits when it shouldn't.
-
-The new patch adds troubleshooting info to the error message. And it checks
-to see if we have CAP_SETPCAP. If we do not, then we cannot change the
-capabilities so we just bypass the whole thing that was causing an error.
-On the setuid side, it now drops the bounding set and clears any
-supplemental groups that may be left over as an accident.
----
- daemon/gkd-capability.c | 44 +++++++++++++++++++++++------------------
- 1 file changed, 25 insertions(+), 19 deletions(-)
-
-diff --git a/daemon/gkd-capability.c b/daemon/gkd-capability.c
-index 9afe3039..9ceaecee 100644
---- a/daemon/gkd-capability.c
-+++ b/daemon/gkd-capability.c
-@@ -1,7 +1,7 @@
- /* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
- /* gkd-capability.c - the security-critical initial phase of the daemon
- *
-- * Copyright (C) 2011 Steve Grubb
-+ * Copyright (C) 2011,2020 Steve Grubb
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as
-@@ -35,9 +35,10 @@
-
- /* No logging, no gettext */
- static void
--early_error (const char *err_string)
-+early_error (const char *err_string, int rc)
- {
-- fprintf (stderr, "gnome-keyring-daemon: %s, aborting\n", err_string);
-+ fprintf (stderr, "gnome-keyring-daemon: %s - %d, aborting\n",
-+ err_string, rc);
- exit (1);
- }
-
-@@ -64,6 +65,8 @@ void
- gkd_capability_obtain_capability_and_drop_privileges (void)
- {
- #ifdef HAVE_LIBCAPNG
-+ int rc;
-+
- capng_get_caps_process ();
- switch (capng_have_capabilities (CAPNG_SELECT_CAPS))
- {
-@@ -73,32 +76,35 @@ gkd_capability_obtain_capability_and_drop_privileges (void)
- capng_update (CAPNG_ADD,
- CAPNG_EFFECTIVE|CAPNG_PERMITTED,
- CAP_IPC_LOCK);
-- if (capng_change_id (getuid (), getgid (), 0))
-- early_error ("failed dropping capabilities");
-+ if ((rc = capng_change_id (getuid (), getgid (),
-+ CAPNG_DROP_SUPP_GRP|
-+ CAPNG_CLEAR_BOUNDING)))
-+ early_error ("failed dropping capabilities",
-+ rc);
- break;
- case CAPNG_FAIL:
-- early_error ("error getting process capabilities");
-+ early_error ("error getting process capabilities", 0);
- break;
- case CAPNG_NONE:
- early_warning ("insufficient process capabilities, insecure memory might get used");
- break;
- case CAPNG_PARTIAL: /* File system based capabilities */
-- if (!capng_have_capability (CAPNG_EFFECTIVE, CAP_IPC_LOCK)) {
-+ if (!capng_have_capability (CAPNG_EFFECTIVE,
-+ CAP_IPC_LOCK))
- early_warning ("insufficient process capabilities, insecure memory might get used");
-- /* Drop all capabilities */
-+
-+ /* If we don't have CAP_SETPCAP, we can't do anything */
-+ if (capng_have_capability (CAPNG_EFFECTIVE,
-+ CAP_SETPCAP)) {
-+ /* Drop all capabilities except ipc_lock */
- capng_clear (CAPNG_SELECT_BOTH);
-- capng_apply (CAPNG_SELECT_BOTH);
-- break;
-+ if ((rc = capng_update (CAPNG_ADD,
-+ CAPNG_EFFECTIVE|CAPNG_PERMITTED,
-+ CAP_IPC_LOCK)) != 0)
-+ early_error ("error updating process capabilities", rc);
-+ if ((rc = capng_apply (CAPNG_SELECT_BOTH)) != 0)
-+ early_error ("error dropping process capabilities", rc);
- }
--
-- /* Drop all capabilities except ipc_lock */
-- capng_clear (CAPNG_SELECT_BOTH);
-- if (capng_update (CAPNG_ADD,
-- CAPNG_EFFECTIVE|CAPNG_PERMITTED,
-- CAP_IPC_LOCK) != 0)
-- early_error ("error dropping process capabilities");
-- if (capng_apply (CAPNG_SELECT_BOTH) != 0)
-- early_error ("error dropping process capabilities");
- break;
- }
- #endif /* HAVE_LIBCAPNG */
---
-GitLab
-
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2020-11-21 19:53:56 UTC (rev 401650)
+++ PKGBUILD 2020-11-21 19:54:09 UTC (rev 401651)
@@ -1,65 +0,0 @@
-# Maintainer: Jan Alexander Steffens (heftig) <heftig at archlinux.org>
-# Contributor: Jan De Groot <jgc at archlinux.org>
-
-pkgname=gnome-keyring
-pkgver=3.36.0
-pkgrel=2
-epoch=1
-pkgdesc="Stores passwords and encryption keys"
-url="https://wiki.gnome.org/Projects/GnomeKeyring"
-arch=(x86_64)
-license=(GPL LGPL)
-depends=(gcr libcap-ng pam openssh)
-makedepends=(git docbook-xsl python)
-provides=(org.freedesktop.secrets)
-groups=(gnome)
-install=gnome-keyring.install
-_commit=6cc50f97575d1d978cd7d24e6466f585d37947ed # tags/3.36.0^0
-source=("git+https://gitlab.gnome.org/GNOME/gnome-keyring.git#commit=$_commit"
- 33.patch
- add-cinnamon.diff)
-sha256sums=('SKIP'
- '23294d6569bb7c8297cc2f95071576fac48ee82ec1ead1b818dd69fbbc72b069'
- 'd05210f5b0a7d4b22c0dff2854854af2eb5708aa2b296095e070dca68e9f815a')
-
-pkgver() {
- cd $pkgname
- git describe --tags | sed 's/-/+/g'
-}
-
-prepare() {
- cd $pkgname
-
- # https://bugs.archlinux.org/task/68664
- # https://gitlab.gnome.org/GNOME/gnome-keyring/-/merge_requests/33
- git apply -3 ../33.patch
-
- # Autolaunch in Cinnamon
- git apply -3 ../add-cinnamon.diff
-
- NOCONFIGURE=1 ./autogen.sh
-}
-
-build() {
- cd $pkgname
- ./configure --prefix=/usr \
- --sysconfdir=/etc \
- --localstatedir=/var \
- --libexecdir=/usr/lib \
- --with-pam-dir=/usr/lib/security \
- --disable-static \
- --disable-schemas-compile
- sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
- make
-}
-
-check() {
- cd $pkgname
- # Secure memory tests fail
- dbus-run-session make -k check || :
-}
-
-package() {
- cd $pkgname
- make DESTDIR="$pkgdir" install
-}
Copied: gnome-keyring/repos/testing-x86_64/PKGBUILD (from rev 401650, gnome-keyring/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2020-11-21 19:54:09 UTC (rev 401651)
@@ -0,0 +1,62 @@
+# Maintainer: Jan Alexander Steffens (heftig) <heftig at archlinux.org>
+# Contributor: Jan De Groot <jgc at archlinux.org>
+
+pkgname=gnome-keyring
+pkgver=3.36.0
+pkgrel=3
+epoch=1
+pkgdesc="Stores passwords and encryption keys"
+url="https://wiki.gnome.org/Projects/GnomeKeyring"
+arch=(x86_64)
+license=(GPL LGPL)
+depends=(gcr libcap-ng pam openssh)
+makedepends=(git docbook-xsl python)
+provides=(org.freedesktop.secrets)
+groups=(gnome)
+install=gnome-keyring.install
+_commit=6cc50f97575d1d978cd7d24e6466f585d37947ed # tags/3.36.0^0
+source=("git+https://gitlab.gnome.org/GNOME/gnome-keyring.git#commit=$_commit"
+ add-cinnamon.diff)
+sha256sums=('SKIP'
+ 'd05210f5b0a7d4b22c0dff2854854af2eb5708aa2b296095e070dca68e9f815a')
+
+pkgver() {
+ cd $pkgname
+ git describe --tags | sed 's/-/+/g'
+}
+
+prepare() {
+ cd $pkgname
+
+ # https://bugs.archlinux.org/task/68664
+ git cherry-pick -n ebc7bc9efacc17049e54da8d96a4a29943621113
+
+ # Autolaunch in Cinnamon
+ git apply -3 ../add-cinnamon.diff
+
+ NOCONFIGURE=1 ./autogen.sh
+}
+
+build() {
+ cd $pkgname
+ ./configure --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --libexecdir=/usr/lib \
+ --with-pam-dir=/usr/lib/security \
+ --disable-static \
+ --disable-schemas-compile
+ sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+ make
+}
+
+check() {
+ cd $pkgname
+ # Secure memory tests fail
+ dbus-run-session make -k check || :
+}
+
+package() {
+ cd $pkgname
+ make DESTDIR="$pkgdir" install
+}
Deleted: add-cinnamon.diff
===================================================================
--- add-cinnamon.diff 2020-11-21 19:53:56 UTC (rev 401650)
+++ add-cinnamon.diff 2020-11-21 19:54:09 UTC (rev 401651)
@@ -1,44 +0,0 @@
- daemon/gnome-keyring-pkcs11.desktop.in.in | 2 +-
- daemon/gnome-keyring-secrets.desktop.in.in | 2 +-
- daemon/gnome-keyring-ssh.desktop.in.in | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git c/daemon/gnome-keyring-pkcs11.desktop.in.in i/daemon/gnome-keyring-pkcs11.desktop.in.in
-index b43e1e9d..80434cbd 100644
---- c/daemon/gnome-keyring-pkcs11.desktop.in.in
-+++ i/daemon/gnome-keyring-pkcs11.desktop.in.in
-@@ -3,7 +3,7 @@ Type=Application
- Name=Certificate and Key Storage
- Comment=GNOME Keyring: PKCS#11 Component
- Exec=@bindir@/gnome-keyring-daemon --start --components=pkcs11
--OnlyShowIn=GNOME;Unity;MATE;
-+OnlyShowIn=GNOME;Unity;MATE;Cinnamon;
- NoDisplay=true
- X-GNOME-Autostart-Phase=PreDisplayServer
- X-GNOME-AutoRestart=false
-diff --git c/daemon/gnome-keyring-secrets.desktop.in.in i/daemon/gnome-keyring-secrets.desktop.in.in
-index dd9deec7..b6d7b2d0 100644
---- c/daemon/gnome-keyring-secrets.desktop.in.in
-+++ i/daemon/gnome-keyring-secrets.desktop.in.in
-@@ -3,7 +3,7 @@ Type=Application
- Name=Secret Storage Service
- Comment=GNOME Keyring: Secret Service
- Exec=@bindir@/gnome-keyring-daemon --start --components=secrets
--OnlyShowIn=GNOME;Unity;MATE;
-+OnlyShowIn=GNOME;Unity;MATE;Cinnamon;
- NoDisplay=true
- X-GNOME-Autostart-Phase=PreDisplayServer
- X-GNOME-AutoRestart=false
-diff --git c/daemon/gnome-keyring-ssh.desktop.in.in i/daemon/gnome-keyring-ssh.desktop.in.in
-index 38aa24cb..163ff554 100644
---- c/daemon/gnome-keyring-ssh.desktop.in.in
-+++ i/daemon/gnome-keyring-ssh.desktop.in.in
-@@ -3,7 +3,7 @@ Type=Application
- Name=SSH Key Agent
- Comment=GNOME Keyring: SSH Agent
- Exec=@bindir@/gnome-keyring-daemon --start --components=ssh
--OnlyShowIn=GNOME;Unity;MATE;
-+OnlyShowIn=GNOME;Unity;MATE;Cinnamon;
- X-GNOME-Autostart-Phase=PreDisplayServer
- X-GNOME-AutoRestart=false
- X-GNOME-Autostart-Notify=true
Copied: gnome-keyring/repos/testing-x86_64/add-cinnamon.diff (from rev 401650, gnome-keyring/trunk/add-cinnamon.diff)
===================================================================
--- add-cinnamon.diff (rev 0)
+++ add-cinnamon.diff 2020-11-21 19:54:09 UTC (rev 401651)
@@ -0,0 +1,44 @@
+ daemon/gnome-keyring-pkcs11.desktop.in.in | 2 +-
+ daemon/gnome-keyring-secrets.desktop.in.in | 2 +-
+ daemon/gnome-keyring-ssh.desktop.in.in | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git c/daemon/gnome-keyring-pkcs11.desktop.in.in i/daemon/gnome-keyring-pkcs11.desktop.in.in
+index b43e1e9d..80434cbd 100644
+--- c/daemon/gnome-keyring-pkcs11.desktop.in.in
++++ i/daemon/gnome-keyring-pkcs11.desktop.in.in
+@@ -3,7 +3,7 @@ Type=Application
+ Name=Certificate and Key Storage
+ Comment=GNOME Keyring: PKCS#11 Component
+ Exec=@bindir@/gnome-keyring-daemon --start --components=pkcs11
+-OnlyShowIn=GNOME;Unity;MATE;
++OnlyShowIn=GNOME;Unity;MATE;Cinnamon;
+ NoDisplay=true
+ X-GNOME-Autostart-Phase=PreDisplayServer
+ X-GNOME-AutoRestart=false
+diff --git c/daemon/gnome-keyring-secrets.desktop.in.in i/daemon/gnome-keyring-secrets.desktop.in.in
+index dd9deec7..b6d7b2d0 100644
+--- c/daemon/gnome-keyring-secrets.desktop.in.in
++++ i/daemon/gnome-keyring-secrets.desktop.in.in
+@@ -3,7 +3,7 @@ Type=Application
+ Name=Secret Storage Service
+ Comment=GNOME Keyring: Secret Service
+ Exec=@bindir@/gnome-keyring-daemon --start --components=secrets
+-OnlyShowIn=GNOME;Unity;MATE;
++OnlyShowIn=GNOME;Unity;MATE;Cinnamon;
+ NoDisplay=true
+ X-GNOME-Autostart-Phase=PreDisplayServer
+ X-GNOME-AutoRestart=false
+diff --git c/daemon/gnome-keyring-ssh.desktop.in.in i/daemon/gnome-keyring-ssh.desktop.in.in
+index 38aa24cb..163ff554 100644
+--- c/daemon/gnome-keyring-ssh.desktop.in.in
++++ i/daemon/gnome-keyring-ssh.desktop.in.in
+@@ -3,7 +3,7 @@ Type=Application
+ Name=SSH Key Agent
+ Comment=GNOME Keyring: SSH Agent
+ Exec=@bindir@/gnome-keyring-daemon --start --components=ssh
+-OnlyShowIn=GNOME;Unity;MATE;
++OnlyShowIn=GNOME;Unity;MATE;Cinnamon;
+ X-GNOME-Autostart-Phase=PreDisplayServer
+ X-GNOME-AutoRestart=false
+ X-GNOME-Autostart-Notify=true
Deleted: gnome-keyring.install
===================================================================
--- gnome-keyring.install 2020-11-21 19:53:56 UTC (rev 401650)
+++ gnome-keyring.install 2020-11-21 19:54:09 UTC (rev 401651)
@@ -1,7 +0,0 @@
-post_install() {
- setcap cap_ipc_lock+ep usr/bin/gnome-keyring-daemon
-}
-
-post_upgrade() {
- post_install
-}
Copied: gnome-keyring/repos/testing-x86_64/gnome-keyring.install (from rev 401650, gnome-keyring/trunk/gnome-keyring.install)
===================================================================
--- gnome-keyring.install (rev 0)
+++ gnome-keyring.install 2020-11-21 19:54:09 UTC (rev 401651)
@@ -0,0 +1,7 @@
+post_install() {
+ setcap cap_ipc_lock+ep usr/bin/gnome-keyring-daemon
+}
+
+post_upgrade() {
+ post_install
+}
More information about the arch-commits
mailing list