[arch-commits] Commit in libcap/repos (4 files)
David Runge
dvzrv at gemini.archlinux.org
Thu Aug 19 19:14:18 UTC 2021
Date: Thursday, August 19, 2021 @ 19:14:18
Author: dvzrv
Revision: 422374
archrelease: copy trunk to staging-x86_64
Added:
libcap/repos/staging-x86_64/
libcap/repos/staging-x86_64/PKGBUILD
(from rev 422373, libcap/trunk/PKGBUILD)
libcap/repos/staging-x86_64/libcap-2.53-makefile.patch
(from rev 422373, libcap/trunk/libcap-2.53-makefile.patch)
libcap/repos/staging-x86_64/libcap-2.53-progs_ldflags.patch
(from rev 422373, libcap/trunk/libcap-2.53-progs_ldflags.patch)
---------------------------------+
PKGBUILD | 56 +++++++++++++++++++++
libcap-2.53-makefile.patch | 36 +++++++++++++
libcap-2.53-progs_ldflags.patch | 101 ++++++++++++++++++++++++++++++++++++++
3 files changed, 193 insertions(+)
Copied: libcap/repos/staging-x86_64/PKGBUILD (from rev 422373, libcap/trunk/PKGBUILD)
===================================================================
--- staging-x86_64/PKGBUILD (rev 0)
+++ staging-x86_64/PKGBUILD 2021-08-19 19:14:18 UTC (rev 422374)
@@ -0,0 +1,56 @@
+# Maintainer: David Runge <dvzrv at archlinux.org>
+# Contributor: Bartłomiej Piotrowski <bpiotrowski at archlinux.org>
+# Contributor: Allan McRae <allan at archlinux.org>
+# Contributor: Hugo Doria <hugo at archlinux.org>
+
+pkgname=libcap
+pkgver=2.53
+pkgrel=1
+pkgdesc='POSIX 1003.1e capabilities'
+arch=('x86_64')
+url="https://sites.google.com/site/fullycapable/"
+license=('GPL2')
+depends=('glibc' 'pam')
+makedepends=('linux-api-headers')
+provides=('libcap.so' 'libpsx.so')
+source=("https://kernel.org/pub/linux/libs/security/linux-privs/${pkgname}2/${pkgname}-$pkgver.tar."{xz,sign}
+ "${pkgname}-2.53-makefile.patch"
+ "${pkgname}-2.53-progs_ldflags.patch"
+)
+sha512sums=('d83ed9460658fa75a5c118d831534388ba92ddad59944088b0d81a64c86b67ed562c7be4c5a499065ec26b1baab34298da80c8d034b61759c7dd295c2455417c'
+ 'SKIP'
+ '0df64fd6dcd50fbbb13fea962b169e7946079e58a8f5adf61cf664b08d29832a2d0b39f50441e4cf4adbb5f4f2925df7364eefff16dcb35b71726fb8324413e7'
+ 'eee1fa58b85f1a33b85dfcd6d6d3c56b5a1978d10d0af665a34163bfdefc448857d7eeaf41b06aa36d3dc9d1ef124edc653c0a55b477a820c274b96a890a19d2')
+b2sums=('10ebecc930d8491c65c7fcaa3f9ee6a45b6722d1d5be327a891e8bf4532ee8aa0ae664672c15e88bf0f328b4cd8f2e7ea685da44e903781ca7048dbe88c388c6'
+ 'SKIP'
+ '3105cd035b6b76727e6a634515b8cfa12051f9a78c9d9eba57203928cd52bafd29fd86f7a2234b686c21967952357ba54699e868fb8c1ad8dd4c489b914359d8'
+ '6383899d6fac08e00ce6a4234e3a35eb4adc3c64b64070785397c228c01201eec10dd5ad96d8c12e5a5ceeadab9e65ae516d60f9652a10894894848a5e70b7d7')
+validpgpkeys=(38A644698C69787344E954CE29EE848AE2CCF3F4) # Andrew G. Morgan <morgan at kernel.org>
+
+prepare() {
+ cd "$pkgname-$pkgver"
+ # SBINDIR is hardcoded to sbin. set to bin
+ # add CPPFLAGS
+ patch -Np1 -i ../"${pkgname}-2.53-makefile.patch"
+ # add back LDFLAGS, so that executables are built with them
+ patch -Np1 -i ../"${pkgname}-2.53-progs_ldflags.patch"
+}
+
+build() {
+ cd "$pkgname-$pkgver"
+ make KERNEL_HEADERS='/usr/include' lib='lib' prefix='/usr' sbindir='bin'
+}
+
+check() {
+ cd "$pkgname-$pkgver"
+ make -k test
+}
+
+package() {
+ cd "$pkgname-$pkgver"
+ make DESTDIR="$pkgdir" RAISE_SETFCAP='no' lib='lib' prefix='/usr' sbindir='bin' install
+ # docs
+ install -vDm 644 {CHANGELOG,README} -t "${pkgdir}/usr/share/doc/${pkgname}/"
+ install -vDm 644 pam_cap/capability.conf \
+ -t "$pkgdir/usr/share/doc/$pkgname/examples/"
+}
Copied: libcap/repos/staging-x86_64/libcap-2.53-makefile.patch (from rev 422373, libcap/trunk/libcap-2.53-makefile.patch)
===================================================================
--- staging-x86_64/libcap-2.53-makefile.patch (rev 0)
+++ staging-x86_64/libcap-2.53-makefile.patch 2021-08-19 19:14:18 UTC (rev 422374)
@@ -0,0 +1,36 @@
+diff -ruN a/Make.Rules b/Make.Rules
+--- a/Make.Rules 2021-08-16 04:05:04.000000000 +0200
++++ b/Make.Rules 2021-08-18 17:50:42.028791561 +0200
+@@ -21,6 +21,14 @@
+ lib=$(shell ldd /usr/bin/ld|egrep "ld-linux|ld.so"|cut -d/ -f2)
+ endif
+
++ifndef sbin
++sbin=sbin
++endif
++
++ifdef sbindir
++sbin=$(sbindir)
++endif
++
+ ifdef prefix
+ exec_prefix=$(prefix)
+ lib_prefix=$(exec_prefix)
+@@ -37,7 +45,7 @@
+ # Target directories
+
+ MANDIR=$(man_prefix)/man
+-SBINDIR=$(exec_prefix)/sbin
++SBINDIR=$(exec_prefix)/$(sbin)
+ INCDIR=$(inc_prefix)/include
+ LIBDIR=$(lib_prefix)/$(lib)
+ PKGCONFIGDIR=$(LIBDIR)/pkgconfig
+@@ -79,7 +87,7 @@
+
+ SYSTEM_HEADERS = /usr/include
+ INCS=$(topdir)/libcap/include/sys/capability.h
+-CFLAGS += -Dlinux $(WARNINGS) $(DEBUG)
++CFLAGS += $(CPPFLAGS) -Dlinux $(WARNINGS) $(DEBUG)
+ INDENT := $(shell if [ -n "$$(which indent 2>/dev/null)" ]; then echo "| indent -kr" ; fi)
+
+ # SHARED tracks whether or not the SHARED libraries (libcap.so,
Copied: libcap/repos/staging-x86_64/libcap-2.53-progs_ldflags.patch (from rev 422373, libcap/trunk/libcap-2.53-progs_ldflags.patch)
===================================================================
--- staging-x86_64/libcap-2.53-progs_ldflags.patch (rev 0)
+++ staging-x86_64/libcap-2.53-progs_ldflags.patch 2021-08-19 19:14:18 UTC (rev 422374)
@@ -0,0 +1,101 @@
+diff -ruN a/progs/Makefile b/progs/Makefile
+--- a/progs/Makefile 2021-08-16 04:04:45.000000000 +0200
++++ b/progs/Makefile 2021-08-19 09:44:59.399859821 +0200
+@@ -13,8 +13,9 @@
+ ifeq ($(DYNAMIC),yes)
+ LDPATH = LD_LIBRARY_PATH=../libcap
+ DEPS = ../libcap/libcap.so
++LDFLAGS ?=
+ else
+-LDSTATIC = --static
++LDFLAGS = --static
+ DEPS = ../libcap/libcap.a
+ endif
+
+@@ -25,7 +26,7 @@
+ make -C ../libcap libcap.so
+
+ $(BUILD): %: %.o $(DEPS)
+- $(CC) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDSTATIC)
++ $(CC) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS)
+
+ %.o: %.c $(INCS)
+ $(CC) $(IPATH) $(CFLAGS) -c $< -o $@
+@@ -46,7 +47,7 @@
+ diff -u capshdoc.h $@ || (rm $@ ; exit 1)
+
+ capsh: capsh.c capshdoc.h.cf $(DEPS)
+- $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDSTATIC)
++ $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS)
+
+ tcapsh-static: capsh.c capshdoc.h.cf $(DEPS)
+ $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) --static
+diff -ruN a/tests/Makefile b/tests/Makefile
+--- a/tests/Makefile 2021-08-16 04:04:45.000000000 +0200
++++ b/tests/Makefile 2021-08-19 10:02:57.051908485 +0200
+@@ -18,11 +18,12 @@
+ ifeq ($(DYNAMIC),yes)
+ LINKEXTRA=-Wl,-rpath,../libcap
+ DEPS=../libcap/libcap.so
++LDFLAGS ?=
+ ifeq ($(PTHREADS),yes)
+ DEPS += ../libcap/libpsx.so
+ endif
+ else
+-LDSTATIC = --static
++LDFLAGS = --static
+ DEPS=../libcap/libcap.a
+ ifeq ($(PTHREADS),yes)
+ DEPS += ../libcap/libpsx.a
+@@ -63,17 +64,17 @@
+ ./psx_test
+
+ psx_test: psx_test.c $(DEPS)
+- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LDSTATIC)
++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LDFLAGS)
+
+ run_libcap_psx_test: libcap_psx_test
+ ./libcap_psx_test
+
+ libcap_psx_test: libcap_psx_test.c $(DEPS)
+- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDSTATIC)
++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS)
+
+ # privileged
+ uns_test: uns_test.c $(DEPS)
+- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDSTATIC)
++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDFLAGS)
+
+ run_uns_test: uns_test
+ echo exit | sudo ./uns_test
+@@ -85,13 +86,13 @@
+ sudo ./libcap_psx_launch_test
+
+ libcap_launch_test: libcap_launch_test.c $(DEPS)
+- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDSTATIC)
++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDFLAGS)
+
+ # This varies only slightly from the above insofar as it currently
+ # only links in the pthreads fork support. TODO() we need to change
+ # the source to do something interesting with pthreads.
+ libcap_psx_launch_test: libcap_launch_test.c $(DEPS)
+- $(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDSTATIC)
++ $(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS)
+
+
+ # This test demonstrates that libpsx is needed to secure multithreaded
+@@ -106,12 +107,12 @@
+ $(CC) $(CFLAGS) $(IPATH) -c $<
+
+ exploit: exploit.o $(DEPS)
+- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) -lpthread $(LDSTATIC)
++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) -lpthread $(LDFLAGS)
+
+ # Note, for some reason, the order of libraries is important to avoid
+ # the exploit working for dynamic linking.
+ noexploit: exploit.o $(DEPS)
+- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LIBCAPLIB) $(LDSTATIC)
++ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LIBCAPLIB) $(LDFLAGS)
+
+ # This one runs in a chroot with no shared library files.
+ noop: noop.c
More information about the arch-commits
mailing list