[pacman-dev] [PATCH] Allow setting file capabilities in packages
Allan McRae
allan at archlinux.org
Wed Apr 16 05:50:52 EDT 2014
File capabilities can now be set in the package() function. Makepkg stores
and restores these when stripping the file. We pass the --format=pax options
to bsdtar when creating the package so that the capabilities are stored in
the package. libalpm uses ARCHIVE_EXTRACT_XATTR when extracting the file to
set the capabilities.
Signed-off-by: Allan McRae <allan at archlinux.org>
---
lib/libalpm/add.c | 3 ++-
scripts/makepkg.sh.in | 9 ++++++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/lib/libalpm/add.c b/lib/libalpm/add.c
index 4f557a4..cb1427e 100644
--- a/lib/libalpm/add.c
+++ b/lib/libalpm/add.c
@@ -112,7 +112,8 @@ static int perform_extraction(alpm_handle_t *handle, struct archive *archive,
int ret;
const int archive_flags = ARCHIVE_EXTRACT_OWNER |
ARCHIVE_EXTRACT_PERM |
- ARCHIVE_EXTRACT_TIME;
+ ARCHIVE_EXTRACT_TIME |
+ ARCHIVE_EXTRACT_XATTR;
archive_entry_set_pathname(entry, filename);
diff --git a/scripts/makepkg.sh.in b/scripts/makepkg.sh.in
index 95994dd..a7dd8f8 100644
--- a/scripts/makepkg.sh.in
+++ b/scripts/makepkg.sh.in
@@ -1527,6 +1527,9 @@ build_id() {
strip_file() {
local binary=$1; shift
+ local cap=$(getcap "$binary")
+ cap=${cap##* = }
+
if check_option "debug" "y"; then
local bid=$(build_id "$binary")
@@ -1566,6 +1569,10 @@ strip_file() {
fi
strip $@ "$binary"
+
+ if [[ -n $cap ]]; then
+ setcap $cap "$binary"
+ fi
}
tidy_install() {
@@ -1929,7 +1936,7 @@ create_package() {
# bsdtar's gzip compression always saves the time stamp, making one
# archive created using the same command line distinct from another.
# Disable bsdtar compression and use gzip -n for now.
- bsdtar -cf - "${comp_files[@]}" * |
+ bsdtar -c --format=pax -f - "${comp_files[@]}" * |
case "$PKGEXT" in
*tar.gz) ${COMPRESSGZ[@]:-gzip -c -f -n} ;;
*tar.bz2) ${COMPRESSBZ2[@]:-bzip2 -c -f} ;;
--
1.9.2
More information about the pacman-dev
mailing list