Re: [PR PATCH] [Updated] bfs: update to 2.2.

[daniel-eys <daniel-eys@users.noreply.github.com>]

[-- Attachment #1: Type: text/plain, Size: 1559 bytes --]

There is an updated pull request by daniel-eys against master on the void-packages repository

https://github.com/daniel-eys/void-packages bfs
https://github.com/void-linux/void-packages/pull/29437

bfs: update to 2.2.
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!--
#### Does it build and run successfully?
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->

A patch file from https://github.com/void-linux/void-packages/pull/29437.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-bfs-29437.patch --]
[-- Type: text/x-diff, Size: 8279 bytes --]

From 92b64f00ca9ad519dcf9132e3ae9c4fec37577d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ey=C3=9Fer?= <daniel.eysser@gmail.com>
Date: Sat, 13 Mar 2021 17:39:19 +0100
Subject: [PATCH] bfs: update to 2.2.

---
 ...pabilities-when-run-as-root-on-Linux.patch | 90 +++++++++++++++++++
 ...ing-forever-when-failing-to-drop-cap.patch | 41 +++++++++
 ...emove-capabilities-after-dropping-th.patch | 47 ++++++++++
 srcpkgs/bfs/template                          |  6 +-
 4 files changed, 181 insertions(+), 3 deletions(-)
 create mode 100644 srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch
 create mode 100644 srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch
 create mode 100644 srcpkgs/bfs/patches/0003-tests-Actually-remove-capabilities-after-dropping-th.patch

diff --git a/srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch b/srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch
new file mode 100644
index 000000000000..a2e54c397f8b
--- /dev/null
+++ b/srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch
@@ -0,0 +1,90 @@
+From f2e6186ed0ce9b68362ad25d897f1e3c697728ec Mon Sep 17 00:00:00 2001
+From: Tavian Barnes <tavianator@tavianator.com>
+Date: Sun, 21 Mar 2021 13:18:43 -0400
+Subject: [PATCH] tests: Drop capabilities when run as root on Linux
+
+bfs's tests rely on file permissions being enforced, which leads them to
+work incorrectly when run as root.  This is probably the most common
+packaging issue for bfs, most recently seen with Void Linux's update to
+bfs 2.2.
+
+Make it easier on packagers by using capsh, if it's available, to drop
+the DAC privileges for the tests.
+
+Link: https://github.com/void-linux/void-packages/pull/29437#issuecomment-798670288
+Link: https://salsa.debian.org/lamby/pkg-bfs/-/commit/b173efb35da126adb39b0984219d6a2fd9ff428f
+---
+ tests.sh | 35 +++++++++++++++++++++++++++++------
+ 1 file changed, 29 insertions(+), 6 deletions(-)
+
+diff --git tests.sh tests.sh
+index b039eea..0bdd1d4 100755
+--- tests.sh
++++ tests.sh
+@@ -34,10 +34,25 @@ if [ -t 1 ]; then
+     RST="$(printf '\033[0m')"
+ fi
+ 
+-if [ "$EUID" -eq 0 ]; then
++if command -v capsh &>/dev/null; then
++    if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
++        cat >&2 <<EOF
++${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended.  Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
++${BLD}CAP_DAC_READ_SEARCH${RST}.
++
++EOF
++
++        exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
++    fi
++elif [ "$EUID" -eq 0 ]; then
++    UNLESS=
++    if [ "$(uname)" = "Linux" ]; then
++	UNLESS=" unless ${GRN}capsh${RST} is installed"
++    fi
++
+     cat >&2 <<EOF
+ ${RED}error:${RST} These tests expect filesystem permissions to be enforced, and therefore
+-will not work when run as ${BLD}$(id -un)${RST}.
++will not work when run as ${BLD}$(id -un)${RST}${UNLESS}.
+ EOF
+     exit 1
+ fi
+@@ -1209,11 +1224,15 @@ function test_gid() {
+ }
+ 
+ function test_gid_plus() {
+-    bfs_diff basic -gid +0
++    if [ "$(id -g)" -ne 0 ]; then
++	bfs_diff basic -gid +0
++    fi
+ }
+ 
+ function test_gid_plus_plus() {
+-    bfs_diff basic -gid +0
++    if [ "$(id -g)" -ne 0 ]; then
++	bfs_diff basic -gid ++0
++    fi
+ }
+ 
+ function test_gid_minus() {
+@@ -1229,11 +1248,15 @@ function test_uid() {
+ }
+ 
+ function test_uid_plus() {
+-    bfs_diff basic -uid +0
++    if [ "$(id -u)" -ne 0 ]; then
++	bfs_diff basic -uid +0
++    fi
+ }
+ 
+ function test_uid_plus_plus() {
+-    bfs_diff basic -uid ++0
++    if [ "$(id -u)" -ne 0 ]; then
++	bfs_diff basic -uid ++0
++    fi
+ }
+ 
+ function test_uid_minus() {
+-- 
+2.31.0
+
diff --git a/srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch b/srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch
new file mode 100644
index 000000000000..5e951faea29c
--- /dev/null
+++ b/srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch
@@ -0,0 +1,41 @@
+From dbc77fd3b6e48a17eb79f9ff3a5f810b7554bf6f Mon Sep 17 00:00:00 2001
+From: Tavian Barnes <tavianator@tavianator.com>
+Date: Mon, 22 Mar 2021 17:19:31 -0400
+Subject: [PATCH] tests: Avoid looping forever when failing to drop
+ capabilities
+
+Link: https://github.com/void-linux/void-packages/pull/29437/checks?check_run_id=2169825021
+---
+ tests.sh | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git tests.sh tests.sh
+index 0bdd1d4..ad71894 100755
+--- tests.sh
++++ tests.sh
+@@ -36,13 +36,21 @@ fi
+ 
+ if command -v capsh &>/dev/null; then
+     if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
++	if [ -n "$BFS_TRIED_DROP" ]; then
++            cat >&2 <<EOF
++${RED}error: ${RST} Failed to drop capabilities.
++EOF
++
++	    exit 1
++	fi
++
+         cat >&2 <<EOF
+ ${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended.  Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
+ ${BLD}CAP_DAC_READ_SEARCH${RST}.
+ 
+ EOF
+ 
+-        exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
++        BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
+     fi
+ elif [ "$EUID" -eq 0 ]; then
+     UNLESS=
+-- 
+2.31.0
+
diff --git a/srcpkgs/bfs/patches/0003-tests-Actually-remove-capabilities-after-dropping-th.patch b/srcpkgs/bfs/patches/0003-tests-Actually-remove-capabilities-after-dropping-th.patch
new file mode 100644
index 000000000000..acf3d32f9113
--- /dev/null
+++ b/srcpkgs/bfs/patches/0003-tests-Actually-remove-capabilities-after-dropping-th.patch
@@ -0,0 +1,47 @@
+From d36ece2ca7498b7ba5485d5010439b57f006c9c8 Mon Sep 17 00:00:00 2001
+From: Tavian Barnes <tavianator@tavianator.com>
+Date: Tue, 23 Mar 2021 11:46:26 -0400
+Subject: [PATCH] tests: Actually remove capabilities after dropping them
+
+---
+ tests.sh | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git tests.sh tests.sh
+index ad71894..8eb4dc0 100755
+--- tests.sh
++++ tests.sh
+@@ -35,22 +35,25 @@ if [ -t 1 ]; then
+ fi
+ 
+ if command -v capsh &>/dev/null; then
+-    if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
++    if capsh --has-p=cap_dac_override &>/dev/null || capsh --has-p=cap_dac_read_search &>/dev/null; then
+ 	if [ -n "$BFS_TRIED_DROP" ]; then
+             cat >&2 <<EOF
+-${RED}error: ${RST} Failed to drop capabilities.
++${RED}error:${RST} Failed to drop capabilities.
+ EOF
+ 
+ 	    exit 1
+ 	fi
+ 
+         cat >&2 <<EOF
+-${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended.  Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
+-${BLD}CAP_DAC_READ_SEARCH${RST}.
++${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended.  Dropping ${BLD}cap_dac_override${RST} and
++${BLD}cap_dac_read_search${RST}.
+ 
+ EOF
+ 
+-        BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
++        BFS_TRIED_DROP=y exec capsh \
++            --drop=cap_dac_override,cap_dac_read_search \
++            --caps=cap_dac_override,cap_dac_read_search-eip \
++            -- "$0" "$@"
+     fi
+ elif [ "$EUID" -eq 0 ]; then
+     UNLESS=
+-- 
+2.31.1
+
diff --git a/srcpkgs/bfs/template b/srcpkgs/bfs/template
index 68ccaff63a4c..ebc526cec78f 100644
--- a/srcpkgs/bfs/template
+++ b/srcpkgs/bfs/template
@@ -1,17 +1,17 @@
 # Template file for 'bfs'
 pkgname=bfs
-version=2.1
+version=2.2
 revision=1
 build_style=gnu-makefile
 makedepends="acl-devel libcap-devel"
-checkdepends="acl-progs"
+checkdepends="acl-progs libcap-progs"
 short_desc="Breadth-first version of the UNIX find command"
 maintainer="Daniel Eyßer <daniel.eysser@gmail.com>"
 license="0BSD"
 homepage="https://github.com/tavianator/bfs"
 changelog="https://raw.githubusercontent.com/tavianator/bfs/main/RELEASES.md"
 distfiles="https://github.com/tavianator/bfs/archive/${version}.tar.gz"
-checksum=be51966ca3bcc0167fb16c89f81fa37ee13c6326c616c31b87fd564a54bdc5f2
+checksum=09cff2033544cbaa31af2ad7d59347056a53c04ff7c469bb5904e575d3641053
 
 post_install() {
 	vlicense LICENSE