* [PR PATCH] bfs: update to 2.2.
@ 2021-03-13 17:19 daniel-eys
2021-03-13 17:30 ` daniel-eys
` (14 more replies)
0 siblings, 15 replies; 16+ messages in thread
From: daniel-eys @ 2021-03-13 17:19 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1554 bytes --]
There is a new pull request by daniel-eys against master on the void-packages repository
https://github.com/daniel-eys/void-packages bfs
https://github.com/void-linux/void-packages/pull/29437
bfs: update to 2.2.
<!-- Mark items with [x] where applicable -->
#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)
#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR
<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!--
#### Does it build and run successfully?
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
- [ ] aarch64-musl
- [ ] armv7l
- [ ] armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/29437.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-bfs-29437.patch --]
[-- Type: text/x-diff, Size: 1023 bytes --]
From c2557fd88034952e1dabe7af587768165e55b068 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ey=C3=9Fer?= <daniel.eysser@gmail.com>
Date: Sat, 13 Mar 2021 17:39:19 +0100
Subject: [PATCH] bfs: update to 2.2.
---
srcpkgs/bfs/template | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/bfs/template b/srcpkgs/bfs/template
index 68ccaff63a4..36f5b99ac12 100644
--- a/srcpkgs/bfs/template
+++ b/srcpkgs/bfs/template
@@ -1,6 +1,6 @@
# Template file for 'bfs'
pkgname=bfs
-version=2.1
+version=2.2
revision=1
build_style=gnu-makefile
makedepends="acl-devel libcap-devel"
@@ -11,7 +11,7 @@ license="0BSD"
homepage="https://github.com/tavianator/bfs"
changelog="https://raw.githubusercontent.com/tavianator/bfs/main/RELEASES.md"
distfiles="https://github.com/tavianator/bfs/archive/${version}.tar.gz"
-checksum=be51966ca3bcc0167fb16c89f81fa37ee13c6326c616c31b87fd564a54bdc5f2
+checksum=09cff2033544cbaa31af2ad7d59347056a53c04ff7c469bb5904e575d3641053
post_install() {
vlicense LICENSE
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: bfs: update to 2.2.
2021-03-13 17:19 [PR PATCH] bfs: update to 2.2 daniel-eys
@ 2021-03-13 17:30 ` daniel-eys
2021-03-22 14:38 ` tavianator
` (13 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: daniel-eys @ 2021-03-13 17:30 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 440 bytes --]
New comment by daniel-eys on void-packages repository
https://github.com/void-linux/void-packages/pull/29437#issuecomment-798670288
Comment:
From CI:
> error: These tests expect filesystem permissions to be enforced, and therefore
> will not work when run as root.
Tests passed on my x86_64.
I guess this is due to the ethereal chroot style of the CI containers.
Is there a way to have the teststage not run as root within CI?
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: bfs: update to 2.2.
2021-03-13 17:19 [PR PATCH] bfs: update to 2.2 daniel-eys
2021-03-13 17:30 ` daniel-eys
@ 2021-03-22 14:38 ` tavianator
2021-03-22 20:35 ` [PR PATCH] [Updated] " daniel-eys
` (12 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: tavianator @ 2021-03-22 14:38 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 373 bytes --]
New comment by tavianator on void-packages repository
https://github.com/void-linux/void-packages/pull/29437#issuecomment-804113595
Comment:
@daniel-eys Enough people have run into this that I added a workaround. If you apply https://github.com/tavianator/bfs/commit/f2e6186ed0ce9b68362ad25d897f1e3c697728ec the tests will drop the appropriate privileges automatically.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PR PATCH] [Updated] bfs: update to 2.2.
2021-03-13 17:19 [PR PATCH] bfs: update to 2.2 daniel-eys
2021-03-13 17:30 ` daniel-eys
2021-03-22 14:38 ` tavianator
@ 2021-03-22 20:35 ` daniel-eys
2021-03-22 20:42 ` daniel-eys
` (11 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: daniel-eys @ 2021-03-22 20:35 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1559 bytes --]
There is an updated pull request by daniel-eys against master on the void-packages repository
https://github.com/daniel-eys/void-packages bfs
https://github.com/void-linux/void-packages/pull/29437
bfs: update to 2.2.
<!-- Mark items with [x] where applicable -->
#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)
#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR
<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!--
#### Does it build and run successfully?
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
- [ ] aarch64-musl
- [ ] armv7l
- [ ] armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/29437.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-bfs-29437.patch --]
[-- Type: text/x-diff, Size: 4170 bytes --]
From 78e9efb8ca1e074d3c09930866d291c2e5be5864 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ey=C3=9Fer?= <daniel.eysser@gmail.com>
Date: Sat, 13 Mar 2021 17:39:19 +0100
Subject: [PATCH] bfs: update to 2.2.
---
...pabilities-when-run-as-root-on-Linux.patch | 90 +++++++++++++++++++
srcpkgs/bfs/template | 4 +-
2 files changed, 92 insertions(+), 2 deletions(-)
create mode 100644 srcpkgs/bfs/patches/tests-Drop-capabilities-when-run-as-root-on-Linux.patch
diff --git a/srcpkgs/bfs/patches/tests-Drop-capabilities-when-run-as-root-on-Linux.patch b/srcpkgs/bfs/patches/tests-Drop-capabilities-when-run-as-root-on-Linux.patch
new file mode 100644
index 000000000000..a2e54c397f8b
--- /dev/null
+++ b/srcpkgs/bfs/patches/tests-Drop-capabilities-when-run-as-root-on-Linux.patch
@@ -0,0 +1,90 @@
+From f2e6186ed0ce9b68362ad25d897f1e3c697728ec Mon Sep 17 00:00:00 2001
+From: Tavian Barnes <tavianator@tavianator.com>
+Date: Sun, 21 Mar 2021 13:18:43 -0400
+Subject: [PATCH] tests: Drop capabilities when run as root on Linux
+
+bfs's tests rely on file permissions being enforced, which leads them to
+work incorrectly when run as root. This is probably the most common
+packaging issue for bfs, most recently seen with Void Linux's update to
+bfs 2.2.
+
+Make it easier on packagers by using capsh, if it's available, to drop
+the DAC privileges for the tests.
+
+Link: https://github.com/void-linux/void-packages/pull/29437#issuecomment-798670288
+Link: https://salsa.debian.org/lamby/pkg-bfs/-/commit/b173efb35da126adb39b0984219d6a2fd9ff428f
+---
+ tests.sh | 35 +++++++++++++++++++++++++++++------
+ 1 file changed, 29 insertions(+), 6 deletions(-)
+
+diff --git tests.sh tests.sh
+index b039eea..0bdd1d4 100755
+--- tests.sh
++++ tests.sh
+@@ -34,10 +34,25 @@ if [ -t 1 ]; then
+ RST="$(printf '\033[0m')"
+ fi
+
+-if [ "$EUID" -eq 0 ]; then
++if command -v capsh &>/dev/null; then
++ if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
++ cat >&2 <<EOF
++${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
++${BLD}CAP_DAC_READ_SEARCH${RST}.
++
++EOF
++
++ exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
++ fi
++elif [ "$EUID" -eq 0 ]; then
++ UNLESS=
++ if [ "$(uname)" = "Linux" ]; then
++ UNLESS=" unless ${GRN}capsh${RST} is installed"
++ fi
++
+ cat >&2 <<EOF
+ ${RED}error:${RST} These tests expect filesystem permissions to be enforced, and therefore
+-will not work when run as ${BLD}$(id -un)${RST}.
++will not work when run as ${BLD}$(id -un)${RST}${UNLESS}.
+ EOF
+ exit 1
+ fi
+@@ -1209,11 +1224,15 @@ function test_gid() {
+ }
+
+ function test_gid_plus() {
+- bfs_diff basic -gid +0
++ if [ "$(id -g)" -ne 0 ]; then
++ bfs_diff basic -gid +0
++ fi
+ }
+
+ function test_gid_plus_plus() {
+- bfs_diff basic -gid +0
++ if [ "$(id -g)" -ne 0 ]; then
++ bfs_diff basic -gid ++0
++ fi
+ }
+
+ function test_gid_minus() {
+@@ -1229,11 +1248,15 @@ function test_uid() {
+ }
+
+ function test_uid_plus() {
+- bfs_diff basic -uid +0
++ if [ "$(id -u)" -ne 0 ]; then
++ bfs_diff basic -uid +0
++ fi
+ }
+
+ function test_uid_plus_plus() {
+- bfs_diff basic -uid ++0
++ if [ "$(id -u)" -ne 0 ]; then
++ bfs_diff basic -uid ++0
++ fi
+ }
+
+ function test_uid_minus() {
+--
+2.31.0
+
diff --git a/srcpkgs/bfs/template b/srcpkgs/bfs/template
index 68ccaff63a4c..36f5b99ac120 100644
--- a/srcpkgs/bfs/template
+++ b/srcpkgs/bfs/template
@@ -1,6 +1,6 @@
# Template file for 'bfs'
pkgname=bfs
-version=2.1
+version=2.2
revision=1
build_style=gnu-makefile
makedepends="acl-devel libcap-devel"
@@ -11,7 +11,7 @@ license="0BSD"
homepage="https://github.com/tavianator/bfs"
changelog="https://raw.githubusercontent.com/tavianator/bfs/main/RELEASES.md"
distfiles="https://github.com/tavianator/bfs/archive/${version}.tar.gz"
-checksum=be51966ca3bcc0167fb16c89f81fa37ee13c6326c616c31b87fd564a54bdc5f2
+checksum=09cff2033544cbaa31af2ad7d59347056a53c04ff7c469bb5904e575d3641053
post_install() {
vlicense LICENSE
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PR PATCH] [Updated] bfs: update to 2.2.
2021-03-13 17:19 [PR PATCH] bfs: update to 2.2 daniel-eys
` (2 preceding siblings ...)
2021-03-22 20:35 ` [PR PATCH] [Updated] " daniel-eys
@ 2021-03-22 20:42 ` daniel-eys
2021-03-22 21:03 ` tavianator
` (10 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: daniel-eys @ 2021-03-22 20:42 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1559 bytes --]
There is an updated pull request by daniel-eys against master on the void-packages repository
https://github.com/daniel-eys/void-packages bfs
https://github.com/void-linux/void-packages/pull/29437
bfs: update to 2.2.
<!-- Mark items with [x] where applicable -->
#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)
#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR
<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!--
#### Does it build and run successfully?
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
- [ ] aarch64-musl
- [ ] armv7l
- [ ] armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/29437.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-bfs-29437.patch --]
[-- Type: text/x-diff, Size: 4335 bytes --]
From b97ce7d3191951d2faa7ebd99ed7fc8814d1faa0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ey=C3=9Fer?= <daniel.eysser@gmail.com>
Date: Sat, 13 Mar 2021 17:39:19 +0100
Subject: [PATCH] bfs: update to 2.2.
---
...pabilities-when-run-as-root-on-Linux.patch | 90 +++++++++++++++++++
srcpkgs/bfs/template | 6 +-
2 files changed, 93 insertions(+), 3 deletions(-)
create mode 100644 srcpkgs/bfs/patches/tests-Drop-capabilities-when-run-as-root-on-Linux.patch
diff --git a/srcpkgs/bfs/patches/tests-Drop-capabilities-when-run-as-root-on-Linux.patch b/srcpkgs/bfs/patches/tests-Drop-capabilities-when-run-as-root-on-Linux.patch
new file mode 100644
index 000000000000..a2e54c397f8b
--- /dev/null
+++ b/srcpkgs/bfs/patches/tests-Drop-capabilities-when-run-as-root-on-Linux.patch
@@ -0,0 +1,90 @@
+From f2e6186ed0ce9b68362ad25d897f1e3c697728ec Mon Sep 17 00:00:00 2001
+From: Tavian Barnes <tavianator@tavianator.com>
+Date: Sun, 21 Mar 2021 13:18:43 -0400
+Subject: [PATCH] tests: Drop capabilities when run as root on Linux
+
+bfs's tests rely on file permissions being enforced, which leads them to
+work incorrectly when run as root. This is probably the most common
+packaging issue for bfs, most recently seen with Void Linux's update to
+bfs 2.2.
+
+Make it easier on packagers by using capsh, if it's available, to drop
+the DAC privileges for the tests.
+
+Link: https://github.com/void-linux/void-packages/pull/29437#issuecomment-798670288
+Link: https://salsa.debian.org/lamby/pkg-bfs/-/commit/b173efb35da126adb39b0984219d6a2fd9ff428f
+---
+ tests.sh | 35 +++++++++++++++++++++++++++++------
+ 1 file changed, 29 insertions(+), 6 deletions(-)
+
+diff --git tests.sh tests.sh
+index b039eea..0bdd1d4 100755
+--- tests.sh
++++ tests.sh
+@@ -34,10 +34,25 @@ if [ -t 1 ]; then
+ RST="$(printf '\033[0m')"
+ fi
+
+-if [ "$EUID" -eq 0 ]; then
++if command -v capsh &>/dev/null; then
++ if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
++ cat >&2 <<EOF
++${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
++${BLD}CAP_DAC_READ_SEARCH${RST}.
++
++EOF
++
++ exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
++ fi
++elif [ "$EUID" -eq 0 ]; then
++ UNLESS=
++ if [ "$(uname)" = "Linux" ]; then
++ UNLESS=" unless ${GRN}capsh${RST} is installed"
++ fi
++
+ cat >&2 <<EOF
+ ${RED}error:${RST} These tests expect filesystem permissions to be enforced, and therefore
+-will not work when run as ${BLD}$(id -un)${RST}.
++will not work when run as ${BLD}$(id -un)${RST}${UNLESS}.
+ EOF
+ exit 1
+ fi
+@@ -1209,11 +1224,15 @@ function test_gid() {
+ }
+
+ function test_gid_plus() {
+- bfs_diff basic -gid +0
++ if [ "$(id -g)" -ne 0 ]; then
++ bfs_diff basic -gid +0
++ fi
+ }
+
+ function test_gid_plus_plus() {
+- bfs_diff basic -gid +0
++ if [ "$(id -g)" -ne 0 ]; then
++ bfs_diff basic -gid ++0
++ fi
+ }
+
+ function test_gid_minus() {
+@@ -1229,11 +1248,15 @@ function test_uid() {
+ }
+
+ function test_uid_plus() {
+- bfs_diff basic -uid +0
++ if [ "$(id -u)" -ne 0 ]; then
++ bfs_diff basic -uid +0
++ fi
+ }
+
+ function test_uid_plus_plus() {
+- bfs_diff basic -uid ++0
++ if [ "$(id -u)" -ne 0 ]; then
++ bfs_diff basic -uid ++0
++ fi
+ }
+
+ function test_uid_minus() {
+--
+2.31.0
+
diff --git a/srcpkgs/bfs/template b/srcpkgs/bfs/template
index 68ccaff63a4c..ebc526cec78f 100644
--- a/srcpkgs/bfs/template
+++ b/srcpkgs/bfs/template
@@ -1,17 +1,17 @@
# Template file for 'bfs'
pkgname=bfs
-version=2.1
+version=2.2
revision=1
build_style=gnu-makefile
makedepends="acl-devel libcap-devel"
-checkdepends="acl-progs"
+checkdepends="acl-progs libcap-progs"
short_desc="Breadth-first version of the UNIX find command"
maintainer="Daniel Eyßer <daniel.eysser@gmail.com>"
license="0BSD"
homepage="https://github.com/tavianator/bfs"
changelog="https://raw.githubusercontent.com/tavianator/bfs/main/RELEASES.md"
distfiles="https://github.com/tavianator/bfs/archive/${version}.tar.gz"
-checksum=be51966ca3bcc0167fb16c89f81fa37ee13c6326c616c31b87fd564a54bdc5f2
+checksum=09cff2033544cbaa31af2ad7d59347056a53c04ff7c469bb5904e575d3641053
post_install() {
vlicense LICENSE
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: bfs: update to 2.2.
2021-03-13 17:19 [PR PATCH] bfs: update to 2.2 daniel-eys
` (3 preceding siblings ...)
2021-03-22 20:42 ` daniel-eys
@ 2021-03-22 21:03 ` tavianator
2021-03-22 21:26 ` tavianator
` (9 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: tavianator @ 2021-03-22 21:03 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 741 bytes --]
New comment by tavianator on void-packages repository
https://github.com/void-linux/void-packages/pull/29437#issuecomment-804393224
Comment:
The builds seem to be in an infinite loop of trying and failing to drop capabilities. I'm guessing this is because the tests don't have `CAP_SETPCAP`, and I overlooked that `capsh --drop` needs it:
```
--drop=cap-list
Remove the listed capabilities from the prevailing
bounding set. The capabilities are a comma-separated list
of capabilities as recognized by the cap_from_name(3)
function. Use of this feature requires that capsh is
operating with CAP_SETPCAP in its effective set.
```
I'll try to fix it.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: bfs: update to 2.2.
2021-03-13 17:19 [PR PATCH] bfs: update to 2.2 daniel-eys
` (4 preceding siblings ...)
2021-03-22 21:03 ` tavianator
@ 2021-03-22 21:26 ` tavianator
2021-03-22 21:49 ` [PR PATCH] [Updated] " daniel-eys
` (8 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: tavianator @ 2021-03-22 21:26 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 408 bytes --]
New comment by tavianator on void-packages repository
https://github.com/void-linux/void-packages/pull/29437#issuecomment-804406845
Comment:
I'm actually not sure what's going on, I tried with CAP_SETPCAP dropped and got an error instead of an infinite loop. But you can fold in https://github.com/tavianator/bfs/commit/dbc77fd3b6e48a17eb79f9ff3a5f810b7554bf6f in the meantime to avoid the infinite loop.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PR PATCH] [Updated] bfs: update to 2.2.
2021-03-13 17:19 [PR PATCH] bfs: update to 2.2 daniel-eys
` (5 preceding siblings ...)
2021-03-22 21:26 ` tavianator
@ 2021-03-22 21:49 ` daniel-eys
2021-03-22 22:11 ` ericonr
` (7 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: daniel-eys @ 2021-03-22 21:49 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1559 bytes --]
There is an updated pull request by daniel-eys against master on the void-packages repository
https://github.com/daniel-eys/void-packages bfs
https://github.com/void-linux/void-packages/pull/29437
bfs: update to 2.2.
<!-- Mark items with [x] where applicable -->
#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)
#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR
<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!--
#### Does it build and run successfully?
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
- [ ] aarch64-musl
- [ ] armv7l
- [ ] armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/29437.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-bfs-29437.patch --]
[-- Type: text/x-diff, Size: 6144 bytes --]
From c93585c021fdb2e5f5c25708bc93158abefe4282 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ey=C3=9Fer?= <daniel.eysser@gmail.com>
Date: Sat, 13 Mar 2021 17:39:19 +0100
Subject: [PATCH] bfs: update to 2.2.
---
...pabilities-when-run-as-root-on-Linux.patch | 90 +++++++++++++++++++
...ing-forever-when-failing-to-drop-cap.patch | 41 +++++++++
srcpkgs/bfs/template | 6 +-
3 files changed, 134 insertions(+), 3 deletions(-)
create mode 100644 srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch
create mode 100644 srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch
diff --git a/srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch b/srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch
new file mode 100644
index 000000000000..a2e54c397f8b
--- /dev/null
+++ b/srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch
@@ -0,0 +1,90 @@
+From f2e6186ed0ce9b68362ad25d897f1e3c697728ec Mon Sep 17 00:00:00 2001
+From: Tavian Barnes <tavianator@tavianator.com>
+Date: Sun, 21 Mar 2021 13:18:43 -0400
+Subject: [PATCH] tests: Drop capabilities when run as root on Linux
+
+bfs's tests rely on file permissions being enforced, which leads them to
+work incorrectly when run as root. This is probably the most common
+packaging issue for bfs, most recently seen with Void Linux's update to
+bfs 2.2.
+
+Make it easier on packagers by using capsh, if it's available, to drop
+the DAC privileges for the tests.
+
+Link: https://github.com/void-linux/void-packages/pull/29437#issuecomment-798670288
+Link: https://salsa.debian.org/lamby/pkg-bfs/-/commit/b173efb35da126adb39b0984219d6a2fd9ff428f
+---
+ tests.sh | 35 +++++++++++++++++++++++++++++------
+ 1 file changed, 29 insertions(+), 6 deletions(-)
+
+diff --git tests.sh tests.sh
+index b039eea..0bdd1d4 100755
+--- tests.sh
++++ tests.sh
+@@ -34,10 +34,25 @@ if [ -t 1 ]; then
+ RST="$(printf '\033[0m')"
+ fi
+
+-if [ "$EUID" -eq 0 ]; then
++if command -v capsh &>/dev/null; then
++ if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
++ cat >&2 <<EOF
++${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
++${BLD}CAP_DAC_READ_SEARCH${RST}.
++
++EOF
++
++ exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
++ fi
++elif [ "$EUID" -eq 0 ]; then
++ UNLESS=
++ if [ "$(uname)" = "Linux" ]; then
++ UNLESS=" unless ${GRN}capsh${RST} is installed"
++ fi
++
+ cat >&2 <<EOF
+ ${RED}error:${RST} These tests expect filesystem permissions to be enforced, and therefore
+-will not work when run as ${BLD}$(id -un)${RST}.
++will not work when run as ${BLD}$(id -un)${RST}${UNLESS}.
+ EOF
+ exit 1
+ fi
+@@ -1209,11 +1224,15 @@ function test_gid() {
+ }
+
+ function test_gid_plus() {
+- bfs_diff basic -gid +0
++ if [ "$(id -g)" -ne 0 ]; then
++ bfs_diff basic -gid +0
++ fi
+ }
+
+ function test_gid_plus_plus() {
+- bfs_diff basic -gid +0
++ if [ "$(id -g)" -ne 0 ]; then
++ bfs_diff basic -gid ++0
++ fi
+ }
+
+ function test_gid_minus() {
+@@ -1229,11 +1248,15 @@ function test_uid() {
+ }
+
+ function test_uid_plus() {
+- bfs_diff basic -uid +0
++ if [ "$(id -u)" -ne 0 ]; then
++ bfs_diff basic -uid +0
++ fi
+ }
+
+ function test_uid_plus_plus() {
+- bfs_diff basic -uid ++0
++ if [ "$(id -u)" -ne 0 ]; then
++ bfs_diff basic -uid ++0
++ fi
+ }
+
+ function test_uid_minus() {
+--
+2.31.0
+
diff --git a/srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch b/srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch
new file mode 100644
index 000000000000..5e951faea29c
--- /dev/null
+++ b/srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch
@@ -0,0 +1,41 @@
+From dbc77fd3b6e48a17eb79f9ff3a5f810b7554bf6f Mon Sep 17 00:00:00 2001
+From: Tavian Barnes <tavianator@tavianator.com>
+Date: Mon, 22 Mar 2021 17:19:31 -0400
+Subject: [PATCH] tests: Avoid looping forever when failing to drop
+ capabilities
+
+Link: https://github.com/void-linux/void-packages/pull/29437/checks?check_run_id=2169825021
+---
+ tests.sh | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git tests.sh tests.sh
+index 0bdd1d4..ad71894 100755
+--- tests.sh
++++ tests.sh
+@@ -36,13 +36,21 @@ fi
+
+ if command -v capsh &>/dev/null; then
+ if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
++ if [ -n "$BFS_TRIED_DROP" ]; then
++ cat >&2 <<EOF
++${RED}error: ${RST} Failed to drop capabilities.
++EOF
++
++ exit 1
++ fi
++
+ cat >&2 <<EOF
+ ${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
+ ${BLD}CAP_DAC_READ_SEARCH${RST}.
+
+ EOF
+
+- exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
++ BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
+ fi
+ elif [ "$EUID" -eq 0 ]; then
+ UNLESS=
+--
+2.31.0
+
diff --git a/srcpkgs/bfs/template b/srcpkgs/bfs/template
index 68ccaff63a4c..ebc526cec78f 100644
--- a/srcpkgs/bfs/template
+++ b/srcpkgs/bfs/template
@@ -1,17 +1,17 @@
# Template file for 'bfs'
pkgname=bfs
-version=2.1
+version=2.2
revision=1
build_style=gnu-makefile
makedepends="acl-devel libcap-devel"
-checkdepends="acl-progs"
+checkdepends="acl-progs libcap-progs"
short_desc="Breadth-first version of the UNIX find command"
maintainer="Daniel Eyßer <daniel.eysser@gmail.com>"
license="0BSD"
homepage="https://github.com/tavianator/bfs"
changelog="https://raw.githubusercontent.com/tavianator/bfs/main/RELEASES.md"
distfiles="https://github.com/tavianator/bfs/archive/${version}.tar.gz"
-checksum=be51966ca3bcc0167fb16c89f81fa37ee13c6326c616c31b87fd564a54bdc5f2
+checksum=09cff2033544cbaa31af2ad7d59347056a53c04ff7c469bb5904e575d3641053
post_install() {
vlicense LICENSE
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: bfs: update to 2.2.
2021-03-13 17:19 [PR PATCH] bfs: update to 2.2 daniel-eys
` (6 preceding siblings ...)
2021-03-22 21:49 ` [PR PATCH] [Updated] " daniel-eys
@ 2021-03-22 22:11 ` ericonr
2021-03-23 15:08 ` tavianator
` (6 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: ericonr @ 2021-03-22 22:11 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 199 bytes --]
New comment by ericonr on void-packages repository
https://github.com/void-linux/void-packages/pull/29437#issuecomment-804429350
Comment:
@tavianator perhaps `setpriv` behaves better than `capsh`?
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: bfs: update to 2.2.
2021-03-13 17:19 [PR PATCH] bfs: update to 2.2 daniel-eys
` (7 preceding siblings ...)
2021-03-22 22:11 ` ericonr
@ 2021-03-23 15:08 ` tavianator
2021-03-23 15:35 ` tavianator
` (5 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: tavianator @ 2021-03-23 15:08 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 585 bytes --]
New comment by tavianator on void-packages repository
https://github.com/void-linux/void-packages/pull/29437#issuecomment-804981189
Comment:
I think I figured out what's happening. The build is happening in a user namespace. `capsh --drop` silently fails there, which seems like a bug.
`setpriv` seems to do something, but it works a little too well:
```
# setpriv --inh-caps=-dac_override,-dac_read_search --bounding-set=-dac_override,-dac_read_search -- cat foo
cat: error while loading shared libraries: libc.so.6: cannot open shared object file: Permission denied
```
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: bfs: update to 2.2.
2021-03-13 17:19 [PR PATCH] bfs: update to 2.2 daniel-eys
` (8 preceding siblings ...)
2021-03-23 15:08 ` tavianator
@ 2021-03-23 15:35 ` tavianator
2021-03-23 15:49 ` tavianator
` (4 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: tavianator @ 2021-03-23 15:35 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 637 bytes --]
New comment by tavianator on void-packages repository
https://github.com/void-linux/void-packages/pull/29437#issuecomment-805003949
Comment:
Actually `setpriv` works fine, I just had the wrong ownership of `/` in my container. But I got `capsh` working too, thanks to this hint from the `setpriv` manpage:
```
If you drop a capability from the bounding set without
also dropping it from the inheritable set, you are likely
to become confused. Do not do that.
```
It seems like CAP_DAC_{OVERRIDE,READ_SEARCH} are inheritable in a container, so I have to remove them. Patch coming.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: bfs: update to 2.2.
2021-03-13 17:19 [PR PATCH] bfs: update to 2.2 daniel-eys
` (9 preceding siblings ...)
2021-03-23 15:35 ` tavianator
@ 2021-03-23 15:49 ` tavianator
2021-04-03 4:19 ` ericonr
` (3 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: tavianator @ 2021-03-23 15:49 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 345 bytes --]
New comment by tavianator on void-packages repository
https://github.com/void-linux/void-packages/pull/29437#issuecomment-805014448
Comment:
https://github.com/tavianator/bfs/commit/d36ece2ca7498b7ba5485d5010439b57f006c9c8 fixes the tests for me in a `systemd-nspawn -U` container, which I think is similar to the `xbps-uunshare` environment.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: bfs: update to 2.2.
2021-03-13 17:19 [PR PATCH] bfs: update to 2.2 daniel-eys
` (10 preceding siblings ...)
2021-03-23 15:49 ` tavianator
@ 2021-04-03 4:19 ` ericonr
2021-04-03 9:25 ` [PR PATCH] [Updated] " daniel-eys
` (2 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: ericonr @ 2021-04-03 4:19 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 181 bytes --]
New comment by ericonr on void-packages repository
https://github.com/void-linux/void-packages/pull/29437#issuecomment-812808051
Comment:
@tavianator thanks!
@daniel-eys ping?
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PR PATCH] [Updated] bfs: update to 2.2.
2021-03-13 17:19 [PR PATCH] bfs: update to 2.2 daniel-eys
` (11 preceding siblings ...)
2021-04-03 4:19 ` ericonr
@ 2021-04-03 9:25 ` daniel-eys
2021-04-03 9:26 ` daniel-eys
2021-04-03 13:12 ` [PR PATCH] [Merged]: " ericonr
14 siblings, 0 replies; 16+ messages in thread
From: daniel-eys @ 2021-04-03 9:25 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1559 bytes --]
There is an updated pull request by daniel-eys against master on the void-packages repository
https://github.com/daniel-eys/void-packages bfs
https://github.com/void-linux/void-packages/pull/29437
bfs: update to 2.2.
<!-- Mark items with [x] where applicable -->
#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)
#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR
<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!--
#### Does it build and run successfully?
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
- [ ] aarch64-musl
- [ ] armv7l
- [ ] armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/29437.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-bfs-29437.patch --]
[-- Type: text/x-diff, Size: 8279 bytes --]
From 92b64f00ca9ad519dcf9132e3ae9c4fec37577d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ey=C3=9Fer?= <daniel.eysser@gmail.com>
Date: Sat, 13 Mar 2021 17:39:19 +0100
Subject: [PATCH] bfs: update to 2.2.
---
...pabilities-when-run-as-root-on-Linux.patch | 90 +++++++++++++++++++
...ing-forever-when-failing-to-drop-cap.patch | 41 +++++++++
...emove-capabilities-after-dropping-th.patch | 47 ++++++++++
srcpkgs/bfs/template | 6 +-
4 files changed, 181 insertions(+), 3 deletions(-)
create mode 100644 srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch
create mode 100644 srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch
create mode 100644 srcpkgs/bfs/patches/0003-tests-Actually-remove-capabilities-after-dropping-th.patch
diff --git a/srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch b/srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch
new file mode 100644
index 000000000000..a2e54c397f8b
--- /dev/null
+++ b/srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch
@@ -0,0 +1,90 @@
+From f2e6186ed0ce9b68362ad25d897f1e3c697728ec Mon Sep 17 00:00:00 2001
+From: Tavian Barnes <tavianator@tavianator.com>
+Date: Sun, 21 Mar 2021 13:18:43 -0400
+Subject: [PATCH] tests: Drop capabilities when run as root on Linux
+
+bfs's tests rely on file permissions being enforced, which leads them to
+work incorrectly when run as root. This is probably the most common
+packaging issue for bfs, most recently seen with Void Linux's update to
+bfs 2.2.
+
+Make it easier on packagers by using capsh, if it's available, to drop
+the DAC privileges for the tests.
+
+Link: https://github.com/void-linux/void-packages/pull/29437#issuecomment-798670288
+Link: https://salsa.debian.org/lamby/pkg-bfs/-/commit/b173efb35da126adb39b0984219d6a2fd9ff428f
+---
+ tests.sh | 35 +++++++++++++++++++++++++++++------
+ 1 file changed, 29 insertions(+), 6 deletions(-)
+
+diff --git tests.sh tests.sh
+index b039eea..0bdd1d4 100755
+--- tests.sh
++++ tests.sh
+@@ -34,10 +34,25 @@ if [ -t 1 ]; then
+ RST="$(printf '\033[0m')"
+ fi
+
+-if [ "$EUID" -eq 0 ]; then
++if command -v capsh &>/dev/null; then
++ if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
++ cat >&2 <<EOF
++${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
++${BLD}CAP_DAC_READ_SEARCH${RST}.
++
++EOF
++
++ exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
++ fi
++elif [ "$EUID" -eq 0 ]; then
++ UNLESS=
++ if [ "$(uname)" = "Linux" ]; then
++ UNLESS=" unless ${GRN}capsh${RST} is installed"
++ fi
++
+ cat >&2 <<EOF
+ ${RED}error:${RST} These tests expect filesystem permissions to be enforced, and therefore
+-will not work when run as ${BLD}$(id -un)${RST}.
++will not work when run as ${BLD}$(id -un)${RST}${UNLESS}.
+ EOF
+ exit 1
+ fi
+@@ -1209,11 +1224,15 @@ function test_gid() {
+ }
+
+ function test_gid_plus() {
+- bfs_diff basic -gid +0
++ if [ "$(id -g)" -ne 0 ]; then
++ bfs_diff basic -gid +0
++ fi
+ }
+
+ function test_gid_plus_plus() {
+- bfs_diff basic -gid +0
++ if [ "$(id -g)" -ne 0 ]; then
++ bfs_diff basic -gid ++0
++ fi
+ }
+
+ function test_gid_minus() {
+@@ -1229,11 +1248,15 @@ function test_uid() {
+ }
+
+ function test_uid_plus() {
+- bfs_diff basic -uid +0
++ if [ "$(id -u)" -ne 0 ]; then
++ bfs_diff basic -uid +0
++ fi
+ }
+
+ function test_uid_plus_plus() {
+- bfs_diff basic -uid ++0
++ if [ "$(id -u)" -ne 0 ]; then
++ bfs_diff basic -uid ++0
++ fi
+ }
+
+ function test_uid_minus() {
+--
+2.31.0
+
diff --git a/srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch b/srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch
new file mode 100644
index 000000000000..5e951faea29c
--- /dev/null
+++ b/srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch
@@ -0,0 +1,41 @@
+From dbc77fd3b6e48a17eb79f9ff3a5f810b7554bf6f Mon Sep 17 00:00:00 2001
+From: Tavian Barnes <tavianator@tavianator.com>
+Date: Mon, 22 Mar 2021 17:19:31 -0400
+Subject: [PATCH] tests: Avoid looping forever when failing to drop
+ capabilities
+
+Link: https://github.com/void-linux/void-packages/pull/29437/checks?check_run_id=2169825021
+---
+ tests.sh | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git tests.sh tests.sh
+index 0bdd1d4..ad71894 100755
+--- tests.sh
++++ tests.sh
+@@ -36,13 +36,21 @@ fi
+
+ if command -v capsh &>/dev/null; then
+ if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
++ if [ -n "$BFS_TRIED_DROP" ]; then
++ cat >&2 <<EOF
++${RED}error: ${RST} Failed to drop capabilities.
++EOF
++
++ exit 1
++ fi
++
+ cat >&2 <<EOF
+ ${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
+ ${BLD}CAP_DAC_READ_SEARCH${RST}.
+
+ EOF
+
+- exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
++ BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
+ fi
+ elif [ "$EUID" -eq 0 ]; then
+ UNLESS=
+--
+2.31.0
+
diff --git a/srcpkgs/bfs/patches/0003-tests-Actually-remove-capabilities-after-dropping-th.patch b/srcpkgs/bfs/patches/0003-tests-Actually-remove-capabilities-after-dropping-th.patch
new file mode 100644
index 000000000000..acf3d32f9113
--- /dev/null
+++ b/srcpkgs/bfs/patches/0003-tests-Actually-remove-capabilities-after-dropping-th.patch
@@ -0,0 +1,47 @@
+From d36ece2ca7498b7ba5485d5010439b57f006c9c8 Mon Sep 17 00:00:00 2001
+From: Tavian Barnes <tavianator@tavianator.com>
+Date: Tue, 23 Mar 2021 11:46:26 -0400
+Subject: [PATCH] tests: Actually remove capabilities after dropping them
+
+---
+ tests.sh | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git tests.sh tests.sh
+index ad71894..8eb4dc0 100755
+--- tests.sh
++++ tests.sh
+@@ -35,22 +35,25 @@ if [ -t 1 ]; then
+ fi
+
+ if command -v capsh &>/dev/null; then
+- if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
++ if capsh --has-p=cap_dac_override &>/dev/null || capsh --has-p=cap_dac_read_search &>/dev/null; then
+ if [ -n "$BFS_TRIED_DROP" ]; then
+ cat >&2 <<EOF
+-${RED}error: ${RST} Failed to drop capabilities.
++${RED}error:${RST} Failed to drop capabilities.
+ EOF
+
+ exit 1
+ fi
+
+ cat >&2 <<EOF
+-${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
+-${BLD}CAP_DAC_READ_SEARCH${RST}.
++${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}cap_dac_override${RST} and
++${BLD}cap_dac_read_search${RST}.
+
+ EOF
+
+- BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
++ BFS_TRIED_DROP=y exec capsh \
++ --drop=cap_dac_override,cap_dac_read_search \
++ --caps=cap_dac_override,cap_dac_read_search-eip \
++ -- "$0" "$@"
+ fi
+ elif [ "$EUID" -eq 0 ]; then
+ UNLESS=
+--
+2.31.1
+
diff --git a/srcpkgs/bfs/template b/srcpkgs/bfs/template
index 68ccaff63a4c..ebc526cec78f 100644
--- a/srcpkgs/bfs/template
+++ b/srcpkgs/bfs/template
@@ -1,17 +1,17 @@
# Template file for 'bfs'
pkgname=bfs
-version=2.1
+version=2.2
revision=1
build_style=gnu-makefile
makedepends="acl-devel libcap-devel"
-checkdepends="acl-progs"
+checkdepends="acl-progs libcap-progs"
short_desc="Breadth-first version of the UNIX find command"
maintainer="Daniel Eyßer <daniel.eysser@gmail.com>"
license="0BSD"
homepage="https://github.com/tavianator/bfs"
changelog="https://raw.githubusercontent.com/tavianator/bfs/main/RELEASES.md"
distfiles="https://github.com/tavianator/bfs/archive/${version}.tar.gz"
-checksum=be51966ca3bcc0167fb16c89f81fa37ee13c6326c616c31b87fd564a54bdc5f2
+checksum=09cff2033544cbaa31af2ad7d59347056a53c04ff7c469bb5904e575d3641053
post_install() {
vlicense LICENSE
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: bfs: update to 2.2.
2021-03-13 17:19 [PR PATCH] bfs: update to 2.2 daniel-eys
` (12 preceding siblings ...)
2021-04-03 9:25 ` [PR PATCH] [Updated] " daniel-eys
@ 2021-04-03 9:26 ` daniel-eys
2021-04-03 13:12 ` [PR PATCH] [Merged]: " ericonr
14 siblings, 0 replies; 16+ messages in thread
From: daniel-eys @ 2021-04-03 9:26 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 202 bytes --]
New comment by daniel-eys on void-packages repository
https://github.com/void-linux/void-packages/pull/29437#issuecomment-812839907
Comment:
I included the patch. Let's see what ci thinks about that.
^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [PR PATCH] [Merged]: bfs: update to 2.2.
2021-03-13 17:19 [PR PATCH] bfs: update to 2.2 daniel-eys
` (13 preceding siblings ...)
2021-04-03 9:26 ` daniel-eys
@ 2021-04-03 13:12 ` ericonr
14 siblings, 0 replies; 16+ messages in thread
From: ericonr @ 2021-04-03 13:12 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1401 bytes --]
There's a merged pull request on the void-packages repository
bfs: update to 2.2.
https://github.com/void-linux/void-packages/pull/29437
Description:
<!-- Mark items with [x] where applicable -->
#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)
#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR
<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!--
#### Does it build and run successfully?
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
- [ ] aarch64-musl
- [ ] armv7l
- [ ] armv6l-musl
-->
^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2021-04-03 13:12 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-13 17:19 [PR PATCH] bfs: update to 2.2 daniel-eys
2021-03-13 17:30 ` daniel-eys
2021-03-22 14:38 ` tavianator
2021-03-22 20:35 ` [PR PATCH] [Updated] " daniel-eys
2021-03-22 20:42 ` daniel-eys
2021-03-22 21:03 ` tavianator
2021-03-22 21:26 ` tavianator
2021-03-22 21:49 ` [PR PATCH] [Updated] " daniel-eys
2021-03-22 22:11 ` ericonr
2021-03-23 15:08 ` tavianator
2021-03-23 15:35 ` tavianator
2021-03-23 15:49 ` tavianator
2021-04-03 4:19 ` ericonr
2021-04-03 9:25 ` [PR PATCH] [Updated] " daniel-eys
2021-04-03 9:26 ` daniel-eys
2021-04-03 13:12 ` [PR PATCH] [Merged]: " ericonr
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).