[PR PATCH] lxc: setuid binary

[PR PATCH] lxc: setuid binary

[CameronNemo]

[-- Attachment #1: Type: text/plain, Size: 1281 bytes --]

There is a new pull request by CameronNemo against master on the void-packages repository

https://github.com/CameronNemo/void-packages lxc5-fix-setuid
https://github.com/void-linux/void-packages/pull/38726

lxc: setuid binary
Switch to meson had a small casualty.

Closes #38682

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **briefly**

<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/38726.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-lxc5-fix-setuid-38726.patch --]
[-- Type: text/x-diff, Size: 1067 bytes --]

From 39aa018af4afefc038fe820a68afe03c61e6ca81 Mon Sep 17 00:00:00 2001
From: Cameron Nemo <cnemo@tutanota.com>
Date: Tue, 16 Aug 2022 13:22:50 -0700
Subject: [PATCH] lxc: setuid binary

Switch to meson had a small casualty.

Closes #38682
---
 srcpkgs/lxc/INSTALL  | 7 +++++++
 srcpkgs/lxc/template | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/lxc/INSTALL

diff --git a/srcpkgs/lxc/INSTALL b/srcpkgs/lxc/INSTALL
new file mode 100644
index 000000000000..7a16701bf963
--- /dev/null
+++ b/srcpkgs/lxc/INSTALL
@@ -0,0 +1,7 @@
+# INSTALL
+case "$ACTION" in
+post)
+	chown root:root usr/libexec/lxc/lxc-user-nic
+	chmod 4755 usr/libexec/lxc/lxc-user-nic
+	;;
+esac
diff --git a/srcpkgs/lxc/template b/srcpkgs/lxc/template
index 6b29d3e041fa..39d2451e3377 100644
--- a/srcpkgs/lxc/template
+++ b/srcpkgs/lxc/template
@@ -1,7 +1,7 @@
 # Template file for 'lxc'
 pkgname=lxc
 version=5.0.1
-revision=1
+revision=2
 build_style=meson
 configure_args="-Dpam-cgroup=true -Drootfs-mount-path=/var/lxc/containers
  -Ddistrosysconfdir=default

Re: lxc: setuid binary

[eli-schwartz]

[-- Attachment #1: Type: text/plain, Size: 289 bytes --]

New comment by eli-schwartz on void-packages repository

https://github.com/void-linux/void-packages/pull/38726#issuecomment-1217418217

Comment:
As mentioned in the linked issue, I believe this is a Meson bug and have PRed a patch to fix it that does not require running INSTALL scripts.

Re: [PR PATCH] [Updated] lxc: setuid binary

[CameronNemo]

[-- Attachment #1: Type: text/plain, Size: 1309 bytes --]

There is an updated pull request by CameronNemo against master on the void-packages repository

https://github.com/CameronNemo/void-packages lxc5-fix-setuid
https://github.com/void-linux/void-packages/pull/38726

lxc: setuid binary
Switch to meson had a small casualty.

Closes #38682

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **YES**

<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/38726.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-lxc5-fix-setuid-38726.patch --]
[-- Type: text/x-diff, Size: 9188 bytes --]

From f61872825bb3872d02d3c45bce980188d55d6020 Mon Sep 17 00:00:00 2001
From: Cameron Nemo <cnemo@tutanota.com>
Date: Tue, 16 Aug 2022 20:48:46 -0700
Subject: [PATCH 1/2] meson: backport patch to fix setuid

https://github.com/mesonbuild/meson/pull/10702
---
 srcpkgs/meson/patches/10702.patch | 59 +++++++++++++++++++++++++++++++
 srcpkgs/meson/template            |  2 +-
 2 files changed, 60 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/meson/patches/10702.patch

diff --git a/srcpkgs/meson/patches/10702.patch b/srcpkgs/meson/patches/10702.patch
new file mode 100644
index 000000000000..7ab15ebbc007
--- /dev/null
+++ b/srcpkgs/meson/patches/10702.patch
@@ -0,0 +1,59 @@
+From 869b95d0c2a854d73db0fceb7d0dbee9dc88cf46 Mon Sep 17 00:00:00 2001
+From: Eli Schwartz <eschwartz@archlinux.org>
+Date: Tue, 16 Aug 2022 22:42:53 -0400
+Subject: [PATCH] minstall: do not trample install_mode by rpath fixer
+
+install_mode can include the setuid bit, which has the special property
+(mentioned in the set_mode logic for minstall itself) of needing to come
+last, because it "will get wiped by chmod" (or at least chown).
+
+In fact, it's not just chown that wipes setuid, but other changes as
+well, such as the file contents. This is not an issue for install_data /
+custom_target, but for compiled outputs, we run depfixer to handle
+rpaths. This may or may not cause edits to the binary, depending on
+whether we have a build rpath to wipe, or an install rpath to add. (We
+also may run `strip`, but that external program already has its own mode
+restoration logic.)
+
+Fix this by switching the order of operations around, so that setting
+the permissions happens last.
+
+Fixes https://github.com/void-linux/void-packages/issues/38682
+---
+ mesonbuild/minstall.py                         | 3 ++-
+ test cases/common/190 install_mode/meson.build | 1 +
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/mesonbuild/minstall.py b/mesonbuild/minstall.py
+index 551f909c80d..a810ccbbd40 100644
+--- a/mesonbuild/minstall.py
++++ b/mesonbuild/minstall.py
+@@ -693,7 +693,6 @@ def install_targets(self, d: InstallData, dm: DirMaker, destdir: str, fullprefix
+                 raise MesonException(f'File {fname!r} could not be found')
+             elif os.path.isfile(fname):
+                 file_copied = self.do_copyfile(fname, outname, makedirs=(dm, outdir))
+-                self.set_mode(outname, install_mode, d.install_umask)
+                 if should_strip and d.strip_bin is not None:
+                     if fname.endswith('.jar'):
+                         self.log('Not stripping jar target: {}'.format(os.path.basename(fname)))
+@@ -723,6 +722,8 @@ def install_targets(self, d: InstallData, dm: DirMaker, destdir: str, fullprefix
+                         pass
+                     else:
+                         raise
++                # file mode needs to be set last, after strip/depfixer editing
++                self.set_mode(outname, install_mode, d.install_umask)
+ 
+ def rebuild_all(wd: str) -> bool:
+     if not (Path(wd) / 'build.ninja').is_file():
+diff --git a/test cases/common/190 install_mode/meson.build b/test cases/common/190 install_mode/meson.build
+index cae1e91aba3..e877ba75757 100644
+--- a/test cases/common/190 install_mode/meson.build	
++++ b/test cases/common/190 install_mode/meson.build	
+@@ -51,6 +51,7 @@ install_man('foo.1',
+ executable('trivialprog',
+   sources : 'trivial.c',
+   install : true,
++  build_rpath: meson.current_build_dir(),
+   install_mode : ['rwxr-sr-x', 'root', 'root'])
+ 
+ # test install_mode in static_library
diff --git a/srcpkgs/meson/template b/srcpkgs/meson/template
index d4c6c4d29670..d3243fe16052 100644
--- a/srcpkgs/meson/template
+++ b/srcpkgs/meson/template
@@ -1,7 +1,7 @@
 # Template file for 'meson'
 pkgname=meson
 version=0.62.2
-revision=1
+revision=2
 build_style=python3-module
 hostmakedepends="python3-devel python3-setuptools"
 depends="ninja python3-setuptools"

From f63dd0cb27d29b7787db9974ad253b0bec2afbe0 Mon Sep 17 00:00:00 2001
From: Cameron Nemo <cnemo@tutanota.com>
Date: Tue, 16 Aug 2022 13:22:50 -0700
Subject: [PATCH 2/2] lxc: set lxc-user-nic suid bit

Switch to meson had a small casualty.
Rebuild with patched meson.
Also simplify the docbook2x patch.

Closes #38682
---
 srcpkgs/lxc/patches/01-meson-docbook2x.patch | 66 +++++++++-----------
 srcpkgs/lxc/template                         |  4 +-
 2 files changed, 33 insertions(+), 37 deletions(-)

diff --git a/srcpkgs/lxc/patches/01-meson-docbook2x.patch b/srcpkgs/lxc/patches/01-meson-docbook2x.patch
index f21d8ba34b2b..da7ddeb61596 100644
--- a/srcpkgs/lxc/patches/01-meson-docbook2x.patch
+++ b/srcpkgs/lxc/patches/01-meson-docbook2x.patch
@@ -1,49 +1,45 @@
-commit d91b4a300017bdcfbea8d013f05369ebba9a3d1e
+commit 06f99c2599db8140bd839532caa8f6ee0d1c3ff6
 Author: Cameron Nemo <cam@nohom.org>
-Date:   Sun Aug 7 11:10:31 2022 -0700
+Date:   Tue Aug 16 20:30:39 2022 -0700
 
-    meson: add option to force docbook2x format
+    meson: fix docbook2x detection
     
-    Some distros ship docbook2x as docbook2man, which perplexes the logic in
-    the meson.build that chooses the "docdtd" value.
-    
-    Add a build option to always use the newer docbook2x docdtd value.
+    docbook2man can sometimes be docbook2x and other times be docbook-utils.
+    Rather than compare paths, use version constraints to detect version.
     
     Signed-off-by: Cameron Nemo <cam@nohom.org>
 
 diff --git a/meson.build b/meson.build
-index a145faf06..9c0e6e488 100644
+index 666824c5a..2b160d4ac 100644
 --- a/meson.build
 +++ b/meson.build
-@@ -135,6 +135,7 @@ cgrouppattern = get_option('cgroup-pattern')
- coverity = get_option('coverity-build')
- init_script = get_option('init-script')
- sanitize = get_option('b_sanitize')
-+docbook2x_only = get_option('docbook2x-only')
- want_examples = get_option('examples')
- want_io_uring = get_option('io-uring-event-loop')
- want_pam_cgroup = get_option('pam-cgroup')
-@@ -337,7 +338,7 @@ docconf.set('LXCTEMPLATEDIR', lxctemplatedir)
+@@ -324,9 +324,6 @@ endif
+ generate_date = run_command(date, '--utc', '--date=@' + time_epoch, '+%Y-%m-%d', check: true).stdout().strip()
+ 
+ ## Manpages.
+-sgml2man = find_program('docbook2X2man', 'docbook2x-man', 'db2x_docbook2man', 'docbook2man', 'docbook-to-man', required: want_mans)
+-docbook2man = find_program('docbook2man', required: false)
+-
+ docconf = configuration_data()
+ docconf.set('builddir', '.')
+ docconf.set('BINDIR', bindir)
+@@ -341,10 +338,15 @@ docconf.set('LXCTEMPLATEDIR', lxctemplatedir)
  docconf.set('LXC_USERNIC_CONF', lxc_user_network_conf)
  docconf.set('LXC_USERNIC_DB', lxc_user_network_db)
  docconf.set('PACKAGE_VERSION', version_data.get('LXC_VERSION'))
 -if sgml2man.found() and docbook2man.found() and sgml2man.full_path() == docbook2man.full_path()
-+if sgml2man.found() and docbook2man.found() and sgml2man.full_path() == docbook2man.full_path() and not docbook2x_only
-     docconf.set('docdtd', '"-//Davenport//DTD DocBook V3.0//EN"')
- else
-     docconf.set('docdtd', '"-//OASIS//DTD DocBook XML" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"')
-diff --git a/meson_options.txt b/meson_options.txt
-index c14dacf27..ccc4dde5d 100644
---- a/meson_options.txt
-+++ b/meson_options.txt
-@@ -9,6 +9,10 @@ option('cgroup-pattern', type: 'string', value: '',
- option('coverity-build', type: 'boolean', value: 'true',
-        description: 'build for coverity')
+-    docconf.set('docdtd', '"-//Davenport//DTD DocBook V3.0//EN"')
+-else
+-    docconf.set('docdtd', '"-//OASIS//DTD DocBook XML" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"')
++docconf.set('docdtd', '"-//OASIS//DTD DocBook XML" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"')
++sgml2man = find_program('docbook2X2man', 'docbook2x-man', 'db2x_docbook2man', 'docbook2man', 'docbook-to-man', required: false, version: '>=0.8')
++if not sgml2man.found()
++    sgml2man = find_program('docbook2man', required: false, version: '<0.8')
++    if sgml2man.found()
++        docconf.set('docdtd', '"-//Davenport//DTD DocBook V3.0//EN"')
++    elif want_mans
++        error('missing required docbook2x or docbook-utils dependency')
++    endif
+ endif
  
-+# no configure equivalent
-+option('docbook2x-only', type: 'boolean', value: 'false',
-+       description: 'always use DocBook 2x format')
-+
- # was --{disable,enable}-examples in autotools
- option('examples', type: 'boolean', value: 'true',
-        description: 'build and install examples')
+ ## Threads.
diff --git a/srcpkgs/lxc/template b/srcpkgs/lxc/template
index 6b29d3e041fa..f14e8bea9637 100644
--- a/srcpkgs/lxc/template
+++ b/srcpkgs/lxc/template
@@ -1,11 +1,11 @@
 # Template file for 'lxc'
 pkgname=lxc
 version=5.0.1
-revision=1
+revision=2
 build_style=meson
 configure_args="-Dpam-cgroup=true -Drootfs-mount-path=/var/lxc/containers
  -Ddistrosysconfdir=default
- -Dlog-path=/var/lxc/log -Dinit-script=[] -Ddocbook2x-only=true"
+ -Dlog-path=/var/lxc/log -Dinit-script=[]"
 hostmakedepends="pkg-config docbook2x"
 makedepends="libcap-devel libseccomp-devel openssl-devel libapparmor-devel
  pam-devel"

Re: backport meson patch to set lxc-user-nic suid bit

[CameronNemo]

[-- Attachment #1: Type: text/plain, Size: 260 bytes --]

New comment by CameronNemo on void-packages repository

https://github.com/void-linux/void-packages/pull/38726#issuecomment-1217431176

Comment:
I have re-built LXC using meson with the patch and verified that the packaged lxc-user-nic has the setuid bit set.

Re: backport meson patch to set lxc-user-nic suid bit

[paper42]

[-- Attachment #1: Type: text/plain, Size: 212 bytes --]

New comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/38726#issuecomment-1217658097

Comment:
Could you mention simplifying the docbook patch in the commit message?

Re: [PR PATCH] [Updated] backport meson patch to set lxc-user-nic suid bit

[CameronNemo]

[-- Attachment #1: Type: text/plain, Size: 1493 bytes --]

There is an updated pull request by CameronNemo against master on the void-packages repository

https://github.com/CameronNemo/void-packages lxc5-fix-setuid
https://github.com/void-linux/void-packages/pull/38726

backport meson patch to set lxc-user-nic suid bit
Switch to meson had a small casualty.
Rebuild with patched meson.
Also simplify the docbook2x patch.

https://github.com/mesonbuild/meson/pull/10702
https://github.com/lxc/lxc/pull/4177

Closes #38682

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **YES**

<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/38726.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-lxc5-fix-setuid-38726.patch --]
[-- Type: text/x-diff, Size: 9249 bytes --]

From f61872825bb3872d02d3c45bce980188d55d6020 Mon Sep 17 00:00:00 2001
From: Cameron Nemo <cnemo@tutanota.com>
Date: Tue, 16 Aug 2022 20:48:46 -0700
Subject: [PATCH 1/2] meson: backport patch to fix setuid

https://github.com/mesonbuild/meson/pull/10702
---
 srcpkgs/meson/patches/10702.patch | 59 +++++++++++++++++++++++++++++++
 srcpkgs/meson/template            |  2 +-
 2 files changed, 60 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/meson/patches/10702.patch

diff --git a/srcpkgs/meson/patches/10702.patch b/srcpkgs/meson/patches/10702.patch
new file mode 100644
index 000000000000..7ab15ebbc007
--- /dev/null
+++ b/srcpkgs/meson/patches/10702.patch
@@ -0,0 +1,59 @@
+From 869b95d0c2a854d73db0fceb7d0dbee9dc88cf46 Mon Sep 17 00:00:00 2001
+From: Eli Schwartz <eschwartz@archlinux.org>
+Date: Tue, 16 Aug 2022 22:42:53 -0400
+Subject: [PATCH] minstall: do not trample install_mode by rpath fixer
+
+install_mode can include the setuid bit, which has the special property
+(mentioned in the set_mode logic for minstall itself) of needing to come
+last, because it "will get wiped by chmod" (or at least chown).
+
+In fact, it's not just chown that wipes setuid, but other changes as
+well, such as the file contents. This is not an issue for install_data /
+custom_target, but for compiled outputs, we run depfixer to handle
+rpaths. This may or may not cause edits to the binary, depending on
+whether we have a build rpath to wipe, or an install rpath to add. (We
+also may run `strip`, but that external program already has its own mode
+restoration logic.)
+
+Fix this by switching the order of operations around, so that setting
+the permissions happens last.
+
+Fixes https://github.com/void-linux/void-packages/issues/38682
+---
+ mesonbuild/minstall.py                         | 3 ++-
+ test cases/common/190 install_mode/meson.build | 1 +
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/mesonbuild/minstall.py b/mesonbuild/minstall.py
+index 551f909c80d..a810ccbbd40 100644
+--- a/mesonbuild/minstall.py
++++ b/mesonbuild/minstall.py
+@@ -693,7 +693,6 @@ def install_targets(self, d: InstallData, dm: DirMaker, destdir: str, fullprefix
+                 raise MesonException(f'File {fname!r} could not be found')
+             elif os.path.isfile(fname):
+                 file_copied = self.do_copyfile(fname, outname, makedirs=(dm, outdir))
+-                self.set_mode(outname, install_mode, d.install_umask)
+                 if should_strip and d.strip_bin is not None:
+                     if fname.endswith('.jar'):
+                         self.log('Not stripping jar target: {}'.format(os.path.basename(fname)))
+@@ -723,6 +722,8 @@ def install_targets(self, d: InstallData, dm: DirMaker, destdir: str, fullprefix
+                         pass
+                     else:
+                         raise
++                # file mode needs to be set last, after strip/depfixer editing
++                self.set_mode(outname, install_mode, d.install_umask)
+ 
+ def rebuild_all(wd: str) -> bool:
+     if not (Path(wd) / 'build.ninja').is_file():
+diff --git a/test cases/common/190 install_mode/meson.build b/test cases/common/190 install_mode/meson.build
+index cae1e91aba3..e877ba75757 100644
+--- a/test cases/common/190 install_mode/meson.build	
++++ b/test cases/common/190 install_mode/meson.build	
+@@ -51,6 +51,7 @@ install_man('foo.1',
+ executable('trivialprog',
+   sources : 'trivial.c',
+   install : true,
++  build_rpath: meson.current_build_dir(),
+   install_mode : ['rwxr-sr-x', 'root', 'root'])
+ 
+ # test install_mode in static_library
diff --git a/srcpkgs/meson/template b/srcpkgs/meson/template
index d4c6c4d29670..d3243fe16052 100644
--- a/srcpkgs/meson/template
+++ b/srcpkgs/meson/template
@@ -1,7 +1,7 @@
 # Template file for 'meson'
 pkgname=meson
 version=0.62.2
-revision=1
+revision=2
 build_style=python3-module
 hostmakedepends="python3-devel python3-setuptools"
 depends="ninja python3-setuptools"

From 948cd47890c720bc8f502f444e56de72ea343c96 Mon Sep 17 00:00:00 2001
From: Cameron Nemo <cnemo@tutanota.com>
Date: Tue, 16 Aug 2022 13:22:50 -0700
Subject: [PATCH 2/2] lxc: set lxc-user-nic suid bit, docbook2x patch

Switch to meson had a small casualty.
Rebuild with patched meson.

Also simplify the docbook2x patch based on recommendations from Eli
Schwartz.

Closes #38682
---
 srcpkgs/lxc/patches/01-meson-docbook2x.patch | 66 +++++++++-----------
 srcpkgs/lxc/template                         |  4 +-
 2 files changed, 33 insertions(+), 37 deletions(-)

diff --git a/srcpkgs/lxc/patches/01-meson-docbook2x.patch b/srcpkgs/lxc/patches/01-meson-docbook2x.patch
index f21d8ba34b2b..da7ddeb61596 100644
--- a/srcpkgs/lxc/patches/01-meson-docbook2x.patch
+++ b/srcpkgs/lxc/patches/01-meson-docbook2x.patch
@@ -1,49 +1,45 @@
-commit d91b4a300017bdcfbea8d013f05369ebba9a3d1e
+commit 06f99c2599db8140bd839532caa8f6ee0d1c3ff6
 Author: Cameron Nemo <cam@nohom.org>
-Date:   Sun Aug 7 11:10:31 2022 -0700
+Date:   Tue Aug 16 20:30:39 2022 -0700
 
-    meson: add option to force docbook2x format
+    meson: fix docbook2x detection
     
-    Some distros ship docbook2x as docbook2man, which perplexes the logic in
-    the meson.build that chooses the "docdtd" value.
-    
-    Add a build option to always use the newer docbook2x docdtd value.
+    docbook2man can sometimes be docbook2x and other times be docbook-utils.
+    Rather than compare paths, use version constraints to detect version.
     
     Signed-off-by: Cameron Nemo <cam@nohom.org>
 
 diff --git a/meson.build b/meson.build
-index a145faf06..9c0e6e488 100644
+index 666824c5a..2b160d4ac 100644
 --- a/meson.build
 +++ b/meson.build
-@@ -135,6 +135,7 @@ cgrouppattern = get_option('cgroup-pattern')
- coverity = get_option('coverity-build')
- init_script = get_option('init-script')
- sanitize = get_option('b_sanitize')
-+docbook2x_only = get_option('docbook2x-only')
- want_examples = get_option('examples')
- want_io_uring = get_option('io-uring-event-loop')
- want_pam_cgroup = get_option('pam-cgroup')
-@@ -337,7 +338,7 @@ docconf.set('LXCTEMPLATEDIR', lxctemplatedir)
+@@ -324,9 +324,6 @@ endif
+ generate_date = run_command(date, '--utc', '--date=@' + time_epoch, '+%Y-%m-%d', check: true).stdout().strip()
+ 
+ ## Manpages.
+-sgml2man = find_program('docbook2X2man', 'docbook2x-man', 'db2x_docbook2man', 'docbook2man', 'docbook-to-man', required: want_mans)
+-docbook2man = find_program('docbook2man', required: false)
+-
+ docconf = configuration_data()
+ docconf.set('builddir', '.')
+ docconf.set('BINDIR', bindir)
+@@ -341,10 +338,15 @@ docconf.set('LXCTEMPLATEDIR', lxctemplatedir)
  docconf.set('LXC_USERNIC_CONF', lxc_user_network_conf)
  docconf.set('LXC_USERNIC_DB', lxc_user_network_db)
  docconf.set('PACKAGE_VERSION', version_data.get('LXC_VERSION'))
 -if sgml2man.found() and docbook2man.found() and sgml2man.full_path() == docbook2man.full_path()
-+if sgml2man.found() and docbook2man.found() and sgml2man.full_path() == docbook2man.full_path() and not docbook2x_only
-     docconf.set('docdtd', '"-//Davenport//DTD DocBook V3.0//EN"')
- else
-     docconf.set('docdtd', '"-//OASIS//DTD DocBook XML" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"')
-diff --git a/meson_options.txt b/meson_options.txt
-index c14dacf27..ccc4dde5d 100644
---- a/meson_options.txt
-+++ b/meson_options.txt
-@@ -9,6 +9,10 @@ option('cgroup-pattern', type: 'string', value: '',
- option('coverity-build', type: 'boolean', value: 'true',
-        description: 'build for coverity')
+-    docconf.set('docdtd', '"-//Davenport//DTD DocBook V3.0//EN"')
+-else
+-    docconf.set('docdtd', '"-//OASIS//DTD DocBook XML" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"')
++docconf.set('docdtd', '"-//OASIS//DTD DocBook XML" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"')
++sgml2man = find_program('docbook2X2man', 'docbook2x-man', 'db2x_docbook2man', 'docbook2man', 'docbook-to-man', required: false, version: '>=0.8')
++if not sgml2man.found()
++    sgml2man = find_program('docbook2man', required: false, version: '<0.8')
++    if sgml2man.found()
++        docconf.set('docdtd', '"-//Davenport//DTD DocBook V3.0//EN"')
++    elif want_mans
++        error('missing required docbook2x or docbook-utils dependency')
++    endif
+ endif
  
-+# no configure equivalent
-+option('docbook2x-only', type: 'boolean', value: 'false',
-+       description: 'always use DocBook 2x format')
-+
- # was --{disable,enable}-examples in autotools
- option('examples', type: 'boolean', value: 'true',
-        description: 'build and install examples')
+ ## Threads.
diff --git a/srcpkgs/lxc/template b/srcpkgs/lxc/template
index 6b29d3e041fa..f14e8bea9637 100644
--- a/srcpkgs/lxc/template
+++ b/srcpkgs/lxc/template
@@ -1,11 +1,11 @@
 # Template file for 'lxc'
 pkgname=lxc
 version=5.0.1
-revision=1
+revision=2
 build_style=meson
 configure_args="-Dpam-cgroup=true -Drootfs-mount-path=/var/lxc/containers
  -Ddistrosysconfdir=default
- -Dlog-path=/var/lxc/log -Dinit-script=[] -Ddocbook2x-only=true"
+ -Dlog-path=/var/lxc/log -Dinit-script=[]"
 hostmakedepends="pkg-config docbook2x"
 makedepends="libcap-devel libseccomp-devel openssl-devel libapparmor-devel
  pam-devel"

Re: backport meson patch to set lxc-user-nic suid bit

[CameronNemo]

[-- Attachment #1: Type: text/plain, Size: 159 bytes --]

New comment by CameronNemo on void-packages repository

https://github.com/void-linux/void-packages/pull/38726#issuecomment-1218088772

Comment:
@paper42 done

Re: [PR PATCH] [Merged]: backport meson patch to set lxc-user-nic suid bit

[paper42]

[-- Attachment #1: Type: text/plain, Size: 1321 bytes --]

There's a merged pull request on the void-packages repository

backport meson patch to set lxc-user-nic suid bit
https://github.com/void-linux/void-packages/pull/38726

Description:
Switch to meson had a small casualty.
Rebuild with patched meson.
Also simplify the docbook2x patch.

https://github.com/mesonbuild/meson/pull/10702
https://github.com/lxc/lxc/pull/4177

Closes #38682

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **YES**

<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->