[PR PATCH] bfs: update to 2.2.

[PR PATCH] bfs: update to 2.2.

[daniel-eys]

[-- Attachment #1: Type: text/plain, Size: 1554 bytes --]

There is a new pull request by daniel-eys against master on the void-packages repository

https://github.com/daniel-eys/void-packages bfs
https://github.com/void-linux/void-packages/pull/29437

bfs: update to 2.2.
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!--
#### Does it build and run successfully?
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->

A patch file from https://github.com/void-linux/void-packages/pull/29437.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-bfs-29437.patch --]
[-- Type: text/x-diff, Size: 1023 bytes --]

From c2557fd88034952e1dabe7af587768165e55b068 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ey=C3=9Fer?= <daniel.eysser@gmail.com>
Date: Sat, 13 Mar 2021 17:39:19 +0100
Subject: [PATCH] bfs: update to 2.2.

---
 srcpkgs/bfs/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/bfs/template b/srcpkgs/bfs/template
index 68ccaff63a4..36f5b99ac12 100644
--- a/srcpkgs/bfs/template
+++ b/srcpkgs/bfs/template
@@ -1,6 +1,6 @@
 # Template file for 'bfs'
 pkgname=bfs
-version=2.1
+version=2.2
 revision=1
 build_style=gnu-makefile
 makedepends="acl-devel libcap-devel"
@@ -11,7 +11,7 @@ license="0BSD"
 homepage="https://github.com/tavianator/bfs"
 changelog="https://raw.githubusercontent.com/tavianator/bfs/main/RELEASES.md"
 distfiles="https://github.com/tavianator/bfs/archive/${version}.tar.gz"
-checksum=be51966ca3bcc0167fb16c89f81fa37ee13c6326c616c31b87fd564a54bdc5f2
+checksum=09cff2033544cbaa31af2ad7d59347056a53c04ff7c469bb5904e575d3641053
 
 post_install() {
 	vlicense LICENSE

Re: bfs: update to 2.2.

[daniel-eys]

[-- Attachment #1: Type: text/plain, Size: 440 bytes --]

New comment by daniel-eys on void-packages repository

https://github.com/void-linux/void-packages/pull/29437#issuecomment-798670288

Comment:
From CI:
> error: These tests expect filesystem permissions to be enforced, and therefore
> will not work when run as root.

Tests passed on my x86_64.
I guess this is due to the ethereal chroot style of the CI containers.
Is there a way to have the teststage not run as root within CI?

Re: bfs: update to 2.2.

[tavianator]

[-- Attachment #1: Type: text/plain, Size: 373 bytes --]

New comment by tavianator on void-packages repository

https://github.com/void-linux/void-packages/pull/29437#issuecomment-804113595

Comment:
@daniel-eys Enough people have run into this that I added a workaround.  If you apply https://github.com/tavianator/bfs/commit/f2e6186ed0ce9b68362ad25d897f1e3c697728ec the tests will drop the appropriate privileges automatically.

Re: [PR PATCH] [Updated] bfs: update to 2.2.

[daniel-eys]

[-- Attachment #1: Type: text/plain, Size: 1559 bytes --]

There is an updated pull request by daniel-eys against master on the void-packages repository

https://github.com/daniel-eys/void-packages bfs
https://github.com/void-linux/void-packages/pull/29437

bfs: update to 2.2.
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!--
#### Does it build and run successfully?
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->

A patch file from https://github.com/void-linux/void-packages/pull/29437.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-bfs-29437.patch --]
[-- Type: text/x-diff, Size: 4170 bytes --]

From 78e9efb8ca1e074d3c09930866d291c2e5be5864 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ey=C3=9Fer?= <daniel.eysser@gmail.com>
Date: Sat, 13 Mar 2021 17:39:19 +0100
Subject: [PATCH] bfs: update to 2.2.

---
 ...pabilities-when-run-as-root-on-Linux.patch | 90 +++++++++++++++++++
 srcpkgs/bfs/template                          |  4 +-
 2 files changed, 92 insertions(+), 2 deletions(-)
 create mode 100644 srcpkgs/bfs/patches/tests-Drop-capabilities-when-run-as-root-on-Linux.patch

diff --git a/srcpkgs/bfs/patches/tests-Drop-capabilities-when-run-as-root-on-Linux.patch b/srcpkgs/bfs/patches/tests-Drop-capabilities-when-run-as-root-on-Linux.patch
new file mode 100644
index 000000000000..a2e54c397f8b
--- /dev/null
+++ b/srcpkgs/bfs/patches/tests-Drop-capabilities-when-run-as-root-on-Linux.patch
@@ -0,0 +1,90 @@
+From f2e6186ed0ce9b68362ad25d897f1e3c697728ec Mon Sep 17 00:00:00 2001
+From: Tavian Barnes <tavianator@tavianator.com>
+Date: Sun, 21 Mar 2021 13:18:43 -0400
+Subject: [PATCH] tests: Drop capabilities when run as root on Linux
+
+bfs's tests rely on file permissions being enforced, which leads them to
+work incorrectly when run as root.  This is probably the most common
+packaging issue for bfs, most recently seen with Void Linux's update to
+bfs 2.2.
+
+Make it easier on packagers by using capsh, if it's available, to drop
+the DAC privileges for the tests.
+
+Link: https://github.com/void-linux/void-packages/pull/29437#issuecomment-798670288
+Link: https://salsa.debian.org/lamby/pkg-bfs/-/commit/b173efb35da126adb39b0984219d6a2fd9ff428f
+---
+ tests.sh | 35 +++++++++++++++++++++++++++++------
+ 1 file changed, 29 insertions(+), 6 deletions(-)
+
+diff --git tests.sh tests.sh
+index b039eea..0bdd1d4 100755
+--- tests.sh
++++ tests.sh
+@@ -34,10 +34,25 @@ if [ -t 1 ]; then
+     RST="$(printf '\033[0m')"
+ fi
+ 
+-if [ "$EUID" -eq 0 ]; then
++if command -v capsh &>/dev/null; then
++    if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
++        cat >&2 <<EOF
++${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended.  Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
++${BLD}CAP_DAC_READ_SEARCH${RST}.
++
++EOF
++
++        exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
++    fi
++elif [ "$EUID" -eq 0 ]; then
++    UNLESS=
++    if [ "$(uname)" = "Linux" ]; then
++	UNLESS=" unless ${GRN}capsh${RST} is installed"
++    fi
++
+     cat >&2 <<EOF
+ ${RED}error:${RST} These tests expect filesystem permissions to be enforced, and therefore
+-will not work when run as ${BLD}$(id -un)${RST}.
++will not work when run as ${BLD}$(id -un)${RST}${UNLESS}.
+ EOF
+     exit 1
+ fi
+@@ -1209,11 +1224,15 @@ function test_gid() {
+ }
+ 
+ function test_gid_plus() {
+-    bfs_diff basic -gid +0
++    if [ "$(id -g)" -ne 0 ]; then
++	bfs_diff basic -gid +0
++    fi
+ }
+ 
+ function test_gid_plus_plus() {
+-    bfs_diff basic -gid +0
++    if [ "$(id -g)" -ne 0 ]; then
++	bfs_diff basic -gid ++0
++    fi
+ }
+ 
+ function test_gid_minus() {
+@@ -1229,11 +1248,15 @@ function test_uid() {
+ }
+ 
+ function test_uid_plus() {
+-    bfs_diff basic -uid +0
++    if [ "$(id -u)" -ne 0 ]; then
++	bfs_diff basic -uid +0
++    fi
+ }
+ 
+ function test_uid_plus_plus() {
+-    bfs_diff basic -uid ++0
++    if [ "$(id -u)" -ne 0 ]; then
++	bfs_diff basic -uid ++0
++    fi
+ }
+ 
+ function test_uid_minus() {
+-- 
+2.31.0
+
diff --git a/srcpkgs/bfs/template b/srcpkgs/bfs/template
index 68ccaff63a4c..36f5b99ac120 100644
--- a/srcpkgs/bfs/template
+++ b/srcpkgs/bfs/template
@@ -1,6 +1,6 @@
 # Template file for 'bfs'
 pkgname=bfs
-version=2.1
+version=2.2
 revision=1
 build_style=gnu-makefile
 makedepends="acl-devel libcap-devel"
@@ -11,7 +11,7 @@ license="0BSD"
 homepage="https://github.com/tavianator/bfs"
 changelog="https://raw.githubusercontent.com/tavianator/bfs/main/RELEASES.md"
 distfiles="https://github.com/tavianator/bfs/archive/${version}.tar.gz"
-checksum=be51966ca3bcc0167fb16c89f81fa37ee13c6326c616c31b87fd564a54bdc5f2
+checksum=09cff2033544cbaa31af2ad7d59347056a53c04ff7c469bb5904e575d3641053
 
 post_install() {
 	vlicense LICENSE

Re: [PR PATCH] [Updated] bfs: update to 2.2.

[daniel-eys]

[-- Attachment #1: Type: text/plain, Size: 1559 bytes --]

There is an updated pull request by daniel-eys against master on the void-packages repository

https://github.com/daniel-eys/void-packages bfs
https://github.com/void-linux/void-packages/pull/29437

bfs: update to 2.2.
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!--
#### Does it build and run successfully?
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->

A patch file from https://github.com/void-linux/void-packages/pull/29437.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-bfs-29437.patch --]
[-- Type: text/x-diff, Size: 4335 bytes --]

From b97ce7d3191951d2faa7ebd99ed7fc8814d1faa0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ey=C3=9Fer?= <daniel.eysser@gmail.com>
Date: Sat, 13 Mar 2021 17:39:19 +0100
Subject: [PATCH] bfs: update to 2.2.

---
 ...pabilities-when-run-as-root-on-Linux.patch | 90 +++++++++++++++++++
 srcpkgs/bfs/template                          |  6 +-
 2 files changed, 93 insertions(+), 3 deletions(-)
 create mode 100644 srcpkgs/bfs/patches/tests-Drop-capabilities-when-run-as-root-on-Linux.patch

diff --git a/srcpkgs/bfs/patches/tests-Drop-capabilities-when-run-as-root-on-Linux.patch b/srcpkgs/bfs/patches/tests-Drop-capabilities-when-run-as-root-on-Linux.patch
new file mode 100644
index 000000000000..a2e54c397f8b
--- /dev/null
+++ b/srcpkgs/bfs/patches/tests-Drop-capabilities-when-run-as-root-on-Linux.patch
@@ -0,0 +1,90 @@
+From f2e6186ed0ce9b68362ad25d897f1e3c697728ec Mon Sep 17 00:00:00 2001
+From: Tavian Barnes <tavianator@tavianator.com>
+Date: Sun, 21 Mar 2021 13:18:43 -0400
+Subject: [PATCH] tests: Drop capabilities when run as root on Linux
+
+bfs's tests rely on file permissions being enforced, which leads them to
+work incorrectly when run as root.  This is probably the most common
+packaging issue for bfs, most recently seen with Void Linux's update to
+bfs 2.2.
+
+Make it easier on packagers by using capsh, if it's available, to drop
+the DAC privileges for the tests.
+
+Link: https://github.com/void-linux/void-packages/pull/29437#issuecomment-798670288
+Link: https://salsa.debian.org/lamby/pkg-bfs/-/commit/b173efb35da126adb39b0984219d6a2fd9ff428f
+---
+ tests.sh | 35 +++++++++++++++++++++++++++++------
+ 1 file changed, 29 insertions(+), 6 deletions(-)
+
+diff --git tests.sh tests.sh
+index b039eea..0bdd1d4 100755
+--- tests.sh
++++ tests.sh
+@@ -34,10 +34,25 @@ if [ -t 1 ]; then
+     RST="$(printf '\033[0m')"
+ fi
+ 
+-if [ "$EUID" -eq 0 ]; then
++if command -v capsh &>/dev/null; then
++    if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
++        cat >&2 <<EOF
++${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended.  Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
++${BLD}CAP_DAC_READ_SEARCH${RST}.
++
++EOF
++
++        exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
++    fi
++elif [ "$EUID" -eq 0 ]; then
++    UNLESS=
++    if [ "$(uname)" = "Linux" ]; then
++	UNLESS=" unless ${GRN}capsh${RST} is installed"
++    fi
++
+     cat >&2 <<EOF
+ ${RED}error:${RST} These tests expect filesystem permissions to be enforced, and therefore
+-will not work when run as ${BLD}$(id -un)${RST}.
++will not work when run as ${BLD}$(id -un)${RST}${UNLESS}.
+ EOF
+     exit 1
+ fi
+@@ -1209,11 +1224,15 @@ function test_gid() {
+ }
+ 
+ function test_gid_plus() {
+-    bfs_diff basic -gid +0
++    if [ "$(id -g)" -ne 0 ]; then
++	bfs_diff basic -gid +0
++    fi
+ }
+ 
+ function test_gid_plus_plus() {
+-    bfs_diff basic -gid +0
++    if [ "$(id -g)" -ne 0 ]; then
++	bfs_diff basic -gid ++0
++    fi
+ }
+ 
+ function test_gid_minus() {
+@@ -1229,11 +1248,15 @@ function test_uid() {
+ }
+ 
+ function test_uid_plus() {
+-    bfs_diff basic -uid +0
++    if [ "$(id -u)" -ne 0 ]; then
++	bfs_diff basic -uid +0
++    fi
+ }
+ 
+ function test_uid_plus_plus() {
+-    bfs_diff basic -uid ++0
++    if [ "$(id -u)" -ne 0 ]; then
++	bfs_diff basic -uid ++0
++    fi
+ }
+ 
+ function test_uid_minus() {
+-- 
+2.31.0
+
diff --git a/srcpkgs/bfs/template b/srcpkgs/bfs/template
index 68ccaff63a4c..ebc526cec78f 100644
--- a/srcpkgs/bfs/template
+++ b/srcpkgs/bfs/template
@@ -1,17 +1,17 @@
 # Template file for 'bfs'
 pkgname=bfs
-version=2.1
+version=2.2
 revision=1
 build_style=gnu-makefile
 makedepends="acl-devel libcap-devel"
-checkdepends="acl-progs"
+checkdepends="acl-progs libcap-progs"
 short_desc="Breadth-first version of the UNIX find command"
 maintainer="Daniel Eyßer <daniel.eysser@gmail.com>"
 license="0BSD"
 homepage="https://github.com/tavianator/bfs"
 changelog="https://raw.githubusercontent.com/tavianator/bfs/main/RELEASES.md"
 distfiles="https://github.com/tavianator/bfs/archive/${version}.tar.gz"
-checksum=be51966ca3bcc0167fb16c89f81fa37ee13c6326c616c31b87fd564a54bdc5f2
+checksum=09cff2033544cbaa31af2ad7d59347056a53c04ff7c469bb5904e575d3641053
 
 post_install() {
 	vlicense LICENSE

Re: bfs: update to 2.2.

[tavianator]

[-- Attachment #1: Type: text/plain, Size: 741 bytes --]

New comment by tavianator on void-packages repository

https://github.com/void-linux/void-packages/pull/29437#issuecomment-804393224

Comment:
The builds seem to be in an infinite loop of trying and failing to drop capabilities.  I'm guessing this is because the tests don't have `CAP_SETPCAP`, and I overlooked that `capsh --drop` needs it:

```
       --drop=cap-list
              Remove the listed capabilities from the prevailing
              bounding set. The capabilities are a comma-separated list
              of capabilities as recognized by the cap_from_name(3)
              function. Use of this feature requires that capsh is
              operating with CAP_SETPCAP in its effective set.
```

I'll try to fix it.

Re: bfs: update to 2.2.

[tavianator]

[-- Attachment #1: Type: text/plain, Size: 408 bytes --]

New comment by tavianator on void-packages repository

https://github.com/void-linux/void-packages/pull/29437#issuecomment-804406845

Comment:
I'm actually not sure what's going on, I tried with CAP_SETPCAP dropped and got an error instead of an infinite loop.  But you can fold in https://github.com/tavianator/bfs/commit/dbc77fd3b6e48a17eb79f9ff3a5f810b7554bf6f in the meantime to avoid the infinite loop.

Re: [PR PATCH] [Updated] bfs: update to 2.2.

[daniel-eys]

[-- Attachment #1: Type: text/plain, Size: 1559 bytes --]

There is an updated pull request by daniel-eys against master on the void-packages repository

https://github.com/daniel-eys/void-packages bfs
https://github.com/void-linux/void-packages/pull/29437

bfs: update to 2.2.
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!--
#### Does it build and run successfully?
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->

A patch file from https://github.com/void-linux/void-packages/pull/29437.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-bfs-29437.patch --]
[-- Type: text/x-diff, Size: 6144 bytes --]

From c93585c021fdb2e5f5c25708bc93158abefe4282 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ey=C3=9Fer?= <daniel.eysser@gmail.com>
Date: Sat, 13 Mar 2021 17:39:19 +0100
Subject: [PATCH] bfs: update to 2.2.

---
 ...pabilities-when-run-as-root-on-Linux.patch | 90 +++++++++++++++++++
 ...ing-forever-when-failing-to-drop-cap.patch | 41 +++++++++
 srcpkgs/bfs/template                          |  6 +-
 3 files changed, 134 insertions(+), 3 deletions(-)
 create mode 100644 srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch
 create mode 100644 srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch

diff --git a/srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch b/srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch
new file mode 100644
index 000000000000..a2e54c397f8b
--- /dev/null
+++ b/srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch
@@ -0,0 +1,90 @@
+From f2e6186ed0ce9b68362ad25d897f1e3c697728ec Mon Sep 17 00:00:00 2001
+From: Tavian Barnes <tavianator@tavianator.com>
+Date: Sun, 21 Mar 2021 13:18:43 -0400
+Subject: [PATCH] tests: Drop capabilities when run as root on Linux
+
+bfs's tests rely on file permissions being enforced, which leads them to
+work incorrectly when run as root.  This is probably the most common
+packaging issue for bfs, most recently seen with Void Linux's update to
+bfs 2.2.
+
+Make it easier on packagers by using capsh, if it's available, to drop
+the DAC privileges for the tests.
+
+Link: https://github.com/void-linux/void-packages/pull/29437#issuecomment-798670288
+Link: https://salsa.debian.org/lamby/pkg-bfs/-/commit/b173efb35da126adb39b0984219d6a2fd9ff428f
+---
+ tests.sh | 35 +++++++++++++++++++++++++++++------
+ 1 file changed, 29 insertions(+), 6 deletions(-)
+
+diff --git tests.sh tests.sh
+index b039eea..0bdd1d4 100755
+--- tests.sh
++++ tests.sh
+@@ -34,10 +34,25 @@ if [ -t 1 ]; then
+     RST="$(printf '\033[0m')"
+ fi
+ 
+-if [ "$EUID" -eq 0 ]; then
++if command -v capsh &>/dev/null; then
++    if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
++        cat >&2 <<EOF
++${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended.  Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
++${BLD}CAP_DAC_READ_SEARCH${RST}.
++
++EOF
++
++        exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
++    fi
++elif [ "$EUID" -eq 0 ]; then
++    UNLESS=
++    if [ "$(uname)" = "Linux" ]; then
++	UNLESS=" unless ${GRN}capsh${RST} is installed"
++    fi
++
+     cat >&2 <<EOF
+ ${RED}error:${RST} These tests expect filesystem permissions to be enforced, and therefore
+-will not work when run as ${BLD}$(id -un)${RST}.
++will not work when run as ${BLD}$(id -un)${RST}${UNLESS}.
+ EOF
+     exit 1
+ fi
+@@ -1209,11 +1224,15 @@ function test_gid() {
+ }
+ 
+ function test_gid_plus() {
+-    bfs_diff basic -gid +0
++    if [ "$(id -g)" -ne 0 ]; then
++	bfs_diff basic -gid +0
++    fi
+ }
+ 
+ function test_gid_plus_plus() {
+-    bfs_diff basic -gid +0
++    if [ "$(id -g)" -ne 0 ]; then
++	bfs_diff basic -gid ++0
++    fi
+ }
+ 
+ function test_gid_minus() {
+@@ -1229,11 +1248,15 @@ function test_uid() {
+ }
+ 
+ function test_uid_plus() {
+-    bfs_diff basic -uid +0
++    if [ "$(id -u)" -ne 0 ]; then
++	bfs_diff basic -uid +0
++    fi
+ }
+ 
+ function test_uid_plus_plus() {
+-    bfs_diff basic -uid ++0
++    if [ "$(id -u)" -ne 0 ]; then
++	bfs_diff basic -uid ++0
++    fi
+ }
+ 
+ function test_uid_minus() {
+-- 
+2.31.0
+
diff --git a/srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch b/srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch
new file mode 100644
index 000000000000..5e951faea29c
--- /dev/null
+++ b/srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch
@@ -0,0 +1,41 @@
+From dbc77fd3b6e48a17eb79f9ff3a5f810b7554bf6f Mon Sep 17 00:00:00 2001
+From: Tavian Barnes <tavianator@tavianator.com>
+Date: Mon, 22 Mar 2021 17:19:31 -0400
+Subject: [PATCH] tests: Avoid looping forever when failing to drop
+ capabilities
+
+Link: https://github.com/void-linux/void-packages/pull/29437/checks?check_run_id=2169825021
+---
+ tests.sh | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git tests.sh tests.sh
+index 0bdd1d4..ad71894 100755
+--- tests.sh
++++ tests.sh
+@@ -36,13 +36,21 @@ fi
+ 
+ if command -v capsh &>/dev/null; then
+     if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
++	if [ -n "$BFS_TRIED_DROP" ]; then
++            cat >&2 <<EOF
++${RED}error: ${RST} Failed to drop capabilities.
++EOF
++
++	    exit 1
++	fi
++
+         cat >&2 <<EOF
+ ${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended.  Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
+ ${BLD}CAP_DAC_READ_SEARCH${RST}.
+ 
+ EOF
+ 
+-        exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
++        BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
+     fi
+ elif [ "$EUID" -eq 0 ]; then
+     UNLESS=
+-- 
+2.31.0
+
diff --git a/srcpkgs/bfs/template b/srcpkgs/bfs/template
index 68ccaff63a4c..ebc526cec78f 100644
--- a/srcpkgs/bfs/template
+++ b/srcpkgs/bfs/template
@@ -1,17 +1,17 @@
 # Template file for 'bfs'
 pkgname=bfs
-version=2.1
+version=2.2
 revision=1
 build_style=gnu-makefile
 makedepends="acl-devel libcap-devel"
-checkdepends="acl-progs"
+checkdepends="acl-progs libcap-progs"
 short_desc="Breadth-first version of the UNIX find command"
 maintainer="Daniel Eyßer <daniel.eysser@gmail.com>"
 license="0BSD"
 homepage="https://github.com/tavianator/bfs"
 changelog="https://raw.githubusercontent.com/tavianator/bfs/main/RELEASES.md"
 distfiles="https://github.com/tavianator/bfs/archive/${version}.tar.gz"
-checksum=be51966ca3bcc0167fb16c89f81fa37ee13c6326c616c31b87fd564a54bdc5f2
+checksum=09cff2033544cbaa31af2ad7d59347056a53c04ff7c469bb5904e575d3641053
 
 post_install() {
 	vlicense LICENSE

Re: bfs: update to 2.2.

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 199 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/29437#issuecomment-804429350

Comment:
@tavianator perhaps `setpriv` behaves better than `capsh`?

Re: bfs: update to 2.2.

[tavianator]

[-- Attachment #1: Type: text/plain, Size: 585 bytes --]

New comment by tavianator on void-packages repository

https://github.com/void-linux/void-packages/pull/29437#issuecomment-804981189

Comment:
I think I figured out what's happening.  The build is happening in a user namespace.  `capsh --drop` silently fails there, which seems like a bug.

`setpriv` seems to do something, but it works a little too well:

```
# setpriv --inh-caps=-dac_override,-dac_read_search --bounding-set=-dac_override,-dac_read_search -- cat foo
cat: error while loading shared libraries: libc.so.6: cannot open shared object file: Permission denied
```

Re: bfs: update to 2.2.

[tavianator]

[-- Attachment #1: Type: text/plain, Size: 637 bytes --]

New comment by tavianator on void-packages repository

https://github.com/void-linux/void-packages/pull/29437#issuecomment-805003949

Comment:
Actually `setpriv` works fine, I just had the wrong ownership of `/` in my container.  But I got `capsh` working too, thanks to this hint from the `setpriv` manpage:

```
              If you drop a capability from the bounding set without
              also dropping it from the inheritable set, you are likely
              to become confused.  Do not do that.
```

It seems like CAP_DAC_{OVERRIDE,READ_SEARCH} are inheritable in a container, so I have to remove them.  Patch coming.

Re: bfs: update to 2.2.

[tavianator]

[-- Attachment #1: Type: text/plain, Size: 345 bytes --]

New comment by tavianator on void-packages repository

https://github.com/void-linux/void-packages/pull/29437#issuecomment-805014448

Comment:
https://github.com/tavianator/bfs/commit/d36ece2ca7498b7ba5485d5010439b57f006c9c8 fixes the tests for me in a `systemd-nspawn -U` container, which I think is similar to the `xbps-uunshare` environment.

Re: bfs: update to 2.2.

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 181 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/29437#issuecomment-812808051

Comment:
@tavianator thanks!

@daniel-eys ping?

Re: [PR PATCH] [Updated] bfs: update to 2.2.

[daniel-eys]

[-- Attachment #1: Type: text/plain, Size: 1559 bytes --]

There is an updated pull request by daniel-eys against master on the void-packages repository

https://github.com/daniel-eys/void-packages bfs
https://github.com/void-linux/void-packages/pull/29437

bfs: update to 2.2.
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!--
#### Does it build and run successfully?
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->

A patch file from https://github.com/void-linux/void-packages/pull/29437.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-bfs-29437.patch --]
[-- Type: text/x-diff, Size: 8279 bytes --]

From 92b64f00ca9ad519dcf9132e3ae9c4fec37577d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ey=C3=9Fer?= <daniel.eysser@gmail.com>
Date: Sat, 13 Mar 2021 17:39:19 +0100
Subject: [PATCH] bfs: update to 2.2.

---
 ...pabilities-when-run-as-root-on-Linux.patch | 90 +++++++++++++++++++
 ...ing-forever-when-failing-to-drop-cap.patch | 41 +++++++++
 ...emove-capabilities-after-dropping-th.patch | 47 ++++++++++
 srcpkgs/bfs/template                          |  6 +-
 4 files changed, 181 insertions(+), 3 deletions(-)
 create mode 100644 srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch
 create mode 100644 srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch
 create mode 100644 srcpkgs/bfs/patches/0003-tests-Actually-remove-capabilities-after-dropping-th.patch

diff --git a/srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch b/srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch
new file mode 100644
index 000000000000..a2e54c397f8b
--- /dev/null
+++ b/srcpkgs/bfs/patches/0001-tests-Drop-capabilities-when-run-as-root-on-Linux.patch
@@ -0,0 +1,90 @@
+From f2e6186ed0ce9b68362ad25d897f1e3c697728ec Mon Sep 17 00:00:00 2001
+From: Tavian Barnes <tavianator@tavianator.com>
+Date: Sun, 21 Mar 2021 13:18:43 -0400
+Subject: [PATCH] tests: Drop capabilities when run as root on Linux
+
+bfs's tests rely on file permissions being enforced, which leads them to
+work incorrectly when run as root.  This is probably the most common
+packaging issue for bfs, most recently seen with Void Linux's update to
+bfs 2.2.
+
+Make it easier on packagers by using capsh, if it's available, to drop
+the DAC privileges for the tests.
+
+Link: https://github.com/void-linux/void-packages/pull/29437#issuecomment-798670288
+Link: https://salsa.debian.org/lamby/pkg-bfs/-/commit/b173efb35da126adb39b0984219d6a2fd9ff428f
+---
+ tests.sh | 35 +++++++++++++++++++++++++++++------
+ 1 file changed, 29 insertions(+), 6 deletions(-)
+
+diff --git tests.sh tests.sh
+index b039eea..0bdd1d4 100755
+--- tests.sh
++++ tests.sh
+@@ -34,10 +34,25 @@ if [ -t 1 ]; then
+     RST="$(printf '\033[0m')"
+ fi
+ 
+-if [ "$EUID" -eq 0 ]; then
++if command -v capsh &>/dev/null; then
++    if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
++        cat >&2 <<EOF
++${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended.  Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
++${BLD}CAP_DAC_READ_SEARCH${RST}.
++
++EOF
++
++        exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
++    fi
++elif [ "$EUID" -eq 0 ]; then
++    UNLESS=
++    if [ "$(uname)" = "Linux" ]; then
++	UNLESS=" unless ${GRN}capsh${RST} is installed"
++    fi
++
+     cat >&2 <<EOF
+ ${RED}error:${RST} These tests expect filesystem permissions to be enforced, and therefore
+-will not work when run as ${BLD}$(id -un)${RST}.
++will not work when run as ${BLD}$(id -un)${RST}${UNLESS}.
+ EOF
+     exit 1
+ fi
+@@ -1209,11 +1224,15 @@ function test_gid() {
+ }
+ 
+ function test_gid_plus() {
+-    bfs_diff basic -gid +0
++    if [ "$(id -g)" -ne 0 ]; then
++	bfs_diff basic -gid +0
++    fi
+ }
+ 
+ function test_gid_plus_plus() {
+-    bfs_diff basic -gid +0
++    if [ "$(id -g)" -ne 0 ]; then
++	bfs_diff basic -gid ++0
++    fi
+ }
+ 
+ function test_gid_minus() {
+@@ -1229,11 +1248,15 @@ function test_uid() {
+ }
+ 
+ function test_uid_plus() {
+-    bfs_diff basic -uid +0
++    if [ "$(id -u)" -ne 0 ]; then
++	bfs_diff basic -uid +0
++    fi
+ }
+ 
+ function test_uid_plus_plus() {
+-    bfs_diff basic -uid ++0
++    if [ "$(id -u)" -ne 0 ]; then
++	bfs_diff basic -uid ++0
++    fi
+ }
+ 
+ function test_uid_minus() {
+-- 
+2.31.0
+
diff --git a/srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch b/srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch
new file mode 100644
index 000000000000..5e951faea29c
--- /dev/null
+++ b/srcpkgs/bfs/patches/0002-tests-Avoid-looping-forever-when-failing-to-drop-cap.patch
@@ -0,0 +1,41 @@
+From dbc77fd3b6e48a17eb79f9ff3a5f810b7554bf6f Mon Sep 17 00:00:00 2001
+From: Tavian Barnes <tavianator@tavianator.com>
+Date: Mon, 22 Mar 2021 17:19:31 -0400
+Subject: [PATCH] tests: Avoid looping forever when failing to drop
+ capabilities
+
+Link: https://github.com/void-linux/void-packages/pull/29437/checks?check_run_id=2169825021
+---
+ tests.sh | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git tests.sh tests.sh
+index 0bdd1d4..ad71894 100755
+--- tests.sh
++++ tests.sh
+@@ -36,13 +36,21 @@ fi
+ 
+ if command -v capsh &>/dev/null; then
+     if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
++	if [ -n "$BFS_TRIED_DROP" ]; then
++            cat >&2 <<EOF
++${RED}error: ${RST} Failed to drop capabilities.
++EOF
++
++	    exit 1
++	fi
++
+         cat >&2 <<EOF
+ ${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended.  Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
+ ${BLD}CAP_DAC_READ_SEARCH${RST}.
+ 
+ EOF
+ 
+-        exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
++        BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
+     fi
+ elif [ "$EUID" -eq 0 ]; then
+     UNLESS=
+-- 
+2.31.0
+
diff --git a/srcpkgs/bfs/patches/0003-tests-Actually-remove-capabilities-after-dropping-th.patch b/srcpkgs/bfs/patches/0003-tests-Actually-remove-capabilities-after-dropping-th.patch
new file mode 100644
index 000000000000..acf3d32f9113
--- /dev/null
+++ b/srcpkgs/bfs/patches/0003-tests-Actually-remove-capabilities-after-dropping-th.patch
@@ -0,0 +1,47 @@
+From d36ece2ca7498b7ba5485d5010439b57f006c9c8 Mon Sep 17 00:00:00 2001
+From: Tavian Barnes <tavianator@tavianator.com>
+Date: Tue, 23 Mar 2021 11:46:26 -0400
+Subject: [PATCH] tests: Actually remove capabilities after dropping them
+
+---
+ tests.sh | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git tests.sh tests.sh
+index ad71894..8eb4dc0 100755
+--- tests.sh
++++ tests.sh
+@@ -35,22 +35,25 @@ if [ -t 1 ]; then
+ fi
+ 
+ if command -v capsh &>/dev/null; then
+-    if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
++    if capsh --has-p=cap_dac_override &>/dev/null || capsh --has-p=cap_dac_read_search &>/dev/null; then
+ 	if [ -n "$BFS_TRIED_DROP" ]; then
+             cat >&2 <<EOF
+-${RED}error: ${RST} Failed to drop capabilities.
++${RED}error:${RST} Failed to drop capabilities.
+ EOF
+ 
+ 	    exit 1
+ 	fi
+ 
+         cat >&2 <<EOF
+-${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended.  Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
+-${BLD}CAP_DAC_READ_SEARCH${RST}.
++${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended.  Dropping ${BLD}cap_dac_override${RST} and
++${BLD}cap_dac_read_search${RST}.
+ 
+ EOF
+ 
+-        BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
++        BFS_TRIED_DROP=y exec capsh \
++            --drop=cap_dac_override,cap_dac_read_search \
++            --caps=cap_dac_override,cap_dac_read_search-eip \
++            -- "$0" "$@"
+     fi
+ elif [ "$EUID" -eq 0 ]; then
+     UNLESS=
+-- 
+2.31.1
+
diff --git a/srcpkgs/bfs/template b/srcpkgs/bfs/template
index 68ccaff63a4c..ebc526cec78f 100644
--- a/srcpkgs/bfs/template
+++ b/srcpkgs/bfs/template
@@ -1,17 +1,17 @@
 # Template file for 'bfs'
 pkgname=bfs
-version=2.1
+version=2.2
 revision=1
 build_style=gnu-makefile
 makedepends="acl-devel libcap-devel"
-checkdepends="acl-progs"
+checkdepends="acl-progs libcap-progs"
 short_desc="Breadth-first version of the UNIX find command"
 maintainer="Daniel Eyßer <daniel.eysser@gmail.com>"
 license="0BSD"
 homepage="https://github.com/tavianator/bfs"
 changelog="https://raw.githubusercontent.com/tavianator/bfs/main/RELEASES.md"
 distfiles="https://github.com/tavianator/bfs/archive/${version}.tar.gz"
-checksum=be51966ca3bcc0167fb16c89f81fa37ee13c6326c616c31b87fd564a54bdc5f2
+checksum=09cff2033544cbaa31af2ad7d59347056a53c04ff7c469bb5904e575d3641053
 
 post_install() {
 	vlicense LICENSE

Re: bfs: update to 2.2.

[daniel-eys]

[-- Attachment #1: Type: text/plain, Size: 202 bytes --]

New comment by daniel-eys on void-packages repository

https://github.com/void-linux/void-packages/pull/29437#issuecomment-812839907

Comment:
I included the patch. Let's see what ci thinks about that.

Re: [PR PATCH] [Merged]: bfs: update to 2.2.

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 1401 bytes --]

There's a merged pull request on the void-packages repository

bfs: update to 2.2.
https://github.com/void-linux/void-packages/pull/29437

Description:
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [x] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!--
#### Does it build and run successfully?
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->