* [PR PATCH] lxc: setuid binary
@ 2022-08-16 20:30 CameronNemo
2022-08-17 3:30 ` eli-schwartz
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: CameronNemo @ 2022-08-16 20:30 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1281 bytes --]
There is a new pull request by CameronNemo against master on the void-packages repository
https://github.com/CameronNemo/void-packages lxc5-fix-setuid
https://github.com/void-linux/void-packages/pull/38726
lxc: setuid binary
Switch to meson had a small casualty.
Closes #38682
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **briefly**
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/38726.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-lxc5-fix-setuid-38726.patch --]
[-- Type: text/x-diff, Size: 1067 bytes --]
From 39aa018af4afefc038fe820a68afe03c61e6ca81 Mon Sep 17 00:00:00 2001
From: Cameron Nemo <cnemo@tutanota.com>
Date: Tue, 16 Aug 2022 13:22:50 -0700
Subject: [PATCH] lxc: setuid binary
Switch to meson had a small casualty.
Closes #38682
---
srcpkgs/lxc/INSTALL | 7 +++++++
srcpkgs/lxc/template | 2 +-
2 files changed, 8 insertions(+), 1 deletion(-)
create mode 100644 srcpkgs/lxc/INSTALL
diff --git a/srcpkgs/lxc/INSTALL b/srcpkgs/lxc/INSTALL
new file mode 100644
index 000000000000..7a16701bf963
--- /dev/null
+++ b/srcpkgs/lxc/INSTALL
@@ -0,0 +1,7 @@
+# INSTALL
+case "$ACTION" in
+post)
+ chown root:root usr/libexec/lxc/lxc-user-nic
+ chmod 4755 usr/libexec/lxc/lxc-user-nic
+ ;;
+esac
diff --git a/srcpkgs/lxc/template b/srcpkgs/lxc/template
index 6b29d3e041fa..39d2451e3377 100644
--- a/srcpkgs/lxc/template
+++ b/srcpkgs/lxc/template
@@ -1,7 +1,7 @@
# Template file for 'lxc'
pkgname=lxc
version=5.0.1
-revision=1
+revision=2
build_style=meson
configure_args="-Dpam-cgroup=true -Drootfs-mount-path=/var/lxc/containers
-Ddistrosysconfdir=default
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: lxc: setuid binary
2022-08-16 20:30 [PR PATCH] lxc: setuid binary CameronNemo
@ 2022-08-17 3:30 ` eli-schwartz
2022-08-17 3:50 ` [PR PATCH] [Updated] " CameronNemo
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: eli-schwartz @ 2022-08-17 3:30 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 289 bytes --]
New comment by eli-schwartz on void-packages repository
https://github.com/void-linux/void-packages/pull/38726#issuecomment-1217418217
Comment:
As mentioned in the linked issue, I believe this is a Meson bug and have PRed a patch to fix it that does not require running INSTALL scripts.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PR PATCH] [Updated] lxc: setuid binary
2022-08-16 20:30 [PR PATCH] lxc: setuid binary CameronNemo
2022-08-17 3:30 ` eli-schwartz
@ 2022-08-17 3:50 ` CameronNemo
2022-08-17 3:53 ` backport meson patch to set lxc-user-nic suid bit CameronNemo
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: CameronNemo @ 2022-08-17 3:50 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1309 bytes --]
There is an updated pull request by CameronNemo against master on the void-packages repository
https://github.com/CameronNemo/void-packages lxc5-fix-setuid
https://github.com/void-linux/void-packages/pull/38726
lxc: setuid binary
Switch to meson had a small casualty.
Closes #38682
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES**
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/38726.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-lxc5-fix-setuid-38726.patch --]
[-- Type: text/x-diff, Size: 9188 bytes --]
From f61872825bb3872d02d3c45bce980188d55d6020 Mon Sep 17 00:00:00 2001
From: Cameron Nemo <cnemo@tutanota.com>
Date: Tue, 16 Aug 2022 20:48:46 -0700
Subject: [PATCH 1/2] meson: backport patch to fix setuid
https://github.com/mesonbuild/meson/pull/10702
---
srcpkgs/meson/patches/10702.patch | 59 +++++++++++++++++++++++++++++++
srcpkgs/meson/template | 2 +-
2 files changed, 60 insertions(+), 1 deletion(-)
create mode 100644 srcpkgs/meson/patches/10702.patch
diff --git a/srcpkgs/meson/patches/10702.patch b/srcpkgs/meson/patches/10702.patch
new file mode 100644
index 000000000000..7ab15ebbc007
--- /dev/null
+++ b/srcpkgs/meson/patches/10702.patch
@@ -0,0 +1,59 @@
+From 869b95d0c2a854d73db0fceb7d0dbee9dc88cf46 Mon Sep 17 00:00:00 2001
+From: Eli Schwartz <eschwartz@archlinux.org>
+Date: Tue, 16 Aug 2022 22:42:53 -0400
+Subject: [PATCH] minstall: do not trample install_mode by rpath fixer
+
+install_mode can include the setuid bit, which has the special property
+(mentioned in the set_mode logic for minstall itself) of needing to come
+last, because it "will get wiped by chmod" (or at least chown).
+
+In fact, it's not just chown that wipes setuid, but other changes as
+well, such as the file contents. This is not an issue for install_data /
+custom_target, but for compiled outputs, we run depfixer to handle
+rpaths. This may or may not cause edits to the binary, depending on
+whether we have a build rpath to wipe, or an install rpath to add. (We
+also may run `strip`, but that external program already has its own mode
+restoration logic.)
+
+Fix this by switching the order of operations around, so that setting
+the permissions happens last.
+
+Fixes https://github.com/void-linux/void-packages/issues/38682
+---
+ mesonbuild/minstall.py | 3 ++-
+ test cases/common/190 install_mode/meson.build | 1 +
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/mesonbuild/minstall.py b/mesonbuild/minstall.py
+index 551f909c80d..a810ccbbd40 100644
+--- a/mesonbuild/minstall.py
++++ b/mesonbuild/minstall.py
+@@ -693,7 +693,6 @@ def install_targets(self, d: InstallData, dm: DirMaker, destdir: str, fullprefix
+ raise MesonException(f'File {fname!r} could not be found')
+ elif os.path.isfile(fname):
+ file_copied = self.do_copyfile(fname, outname, makedirs=(dm, outdir))
+- self.set_mode(outname, install_mode, d.install_umask)
+ if should_strip and d.strip_bin is not None:
+ if fname.endswith('.jar'):
+ self.log('Not stripping jar target: {}'.format(os.path.basename(fname)))
+@@ -723,6 +722,8 @@ def install_targets(self, d: InstallData, dm: DirMaker, destdir: str, fullprefix
+ pass
+ else:
+ raise
++ # file mode needs to be set last, after strip/depfixer editing
++ self.set_mode(outname, install_mode, d.install_umask)
+
+ def rebuild_all(wd: str) -> bool:
+ if not (Path(wd) / 'build.ninja').is_file():
+diff --git a/test cases/common/190 install_mode/meson.build b/test cases/common/190 install_mode/meson.build
+index cae1e91aba3..e877ba75757 100644
+--- a/test cases/common/190 install_mode/meson.build
++++ b/test cases/common/190 install_mode/meson.build
+@@ -51,6 +51,7 @@ install_man('foo.1',
+ executable('trivialprog',
+ sources : 'trivial.c',
+ install : true,
++ build_rpath: meson.current_build_dir(),
+ install_mode : ['rwxr-sr-x', 'root', 'root'])
+
+ # test install_mode in static_library
diff --git a/srcpkgs/meson/template b/srcpkgs/meson/template
index d4c6c4d29670..d3243fe16052 100644
--- a/srcpkgs/meson/template
+++ b/srcpkgs/meson/template
@@ -1,7 +1,7 @@
# Template file for 'meson'
pkgname=meson
version=0.62.2
-revision=1
+revision=2
build_style=python3-module
hostmakedepends="python3-devel python3-setuptools"
depends="ninja python3-setuptools"
From f63dd0cb27d29b7787db9974ad253b0bec2afbe0 Mon Sep 17 00:00:00 2001
From: Cameron Nemo <cnemo@tutanota.com>
Date: Tue, 16 Aug 2022 13:22:50 -0700
Subject: [PATCH 2/2] lxc: set lxc-user-nic suid bit
Switch to meson had a small casualty.
Rebuild with patched meson.
Also simplify the docbook2x patch.
Closes #38682
---
srcpkgs/lxc/patches/01-meson-docbook2x.patch | 66 +++++++++-----------
srcpkgs/lxc/template | 4 +-
2 files changed, 33 insertions(+), 37 deletions(-)
diff --git a/srcpkgs/lxc/patches/01-meson-docbook2x.patch b/srcpkgs/lxc/patches/01-meson-docbook2x.patch
index f21d8ba34b2b..da7ddeb61596 100644
--- a/srcpkgs/lxc/patches/01-meson-docbook2x.patch
+++ b/srcpkgs/lxc/patches/01-meson-docbook2x.patch
@@ -1,49 +1,45 @@
-commit d91b4a300017bdcfbea8d013f05369ebba9a3d1e
+commit 06f99c2599db8140bd839532caa8f6ee0d1c3ff6
Author: Cameron Nemo <cam@nohom.org>
-Date: Sun Aug 7 11:10:31 2022 -0700
+Date: Tue Aug 16 20:30:39 2022 -0700
- meson: add option to force docbook2x format
+ meson: fix docbook2x detection
- Some distros ship docbook2x as docbook2man, which perplexes the logic in
- the meson.build that chooses the "docdtd" value.
-
- Add a build option to always use the newer docbook2x docdtd value.
+ docbook2man can sometimes be docbook2x and other times be docbook-utils.
+ Rather than compare paths, use version constraints to detect version.
Signed-off-by: Cameron Nemo <cam@nohom.org>
diff --git a/meson.build b/meson.build
-index a145faf06..9c0e6e488 100644
+index 666824c5a..2b160d4ac 100644
--- a/meson.build
+++ b/meson.build
-@@ -135,6 +135,7 @@ cgrouppattern = get_option('cgroup-pattern')
- coverity = get_option('coverity-build')
- init_script = get_option('init-script')
- sanitize = get_option('b_sanitize')
-+docbook2x_only = get_option('docbook2x-only')
- want_examples = get_option('examples')
- want_io_uring = get_option('io-uring-event-loop')
- want_pam_cgroup = get_option('pam-cgroup')
-@@ -337,7 +338,7 @@ docconf.set('LXCTEMPLATEDIR', lxctemplatedir)
+@@ -324,9 +324,6 @@ endif
+ generate_date = run_command(date, '--utc', '--date=@' + time_epoch, '+%Y-%m-%d', check: true).stdout().strip()
+
+ ## Manpages.
+-sgml2man = find_program('docbook2X2man', 'docbook2x-man', 'db2x_docbook2man', 'docbook2man', 'docbook-to-man', required: want_mans)
+-docbook2man = find_program('docbook2man', required: false)
+-
+ docconf = configuration_data()
+ docconf.set('builddir', '.')
+ docconf.set('BINDIR', bindir)
+@@ -341,10 +338,15 @@ docconf.set('LXCTEMPLATEDIR', lxctemplatedir)
docconf.set('LXC_USERNIC_CONF', lxc_user_network_conf)
docconf.set('LXC_USERNIC_DB', lxc_user_network_db)
docconf.set('PACKAGE_VERSION', version_data.get('LXC_VERSION'))
-if sgml2man.found() and docbook2man.found() and sgml2man.full_path() == docbook2man.full_path()
-+if sgml2man.found() and docbook2man.found() and sgml2man.full_path() == docbook2man.full_path() and not docbook2x_only
- docconf.set('docdtd', '"-//Davenport//DTD DocBook V3.0//EN"')
- else
- docconf.set('docdtd', '"-//OASIS//DTD DocBook XML" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"')
-diff --git a/meson_options.txt b/meson_options.txt
-index c14dacf27..ccc4dde5d 100644
---- a/meson_options.txt
-+++ b/meson_options.txt
-@@ -9,6 +9,10 @@ option('cgroup-pattern', type: 'string', value: '',
- option('coverity-build', type: 'boolean', value: 'true',
- description: 'build for coverity')
+- docconf.set('docdtd', '"-//Davenport//DTD DocBook V3.0//EN"')
+-else
+- docconf.set('docdtd', '"-//OASIS//DTD DocBook XML" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"')
++docconf.set('docdtd', '"-//OASIS//DTD DocBook XML" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"')
++sgml2man = find_program('docbook2X2man', 'docbook2x-man', 'db2x_docbook2man', 'docbook2man', 'docbook-to-man', required: false, version: '>=0.8')
++if not sgml2man.found()
++ sgml2man = find_program('docbook2man', required: false, version: '<0.8')
++ if sgml2man.found()
++ docconf.set('docdtd', '"-//Davenport//DTD DocBook V3.0//EN"')
++ elif want_mans
++ error('missing required docbook2x or docbook-utils dependency')
++ endif
+ endif
-+# no configure equivalent
-+option('docbook2x-only', type: 'boolean', value: 'false',
-+ description: 'always use DocBook 2x format')
-+
- # was --{disable,enable}-examples in autotools
- option('examples', type: 'boolean', value: 'true',
- description: 'build and install examples')
+ ## Threads.
diff --git a/srcpkgs/lxc/template b/srcpkgs/lxc/template
index 6b29d3e041fa..f14e8bea9637 100644
--- a/srcpkgs/lxc/template
+++ b/srcpkgs/lxc/template
@@ -1,11 +1,11 @@
# Template file for 'lxc'
pkgname=lxc
version=5.0.1
-revision=1
+revision=2
build_style=meson
configure_args="-Dpam-cgroup=true -Drootfs-mount-path=/var/lxc/containers
-Ddistrosysconfdir=default
- -Dlog-path=/var/lxc/log -Dinit-script=[] -Ddocbook2x-only=true"
+ -Dlog-path=/var/lxc/log -Dinit-script=[]"
hostmakedepends="pkg-config docbook2x"
makedepends="libcap-devel libseccomp-devel openssl-devel libapparmor-devel
pam-devel"
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: backport meson patch to set lxc-user-nic suid bit
2022-08-16 20:30 [PR PATCH] lxc: setuid binary CameronNemo
2022-08-17 3:30 ` eli-schwartz
2022-08-17 3:50 ` [PR PATCH] [Updated] " CameronNemo
@ 2022-08-17 3:53 ` CameronNemo
2022-08-17 8:08 ` paper42
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: CameronNemo @ 2022-08-17 3:53 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 260 bytes --]
New comment by CameronNemo on void-packages repository
https://github.com/void-linux/void-packages/pull/38726#issuecomment-1217431176
Comment:
I have re-built LXC using meson with the patch and verified that the packaged lxc-user-nic has the setuid bit set.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: backport meson patch to set lxc-user-nic suid bit
2022-08-16 20:30 [PR PATCH] lxc: setuid binary CameronNemo
` (2 preceding siblings ...)
2022-08-17 3:53 ` backport meson patch to set lxc-user-nic suid bit CameronNemo
@ 2022-08-17 8:08 ` paper42
2022-08-17 14:29 ` [PR PATCH] [Updated] " CameronNemo
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: paper42 @ 2022-08-17 8:08 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 212 bytes --]
New comment by paper42 on void-packages repository
https://github.com/void-linux/void-packages/pull/38726#issuecomment-1217658097
Comment:
Could you mention simplifying the docbook patch in the commit message?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PR PATCH] [Updated] backport meson patch to set lxc-user-nic suid bit
2022-08-16 20:30 [PR PATCH] lxc: setuid binary CameronNemo
` (3 preceding siblings ...)
2022-08-17 8:08 ` paper42
@ 2022-08-17 14:29 ` CameronNemo
2022-08-17 14:29 ` CameronNemo
2022-08-17 14:31 ` [PR PATCH] [Merged]: " paper42
6 siblings, 0 replies; 8+ messages in thread
From: CameronNemo @ 2022-08-17 14:29 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1493 bytes --]
There is an updated pull request by CameronNemo against master on the void-packages repository
https://github.com/CameronNemo/void-packages lxc5-fix-setuid
https://github.com/void-linux/void-packages/pull/38726
backport meson patch to set lxc-user-nic suid bit
Switch to meson had a small casualty.
Rebuild with patched meson.
Also simplify the docbook2x patch.
https://github.com/mesonbuild/meson/pull/10702
https://github.com/lxc/lxc/pull/4177
Closes #38682
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES**
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/38726.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-lxc5-fix-setuid-38726.patch --]
[-- Type: text/x-diff, Size: 9249 bytes --]
From f61872825bb3872d02d3c45bce980188d55d6020 Mon Sep 17 00:00:00 2001
From: Cameron Nemo <cnemo@tutanota.com>
Date: Tue, 16 Aug 2022 20:48:46 -0700
Subject: [PATCH 1/2] meson: backport patch to fix setuid
https://github.com/mesonbuild/meson/pull/10702
---
srcpkgs/meson/patches/10702.patch | 59 +++++++++++++++++++++++++++++++
srcpkgs/meson/template | 2 +-
2 files changed, 60 insertions(+), 1 deletion(-)
create mode 100644 srcpkgs/meson/patches/10702.patch
diff --git a/srcpkgs/meson/patches/10702.patch b/srcpkgs/meson/patches/10702.patch
new file mode 100644
index 000000000000..7ab15ebbc007
--- /dev/null
+++ b/srcpkgs/meson/patches/10702.patch
@@ -0,0 +1,59 @@
+From 869b95d0c2a854d73db0fceb7d0dbee9dc88cf46 Mon Sep 17 00:00:00 2001
+From: Eli Schwartz <eschwartz@archlinux.org>
+Date: Tue, 16 Aug 2022 22:42:53 -0400
+Subject: [PATCH] minstall: do not trample install_mode by rpath fixer
+
+install_mode can include the setuid bit, which has the special property
+(mentioned in the set_mode logic for minstall itself) of needing to come
+last, because it "will get wiped by chmod" (or at least chown).
+
+In fact, it's not just chown that wipes setuid, but other changes as
+well, such as the file contents. This is not an issue for install_data /
+custom_target, but for compiled outputs, we run depfixer to handle
+rpaths. This may or may not cause edits to the binary, depending on
+whether we have a build rpath to wipe, or an install rpath to add. (We
+also may run `strip`, but that external program already has its own mode
+restoration logic.)
+
+Fix this by switching the order of operations around, so that setting
+the permissions happens last.
+
+Fixes https://github.com/void-linux/void-packages/issues/38682
+---
+ mesonbuild/minstall.py | 3 ++-
+ test cases/common/190 install_mode/meson.build | 1 +
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/mesonbuild/minstall.py b/mesonbuild/minstall.py
+index 551f909c80d..a810ccbbd40 100644
+--- a/mesonbuild/minstall.py
++++ b/mesonbuild/minstall.py
+@@ -693,7 +693,6 @@ def install_targets(self, d: InstallData, dm: DirMaker, destdir: str, fullprefix
+ raise MesonException(f'File {fname!r} could not be found')
+ elif os.path.isfile(fname):
+ file_copied = self.do_copyfile(fname, outname, makedirs=(dm, outdir))
+- self.set_mode(outname, install_mode, d.install_umask)
+ if should_strip and d.strip_bin is not None:
+ if fname.endswith('.jar'):
+ self.log('Not stripping jar target: {}'.format(os.path.basename(fname)))
+@@ -723,6 +722,8 @@ def install_targets(self, d: InstallData, dm: DirMaker, destdir: str, fullprefix
+ pass
+ else:
+ raise
++ # file mode needs to be set last, after strip/depfixer editing
++ self.set_mode(outname, install_mode, d.install_umask)
+
+ def rebuild_all(wd: str) -> bool:
+ if not (Path(wd) / 'build.ninja').is_file():
+diff --git a/test cases/common/190 install_mode/meson.build b/test cases/common/190 install_mode/meson.build
+index cae1e91aba3..e877ba75757 100644
+--- a/test cases/common/190 install_mode/meson.build
++++ b/test cases/common/190 install_mode/meson.build
+@@ -51,6 +51,7 @@ install_man('foo.1',
+ executable('trivialprog',
+ sources : 'trivial.c',
+ install : true,
++ build_rpath: meson.current_build_dir(),
+ install_mode : ['rwxr-sr-x', 'root', 'root'])
+
+ # test install_mode in static_library
diff --git a/srcpkgs/meson/template b/srcpkgs/meson/template
index d4c6c4d29670..d3243fe16052 100644
--- a/srcpkgs/meson/template
+++ b/srcpkgs/meson/template
@@ -1,7 +1,7 @@
# Template file for 'meson'
pkgname=meson
version=0.62.2
-revision=1
+revision=2
build_style=python3-module
hostmakedepends="python3-devel python3-setuptools"
depends="ninja python3-setuptools"
From 948cd47890c720bc8f502f444e56de72ea343c96 Mon Sep 17 00:00:00 2001
From: Cameron Nemo <cnemo@tutanota.com>
Date: Tue, 16 Aug 2022 13:22:50 -0700
Subject: [PATCH 2/2] lxc: set lxc-user-nic suid bit, docbook2x patch
Switch to meson had a small casualty.
Rebuild with patched meson.
Also simplify the docbook2x patch based on recommendations from Eli
Schwartz.
Closes #38682
---
srcpkgs/lxc/patches/01-meson-docbook2x.patch | 66 +++++++++-----------
srcpkgs/lxc/template | 4 +-
2 files changed, 33 insertions(+), 37 deletions(-)
diff --git a/srcpkgs/lxc/patches/01-meson-docbook2x.patch b/srcpkgs/lxc/patches/01-meson-docbook2x.patch
index f21d8ba34b2b..da7ddeb61596 100644
--- a/srcpkgs/lxc/patches/01-meson-docbook2x.patch
+++ b/srcpkgs/lxc/patches/01-meson-docbook2x.patch
@@ -1,49 +1,45 @@
-commit d91b4a300017bdcfbea8d013f05369ebba9a3d1e
+commit 06f99c2599db8140bd839532caa8f6ee0d1c3ff6
Author: Cameron Nemo <cam@nohom.org>
-Date: Sun Aug 7 11:10:31 2022 -0700
+Date: Tue Aug 16 20:30:39 2022 -0700
- meson: add option to force docbook2x format
+ meson: fix docbook2x detection
- Some distros ship docbook2x as docbook2man, which perplexes the logic in
- the meson.build that chooses the "docdtd" value.
-
- Add a build option to always use the newer docbook2x docdtd value.
+ docbook2man can sometimes be docbook2x and other times be docbook-utils.
+ Rather than compare paths, use version constraints to detect version.
Signed-off-by: Cameron Nemo <cam@nohom.org>
diff --git a/meson.build b/meson.build
-index a145faf06..9c0e6e488 100644
+index 666824c5a..2b160d4ac 100644
--- a/meson.build
+++ b/meson.build
-@@ -135,6 +135,7 @@ cgrouppattern = get_option('cgroup-pattern')
- coverity = get_option('coverity-build')
- init_script = get_option('init-script')
- sanitize = get_option('b_sanitize')
-+docbook2x_only = get_option('docbook2x-only')
- want_examples = get_option('examples')
- want_io_uring = get_option('io-uring-event-loop')
- want_pam_cgroup = get_option('pam-cgroup')
-@@ -337,7 +338,7 @@ docconf.set('LXCTEMPLATEDIR', lxctemplatedir)
+@@ -324,9 +324,6 @@ endif
+ generate_date = run_command(date, '--utc', '--date=@' + time_epoch, '+%Y-%m-%d', check: true).stdout().strip()
+
+ ## Manpages.
+-sgml2man = find_program('docbook2X2man', 'docbook2x-man', 'db2x_docbook2man', 'docbook2man', 'docbook-to-man', required: want_mans)
+-docbook2man = find_program('docbook2man', required: false)
+-
+ docconf = configuration_data()
+ docconf.set('builddir', '.')
+ docconf.set('BINDIR', bindir)
+@@ -341,10 +338,15 @@ docconf.set('LXCTEMPLATEDIR', lxctemplatedir)
docconf.set('LXC_USERNIC_CONF', lxc_user_network_conf)
docconf.set('LXC_USERNIC_DB', lxc_user_network_db)
docconf.set('PACKAGE_VERSION', version_data.get('LXC_VERSION'))
-if sgml2man.found() and docbook2man.found() and sgml2man.full_path() == docbook2man.full_path()
-+if sgml2man.found() and docbook2man.found() and sgml2man.full_path() == docbook2man.full_path() and not docbook2x_only
- docconf.set('docdtd', '"-//Davenport//DTD DocBook V3.0//EN"')
- else
- docconf.set('docdtd', '"-//OASIS//DTD DocBook XML" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"')
-diff --git a/meson_options.txt b/meson_options.txt
-index c14dacf27..ccc4dde5d 100644
---- a/meson_options.txt
-+++ b/meson_options.txt
-@@ -9,6 +9,10 @@ option('cgroup-pattern', type: 'string', value: '',
- option('coverity-build', type: 'boolean', value: 'true',
- description: 'build for coverity')
+- docconf.set('docdtd', '"-//Davenport//DTD DocBook V3.0//EN"')
+-else
+- docconf.set('docdtd', '"-//OASIS//DTD DocBook XML" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"')
++docconf.set('docdtd', '"-//OASIS//DTD DocBook XML" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"')
++sgml2man = find_program('docbook2X2man', 'docbook2x-man', 'db2x_docbook2man', 'docbook2man', 'docbook-to-man', required: false, version: '>=0.8')
++if not sgml2man.found()
++ sgml2man = find_program('docbook2man', required: false, version: '<0.8')
++ if sgml2man.found()
++ docconf.set('docdtd', '"-//Davenport//DTD DocBook V3.0//EN"')
++ elif want_mans
++ error('missing required docbook2x or docbook-utils dependency')
++ endif
+ endif
-+# no configure equivalent
-+option('docbook2x-only', type: 'boolean', value: 'false',
-+ description: 'always use DocBook 2x format')
-+
- # was --{disable,enable}-examples in autotools
- option('examples', type: 'boolean', value: 'true',
- description: 'build and install examples')
+ ## Threads.
diff --git a/srcpkgs/lxc/template b/srcpkgs/lxc/template
index 6b29d3e041fa..f14e8bea9637 100644
--- a/srcpkgs/lxc/template
+++ b/srcpkgs/lxc/template
@@ -1,11 +1,11 @@
# Template file for 'lxc'
pkgname=lxc
version=5.0.1
-revision=1
+revision=2
build_style=meson
configure_args="-Dpam-cgroup=true -Drootfs-mount-path=/var/lxc/containers
-Ddistrosysconfdir=default
- -Dlog-path=/var/lxc/log -Dinit-script=[] -Ddocbook2x-only=true"
+ -Dlog-path=/var/lxc/log -Dinit-script=[]"
hostmakedepends="pkg-config docbook2x"
makedepends="libcap-devel libseccomp-devel openssl-devel libapparmor-devel
pam-devel"
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: backport meson patch to set lxc-user-nic suid bit
2022-08-16 20:30 [PR PATCH] lxc: setuid binary CameronNemo
` (4 preceding siblings ...)
2022-08-17 14:29 ` [PR PATCH] [Updated] " CameronNemo
@ 2022-08-17 14:29 ` CameronNemo
2022-08-17 14:31 ` [PR PATCH] [Merged]: " paper42
6 siblings, 0 replies; 8+ messages in thread
From: CameronNemo @ 2022-08-17 14:29 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 159 bytes --]
New comment by CameronNemo on void-packages repository
https://github.com/void-linux/void-packages/pull/38726#issuecomment-1218088772
Comment:
@paper42 done
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PR PATCH] [Merged]: backport meson patch to set lxc-user-nic suid bit
2022-08-16 20:30 [PR PATCH] lxc: setuid binary CameronNemo
` (5 preceding siblings ...)
2022-08-17 14:29 ` CameronNemo
@ 2022-08-17 14:31 ` paper42
6 siblings, 0 replies; 8+ messages in thread
From: paper42 @ 2022-08-17 14:31 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1321 bytes --]
There's a merged pull request on the void-packages repository
backport meson patch to set lxc-user-nic suid bit
https://github.com/void-linux/void-packages/pull/38726
Description:
Switch to meson had a small casualty.
Rebuild with patched meson.
Also simplify the docbook2x patch.
https://github.com/mesonbuild/meson/pull/10702
https://github.com/lxc/lxc/pull/4177
Closes #38682
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES**
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-08-17 14:31 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-16 20:30 [PR PATCH] lxc: setuid binary CameronNemo
2022-08-17 3:30 ` eli-schwartz
2022-08-17 3:50 ` [PR PATCH] [Updated] " CameronNemo
2022-08-17 3:53 ` backport meson patch to set lxc-user-nic suid bit CameronNemo
2022-08-17 8:08 ` paper42
2022-08-17 14:29 ` [PR PATCH] [Updated] " CameronNemo
2022-08-17 14:29 ` CameronNemo
2022-08-17 14:31 ` [PR PATCH] [Merged]: " paper42
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).