bfs: update to 2.2.1.
This commit is contained in:
parent
ccd726e23d
commit
268cf37789
|
@ -1,90 +0,0 @@
|
|||
From f2e6186ed0ce9b68362ad25d897f1e3c697728ec Mon Sep 17 00:00:00 2001
|
||||
From: Tavian Barnes <tavianator@tavianator.com>
|
||||
Date: Sun, 21 Mar 2021 13:18:43 -0400
|
||||
Subject: [PATCH] tests: Drop capabilities when run as root on Linux
|
||||
|
||||
bfs's tests rely on file permissions being enforced, which leads them to
|
||||
work incorrectly when run as root. This is probably the most common
|
||||
packaging issue for bfs, most recently seen with Void Linux's update to
|
||||
bfs 2.2.
|
||||
|
||||
Make it easier on packagers by using capsh, if it's available, to drop
|
||||
the DAC privileges for the tests.
|
||||
|
||||
Link: https://github.com/void-linux/void-packages/pull/29437#issuecomment-798670288
|
||||
Link: https://salsa.debian.org/lamby/pkg-bfs/-/commit/b173efb35da126adb39b0984219d6a2fd9ff428f
|
||||
---
|
||||
tests.sh | 35 +++++++++++++++++++++++++++++------
|
||||
1 file changed, 29 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git tests.sh tests.sh
|
||||
index b039eea..0bdd1d4 100755
|
||||
--- tests.sh
|
||||
+++ tests.sh
|
||||
@@ -34,10 +34,25 @@ if [ -t 1 ]; then
|
||||
RST="$(printf '\033[0m')"
|
||||
fi
|
||||
|
||||
-if [ "$EUID" -eq 0 ]; then
|
||||
+if command -v capsh &>/dev/null; then
|
||||
+ if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
|
||||
+ cat >&2 <<EOF
|
||||
+${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
|
||||
+${BLD}CAP_DAC_READ_SEARCH${RST}.
|
||||
+
|
||||
+EOF
|
||||
+
|
||||
+ exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
|
||||
+ fi
|
||||
+elif [ "$EUID" -eq 0 ]; then
|
||||
+ UNLESS=
|
||||
+ if [ "$(uname)" = "Linux" ]; then
|
||||
+ UNLESS=" unless ${GRN}capsh${RST} is installed"
|
||||
+ fi
|
||||
+
|
||||
cat >&2 <<EOF
|
||||
${RED}error:${RST} These tests expect filesystem permissions to be enforced, and therefore
|
||||
-will not work when run as ${BLD}$(id -un)${RST}.
|
||||
+will not work when run as ${BLD}$(id -un)${RST}${UNLESS}.
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
@@ -1209,11 +1224,15 @@ function test_gid() {
|
||||
}
|
||||
|
||||
function test_gid_plus() {
|
||||
- bfs_diff basic -gid +0
|
||||
+ if [ "$(id -g)" -ne 0 ]; then
|
||||
+ bfs_diff basic -gid +0
|
||||
+ fi
|
||||
}
|
||||
|
||||
function test_gid_plus_plus() {
|
||||
- bfs_diff basic -gid +0
|
||||
+ if [ "$(id -g)" -ne 0 ]; then
|
||||
+ bfs_diff basic -gid ++0
|
||||
+ fi
|
||||
}
|
||||
|
||||
function test_gid_minus() {
|
||||
@@ -1229,11 +1248,15 @@ function test_uid() {
|
||||
}
|
||||
|
||||
function test_uid_plus() {
|
||||
- bfs_diff basic -uid +0
|
||||
+ if [ "$(id -u)" -ne 0 ]; then
|
||||
+ bfs_diff basic -uid +0
|
||||
+ fi
|
||||
}
|
||||
|
||||
function test_uid_plus_plus() {
|
||||
- bfs_diff basic -uid ++0
|
||||
+ if [ "$(id -u)" -ne 0 ]; then
|
||||
+ bfs_diff basic -uid ++0
|
||||
+ fi
|
||||
}
|
||||
|
||||
function test_uid_minus() {
|
||||
--
|
||||
2.31.0
|
||||
|
|
@ -1,41 +0,0 @@
|
|||
From dbc77fd3b6e48a17eb79f9ff3a5f810b7554bf6f Mon Sep 17 00:00:00 2001
|
||||
From: Tavian Barnes <tavianator@tavianator.com>
|
||||
Date: Mon, 22 Mar 2021 17:19:31 -0400
|
||||
Subject: [PATCH] tests: Avoid looping forever when failing to drop
|
||||
capabilities
|
||||
|
||||
Link: https://github.com/void-linux/void-packages/pull/29437/checks?check_run_id=2169825021
|
||||
---
|
||||
tests.sh | 10 +++++++++-
|
||||
1 file changed, 9 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git tests.sh tests.sh
|
||||
index 0bdd1d4..ad71894 100755
|
||||
--- tests.sh
|
||||
+++ tests.sh
|
||||
@@ -36,13 +36,21 @@ fi
|
||||
|
||||
if command -v capsh &>/dev/null; then
|
||||
if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
|
||||
+ if [ -n "$BFS_TRIED_DROP" ]; then
|
||||
+ cat >&2 <<EOF
|
||||
+${RED}error: ${RST} Failed to drop capabilities.
|
||||
+EOF
|
||||
+
|
||||
+ exit 1
|
||||
+ fi
|
||||
+
|
||||
cat >&2 <<EOF
|
||||
${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
|
||||
${BLD}CAP_DAC_READ_SEARCH${RST}.
|
||||
|
||||
EOF
|
||||
|
||||
- exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
|
||||
+ BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
|
||||
fi
|
||||
elif [ "$EUID" -eq 0 ]; then
|
||||
UNLESS=
|
||||
--
|
||||
2.31.0
|
||||
|
|
@ -1,47 +0,0 @@
|
|||
From d36ece2ca7498b7ba5485d5010439b57f006c9c8 Mon Sep 17 00:00:00 2001
|
||||
From: Tavian Barnes <tavianator@tavianator.com>
|
||||
Date: Tue, 23 Mar 2021 11:46:26 -0400
|
||||
Subject: [PATCH] tests: Actually remove capabilities after dropping them
|
||||
|
||||
---
|
||||
tests.sh | 13 ++++++++-----
|
||||
1 file changed, 8 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git tests.sh tests.sh
|
||||
index ad71894..8eb4dc0 100755
|
||||
--- tests.sh
|
||||
+++ tests.sh
|
||||
@@ -35,22 +35,25 @@ if [ -t 1 ]; then
|
||||
fi
|
||||
|
||||
if command -v capsh &>/dev/null; then
|
||||
- if capsh --has-p=CAP_DAC_OVERRIDE &>/dev/null || capsh --has-p=CAP_DAC_READ_SEARCH &>/dev/null; then
|
||||
+ if capsh --has-p=cap_dac_override &>/dev/null || capsh --has-p=cap_dac_read_search &>/dev/null; then
|
||||
if [ -n "$BFS_TRIED_DROP" ]; then
|
||||
cat >&2 <<EOF
|
||||
-${RED}error: ${RST} Failed to drop capabilities.
|
||||
+${RED}error:${RST} Failed to drop capabilities.
|
||||
EOF
|
||||
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cat >&2 <<EOF
|
||||
-${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}CAP_DAC_OVERRIDE${RST} and
|
||||
-${BLD}CAP_DAC_READ_SEARCH${RST}.
|
||||
+${YLW}warning:${RST} Running as ${BLD}$(id -un)${RST} is not recommended. Dropping ${BLD}cap_dac_override${RST} and
|
||||
+${BLD}cap_dac_read_search${RST}.
|
||||
|
||||
EOF
|
||||
|
||||
- BFS_TRIED_DROP=y exec capsh --drop=CAP_DAC_OVERRIDE,CAP_DAC_READ_SEARCH -- "$0" "$@"
|
||||
+ BFS_TRIED_DROP=y exec capsh \
|
||||
+ --drop=cap_dac_override,cap_dac_read_search \
|
||||
+ --caps=cap_dac_override,cap_dac_read_search-eip \
|
||||
+ -- "$0" "$@"
|
||||
fi
|
||||
elif [ "$EUID" -eq 0 ]; then
|
||||
UNLESS=
|
||||
--
|
||||
2.31.1
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
# Template file for 'bfs'
|
||||
pkgname=bfs
|
||||
version=2.2
|
||||
version=2.2.1
|
||||
revision=1
|
||||
build_style=gnu-makefile
|
||||
makedepends="acl-devel libcap-devel"
|
||||
|
@ -11,7 +11,7 @@ license="0BSD"
|
|||
homepage="https://github.com/tavianator/bfs"
|
||||
changelog="https://raw.githubusercontent.com/tavianator/bfs/main/RELEASES.md"
|
||||
distfiles="https://github.com/tavianator/bfs/archive/${version}.tar.gz"
|
||||
checksum=09cff2033544cbaa31af2ad7d59347056a53c04ff7c469bb5904e575d3641053
|
||||
checksum=94a9c9a03d82c2d8e81ff373021d8188925a1a5e525937ddda2523483629e390
|
||||
|
||||
post_install() {
|
||||
vlicense LICENSE
|
||||
|
|
Loading…
Reference in New Issue