From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 1EA871381F3 for ; Sun, 28 Apr 2013 04:25:11 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7F2EAE087F; Sun, 28 Apr 2013 04:25:02 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id F2A71E087F for ; Sun, 28 Apr 2013 04:25:01 +0000 (UTC) Received: from flycatcher.gentoo.org (flycatcher.gentoo.org [81.93.255.6]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id C71AF335E31 for ; Sun, 28 Apr 2013 04:25:00 +0000 (UTC) Received: by flycatcher.gentoo.org (Postfix, from userid 559) id 919002171D; Sun, 28 Apr 2013 04:24:59 +0000 (UTC) From: "Mike Frysinger (vapier)" To: gentoo-commits@lists.gentoo.org Reply-To: gentoo-dev@lists.gentoo.org, vapier@gentoo.org Subject: [gentoo-commits] gentoo-x86 commit in eclass: fcaps.eclass X-VCS-Repository: gentoo-x86 X-VCS-Files: fcaps.eclass X-VCS-Directories: eclass X-VCS-Committer: vapier X-VCS-Committer-Name: Mike Frysinger Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Message-Id: <20130428042459.919002171D@flycatcher.gentoo.org> Date: Sun, 28 Apr 2013 04:24:59 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 4b30ecf3-0131-4d49-b2e7-35afb35f5762 X-Archives-Hash: 2d22718d82d2340b89ab484d3d714a84 vapier 13/04/28 04:24:59 Modified: fcaps.eclass Log: add support for setting/checking caps via libcap-ng #454908 Revision Changes Path 1.5 eclass/fcaps.eclass file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/fcaps.eclass?rev=1.5&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/fcaps.eclass?rev=1.5&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/fcaps.eclass?r1=1.4&r2=1.5 Index: fcaps.eclass =================================================================== RCS file: /var/cvsroot/gentoo-x86/eclass/fcaps.eclass,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- fcaps.eclass 28 Apr 2013 03:11:47 -0000 1.4 +++ fcaps.eclass 28 Apr 2013 04:24:59 -0000 1.5 @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/eclass/fcaps.eclass,v 1.4 2013/04/28 03:11:47 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/eclass/fcaps.eclass,v 1.5 2013/04/28 04:24:59 vapier Exp $ # @ECLASS: fcaps.eclass # @MAINTAINER: @@ -33,7 +33,7 @@ IUSE="+filecaps" -DEPEND="filecaps? ( sys-libs/libcap )" +DEPEND="filecaps? ( || ( sys-libs/libcap sys-libs/libcap-ng ) )" # @ECLASS-VARIABLE: FILECAPS # @DEFAULT_UNSET @@ -111,7 +111,7 @@ esac # Process every file! - local file out + local file for file ; do [[ ${file} != /* ]] && file="${root}${file}" @@ -124,33 +124,64 @@ # by people. chmod ${caps_mode} "${file}" || die - if ! out=$(LC_ALL=C setcap "${caps}" "${file}" 2>&1) ; then - case ${out} in - *"command not found"*) - if [[ -z ${__FCAPS_WARNED} ]] ; then - __FCAPS_WARNED="true" - ewarn "Could not find cap utils. Please make sure libcap is available." - fi - ;; - *"Operation not supported"*) - local fstype=$(stat -f -c %T "${file}") - ewarn "Could not set caps on '${file}' due to missing filesystem support." - ewarn "Make sure you enable XATTR support for '${fstype}' in your kernel." - ewarn "You might also have to enable the relevant FS_SECURITY option." - ;; - *) - eerror "Setting caps '${caps}' on file '${file}' failed:" - eerror "${out}" - die "could not set caps" - ;; - esac - else - # Sanity check that everything took. - setcap -v "${caps}" "${file}" >/dev/null \ - || die "Checking caps '${caps}' on '${file}' failed" - - # Everything worked. Move on to the next file. - continue + # Set/verify funcs for sys-libs/libcap. + _libcap() { setcap "${caps}" "${file}" ; } + _libcap_verify() { setcap -v "${caps}" "${file}" >/dev/null ; } + + # Set/verify funcs for sys-libs/libcap-ng. + # Note: filecap only supports =ep mode. + # It also expects a different form: + # setcap cap_foo,cap_bar + # filecap foo bar + _libcap_ng() { + local caps=",${caps%=ep}" + filecap "${file}" "${caps//,cap_}" + } + _libcap_ng_verify() { + # libcap-ng has a crappy interface + local rcaps icaps caps=",${caps%=ep}" + rcaps=$(filecap "${file}" | \ + sed -nr \ + -e "s:^.{${#file}} +::" \ + -e 's:, +:\n:g' \ + -e 2p | \ + LC_ALL=C sort) || return 1 + icaps=$(echo "${caps//,cap_}" | LC_ALL=C sort) + [[ ${rcaps} == ${icaps} ]] + } + + local out cmd notfound=0 + for cmd in _libcap _libcap_ng ; do + if ! out=$(LC_ALL=C ${cmd} 2>&1) ; then + case ${out} in + *"command not found"*) + : $(( ++notfound )) + continue + ;; + *"Operation not supported"*) + local fstype=$(stat -f -c %T "${file}") + ewarn "Could not set caps on '${file}' due to missing filesystem support." + ewarn "Make sure you enable XATTR support for '${fstype}' in your kernel." + ewarn "You might also have to enable the relevant FS_SECURITY option." + break + ;; + *) + eerror "Setting caps '${caps}' on file '${file}' failed:" + eerror "${out}" + die "could not set caps" + ;; + esac + else + # Sanity check that everything took. + ${cmd}_verify || die "Checking caps '${caps}' on '${file}' failed" + + # Everything worked. Move on to the next file. + continue 2 + fi + done + if [[ ${notfound} -eq 2 ]] && [[ -z ${__FCAPS_WARNED} ]] ; then + __FCAPS_WARNED="true" + ewarn "Could not find cap utils; make sure libcap or libcap-ng is available." fi fi