ArchPOWER/packages
1
0
Fork 0
Code Issues 8 Pull Requests 1 Actions Packages Projects Releases 18 Wiki Activity

* update libcap to 2.71-1

Browse Source
This commit is contained in:
Alexander Baldeck 2024-12-06 10:23:43 +01:00
parent 2062cd335d
commit 51cf46f34c
6 changed files with 60 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
libcap/.SRCINFO
View File

@ -1,14 +1,16 @@
pkgbase = libcap
pkgdesc = POSIX 1003.1e capabilities
pkgver = 2.70
pkgrel = 1.1
pkgver = 2.71
pkgrel = 1
url = https://sites.google.com/site/fullycapable/
arch = x86_64
arch = powerpc64le
arch = powerpc64
arch = powerpc
arch = espresso
arch = riscv64
license = BSD-3-Clause OR GPL-2.0-only
makedepends = git
makedepends = go
makedepends = linux-api-headers
depends = gcc-libs
@ -17,15 +19,13 @@ pkgbase = libcap
provides = libcap.so
provides = libpsx.so
options = !lto
source = https://kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-2.70.tar.xz
source = https://kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-2.70.tar.sign
source = libcap-2.69-cgo_flags.patch
source = git+https://git.kernel.org/pub/scm/libs/libcap/libcap.git?signed#tag=sig-libcap-2.71
source = libcap-2.71-cgo-flags.patch
validpgpkeys = 38A644698C69787344E954CE29EE848AE2CCF3F4
sha512sums = 4e0bf0efeccb654c409afe9727b2b53c1d4da8190d7a0a9848fc52550ff3e13502add3eacde04a68a5b7bec09e91df487f64c5746ba987f873236a9e53b3d4e8
sha512sums = SKIP
sha512sums = f1e301370b1af91d6cdca2433fcfc60f35ccfdfca7a7ce00a0b0ddfb54d67ed1b7e0a52094010c92514460bd142d12bb29eb28c13d9e7da9b92e4b61b6300d2f
b2sums = 77b72acee53032117ea481e3380d1b497f9264b6193b9523542508c7c3e46070248ca4ed910d35809ce6e52caa60cbb31edb125c47221627eeda35c61bd0914b
b2sums = SKIP
b2sums = 535fe70e39caeccb4b71fe0b6329e37b88b69d18361595e78171e3d148370553a055c81e4e691c5b43e54d5c2789fe5390287a1f23efc4529246877eaf8821e5
validpgpkeys = 0D23D34C577B08C4082CFD76430C5CFF993116B1
sha512sums = 63ce3d8625e989070604c10c90696a732347b4335017693925592f3cdba17d098d44dec704a8bf0dc32bcf51502b922d4c4f765552ee1d4a6a1d94dd759a5fc0
sha512sums = bcaf8f2002ac6acd4ac455d71313b71b60617fd6978abf5c722bd9ab7c8cace9a78b25218aef553538467c3a95f3494ce0a0b0c64b8855cfa4ab18d5ba2a28c2
b2sums = f1f86559c673d89ce4bc13fdb90e1051e3bf8562571f686845e46b513d804680e00db738736d4d5d118e828c6e98144f40ff19d1d9bec003a946cd6f63a97d8d
b2sums = d704ffe7a4b48a1ac269ebf6735dba162dcfd94ff70a32c8154d6d1520eff4a425b54653da0ac361f5120eb4b915039878a08ebd730ee4655be9cccfbe50ad1e
pkgname = libcap

6
libcap/.nvchecker.toml Normal file
View File

@ -0,0 +1,6 @@
[libcap]
source = "git"
git = "https://git.kernel.org/pub/scm/libs/libcap/libcap.git"
include_regex = 'libcap-([\d.]+)'
exclude_regex = 'libcap-(20070813|20071031)'
prefix = "libcap-"

41
libcap/PKGBUILD
View File

@ -5,11 +5,12 @@
# Contributor: Hugo Doria <hugo@archlinux.org>
pkgname=libcap
pkgver=2.70
pkgrel=1.1
pkgver=2.71
pkgrel=1
pkgdesc="POSIX 1003.1e capabilities"
arch=(x86_64 powerpc64le powerpc64 powerpc espresso riscv64)
url="https://sites.google.com/site/fullycapable/"
_url=https://git.kernel.org/pub/scm/libs/libcap/libcap.git
license=('BSD-3-Clause OR GPL-2.0-only')
depends=(
gcc-libs
@ -17,6 +18,7 @@ depends=(
pam
)
makedepends=(
git
go
linux-api-headers
)
@ -26,18 +28,19 @@ provides=(
)
# we can not use LTO as otherwise we get no reproducible package with full RELRO
options=(!lto)
# NOTE: we rely on a specific tagging scheme to verify with the latest signing key: https://bugzilla.kernel.org/show_bug.cgi?id=218860#c3
source=(
https://kernel.org/pub/linux/libs/security/linux-privs/${pkgname}2/$pkgname-$pkgver.tar.{xz,sign}
libcap-2.69-cgo_flags.patch # provide flags to go build (sent upstream)
git+$_url?signed#tag=sig-$pkgname-$pkgver
libcap-2.71-cgo-flags.patch # provide flags to go build (sent upstream)
)
sha512sums=('63ce3d8625e989070604c10c90696a732347b4335017693925592f3cdba17d098d44dec704a8bf0dc32bcf51502b922d4c4f765552ee1d4a6a1d94dd759a5fc0'
'bcaf8f2002ac6acd4ac455d71313b71b60617fd6978abf5c722bd9ab7c8cace9a78b25218aef553538467c3a95f3494ce0a0b0c64b8855cfa4ab18d5ba2a28c2')
b2sums=('f1f86559c673d89ce4bc13fdb90e1051e3bf8562571f686845e46b513d804680e00db738736d4d5d118e828c6e98144f40ff19d1d9bec003a946cd6f63a97d8d'
'd704ffe7a4b48a1ac269ebf6735dba162dcfd94ff70a32c8154d6d1520eff4a425b54653da0ac361f5120eb4b915039878a08ebd730ee4655be9cccfbe50ad1e')
validpgpkeys=(
38A644698C69787344E954CE29EE848AE2CCF3F4 # Andrew G. Morgan <morgan@kernel.org>
0D23D34C577B08C4082CFD76430C5CFF993116B1 # Andrew G. Morgan (2024+ libcap signing key) <morgan@kernel.org>
)
sha512sums=('4e0bf0efeccb654c409afe9727b2b53c1d4da8190d7a0a9848fc52550ff3e13502add3eacde04a68a5b7bec09e91df487f64c5746ba987f873236a9e53b3d4e8'
'SKIP'
'f1e301370b1af91d6cdca2433fcfc60f35ccfdfca7a7ce00a0b0ddfb54d67ed1b7e0a52094010c92514460bd142d12bb29eb28c13d9e7da9b92e4b61b6300d2f')
b2sums=('77b72acee53032117ea481e3380d1b497f9264b6193b9523542508c7c3e46070248ca4ed910d35809ce6e52caa60cbb31edb125c47221627eeda35c61bd0914b'
'SKIP'
'535fe70e39caeccb4b71fe0b6329e37b88b69d18361595e78171e3d148370553a055c81e4e691c5b43e54d5c2789fe5390287a1f23efc4529246877eaf8821e5')
# NOTE: contacted upstream on 2024-05-19 about unsafe (and differing) key for signed git tags and use of SHA-1 binding signatures in key used for custom source tarballs in the hopes of them using a new key in the future
validpgpkeys=(38A644698C69787344E954CE29EE848AE2CCF3F4) # Andrew G. Morgan <morgan@kernel.org>
# NOTE: with CGO_ENABLED we need all relevant make options in build(), check() and package() otherwise the package is not reproducible
_common_make_options=(
@ -52,7 +55,7 @@ _common_make_options=(
prepare() {
# ensure to use CGO_ENABLED all the way (so that we can have full RELRO)
patch -Np1 -d $pkgname-$pkgver -i ../libcap-2.69-cgo_flags.patch
patch -Np1 -d $pkgname -i ../libcap-2.71-cgo-flags.patch
}
build() {
@ -65,7 +68,7 @@ build() {
lib=lib
prefix=/usr
sbindir=bin
-C $pkgname-$pkgver
-C $pkgname
)
make "${make_options[@]}"
@ -78,7 +81,7 @@ check() {
"${_common_make_options[@]}"
test
-k
-C $pkgname-$pkgver
-C $pkgname
)
make "${make_options[@]}"
@ -95,11 +98,11 @@ package() {
prefix=/usr
sbindir=bin
install
-C $pkgname-$pkgver
-C $pkgname
)
make "${make_options[@]}"
install -vDm 644 $pkgname-$pkgver/{CHANGELOG,README} -t "$pkgdir/usr/share/doc/$pkgname/"
install -vDm 644 $pkgname-$pkgver/License -t "$pkgdir/usr/share/licenses/$pkgname/"
install -vDm 644 $pkgname-$pkgver/pam_cap/capability.conf -t "$pkgdir/usr/share/doc/$pkgname/examples/"
install -vDm 644 $pkgname/{CHANGELOG,README} -t "$pkgdir/usr/share/doc/$pkgname/"
install -vDm 644 $pkgname/License -t "$pkgdir/usr/share/licenses/$pkgname/"
install -vDm 644 $pkgname/pam_cap/capability.conf -t "$pkgdir/usr/share/doc/$pkgname/examples/"
}

14
libcap/keys/pgp/0D23D34C577B08C4082CFD76430C5CFF993116B1.asc Normal file
View File

@ -0,0 +1,14 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZxxqQxYJKwYBBAHaRw8BAQdAAlgXHf/4BU68VzEE51MNEljYf/t1gyseA2mU
Kh/+/i20P0FuZHJldyBHLiBNb3JnYW4gKDIwMjQrIGxpYmNhcCBzaWduaW5nIGtl
eSkgPG1vcmdhbkBrZXJuZWwub3JnPoiTBBMWCgA7FiEEDSPTTFd7CMQILP12Qwxc
/5kxFrEFAmccakMCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQQwxc
/5kxFrFjaQEA1CkyQNNg8HlfXkV6+DnzdsQN8YycicrYXmSzV42z35YA/1raz/En
wuMZzDOwXx/DsdOipDESmi4+f5hHoUjSiREAuDgEZxxqQxIKKwYBBAGXVQEFAQEH
QNEebjvioE1SOgLslz/YtW38q9dVi5WyrareoaES0glJAwEIB4h4BBgWCgAgFiEE
DSPTTFd7CMQILP12Qwxc/5kxFrEFAmccakMCGwwACgkQQwxc/5kxFrGkaAD7BxKn
awy8yyaG0+eIiG/c78B/d5brbnVj3cws1gzYD0gBAPTZz+Ui/VwsUQNhiam822GR
hbpiIP1cjbNci5xFttcF
=R8eF
-----END PGP PUBLIC KEY BLOCK-----

41
libcap/libcap-2.68-cgo_flags.patch
View File

@ -1,41 +0,0 @@
From 522b78b9d6a1b6cf282a22657dea59bc5c960557 Mon Sep 17 00:00:00 2001
From: David Runge <dvzrv@archlinux.org>
Date: Tue, 28 Mar 2023 13:44:20 +0200
Subject: [PATCH] Provide flags when building go binaries
go/Makefile:
Provide CGO_CFLAGS, CGO_CPPFLAGS, CGO_CXXFLAGS, CGO_LDFLAGS and GOFLAGS
to the go compiler, so that they may be set for e.g. supplying
downstream flags (such as for PIE and full RELRO).
---
go/Makefile | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/go/Makefile b/go/Makefile
index 38c1cf3..3a98af3 100644
--- a/go/Makefile
+++ b/go/Makefile
@@ -68,16 +68,16 @@ ifeq ($(RAISE_GO_FILECAP),yes)
endif
setid: ../goapps/setid/setid.go CAPGOPACKAGE PSXGOPACKAGE
- CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_CPPFLAGS="$(CGO_CPPFLAGS)" CGO_CXXFLAGS="$(CGO_CXXFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) $(GOFLAGS) -mod=vendor -o $@ $<
gowns: ../goapps/gowns/gowns.go CAPGOPACKAGE
- CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_CPPFLAGS="$(CGO_CPPFLAGS)" CGO_CXXFLAGS="$(CGO_CXXFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) $(GOFLAGS) -mod=vendor -o $@ $<
captree: ../goapps/captree/captree.go CAPGOPACKAGE
- CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_CPPFLAGS="$(CGO_CPPFLAGS)" CGO_CXXFLAGS="$(CGO_CXXFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) $(GOFLAGS) -mod=vendor -o $@ $<
captrace: ../goapps/captrace/captrace.go CAPGOPACKAGE
- CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_CPPFLAGS="$(CGO_CPPFLAGS)" CGO_CXXFLAGS="$(CGO_CXXFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) $(GOFLAGS) -mod=vendor -o $@ $<
ok: ok.go vendor/modules.txt
CC="$(CC)" CGO_ENABLED="0" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
--
2.40.0

13
libcap/libcap-2.69-cgo_flags.patch → libcap/libcap-2.71-cgo-flags.patch
View File

@ -1,7 +1,8 @@
diff -ruN a/go/Makefile b/go/Makefile
--- a/go/Makefile 2022-10-10 01:01:27.000000000 +0200
+++ b/go/Makefile 2024-03-19 12:33:19.217467384 +0100
@@ -68,19 +68,19 @@
diff --git i/go/Makefile w/go/Makefile
index d0b081d..ba3a357 100644
--- i/go/Makefile
+++ w/go/Makefile
@@ -68,19 +68,19 @@ ifeq ($(RAISE_GO_FILECAP),yes)
endif
setid: ../goapps/setid/setid.go CAPGOPACKAGE PSXGOPACKAGE
@ -21,8 +22,8 @@ diff -ruN a/go/Makefile b/go/Makefile
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_CPPFLAGS="$(CGO_CPPFLAGS)" CGO_CXXFLAGS="$(CGO_CXXFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) $(GOFLAGS) -mod=vendor -o $@ $<
ok: ok.go vendor/modules.txt
- CC="$(CC)" CGO_ENABLED="0" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
- CC="$(CC)" CGO_ENABLED="0" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(GO) build $(GO_BUILD_FLAGS) $(GOFLAGS) -mod=vendor $<
try-launching: try-launching.go CAPGOPACKAGE ok
CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<