Hello community,
here is the log from the commit of package libcap for openSUSE:Factory checked
in at 2020-12-21 10:21:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libcap (Old)
and /work/SRC/openSUSE:Factory/.libcap.new.5145 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libcap"
Mon Dec 21 10:21:46 2020 rev:40 rq:853758 version:2.44
Changes:
--------
--- /work/SRC/openSUSE:Factory/libcap/libcap.changes 2020-09-08
22:55:15.403751374 +0200
+++ /work/SRC/openSUSE:Factory/.libcap.new.5145/libcap.changes 2020-12-21
10:21:47.887895124 +0100
@@ -1,0 +2,7 @@
+Sat Nov 14 10:26:54 UTC 2020 - Dirk Mueller <dmuel...@suse.com>
+
+- update to 2.44:
+ Generally, this is a release to help package builders: no functional change
+ to any of the generated code just documentation and make related fixes.
+
+-------------------------------------------------------------------
Old:
----
libcap-2.43.tar.xz
New:
----
libcap-2.44.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libcap.spec ++++++
--- /var/tmp/diff_new_pack.ihlcOu/_old 2020-12-21 10:21:48.679895820 +0100
+++ /var/tmp/diff_new_pack.ihlcOu/_new 2020-12-21 10:21:48.683895824 +0100
@@ -17,7 +17,7 @@
Name: libcap
-Version: 2.43
+Version: 2.44
Release: 0
Summary: Library for Capabilities (linux-privs) Support
License: BSD-3-Clause AND GPL-2.0-only
@@ -49,6 +49,20 @@
capabilities within setuid binaries. If you use patches, this can be
done automatically by the kernel.
+%package -n libpsx2
+Summary: Library for Capabilities (linux-privs) Support
+Group: System/Libraries
+
+%description -n libpsx2
+Capabilities are a measure to limit the omnipotence of the superuser.
+Currently a program started by root or setuid root has the power to do
+anything. Capabilities (Linux-Privs) provide a more fine-grained access
+control. Without kernel patches, you can use this library to drop
+capabilities within setuid binaries. If you use patches, this can be
+done automatically by the kernel.
+
+
+
%package devel
Summary: Development files for libcap
Group: Development/Libraries/C and C++
@@ -79,15 +93,18 @@
%build
%global _lto_cflags %{_lto_cflags} -ffat-lto-objects
make prefix=%{_prefix} lib=%{_lib} LIBDIR=%{_libdir} SBINDIR=%{_sbindir} \
- INCDIR=%{_includedir} MANDIR=%{_mandir} DYNAMIC=yes DEBUG="-g %{optflags}"
+ INCDIR=%{_includedir} MANDIR=%{_mandir} SHARED=yes DEBUG="-g %{optflags}"
%install
make install RAISE_SETFCAP=no \
+ prefix=%{_prefix} \
+ lib=%{_lib} \
DESTDIR=%{buildroot} \
LIBDIR=/%{_libdir} \
SBINDIR=/%{_sbindir} \
INCDIR=/%{_includedir} \
MANDIR=/%{_mandir}/ \
+ SHARED=yes \
PKGCONFIGDIR=%{_libdir}/pkgconfig/
find %{buildroot} -type f -name "*.la" -delete -print
# do not provide static libs
@@ -101,6 +118,15 @@
%post -n libcap2 -p /sbin/ldconfig
%postun -n libcap2 -p /sbin/ldconfig
+%ifarch aarch64
+%post -n libpsx2 -p /sbin/ldconfig
+%postun -n libpsx2 -p /sbin/ldconfig
+
+%files -n libpsx2
+%license License
+%{_libdir}/libpsx.so.2*
+%endif
+
%files -n libcap2
%license License
%{_libdir}/libcap.so.*
++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.ihlcOu/_old 2020-12-21 10:21:48.711895848 +0100
+++ /var/tmp/diff_new_pack.ihlcOu/_new 2020-12-21 10:21:48.711895848 +0100
@@ -1 +1,2 @@
libcap2
+libpsx2
++++++ libcap-2.43.tar.xz -> libcap-2.44.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libcap-2.43/Make.Rules new/libcap-2.44/Make.Rules
--- old/libcap-2.43/Make.Rules 2020-08-15 20:09:19.000000000 +0200
+++ new/libcap-2.44/Make.Rules 2020-10-05 03:42:13.000000000 +0200
@@ -1,7 +1,7 @@
# Common version number defines for libcap
LIBTITLE=libcap
VERSION=2
-MINOR=43
+MINOR=44
#
## Optional prefixes:
@@ -54,13 +54,15 @@
KERNEL_HEADERS := $(topdir)/libcap/include/uapi
IPATH += -fPIC -I$(KERNEL_HEADERS) -I$(topdir)/libcap/include
-CC ?= $(CROSS_COMPILE)gcc
+CC := $(CROSS_COMPILE)gcc
DEFINES := -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
-CFLAGS ?= -O2 $(DEFINES)
+COPTS ?= -O2
+CFLAGS ?= $(COPTS) $(DEFINES)
BUILD_CC ?= $(CC)
-BUILD_CFLAGS ?= -O2 $(DEFINES) $(IPATH)
-AR ?= $(CROSS_COMPILE)ar
-RANLIB ?= $(CROSS_COMPILE)ranlib
+BUILD_COPTS ?= -O2
+BUILD_CFLAGS ?= $(BUILD_COPTS) $(DEFINES) $(IPATH)
+AR := $(CROSS_COMPILE)ar
+RANLIB := $(CROSS_COMPILE)ranlib
DEBUG = -g #-DDEBUG
WARNINGS=-Wall -Wwrite-strings \
-Wpointer-arith -Wcast-qual -Wcast-align \
@@ -69,7 +71,7 @@
LD=$(CC) -Wl,-x -shared
LDFLAGS ?= #-g
LIBCAPLIB := -L$(topdir)/libcap -lcap
-LIBPSXLIB := -L$(topdir)/libcap -lpsx -lpthread
+LIBPSXLIB := -L$(topdir)/libcap -lpsx -lpthread -Wl,-wrap,pthread_create
BUILD_GPERF := $(shell which gperf >/dev/null 2>/dev/null && echo yes)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libcap-2.43/Makefile new/libcap-2.44/Makefile
--- old/libcap-2.43/Makefile 2020-08-15 20:07:49.000000000 +0200
+++ new/libcap-2.44/Makefile 2020-09-07 23:08:11.000000000 +0200
@@ -68,6 +68,13 @@
make clean all test sudotest
make distclean
+morgangodoc:
+ @echo "Now the release is made, you want to remember to run:"
+ @echo
+ @echo "GOPROXY=https://proxy.golang.org GO111MODULE=on go get
kernel.org/pub/linux/libs/security/libcap/cap@v$(GOMAJOR).$(VERSION).$(MINOR)"
+ @echo
+ @echo "This will cause a go.dev documentation update."
+
morganrelease: distcheck
@echo "sign the main library tag twice: older DSA key; and newer RSA
(kernel.org) key"
git tag -u D41A6DF2 -s libcap-$(VERSION).$(MINOR) -m "This is
libcap-$(VERSION).$(MINOR)"
@@ -79,3 +86,4 @@
make release
@echo "sign the tar file using korg key"
cd .. && gpg -sba -u E2CCF3F4 libcap-$(VERSION).$(MINOR).tar
+ make morgangodoc
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libcap-2.43/cap/cap.go new/libcap-2.44/cap/cap.go
--- old/libcap-2.43/cap/cap.go 2020-08-02 03:31:08.000000000 +0200
+++ new/libcap-2.44/cap/cap.go 2020-08-15 23:08:33.000000000 +0200
@@ -42,7 +42,7 @@
// uniformly over the whole Go (and CGo linked) process runtime.
//
// Note, if the Go runtime syscall interface contains the Linux
-// variant syscall.AllThreadsSyscall() API (it is not in go1.15rc1
+// variant syscall.AllThreadsSyscall() API (it is not in go1.15
// for example, but see https://github.com/golang/go/issues/1435 for
// current status) then this present package can use that to invoke
// Capability setting system calls in pure Go binaries. In such an
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libcap-2.43/cap/go.mod new/libcap-2.44/cap/go.mod
--- old/libcap-2.43/cap/go.mod 2020-08-15 20:05:57.000000000 +0200
+++ new/libcap-2.44/cap/go.mod 2020-10-05 03:44:28.000000000 +0200
@@ -2,4 +2,4 @@
go 1.11
-require kernel.org/pub/linux/libs/security/libcap/psx v0.2.43
+require kernel.org/pub/linux/libs/security/libcap/psx v0.2.44
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libcap-2.43/go/Makefile new/libcap-2.44/go/Makefile
--- old/libcap-2.43/go/Makefile 2020-07-12 02:30:19.000000000 +0200
+++ new/libcap-2.44/go/Makefile 2020-10-04 01:49:14.000000000 +0200
@@ -23,8 +23,8 @@
$(DEPS):
make -C ../libcap all
-../progs/capsh:
- make -C ../progs capsh
+../progs/tcapsh-static:
+ make -C ../progs tcapsh-static
src/$(IMPORTDIR)/psx:
mkdir -p "src/$(IMPORTDIR)"
@@ -43,18 +43,18 @@
$(PSXGOPACKAGE): src/$(IMPORTDIR)/psx ../psx/*.go $(DEPS)
mkdir -p pkg
- CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO)
install $(IMPORTDIR)/psx
+ GO111MODULE=off CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)"
GOPATH="$(GOPATH)" $(GO) install $(IMPORTDIR)/psx
$(CAPGOPACKAGE): src/$(IMPORTDIR)/cap ../cap/*.go good-names.go $(PSXGOPACKAGE)
- CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) install
$(IMPORTDIR)/cap
+ GO111MODULE=off CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)"
GOPATH=$(GOPATH) $(GO) install $(IMPORTDIR)/cap
# Compiles something with this package to compare it to libcap. This
# tests more when run under sudotest (see ../progs/quicktest.sh for that).
compare-cap: compare-cap.go $(CAPGOPACKAGE)
- CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)"
CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) $(GO) build $<
+ GO111MODULE=off CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)"
CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) $(GO)
build $<
web: ../goapps/web/web.go $(CAPGOPACKAGE)
- CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)"
GOPATH=$(GOPATH) $(GO) build -o $@ $(GOBUILDTAG) $<
+ GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)"
CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) build -o $@
$(GOBUILDTAG) $<
ifeq ($(RAISE_GO_FILECAP),yes)
make -C ../progs setcap
sudo ../progs/setcap cap_setpcap,cap_net_bind_service=p web
@@ -62,24 +62,24 @@
endif
ok: ok.go
- CGO_ENABLED=0 GOPATH=$(GOPATH) $(GO) build $<
+ GO111MODULE=off CGO_ENABLED=0 GOPATH=$(GOPATH) $(GO) build $<
try-launching: try-launching.go $(CAPGOPACKAGE) ok
- CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)"
GOPATH=$(GOPATH) $(GO) build $(GOBUILDTAG) $<
+ GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)"
CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) build
$(GOBUILDTAG) $<
ifeq ($(CGO_REQUIRED),0)
- CGO_ENABLED="1" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)"
GOPATH=$(GOPATH) $(GO) build -o $@-cgo $<
+ GO111MODULE=off CGO_ENABLED="1"
CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) build -o $@-cgo
$<
endif
-test: all ../progs/capsh
- CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) test
$(IMPORTDIR)/psx
- CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) test
$(IMPORTDIR)/cap
+test: all
+ GO111MODULE=off CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)"
GOPATH="$(GOPATH)" $(GO) test $(IMPORTDIR)/psx
+ GO111MODULE=off CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)"
GOPATH="$(GOPATH)" $(GO) test $(IMPORTDIR)/cap
LD_LIBRARY_PATH=../libcap ./compare-cap
+
+sudotest: test ../progs/tcapsh-static
./try-launching
ifeq ($(CGO_REQUIRED),0)
./try-launching-cgo
endif
-
-sudotest: test
sudo ./try-launching
ifeq ($(CGO_REQUIRED),0)
sudo ./try-launching-cgo
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libcap-2.43/go/try-launching.go
new/libcap-2.44/go/try-launching.go
--- old/libcap-2.43/go/try-launching.go 2020-07-03 21:39:48.000000000 +0200
+++ new/libcap-2.44/go/try-launching.go 2020-09-07 23:08:11.000000000 +0200
@@ -32,7 +32,7 @@
}{
{args: []string{root + "/go/ok"}},
{
- args: []string{root + "/progs/capsh",
"--dropped=cap_chown", "--is-uid=123", "--is-gid=456", "--has-a=cap_setuid"},
+ args: []string{root + "/progs/tcapsh-static",
"--dropped=cap_chown", "--is-uid=123", "--is-gid=456", "--has-a=cap_setuid"},
iab: "!cap_chown,^cap_setuid,cap_sys_admin",
uid: 123,
gid: 456,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libcap-2.43/goapps/setid/go.mod
new/libcap-2.44/goapps/setid/go.mod
--- old/libcap-2.43/goapps/setid/go.mod 2020-08-15 20:06:33.000000000 +0200
+++ new/libcap-2.44/goapps/setid/go.mod 2020-10-05 03:45:03.000000000 +0200
@@ -3,6 +3,6 @@
go 1.11
require (
- kernel.org/pub/linux/libs/security/libcap/cap v0.2.43
- kernel.org/pub/linux/libs/security/libcap/psx v0.2.43
+ kernel.org/pub/linux/libs/security/libcap/cap v0.2.44
+ kernel.org/pub/linux/libs/security/libcap/psx v0.2.44
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libcap-2.43/goapps/web/go.mod
new/libcap-2.44/goapps/web/go.mod
--- old/libcap-2.43/goapps/web/go.mod 2020-08-15 20:06:14.000000000 +0200
+++ new/libcap-2.44/goapps/web/go.mod 2020-10-05 03:45:13.000000000 +0200
@@ -2,4 +2,4 @@
go 1.11
-require kernel.org/pub/linux/libs/security/libcap/cap v0.2.43
+require kernel.org/pub/linux/libs/security/libcap/cap v0.2.44
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libcap-2.43/libcap/Makefile
new/libcap-2.44/libcap/Makefile
--- old/libcap-2.43/libcap/Makefile 2020-08-14 05:34:12.000000000 +0200
+++ new/libcap-2.44/libcap/Makefile 2020-09-07 23:08:11.000000000 +0200
@@ -93,22 +93,20 @@
test: cap_test
./cap_test
-install: install-shared install-static
+install: install-static install-shared
-install-common: pcs
- mkdir -p -m 0755 $(FAKEROOT)$(INCDIR)/sys
- install -m 0644 include/sys/capability.h $(FAKEROOT)$(INCDIR)/sys
- install -m 0644 include/sys/psx_syscall.h $(FAKEROOT)$(INCDIR)/sys
- mkdir -p -m 0755 $(FAKEROOT)$(PKGCONFIGDIR)
- install -m 0644 libcap.pc $(FAKEROOT)$(PKGCONFIGDIR)/libcap.pc
- install -m 0644 libpsx.pc $(FAKEROOT)$(PKGCONFIGDIR)/libpsx.pc
- mkdir -p -m 0755 $(FAKEROOT)$(LIBDIR)
+install-static: install-static-cap install-static-psx
+
+install-shared: install-shared-cap
+
+install-cap: install-static-cap install-shared-cap
-install-static: $(STACAPLIBNAME) $(STAPSXLIBNAME) install-common
+install-psx: install-static-psx
+
+install-static-cap: install-common-cap $(STACAPLIBNAME)
install -m 0644 $(STACAPLIBNAME) $(FAKEROOT)$(LIBDIR)/$(STACAPLIBNAME)
- install -m 0644 $(STAPSXLIBNAME) $(FAKEROOT)$(LIBDIR)/$(STAPSXLIBNAME)
-install-shared: $(MINLIBNAME) install-common
+install-shared-cap: install-common-cap $(MINLIBNAME)
install -m 0644 $(MINLIBNAME) $(FAKEROOT)$(LIBDIR)/$(MINLIBNAME)
ln -sf $(MINLIBNAME) $(FAKEROOT)$(LIBDIR)/$(MAJLIBNAME)
ln -sf $(MAJLIBNAME) $(FAKEROOT)$(LIBDIR)/$(LIBNAME)
@@ -116,6 +114,22 @@
-/sbin/ldconfig
endif
+install-static-psx: install-common-psx $(STAPSXLIBNAME)
+ install -m 0644 $(STAPSXLIBNAME) $(FAKEROOT)$(LIBDIR)/$(STAPSXLIBNAME)
+
+install-common-cap: install-common libcap.pc
+ install -m 0644 include/sys/capability.h $(FAKEROOT)$(INCDIR)/sys
+ install -m 0644 libcap.pc $(FAKEROOT)$(PKGCONFIGDIR)/libcap.pc
+
+install-common-psx: install-common libpsx.pc
+ install -m 0644 include/sys/psx_syscall.h $(FAKEROOT)$(INCDIR)/sys
+ install -m 0644 libpsx.pc $(FAKEROOT)$(PKGCONFIGDIR)/libpsx.pc
+
+install-common:
+ mkdir -p -m 0755 $(FAKEROOT)$(INCDIR)/sys
+ mkdir -p -m 0755 $(FAKEROOT)$(PKGCONFIGDIR)
+ mkdir -p -m 0755 $(FAKEROOT)$(LIBDIR)
+
clean:
$(LOCALCLEAN)
rm -f $(CAPOBJS) $(LIBNAME)* $(STACAPLIBNAME) libcap.pc libpsx.pc
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libcap-2.43/progs/.gitignore
new/libcap-2.44/progs/.gitignore
--- old/libcap-2.43/progs/.gitignore 2020-07-01 04:43:01.000000000 +0200
+++ new/libcap-2.44/progs/.gitignore 2020-09-07 23:08:11.000000000 +0200
@@ -1,4 +1,5 @@
capsh
+tcapsh-static
getcap
getpcaps
setcap
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libcap-2.43/progs/Makefile
new/libcap-2.44/progs/Makefile
--- old/libcap-2.43/progs/Makefile 2020-07-01 04:43:01.000000000 +0200
+++ new/libcap-2.44/progs/Makefile 2020-09-12 21:49:02.000000000 +0200
@@ -8,16 +8,20 @@
BUILD=$(PROGS)
-ifneq ($(DYNAMIC),yes)
+ifeq ($(DYNAMIC),yes)
+LDPATH = LD_LIBRARY_PATH=../libcap
+DEPSBUILD = all
+else
LDFLAGS += --static
+DEPSBUILD = libcap.a
endif
-DEPS=../libcap/libcap.a ../libcap/libpsx.a
+DEPS=../libcap/libcap.a
all: $(BUILD)
$(DEPS):
- make -C ../libcap all
+ make -C ../libcap $(DEPSBUILD)
$(BUILD): %: %.o $(DEPS)
$(CC) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS)
@@ -36,9 +40,12 @@
test: $(PROGS)
-sudotest: test
- sudo ./quicktest.sh
+tcapsh-static: capsh.c $(DEPS)
+ $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB)
$(LDFLAGS) --static
+
+sudotest: test tcapsh-static
+ sudo $(LDPATH) ./quicktest.sh
clean:
$(LOCALCLEAN)
- rm -f *.o $(BUILD) tcapsh ping hack.sh compare-cap
+ rm -f *.o $(BUILD) tcapsh* privileged ping hack.sh compare-cap
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libcap-2.43/progs/quicktest.sh
new/libcap-2.44/progs/quicktest.sh
--- old/libcap-2.43/progs/quicktest.sh 2020-07-01 04:43:01.000000000 +0200
+++ new/libcap-2.44/progs/quicktest.sh 2020-09-07 23:08:11.000000000 +0200
@@ -45,7 +45,7 @@
pass_capsh --print
# Make a local non-setuid-0 version of capsh and call it privileged
-cp ./capsh ./privileged && /bin/chmod -s ./privileged
+cp ./tcapsh-static ./privileged && /bin/chmod -s ./privileged
if [ $? -ne 0 ]; then
echo "Failed to copy capsh for capability manipulation"
exit 1
@@ -77,7 +77,7 @@
pass_capsh --keep=0 --keep=1 --keep=0 --keep=1 --print
/bin/rm -f tcapsh
-/bin/cp capsh tcapsh
+/bin/cp tcapsh-static tcapsh
/bin/chown root.root tcapsh
/bin/chmod u+s tcapsh
/bin/ls -l tcapsh
@@ -166,7 +166,7 @@
# Verify we can chroot
pass_capsh --chroot=$(/bin/pwd)
-pass_capsh --chroot=$(/bin/pwd) ==
+pass_capsh -- -c "./tcapsh-static --chroot=$(/bin/pwd) =="
fail_capsh --chroot=$(/bin/pwd) -- -c "echo oops"
./capsh --has-ambient
@@ -216,7 +216,7 @@
# nsprivileged capsh will have an ns rootid value (this is
# the same setup as an earlier test but with a ns file cap).
rm -f nsprivileged
-cp ./capsh ./nsprivileged && /bin/chmod -s ./nsprivileged
+cp ./tcapsh-static ./nsprivileged && /bin/chmod -s ./nsprivileged
./setcap -n 1 all=ep ./nsprivileged
if [ $? -eq 0 ]; then
./getcap -n ./nsprivileged | fgrep "[rootid=1]"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libcap-2.43/psx/psx.go new/libcap-2.44/psx/psx.go
--- old/libcap-2.43/psx/psx.go 2020-08-02 03:31:08.000000000 +0200
+++ new/libcap-2.44/psx/psx.go 2020-08-15 23:08:33.000000000 +0200
@@ -36,14 +36,7 @@
//
// If your Go compiler is older than go1.15, a workaround may be
// required to be able to link this package. In order to do what it
-// needs to this package employs some unusual linking flags. You will
-// need to do this for any Go toolchain that that does not include
-// this patch:
-//
-// https://go-review.googlesource.com/c/go/+/236139/
-//
-// As of the time of writing, that is all release tags prior to
-// go1.15rc1 .
+// needs to this package employs some unusual linking flags.
//
// The workaround is to build with the following CGO_LDFLAGS_ALLOW
// in effect:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libcap-2.43/tests/Makefile
new/libcap-2.44/tests/Makefile
--- old/libcap-2.43/tests/Makefile 2020-08-14 05:34:12.000000000 +0200
+++ new/libcap-2.44/tests/Makefile 2020-09-12 21:49:02.000000000 +0200
@@ -7,10 +7,18 @@
DEPS=../libcap/libcap.a ../libcap/libpsx.a
+ifeq ($(DYNAMIC),yes)
+LDPATH = LD_LIBRARY_PATH=../libcap
+DEPSBUILD = all
+else
+LDFLAGS += --static
+DEPSBUILD = libcap.a libpsx.a
+endif
+
all: psx_test libcap_psx_test libcap_launch_test
$(DEPS):
- make -C ../libcap all
+ make -C ../libcap $(DEPSBUILD)
test: run_psx_test run_libcap_psx_test
@@ -19,30 +27,31 @@
install: all
run_psx_test: psx_test
- ./psx_test
+ $(LDPATH) ./psx_test
psx_test: psx_test.c $(DEPS)
- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBPSXLIB) -Wl,-wrap,pthread_create
+ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBPSXLIB)
run_libcap_psx_test: libcap_psx_test
- ./libcap_psx_test
+ $(LDPATH) ./libcap_psx_test
libcap_psx_test: libcap_psx_test.c $(DEPS)
- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBCAPLIB) $(LIBPSXLIB)
-Wl,-wrap,pthread_create --static
+ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS)
run_libcap_launch_test: libcap_launch_test libcap_psx_launch_test noop
- sudo ./libcap_launch_test
- sudo ./libcap_psx_launch_test
+ sudo $(LDPATH) ./libcap_launch_test
+ sudo $(LDPATH) ./libcap_psx_launch_test
libcap_launch_test: libcap_launch_test.c $(DEPS)
- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBCAPLIB) --static
+ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBCAPLIB) $(LDFLAGS)
# this varies only slightly from the above insofar as it currently
# only links in the pthreads fork support. TODO() we need to change
# the source to do something interesting with pthreads.
libcap_psx_launch_test: libcap_launch_test.c $(DEPS)
- $(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LIBCAPLIB)
$(LIBPSXLIB) -Wl,-wrap,pthread_create --static
+ $(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LIBCAPLIB)
$(LIBPSXLIB) $(LDFLAGS)
+# This one runs in a chroot with no shared library files.
noop: noop.c
$(CC) $(CFLAGS) $< -o $@ --static
_______________________________________________
openSUSE Commits mailing list -- commit@lists.opensuse.org
To unsubscribe, email commit-le...@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives:
https://lists.opensuse.org/archives/list/commit@lists.opensuse.org
