commit: 5db9c5c25b8ce0b1d2f3ca9c0a6ab50f4d82cea3 Author: Andrew Savchenko <bircoph <AT> gentoo <DOT> org> AuthorDate: Tue May 19 21:41:26 2015 +0000 Commit: Andrew Savchenko <bircoph <AT> gentoo <DOT> org> CommitDate: Tue May 19 21:41:26 2015 +0000 URL: https://gitweb.gentoo.org/dev/bircoph.git/commit/?id=5db9c5c2
clsync-docs: 0.4.1+ fixes app-admin/clsync/ChangeLog | 11 +-- app-admin/clsync/Manifest | 9 +- app-admin/clsync/clsync-0.4.1.ebuild | 108 ++++++++++++++++++++- app-admin/clsync/clsync-9999.ebuild | 4 +- .../clsync/files/clsync-0.4.1-capabilities.patch | 68 +++++++++++++ .../files/clsync-0.4.1-check-exec-arguments.patch | 21 ++++ .../clsync/files/clsync-0.4.1-splitting.patch | 35 +++++++ 7 files changed, 245 insertions(+), 11 deletions(-) diff --git a/app-admin/clsync/ChangeLog b/app-admin/clsync/ChangeLog index 32c604f..fd27b73 100644 --- a/app-admin/clsync/ChangeLog +++ b/app-admin/clsync/ChangeLog @@ -2,12 +2,11 @@ # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 # $Header: $ -*clsync-0.4.1 (18 May 2015) - - 18 May 2015; Andrew Savchenko <[email protected]> +clsync-0.4.1.ebuild, - clsync-9999.ebuild, files/clsync.conf, files/clsync.confd, - files/clsync.initd, metadata.xml: - Version 0.4.1 is added for testing. + 19 May 2015; Andrew Savchenko <[email protected]> clsync-9999.ebuild, + +files/clsync-0.4.1-capabilities.patch, + +files/clsync-0.4.1-check-exec-arguments.patch, + +files/clsync-0.4.1-splitting.patch: + Version bump (0.4.1 testing) 11 Feb 2015; Andrew Savchenko <[email protected]> -clsync-0.2.1.ebuild, -clsync-0.3.ebuild, -clsync-0.4-r1.ebuild, clsync-9999.ebuild, diff --git a/app-admin/clsync/Manifest b/app-admin/clsync/Manifest index bfe7d0f..4faf0ec 100644 --- a/app-admin/clsync/Manifest +++ b/app-admin/clsync/Manifest @@ -1,8 +1,11 @@ +AUX clsync-0.4.1-capabilities.patch 2027 SHA256 3bc8150cd1479b02b132902e9b9efacce3eb94748e52e0023fea954c6933d5de SHA512 ff435c7e1d7cd93ab410f42c461b8ea4ef3807b0c7656e447fafc54e007b93e54b216b63f43b5a440e2ed9b8c01abd42cd3b31dfd575e5c8b0b07151eff79bb6 WHIRLPOOL d8b3ae0dd2fdab82fd6705181356efbdd576ef5d16f62899fff7093749432e3751659b27584550cc7da07f172c6e186b3fb503df5640ba1f7af9283cfeee9e75 +AUX clsync-0.4.1-check-exec-arguments.patch 800 SHA256 5f7711d6f79c956e0014426a94943ccbdad51cf0ea228895d8f9fd631d7f69f4 SHA512 649c07543fe3382eec23073ba3ed6901bfde984e4cb05e2eba41282fd9343c465ae4ca0e0d8534c293152764a547cbc463b7c7b625bfdf7a34a242b7f567738a WHIRLPOOL 98eefa5fcceecf3738fec98fe80a5e945183fb68d6edc827cfa98344bb7be5fbe52a2c25380cec290c276dd3be2f77323787ed1dc24dfbbd65e3d05e8f49c5c0 +AUX clsync-0.4.1-splitting.patch 983 SHA256 0f99e07d0f6cfef050b2bba1cc5c1e715741a83df1ef6e35f02d271210e46f9e SHA512 1efbe3f2341cf861926af64adaa76097894cea622df967625afbe06cf871e2d47a2f76020b8ef9b8b3942e109884f582db98848ed7734b3d8105c65e4dc4ca46 WHIRLPOOL b493c716c03e47057ff83947b30f81c1f68f3540810117c72fa1289308e9944849940ce172934043e38d7a2fe228c9e38adc416d6ec44b0e5bab198b9128ebbc AUX clsync.conf 589 SHA256 1a8689b86cf9475ef72ef42a623a1bb1ae55abff31578dcfdf3537331c681815 SHA512 46d8d786378eed0bfa46195e45f764015258ba55b35a5acf2685967e9fbd1fc7656c6aeba26b06889fa2f7c62cb11ecb84b10b856356ea3c0d463eaa4980c33d WHIRLPOOL cd9a0800b75eab476d7feec079f23538295dca5067f979ce4280c3188b9a24adf7c78e0c2ec5e2e8cadd71d11be181d873bc462d9fe321ada85e4e11690272db AUX clsync.confd 645 SHA256 ae7e9cacf618f9a32a4a1580580a901831aaaa0abb9de9e0379fbcc6a7359b0d SHA512 75dcc49d51f6da94d42eb501f1ad2868f163405dd7aa933f4c8078ec18f5b54eb6c66ff796ee744f7751699162627af843edbe5de5adf99c23712cedaebaddc5 WHIRLPOOL 06289c7645430d10b242983daa9cd2d4c2f327b34ede308012354947c64c654a7864586743ae6de7c02770a8b1c22de04b63404a6431b317b328ac6ac1e121ce AUX clsync.initd 573 SHA256 1f3306dfeb4c8d8260551ed0edebe842452de2a2b7e85d07aa0fe46b88f10414 SHA512 c944388d5e61cfba73d462d457dbdcfef42c4bfc6f9ba814eea592dd630d64309e8e2b4af1cb621a41151613f28ab4508cc7d26d44def0b5a01938742cfbdd2e WHIRLPOOL c824fd5ed8e45afcd5df737dfea7645fc3460e42c5ab0512c4c462fc646f789e81597fb460126412f2347e0cb9468339b1874a697b65a40a3ff278625241f460 DIST clsync-0.4.1.tar.gz 253890 SHA256 3f14a72d7c3c1747ea908e373f25bd1918ce00450492fbb7094549db6bf21e27 SHA512 875280f706026d44806b92c22fa58d016136b2792f67a6b7e77f932465081da7a1ebaf22c25e538e4b58bfe04cd1cd5450ecab99c3df53ddd2a0fa966442d444 WHIRLPOOL 10ab11821766f7d16d03993069ac4da5fe362a1e5977ea6721e49ada7044d3659e59b507b03be4de09609b0a0ca9d7878407d7b6e1f40df5dbe1d041dac373cb -EBUILD clsync-0.4.1.ebuild 2729 SHA256 25723e95cf5583a904c7ee6d5d10758deca0ad7999f8d133c81e8790c75531ca SHA512 d824724131f9f806c1d3701c52566c729c0520d88427633ec41bb2a3bff7bbb756d7d4f6ec8aafeaef095e3f86343af14f867511210e63707044fd5d87adc453 WHIRLPOOL 92917fd871700da8fc15a7c12685646115b5f61d59b8f809da4556ac0a1fb2295129955eef8c3f74ab91920b53bc785ff81ce28ebddf5e665826750d5a764549 -EBUILD clsync-9999.ebuild 2729 SHA256 25723e95cf5583a904c7ee6d5d10758deca0ad7999f8d133c81e8790c75531ca SHA512 d824724131f9f806c1d3701c52566c729c0520d88427633ec41bb2a3bff7bbb756d7d4f6ec8aafeaef095e3f86343af14f867511210e63707044fd5d87adc453 WHIRLPOOL 92917fd871700da8fc15a7c12685646115b5f61d59b8f809da4556ac0a1fb2295129955eef8c3f74ab91920b53bc785ff81ce28ebddf5e665826750d5a764549 -MISC ChangeLog 6016 SHA256 9604b2ba7f7474f65ca1968e273978fb9672256e5ce6260c9d9e338207fd0950 SHA512 a38aa14bd5e33365c17b6a40a10424b2843abef4c5094153b571413d0c44d5e601974a735cabf42766f9ebf9205c5a6b5e0b571e2a4c833a9d9a1dfd7320eff8 WHIRLPOOL fa49da0179eb5f6631e3eb65b9afae4b1ef5c42dcb8d22bf26bc31b645af3daa25642f1775ae61b25b4c852958e924dcc73817d3b95c78cafcb8c8ff3d392644 +EBUILD clsync-0.4.1.ebuild 2925 SHA256 c835ef7fbcf59e58d27e5ab07aa758c855b8736b03c3df316ae62e8959203cea SHA512 00e900de4aa63f8962dd3089579ab468faa6d984f0dff0481485a7b7d20179bbee3c2753088093ba00712dfa5930b70ba2b22f7a8fd3087f97d52b5fabdc7756 WHIRLPOOL 99aaa540f719f0543064c7681400da03357d478d70574958cdf923c856393d3920391719b0e588b5f757e90448cc4030491bdf0308cd1a9b3c4e9eec36c4d2ef +EBUILD clsync-9999.ebuild 2751 SHA256 3d1ced06980c5693db5b137e49d63df18b980810e0cf672eeb13de28467be6bd SHA512 b091afffbb922e588df5eabc99a8bb6ca1ff3874068699b97a7e6062017fa871812f991a31132e330091362c83d6f1ddb0f410929d4010339a855497d28fa8b8 WHIRLPOOL 035211cf315a0924c38fec39895b66bd9cddbbd3d80ec6da3a4e90a466199cbb29fb006a46de61fb0bb749a6f555d272a009eb11455c17aa14d042fac4c66b1b +MISC ChangeLog 6012 SHA256 672c45533b851157cb9980aa0cb241fb2afc073ed1657edd99f140a7ed314aa3 SHA512 d0dd82d93686ac2ebd60153b95d617e66b06ba2b361dd04d6b438b22dc9765e6e9bbbc39063200c0bef2dddaf9ca905aa8f2afe8b4da947e1079e81cb349cdcd WHIRLPOOL 0929582207753a13ed733c136ccce5eff853ed39aa53de1e060803de32cb046dfe0c4b9dd6b2f2f948ca25237fcdf6088509c12f849acc6dabeea075cff1d187 MISC metadata.xml 1572 SHA256 6d90b9c0f0b37dffda05a9b5ca6d02f05ce0362eb8bf8fbe19e90c3f77570940 SHA512 5be148bc1f8b1ca76e2b5713bf5a9ecfc88c4c101620fbbf1cb4efcbe7b33a923038ea0c2d5b2d66689552a04b865c4b0625887baa98a80d64f486208143ce67 WHIRLPOOL e1cd84b85b5ac476407930f14217cfed16f67d3aeb221e61dffa94c688b69ada4f29f7a7e9f4f2b610f8730c10d700bff9148d6b871ca9d98e76eaa0c5de68c8 diff --git a/app-admin/clsync/clsync-0.4.1.ebuild b/app-admin/clsync/clsync-0.4.1.ebuild deleted file mode 120000 index 868bf4a..0000000 --- a/app-admin/clsync/clsync-0.4.1.ebuild +++ /dev/null @@ -1 +0,0 @@ -clsync-9999.ebuild \ No newline at end of file diff --git a/app-admin/clsync/clsync-0.4.1.ebuild b/app-admin/clsync/clsync-0.4.1.ebuild new file mode 100644 index 0000000..6b60095 --- /dev/null +++ b/app-admin/clsync/clsync-0.4.1.ebuild @@ -0,0 +1,107 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +EAPI=5 + +if [[ ${PV} == "9999" ]] ; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/xaionaro/${PN}.git"; +else + SRC_URI="https://github.com/xaionaro/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~x86" +fi + +inherit autotools eutils linux-info + +DESCRIPTION="Live sync tool based on inotify, written in GNU C" +HOMEPAGE="https://github.com/xaionaro/clsync http://ut.mephi.ru/oss/clsync"; +LICENSE="GPL-3+" +SLOT="0" +IUSE="+caps cluster control-socket cgroups debug extra-hardened +gio hardened +highload-locks +inotify mhash namespaces seccomp" + +REQUIRED_USE=" + || ( gio inotify ) + extra-hardened? ( hardened ) + mhash? ( cluster )" + +RDEPEND=" + dev-libs/glib:2 + cgroups? ( dev-libs/libcgroup ) + mhash? ( app-crypt/mhash ) +" +DEPEND="${CDEPEND} + virtual/pkgconfig +" +RDEPEND="${CDEPEND} + ~app-doc/clsync-docs-${PV} +" + +pkg_pretend() { + use namespaces && CONFIG_CHECK="~NAMESPACES ~UTS_NS ~IPC_NS ~USER_NS ~PID_NS ~NET_NS" + use seccomp && CONFIG_CHECK+=" ~SECCOMP" + check_extra_config +} + +src_prepare() { + # upstream fixes for 0.4.1 + epatch \ + "${FILESDIR}/${P}-capabilities.patch" \ + "${FILESDIR}/${P}-check-exec-arguments.patch" \ + "${FILESDIR}/${P}-splitting.patch" + eautoreconf +} + +src_configure() { + local harden_level=0 + use hardened && harden_level=1 + use extra-hardened && harden_level=2 + + econf \ + --docdir="${EPREFIX}/usr/share/doc/${PF}" \ + --disable-socket-library \ + --enable-clsync \ + --enable-paranoid=${harden_level} \ + --without-bsm \ + --without-kqueue \ + $(use_enable caps capabilities) \ + $(use_enable cluster) \ + $(use_enable control-socket socket) \ + $(use_enable debug) \ + $(use_enable highload-locks) \ + $(use_enable namespaces unshare) \ + $(use_enable seccomp) \ + $(use_with cgroups libcgroup) \ + $(use_with gio gio lib) \ + $(use_with inotify inotify native) \ + $(use_with mhash) +} + +src_install() { + emake DESTDIR="${D}" install + + # docs go into clsync-docs + rm -rf "${ED}/usr/share/doc" || die + + newinitd "${FILESDIR}/${PN}.initd" "${PN}" + newconfd "${FILESDIR}/${PN}.confd" "${PN}" + + # filter rules and sync scripts are supposed to be here + keepdir "${EPREFIX}/etc/${PN}" + insinto "/etc/${PN}" + newins "${FILESDIR}/${PN}.conf" "${PN}.conf" +} + +pkg_postinst() { + einfo "${PN} is just a convenient way to run synchronization tools on live data," + einfo "it doesn't copy data itself, so you need to install software to do actual" + einfo "data transfer. Usually net-misc/rsync is a good choise, but ${PN} is" + einfo "is flexible enough to use any user tool, see manual page for details." + einfo + einfo "${PN} init script can be multiplexed, to use symlink init script to" + einfo "othername and use conf.d/othername to configure it." + einfo + einfo "If you're interested in improved security, enable" + einfo "USE=\"caps cgroups hardened namespaces seccomp\"" +} diff --git a/app-admin/clsync/clsync-9999.ebuild b/app-admin/clsync/clsync-9999.ebuild index 2e1f080..5ba6875 100644 --- a/app-admin/clsync/clsync-9999.ebuild +++ b/app-admin/clsync/clsync-9999.ebuild @@ -31,8 +31,10 @@ RDEPEND=" cgroups? ( dev-libs/libcgroup ) mhash? ( app-crypt/mhash ) " -DEPEND="${RDEPEND} +DEPEND="${CDEPEND} virtual/pkgconfig +" +RDEPEND="${CDEPEND} ~app-doc/clsync-docs-${PV} " diff --git a/app-admin/clsync/files/clsync-0.4.1-capabilities.patch b/app-admin/clsync/files/clsync-0.4.1-capabilities.patch new file mode 100644 index 0000000..83cf15c --- /dev/null +++ b/app-admin/clsync/files/clsync-0.4.1-capabilities.patch @@ -0,0 +1,68 @@ +commit 2589dd0217bf358c41dbd2d65390d0bf156a02b0 +Author: Dmitry Yu Okunev <[email protected]> +Date: Tue May 19 13:26:32 2015 +0300 + + Fixed: Permission denied on --enable-debug=no + + Bugreport: https://github.com/xaionaro/clsync/issues/133 + +diff --git a/privileged.c b/privileged.c +index 2a9d0f3..1c3117e 100644 +--- a/privileged.c ++++ b/privileged.c +@@ -1054,19 +1054,28 @@ int privileged_handler(ctx_t *ctx_p) + case -1: + error("Cannot fork()."); + break; +- case 0: ++ case 0: { ++ int rc; ++ (void)rc; // anti-warning on ./configure --enable-debug=no + #ifdef ANTIPARANOID + if (ctx_p->privileged_gid != exec_gid) + #endif +- debug(4, "setgid(%u) == %i", exec_gid, setgid(exec_gid)); ++ { ++ rc = setgid(exec_gid); ++ debug(4, "setgid(%u) == %i", exec_gid, rc); ++ } + + #ifdef ANTIPARANOID + if (ctx_p->privileged_uid != exec_uid) + #endif +- debug(4, "setuid(%u) == %i", exec_uid, setuid(exec_uid)); ++ { ++ rc = setuid(exec_uid); ++ debug(4, "setuid(%u) == %i", exec_uid, rc); ++ } + + debug(3, "execvp(\"%s\", argv)", file); + exit(execvp(file, argv)); ++ } + } + cmd_ret_p->ret = (void *)(long)pid; + debug(21, "/PA_FORK_EXECVP"); +@@ -1640,12 +1649,20 @@ int __privileged_fork_execvp(const char *file, char *const argv[]) + case -1: + error("Cannot fork()."); + return -1; +- case 0: +- debug(4, "setgid(%u) == %i", __privileged_fork_execvp_gid, setgid(__privileged_fork_execvp_gid)); +- debug(4, "setuid(%u) == %i", __privileged_fork_execvp_uid, setuid(__privileged_fork_execvp_uid)); ++ case 0: { ++ int rc; ++ (void)rc; // anti-warning on ./configure --enable-debug=no ++ ++ rc = setgid(__privileged_fork_execvp_gid); ++ debug(4, "setgid(%u) == %i", __privileged_fork_execvp_gid, rc); ++ ++ rc = setuid(__privileged_fork_execvp_uid); ++ debug(4, "setuid(%u) == %i", __privileged_fork_execvp_uid, rc); ++ + errno = 0; + execvp(file, argv); + exit(errno); ++ } + } + + return pid; diff --git a/app-admin/clsync/files/clsync-0.4.1-check-exec-arguments.patch b/app-admin/clsync/files/clsync-0.4.1-check-exec-arguments.patch new file mode 100644 index 0000000..af76e4b --- /dev/null +++ b/app-admin/clsync/files/clsync-0.4.1-check-exec-arguments.patch @@ -0,0 +1,21 @@ +commit 48bc49bc21ed0aea9c1b8a06434a0db31530b217 +Author: Dmitry Yu Okunev <[email protected]> +Date: Tue May 19 16:45:36 2015 +0300 + + Fixed name of option "--check-exec-arguments" + + Was "--check-exec-args" + +diff --git a/main.c b/main.c +index 19e2fb8..e52429e 100644 +--- a/main.c ++++ b/main.c +@@ -97,7 +97,7 @@ static const struct option long_options[] = + {"secure-splitting", no_argument, NULL, SECURESPLITTING}, + # endif + {"splitting", required_argument, NULL, SPLITTING}, +- {"check-execvp-args", optional_argument, NULL, CHECK_EXECVP_ARGS}, ++ {"check-execvp-arguments",optional_argument, NULL, CHECK_EXECVP_ARGS}, + {"add-permitted-hook-files",required_argument, NULL, ADDPERMITTEDHOOKFILES}, + # ifdef SECCOMP_SUPPORT + {"seccomp-filter", optional_argument, NULL, SECCOMP_FILTER}, diff --git a/app-admin/clsync/files/clsync-0.4.1-splitting.patch b/app-admin/clsync/files/clsync-0.4.1-splitting.patch new file mode 100644 index 0000000..259762d --- /dev/null +++ b/app-admin/clsync/files/clsync-0.4.1-splitting.patch @@ -0,0 +1,35 @@ +commit 582bb46d6350ad100ac5fbf1082988cf6bd5198c +Author: Dmitry Yu Okunev <[email protected]> +Date: Wed May 13 15:37:41 2015 +0300 + + [paranoid=0] Fixed a segfault on thread/process splitting + + Fixes: https://github.com/xaionaro/clsync/issues/127 + +diff --git a/malloc.c b/malloc.c +index f320b84..a5ca48d 100644 +--- a/malloc.c ++++ b/malloc.c +@@ -101,11 +101,11 @@ void *malloc_align(size_t size) { + # endif + + total_size = size; +-# ifdef PARANOID ++ ++ // Rounding total_size up to a number of times pagesize + total_size += pagesize-1; + total_size /= pagesize; + total_size *= pagesize; +-# endif + + if (posix_memalign(&ret, pagesize, total_size)) + critical("(%li): Cannot allocate memory.", size); +@@ -136,7 +136,7 @@ void *calloc_align(size_t nmemb, size_t size) { + } + + char *strdup_protect(const char *src, int prot) { +- size_t len = strlen(src); ++ size_t len = strlen(src)+1; + char *dst = malloc_align(len); + strcpy(dst, src); + if (mprotect(dst, len, prot))
