commit: 237da0d6dc76da4cd04c0ab358e63f0e97c4ed2c Author: Alexander Golubev <fatzer2 <AT> gmail <DOT> com> AuthorDate: Thu Nov 21 02:18:12 2024 +0000 Commit: Golubev Alexander <fatzer2 <AT> gmail <DOT> com> CommitDate: Thu Nov 21 02:18:57 2024 +0000 URL: https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=237da0d6
app-misc/kloak: add 0.3.7_p1, 9999 Closes: https://bugs.gentoo.org/840038 Closes: https://bugs.gentoo.org/839624 Signed-off-by: Alexander Golubev <fatzer2 <AT> gmail.com> app-misc/kloak/Manifest | 1 + ...p1-A-slightly-more-sophisticated-Makefile.patch | 130 +++++++++++++++++++++ app-misc/kloak/kloak-0.3.7_p1.ebuild | 93 +++++++++++++++ app-misc/kloak/kloak-9999.ebuild | 89 ++++++++++++++ app-misc/kloak/metadata.xml | 4 + 5 files changed, 317 insertions(+) diff --git a/app-misc/kloak/Manifest b/app-misc/kloak/Manifest index e903fdeea..f24333601 100644 --- a/app-misc/kloak/Manifest +++ b/app-misc/kloak/Manifest @@ -1 +1,2 @@ DIST kloak-0.2.30-2.tar.bz2 98626 BLAKE2B e5bd388256e05cb2a3145f865f20ae007b09a5efa41d6068deb75ae1ff492f024b53e50e20ca4cc020a5b1a4b9983eda91c47e4458bc45ebcb2522cb4d717e4f SHA512 4222d4fe5b83a8517230530a1dfcd19349e06dd463669887b45cce21f1167c9e8a2f098e3e2b1678b9b8b85fb51440a05129b2f4404fca5725099a4840af5111 +DIST kloak-0.3.7-1.tar.gz 108524 BLAKE2B 76a6ec1729f789b260f9427b809455fbd3a27d1e4746421fbe27a4916b837ac243909480084449c1e845eb16e1e7d91af1b5e6377bdf2872278059bfdf454e10 SHA512 30ca956217f91d817fc402b7693da7ef351d0ef079e7c5511475e9414a6f18c82554e334c77f6f731b6eea53635ca7c2eddab7bd4f28f4ded001c194dc04d9d1 diff --git a/app-misc/kloak/files/kloak-0.3.7_p1-A-slightly-more-sophisticated-Makefile.patch b/app-misc/kloak/files/kloak-0.3.7_p1-A-slightly-more-sophisticated-Makefile.patch new file mode 100644 index 000000000..5dccd574d --- /dev/null +++ b/app-misc/kloak/files/kloak-0.3.7_p1-A-slightly-more-sophisticated-Makefile.patch @@ -0,0 +1,130 @@ +From 76b775049168cc327b2a13665d528e18fe266679 Mon Sep 17 00:00:00 2001 +From: Alexander Golubev <[email protected]> +Date: Fri, 15 Nov 2024 22:00:07 +0300 +Subject: [PATCH 2/2] A slightly more sophisticated Makefile + +- support for override of the compiler and utils +- support for append/override CFLAGS +- a target to update man pages +- install target +- better handling of conditional flags, particularly: + - disable some warnings on non-gcc compilers + - handle GNU's tuples like `x86-64-pc-linux-gnu` and + `aarch-unknowv-linux-gnu` +- organize CFLAGS by sorting them into categories + +Signed-off-by: Alexander Golubev <[email protected]> +--- + Makefile | 79 +++++++++++++++++++++++++++++++++++++++++++------------- + 1 file changed, 61 insertions(+), 18 deletions(-) + +diff --git a/Makefile b/Makefile +index f817b37..9715cd2 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,26 @@ + #!/usr/bin/make -f + +-TARGETARCH=$(shell gcc -dumpmachine) ++CC ?= gcc ++INSTALL ?= install ++PKG_CONFIG ?= pkg-config ++RONN ?= ronn ++ ++CFLAGS ?= -O2 -g ++ ++# NOTE: The systemd unit and apparmor profile are hardcoded to use ++# /usr/sbin/kloak. So if you change the default install paths, ++# you will have to patch those files yourself. ++prefix ?= /usr ++sbindir ?= $(prefix)/sbin ++datadir ?= $(prefix)/share ++mandir ?= $(datadir)/man ++ ++udev_rules_dir ?= /lib/udev/rules.d ++apparmor_dir ?= /etc/apparmor.d/ ++systemd_dir ?= /usr/lib/systemd/system ++ ++TARGETARCH=$(shell $(CC) -dumpmachine) ++CC_VERSION=$(shell $(CC) --version) + + # https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html + # +@@ -13,34 +33,57 @@ TARGETARCH=$(shell gcc -dumpmachine) + # + # Added the following flags: + # -fsanitize=address,undefined # enable ASan/UBSan +-CFLAGS = -O2 -Wall -Wformat -Wformat=2 -Wconversion -Wimplicit-fallthrough \ +- -Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 \ +- -fstack-clash-protection \ +- -fstack-protector-strong -Wl,-z,nodlopen -Wl,-z,noexecstack -Wl,-z,relro \ +- -Wl,-z,now -Wl,--as-needed -Wl,--no-copy-dt-needed-entries -Wtrampolines \ +- -Wbidi-chars=any -fPIE -pie -Werror=implicit \ +- -Werror=incompatible-pointer-types -Werror=int-conversion \ +- -fno-delete-null-pointer-checks -fno-strict-overflow -fno-strict-aliasing \ +- -fsanitize=undefined +- +-ifeq ($(TARGETARCH), x86_64-linux-gnu) +-CFLAGS += -fcf-protection=full # only supported on x86_64 ++WARN_CFLAGS := -Wall -Wformat -Wformat=2 -Wconversion -Wimplicit-fallthrough \ ++ -Werror=format-security -Werror=implicit -Werror=int-conversion \ ++ -Werror=incompatible-pointer-types ++ ++ifeq (,$(findstring clang,$(CC_VERSION))) # if not clang ++WARN_CFLAGS += -Wtrampolines -Wbidi-chars=any # clang as for 18.1.8 doesn't support this warnings ++endif ++ ++FORTIFY_CFLAGS := -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -fstack-clash-protection \ ++ -fstack-protector-strong -fno-delete-null-pointer-checks \ ++ -fno-strict-overflow -fno-strict-aliasing -fsanitize=undefined ++ ++ifeq (yes,$(patsubst x86_64%-linux-gnu,yes,$(TARGETARCH))) ++FORTIFY_CFLAGS += -fcf-protection=full # only supported on x86_64 + endif +-ifeq ($(TARGETARCH), aarch64-linux-gnu) +-CFLAGS += -mbranch-protection=standard # only supported on aarch64 ++ifeq (yes,$(patsubst aarch64%-linux-gnu,yes,$(TARGETARCH))) ++FORTIFY_CFLAGS += -mbranch-protection=standard # only supported on aarch64 + endif + +-ifeq (, $(shell which pkg-config)) ++BIN_CFLAGS := -fPIE ++ ++CFLAGS := $(WARN_CFLAGS) $(FORTIFY_CFLAGS) $(BIN_CFLAGS) $(CFLAGS) ++LDFLAGS := -Wl,-z,nodlopen -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now \ ++ -Wl,--as-needed -Wl,--no-copy-dt-needed-entries -pie $(LDFLAGS) ++ ++ifeq (, $(shell which $(PKG_CONFIG))) + $(error pkg-config not installed!) + endif + + all : kloak eventcap + + kloak : src/main.c src/keycodes.c src/keycodes.h +- gcc -g src/main.c src/keycodes.c -o kloak -lm $(shell pkg-config --cflags --libs libevdev) $(shell pkg-config --cflags --libs libsodium) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) ++ $(CC) src/main.c src/keycodes.c -o kloak -lm $(shell $(PKG_CONFIG) --cflags --libs libevdev) $(shell $(PKG_CONFIG) --cflags --libs libsodium) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) + + eventcap : src/eventcap.c +- gcc -g src/eventcap.c -o eventcap $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) ++ $(CC) src/eventcap.c -o eventcap $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) ++ ++MANPAGES := auto-generated-man-pages/eventcap.8 auto-generated-man-pages/kloak.8 ++ ++man : $(MANPAGES) ++ ++auto-generated-man-pages/% : man/%.ronn ++ ronn --manual="kloak Manual" --organization="kloak" <$< >$@ + + clean : + rm -f kloak eventcap ++ ++install : all lib/udev/rules.d/95-kloak.rules etc/apparmor.d/usr.sbin.kloak usr/lib/systemd/system/kloak.service $(MANPAGES) ++ $(INSTALL) -d -m 755 $(addprefix $(DESTDIR), $(sbindir) $(mandir)/man8 $(udev_rules_dir) $(apparmor_dir) $(systemd_dir)) ++ $(INSTALL) -m 755 kloak eventcap $(DESTDIR)$(sbindir) ++ $(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(mandir)/man8 ++ $(INSTALL) -m 644 lib/udev/rules.d/95-kloak.rules $(DESTDIR)$(udev_rules_dir) ++ $(INSTALL) -m 644 etc/apparmor.d/usr.sbin.kloak $(DESTDIR)$(apparmor_dir) ++ $(INSTALL) -m 644 usr/lib/systemd/system/kloak.service $(DESTDIR)$(systemd_dir) +-- +2.45.2 + diff --git a/app-misc/kloak/kloak-0.3.7_p1.ebuild b/app-misc/kloak/kloak-0.3.7_p1.ebuild new file mode 100644 index 000000000..c74d2766e --- /dev/null +++ b/app-misc/kloak/kloak-0.3.7_p1.ebuild @@ -0,0 +1,93 @@ +# Copyright 2022-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit toolchain-funcs linux-info udev + +MY_PV="${PV/_p/-}" +MY_P="${PN}-${MY_PV}" + +if [[ ${PV} == *9999* ]]; then + EGIT_REPO_URI="https://github.com/Whonix/kloak.git"; + inherit git-r3 +else + SRC_URI="https://github.com/Whonix/kloak/archive/${MY_PV}.tar.gz -> ${MY_P}.tar.gz" + KEYWORDS="~amd64" + S="${WORKDIR}/${MY_P}" +fi + +DESCRIPTION="A privacy tool that makes keystroke biometrics less effective" +HOMEPAGE="https://github.com/Whonix/kloak"; + +LICENSE="BSD" +SLOT="0" +IUSE="systemd apparmor" + +DEPEND=" + dev-libs/libevdev + dev-libs/libsodium +" +RDEPEND="${DEPEND}" +BDEPEND="app-text/ronn-ng" + +PATCHES=( + "${FILESDIR}/${P}-A-slightly-more-sophisticated-Makefile.patch" +) + +pkg_pretend() { + local CONFIG_CHECK="~UINPUT" + [[ ${MERGE_TYPE} != buildonly ]] && check_extra_config +} + +src_prepare() { + default + + # force manpages to be regenerated + rm auto-generated-man-pages/* || die + + # respect our prefix in scripts + [[ -z "$EPREFIX" ]] || sed -i -e "s!/usr/sbin/!${EPREFIX}/usr/sbin/!" \ + etc/apparmor.d/usr.sbin.kloak \ + usr/lib/systemd/system/kloak.service || die +} + +src_configure() { + tc-export CC PKG_CONFIG +} + +src_install() { + local my_makeopts=( + prefix="${EPREFIX}/usr" + ) + use systemd || my_makeopts+=( + udev_rules_dir=deleteme + systemd_dir=deleteme + ) + use apparmor || my_makeopts+=( + apparmor_dir=deleteme + ) + + emake DESTDIR="${D}" "${my_makeopts[@]}" install + + if [[ -d "${D}/deleteme" ]]; then + rm -r "${D}/deleteme" || die + fi +} + +pkg_postinst() { + if use systemd; then + elog "systemd kloak service is installed; kloak will automatically restart" + elog "to handle newly attached each newly attached input device." + else + elog "kloak is installed without any service support. You will have" + elog "to manually launch and stop it, see kloak's documentation:" + elog " https://github.com/vmonaco/kloak"; + fi + + use systemd && udev_reload +} + +pkg_postrm() { + use systemd && udev_reload +} diff --git a/app-misc/kloak/kloak-9999.ebuild b/app-misc/kloak/kloak-9999.ebuild new file mode 100644 index 000000000..36d62416f --- /dev/null +++ b/app-misc/kloak/kloak-9999.ebuild @@ -0,0 +1,89 @@ +# Copyright 2022-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit toolchain-funcs linux-info udev + +MY_PV="${PV/_p/-}" +MY_P="${PN}-${MY_PV}" + +if [[ ${PV} == *9999* ]]; then + EGIT_REPO_URI="https://github.com/Whonix/kloak.git"; + inherit git-r3 +else + SRC_URI="https://github.com/Whonix/kloak/archive/${MY_PV}.tar.gz -> ${MY_P}.tar.gz" + KEYWORDS="~amd64" + S="${WORKDIR}/${MY_P}" +fi + +DESCRIPTION="A privacy tool that makes keystroke biometrics less effective" +HOMEPAGE="https://github.com/Whonix/kloak"; + +LICENSE="BSD" +SLOT="0" +IUSE="systemd apparmor" + +DEPEND=" + dev-libs/libevdev + dev-libs/libsodium +" +RDEPEND="${DEPEND}" +BDEPEND="app-text/ronn-ng" + +pkg_pretend() { + local CONFIG_CHECK="~UINPUT" + [[ ${MERGE_TYPE} != buildonly ]] && check_extra_config +} + +src_prepare() { + default + + # force manpages to be regenerated + rm auto-generated-man-pages/* || die + + # respect our prefix in scripts + [[ -z "$EPREFIX" ]] || sed -i -e "s!/usr/sbin/!${EPREFIX}/usr/sbin/!" \ + etc/apparmor.d/usr.sbin.kloak \ + usr/lib/systemd/system/kloak.service || die +} + +src_configure() { + tc-export CC PKG_CONFIG +} + +src_install() { + local my_makeopts=( + prefix="${EPREFIX}/usr" + ) + use systemd || my_makeopts+=( + udev_rules_dir=deleteme + systemd_dir=deleteme + ) + use apparmor || my_makeopts+=( + apparmor_dir=deleteme + ) + + emake DESTDIR="${D}" "${my_makeopts[@]}" install + + if [[ -d "${D}/deleteme" ]]; then + rm -r "${D}/deleteme" || die + fi +} + +pkg_postinst() { + if use systemd; then + elog "systemd kloak service is installed; kloak will automatically restart" + elog "to handle newly attached each newly attached input device." + else + elog "kloak is installed without any service support. You will have" + elog "to manually launch and stop it, see kloak's documentation:" + elog " https://github.com/vmonaco/kloak"; + fi + + use systemd && udev_reload +} + +pkg_postrm() { + use systemd && udev_reload +} diff --git a/app-misc/kloak/metadata.xml b/app-misc/kloak/metadata.xml index 2b08b74d9..5bc5980f1 100644 --- a/app-misc/kloak/metadata.xml +++ b/app-misc/kloak/metadata.xml @@ -6,4 +6,8 @@ <remote-id type="github">Whonix/kloak</remote-id> <remote-id type="gitlab">whonix/kloak</remote-id> </upstream> + <use> + <flag name="apparmor">Install AppArmor profile</flag> + <flag name="systemd">Install systemd service file</flag> + </use> </pkgmetadata>
