sys-libs/libcap: add 2.61

Signed-off-by: David Seifert <soap@gentoo.org>

4 files changed, 177 insertions, 0 deletions

diff --git a/sys-libs/libcap/Manifest b/sys-libs/libcap/Manifest
index 4f4e42436180..a96b565578d0 100644
--- a/sys-libs/libcap/Manifest
+++ b/sys-libs/libcap/Manifest
@@ -1,2 +1,3 @@
 DIST libcap-2.49.tar.xz 139568 BLAKE2B 5746dcdf2a737e747450bd50a701ee8543277b17b7fbf1304b79f707a088ea74dc6dc79c61ff89b55b718a460a7b0814f960f44d07944a97b832b78f4e14e07f SHA512 2934a2ded1370edeb9603dbf43d8ca23a2eb5d67efc5cec5d4ba96c707a8db2702da8aa9be0cb86c5ff100d37ec96115c7777a7566ad0ab2e0b4a288bbe357d0
 DIST libcap-2.60.tar.xz 170744 BLAKE2B 858b5133a5cb2f3b30dab569a6c9f2097034318c90419fa2372e0b28c891160f5e84b54b302b2d98664df8f7c44df78eb3cb4e47b328cecd4c27e7ab223045ae SHA512 f2ff0d81df7251c05decda706ccc6463ce58df6a3c542fe479328dce5416f77aa5c6a09a1ab05a1d1a3638e6dae5c0e546aaa4824843a570700a8927fb7f73e6
+DIST libcap-2.61.tar.xz 173892 BLAKE2B 50874d3510ab2476aaceb775314d98744736aacd7364a23827756caa160c101e8bc890b7c33b5e19df8b30bb6b3b1c2be323e4b6a963f97e9ee557e86b4f13a0 SHA512 40096bf511d1c45e36f5d7f24e49c709528f3f01fcadd47b6ac40a7e8d5f1705b29b4cc56356b030639f67d0641b9f4e7c19449c3c7f4f77a4070c35745b465c
diff --git a/sys-libs/libcap/files/libcap-2.61-ignore-RAISE_SETFCAP-install-failures.patch b/sys-libs/libcap/files/libcap-2.61-ignore-RAISE_SETFCAP-install-failures.patch
new file mode 100644
index 000000000000..25f853b2a982
--- /dev/null
+++ b/sys-libs/libcap/files/libcap-2.61-ignore-RAISE_SETFCAP-install-failures.patch
@@ -0,0 +1,24 @@
+From 8dfcdcfdcb9c462a05566aa8d3c6eca871f0ddbf Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Wed, 10 Feb 2016 09:52:45 +0100
+Subject: [PATCH] ignore RAISE_SETFCAP install failures
+
+While the new RAISE_SETFCAP feature is nifty, its failure to run (often
+due to the fs not supporting it) shouldn't impair the default install.
+
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+
+Forward ported from libcap-2.20 to libcap-2.25
+
+Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+--- a/progs/Makefile
++++ b/progs/Makefile
+@@ -39,7 +39,7 @@
+ 		install -m 0755 $$p $(FAKEROOT)$(SBINDIR) ; \
+ 	done
+ ifeq ($(RAISE_SETFCAP),yes)
+-	$(FAKEROOT)$(SBINDIR)/setcap cap_setfcap=i $(FAKEROOT)$(SBINDIR)/setcap
++	-$(FAKEROOT)$(SBINDIR)/setcap cap_setfcap=i $(FAKEROOT)$(SBINDIR)/setcap
+ endif
+ 
+ test:
diff --git a/sys-libs/libcap/files/libcap-2.61-no_perl.patch b/sys-libs/libcap/files/libcap-2.61-no_perl.patch
new file mode 100644
index 000000000000..deda35db8e31
--- /dev/null
+++ b/sys-libs/libcap/files/libcap-2.61-no_perl.patch
@@ -0,0 +1,62 @@
+From 3f76418eaf73896489129c529fac021e4f3a03c0 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Wed, 21 Nov 2018 11:00:54 +0100
+Subject: [PATCH] use awk/sed instead of perl for creating header files
+
+More systems should have awk/sed than perl.
+
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+
+Forward ported from libcap-2.22 to libcap-2.26
+and incorporated the gperf-3.1 fix provided by Mike Gilbert
+<floppym@gentoo.org>
+Forward ported from libcap-2.26 to libcap-2.28
+Forward ported from libcap-2.28 to libcap-2.38
+
+Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+--- a/libcap/Makefile
++++ b/libcap/Makefile
+@@ -20,6 +20,8 @@
+ 
+ # Always build libcap sources this way:
+ CFLAGS += -fPIC
++AWK = awk
++SED = sed
+ 
+ # The linker magic needed to build a dynamic library as independently
+ # executable
+@@ -82,17 +84,27 @@
+ 	./_makenames > cap_names.h
+ 
+ $(GPERF_OUTPUT): cap_names.list.h
+-	perl -e 'print "struct __cap_token_s { const char *name; int index; };\n%{\nconst struct __cap_token_s *__cap_lookup_name(const char *, size_t);\n%}\n%%\n"; while ($$l = <>) { $$l =~ s/[\{\"]//g; $$l =~ s/\}.*// ; print $$l; }' < $< | gperf --ignore-case --language=ANSI-C --readonly --null-strings --global-table --hash-function-name=__cap_hash_name --lookup-function-name="__cap_lookup_name" -c -t -m20 $(INDENT) > $@
+-	sed -e 's/unsigned int len/size_t len/' -i $@
++	(printf "%b" "struct __cap_token_s { const char *name; int index; };\n%%\n"; \
++	$(SED) -e 's:["{}]::g' -e 's:,$$::' $<) | \
++	gperf \
++		--ignore-case \
++		--language=ANSI-C \
++		--includes \
++		--readonly \
++		--null-strings \
++		--global-table \
++		--hash-function-name=__cap_hash_name \
++		--lookup-function-name="__cap_lookup_name" \
++		-c -t -m20 $(INDENT) > $@
+ 
+-# Intention is that libcap keeps up with torvalds' tree, as reflected
+-# by this maintained version of the kernel header. libcap dynamically
+-# trims the meaning of "all" capabilities down to that of the running
+-# kernel as of 2.30.
+ UAPI_HEADER := $(topdir)/libcap/include/uapi/linux/capability.h
+ cap_names.list.h: Makefile $(UAPI_HEADER)
+ 	@echo "=> making $@ from $(UAPI_HEADER)"
+-	perl -e 'while ($$l=<>) { if ($$l =~ /^\#define[ \t](CAP[_A-Z]+)[ \t]+([0-9]+)\s+$$/) { $$tok=$$1; $$val=$$2; $$tok =~ tr/A-Z/a-z/; print "{\"$$tok\",$$val},\n"; } }' $(UAPI_HEADER) | fgrep -v 0x > $@
++	$(AWK) '($$0 ~ /^#define[[:space:]]+CAP[_A-Z]+[[:space:]]+[0-9]+[[:space:]]*$$/) { printf "{\"%s\",%s},\n", tolower($$2), $$3 }' $(UAPI_HEADER) > $@
++
++cap_names.list.h: $(KERNEL_HEADERS)/linux/capability.h Makefile
++	@echo "=> making $@ from $<"
++	$(AWK) '($$0 ~ /^#define[[:space:]]+CAP[_A-Z]+[[:space:]]+[0-9]+[[:space:]]*$$/) { printf "{\"%s\",%s},\n", tolower($$2), $$3 }' $< > $@
+ 
+ $(STACAPLIBNAME): $(CAPOBJS)
+ 	$(AR) rcs $@ $^
diff --git a/sys-libs/libcap/libcap-2.61.ebuild b/sys-libs/libcap/libcap-2.61.ebuild
new file mode 100644
index 000000000000..d7182a35dc5b
--- /dev/null
+++ b/sys-libs/libcap/libcap-2.61.ebuild
@@ -0,0 +1,90 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit multilib-minimal toolchain-funcs pam usr-ldscript
+
+DESCRIPTION="POSIX 1003.1e capabilities"
+HOMEPAGE="https://sites.google.com/site/fullycapable/"
+SRC_URI="https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/${P}.tar.xz"
+
+# it's available under either of the licenses
+LICENSE="|| ( GPL-2 BSD )"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="pam static-libs tools"
+
+# While the build system optionally uses gperf, we don't DEPEND on it because
+# the build automatically falls back when it's unavailable.  #604802
+PDEPEND="pam? ( sys-libs/pam[${MULTILIB_USEDEP}] )"
+DEPEND="${PDEPEND}
+	sys-kernel/linux-headers"
+BDEPEND="
+	sys-apps/diffutils
+	tools? ( dev-lang/go )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.61-no_perl.patch
+	"${FILESDIR}"/${PN}-2.61-ignore-RAISE_SETFCAP-install-failures.patch
+)
+
+QA_FLAGS_IGNORED="sbin/captree" # go binaries don't use LDFLAGS
+
+src_prepare() {
+	default
+	multilib_copy_sources
+}
+
+run_emake() {
+	local args=(
+		AR="$(tc-getAR)"
+		CC="$(tc-getCC)"
+		OBJCOPY="$(tc-getOBJCOPY)"
+		RANLIB="$(tc-getRANLIB)"
+		exec_prefix="${EPREFIX}"
+		lib_prefix="${EPREFIX}/usr"
+		lib="$(get_libdir)"
+		prefix="${EPREFIX}/usr"
+		PAM_CAP="$(usex pam yes no)"
+		DYNAMIC=yes
+		GOLANG="$(multilib_native_usex tools yes no)"
+	)
+	emake "${args[@]}" "$@"
+}
+
+src_configure() {
+	tc-export_build_env BUILD_CC
+	multilib-minimal_src_configure
+}
+
+multilib_src_compile() {
+	run_emake
+}
+
+multilib_src_test() {
+	run_emake test
+}
+
+multilib_src_install() {
+	# no configure, needs explicit install line #444724#c3
+	run_emake DESTDIR="${D}" install
+
+	gen_usr_ldscript -a cap
+	gen_usr_ldscript -a psx
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{cap,psx}.a || die
+	fi
+
+	# install pam plugins ourselves
+	rm -rf "${ED}"/usr/$(get_libdir)/security || die
+
+	if use pam ; then
+		dopammod pam_cap/pam_cap.so
+		dopamsecurity '' pam_cap/capability.conf
+	fi
+}
+
+multilib_src_install_all() {
+	dodoc CHANGELOG README doc/capability.notes
+}