Package init

2019-09-30 10:55:07 -04:00 · 2019-09-30 10:55:07 -04:00 · f47a4126c7
commit f47a4126c7
4 changed files with 264 additions and 0 deletions
--- a/libcap-ng-0.7.9.tar.gz
+++ b/libcap-ng-0.7.9.tar.gz
--- a/libcap-ng-0.8-permitted.patch
+++ b/libcap-ng-0.8-permitted.patch
@ -0,0 +1,142 @@
+diff -urp libcap-ng-0.8.orig/docs/capng_have_capabilities.3 libcap-ng-0.8/docs/capng_have_capabilities.3
+--- libcap-ng-0.8.orig/docs/capng_have_capabilities.3	2018-02-07 13:20:31.000000000 -0500
+++ libcap-ng-0.8/docs/capng_have_capabilities.3	2018-08-09 16:29:40.521624973 -0400
+@@ -1,14 +1,20 @@
+-.TH "CAPNG_HAVE_CAPABILITIES" "3" "June 2009" "Red Hat" "Libcap-ng API"
+.TH "CAPNG_HAVE_CAPABILITIES" "3" "Aug 2018" "Red Hat" "Libcap-ng API"
+ .SH NAME
+-capng_have_capabilities \- general check for capabilities
+.nf
+capng_have_capabilities, capng_have_permitted_capabilities \- check for capabilities
+ .SH "SYNOPSIS"
+ .B #include <cap-ng.h>
+ .sp
+ capng_results_t capng_have_capabilities(capng_select_t set);
+capng_results_t capng_have_permitted_capabilities(void);
+ 
+ .SH "DESCRIPTION"
+ 
+-capng_have_capabilities will check the selected internal capabilities sets to see what the status is. The capabilities sets must be previously setup with calls to capng_get_caps_process, capng_get_caps_fd, or in some other way setup. The options are CAPNG_SELECT_CAPS for the traditional capabilities, CAPNG_SELECT_BOUNDS for the bounding set, or CAPNG_SELECT_BOTH if clearing both is desired.
+capng_have_capabilities will check the selected internal capabilities sets to see what the status is. The capabilities sets must be previously setup with calls to capng_get_caps_process, capng_get_caps_fd, or in some other way setup. The options are CAPNG_SELECT_CAPS for the traditional capabilities, CAPNG_SELECT_BOUNDS for the bounding set, or CAPNG_SELECT_BOTH if clearing both is desired. When capabilities are checked, it will only look at the effective capabilities.
+
+If, however, the source of capabilities comes from a file, then you may need to additionally check the permitted capabilities. It's for this reason that
+.B capng_have_permitted_capabilities
+was created. It takes no arguments because it simply checks the permitted set.
+ 
+ .SH "RETURN VALUE"
+ 
+diff -urp libcap-ng-0.8.orig/src/cap-ng.c libcap-ng-0.8/src/cap-ng.c
+--- libcap-ng-0.8.orig/src/cap-ng.c	2018-07-02 14:42:53.993939477 -0400
+++ libcap-ng-0.8/src/cap-ng.c	2018-08-09 16:31:47.255611373 -0400
+@@ -777,10 +776,10 @@ capng_results_t capng_have_capabilities(
+ 				full = 1;
+ 			else
+ 				return CAPNG_PARTIAL;
+-			if ((m.data.v3[1].effective & UPPER_MASK) == 0)
+			if ((m.data.v3[1].effective & UPPER_MASK) == 0 && !full)
+ 				empty = 1;
+ 			else if ((m.data.v3[1].effective & UPPER_MASK) ==
+-							UPPER_MASK)
+						UPPER_MASK && !empty)
+ 				full = 1;
+ 			else
+ 				return CAPNG_PARTIAL;
+@@ -805,6 +804,40 @@ capng_results_t capng_have_capabilities(
+ 
+ 	if (empty == 1 && full == 0)
+ 		return CAPNG_NONE;
+	else if (empty == 0 && full == 1)
+		return CAPNG_FULL;
+	
+	return CAPNG_PARTIAL;
+}
+
+// -1 - error, 0 - no caps, 1 partial caps, 2 full caps
+capng_results_t capng_have_permitted_capabilities(void)
+{
+	int empty = 0, full = 0;
+
+	// First, try to init with current set
+	if (m.state < CAPNG_INIT)
+		capng_get_caps_process();
+
+	// If we still don't have anything, error out
+	if (m.state < CAPNG_INIT)
+		return CAPNG_FAIL;
+
+	if (m.data.v3[0].permitted == 0)
+		empty = 1;
+	else if (m.data.v3[0].permitted == 0xFFFFFFFFU)
+		full = 1;
+	else
+		return CAPNG_PARTIAL;
+	if ((m.data.v3[1].permitted & UPPER_MASK) == 0 && !full)
+		empty = 1;
+	else if ((m.data.v3[1].permitted & UPPER_MASK) == UPPER_MASK && !empty)
+		full = 1;
+	else
+		return CAPNG_PARTIAL;
+
+	if (empty == 1 && full == 0)
+		return CAPNG_NONE;
+ 	else if (empty == 0 && full == 1)
+ 		return CAPNG_FULL;
+ 	
+diff -urp libcap-ng-0.8.orig/src/cap-ng.h libcap-ng-0.8/src/cap-ng.h
+--- libcap-ng-0.8.orig/src/cap-ng.h	2018-02-07 13:20:31.000000000 -0500
+++ libcap-ng-0.8/src/cap-ng.h	2018-08-09 15:54:10.054853595 -0400
+@@ -63,6 +63,7 @@ int capng_apply_caps_fd(int fd);
+ 
+ // These functions check capability bits
+ capng_results_t capng_have_capabilities(capng_select_t set);
+capng_results_t capng_have_permitted_capabilities(void);
+ int capng_have_capability(capng_type_t which, unsigned int capability);
+ 
+ // These functions printout capabilities
+diff -urp libcap-ng-0.8.orig/utils/filecap.8 libcap-ng-0.8/utils/filecap.8
+--- libcap-ng-0.8.orig/utils/filecap.8	2018-02-07 13:20:31.000000000 -0500
+++ libcap-ng-0.8/utils/filecap.8	2018-08-09 16:35:39.751586424 -0400
+@@ -1,10 +1,10 @@
+-.TH FILECAP: "8" "March 2009" "Red Hat" "System Administration Utilities"
+.TH FILECAP: "8" "Aug 2018" "Red Hat" "System Administration Utilities"
+ .SH NAME
+ filecap \- a program to see capabilities
+ .SH SYNOPSIS
+ .B filecap [ \-a | \-d | /dir | /dir/file [cap1 cap2 ...] ]
+ .SH DESCRIPTION
+-\fBfilecap\fP is a program that prints out a report of programs with file based capabilities. If a file is not in the report or there is no report at all, no capabilities were found. For expedience, the default is to check only the directories in the PATH environmental variable. If the \-a command line option is given, then all directories will be checked. If a directory is passed, it will recursively check that directory. If a path to a file is given, it will only check that file. If the path to the file includes capabilities, then they are written to the file.
+\fBfilecap\fP is a program that prints out a report of programs with file based capabilities. If a file is not in the report or there is no report at all, no capabilities were found. For expedience, the default is to check only the directories in the PATH environmental variable. If the \-a command line option is given, then all directories will be checked. If a directory is passed, it will recursively check that directory. If a path to a file is given, it will only check that file. If a file is given followed by capabilities, then the capabilities are written to the file.
+ 
+ .SH OPTIONS
+ .TP
+diff -urp libcap-ng-0.8.orig/utils/filecap.c libcap-ng-0.8/utils/filecap.c
+--- libcap-ng-0.8.orig/utils/filecap.c	2018-02-07 13:20:31.000000000 -0500
+++ libcap-ng-0.8/utils/filecap.c	2018-08-09 16:03:18.989794688 -0400
+@@ -59,6 +59,7 @@ static int check_file(const char *fpath,
+ 	int fd = open(fpath, O_RDONLY|O_CLOEXEC);
+ 	if (fd >= 0) {
+ 		capng_results_t rc;
+		int permitted = 0;
+ 
+ 		capng_clear(CAPNG_SELECT_BOTH);
+ 		if (capng_get_caps_fd(fd) < 0) {
+@@ -68,12 +69,17 @@ static int check_file(const char *fpath,
+ 				ret = 1;
+ 		}
+ 		rc = capng_have_capabilities(CAPNG_SELECT_CAPS);
+		if (rc == CAPNG_NONE) {
+			permitted = 1;
+			rc = capng_have_permitted_capabilities();
+		}
+ 		if (rc > CAPNG_NONE) {
+ 			if (header == 0) {
+ 				header = 1;
+-				printf("%-20s capabilities\n", "file");
+				printf("%-9s %-20s capabilities\n", "set", "file");
+ 			}
+-			printf("%s     ", fpath);
+			printf("%s %s     ",
+				permitted ? "permitted" : "effective",  fpath);
+ 			if (rc == CAPNG_FULL)
+ 				printf("full");
+ 			else
--- a/libcap-ng-0.8-python2.patch
+++ b/libcap-ng-0.8-python2.patch
@ -0,0 +1,9 @@
+diff -urp libcap-ng-0.8.orig/bindings/python/test/capng-test.py libcap-ng-0.8/bindings/python/test/capng-test.py
+--- libcap-ng-0.8.orig/bindings/python/test/capng-test.py	2018-08-09 17:02:19.000000000 -0400
+++ libcap-ng-0.8/bindings/python/test/capng-test.py	2018-08-09 17:17:05.837319641 -0400
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python
+#!/usr/bin/env python2
+ 
+ import os
+ import sys
--- a/libcap-ng.spec
+++ b/libcap-ng.spec
@ -0,0 +1,113 @@
+%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
+
+Summary: Libcap-ng is a library used for posix capabilities programming
+Name: libcap-ng
+Version: 0.7.9
+Release: 5
+License: LGPLv2+ and GPLv2+
+URL: http://people.redhat.com/sgrubb/libcap-ng
+Source0: http://people.redhat.com/sgrubb/libcap-ng/%{name}-%{version}.tar.gz
+Patch1: libcap-ng-0.8-permitted.patch
+Patch2: libcap-ng-0.8-python2.patch
+BuildRequires: gcc, kernel-headers >= 2.6.11, libattr-devel
+Provides: %{name}-utils = %{version}-%{release}
+Obsoletes: %{name}-utils < %{version}-%{release}
+
+%description
+The libcap-ng library is intended to make programming with posix
+capabilities much easier than the traditional libcap library.It
+includes utilities that can analyse all currently running applications
+and print out any capabilities and whether or not it has an open
+ended bounding set.
+
+%package devel
+Summary: Development libraries and header files for %{name}
+License: LGPLv2+
+Requires: kernel-headers >= 2.6.11
+Requires: %{name} = %{version}-%{release}
+Requires: pkgconfig
+
+%description devel
+The %{name}-devel package contains the files needed for developing
+applications that need to use the %{name} library.
+
+%package -n python2-libcap-ng
+%{?python_provide:%python_provide python2-libcap-ng}
+Summary: Python2 bindings for libcap-ng library
+License: LGPLv2+
+BuildRequires: python2-devel swig
+Requires: %{name} = %{version}-%{release}
+Provides: %{name}-python = %{version}-%{release}
+Provides: %{name}-python%{?_isa} = %{version}-%{release}
+Obsoletes: %{name}-python < %{version}-%{release}
+
+%description -n python2-libcap-ng
+The python2-%{name} package contains the bindings so that %{name} and
+can be used by python2 applications.
+
+%package python3
+Summary: Python3 bindings for libcap-ng library
+License: LGPLv2+
+BuildRequires: python3-devel swig
+Requires: %{name} = %{version}-%{release}
+
+%description python3
+The %{name}-python3 package contains the bindings so that %{name} and
+can be used by python3 applications.
+
+%package_help
+
+%prep
+%autosetup -p1
+
+%build
+%configure --libdir=/%{_lib} --with-python --with-python3
+make CFLAGS="%{optflags}" %{?_smp_mflags}
+
+%install
+%make_install
+
+# Move from %{_lib} to %{_libdir}
+rm -f $RPM_BUILD_ROOT/%{_lib}/%{name}.so
+mkdir -p $RPM_BUILD_ROOT%{_libdir}
+VLIBNAME=$(ls $RPM_BUILD_ROOT/%{_lib}/%{name}.so.*.*.*)
+LIBNAME=$(basename $VLIBNAME)
+ln -s ../../%{_lib}/$LIBNAME $RPM_BUILD_ROOT%{_libdir}/%{name}.so
+mv $RPM_BUILD_ROOT/%{_lib}/pkgconfig $RPM_BUILD_ROOT%{_libdir}
+mv $RPM_BUILD_ROOT/%{_lib}/libcap-ng.a $RPM_BUILD_ROOT%{_libdir}
+
+%delete_la
+
+%check
+make check
+
+%ldconfig_scriptlets
+
+%files
+%{!?_licensedir:%global license %%doc}
+%license COPYING.LIB COPYING
+%attr(0755,root,root) %{_bindir}/*
+/%{_lib}/libcap-ng.so.*
+
+%files devel
+%attr(0644,root,root) %{_includedir}/cap-ng.h
+%{_libdir}/libcap-ng.so
+%{_libdir}/libcap-ng.a
+%attr(0644,root,root) %{_datadir}/aclocal/cap-ng.m4
+%{_libdir}/pkgconfig/libcap-ng.pc
+
+%files -n python2-libcap-ng
+%attr(755,root,root) %{python2_sitearch}/_capng.so
+%{python2_sitearch}/capng.py*
+
+%files python3
+%attr(755,root,root) %{python3_sitearch}/*
+%{python3_sitearch}/capng.py*
+
+%files help
+%attr(0644,root,root) %{_mandir}/man3/*
+%attr(0644,root,root) %{_mandir}/man8/*
+
+%changelog
+* Mon Sep 09 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.7.9-5
+- Package init