mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-13 07:56:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

eclass/fcaps: Sync with Gentoo

Browse Source 
It's from Gentoo commit f8642f4a3ef06b7b82985c9f770e5cda862adb54.
This commit is contained in:
Flatcar Buildbot 2024-11-25 07:06:52 +00:00 committed by Krzesimir Nowak
parent f8d20357ac
commit fd96c76c54
1 changed files with 26 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
sdk_container/src/third_party/portage-stable/eclass/fcaps.eclass vendored
View File

@ -1,4 +1,4 @@
# Copyright 1999-2023 Gentoo Authors # Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
# @ECLASS: fcaps.eclass # @ECLASS: fcaps.eclass
@ -66,6 +66,12 @@ esac
# #
# Note: If you override pkg_postinst, you must call fcaps_pkg_postinst yourself. # Note: If you override pkg_postinst, you must call fcaps_pkg_postinst yourself.
# @ECLASS_VARIABLE: FCAPS_DENY_WORLD_READ
# @USER_VARIABLE
# @DEFAULT_UNSET
# @DESCRIPTION:
# When set, deny read access on files updated by the fcaps function.
# @FUNCTION: fcaps # @FUNCTION: fcaps
# @USAGE: [-o <owner>] [-g <group>] [-m <mode>] [-M <caps mode>] <capabilities> <file[s]> # @USAGE: [-o <owner>] [-g <group>] [-m <mode>] [-M <caps mode>] <capabilities> <file[s]>
# @DESCRIPTION: # @DESCRIPTION:
@ -96,8 +102,13 @@ fcaps() {
# Process the user options first. # Process the user options first.
local owner='0' local owner='0'
local group='0' local group='0'
local mode='4711' local mode=u+s
local caps_mode='711' local caps_mode=
if [[ -n ${FCAPS_DENY_WORLD_READ} ]]; then
mode=u+s,go-r
caps_mode=go-r
fi
while [[ $# -gt 0 ]] ; do while [[ $# -gt 0 ]] ; do
case $1 in case $1 in
@ -137,9 +148,10 @@ fcaps() {
# fs doesn't support it, but abort on all others. # fs doesn't support it, but abort on all others.
debug-print "${FUNCNAME}: setting caps '${caps}' on '${file}'" debug-print "${FUNCNAME}: setting caps '${caps}' on '${file}'"
# If everything goes well, we don't want the file to be readable # Remove the read bits if requested.
# by people. if [[ -n ${caps_mode} ]]; then
chmod ${caps_mode} "${file}" || die chmod ${caps_mode} "${file}" || die
fi
if ! out=$(LC_ALL=C setcap "${caps}" "${file}" 2>&1) ; then if ! out=$(LC_ALL=C setcap "${caps}" "${file}" 2>&1) ; then
case ${out} in case ${out} in
@ -170,9 +182,14 @@ fcaps() {
fi fi
# If we're still here, setcaps failed. # If we're still here, setcaps failed.
debug-print "${FUNCNAME}: setting owner/mode on '${file}'" if [[ -n ${owner} || -n ${group} ]]; then
chown "${owner}:${group}" "${file}" || die debug-print "${FUNCNAME}: setting owner on '${file}'"
chmod ${mode} "${file}" || die chown "${owner}:${group}" "${file}" || die
fi
if [[ -n ${mode} ]]; then
debug-print "${FUNCNAME}: setting mode on '${file}'"
chmod ${mode} "${file}" || die
fi
done done
} }