Solve sandbox-violation, fix from dsd, Bug #156807. Starting irexec as user is now...

Package-Manager: portage-2.1.2_rc2-r3

diff --git a/app-misc/lirc/ChangeLog b/app-misc/lirc/ChangeLog
index 6ae632d161fe2ec619c648d9cd3234a95eb127c7..6ff0ff8e1220898cb82d9551db015468c7e19055 100644 (file)
--- a/app-misc/lirc/ChangeLog
+++ b/app-misc/lirc/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for app-misc/lirc
 # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-misc/lirc/ChangeLog,v 1.119 2006/12/01 14:35:19 zzam Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-misc/lirc/ChangeLog,v 1.120 2006/12/02 12:04:13 zzam Exp $
+
+*lirc-0.8.0-r8 (02 Dec 2006)
+
+  02 Dec 2006; Matthias Schwarzott <zzam@gentoo.org>
+  +files/lirc-0.8.0-sandbox-fix.diff, files/irexec-confd,
+  files/irexec-initd, -lirc-0.8.0-r7.ebuild, +lirc-0.8.0-r8.ebuild:
+  Solve sandbox-violation, fix from dsd, Bug #156807. Starting irexec as user
+  is now possible, suggested by Sebastian Kemper <sebastian_ml@gmx.net>.
 
 *lirc-0.8.0-r7 (01 Dec 2006)
 

diff --git a/app-misc/lirc/files/digest-lirc-0.8.0-r8 b/app-misc/lirc/files/digest-lirc-0.8.0-r8
new file mode 100644 (file)
index 0000000..403b243
--- /dev/null
+++ b/app-misc/lirc/files/digest-lirc-0.8.0-r8
@@ -0,0 +1,3 @@
+MD5 0bf28bf82c7766a462f90927b6bf3af1 lirc-0.8.0.tar.bz2 514359
+RMD160 045c95754820e77891bd0b3baa269ad3f04cba8c lirc-0.8.0.tar.bz2 514359
+SHA256 cc8d7fb41a045278680ea530cffaf05181977f41244b9f0ed64075cd7630b5d2 lirc-0.8.0.tar.bz2 514359

diff --git a/app-misc/lirc/files/irexec-confd b/app-misc/lirc/files/irexec-confd
index ab9eb3e77c263c686d7c2627681fa8d22b78a906..48eb8dd4c806af8c39c2d875df4ff4a33d08e4c3 100644 (file)
--- a/app-misc/lirc/files/irexec-confd
+++ b/app-misc/lirc/files/irexec-confd
@@ -1,2 +1,9 @@
 # Options to pass to the irexec process
-IREXEC_OPTS=""
+IREXEC_OPTS="/etc/lircrc"
+
+# User to execute irexec as.
+# Warning: Running irexec as root can open security holes
+#IREXEC_USER="root"
+
+# Use this to disable the warning printed when starting irexec as root
+# IREXEC_DISABLE_ROOT_WARNING=yes

diff --git a/app-misc/lirc/files/irexec-initd b/app-misc/lirc/files/irexec-initd
index 9e2bfb548f524b0b0d361c8296b201417bfb9e82..51e241976bb83543d722dfd8b302c40b2a6fe819 100755 (executable)
--- a/app-misc/lirc/files/irexec-initd
+++ b/app-misc/lirc/files/irexec-initd
@@ -1,22 +1,28 @@
 #!/sbin/runscript
 # Copyright 2003 Martin Hierling <mad@cc.fh-lippe.de>
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-misc/lirc/files/irexec-initd,v 1.1 2006/12/01 14:35:19 zzam Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-misc/lirc/files/irexec-initd,v 1.2 2006/12/02 12:04:13 zzam Exp $
 
+: ${IREXEC_USER:=root}
 
 depend() {
        need lircd
 }
 
 start() {
+       if [[ ${IREXEC_USER} == "root" && ${IREXEC_DISABLE_ROOT_WARNING} != yes ]]; then
+               ewarn "Warning: Running irexec as root can open security holes"
+       fi
+
        ebegin "Starting irexec"
-       /usr/bin/irexec --daemon ${IREXEC_OPTS}
+       start-stop-daemon --start --chuid ${IREXEC_USER} --user ${IREXEC_USER} --chdir / \
+               --exec /usr/bin/irexec -- --daemon ${IREXEC_OPTS}
        eend $? "Failed to start irexec."
 }
 
 stop() {
        ebegin "Stopping irexec"
-       killall irexec
+       start-stop-daemon --stop --exec /usr/bin/irexec --user ${IREXEC_USER}
        eend $? "Failed to stop irexec."
 }
 

diff --git a/app-misc/lirc/files/lirc-0.8.0-sandbox-fix.diff b/app-misc/lirc/files/lirc-0.8.0-sandbox-fix.diff
new file mode 100644 (file)
index 0000000..b4b0600
--- /dev/null
+++ b/app-misc/lirc/files/lirc-0.8.0-sandbox-fix.diff
@@ -0,0 +1,27 @@
+lirc: Fix build in sandbox
+
+From: Daniel Drake <dsd@gentoo.org>
+
+
+Index: lirc-0.8.0/acinclude.m4
+===================================================================
+--- lirc-0.8.0.orig/acinclude.m4
++++ lirc-0.8.0/acinclude.m4
+@@ -36,14 +36,14 @@ AC_DEFUN([AC_PATH_KERNEL_SOURCE_SEARCH],
+       echo "lirc_tell_me_what_cc_is:" >>${ac_pkss_makefile}
+       echo "  echo \$(CC)" >>${ac_pkss_makefile}
+ 
+-      kernelcc=`make -s -C ${kerneldir} -f ${ac_pkss_makefile} lirc_tell_me_what_cc_is`
++      kernelcc=$(make -s -C ${kerneldir} -f ${ac_pkss_makefile} lirc_tell_me_what_cc_is M=$(pwd))
+ 
+       echo "lirc_tell_me_what_version_is:" >>${ac_pkss_makefile}
+       echo "  echo \$(VERSION)" >>${ac_pkss_makefile}
+       echo "lirc_tell_me_what_patchlevel_is:" >>${ac_pkss_makefile}
+       echo "  echo \$(PATCHLEVEL)" >>${ac_pkss_makefile}
+-      version=`make -s -C ${kerneldir} -f ${ac_pkss_makefile} lirc_tell_me_what_version_is`
+-      patchlevel=`make -s -C ${kerneldir} -f ${ac_pkss_makefile} lirc_tell_me_what_patchlevel_is`
++      version=$(make -s -C ${kerneldir} -f ${ac_pkss_makefile} lirc_tell_me_what_version_is M=$(pwd))
++      patchlevel=$(make -s -C ${kerneldir} -f ${ac_pkss_makefile} lirc_tell_me_what_patchlevel_is M=$(pwd))
+       if test ${version} -eq 2; then
+         if test ${patchlevel} -lt 5; then
+           kernelext=o

diff --git a/app-misc/lirc/lirc-0.8.0-r8.ebuild b/app-misc/lirc/lirc-0.8.0-r8.ebuild
new file mode 100644 (file)
index 0000000..bc45f4b
--- /dev/null
+++ b/app-misc/lirc/lirc-0.8.0-r8.ebuild
@@ -0,0 +1,319 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-misc/lirc/lirc-0.8.0-r8.ebuild,v 1.1 2006/12/02 12:04:13 zzam Exp $
+
+WANT_AUTOMAKE="latest"
+WANT_AUTOCONF="latest"
+
+inherit eutils linux-mod flag-o-matic autotools
+
+DESCRIPTION="LIRC is a package that allows you to decode and send infra-red \
+       signals of many (but not all) commonly used remote controls."
+HOMEPAGE="http://www.lirc.org"
+
+SLOT="0"
+LICENSE="GPL-2"
+IUSE="debug doc X hardware-carrier transmitter udev"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
+SRC_URI="mirror://sourceforge/lirc/${P/_pre/pre}.tar.bz2"
+
+S=${WORKDIR}/${P/_pre/pre}
+
+
+IUSE_LIRC_DEVICES_DIRECT="
+       all userspace act200l act220l
+       adaptec alsa_usb animax atilibusb
+       atiusb audio audio_alsa avermedia avermedia_vdomate
+       avermedia98 bestbuy bestbuy2 breakoutbox
+       bte bw6130 caraca chronos cmdir com1 com2 com3 com4
+       cph06x creative creative_infracd
+       devinput digimatrix dsp dvico ea65
+       exaudio flyvideo gvbctv5pci hauppauge
+       hauppauge_dvb hercules_smarttv_stereo
+       igorplugusb imon imon_pad imon_rsc
+       irdeo irdeo_remote irman irreal it87
+       knc_one kworld leadtek_0007 leadtek_0010
+       leadtek_pvr2000 livedrive_midi
+       livedrive_seq logitech lpt1 lpt2 mceusb
+       mceusb2 mediafocusI mouseremote
+       mouseremote_ps2 mp3anywhere nslu2
+       packard_bell parallel pcmak pcmak_usb
+       pctv pixelview_bt878 pixelview_pak
+       pixelview_pro provideo realmagic
+       remotemaster sa1100 sasem serial
+       silitek sir slinke streamzap tekram
+       tekram_bt829 tira tvbox udp uirt2
+       uirt2_raw"
+
+IUSE_LIRC_DEVICES_SPECIAL="
+       imon_pad2keys serial_igor_cesko
+       remote_wonder_plus xboxusb usbirboy inputlirc"
+
+IUSE_LIRC_DEVICES="${IUSE_LIRC_DEVICES_DIRECT} ${IUSE_LIRC_DEVICES_SPECIAL}"
+
+
+
+RDEPEND="virtual/libc
+       sys-apps/coreutils
+       X? ( || ( (     x11-libs/libX11
+                       x11-libs/libSM
+                       x11-libs/libICE )
+       virtual/x11 ) )
+       lirc_devices_alsa_usb? ( media-libs/alsa-lib )
+       lirc_devices_audio? ( media-libs/portaudio )
+       lirc_devices_irman? ( media-libs/libirman )"
+
+
+#device-driver which use libusb
+LIBUSB_USED_BY_DEV="
+       all atiusb sasem igorplugusb imon imon_pad imon_pad2keys
+       imon_rsc streamzap mceusb mceusb2 xboxusb"
+
+for dev in ${LIBUSB_USED_BY_DEV}; do
+       RDEPEND="${RDEPEND} lirc_devices_${dev}? ( dev-libs/libusb )"
+done
+
+# adding only compile-time depends
+DEPEND="${RDEPEND}
+       virtual/linux-sources"
+
+
+# adding only run-time depends
+RDEPEND="${RDEPEND}
+       lirc_devices_usbirboy? ( app-misc/usbirboy )
+       lirc_devices_inputlirc? ( app-misc/inputlircd )"
+
+
+
+# add all devices to IUSE
+for dev in ${IUSE_LIRC_DEVICES}; do
+       IUSE="${IUSE} lirc_devices_${dev}"
+done
+
+
+add_device() {
+       : $(( lirc_device_count++ ))
+
+       if [[ ${lirc_device_count} -eq 2 ]]; then
+               ewarn
+               ewarn "When selecting multiple devices for lirc to be supported,"
+               ewarn "it can not be garanteed that the drivers play nice together."
+               ewarn
+               ewarn "If this is not intended, then abort emerge now with Ctrl-C,"
+               ewarn "Set LIRC_DEVICES and restart emerge."
+               ewarn
+               epause
+       fi
+
+
+       local dev="${1}"
+       local desc="device ${dev}"
+       if [[ -n "${2}" ]]; then
+               desc="${2}"
+       fi
+
+       einfo "Compiling support for ${desc}"
+       MY_OPTS="${MY_OPTS} --with-driver=${dev}"
+}
+
+pkg_setup() {
+       linux-mod_pkg_setup
+
+       # set default configure options
+       MY_OPTS=""
+       lirc_driver_count=0
+
+       LIRC_DRIVER_DEVICE="/dev/lirc/0"
+
+       local dev
+
+       if use lirc_devices_all; then
+               # compile in drivers for a lot of devices
+               add_device all "a lot of devices"
+       else
+               # compile in only requested drivers
+               for dev in ${IUSE_LIRC_DEVICES_DIRECT}; do
+                       if use lirc_devices_${dev}; then
+                               add_device ${dev}
+                       fi
+               done
+
+               if use lirc_devices_remote_wonder_plus; then
+                       add_device atiusb "device Remote Wonder Plus (atiusb-based)"
+               fi
+
+               if use lirc_devices_serial_igor_cesko; then
+                       add_device serial "serial with Igor Cesko design"
+                       MY_OPTS="${MY_OPTS} --with-igor"
+               fi
+
+               if use lirc_devices_imon_pad2keys; then
+                       add_device imon_pad "device imon_pad (with converting pad input to keyspresses)"
+               fi
+
+               if use lirc_devices_xboxusb; then
+                       add_device atiusb "device xboxusb"
+                       NEED_XBOX_PATCH=1
+               fi
+
+               if use lirc_devices_usbirboy; then
+                       add_device userspace "device usbirboy"
+                       LIRC_DRIVER_DEVICE="/dev/usbirboy"
+               fi
+
+               if [[ "${MY_OPTS}" == "" ]]; then
+                       if [[ "${PROFILE_ARCH}" == "xbox" ]]; then
+                               # on xbox: use special driver
+                               add_device atiusb "device xboxusb"
+                               NEED_XBOX_PATCH=1
+                       else
+                               # no driver requested
+                               einfo
+                               einfo "Compiling only the lirc-applications, but no drivers."
+                               einfo "Enable drivers with LIRC_DEVICES if you need them."
+                               MY_OPTS="--with-driver=userspace"
+                       fi
+               fi
+       fi
+
+       use hardware-carrier && MY_OPTS="${MY_OPTS} --without-soft-carrier"
+       use transmitter && MY_OPTS="${MY_OPTS} --with-transmitter"
+
+
+       if [[ -n "${LIRC_OPTS}" ]] ; then
+               ewarn
+               ewarn "LIRC_OPTS is deprecated from lirc-0.8.0-r1 on."
+               ewarn
+               ewarn "Please use LIRC_DEVICES from now on."
+               ewarn "e.g. LIRC_DEVICES=\"serial sir\""
+               ewarn
+               ewarn "Flags are now set per use-flags."
+               ewarn "e.g. transmitter, hardware-carrier"
+
+               local opt
+               local unsupported_opts=""
+
+               # test for allowed options for LIRC_OPTS
+               for opt in ${LIRC_OPTS}; do
+                       case ${opt} in
+                               --with-port=*|--with-irq=*|--with-timer=*|--with-tty=*)
+                                       MY_OPTS="${MY_OPTS} ${opt}"
+                                       ;;
+                               *)
+                                       unsupported_opts="${unsupported_opts} ${opt}"
+                                       ;;
+                       esac
+               done
+               if [[ -n ${unsupported_opts} ]]; then
+                       ewarn "These options are no longer allowed to be set"
+                       ewarn "with LIRC_OPTS: ${unsupported_opts}"
+                       die "LIRC_OPTS is no longer recommended."
+               fi
+       fi
+
+
+       # Setup parameter for linux-mod.eclass
+       MODULE_NAMES="lirc(misc:${S})"
+       BUILD_TARGETS="all"
+
+       ECONF_PARAMS="  --localstatedir=/var
+                               --with-syslog=LOG_DAEMON
+                               --enable-sandboxed
+                           --with-kerneldir=${KV_DIR}
+                               --with-moduledir=/lib/modules/${KV_FULL}/misc
+                           $(use_enable debug)
+                                       $(use_with X)
+                                       ${MY_OPTS}"
+
+       einfo
+       einfo "lirc-configure-opts: ${MY_OPTS}"
+       einfo "Setting default lirc-device to ${LIRC_DRIVER_DEVICE}"
+
+       filter-flags -Wl,-O1
+}
+
+src_unpack() {
+       unpack ${A}
+       cd ${S}
+
+       # Apply kernel compatibility patches
+       epatch ${FILESDIR}/${P}-kernel-2.6.16.diff
+       epatch ${FILESDIR}/${P}-kernel-2.6.17.diff
+       epatch ${FILESDIR}/${P}-kernel-2.6.18.diff
+       epatch ${FILESDIR}/${P}-kernel-2.6.19.diff
+
+       # Fix an overflow when opening too many client-connections
+       epatch ${FILESDIR}/${P}-too-many-connections-overflow.diff
+
+       # Fix a sandbox violation while checking which cc to use for Kernel 2.6.19
+       # and newer
+       epatch ${FILESDIR}/${P}-sandbox-fix.diff
+
+       # Work with udev-094 and greater
+       epatch ${FILESDIR}/${PN}-udev-094.diff
+
+       # Bugfix for i2c-driver in combination with newer ivtv and Kernel 2.6.17
+       epatch ${FILESDIR}/${P}-i2c-kernel-2.6.17.diff
+
+       # Wrong config-filename for LIRC_DEVICES=pixelview_bt878
+       epatch ${FILESDIR}/${P}-conf-pixelview_bt878.diff
+
+       # Apply patches needed for some special device-types
+       [[ ${NEED_XBOX_PATCH:-0} == 1 ]] && epatch ${FILESDIR}/lirc-0.8.0pre4-xbox-remote.diff
+       use lirc_devices_imon_pad2keys && epatch ${FILESDIR}/${P}-imon-pad2keys.patch
+       use lirc_devices_remote_wonder_plus && epatch ${FILESDIR}/lirc-remotewonderplus.patch
+
+       # remove parallel driver on SMP systems
+       if linux_chkconfig_present SMP ; then
+               sed -i -e "s:lirc_parallel::" drivers/Makefile.in
+       fi
+
+       # respect CFLAGS
+       sed -i -e 's:CFLAGS="-O2:CFLAGS=""\n#CFLAGS="-O2:' configure.in
+
+       # setting default device-node
+       sed -i -e '/#define LIRC_DRIVER_DEVICE/d' acconfig.h
+       echo "#define LIRC_DRIVER_DEVICE \"${LIRC_DRIVER_DEVICE}\"" >> acconfig.h
+
+       eautoreconf || die "autoreconf failed"
+}
+
+
+src_install() {
+       make DESTDIR=${D} install || die "make install failed"
+
+       newinitd ${FILESDIR}/lircd lircd
+       newinitd ${FILESDIR}/lircmd lircmd
+       newconfd ${FILESDIR}/lircd.conf lircd
+
+       insinto /etc/modules.d/
+       newins ${FILESDIR}/modulesd.lirc lirc
+
+       newinitd ${FILESDIR}/irexec-initd irexec
+       newconfd ${FILESDIR}/irexec-confd irexec
+
+       if use udev; then
+               insinto /etc/udev/rules.d/;
+               newins ${S}/contrib/lirc.rules 10-lirc.rules
+       fi
+
+       if use doc ; then
+               dohtml doc/html/*.html
+               insinto /usr/share/doc/${PF}/images
+               doins doc/images/*
+       fi
+}
+
+pkg_preinst() {
+       linux-mod_pkg_preinst
+       [[ -f "${ROOT}/etc/lircd.conf" ]] && cp ${ROOT}/etc/lircd.conf ${IMAGE}/etc
+}
+
+pkg_postinst() {
+       linux-mod_pkg_postinst
+       echo
+       einfo "The lirc Linux Infrared Remote Control Package has been"
+       einfo "merged, please read the documentation at http://www.lirc.org"
+       echo
+}
+