From: Matthias Schwarzott <zzam@gentoo.org>
Date: Sat, 2 Dec 2006 12:04:13 +0000 (+0000)
Subject: Solve sandbox-violation, fix from dsd, Bug #156807. Starting irexec as user is now... 
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=37cdea78d9b604b42717ed236003190e9f8f0143;p=gentoo.git

Solve sandbox-violation, fix from dsd, Bug #156807. Starting irexec as user is now possible, suggested by Sebastian Kemper <sebastian_ml@gmx.net>.
Package-Manager: portage-2.1.2_rc2-r3
---

diff --git a/app-misc/lirc/ChangeLog b/app-misc/lirc/ChangeLog
index 6ae632d161fe..6ff0ff8e1220 100644
--- a/app-misc/lirc/ChangeLog
+++ b/app-misc/lirc/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for app-misc/lirc
 # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-misc/lirc/ChangeLog,v 1.119 2006/12/01 14:35:19 zzam Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-misc/lirc/ChangeLog,v 1.120 2006/12/02 12:04:13 zzam Exp $
+
+*lirc-0.8.0-r8 (02 Dec 2006)
+
+  02 Dec 2006; Matthias Schwarzott <zzam@gentoo.org>
+  +files/lirc-0.8.0-sandbox-fix.diff, files/irexec-confd,
+  files/irexec-initd, -lirc-0.8.0-r7.ebuild, +lirc-0.8.0-r8.ebuild:
+  Solve sandbox-violation, fix from dsd, Bug #156807. Starting irexec as user
+  is now possible, suggested by Sebastian Kemper <sebastian_ml@gmx.net>.
 
 *lirc-0.8.0-r7 (01 Dec 2006)
 
diff --git a/app-misc/lirc/files/digest-lirc-0.8.0-r8 b/app-misc/lirc/files/digest-lirc-0.8.0-r8
new file mode 100644
index 000000000000..403b24365ee4
--- /dev/null
+++ b/app-misc/lirc/files/digest-lirc-0.8.0-r8
@@ -0,0 +1,3 @@
+MD5 0bf28bf82c7766a462f90927b6bf3af1 lirc-0.8.0.tar.bz2 514359
+RMD160 045c95754820e77891bd0b3baa269ad3f04cba8c lirc-0.8.0.tar.bz2 514359
+SHA256 cc8d7fb41a045278680ea530cffaf05181977f41244b9f0ed64075cd7630b5d2 lirc-0.8.0.tar.bz2 514359
diff --git a/app-misc/lirc/files/irexec-confd b/app-misc/lirc/files/irexec-confd
index ab9eb3e77c26..48eb8dd4c806 100644
--- a/app-misc/lirc/files/irexec-confd
+++ b/app-misc/lirc/files/irexec-confd
@@ -1,2 +1,9 @@
 # Options to pass to the irexec process
-IREXEC_OPTS=""
+IREXEC_OPTS="/etc/lircrc"
+
+# User to execute irexec as.
+# Warning: Running irexec as root can open security holes
+#IREXEC_USER="root"
+
+# Use this to disable the warning printed when starting irexec as root
+# IREXEC_DISABLE_ROOT_WARNING=yes
diff --git a/app-misc/lirc/files/irexec-initd b/app-misc/lirc/files/irexec-initd
index 9e2bfb548f52..51e241976bb8 100755
--- a/app-misc/lirc/files/irexec-initd
+++ b/app-misc/lirc/files/irexec-initd
@@ -1,22 +1,28 @@
 #!/sbin/runscript
 # Copyright 2003 Martin Hierling <mad@cc.fh-lippe.de>
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/app-misc/lirc/files/irexec-initd,v 1.1 2006/12/01 14:35:19 zzam Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-misc/lirc/files/irexec-initd,v 1.2 2006/12/02 12:04:13 zzam Exp $
 
+: ${IREXEC_USER:=root}
 
 depend() {
 	need lircd
 }
 
 start() {
+	if [[ ${IREXEC_USER} == "root" && ${IREXEC_DISABLE_ROOT_WARNING} != yes ]]; then
+		ewarn "Warning: Running irexec as root can open security holes"
+	fi
+
 	ebegin "Starting irexec"
-	/usr/bin/irexec --daemon ${IREXEC_OPTS}
+	start-stop-daemon --start --chuid ${IREXEC_USER} --user ${IREXEC_USER} --chdir / \
+		--exec /usr/bin/irexec -- --daemon ${IREXEC_OPTS}
 	eend $? "Failed to start irexec."
 }
 
 stop() {
 	ebegin "Stopping irexec"
-	killall irexec
+	start-stop-daemon --stop --exec /usr/bin/irexec --user ${IREXEC_USER}
 	eend $? "Failed to stop irexec."
 }
 
diff --git a/app-misc/lirc/files/lirc-0.8.0-sandbox-fix.diff b/app-misc/lirc/files/lirc-0.8.0-sandbox-fix.diff
new file mode 100644
index 000000000000..b4b0600bb50b
--- /dev/null
+++ b/app-misc/lirc/files/lirc-0.8.0-sandbox-fix.diff
@@ -0,0 +1,27 @@
+lirc: Fix build in sandbox
+
+From: Daniel Drake <dsd@gentoo.org>
+
+
+Index: lirc-0.8.0/acinclude.m4
+===================================================================
+--- lirc-0.8.0.orig/acinclude.m4
++++ lirc-0.8.0/acinclude.m4
+@@ -36,14 +36,14 @@ AC_DEFUN([AC_PATH_KERNEL_SOURCE_SEARCH],
+       echo "lirc_tell_me_what_cc_is:" >>${ac_pkss_makefile}
+       echo "	echo \$(CC)" >>${ac_pkss_makefile}
+ 
+-      kernelcc=`make -s -C ${kerneldir} -f ${ac_pkss_makefile} lirc_tell_me_what_cc_is`
++      kernelcc=$(make -s -C ${kerneldir} -f ${ac_pkss_makefile} lirc_tell_me_what_cc_is M=$(pwd))
+ 
+       echo "lirc_tell_me_what_version_is:" >>${ac_pkss_makefile}
+       echo "	echo \$(VERSION)" >>${ac_pkss_makefile}
+       echo "lirc_tell_me_what_patchlevel_is:" >>${ac_pkss_makefile}
+       echo "	echo \$(PATCHLEVEL)" >>${ac_pkss_makefile}
+-      version=`make -s -C ${kerneldir} -f ${ac_pkss_makefile} lirc_tell_me_what_version_is`
+-      patchlevel=`make -s -C ${kerneldir} -f ${ac_pkss_makefile} lirc_tell_me_what_patchlevel_is`
++      version=$(make -s -C ${kerneldir} -f ${ac_pkss_makefile} lirc_tell_me_what_version_is M=$(pwd))
++      patchlevel=$(make -s -C ${kerneldir} -f ${ac_pkss_makefile} lirc_tell_me_what_patchlevel_is M=$(pwd))
+       if test ${version} -eq 2; then
+         if test ${patchlevel} -lt 5; then
+           kernelext=o
diff --git a/app-misc/lirc/lirc-0.8.0-r8.ebuild b/app-misc/lirc/lirc-0.8.0-r8.ebuild
new file mode 100644
index 000000000000..bc45f4b57798
--- /dev/null
+++ b/app-misc/lirc/lirc-0.8.0-r8.ebuild
@@ -0,0 +1,319 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-misc/lirc/lirc-0.8.0-r8.ebuild,v 1.1 2006/12/02 12:04:13 zzam Exp $
+
+WANT_AUTOMAKE="latest"
+WANT_AUTOCONF="latest"
+
+inherit eutils linux-mod flag-o-matic autotools
+
+DESCRIPTION="LIRC is a package that allows you to decode and send infra-red \
+	signals of many (but not all) commonly used remote controls."
+HOMEPAGE="http://www.lirc.org"
+
+SLOT="0"
+LICENSE="GPL-2"
+IUSE="debug doc X hardware-carrier transmitter udev"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
+SRC_URI="mirror://sourceforge/lirc/${P/_pre/pre}.tar.bz2"
+
+S=${WORKDIR}/${P/_pre/pre}
+
+
+IUSE_LIRC_DEVICES_DIRECT="
+	all userspace act200l act220l
+	adaptec alsa_usb animax atilibusb
+	atiusb audio audio_alsa avermedia avermedia_vdomate
+	avermedia98 bestbuy bestbuy2 breakoutbox
+	bte bw6130 caraca chronos cmdir com1 com2 com3 com4
+	cph06x creative creative_infracd
+	devinput digimatrix dsp dvico ea65
+	exaudio flyvideo gvbctv5pci hauppauge
+	hauppauge_dvb hercules_smarttv_stereo
+	igorplugusb imon imon_pad imon_rsc
+	irdeo irdeo_remote irman irreal it87
+	knc_one kworld leadtek_0007 leadtek_0010
+	leadtek_pvr2000 livedrive_midi
+	livedrive_seq logitech lpt1 lpt2 mceusb
+	mceusb2 mediafocusI mouseremote
+	mouseremote_ps2 mp3anywhere nslu2
+	packard_bell parallel pcmak pcmak_usb
+	pctv pixelview_bt878 pixelview_pak
+	pixelview_pro provideo realmagic
+	remotemaster sa1100 sasem serial
+	silitek sir slinke streamzap tekram
+	tekram_bt829 tira tvbox udp uirt2
+	uirt2_raw"
+
+IUSE_LIRC_DEVICES_SPECIAL="
+	imon_pad2keys serial_igor_cesko
+	remote_wonder_plus xboxusb usbirboy inputlirc"
+
+IUSE_LIRC_DEVICES="${IUSE_LIRC_DEVICES_DIRECT} ${IUSE_LIRC_DEVICES_SPECIAL}"
+
+
+
+RDEPEND="virtual/libc
+	sys-apps/coreutils
+	X? ( || ( (	x11-libs/libX11
+			x11-libs/libSM
+			x11-libs/libICE )
+	virtual/x11 ) )
+	lirc_devices_alsa_usb? ( media-libs/alsa-lib )
+	lirc_devices_audio? ( media-libs/portaudio )
+	lirc_devices_irman? ( media-libs/libirman )"
+
+
+#device-driver which use libusb
+LIBUSB_USED_BY_DEV="
+	all atiusb sasem igorplugusb imon imon_pad imon_pad2keys
+	imon_rsc streamzap mceusb mceusb2 xboxusb"
+
+for dev in ${LIBUSB_USED_BY_DEV}; do
+	RDEPEND="${RDEPEND} lirc_devices_${dev}? ( dev-libs/libusb )"
+done
+
+# adding only compile-time depends
+DEPEND="${RDEPEND}
+	virtual/linux-sources"
+
+
+# adding only run-time depends
+RDEPEND="${RDEPEND}
+	lirc_devices_usbirboy? ( app-misc/usbirboy )
+	lirc_devices_inputlirc? ( app-misc/inputlircd )"
+
+
+
+# add all devices to IUSE
+for dev in ${IUSE_LIRC_DEVICES}; do
+	IUSE="${IUSE} lirc_devices_${dev}"
+done
+
+
+add_device() {
+	: $(( lirc_device_count++ ))
+
+	if [[ ${lirc_device_count} -eq 2 ]]; then
+		ewarn
+		ewarn "When selecting multiple devices for lirc to be supported,"
+		ewarn "it can not be garanteed that the drivers play nice together."
+		ewarn
+		ewarn "If this is not intended, then abort emerge now with Ctrl-C,"
+		ewarn "Set LIRC_DEVICES and restart emerge."
+		ewarn
+		epause
+	fi
+
+
+	local dev="${1}"
+	local desc="device ${dev}"
+	if [[ -n "${2}" ]]; then
+		desc="${2}"
+	fi
+
+	einfo "Compiling support for ${desc}"
+	MY_OPTS="${MY_OPTS} --with-driver=${dev}"
+}
+
+pkg_setup() {
+	linux-mod_pkg_setup
+
+	# set default configure options
+	MY_OPTS=""
+	lirc_driver_count=0
+
+	LIRC_DRIVER_DEVICE="/dev/lirc/0"
+
+	local dev
+
+	if use lirc_devices_all; then
+		# compile in drivers for a lot of devices
+		add_device all "a lot of devices"
+	else
+		# compile in only requested drivers
+		for dev in ${IUSE_LIRC_DEVICES_DIRECT}; do
+			if use lirc_devices_${dev}; then
+				add_device ${dev}
+			fi
+		done
+
+		if use lirc_devices_remote_wonder_plus; then
+			add_device atiusb "device Remote Wonder Plus (atiusb-based)"
+		fi
+
+		if use lirc_devices_serial_igor_cesko; then
+			add_device serial "serial with Igor Cesko design"
+			MY_OPTS="${MY_OPTS} --with-igor"
+		fi
+
+		if use lirc_devices_imon_pad2keys; then
+			add_device imon_pad "device imon_pad (with converting pad input to keyspresses)"
+		fi
+
+		if use lirc_devices_xboxusb; then
+			add_device atiusb "device xboxusb"
+			NEED_XBOX_PATCH=1
+		fi
+
+		if use lirc_devices_usbirboy; then
+			add_device userspace "device usbirboy"
+			LIRC_DRIVER_DEVICE="/dev/usbirboy"
+		fi
+
+		if [[ "${MY_OPTS}" == "" ]]; then
+			if [[ "${PROFILE_ARCH}" == "xbox" ]]; then
+				# on xbox: use special driver
+				add_device atiusb "device xboxusb"
+				NEED_XBOX_PATCH=1
+			else
+				# no driver requested
+				einfo
+				einfo "Compiling only the lirc-applications, but no drivers."
+				einfo "Enable drivers with LIRC_DEVICES if you need them."
+				MY_OPTS="--with-driver=userspace"
+			fi
+		fi
+	fi
+
+	use hardware-carrier && MY_OPTS="${MY_OPTS} --without-soft-carrier"
+	use transmitter && MY_OPTS="${MY_OPTS} --with-transmitter"
+
+
+	if [[ -n "${LIRC_OPTS}" ]] ; then
+		ewarn
+		ewarn "LIRC_OPTS is deprecated from lirc-0.8.0-r1 on."
+		ewarn
+		ewarn "Please use LIRC_DEVICES from now on."
+		ewarn "e.g. LIRC_DEVICES=\"serial sir\""
+		ewarn
+		ewarn "Flags are now set per use-flags."
+		ewarn "e.g. transmitter, hardware-carrier"
+
+		local opt
+		local unsupported_opts=""
+
+		# test for allowed options for LIRC_OPTS
+		for opt in ${LIRC_OPTS}; do
+			case ${opt} in
+				--with-port=*|--with-irq=*|--with-timer=*|--with-tty=*)
+					MY_OPTS="${MY_OPTS} ${opt}"
+					;;
+				*)
+					unsupported_opts="${unsupported_opts} ${opt}"
+					;;
+			esac
+		done
+		if [[ -n ${unsupported_opts} ]]; then
+			ewarn "These options are no longer allowed to be set"
+			ewarn "with LIRC_OPTS: ${unsupported_opts}"
+			die "LIRC_OPTS is no longer recommended."
+		fi
+	fi
+
+
+	# Setup parameter for linux-mod.eclass
+	MODULE_NAMES="lirc(misc:${S})"
+	BUILD_TARGETS="all"
+
+	ECONF_PARAMS="	--localstatedir=/var
+			        --with-syslog=LOG_DAEMON
+			        --enable-sandboxed
+	    		    --with-kerneldir=${KV_DIR}
+			        --with-moduledir=/lib/modules/${KV_FULL}/misc
+	    		    $(use_enable debug)
+					$(use_with X)
+					${MY_OPTS}"
+
+	einfo
+	einfo "lirc-configure-opts: ${MY_OPTS}"
+	einfo "Setting default lirc-device to ${LIRC_DRIVER_DEVICE}"
+
+	filter-flags -Wl,-O1
+}
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+
+	# Apply kernel compatibility patches
+	epatch ${FILESDIR}/${P}-kernel-2.6.16.diff
+	epatch ${FILESDIR}/${P}-kernel-2.6.17.diff
+	epatch ${FILESDIR}/${P}-kernel-2.6.18.diff
+	epatch ${FILESDIR}/${P}-kernel-2.6.19.diff
+
+	# Fix an overflow when opening too many client-connections
+	epatch ${FILESDIR}/${P}-too-many-connections-overflow.diff
+
+	# Fix a sandbox violation while checking which cc to use for Kernel 2.6.19
+	# and newer
+	epatch ${FILESDIR}/${P}-sandbox-fix.diff
+
+	# Work with udev-094 and greater
+	epatch ${FILESDIR}/${PN}-udev-094.diff
+
+	# Bugfix for i2c-driver in combination with newer ivtv and Kernel 2.6.17
+	epatch ${FILESDIR}/${P}-i2c-kernel-2.6.17.diff
+
+	# Wrong config-filename for LIRC_DEVICES=pixelview_bt878
+	epatch ${FILESDIR}/${P}-conf-pixelview_bt878.diff
+
+	# Apply patches needed for some special device-types
+	[[ ${NEED_XBOX_PATCH:-0} == 1 ]] && epatch ${FILESDIR}/lirc-0.8.0pre4-xbox-remote.diff
+	use lirc_devices_imon_pad2keys && epatch ${FILESDIR}/${P}-imon-pad2keys.patch
+	use lirc_devices_remote_wonder_plus && epatch ${FILESDIR}/lirc-remotewonderplus.patch
+
+	# remove parallel driver on SMP systems
+	if linux_chkconfig_present SMP ; then
+		sed -i -e "s:lirc_parallel::" drivers/Makefile.in
+	fi
+
+	# respect CFLAGS
+	sed -i -e 's:CFLAGS="-O2:CFLAGS=""\n#CFLAGS="-O2:' configure.in
+
+	# setting default device-node
+	sed -i -e '/#define LIRC_DRIVER_DEVICE/d' acconfig.h
+	echo "#define LIRC_DRIVER_DEVICE \"${LIRC_DRIVER_DEVICE}\"" >> acconfig.h
+
+	eautoreconf || die "autoreconf failed"
+}
+
+
+src_install() {
+	make DESTDIR=${D} install || die "make install failed"
+
+	newinitd ${FILESDIR}/lircd lircd
+	newinitd ${FILESDIR}/lircmd lircmd
+	newconfd ${FILESDIR}/lircd.conf lircd
+
+	insinto /etc/modules.d/
+	newins ${FILESDIR}/modulesd.lirc lirc
+
+	newinitd ${FILESDIR}/irexec-initd irexec
+	newconfd ${FILESDIR}/irexec-confd irexec
+
+	if use udev; then
+		insinto /etc/udev/rules.d/;
+		newins ${S}/contrib/lirc.rules 10-lirc.rules
+	fi
+
+	if use doc ; then
+		dohtml doc/html/*.html
+		insinto /usr/share/doc/${PF}/images
+		doins doc/images/*
+	fi
+}
+
+pkg_preinst() {
+	linux-mod_pkg_preinst
+	[[ -f "${ROOT}/etc/lircd.conf" ]] && cp ${ROOT}/etc/lircd.conf ${IMAGE}/etc
+}
+
+pkg_postinst() {
+	linux-mod_pkg_postinst
+	echo
+	einfo "The lirc Linux Infrared Remote Control Package has been"
+	einfo "merged, please read the documentation at http://www.lirc.org"
+	echo
+}
+