From: Mike Frysinger Date: Fri, 29 May 2020 15:25:56 +0000 (-0400) Subject: sys-apps/gawk: restore USE=forced-sandbox X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=d19efe2a0c309bde3ceda7e7a9fba3fc9864d124;p=gentoo.git sys-apps/gawk: restore USE=forced-sandbox Signed-off-by: Mike Frysinger --- diff --git a/sys-apps/gawk/gawk-4.2.1-r1.ebuild b/sys-apps/gawk/gawk-4.2.1-r1.ebuild index 807061875e31..6982b29dc59b 100644 --- a/sys-apps/gawk/gawk-4.2.1-r1.ebuild +++ b/sys-apps/gawk/gawk-4.2.1-r1.ebuild @@ -12,7 +12,7 @@ SRC_URI="mirror://gnu/gawk/${P}.tar.xz" LICENSE="GPL-2" SLOT="0" KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="mpfr nls readline" +IUSE="forced-sandbox mpfr nls readline" RDEPEND=" dev-libs/gmp:0= @@ -38,6 +38,16 @@ src_prepare() { -e '/\<_XOPEN_SOURCE_EXTENDED\>/s/1//' \ extension/inplace.c || die fi + + if use forced-sandbox ; then + # Upstream doesn't want to add a configure flag for this. + # https://lists.gnu.org/archive/html/bug-sed/2018-03/msg00001.html + sed -i \ + -e '/^int do_flags = false;/s:false:DO_SANDBOX:' \ + main.c || die + # Make sure the sed took. + grep -q '^int do_flags = DO_SANDBOX;' main.c || die "forcing sandbox failed" + fi } src_configure() { @@ -61,6 +71,14 @@ src_install() { rm "${ED%/}"/usr/include/awk/config.h || die } +src_test() { + if use forced-sandbox ; then + ewarn "Tests disabled as they don't account for this mode." + return + fi + default +} + pkg_postinst() { # symlink creation here as the links do not belong to gawk, but to any awk if has_version app-admin/eselect \ diff --git a/sys-apps/gawk/gawk-5.0.1.ebuild b/sys-apps/gawk/gawk-5.0.1.ebuild index b44a5513e78b..42d0a4c55254 100644 --- a/sys-apps/gawk/gawk-5.0.1.ebuild +++ b/sys-apps/gawk/gawk-5.0.1.ebuild @@ -12,7 +12,7 @@ SRC_URI="mirror://gnu/gawk/${P}.tar.xz" LICENSE="GPL-2" SLOT="0" KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="mpfr nls readline" +IUSE="forced-sandbox mpfr nls readline" RDEPEND=" dev-libs/gmp:0= @@ -40,6 +40,16 @@ src_prepare() { -e '/\<_XOPEN_SOURCE_EXTENDED\>/s/1//' \ extension/inplace.c || die fi + + if use forced-sandbox ; then + # Upstream doesn't want to add a configure flag for this. + # https://lists.gnu.org/archive/html/bug-sed/2018-03/msg00001.html + sed -i \ + -e '/^int do_flags = false;/s:false:DO_SANDBOX:' \ + main.c || die + # Make sure the sed took. + grep -q '^int do_flags = DO_SANDBOX;' main.c || die "forcing sandbox failed" + fi } src_configure() { @@ -63,6 +73,14 @@ src_install() { rm "${ED}"/usr/include/awk/config.h || die } +src_test() { + if use forced-sandbox ; then + ewarn "Tests disabled as they don't account for this mode." + return + fi + default +} + pkg_postinst() { # symlink creation here as the links do not belong to gawk, but to any awk if has_version app-admin/eselect && has_version app-eselect/eselect-awk ; then diff --git a/sys-apps/gawk/gawk-5.1.0.ebuild b/sys-apps/gawk/gawk-5.1.0.ebuild index 850ebc1769ed..d0cc5570fb28 100644 --- a/sys-apps/gawk/gawk-5.1.0.ebuild +++ b/sys-apps/gawk/gawk-5.1.0.ebuild @@ -12,7 +12,7 @@ SRC_URI="mirror://gnu/gawk/${P}.tar.xz" LICENSE="GPL-2" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="mpfr nls readline" +IUSE="forced-sandbox mpfr nls readline" RDEPEND=" dev-libs/gmp:0= @@ -42,6 +42,16 @@ src_prepare() { -e '/\<_XOPEN_SOURCE_EXTENDED\>/s/1//' \ extension/inplace.c || die fi + + if use forced-sandbox ; then + # Upstream doesn't want to add a configure flag for this. + # https://lists.gnu.org/archive/html/bug-sed/2018-03/msg00001.html + sed -i \ + -e '/^int do_flags = false;/s:false:DO_SANDBOX:' \ + main.c || die + # Make sure the sed took. + grep -q '^int do_flags = DO_SANDBOX;' main.c || die "forcing sandbox failed" + fi } src_configure() { @@ -65,6 +75,14 @@ src_install() { rm "${ED}"/usr/include/awk/config.h || die } +src_test() { + if use forced-sandbox ; then + ewarn "Tests disabled as they don't account for this mode." + return + fi + default +} + pkg_postinst() { # symlink creation here as the links do not belong to gawk, but to any awk if has_version app-admin/eselect && has_version app-eselect/eselect-awk ; then diff --git a/sys-apps/gawk/metadata.xml b/sys-apps/gawk/metadata.xml index 3fa1f9889991..58cec04bdcb0 100644 --- a/sys-apps/gawk/metadata.xml +++ b/sys-apps/gawk/metadata.xml @@ -6,6 +6,7 @@ Gentoo Base System + Always enable --sandbox mode for simpler/secure runtime (disables e/r/w commands) use mpfr for high precision arithmetic (-M / --bignum)