diff options
author | Mike Frysinger <vapier@chromium.org> | 2020-05-29 11:25:56 -0400 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2020-05-29 20:48:21 -0400 |
commit | d19efe2a0c309bde3ceda7e7a9fba3fc9864d124 (patch) | |
tree | aa0bc9179f49f184f81d850bb66c582768ec20c4 /sys-apps/gawk | |
parent | dev-libs/distorm64: Revert "drop old" (diff) | |
download | gentoo-d19efe2a0c309bde3ceda7e7a9fba3fc9864d124.tar.gz gentoo-d19efe2a0c309bde3ceda7e7a9fba3fc9864d124.tar.bz2 gentoo-d19efe2a0c309bde3ceda7e7a9fba3fc9864d124.zip |
sys-apps/gawk: restore USE=forced-sandbox
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'sys-apps/gawk')
-rw-r--r-- | sys-apps/gawk/gawk-4.2.1-r1.ebuild | 20 | ||||
-rw-r--r-- | sys-apps/gawk/gawk-5.0.1.ebuild | 20 | ||||
-rw-r--r-- | sys-apps/gawk/gawk-5.1.0.ebuild | 20 | ||||
-rw-r--r-- | sys-apps/gawk/metadata.xml | 1 |
4 files changed, 58 insertions, 3 deletions
diff --git a/sys-apps/gawk/gawk-4.2.1-r1.ebuild b/sys-apps/gawk/gawk-4.2.1-r1.ebuild index 807061875e31..6982b29dc59b 100644 --- a/sys-apps/gawk/gawk-4.2.1-r1.ebuild +++ b/sys-apps/gawk/gawk-4.2.1-r1.ebuild @@ -12,7 +12,7 @@ SRC_URI="mirror://gnu/gawk/${P}.tar.xz" LICENSE="GPL-2" SLOT="0" KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="mpfr nls readline" +IUSE="forced-sandbox mpfr nls readline" RDEPEND=" dev-libs/gmp:0= @@ -38,6 +38,16 @@ src_prepare() { -e '/\<_XOPEN_SOURCE_EXTENDED\>/s/1//' \ extension/inplace.c || die fi + + if use forced-sandbox ; then + # Upstream doesn't want to add a configure flag for this. + # https://lists.gnu.org/archive/html/bug-sed/2018-03/msg00001.html + sed -i \ + -e '/^int do_flags = false;/s:false:DO_SANDBOX:' \ + main.c || die + # Make sure the sed took. + grep -q '^int do_flags = DO_SANDBOX;' main.c || die "forcing sandbox failed" + fi } src_configure() { @@ -61,6 +71,14 @@ src_install() { rm "${ED%/}"/usr/include/awk/config.h || die } +src_test() { + if use forced-sandbox ; then + ewarn "Tests disabled as they don't account for this mode." + return + fi + default +} + pkg_postinst() { # symlink creation here as the links do not belong to gawk, but to any awk if has_version app-admin/eselect \ diff --git a/sys-apps/gawk/gawk-5.0.1.ebuild b/sys-apps/gawk/gawk-5.0.1.ebuild index b44a5513e78b..42d0a4c55254 100644 --- a/sys-apps/gawk/gawk-5.0.1.ebuild +++ b/sys-apps/gawk/gawk-5.0.1.ebuild @@ -12,7 +12,7 @@ SRC_URI="mirror://gnu/gawk/${P}.tar.xz" LICENSE="GPL-2" SLOT="0" KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="mpfr nls readline" +IUSE="forced-sandbox mpfr nls readline" RDEPEND=" dev-libs/gmp:0= @@ -40,6 +40,16 @@ src_prepare() { -e '/\<_XOPEN_SOURCE_EXTENDED\>/s/1//' \ extension/inplace.c || die fi + + if use forced-sandbox ; then + # Upstream doesn't want to add a configure flag for this. + # https://lists.gnu.org/archive/html/bug-sed/2018-03/msg00001.html + sed -i \ + -e '/^int do_flags = false;/s:false:DO_SANDBOX:' \ + main.c || die + # Make sure the sed took. + grep -q '^int do_flags = DO_SANDBOX;' main.c || die "forcing sandbox failed" + fi } src_configure() { @@ -63,6 +73,14 @@ src_install() { rm "${ED}"/usr/include/awk/config.h || die } +src_test() { + if use forced-sandbox ; then + ewarn "Tests disabled as they don't account for this mode." + return + fi + default +} + pkg_postinst() { # symlink creation here as the links do not belong to gawk, but to any awk if has_version app-admin/eselect && has_version app-eselect/eselect-awk ; then diff --git a/sys-apps/gawk/gawk-5.1.0.ebuild b/sys-apps/gawk/gawk-5.1.0.ebuild index 850ebc1769ed..d0cc5570fb28 100644 --- a/sys-apps/gawk/gawk-5.1.0.ebuild +++ b/sys-apps/gawk/gawk-5.1.0.ebuild @@ -12,7 +12,7 @@ SRC_URI="mirror://gnu/gawk/${P}.tar.xz" LICENSE="GPL-2" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="mpfr nls readline" +IUSE="forced-sandbox mpfr nls readline" RDEPEND=" dev-libs/gmp:0= @@ -42,6 +42,16 @@ src_prepare() { -e '/\<_XOPEN_SOURCE_EXTENDED\>/s/1//' \ extension/inplace.c || die fi + + if use forced-sandbox ; then + # Upstream doesn't want to add a configure flag for this. + # https://lists.gnu.org/archive/html/bug-sed/2018-03/msg00001.html + sed -i \ + -e '/^int do_flags = false;/s:false:DO_SANDBOX:' \ + main.c || die + # Make sure the sed took. + grep -q '^int do_flags = DO_SANDBOX;' main.c || die "forcing sandbox failed" + fi } src_configure() { @@ -65,6 +75,14 @@ src_install() { rm "${ED}"/usr/include/awk/config.h || die } +src_test() { + if use forced-sandbox ; then + ewarn "Tests disabled as they don't account for this mode." + return + fi + default +} + pkg_postinst() { # symlink creation here as the links do not belong to gawk, but to any awk if has_version app-admin/eselect && has_version app-eselect/eselect-awk ; then diff --git a/sys-apps/gawk/metadata.xml b/sys-apps/gawk/metadata.xml index 3fa1f9889991..58cec04bdcb0 100644 --- a/sys-apps/gawk/metadata.xml +++ b/sys-apps/gawk/metadata.xml @@ -6,6 +6,7 @@ <name>Gentoo Base System</name> </maintainer> <use> + <flag name="forced-sandbox">Always enable --sandbox mode for simpler/secure runtime (disables e/r/w commands)</flag> <flag name="mpfr">use mpfr for high precision arithmetic (-M / --bignum)</flag> </use> </pkgmetadata> |