summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexandre Rostovtsev <tetromino@gentoo.org>2012-10-24 07:11:50 +0000
committerAlexandre Rostovtsev <tetromino@gentoo.org>2012-10-24 07:11:50 +0000
commitfca38af3c37730626efc7112e69d6bc48f363c33 (patch)
tree721b02a73010f95207d8b6368aa37d94b9628711
parentVersion bump. (diff)
downloadgentoo-2-fca38af3c37730626efc7112e69d6bc48f363c33.tar.gz
gentoo-2-fca38af3c37730626efc7112e69d6bc48f363c33.tar.bz2
gentoo-2-fca38af3c37730626efc7112e69d6bc48f363c33.zip
Fix gpg passwords being cached for longer than the user requested (bug #430602, CVE-2012-3466, thanks to Jason A. Donenfeld and Pacho Ramos). Fix 2.32.1-r1's build failure with glib-2.32 and gold. Drop useless doc USE flag: in 2.x and 3.2.x, it only controlled document regeneration; in 3.4.x, it had no effect at all. Update license.
(Portage version: 2.2.0_alpha141/cvs/Linux x86_64, signed Manifest commit with key CF0ADD61)
-rw-r--r--gnome-base/gnome-keyring/ChangeLog16
-rw-r--r--gnome-base/gnome-keyring/files/gnome-keyring-2.32.1-glib-2.32.patch56
-rw-r--r--gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-1.patch99
-rw-r--r--gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-2.patch27
-rw-r--r--gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild21
-rw-r--r--gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild14
-rw-r--r--gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild13
-rw-r--r--gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild108
-rw-r--r--gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild9
9 files changed, 330 insertions, 33 deletions
diff --git a/gnome-base/gnome-keyring/ChangeLog b/gnome-base/gnome-keyring/ChangeLog
index 709c35b1fa45..b37b239cc642 100644
--- a/gnome-base/gnome-keyring/ChangeLog
+++ b/gnome-base/gnome-keyring/ChangeLog
@@ -1,6 +1,20 @@
# ChangeLog for gnome-base/gnome-keyring
# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/ChangeLog,v 1.224 2012/05/21 18:53:30 tetromino Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/ChangeLog,v 1.225 2012/10/24 07:11:50 tetromino Exp $
+
+*gnome-keyring-3.4.1-r1 (24 Oct 2012)
+
+ 24 Oct 2012; Alexandre Rostovtsev <tetromino@gentoo.org>
+ gnome-keyring-2.32.1.ebuild, gnome-keyring-2.32.1-r1.ebuild,
+ +files/gnome-keyring-2.32.1-glib-2.32.patch, gnome-keyring-3.2.2.ebuild,
+ gnome-keyring-3.4.1.ebuild, +gnome-keyring-3.4.1-r1.ebuild,
+ +files/gnome-keyring-3.4.1-gpg-cache-method-1.patch,
+ +files/gnome-keyring-3.4.1-gpg-cache-method-2.patch:
+ Fix gpg passwords being cached for longer than the user requested (bug
+ #430602, CVE-2012-3466, thanks to Jason A. Donenfeld and Pacho Ramos). Fix
+ 2.32.1-r1's build failure with glib-2.32 and gold. Drop useless doc USE flag:
+ in 2.x and 3.2.x, it only controlled document regeneration; in 3.4.x, it had
+ no effect at all. Update license.
21 May 2012; Alexandre Rostovtsev <tetromino@gentoo.org>
gnome-keyring-2.32.1-r1.ebuild, gnome-keyring-3.2.2.ebuild:
diff --git a/gnome-base/gnome-keyring/files/gnome-keyring-2.32.1-glib-2.32.patch b/gnome-base/gnome-keyring/files/gnome-keyring-2.32.1-glib-2.32.patch
new file mode 100644
index 000000000000..ab63d5fa3d3a
--- /dev/null
+++ b/gnome-base/gnome-keyring/files/gnome-keyring-2.32.1-glib-2.32.patch
@@ -0,0 +1,56 @@
+From 002a073fe2b403ae7d006372e690743b664236d3 Mon Sep 17 00:00:00 2001
+From: Alexandre Rostovtsev <tetromino@gentoo.org>
+Date: Wed, 24 Oct 2012 02:52:28 -0400
+Subject: [PATCH] Explicitly link to gmodule
+
+Fixes build failure with glib-2.32 and gold.
+---
+ configure.in | 4 ++++
+ gp11/Makefile.am | 4 +++-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/configure.in b/configure.in
+index f781384..cdf9a2e 100644
+--- a/configure.in
++++ b/configure.in
+@@ -70,6 +70,10 @@ PKG_CHECK_MODULES(GLIB, glib-2.0 >= 2.16.0)
+ AC_SUBST(GLIB_CFLAGS)
+ AC_SUBST(GLIB_LIBS)
+
++PKG_CHECK_MODULES(GMODULE, gmodule-no-export-2.0)
++AC_SUBST(GMODULE_CFLAGS)
++AC_SUBST(GMODULE_LIBS)
++
+ PKG_CHECK_MODULES(GTHREAD, gthread-2.0 >= 2.8.0)
+ AC_SUBST(GTHREAD_CFLAGS)
+ AC_SUBST(GTHREAD_LIBS)
+diff --git a/gp11/Makefile.am b/gp11/Makefile.am
+index 18942bd..5a90404 100644
+--- a/gp11/Makefile.am
++++ b/gp11/Makefile.am
+@@ -8,6 +8,7 @@ INCLUDES = \
+ -I$(top_srcdir) \
+ $(GOBJECT_CFLAGS) \
+ $(GTHREAD_CFLAGS) \
++ $(GMODULE_CFLAGS) \
+ $(GLIB_CFLAGS)
+
+ BUILT_SOURCES = \
+@@ -34,6 +35,7 @@ libgp11_la_LIBADD = \
+ $(GOBJECT_LIBS) \
+ $(GTHREAD_LIBS) \
+ $(GIO_LIBS) \
++ $(GMODULE_LIBS) \
+ $(GLIB_LIBS)
+
+ gp11-marshal.h: gp11-marshal.list $(GLIB_GENMARSHAL)
+@@ -64,4 +66,4 @@ endif
+
+ SUBDIRS = . \
+ $(TESTS_DIR)
+-
+\ No newline at end of file
++
+--
+1.7.12.4
+
diff --git a/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-1.patch b/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-1.patch
new file mode 100644
index 000000000000..330d25bf0508
--- /dev/null
+++ b/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-1.patch
@@ -0,0 +1,99 @@
+From 51606f299e5ee9d48096db0a5957efe26cbf7cc3 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@gnome.org>
+Date: Wed, 8 Aug 2012 06:06:58 +0200
+Subject: [PATCH] gpg-agent: Hook up the TTL cache option
+
+ * So that when the gsettings gpg-cache-method is 'idle' or 'timeout'
+ we use gpg-cache-ttl to control how long the passphrase is cached
+ for.
+ * This is a regression from 3.3.x
+
+https://bugzilla.gnome.org/show_bug.cgi?id=681081
+---
+ daemon/gpg-agent/gkd-gpg-agent-ops.c | 40 ++++++++++++++++++++++--------------
+ 1 file changed, 25 insertions(+), 15 deletions(-)
+
+diff --git a/daemon/gpg-agent/gkd-gpg-agent-ops.c b/daemon/gpg-agent/gkd-gpg-agent-ops.c
+index a0e8731..c8414fe 100644
+--- a/daemon/gpg-agent/gkd-gpg-agent-ops.c
++++ b/daemon/gpg-agent/gkd-gpg-agent-ops.c
+@@ -322,17 +322,6 @@ load_unlock_options (GcrPrompt *prompt)
+ g_free (method);
+ }
+
+-static void
+-save_unlock_options (GcrPrompt *prompt)
+-{
+- GSettings *settings;
+-
+- settings = gkd_gpg_agent_settings ();
+-
+- if (gcr_prompt_get_choice_chosen (prompt))
+- g_settings_set_string (settings, "gpg-cache-method", GCR_UNLOCK_OPTION_ALWAYS);
+-}
+-
+ static GcrPrompt *
+ open_password_prompt (GckSession *session,
+ const gchar *keyid,
+@@ -405,11 +394,14 @@ do_get_password (GckSession *session, const gchar *keyid, const gchar *errmsg,
+ const gchar *prompt_text, const gchar *description, gboolean confirm)
+ {
+ GckBuilder builder = GCK_BUILDER_INIT;
++ GSettings *settings;
+ GckAttributes *attrs;
+ gchar *password = NULL;
+ GcrPrompt *prompt;
+ gboolean chosen;
+ GError *error = NULL;
++ gint lifetime;
++ gchar *method;
+
+ g_assert (GCK_IS_SESSION (session));
+
+@@ -430,21 +422,39 @@ do_get_password (GckSession *session, const gchar *keyid, const gchar *errmsg,
+ }
+
+ if (password != NULL && keyid != NULL) {
++ settings = gkd_gpg_agent_settings ();
+
+ /* Load up the save options */
+ chosen = gcr_prompt_get_choice_chosen (prompt);
+
+- if (chosen)
++ if (chosen) {
++ g_settings_set_string (settings, "gpg-cache-method", GCR_UNLOCK_OPTION_ALWAYS);
+ gck_builder_add_string (&builder, CKA_G_COLLECTION, "login");
+- else
++
++ } else {
++ method = g_settings_get_string (settings, "gpg-cache-method");
++ lifetime = g_settings_get_int (settings, "gpg-cache-ttl");
++
++ if (g_strcmp0 (method, GCR_UNLOCK_OPTION_IDLE) == 0) {
++ gck_builder_add_boolean (&builder, CKA_GNOME_TRANSIENT, TRUE);
++ gck_builder_add_ulong (&builder, CKA_G_DESTRUCT_IDLE, lifetime);
++
++ } else if (g_strcmp0 (method, GCR_UNLOCK_OPTION_TIMEOUT) == 0) {
++ gck_builder_add_boolean (&builder, CKA_GNOME_TRANSIENT, TRUE);
++ gck_builder_add_ulong (&builder, CKA_G_DESTRUCT_AFTER, lifetime);
++
++ } else if (g_strcmp0 (method, GCR_UNLOCK_OPTION_SESSION)){
++ g_message ("Unsupported gpg-cache-method setting: %s", method);
++ }
++
+ gck_builder_add_string (&builder, CKA_G_COLLECTION, "session");
++ g_free (method);
++ }
+
+ /* Now actually save the password */
+ attrs = gck_attributes_ref_sink (gck_builder_end (&builder));
+ do_save_password (session, keyid, description, password, attrs);
+ gck_attributes_unref (attrs);
+-
+- save_unlock_options (prompt);
+ }
+
+ g_clear_object (&prompt);
+--
+1.7.12.4
+
diff --git a/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-2.patch b/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-2.patch
new file mode 100644
index 000000000000..e38f45d320c1
--- /dev/null
+++ b/gnome-base/gnome-keyring/files/gnome-keyring-3.4.1-gpg-cache-method-2.patch
@@ -0,0 +1,27 @@
+From 5dff623470b859e332dbe12afb0dc57b292832d2 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw@gnome.org>
+Date: Wed, 8 Aug 2012 15:08:22 +0200
+Subject: [PATCH] secret-store: Mark a secret item as 'used' when accessed
+
+ * This makes the gpg-agent idle feature work correctly
+
+https://bugzilla.gnome.org/show_bug.cgi?id=681081
+---
+ pkcs11/secret-store/gkm-secret-item.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/pkcs11/secret-store/gkm-secret-item.c b/pkcs11/secret-store/gkm-secret-item.c
+index d03c4a8..15791a9 100644
+--- a/pkcs11/secret-store/gkm-secret-item.c
++++ b/pkcs11/secret-store/gkm-secret-item.c
+@@ -224,6 +224,7 @@ gkm_secret_item_real_get_attribute (GkmObject *base, GkmSession *session, CK_ATT
+ identifier = gkm_secret_object_get_identifier (GKM_SECRET_OBJECT (self));
+ secret = gkm_secret_data_get_raw (sdata, identifier, &n_secret);
+ rv = gkm_attribute_set_data (attr, secret, n_secret);
++ gkm_object_mark_used (base);
+ g_object_unref (sdata);
+ return rv;
+
+--
+1.7.12.4
+
diff --git a/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild b/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild
index 2d61180f70fa..94097183738b 100644
--- a/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild
+++ b/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild
@@ -1,18 +1,18 @@
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild,v 1.8 2012/05/21 18:53:30 tetromino Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-2.32.1-r1.ebuild,v 1.9 2012/10/24 07:11:50 tetromino Exp $
EAPI="4"
GCONF_DEBUG="yes"
GNOME2_LA_PUNT="yes"
GNOME_TARBALL_SUFFIX="bz2"
-inherit eutils gnome2 multilib pam virtualx
+inherit autotools eutils gnome2 multilib pam virtualx
DESCRIPTION="Password and keyring managing daemon"
HOMEPAGE="http://live.gnome.org/GnomeKeyring"
-LICENSE="GPL-2 LGPL-2"
+LICENSE="GPL-2+ LGPL-2+"
SLOT="0"
KEYWORDS="alpha amd64 arm ia64 ~mips ppc ppc64 sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris"
IUSE="debug doc pam test"
@@ -27,19 +27,17 @@ RDEPEND=">=dev-libs/glib-2.25:2
>=dev-libs/libtasn1-1"
# valgrind? ( dev-util/valgrind )"
DEPEND="${RDEPEND}
- sys-devel/gettext
+ >=dev-util/gtk-doc-am-1.9
>=dev-util/intltool-0.35
- virtual/pkgconfig
- doc? ( >=dev-util/gtk-doc-1.9 )"
+ sys-devel/gettext
+ virtual/pkgconfig"
PDEPEND="gnome-base/libgnome-keyring"
-# eautoreconf needs:
-# >=dev-util/gtk-doc-am-1.9
# tests fail in several ways, they should be fixed in the next cycle (bug #340283),
# revisit then.
RESTRICT="test"
-pkg_setup() {
+src_prepare() {
DOCS="AUTHORS ChangeLog NEWS README"
G2CONF="${G2CONF}
$(use_enable debug)
@@ -52,9 +50,10 @@ pkg_setup() {
--enable-gpg-agent
--with-gtk=2.0"
# $(use_enable valgrind)
-}
-src_prepare() {
+ epatch "${FILESDIR}/${P}-glib-2.32.patch"
+ eautoreconf
+
gnome2_src_prepare
# Remove silly CFLAGS
diff --git a/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild b/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild
index 56172f1afdf0..42cba927036a 100644
--- a/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild
+++ b/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild,v 1.15 2012/05/05 05:38:10 jdhore Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-2.32.1.ebuild,v 1.16 2012/10/24 07:11:50 tetromino Exp $
EAPI="3"
GCONF_DEBUG="yes"
@@ -10,10 +10,10 @@ inherit gnome2 multilib pam virtualx
DESCRIPTION="Password and keyring managing daemon"
HOMEPAGE="http://www.gnome.org/"
-LICENSE="GPL-2 LGPL-2"
+LICENSE="GPL-2+ LGPL-2+"
SLOT="0"
KEYWORDS="alpha amd64 arm ia64 ~mips ppc ppc64 sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris"
-IUSE="debug doc pam test"
+IUSE="debug pam test"
# USE=valgrind is probably not a good idea for the tree
RDEPEND=">=dev-libs/glib-2.25:2
@@ -25,13 +25,11 @@ RDEPEND=">=dev-libs/glib-2.25:2
>=dev-libs/libtasn1-1"
# valgrind? ( dev-util/valgrind )"
DEPEND="${RDEPEND}
- sys-devel/gettext
+ >=dev-util/gtk-doc-am-1.9
>=dev-util/intltool-0.35
- virtual/pkgconfig
- doc? ( >=dev-util/gtk-doc-1.9 )"
+ sys-devel/gettext
+ virtual/pkgconfig"
PDEPEND="gnome-base/libgnome-keyring"
-# eautoreconf needs:
-# >=dev-util/gtk-doc-am-1.9
DOCS="AUTHORS ChangeLog NEWS README"
diff --git a/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild b/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild
index d2d169f771e7..dbda83fe8c69 100644
--- a/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild
+++ b/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild,v 1.9 2012/05/21 18:53:30 tetromino Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-3.2.2.ebuild,v 1.10 2012/10/24 07:11:50 tetromino Exp $
EAPI="4"
GCONF_DEBUG="no"
@@ -11,9 +11,9 @@ inherit autotools eutils gnome2 multilib pam versionator virtualx
DESCRIPTION="Password and keyring managing daemon"
HOMEPAGE="http://www.gnome.org/"
-LICENSE="GPL-2 LGPL-2"
+LICENSE="GPL-2+ LGPL-2+"
SLOT="0"
-IUSE="+caps debug doc pam test"
+IUSE="+caps debug pam test"
KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris"
# USE=valgrind is probably not a good idea for the tree
@@ -29,14 +29,11 @@ RDEPEND=">=dev-libs/glib-2.25:2
"
# valgrind? ( dev-util/valgrind )
DEPEND="${RDEPEND}
- sys-devel/gettext
>=dev-util/gtk-doc-am-1.9
>=dev-util/intltool-0.35
- virtual/pkgconfig
- doc? ( >=dev-util/gtk-doc-1.9 )"
+ sys-devel/gettext
+ virtual/pkgconfig"
PDEPEND=">=gnome-base/libgnome-keyring-3.1.92"
-# eautoreconf needs:
-# >=dev-util/gtk-doc-am-1.9
# FIXME: tests are flaky and write to /tmp (instead of TMPDIR)
RESTRICT="test"
diff --git a/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild b/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild
new file mode 100644
index 000000000000..c493ebe601b6
--- /dev/null
+++ b/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild
@@ -0,0 +1,108 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-3.4.1-r1.ebuild,v 1.1 2012/10/24 07:11:50 tetromino Exp $
+
+EAPI="4"
+GCONF_DEBUG="no"
+GNOME2_LA_PUNT="yes"
+
+inherit gnome2 pam versionator virtualx
+
+DESCRIPTION="Password and keyring managing daemon"
+HOMEPAGE="http://www.gnome.org/"
+
+LICENSE="GPL-2+ LGPL-2+"
+SLOT="0"
+IUSE="+caps debug pam selinux"
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris"
+
+RDEPEND=">=app-crypt/gcr-3.3.4
+ >=dev-libs/glib-2.28:2
+ >=x11-libs/gtk+-3.0:3
+ app-misc/ca-certificates
+ >=dev-libs/libgcrypt-1.2.2
+ >=sys-apps/dbus-1.0
+ caps? ( sys-libs/libcap-ng )
+ pam? ( virtual/pam )
+"
+DEPEND="${RDEPEND}
+ >=dev-util/intltool-0.35
+ sys-devel/gettext
+ virtual/pkgconfig"
+PDEPEND=">=gnome-base/libgnome-keyring-3.1.92"
+# eautoreconf needs:
+# >=dev-util/gtk-doc-am-1.9
+# gtk-doc-am is not needed otherwise (no gtk-docs are installed)
+
+# FIXME: tests are very flaky and write to /tmp (instead of TMPDIR)
+RESTRICT="test"
+
+src_prepare() {
+ DOCS="AUTHORS ChangeLog NEWS README"
+ G2CONF="${G2CONF}
+ $(use_enable debug)
+ $(use_with caps libcap-ng)
+ $(use_enable pam)
+ $(use_with pam pam-dir $(getpam_mod_dir))
+ $(use_enable selinux)
+ --with-root-certs=${EPREFIX}/etc/ssl/certs/
+ --with-ca-certificates=${EPREFIX}/etc/ssl/certs/ca-certificates.crt
+ --enable-ssh-agent
+ --enable-gpg-agent"
+ # Bug #436392, CVE-2012-3466; fixed in 3.6
+ epatch "${FILESDIR}/${P}-gpg-cache-method-"{1,2}.patch
+ gnome2_src_prepare
+}
+
+src_test() {
+ unset DBUS_SESSION_BUS_ADDRESS
+ Xemake check
+}
+
+pkg_postinst() {
+ use caps && fcaps 0:0 755 cap_ipc_lock "${ROOT}"/usr/bin/gnome-keyring-daemon
+
+ gnome2_pkg_postinst
+}
+
+# borrowed from GSoC2010_Gentoo_Capabilities by constanze and Flameeyes
+# @FUNCTION: fcaps
+# @USAGE: fcaps {uid:gid} {file-mode} {cap1[,cap2,...]} {file}
+# @RETURN: 0 if all okay; non-zero if failure and fallback
+# @DESCRIPTION:
+# fcaps sets the specified capabilities in the effective and permitted set of
+# the given file. In case of failure fcaps sets the given file-mode.
+# Requires versionator.eclass
+fcaps() {
+ local uid_gid=$1
+ local perms=$2
+ local capset=$3
+ local path=$4
+ local res
+
+ chmod $perms $path && \
+ chown $uid_gid $path
+ res=$?
+
+ use caps || return $res
+
+ #set the capability
+ setcap "$capset=ep" "$path" &> /dev/null
+ #check if the capability got set correctly
+ setcap -v "$capset=ep" "$path" &> /dev/null
+ res=$?
+
+ if [ $res -ne 0 ]; then
+ ewarn "Failed to set capabilities. Probable reason is missing kernel support."
+ ewarn "Your kernel must have <FS>_FS_SECURITY enabled (e.g. EXT4_FS_SECURITY)"
+ ewarn "where <FS> is the filesystem to store ${path}"
+ if ! version_is_at_least 2.6.33 "$(uname -r)"; then
+ ewarn "For kernel 2.6.32 or older, you will also need to enable"
+ ewarn "SECURITY_FILE_CAPABILITIES."
+ fi
+ ewarn
+ ewarn "Falling back to suid now..."
+ chmod u+s ${path}
+ fi
+ return $res
+}
diff --git a/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild b/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild
index cb1d931a8e78..6118758803b3 100644
--- a/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild
+++ b/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild,v 1.1 2012/05/13 18:15:00 tetromino Exp $
+# $Header: /var/cvsroot/gentoo-x86/gnome-base/gnome-keyring/gnome-keyring-3.4.1.ebuild,v 1.2 2012/10/24 07:11:50 tetromino Exp $
EAPI="4"
GCONF_DEBUG="no"
@@ -13,7 +13,7 @@ HOMEPAGE="http://www.gnome.org/"
LICENSE="GPL-2 LGPL-2"
SLOT="0"
-IUSE="+caps debug doc pam selinux"
+IUSE="+caps debug pam selinux"
KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~sparc-solaris ~x86-solaris"
RDEPEND=">=app-crypt/gcr-3.3.4
@@ -27,13 +27,12 @@ RDEPEND=">=app-crypt/gcr-3.3.4
"
DEPEND="${RDEPEND}
sys-devel/gettext
- >=dev-util/gtk-doc-am-1.9
>=dev-util/intltool-0.35
- virtual/pkgconfig
- doc? ( >=dev-util/gtk-doc-1.9 )"
+ virtual/pkgconfig"
PDEPEND=">=gnome-base/libgnome-keyring-3.1.92"
# eautoreconf needs:
# >=dev-util/gtk-doc-am-1.9
+# gtk-doc-am is not needed otherwise (no gtk-docs are installed)
# FIXME: tests are very flaky and write to /tmp (instead of TMPDIR)
RESTRICT="test"