commit: ef7c4bacba33dac9ad48e980d68cfe57e2bf6858 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> AuthorDate: Wed Mar 31 22:54:33 2021 +0000 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> CommitDate: Wed Mar 31 22:54:44 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef7c4bac
sys-apps/busybox: security cleanup Bug: https://bugs.gentoo.org/777255 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org> sys-apps/busybox/Manifest | 1 - sys-apps/busybox/busybox-1.32.0-r1.ebuild | 337 ------------------------------ 2 files changed, 338 deletions(-) diff --git a/sys-apps/busybox/Manifest b/sys-apps/busybox/Manifest index 42946ab9197..b15a4a97e0d 100644 --- a/sys-apps/busybox/Manifest +++ b/sys-apps/busybox/Manifest @@ -1,3 +1,2 @@ -DIST busybox-1.32.0.tar.bz2 2439463 BLAKE2B 75937ae6e1401d7ab947d80f4b206112023ff2b7d04257ffa2c254cadabb92282ba04d5d608659b6c98fade1ccd0b0f6b204c8758263d59dea6508a3157a7c69 SHA512 1b1227af69a97e820e28f5f1c62413e4e179202ab525725ea0b1afe9b9f9a5f00e5e32f4603e804ba1596b0fedd60d60457a6d2b8fcedfab45b6e049caeb319b DIST busybox-1.32.1.tar.bz2 2444679 BLAKE2B b0258345d40628d8c12b4cc5c3efdb318cfb469e029242942cdad22aeec5142963291a746fbac450b43a4a1f2f7e9204442456691fa98f18eeaa58c70d714caf SHA512 3a33e99adaf7cbd51dcbeb31b5361123bf61ac040c0a032656c654ddb69c4074af75fb4335ba63f283067f61a22d7d7cbca8e1ed265c9522982c453ce48ea2fd DIST busybox-1.33.0.tar.bz2 2448841 BLAKE2B bc25c2187cd7e357dd2f75b3eaae33ab9da318bbcec861e0b6b00da8466a86a17a71933035958f70badb9f1f143fa7f11f114c12a52f3680042730471f56cefe SHA512 20f8f5197c5cbc8b244f69d82d6628066296c7306a9736ee1344cb555882854412cf7f264490f9a735251c139b9621004f48e972d06ef2623a3c99278f8e765a diff --git a/sys-apps/busybox/busybox-1.32.0-r1.ebuild b/sys-apps/busybox/busybox-1.32.0-r1.ebuild deleted file mode 100644 index a0431ffc93b..00000000000 --- a/sys-apps/busybox/busybox-1.32.0-r1.ebuild +++ /dev/null @@ -1,337 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -# See `man savedconfig.eclass` for info on how to use USE=savedconfig. - -EAPI=7 - -inherit flag-o-matic savedconfig toolchain-funcs - -DESCRIPTION="Utilities for rescue and embedded systems" -HOMEPAGE="https://www.busybox.net/" -if [[ ${PV} == "9999" ]] ; then - MY_P=${P} - EGIT_REPO_URI="https://git.busybox.net/busybox" - inherit git-r3 -else - MY_P=${PN}-${PV/_/-} - SRC_URI="https://www.busybox.net/downloads/${MY_P}.tar.bz2" - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~amd64-linux ~x86-linux" -fi - -LICENSE="GPL-2" # GPL-2 only -SLOT="0" -IUSE="debug ipv6 livecd make-symlinks math mdev pam selinux sep-usr static syslog systemd" -REQUIRED_USE="pam? ( !static )" -RESTRICT="test" - -COMMON_DEPEND="!static? ( selinux? ( sys-libs/libselinux ) ) - pam? ( sys-libs/pam ) - virtual/libcrypt:=" -DEPEND="${COMMON_DEPEND} - static? ( - virtual/libcrypt[static-libs] - selinux? ( sys-libs/libselinux[static-libs(+)] ) - ) - >=sys-kernel/linux-headers-2.6.39" -RDEPEND="${COMMON_DEPEND} - mdev? ( !<sys-apps/openrc-0.13 )" - -S="${WORKDIR}/${MY_P}" - -busybox_config_option() { - local flag=$1 ; shift - if [[ ${flag} != [yn] && ${flag} != \"* ]] ; then - busybox_config_option $(usex ${flag} y n) "$@" - return - fi - local expr - while [[ $# -gt 0 ]] ; do - case ${flag} in - y) expr="s:.*\<CONFIG_$1\>.*set:CONFIG_$1=y:g" ;; - n) expr="s:CONFIG_$1=y:# CONFIG_$1 is not set:g" ;; - *) expr="s:.*\<CONFIG_$1\>.*:CONFIG_$1=${flag}:g" ;; - esac - sed -i -e "${expr}" .config || die - einfo "$(grep "CONFIG_$1[= ]" .config || echo "Could not find CONFIG_$1 ...")" - shift - done -} - -busybox_config_enabled() { - local val=$(sed -n "/^CONFIG_$1=/s:^[^=]*=::p" .config) - case ${val} in - "") return 1 ;; - y) return 0 ;; - *) echo "${val}" | sed -r 's:^"(.*)"$:\1:' ;; - esac -} - -# patches go here! -PATCHES=( - "${FILESDIR}"/${PN}-1.26.2-bb.patch - # "${FILESDIR}"/${P}-*.patch -) - -src_prepare() { - default - unset KBUILD_OUTPUT #88088 - append-flags -fno-strict-aliasing #310413 - use ppc64 && append-flags -mminimal-toc #130943 - - cp "${FILESDIR}"/ginit.c init/ || die - - # flag cleanup - sed -i -r \ - -e 's:[[:space:]]?-(Werror|Os|falign-(functions|jumps|loops|labels)=1|fomit-frame-pointer)\>::g' \ - Makefile.flags || die - #sed -i '/bbsh/s:^//::' include/applets.h - sed -i '/^#error Aborting compilation./d' applets/applets.c || die - use elibc_glibc && sed -i 's:-Wl,--gc-sections::' Makefile - sed -i \ - -e "/^CROSS_COMPILE/s:=.*:= ${CHOST}-:" \ - -e "/^AR\>/s:=.*:= $(tc-getAR):" \ - -e "/^CC\>/s:=.*:= $(tc-getCC):" \ - -e "/^HOSTCC/s:=.*:= $(tc-getBUILD_CC):" \ - -e "/^PKG_CONFIG\>/s:=.*:= $(tc-getPKG_CONFIG):" \ - Makefile || die - sed -i \ - -e 's:-static-libgcc::' \ - Makefile.flags || die -} - -src_configure() { - # check for a busybox config before making one of our own. - # if one exist lets return and use it. - - restore_config .config - if [ -f .config ]; then - yes "" | emake -j1 -s oldconfig >/dev/null - return 0 - else - ewarn "Could not locate user configfile, so we will save a default one" - fi - - # setup the config file - emake -j1 -s allyesconfig >/dev/null - # nommu forces a bunch of things off which we want on #387555 - busybox_config_option n NOMMU - sed -i '/^#/d' .config - yes "" | emake -j1 -s oldconfig >/dev/null - - # now turn off stuff we really don't want - busybox_config_option n DMALLOC - busybox_config_option n FEATURE_2_4_MODULES #607548 - busybox_config_option n FEATURE_SUID_CONFIG - busybox_config_option n BUILD_AT_ONCE - busybox_config_option n BUILD_LIBBUSYBOX - busybox_config_option n FEATURE_CLEAN_UP - busybox_config_option n MONOTONIC_SYSCALL - busybox_config_option n USE_PORTABLE_CODE - busybox_config_option n WERROR - # triming the BSS size may be dangerous - busybox_config_option n FEATURE_USE_BSS_TAIL - - # These cause trouble with musl. - if use elibc_musl; then - busybox_config_option n FEATURE_UTMP - busybox_config_option n EXTRA_COMPAT - busybox_config_option n FEATURE_VI_REGEX_SEARCH - fi - - # If these are not set and we are using a uclibc/busybox setup - # all calls to system() will fail. - busybox_config_option y ASH - busybox_config_option y SH_IS_ASH - busybox_config_option n HUSH - busybox_config_option n SH_IS_HUSH - - busybox_config_option '"/run"' PID_FILE_PATH - busybox_config_option '"/run/ifstate"' IFUPDOWN_IFSTATE_PATH - - # disable ipv6 applets - if ! use ipv6; then - busybox_config_option n FEATURE_IPV6 - busybox_config_option n TRACEROUTE6 - busybox_config_option n PING6 - busybox_config_option n UDHCPC6 - fi - - busybox_config_option pam PAM - busybox_config_option static STATIC - busybox_config_option syslog {K,SYS}LOGD LOGGER - busybox_config_option systemd FEATURE_SYSTEMD - busybox_config_option math FEATURE_AWK_LIBM - - # disable features that uClibc doesn't (yet?) provide. - if use elibc_uclibc; then - busybox_config_option n FEATURE_SYNC_FANCY #567598 - busybox_config_option n NSENTER - fi - - # all the debug options are compiler related, so punt them - busybox_config_option n DEBUG_SANITIZE - busybox_config_option n DEBUG - busybox_config_option y NO_DEBUG_LIB - busybox_config_option n DMALLOC - busybox_config_option n EFENCE - busybox_config_option $(usex debug y n) TFTP_DEBUG - - busybox_config_option selinux SELINUX - - # this opt only controls mounting with <linux-2.6.23 - busybox_config_option n FEATURE_MOUNT_NFS - - # glibc-2.26 and later does not ship RPC implientation - busybox_config_option n FEATURE_HAVE_RPC - busybox_config_option n FEATURE_INETD_RPC - - # default a bunch of uncommon options to off - local opt - for opt in \ - ADD_SHELL \ - BEEP BOOTCHARTD \ - CRONTAB \ - DC DEVFSD DNSD DPKG{,_DEB} \ - FAKEIDENTD FBSPLASH FOLD FSCK_MINIX FTP{GET,PUT} \ - FEATURE_DEVFS \ - HOSTID HUSH \ - INETD INOTIFYD IPCALC \ - LOCALE_SUPPORT LOGNAME LPD \ - MAKEMIME MKFS_MINIX MSH \ - OD \ - RDEV READPROFILE REFORMIME REMOVE_SHELL RFKILL RUN_PARTS RUNSV{,DIR} \ - SLATTACH SMEMCAP SULOGIN SV{,LOGD} \ - TASKSET TCPSVD \ - RPM RPM2CPIO \ - UDPSVD UUDECODE UUENCODE - do - busybox_config_option n ${opt} - done - - emake -j1 oldconfig > /dev/null -} - -src_compile() { - unset KBUILD_OUTPUT #88088 - export SKIP_STRIP=y - - emake V=1 busybox -} - -src_install() { - unset KBUILD_OUTPUT #88088 - save_config .config - - into / - dodir /bin - if use sep-usr ; then - # install /ginit to take care of mounting stuff - exeinto / - newexe busybox_unstripped ginit - dosym /ginit /bin/bb - dosym bb /bin/busybox - else - newbin busybox_unstripped busybox - dosym busybox /bin/bb - fi - if use mdev ; then - dodir /$(get_libdir)/mdev/ - use make-symlinks || dosym /bin/bb /sbin/mdev - cp "${S}"/examples/mdev_fat.conf "${ED}"/etc/mdev.conf - - exeinto /$(get_libdir)/mdev/ - doexe "${FILESDIR}"/mdev/* - - newinitd "${FILESDIR}"/mdev.initd mdev - fi - if use livecd ; then - dosym busybox /bin/vi - fi - - # add busybox daemon's, bug #444718 - if busybox_config_enabled FEATURE_NTPD_SERVER; then - newconfd "${FILESDIR}/ntpd.confd" "busybox-ntpd" - newinitd "${FILESDIR}/ntpd.initd" "busybox-ntpd" - fi - if busybox_config_enabled SYSLOGD; then - newconfd "${FILESDIR}/syslogd.confd" "busybox-syslogd" - newinitd "${FILESDIR}/syslogd.initd" "busybox-syslogd" - fi - if busybox_config_enabled KLOGD; then - newconfd "${FILESDIR}/klogd.confd" "busybox-klogd" - newinitd "${FILESDIR}/klogd.initd" "busybox-klogd" - fi - if busybox_config_enabled WATCHDOG; then - newconfd "${FILESDIR}/watchdog.confd" "busybox-watchdog" - newinitd "${FILESDIR}/watchdog.initd" "busybox-watchdog" - fi - if busybox_config_enabled UDHCPC; then - local path=$(busybox_config_enabled UDHCPC_DEFAULT_SCRIPT) - exeinto "${path%/*}" - newexe examples/udhcp/simple.script "${path##*/}" - fi - if busybox_config_enabled UDHCPD; then - insinto /etc - doins examples/udhcp/udhcpd.conf - fi - - # bundle up the symlink files for use later - emake DESTDIR="${ED}" install - rm _install/bin/busybox - # for compatibility, provide /usr/bin/env - mkdir -p _install/usr/bin - ln -s /bin/env _install/usr/bin/env - tar cf busybox-links.tar -C _install . || : #;die - insinto /usr/share/${PN} - use make-symlinks && doins busybox-links.tar - - dodoc AUTHORS README TODO - - cd docs - docinto txt - dodoc *.txt - docinto pod - dodoc *.pod - docinto html - dodoc *.html - - cd ../examples - docinto examples - dodoc inittab depmod.pl *.conf *.script undeb unrpm -} - -pkg_preinst() { - if use make-symlinks && [[ ! ${VERY_BRAVE_OR_VERY_DUMB} == "yes" ]] && [[ -z "${ROOT}" ]] ; then - ewarn "setting USE=make-symlinks and emerging to / is very dangerous." - ewarn "it WILL overwrite lots of system programs like: ls bash awk grep (bug 60805 for full list)." - ewarn "If you are creating a binary only and not merging this is probably ok." - ewarn "set env VERY_BRAVE_OR_VERY_DUMB=yes if this is really what you want." - die "silly options will destroy your system" - fi - - if use make-symlinks ; then - mv "${ED}"/usr/share/${PN}/busybox-links.tar "${T}"/ || die - fi -} - -pkg_postinst() { - savedconfig_pkg_postinst - - if use make-symlinks ; then - cd "${T}" || die - mkdir _install - tar xf busybox-links.tar -C _install || die - cp -vpPR _install/* "${ROOT}"/ || die "copying links for ${x} failed" - fi - - if use sep-usr ; then - elog "In order to use the sep-usr support, you have to update your" - elog "kernel command line. Add the option:" - elog " init=/ginit" - elog "To launch a different init than /sbin/init, use:" - elog " init=/ginit /sbin/yourinit" - elog "To get a rescue shell, you may boot with:" - elog " init=/ginit bb" - fi -}