diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2019-01-09 15:30:19 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2019-01-09 15:30:27 +0000 |
commit | 6f02bc28dff51527838ab910861da41a065569c6 (patch) | |
tree | e14b29343c08a7d63f42bcd0c3ec928619a69dcc /main/abuild | |
parent | a3bcc8111a6875a6f9ebe137dc3d74f78c6a076c (diff) | |
download | aports-6f02bc28dff51527838ab910861da41a065569c6.tar.bz2 aports-6f02bc28dff51527838ab910861da41a065569c6.tar.xz |
main/abuild: upgrade to 3.3.0_pre2
Diffstat (limited to 'main/abuild')
4 files changed, 3 insertions, 111 deletions
diff --git a/main/abuild/0001-abuild-rmtemp-Do-not-follow-symbolic-links.patch b/main/abuild/0001-abuild-rmtemp-Do-not-follow-symbolic-links.patch deleted file mode 100644 index 82a9d2af60..0000000000 --- a/main/abuild/0001-abuild-rmtemp-Do-not-follow-symbolic-links.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 0b8a272359685c5b9b3c87444c79eeb3b75c9992 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net> -Date: Thu, 11 Oct 2018 16:44:45 +0200 -Subject: [PATCH] abuild-rmtemp: Do not follow symbolic links - -Symbolic links might point to files outside of the chroot and -thus might delete files outside the chroot. This allows deletion -of arbitrary directories on the host from a malicious APKBUILD. - -Following hard links shouldn't be a problem since hard links (usually) -cannot refer to directories and since remove(3) removes the link, not -the file it points to it shouldn't cause a problem. - -I noticed this because alpine-baselayout creates /var/run as a symlink -to /run. Therefore causing /run to be deleted on the host when using -abuild-rmtemp which in turn causes a bunch of software to no longer -function properly (including OpenRC). ---- - abuild-rmtemp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/abuild-rmtemp.c b/abuild-rmtemp.c -index 1fca31c..b9511ce 100644 ---- a/abuild-rmtemp.c -+++ b/abuild-rmtemp.c -@@ -44,7 +44,7 @@ int main(int argc, char **argv) { - if (!p) errx(1, "Incorrect user"); - if (s.st_uid != p->pw_uid) errx(1, "Permission denied"); - -- if (nftw(argv[1], handler, 512, FTW_DEPTH)) fail(); -+ if (nftw(argv[1], handler, 512, FTW_DEPTH|FTW_PHYS)) fail(); - - return 0; - } diff --git a/main/abuild/0001-abuild-sign-fall-back-to-libressl-if-openssl-is-miss.patch b/main/abuild/0001-abuild-sign-fall-back-to-libressl-if-openssl-is-miss.patch deleted file mode 100644 index 414926e69e..0000000000 --- a/main/abuild/0001-abuild-sign-fall-back-to-libressl-if-openssl-is-miss.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 77ad3d42df29da964f29ef5fe638277b35eb0b83 Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Thu, 8 Nov 2018 11:43:47 +0000 -Subject: [PATCH] abuild-sign: fall back to libressl if openssl is missing - -openssl binary may be missing while migrating system from libressl to -openssl. Make sure we can always sign the backage if either is there. ---- - abuild-sign.in | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/abuild-sign.in b/abuild-sign.in -index 7b5b6db..5890bf5 100644 ---- a/abuild-sign.in -+++ b/abuild-sign.in -@@ -17,6 +17,7 @@ fi - - do_sign() { - local f i keyname repo -+ local openssl=$(command -v openssl || echo libressl) - - # we are actually only interested in the name, not the file itself - keyname=${pubkey##*/} -@@ -29,7 +30,7 @@ do_sign() { - set -e - cd "$repo" - sig=".SIGN.RSA.$keyname" -- openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i" -+ $openssl dgst -sha1 -sign "$privkey" -out "$sig" "$i" - tmptargz=$(mktemp) - tar -f - -c "$sig" | abuild-tar --cut | gzip -9 > "$tmptargz" - tmpsigned=$(mktemp) --- -2.19.1 - diff --git a/main/abuild/APKBUILD b/main/abuild/APKBUILD index ca4a3e9635..a4e34099f3 100644 --- a/main/abuild/APKBUILD +++ b/main/abuild/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=abuild -pkgver=3.3.0_pre1 +pkgver=3.3.0_pre2 _ver=${pkgver%_git*} -pkgrel=3 +pkgrel=0 pkgdesc="Script to build Alpine Packages" url="https://git.alpinelinux.org/cgit/abuild/" arch="all" @@ -21,9 +21,6 @@ subpackages="apkbuild-cpan:cpan:noarch apkbuild-gem-resolver:gems:noarch options="suid !check" pkggroups="abuild" source="https://dev.alpinelinux.org/archive/abuild/abuild-$_ver.tar.xz - 0001-abuild-rmtemp-Do-not-follow-symbolic-links.patch - add-multithreaded-compression.patch - 0001-abuild-sign-fall-back-to-libressl-if-openssl-is-miss.patch " builddir="$srcdir/$pkgname-$_ver" @@ -71,7 +68,4 @@ _rootbld() { mkdir -p "$subpkgdir" } -sha512sums="5d3c2c04a7d6ede2c08b524423f9594ced42d4d67f10327996a38e0782fc2de1f8086187aa9a9072df5c1aced540bdcf1b8002b832df4cf2c6a56f6f89657aa7 abuild-3.3.0_pre1.tar.xz -e2cefff3b9d460132a7ef90c5f8ddb309b748e2ef40157c31d3dc047b0516838d8c5a0fe51952e004252ad15a76c5758d61f8deb35a970a0841fec188f8d521d 0001-abuild-rmtemp-Do-not-follow-symbolic-links.patch -933430cfa7f1e37eb3a1867fbf99581e6ae67be4d0a31c84d1a392ccf3ce95862a9b5a0a8cafd8b65edad46ef900bb6ca6a10666993c972b65fdd92b7c07f2d3 add-multithreaded-compression.patch -9b4a13667897ca953f46367f01253781fba1134b2c28f82d0e85ed89bb907c61db1eb9dce875d9c164ac9bd540ebe1d8e9120bc3f75d55a47612e50b24a89d5c 0001-abuild-sign-fall-back-to-libressl-if-openssl-is-miss.patch" +sha512sums="f6892d471ba06557409fc74bb6c858ae757805a820c7d91f43a0414e2d27c2c9084e196d346faaa91c09644b766a88bce4d8f51eee6df57b7b8175ffb1fd3773 abuild-3.3.0_pre2.tar.xz" diff --git a/main/abuild/add-multithreaded-compression.patch b/main/abuild/add-multithreaded-compression.patch deleted file mode 100644 index a89a6bdb20..0000000000 --- a/main/abuild/add-multithreaded-compression.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 21b62c7675dc63d01b84eb7127227033389f35ae Mon Sep 17 00:00:00 2001 -From: Tiago Ilieve <tiago.myhro@gmail.com> -Date: Sun, 28 Oct 2018 12:34:02 +0000 -Subject: [PATCH] abuild.in: add multithreaded compression - -The 'Compressing data' step takes a significant amount of time when -packaging software with huge binaries, like Kubernetes. This can -certainly be shortened using multithreaded compression, like 'pigz'. ---- - abuild.in | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/abuild.in b/abuild.in -index 42382e5..ec57104 100644 ---- a/abuild.in -+++ b/abuild.in -@@ -1451,6 +1451,7 @@ human_size() { - - create_apks() { - local file= dir= name= ver= apk= datadir= size= -+ local gzip=$(command -v pigz || echo gzip) - getpkgver || return 1 - if ! options_has "!tracedeps"; then - for file in "$pkgbasedir"/.control.*/.PKGINFO; do -@@ -1487,7 +1488,7 @@ create_apks() { - touch .dummy - set -- .dummy - fi -- tar --xattrs -f - -c "$@" | abuild-tar --hash | gzip -9 >"$dir"/data.tar.gz -+ tar --xattrs -f - -c "$@" | abuild-tar --hash | $gzip -9 >"$dir"/data.tar.gz - - msg "Create checksum..." - # append the hash for data.tar.gz |