blob: 795e71f73b1f7a72ddd248c002e7d6d58481d3c3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
|
# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit systemd prefix tmpfiles
DESCRIPTION="A man replacement that utilizes dbm instead of flat files"
HOMEPAGE="https://gitlab.com/man-db/man-db https://www.nongnu.org/man-db/"
if [[ ${PV} == *9999 ]] ; then
inherit autotools git-r3
EGIT_REPO_URI="https://gitlab.com/man-db/man-db"
else
# TODO: Change tarballs to gitlab too...?
SRC_URI="mirror://nongnu/${PN}/${P}.tar.xz"
KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
fi
LICENSE="GPL-3"
SLOT="0"
IUSE="+manpager nls +seccomp selinux static-libs zlib"
CDEPEND="
>=dev-libs/libpipeline-1.5.0
sys-apps/groff
sys-libs/gdbm:=
seccomp? ( sys-libs/libseccomp )
zlib? ( sys-libs/zlib )"
DEPEND="${CDEPEND}"
BDEPEND="app-arch/xz-utils
virtual/pkgconfig
nls? (
>=app-text/po4a-0.45
sys-devel/gettext
virtual/libiconv
virtual/libintl
)"
RDEPEND="${CDEPEND}
acct-group/man
acct-user/man
selinux? ( sec-policy/selinux-mandb )"
PDEPEND="manpager? ( app-text/manpager )"
PATCHES=(
"${FILESDIR}"/man-db-2.9.3-sandbox-env-tests.patch
)
src_unpack() {
if [[ ${PV} == *9999 ]] ; then
git-r3_src_unpack
# We need to mess with gnulib
EGIT_REPO_URI="https://git.savannah.gnu.org/r/gnulib.git" \
EGIT_CHECKOUT_DIR="${WORKDIR}/gnulib" \
git-r3_src_unpack
else
default
fi
}
src_prepare() {
default
if [[ ${PV} == *9999 ]] ; then
local bootstrap_opts=(
--gnulib-srcdir=../gnulib
--no-bootstrap-sync
--copy
--no-git
)
AUTORECONF="/bin/true" \
LIBTOOLIZE="/bin/true" \
sh ./bootstrap "${bootstrap_opts[@]}" || die
eautoreconf
fi
hprefixify src/man_db.conf.in
if use prefix ; then
{
echo "#"
echo "# Added settings for Gentoo Prefix"
[[ ${CHOST} == *-darwin* ]] && \
echo "MANDATORY_MANPATH ${EPREFIX}/MacOSX.sdk/usr/share/man"
echo "MANDATORY_MANPATH /usr/share/man"
} >> src/man_db.conf.in
fi
}
src_configure() {
# Set sections we want to search by default
local sections="1 1p 8 2 3 3p 4 5 6 7 9 0p tcl n l p o"
sections+=" 1x 2x 3x 4x 5x 6x 7x 8x"
case ${CHOST} in
*-solaris*)
# Solaris tends to use sections named after the pkgs that
# owns them, in particular for libc functions we want those
# sections
local s
for s in $(cd /usr/share/man/ && echo man*) ; do
s=${s#man}
[[ " ${sections} " != *" ${s} "* ]] && sections+=" ${s}"
done
;;
esac
export ac_cv_lib_z_gzopen=$(usex zlib)
local myeconfargs=(
--with-systemdtmpfilesdir="${EPREFIX}"/usr/lib/tmpfiles.d
--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
--disable-setuid # bug #662438
$(use_enable !prefix cache-owner man) # bug #917024
--with-sections="${sections}"
$(use_enable nls)
$(use_enable static-libs static)
$(use_with seccomp libseccomp)
--with-db=gdbm
)
case ${CHOST} in
*-solaris*|*-darwin*)
myeconfargs+=(
$(use_with nls libiconv-prefix "${EPREFIX}"/usr)
$(use_with nls libintl-prefix "${EPREFIX}"/usr)
)
;;
esac
econf "${myeconfargs[@]}"
# Disable color output from groff so that the manpager can add it. bug #184604
if use manpager; then
sed -i \
-e '/^#DEFINE.*\<[nt]roff\>/{s:^#::;s:$: -c:}' \
src/man_db.conf || die
fi
cat > 15man-db <<-EOF || die
SANDBOX_PREDICT="/var/cache/man"
EOF
}
src_install() {
default
dodoc docs/{HACKING.md,TODO}
find "${ED}" -type f -name "*.la" -delete || die
exeinto /etc/cron.daily
newexe "${FILESDIR}"/man-db.cron-r1 man-db # bug #289884
insinto /etc/sandbox.d
doins 15man-db
}
pkg_preinst() {
local cachedir="${EROOT}/var/cache/man"
# If the system was already exploited, and the attacker is hiding in the
# cachedir of the old man-db, let's wipe them out.
# see bug #602588 comment 18
local _replacing_version=
local _setgid_vuln=0
for _replacing_version in ${REPLACING_VERSIONS} ; do
if ver_test '2.7.6.1-r2' -le "${_replacing_version}" ; then
debug-print "Skipping security bug #602588 ... existing installation (${_replacing_version}) should not be affected!"
else
_setgid_vuln=1
debug-print "Applying cleanup for security bug #602588"
fi
done
[[ ${_setgid_vuln} -eq 1 ]] && rm -rf "${cachedir}"
# Fall back to recreating the cachedir
if [[ ! -d ${cachedir} ]] ; then
mkdir -p "${cachedir}" || die
chown man:man "${cachedir}" || die
fi
# Update the whatis cache
if [[ -f ${cachedir}/whatis ]] ; then
einfo "Cleaning ${cachedir} from sys-apps/man"
find "${cachedir}" -type f '!' '(' -name index.bt -o -name index.db ')' -delete
fi
}
pkg_postinst() {
tmpfiles_process man-db.conf
if [[ -n "${REPLACING_VERSIONS}" ]] ; then
local _replacing_version=
for _replacing_version in ${REPLACING_VERSIONS} ; do
if [[ $(ver_cut 2 ${_replacing_version}) -lt 7 ]] ; then
einfo "Rebuilding man-db from scratch with new database format!"
su man -s /bin/sh -c 'mandb --quiet --create' 2>/dev/null
# No need to run it again if we hit one
break
fi
done
fi
}
|