ari/dinolay
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dinolay/app-admin/kos/kos-43.ebuild
Ari Archer 15c7987d54
u app-admin/kos
2022-10-17 22:57:23 +03:00

206 lines
6.1 KiB
Bash
Raw Permalink Blame History

# Copyright 2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
inherit bash-completion-r1
DESCRIPTION="A simple SUID tool written in C++"
HOMEPAGE="https://ari-web.xyz/gh/kos"
SRC_URI="https://ari-web.xyz/gh/kos/archive/refs/tags/v$PV.tar.gz -> ${P}.tar.gz"
LICENSE="GPL-3"
SLOT="0"
KEYWORDS="~amd64"
DEPEND="
>=sys-libs/libxcrypt-4.4.27
acct-group/kos
man? ( sys-apps/man-db )
bash-completion? ( app-shells/bash-completion )
"
RDEPEND="${DEPEND}"
BDEPEND="
gcc? ( sys-devel/gcc[cxx] )
vtable-harden-gcc? ( sys-devel/gcc[vtv] )
clang? ( sys-devel/clang )
>=dev-util/pkgconf-1.8.0-r1
valgrind? ( dev-util/valgrind app-shells/bash )
test? ( sys-devel/gcc sys-devel/clang sys-apps/coreutils sys-apps/net-tools app-shells/bash )
"
IUSE="gcc +strip +man bash-completion doc
+clang +size debug +group-inherit
+setenv speed lto test
unsafe-group-validation unsafe-password-validation
+safe hardened unsafe-password-echo valgrind quiet
infinite-ask no-bypass-root-auth stable +no-pipe
vtable-harden-gcc branch-harden-gcc fcf-harden-gcc
+no-remember-auth short-grace-time +effective-id
+safe-remember-auth rememberauth-mkdir"
REQUIRED_USE="
^^ ( clang gcc )
?? ( size debug )
clang? ( !vtable-harden-gcc !branch-harden-gcc !fcf-harden-gcc )
debug? ( !strip !speed !lto )
safe? (
!unsafe-group-validation
!unsafe-password-validation
!unsafe-password-echo
!no-remember-auth? ( safe-remember-auth )
)
hardened? ( safe no-pipe !speed !strip !size !lto )
stable? ( !no-bypass-root-auth !no-pipe )
vtable-harden-gcc? ( gcc hardened )
gcc? (
hardened? (
?? ( branch-harden-gcc fcf-harden-gcc )
)
)
short-grace-time? ( !no-remember-auth )
safe-remember-auth? ( !no-remember-auth )
rememberauth-mkdir? ( !no-remember-auth )
"
RESTRICT="
debug? ( strip )
strip? ( strip )
hardened? ( strip )
"
DOCS=(README.md TODO.md kos.1 LICENSE)
_del_config() {
echo "DEL_CONFIG: Disabling feature: $1"
sed "/#define HAVE_$1/d" -i src/config.h
}
_set_config() {
echo "SET_CONFIG: Changing feature: $1=$2"
sed "s/$1.*/$1=$2;/" -i src/config.h
}
ilog() {
${2:-ewarn} " $1"
}
src_configure() {
export CXXFLAGS="${CXXFLAGS}"
if use hardened; then
export LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now,-z,noexecstack"
CXXFLAGS+=" -D_FORTIFY_SOURCE=2 -fstack-protector-all
-fstack-protector-strong -fPIE -pie
-Wno-unused-result -Wno-unused-command-line-argument
-O2 -Werror=format-security -Wconversion -Wsign-conversion
--param ssp-buffer-size=4 -fstack-clash-protection -ftrapv -g0"
use clang && CXXFLAGS+=" -arch x86_64 -mharden-sls=all -fcf-protection=full"
if use gcc; then
if use branch-harden-gcc; then
CXXFLAGS+=" -mindirect-branch=thunk -mfunction-return=thunk"
elif use fcf-harden-gcc; then
CXXFLAGS+=" -fcf-protection=full"
fi
fi
use vtable-harden-gcc && CXXFLAGS+=" -fvtable-verify=std"
fi
use test && bash ./scripts/test/noroot.sh
use valgrind && bash ./scripts/test/valgrind.sh
use gcc && export CXX=g++
use size && CXXFLAGS+=" -Os -s"
use debug && CXXFLAGS+=" -Og -g"
use speed && CXXFLAGS+=" -O2"
use lto && CXXFLAGS+=" -flto"
use group-inherit || _del_config INITGROUP
use setenv || _del_config MODIFYENV
use quiet && _del_config LOGGING
use unsafe-password-validation && _del_config VALIDATEPASS
use unsafe-group-validation && _del_config VALIDATEGRP
use unsafe-password-echo && _del_config NOECHO
use infinite-ask || _del_config INFINITE_ASK
use no-bypass-root-auth && _set_config SKIP_ROOT_AUTH 0
use no-pipe && _del_config PIPE
use no-remember-auth && _del_config REMEMBERAUTH
use short-grace-time && _set_config GRACE_TIME 60
use effective-id || _del_config EFFECTIVE_ID
use safe-remember-auth || _del_config SAFE_REMEMBERAUTH
use rememberauth-mkdir || _del_config REMEMBERAUTH_AUTODIR
}
src_compile() {
sh ./scripts/build.sh || die 'Building failed'
if use strip; then
sh ./scripts/strip.sh kos || die 'Stripping failed'
fi
}
src_install() {
insinto /usr/bin
doins kos
fperms 4111 /usr/bin/kos
use man && doman kos.1
use bash-completion && newbashcomp completions/kos.bash "${PN}"
use doc && einstalldocs
}
pkg_postinst() {
elog 'Make sure to add yourself and other members to the'
elog '`kos` group to be able to use kos, it might not exist'
elog 'so you might need to create it:'
elog ' $ su'
elog ' # groupadd kos'
elog
elog 'And to add yourself to the group:'
elog ' # usermod -aG kos some_system_user'
if use unsafe-group-validation ||
use unsafe-password-validation ||
use unsafe-password-echo; then
echo
eerror '!! Unsafe USE flags detected: '
use unsafe-group-validation && ilog 'unsafe-group-validation: this flag makes that any user can run kos without being in the kos group'
use unsafe-password-validation && ilog 'unsafe-password-validation: this flag makes that any user can run kos without needing to know the password'
use unsafe-password-echo && ilog 'unsafe-password-echo: this flag makes that the password can be echoed instead of being hidden'
eerror 'please make sure that you actually want that behaviour'
eerror 'else disable that/those USE flag(s) and recompile kos'
ilog 'I suggest you enable `safe` USE flag to prevent this from happening again' eerror
fi
use test && ! use valgrind && (echo && ewarn 'USE=test enabled, but no valgrind enabled which is highly recomended')
use debug && use hardened && ewarn 'Hardening with debug enabled which disables Fortify'
if use hardened; then
use gcc && ! use vtable-harden-gcc && ewarn 'While using GCC USE=vtable-harden-gcc is suggested'
fi
if ! use no-remember-auth; then
if [ ! -d '/var/db' ]; then
echo
ewarn '/var/db does not exist for /var/db/kos, please run:'
ilog "su -c 'mkdir -p /var/db'" ewarn
fi
fi
}
Reference in a new issue View git blame Copy permalink