diff --git a/gnutls/PKGBUILD b/gnutls/PKGBUILD index f184676..4631891 100644 --- a/gnutls/PKGBUILD +++ b/gnutls/PKGBUILD @@ -6,13 +6,13 @@ #-----------------------------------------| DESCRIPTION |--------------------------------------- pkgname=gnutls -pkgver=3.8.3 +pkgver=3.8.4 pkgrel=01 pkgdesc="A library which provides a secure layer over a reliable transport layer w/o zstd " url="https://www.gnutls.org/" options=('!zipman') #options=('!zipman' 'debug') # comment or rm zipman option above, uncomment here to have gnutls-debug pkg produced -depends=('glibc' 'gcc-libs' 'gmp' 'libtasn1' 'readline' 'zlib' 'nettle' +depends=('glibc' 'gcc-libs' 'gmp' 'libtasn1' 'zlib' 'nettle' 'libp11-kit' 'libidn2' 'libidn2.so' 'libunistring' 'brotli') makedepends=('tpm2-tss' 'gtk-doc' 'autoconf' 'automake' 'gettext') # gtk-doc required for autoreconf when patching checkdepends=('net-tools' 'tpm2-tools') @@ -79,13 +79,13 @@ arch=(x86_64) #license=('GPL3' 'LGPL2.1') license=('GPL-3.0-or-later AND LGPL-2.1-or-later') -validpgpkeys=('462225C3B46F34879FC8496CD605848ED7E69871') # "Daiki Ueno " -#validpgpkeys=('5D46CB0F763405A7053556F47A75A648B3F9220C') # "Zoltan Fridrich " +#validpgpkeys=('462225C3B46F34879FC8496CD605848ED7E69871') # "Daiki Ueno " +validpgpkeys=('5D46CB0F763405A7053556F47A75A648B3F9220C') # "Zoltan Fridrich " -sha256sums=(f74fc5954b27d4ec6dfbb11dea987888b5b124289a3703afcada0ee520f4173e # gnutls-3.8.3.tar.xz - 9794181088256ab5cdfb36938effcdd52dec3caae8c119e90433f8ce9d433bd9 # gnutls-3.8.3.tar.xz.sig +sha256sums=(2bea4e154794f3f00180fa2a5c51fe8b005ac7a31cd58bd44cdfa7f36ebc3a9b # gnutls-3.8.4.tar.xz + 221494db78414ea6b508ce51f2ea487052ff0ad1606e5d9431b7e4fca60629b3 # gnutls-3.8.4.tar.xz.sig 22e614510fe52defe8c233ce3e5ead2205739fd967657ce3176ca121f3c562b5 # config 2a911615739cb327b6dced36b595ea10c89f40bb7274d062dab14a9ecfe89708) # gnutls-ktls_disable_keyupdate_test.patch -## 0f3bd1b4cf00ea56e06c96ae15ae6d661689e01ad8c28903b3e51177b6a72c21 gnutls-3.8.3-01-x86_64.pkg.tar.lz +## b49362836666594b38b87e8acef2e9b838d48b334d8991a960cbfa6b47ca9d72 gnutls-3.8.4-01-x86_64.pkg.tar.lz diff --git a/gnutls/PKGBUILD-arch b/gnutls/PKGBUILD-arch index cb55891..6a39d34 100644 --- a/gnutls/PKGBUILD-arch +++ b/gnutls/PKGBUILD-arch @@ -2,14 +2,14 @@ # Contributor: Jan de Groot pkgname=gnutls -pkgver=3.8.3 +pkgver=3.8.4 pkgrel=1 pkgdesc="A library which provides a secure layer over a reliable transport layer" arch=('x86_64') license=('GPL-3.0-or-later AND LGPL-2.1-or-later') url="https://www.gnutls.org/" options=('!zipman') -depends=('glibc' 'gcc-libs' 'gmp' 'libtasn1' 'readline' 'zlib' 'nettle' +depends=('glibc' 'gcc-libs' 'gmp' 'libtasn1' 'zlib' 'nettle' 'libp11-kit' 'libidn2' 'zstd' 'libidn2.so' 'libunistring' 'brotli') makedepends=('tpm2-tss' # required for autoreconf when patching @@ -21,12 +21,12 @@ backup=(etc/gnutls/config source=(https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/${pkgname}-${pkgver}.tar.xz{,.sig} config gnutls-ktls_disable_keyupdate_test.patch) -sha256sums=('f74fc5954b27d4ec6dfbb11dea987888b5b124289a3703afcada0ee520f4173e' +sha256sums=('2bea4e154794f3f00180fa2a5c51fe8b005ac7a31cd58bd44cdfa7f36ebc3a9b' 'SKIP' '22e614510fe52defe8c233ce3e5ead2205739fd967657ce3176ca121f3c562b5' '2a911615739cb327b6dced36b595ea10c89f40bb7274d062dab14a9ecfe89708') -validpgpkeys=('462225C3B46F34879FC8496CD605848ED7E69871') # "Daiki Ueno " -#validpgpkeys=('5D46CB0F763405A7053556F47A75A648B3F9220C') # "Zoltan Fridrich " +#validpgpkeys=('462225C3B46F34879FC8496CD605848ED7E69871') # "Daiki Ueno " +validpgpkeys=('5D46CB0F763405A7053556F47A75A648B3F9220C') # "Zoltan Fridrich " prepare() { cd ${pkgname}-${pkgver} diff --git a/libcap/PKGBUILD b/libcap/PKGBUILD index 3e3a550..3f8b143 100644 --- a/libcap/PKGBUILD +++ b/libcap/PKGBUILD @@ -7,35 +7,39 @@ pkgname=libcap pkgver=2.69 -pkgrel=03 +pkgrel=04 pkgdesc='POSIX 1003.1e capabilities' url="https://sites.google.com/site/fullycapable/" depends=(glibc pam gcc-libs) makedepends=('linux-api-headers' 'go') provides=('libcap.so' 'libpsx.so') #options=(debug) ## removed 20230206 by arch as an option +# we can not use LTO as otherwise we get no reproducible package with full RELRO +options=(!lto) source=(https://kernel.org/pub/linux/libs/security/linux-privs/${pkgname}2/$pkgname-$pkgver.tar.{xz,sign} - libcap-2.68-cgo_flags.patch) # provide flags to go build (sent upstream) + libcap-2.69-cgo_flags.patch) # provide flags to go build (sent upstream) + +# NOTE: with CGO_ENABLED we need all relevant make options in build(), check() and package() otherwise the package is not reproducible +_common_make_options=( + CGO_CPPFLAGS="$CPPFLAGS" + CGO_CFLAGS="$CFLAGS" + CGO_CXXFLAGS="$CXXFLAGS" + CGO_LDFLAGS="$LDFLAGS" + CGO_REQUIRED="1" + GOFLAGS="-buildmode=pie -mod=readonly -modcacherw" + GO_BUILD_FLAGS="-ldflags '-compressdwarf=false -linkmode=external'" +) prepare() { - patch -Np1 -d $pkgname-$pkgver -i ../libcap-2.68-cgo_flags.patch + # ensure to use CGO_ENABLED all the way (so that we can have full RELRO) + patch -Np1 -d $pkgname-$pkgver -i ../libcap-2.69-cgo_flags.patch } build() { - export CGO_CPPFLAGS="$CPPFLAGS" - export CGO_CFLAGS="$CFLAGS" - export CGO_CXXFLAGS="$CXXFLAGS" - export CGO_LDFLAGS="$LDFLAGS" - export CGO_REQUIRED="1" - export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw" + export GOPATH="$srcdir" local make_options=( - CGO_CPPFLAGS="$CPPFLAGS" - CGO_CFLAGS="$CFLAGS" - CGO_CXXFLAGS="$CXXFLAGS" - CGO_LDFLAGS="$LDFLAGS" - CGO_REQUIRED="1" - GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw" + "${_common_make_options[@]}" DYNAMIC=yes KERNEL_HEADERS=/usr/include lib=lib @@ -47,16 +51,27 @@ build() { make "${make_options[@]}" } -## 2.68 some test fails on chroot comment this out and rerun makepkg with out -f -## -#check() { -# make test -k -C $pkgname-$pkgver -#} -## -## +## 2 tests failed due to a go bug rerun makepkg -e --nocheck + +check() { + export GOPATH="$srcdir" + + local make_options=( + "${_common_make_options[@]}" + test + -k + -C $pkgname-$pkgver + ) + + make "${make_options[@]}" +} package() { + export GOPATH="$srcdir" + local make_options=( + "${_common_make_options[@]}" + DESTDIR="$pkgdir" RAISE_SETFCAP=no lib=lib @@ -68,8 +83,8 @@ package() { make "${make_options[@]}" install -vDm 644 $pkgname-$pkgver/{CHANGELOG,README} -t "$pkgdir/usr/share/doc/$pkgname/" - install -vDm 644 $pkgname-$pkgver/pam_cap/capability.conf -t "$pkgdir/usr/share/doc/$pkgname/examples/" install -vDm 644 $pkgname-$pkgver/License -t "$pkgdir/usr/share/licenses/$pkgname/" + install -vDm 644 $pkgname-$pkgver/pam_cap/capability.conf -t "$pkgdir/usr/share/doc/$pkgname/examples/" } #---- arch license gpg-key & sha256sums ---- @@ -82,7 +97,7 @@ validpgpkeys=(38A644698C69787344E954CE29EE848AE2CCF3F4) # Andrew G. Morgan +# NOTE: with CGO_ENABLED we need all relevant make options in build(), check() and package() otherwise the package is not reproducible +_common_make_options=( + CGO_CPPFLAGS="$CPPFLAGS" + CGO_CFLAGS="$CFLAGS" + CGO_CXXFLAGS="$CXXFLAGS" + CGO_LDFLAGS="$LDFLAGS" + CGO_REQUIRED="1" + GOFLAGS="-buildmode=pie -mod=readonly -modcacherw" + GO_BUILD_FLAGS="-ldflags '-compressdwarf=false -linkmode=external'" +) + prepare() { - patch -Np1 -d $pkgname-$pkgver -i ../libcap-2.68-cgo_flags.patch + # ensure to use CGO_ENABLED all the way (so that we can have full RELRO) + patch -Np1 -d $pkgname-$pkgver -i ../libcap-2.69-cgo_flags.patch } build() { - export CGO_CPPFLAGS="$CPPFLAGS" - export CGO_CFLAGS="$CFLAGS" - export CGO_CXXFLAGS="$CXXFLAGS" - export CGO_LDFLAGS="$LDFLAGS" - export CGO_REQUIRED="1" - export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw" + export GOPATH="$srcdir" local make_options=( - CGO_CPPFLAGS="$CPPFLAGS" - CGO_CFLAGS="$CFLAGS" - CGO_CXXFLAGS="$CXXFLAGS" - CGO_LDFLAGS="$LDFLAGS" - CGO_REQUIRED="1" - GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw" + "${_common_make_options[@]}" DYNAMIC=yes KERNEL_HEADERS=/usr/include lib=lib @@ -66,11 +70,23 @@ build() { } check() { - make test -k -C $pkgname-$pkgver + export GOPATH="$srcdir" + + local make_options=( + "${_common_make_options[@]}" + test + -k + -C $pkgname-$pkgver + ) + + make "${make_options[@]}" } package() { + export GOPATH="$srcdir" + local make_options=( + "${_common_make_options[@]}" DESTDIR="$pkgdir" RAISE_SETFCAP=no lib=lib diff --git a/libcap/libcap-2.69-cgo_flags.patch b/libcap/libcap-2.69-cgo_flags.patch new file mode 100644 index 0000000..e21cf88 --- /dev/null +++ b/libcap/libcap-2.69-cgo_flags.patch @@ -0,0 +1,28 @@ +diff -ruN a/go/Makefile b/go/Makefile +--- a/go/Makefile 2022-10-10 01:01:27.000000000 +0200 ++++ b/go/Makefile 2024-03-19 12:33:19.217467384 +0100 +@@ -68,19 +68,19 @@ + endif + + setid: ../goapps/setid/setid.go CAPGOPACKAGE PSXGOPACKAGE +- CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $< ++ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_CPPFLAGS="$(CGO_CPPFLAGS)" CGO_CXXFLAGS="$(CGO_CXXFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) $(GOFLAGS) -mod=vendor -o $@ $< + + gowns: ../goapps/gowns/gowns.go CAPGOPACKAGE +- CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $< ++ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_CPPFLAGS="$(CGO_CPPFLAGS)" CGO_CXXFLAGS="$(CGO_CXXFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) $(GOFLAGS) -mod=vendor -o $@ $< + + captree: ../goapps/captree/captree.go CAPGOPACKAGE +- CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $< ++ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_CPPFLAGS="$(CGO_CPPFLAGS)" CGO_CXXFLAGS="$(CGO_CXXFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) $(GOFLAGS) -mod=vendor -o $@ $< + + captrace: ../goapps/captrace/captrace.go CAPGOPACKAGE +- CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $< ++ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_CPPFLAGS="$(CGO_CPPFLAGS)" CGO_CXXFLAGS="$(CGO_CXXFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) $(GOFLAGS) -mod=vendor -o $@ $< + + ok: ok.go vendor/modules.txt +- CC="$(CC)" CGO_ENABLED="0" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $< ++ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $< + + try-launching: try-launching.go CAPGOPACKAGE ok + CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $< diff --git a/man-pages/PKGBUILD b/man-pages/PKGBUILD index 9a274f6..5e03207 100644 --- a/man-pages/PKGBUILD +++ b/man-pages/PKGBUILD @@ -7,9 +7,9 @@ pkgname=man-pages #_commit=324e1d8289644e5159d43a04945df0841c45b966 # 2022-10-09 = 6.00 release -pkgver=6.06 +pkgver=6.7 _posixver=2017-a -pkgrel=02 +pkgrel=01 pkgdesc="Linux man pages" url="https://www.kernel.org/doc/man-pages/" makedepends=('man2html' 'git') @@ -64,6 +64,8 @@ license=(BSD-2-Clause GPL-1.0-or-later GPL-2.0-only GPL-2.0-or-later + LGPL-3.0-or-later + LGPL-3.0-linking-exception LicenseRef-Public-Domain LicenseRef-UltraPermissive Linux-man-pages-1-para @@ -76,11 +78,11 @@ license=(BSD-2-Clause validpgpkeys=(E522595B52EDA4E6BFCCCB5E856199113A35CE5E # Michael Kerrisk (Linux man-pages maintainer) A9348594CE31283A826FBDD8D57633D441E25BB5) # Alejandro Colomar Andres -sha256sums=(bd6f89cf26d2262567dac41d2640fc3667f240cb658079530141e372c8581928 # man-pages-6.06.tar.xz - 2195ab4fc0a25a4a6a7466528965e4e60b4a56ce839b7a25474abdb1b89ef536 # man-pages-6.06.tar.sign +sha256sums=(82403ad4bc17aadb924f68638b79d6930b2cbd551531248a7a9688779db4efb2 # man-pages-6.06.tar.xz + ea29854dac9cfbcab85669350baa219ee656735b8671225be9ffa0011473849a # man-pages-6.7.tar.sign ce67bb25b5048b20dad772e405a83f4bc70faf051afa289361c81f9660318bc3 # man-pages-posix-2017-a.tar.xz a754077b66853702059a7ae8ff520fadf42ab7484da6df991207343e8b7c5eff # man-pages-posix-2017-a.tar.sign - 07f357300beb2554c2f98e55dc57437e7dbf67917792b7cd426c9ad220c28bd1) # sha256sums + 4952c394d5db4f959406d5163dbbdcba73412c0d7d6231df3d488c0d97b8f731) # sha256sums -## 50b66dd9309739732ca8b73c2eb754a14cfbffe61043a413270f630dfdab556a man-pages-6.06-02-x86_64.pkg.tar.lz +## 55c8eabdcbdcc24467f4b748d110310db246541d74689b68c0f6f7b599558970 man-pages-6.7-01-x86_64.pkg.tar.lz diff --git a/man-pages/PKGBUILD-arch b/man-pages/PKGBUILD-arch index 035b7a2..6bad900 100644 --- a/man-pages/PKGBUILD-arch +++ b/man-pages/PKGBUILD-arch @@ -1,9 +1,9 @@ # Maintainer: Andreas Radke pkgname=man-pages -pkgver=6.06 +pkgver=6.7 _posixver=2017-a -pkgrel=2 +pkgrel=1 pkgdesc="Linux man pages" arch=('any') license=(BSD-2-Clause @@ -13,6 +13,8 @@ license=(BSD-2-Clause GPL-1.0-or-later GPL-2.0-only GPL-2.0-or-later + LGPL-3.0-or-later + LGPL-3.0-linking-exception LicenseRef-Public-Domain LicenseRef-UltraPermissive Linux-man-pages-1-para @@ -27,7 +29,7 @@ makedepends=('man2html' 'git') source=(https://www.kernel.org/pub/linux/docs/man-pages/$pkgname-$pkgver.tar.{xz,sign} https://www.kernel.org/pub/linux/docs/man-pages/man-pages-posix/$pkgname-posix-${_posixver}.tar.{xz,sign}) # https://www.kernel.org/pub/linux/docs/man-pages/sha256sums.asc -sha256sums=('bd6f89cf26d2262567dac41d2640fc3667f240cb658079530141e372c8581928' +sha256sums=('82403ad4bc17aadb924f68638b79d6930b2cbd551531248a7a9688779db4efb2' 'SKIP' 'ce67bb25b5048b20dad772e405a83f4bc70faf051afa289361c81f9660318bc3' 'SKIP') diff --git a/man-pages/deps b/man-pages/deps index 33079b2..dd64b69 100644 --- a/man-pages/deps +++ b/man-pages/deps @@ -3,3 +3,4 @@ man2html git +