commit: 56128d17913f59c876abcc02b9278c8f32081c93 Author: Hans de Graaff <graaff <AT> gentoo <DOT> org> AuthorDate: Sun Jun 1 11:13:32 2025 +0000 Commit: Hans de Graaff <graaff <AT> gentoo <DOT> org> CommitDate: Wed Jun 4 08:48:09 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56128d17
eclass/apache-2.eclass: use fcaps to set capabilities Closes: https://bugs.gentoo.org/930455 Signed-off-by: Hans de Graaff <graaff <AT> gentoo.org> eclass/apache-2.eclass | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/eclass/apache-2.eclass b/eclass/apache-2.eclass index c62d19ed6b28..5ac8b7d9fccb 100644 --- a/eclass/apache-2.eclass +++ b/eclass/apache-2.eclass @@ -13,7 +13,7 @@ # and inter-module dependency checking. LUA_COMPAT=( lua5-{1..4} ) -inherit autotools flag-o-matic lua-single multilib ssl-cert toolchain-funcs +inherit autotools fcaps flag-o-matic lua-single multilib ssl-cert toolchain-funcs [[ ${CATEGORY}/${PN} != www-servers/apache ]] \ && die "Do not use this eclass with anything else than www-servers/apache ebuilds!" @@ -640,6 +640,8 @@ apache-2_src_install() { fperms 4710 /usr/sbin/suexec # provide legacy symlink for suexec, bug 177697 dosym /usr/sbin/suexec /usr/sbin/suexec2 + else + FILECAPS=( cap_setgid,cap_setuid=ep usr/sbin/suexec ) fi fi @@ -659,6 +661,10 @@ apache-2_src_install() { # because the default webroot is a copy of the files that exist elsewhere and we # don't want them to be managed/removed by portage when apache is upgraded. apache-2_pkg_postinst() { + if use suexec && use suexec-syslog && use suexec-caps ; then + fcaps_pkg_postinst + fi + if use ssl && [[ ! -e "${EROOT}/etc/ssl/apache2/server.pem" ]]; then SSL_ORGANIZATION="${SSL_ORGANIZATION:-Apache HTTP Server}" install_cert /etc/ssl/apache2/server
