commit: 4af5eb5ed970584d3f80489659f74c5623042695
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 7 18:10:39 2025 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Aug 14 16:27:41 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4af5eb5e
fcaps.eclass: handle FCAPS_DENY_WORLD_READ via a separate chmod call
This simplifies the logic needed to apply the ebuild-supplied mode.
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
eclass/fcaps.eclass | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/eclass/fcaps.eclass b/eclass/fcaps.eclass
index 5cb781a7a75d..884b3c63c5f9 100644
--- a/eclass/fcaps.eclass
+++ b/eclass/fcaps.eclass
@@ -1,4 +1,4 @@
-# Copyright 1999-2024 Gentoo Authors
+# Copyright 1999-2025 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# @ECLASS: fcaps.eclass
@@ -105,11 +105,6 @@ fcaps() {
local mode=u+s
local caps_mode=
- if [[ -n ${FCAPS_DENY_WORLD_READ} ]]; then
- mode=u+s,go-r
- caps_mode=go-r
- fi
-
while [[ $# -gt 0 ]] ; do
case $1 in
-o) owner=$2; shift;;
@@ -143,12 +138,16 @@ fcaps() {
for file ; do
[[ ${file} != /* ]] && file="${root}/${file}"
+ # Remove the read bits if requested.
+ if [[ -n ${FCAPS_DENY_WORLD_READ} ]]; then
+ chmod go-r "${file}" || die
+ fi
+
if use filecaps ; then
# Try to set capabilities. Ignore errors when the
# fs doesn't support it, but abort on all others.
debug-print "${FUNCNAME}: setting caps '${caps}' on
'${file}'"
- # Remove the read bits if requested.
if [[ -n ${caps_mode} ]]; then
chmod ${caps_mode} "${file}" || die
fi
