commit: d3b86af995bc63762e1670af291b3f8e93518114 Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> AuthorDate: Mon Nov 24 20:17:29 2025 +0000 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> CommitDate: Tue Nov 25 19:10:20 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d3b86af9
app-misc/beep: replace fcaps with a udev rule Giving 'beep' CAP_DAC_OVERRIDE just side-steps the security checks added by upstream. Follow their advice and use udev rules instead. https://github.com/spkr-beep/beep/blob/v1.4.12/PERMISSIONS.md Bug: https://bugs.gentoo.org/716734 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> app-misc/beep/beep-1.4.12-r3.ebuild | 56 ++++++++++++++++++++++++++++++++ app-misc/beep/files/70-pcspkr-beep.rules | 2 ++ app-misc/beep/files/90-pcspkr-beep.rules | 2 ++ 3 files changed, 60 insertions(+) diff --git a/app-misc/beep/beep-1.4.12-r3.ebuild b/app-misc/beep/beep-1.4.12-r3.ebuild new file mode 100644 index 000000000000..0db2ce16d955 --- /dev/null +++ b/app-misc/beep/beep-1.4.12-r3.ebuild @@ -0,0 +1,56 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit toolchain-funcs udev + +DESCRIPTION="Advanced PC speaker beeper" +HOMEPAGE="https://github.com/spkr-beep/beep"; +SRC_URI="https://github.com/spkr-beep/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86" + +# Tests require a speaker +RESTRICT="test" + +RDEPEND=" + acct-group/beep +" + +PATCHES=( "${FILESDIR}"/${P}-avoid-cref-linker-option.patch ) + +src_prepare() { + default + + cat <<-EOF > local.mk || die + CC=$(tc-getCC) + CFLAGS=${CFLAGS} + CPPFLAGS=${CPPFLAGS} + LDFLAGS=${LDFLAGS} + EOF + + sed -i \ + -e "s#-D_FORTIFY_SOURCE=2##g;" \ + -e '/\-Werror)/d' \ + GNUmakefile || die +} + +src_install() { + dobin beep + doman ${PN}.1 + dodoc CREDITS.md DEVELOPMENT.md NEWS.md PERMISSIONS.md README.md + udev_dorules "${FILESDIR}"/{70,90}-pcspkr-beep.rules +} + +pkg_postinst() { + udev_reload + elog "Access to the PC speaker is now controlled by the 'beep' group." + elog "Local logins are also granted access via logind." +} + +pkg_postrm() { + udev_reload +} diff --git a/app-misc/beep/files/70-pcspkr-beep.rules b/app-misc/beep/files/70-pcspkr-beep.rules new file mode 100644 index 000000000000..ef31672b6036 --- /dev/null +++ b/app-misc/beep/files/70-pcspkr-beep.rules @@ -0,0 +1,2 @@ +# Give write access to the PC speaker to the user logged in on the current virtual console +ACTION=="add", SUBSYSTEM=="input", ATTRS{name}=="PC Speaker", ENV{DEVNAME}!="", TAG+="uaccess" diff --git a/app-misc/beep/files/90-pcspkr-beep.rules b/app-misc/beep/files/90-pcspkr-beep.rules new file mode 100644 index 000000000000..0d2b0a8e3bfc --- /dev/null +++ b/app-misc/beep/files/90-pcspkr-beep.rules @@ -0,0 +1,2 @@ +# Give write access to the PC speaker only to the "beep" group +ACTION=="add", SUBSYSTEM=="input", ATTRS{name}=="PC Speaker", ENV{DEVNAME}!="", GROUP="beep", MODE="0620"
