commit: 74f47d009f41cbc967f19e8154d6f804a6f21132 Author: Esteve Varela Colominas <esteve.varela <AT> gmail <DOT> com> AuthorDate: Fri Feb 27 17:17:18 2026 +0000 Commit: Esteve Varela Colominas <esteve.varela <AT> gmail <DOT> com> CommitDate: Fri Feb 27 17:18:26 2026 +0000 URL: https://gitweb.gentoo.org/repo/proj/guru.git/commit/?id=74f47d00
www-servers/copyparty: Drop vulnerable versions https://github.com/9001/copyparty/security/advisories/GHSA-62cr-6wp5-q43h Signed-off-by: Esteve Varela Colominas <esteve.varela <AT> gmail.com> www-servers/copyparty/Manifest | 2 - www-servers/copyparty/copyparty-1.20.2.ebuild | 165 ------------------------- www-servers/copyparty/copyparty-1.20.6.ebuild | 170 -------------------------- 3 files changed, 337 deletions(-) diff --git a/www-servers/copyparty/Manifest b/www-servers/copyparty/Manifest index af173358bd..292054771c 100644 --- a/www-servers/copyparty/Manifest +++ b/www-servers/copyparty/Manifest @@ -1,3 +1 @@ DIST copyparty-1.20.10.tar.gz 1744090 BLAKE2B 46079103bc4efed5b3c2a94c4f2ed0ebe3744592fd563ab936c67cc19712022deb8b7fe7fb3214b9845babcf18fe6414ac0dabe8471c30a86702e7de94b1ee37 SHA512 c7eeff99722daf3098a04caea59458f08ee3e65a59f97cc8dff3ca7358b4258349551035574b5ef5cd7d2e6c059f248c466a2c6b31f179e8dcc26b37f0d8e21b -DIST copyparty-1.20.2.tar.gz 1711250 BLAKE2B d9d74ae3f26a8797a567adc3a9e4219f8119d5ac24d9054bbd6ce027687821eb4240095d16f9be0a46d24f8eb3905fb36d3a2d0fd8c2c1feb15a0f60906a8790 SHA512 c179b49b4d2199c9bf62f3419a0176f6a2850da945cfd4360710bc961395f9b854fcaff733d0bf67201b33567b5b0bbe2932221b64032f20490407b6282e9e1c -DIST copyparty-1.20.6.tar.gz 1708724 BLAKE2B bc2b3a7cd9a7d084c6a815959e9f31be15fb64c6f7ecf9c25377f16bd7670d2aea438e910a1b8419b913a9afdeb9164ab363f182f712986a4e6a59baa24c2a8e SHA512 a235222fc9a05202d98ca047070181955cf321570128b076902d7430656e36728e6f65173cc22806321041c5edf76a0923857919f0388086c6ac23b03c32c6f4 diff --git a/www-servers/copyparty/copyparty-1.20.2.ebuild b/www-servers/copyparty/copyparty-1.20.2.ebuild deleted file mode 100644 index e9b041ff50..0000000000 --- a/www-servers/copyparty/copyparty-1.20.2.ebuild +++ /dev/null @@ -1,165 +0,0 @@ -# Copyright 2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{11..14} ) -DISTUTILS_USE_PEP517=setuptools -inherit distutils-r1 optfeature edo readme.gentoo-r1 - -DESCRIPTION="Easy-to-use, feature-packed, protable file server" -HOMEPAGE="https://github.com/9001/copyparty"; - -SRC_URI="https://github.com/9001/copyparty/releases/download/v${PV}/copyparty-${PV}.tar.gz"; - -LICENSE="MIT" # TODO: licenses of copyparty/web/deps -SLOT="0" -KEYWORDS="~amd64" -IUSE="test" -RESTRICT="!test? ( test )" - -RDEPEND=" - dev-python/jinja2[${PYTHON_USEDEP}] -" -BDEPEND=" - test? ( dev-python/strip-hints ) -" - -DISABLE_AUTOFORMATTING=y -DOC_CONTENTS="\ -# TODO: This package is unfinished and lacks some features - -- Service scripts: --- contrib/openrc/copyparty: Hardcodes /usr/local/bin, runs as root, exposes /mnt as RW (!?) --- contrib/systemd/copyparty.service: Hardcodes /usr/local/bin, runs as root, in /var/lib/copyparty --- contrib/systemd/[email protected]: Runs as an arbitrary user, in /var/lib/copyparty-jail, at boot --- contrib/systemd/copyparty-user.service: User service, runs in /var/lib/copyparty-jail -Ideally, both systemd and openrc scripts would have the same behavior. -I also think it'd be sane to default to a new user/group named copyparty, -and create /var/lib/copyparty with the correct permissions. - -- Default configuration: There's a bunch of examples, find them using: -\`find docs contrib -name '*.conf'\`. -Ideally one of these would be installed as /etc/copyparty.conf, and an -/etc/copyparty.d directory would be created. I'm not sure what would be -acceptable defaults. - -- Jailing the service with prisonparty/bubbleparty: This program is very -feature-packed, and has a decent security track record, but just has a -massive attack surface with serious repercussions. Some packages provide a -'prisonparty' service, which runs the program in a chroot. This script -hardcodes a lot of things that I'm not sure will work on gentoo, and would -need matching openrc/systemd services as well. - -# Note about TLS and certificates - -This program implements TLS natively, in order to be able to access the -WebCrypto API in browsers[1]. - -If you intend to expose it to the internet, it's advised to run it through a -reverse proxy[2], like nginx, in order to have a proper TLS implementation, and -more modern transport features. - -If that's not an option, by default, the https:// URL will use a builtin, -insecure certificate. Install app-crypt/cfssl in order to have it generate a -custom certificate. - -[1]: https://github.com/9001/copyparty/blob/2c26aecd878c185ce358f661d57612f91c21d4b1/copyparty/cert.py#L37-L43 -[2]: https://github.com/9001/copyparty#reverse-proxy - -# Bundled dependency notice - -A few 'web dependencies' are supplied in the copyparty/web/deps directory. -These are mostly things that run in the web browser, such as javascript -libraries, markdown editors, some assets such as fonts, and a sha512 function -implemented in webassembly. - -An attempt at rebuilding these was made, but the scripts required too much -patching and should be adapted upstream to be more easily buildable without -docker. Additionally, it's difficult to package npm dependencies in gentoo. -https://gist.github.com/mid-kid/cc7c0c2e1c188c8b135663d547e3dd35"; - -src_prepare() { - # Use a $TMPDIR for testing, not /dev/shm - sed -e 's/\["\/dev\/shm"[^]]*\]/[]/' \ - -i tests/util.py || die - - distutils-r1_src_prepare -} - -python_test() { - edo bash scripts/run-tests.sh python3 -} - -python_install() { - distutils-r1_python_install - - # Reuse the bundled copy of fusepy for partyfuse - # patched in scripts/deps-docker/Dockerfile (under "build fusepy") - sed -e "1a$(printf '%s\\n' \ - 'import copyparty.web.deps.fuse as fuse,sys,os' \ - 'sys.path.append(os.path.dirname(fuse.__file__))' \ - )" -i "${D}$(python_get_scriptdir)/partyfuse" || die - - # Useful utilities listed in bin/README.md - # These need to be executed inside the server's data directory - # Installed into /usr/libexec as not a single other package installs them - python_scriptinto /usr/libexec/copyparty - python_doscript bin/partyjournal.py bin/dbtool.py -} - -src_install() { - distutils-r1_src_install - readme.gentoo_create_doc - - # Not all of the documentation is useful, but it's hard to filter, - # and plenty of it is quite useful. - dodoc -r docs contrib - - # These additional scripts can be used through command-line flags or - # configuration files, so it makes sense to put them in a predictable - # location. A few of these will require customization, the user should - # copy them to /etc. - insinto /usr/share/copyparty - doins -r bin/handlers bin/hooks bin/mtag - - # Every other package seems to install this, but it needs a service script, - # as well as proper creation of the jail + testing. - #newbin bin/prisonparty.sh prisonparty - - # Bubbleparty seems more reasonable, yet I don't see this included in other - # packages. Would need an optional sys-apps/bubblewrap dependency. - #newbin bin/bubbleparty.sh bubbleparty - - # Skipped tools: - # - bin/partyfuse-streaming.py: Doc tells me this doesn't exist - # - bin/partyfuse2.py: The regular partyfuse.py is better supported - # - bin/unforget.py: Not listed in README.md, questionable utility - # - bin/zmq-recv.py: Not listed in README.md, questionable utility -} - -pkg_postinst() { - # Optfeature descriptions from copyparty/svchub.py:SvcHub._feature_test() - optfeature "sessions and file/media indexing" dev-lang/python[sqlite] - optfeature "image thumbnails (plenty fast)" dev-python/pillow - #optfeature "image thumbnails (faster, eats more ram)" vips # pyvips not packaged (yet) - optfeature "create thumbnails as webp files" dev-python/pillow[webp] - optfeature "transcode audio, create spectrograms, video thumbnails, \ -good-but-slow image thumbnails, read audio/media tags" media-video/ffmpeg - optfeature "read audio tags (ffprobe is better but slower)" media-libs/mutagen - optfeature "secure password hashing (advanced users only)" dev-python/argon2-cffi - optfeature "send zeromq messages from event-hooks" dev-python/pyzmq - optfeature "read .heif images with pillow (rarely useful)" dev-python/pillow-heif - optfeature "read .avif images with pillow (rarely useful)" dev-python/pillow[avif] - #optfeature "read RAW images" rawpy # rawpy not packaged (yet) - - # Optfeatures from pyproject.toml:project.optional-dependencies not listed above - optfeature "sftp protocol support" dev-python/paramiko - optfeature "ftp protocol support" dev-python/pyftpdlib - optfeature "ftps protocol support" "dev-python/pyftpdlib dev-python/pyopenssl" - #optfeature "tftp protocol support" partftpy # partftpy not packaged (yet) - - # Additional programs not detected above - optfeature "automatically generate SSL certificate at startup" app-crypt/cfssl - optfeature "scrypt password hashing" dev-lang/python[ssl] # hashlib.scrypt() -} diff --git a/www-servers/copyparty/copyparty-1.20.6.ebuild b/www-servers/copyparty/copyparty-1.20.6.ebuild deleted file mode 100644 index a90f74588d..0000000000 --- a/www-servers/copyparty/copyparty-1.20.6.ebuild +++ /dev/null @@ -1,170 +0,0 @@ -# Copyright 2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{11..14} ) -DISTUTILS_USE_PEP517=setuptools -inherit distutils-r1 optfeature edo readme.gentoo-r1 - -DESCRIPTION="Easy-to-use, feature-packed, protable file server" -HOMEPAGE="https://github.com/9001/copyparty"; - -SRC_URI="https://github.com/9001/copyparty/releases/download/v${PV}/copyparty-${PV}.tar.gz"; - -LICENSE="MIT" # TODO: licenses of copyparty/web/deps -SLOT="0" -KEYWORDS="~amd64" -IUSE="test" -RESTRICT="!test? ( test )" - -RDEPEND=" - dev-python/jinja2[${PYTHON_USEDEP}] -" -BDEPEND=" - test? ( dev-python/strip-hints ) -" - -DISABLE_AUTOFORMATTING=y -DOC_CONTENTS="\ -# TODO: This package is unfinished and lacks some features - -- Missing service scripts: --- OpenRC system service running as different user/group (default to copyparty) --- Systemd system service running as different user/group (default to copyparty) --- Systemd user service - -- Existing upstream service scripts: --- contrib/openrc/copyparty: Hardcodes /usr/local/bin, runs as root, exposes /mnt as RW (!?) --- contrib/systemd/copyparty.service: Hardcodes /usr/local/bin, runs as root, in /var/lib/copyparty --- contrib/systemd/[email protected]: Runs as an arbitrary user, in /var/lib/copyparty-jail, at boot --- contrib/systemd/copyparty-user.service: User service, runs in /var/lib/copyparty-jail - -- Default configuration: There's a bunch of examples, find them using: -\`find docs contrib -name '*.conf'\`. -Ideally one of these would be installed as /etc/copyparty.conf, and an -/etc/copyparty.d directory would be created. I'm not sure what would be -acceptable defaults. - -- Jailing the service with prisonparty/bubbleparty: This program is very -feature-packed, and has a decent security track record, but just has a -massive attack surface with serious repercussions. Some packages provide a -'prisonparty' service, which runs the program in a chroot. This script -hardcodes a lot of things that I'm not sure will work on gentoo, and would -need matching openrc/systemd services as well. - -# Note about TLS and certificates - -This program implements TLS natively, in order to be able to access the -WebCrypto API in browsers[1]. - -If you intend to expose it to the internet, it's advised to run it through a -reverse proxy[2], like nginx, in order to have a proper TLS implementation, and -more modern transport features. - -If that's not an option, by default, the https:// URL will use a builtin, -insecure certificate. Install app-crypt/cfssl in order to have it generate a -custom certificate. - -[1]: https://github.com/9001/copyparty/blob/2c26aecd878c185ce358f661d57612f91c21d4b1/copyparty/cert.py#L37-L43 -[2]: https://github.com/9001/copyparty#reverse-proxy - -# Bundled dependency notice - -A few 'web dependencies' are supplied in the copyparty/web/deps directory. -These are mostly things that run in the web browser, such as javascript -libraries, markdown editors, some assets such as fonts, and a sha512 function -implemented in webassembly. - -An attempt at rebuilding these was made, but the scripts required too much -patching and should be adapted upstream to be more easily buildable without -docker. Additionally, it's difficult to package npm dependencies in gentoo. -https://gist.github.com/mid-kid/cc7c0c2e1c188c8b135663d547e3dd35"; - -src_prepare() { - # Use a $TMPDIR for testing, not /dev/shm - sed -e 's/\["\/dev\/shm"[^]]*\]/[]/' \ - -i tests/util.py || die - - distutils-r1_src_prepare -} - -python_test() { - edo bash scripts/run-tests.sh python3 -} - -python_install() { - distutils-r1_python_install - - # Reuse the bundled copy of fusepy for partyfuse - # patched in scripts/deps-docker/Dockerfile (under "build fusepy") - sed -e "1a$(printf '%s\\n' \ - 'import copyparty.web.deps.fuse as fuse,sys,os' \ - 'sys.path.append(os.path.dirname(fuse.__file__))' \ - )" -i "${D}$(python_get_scriptdir)/partyfuse" || die - - # Useful utilities listed in bin/README.md - # These need to be executed inside the server's data directory - # Installed into /usr/libexec as not a single other package installs them - python_scriptinto /usr/libexec/copyparty - python_doscript bin/partyjournal.py bin/dbtool.py -} - -src_install() { - distutils-r1_src_install - readme.gentoo_create_doc - - exeinto /etc/user/init.d - newexe "${FILESDIR}/copyparty-user.initd" copyparty - - # Not all of the documentation is useful, but it's hard to filter, - # and plenty of it is quite useful. - dodoc -r docs contrib - - # These additional scripts can be used through command-line flags or - # configuration files, so it makes sense to put them in a predictable - # location. A few of these will require customization, the user should - # copy them to /etc. - insinto /usr/share/copyparty - doins -r bin/handlers bin/hooks bin/mtag - - # Every other package seems to install this, but it needs a service script, - # as well as proper creation of the jail + testing. - #newbin bin/prisonparty.sh prisonparty - - # Bubbleparty seems more reasonable, yet I don't see this included in other - # packages. Would need an optional sys-apps/bubblewrap dependency. - #newbin bin/bubbleparty.sh bubbleparty - - # Skipped tools: - # - bin/partyfuse-streaming.py: Doc tells me this doesn't exist - # - bin/partyfuse2.py: The regular partyfuse.py is better supported - # - bin/unforget.py: Not listed in README.md, questionable utility - # - bin/zmq-recv.py: Not listed in README.md, questionable utility -} - -pkg_postinst() { - # Optfeature descriptions from copyparty/svchub.py:SvcHub._feature_test() - optfeature "sessions and file/media indexing" dev-lang/python[sqlite] - optfeature "image thumbnails (plenty fast)" dev-python/pillow - #optfeature "image thumbnails (faster, eats more ram)" vips # pyvips not packaged (yet) - optfeature "create thumbnails as webp files" dev-python/pillow[webp] - optfeature "transcode audio, create spectrograms, video thumbnails, \ -good-but-slow image thumbnails, read audio/media tags" media-video/ffmpeg - optfeature "read audio tags (ffprobe is better but slower)" media-libs/mutagen - optfeature "secure password hashing (advanced users only)" dev-python/argon2-cffi - optfeature "send zeromq messages from event-hooks" dev-python/pyzmq - optfeature "read .heif images with pillow (rarely useful)" dev-python/pillow-heif - optfeature "read .avif images with pillow (rarely useful)" dev-python/pillow[avif] - #optfeature "read RAW images" rawpy # rawpy not packaged (yet) - - # Optfeatures from pyproject.toml:project.optional-dependencies not listed above - optfeature "sftp protocol support" dev-python/paramiko - optfeature "ftp protocol support" dev-python/pyftpdlib - optfeature "ftps protocol support" "dev-python/pyftpdlib dev-python/pyopenssl" - #optfeature "tftp protocol support" partftpy # partftpy not packaged (yet) - - # Additional programs not detected above - optfeature "automatically generate SSL certificate at startup" app-crypt/cfssl - optfeature "scrypt password hashing" dev-lang/python[ssl] # hashlib.scrypt() -}
