gentoo resync : 25.04.2020

1 files changed, 33 insertions, 66 deletions

diff --git a/eclass/fcaps.eclass b/eclass/fcaps.eclass
index 0bb23f8cca70..4bef00d40ac7 100644
--- a/eclass/fcaps.eclass
+++ b/eclass/fcaps.eclass
@@ -33,10 +33,15 @@ _FCAPS_ECLASS=1
 
 IUSE="+filecaps"
 
-# We can't use libcap-ng atm due to #471414.
+# Since it is needed in pkg_postinst() it must be in RDEPEND
 case "${EAPI:-0}" in
-	[0-6]) DEPEND="filecaps? ( sys-libs/libcap )" ;;
-	*) BDEPEND="filecaps? ( sys-libs/libcap )" ;;
+	[0-6])
+		RDEPEND="filecaps? ( sys-libs/libcap )"
+	;;
+	*)
+		BDEPEND="filecaps? ( sys-libs/libcap )"
+		RDEPEND="${BDEPEND}"
+	;;
 esac
 
 # @ECLASS-VARIABLE: FILECAPS
@@ -134,69 +139,31 @@ fcaps() {
 			# by people.
 			chmod ${caps_mode} "${file}" || die
 
-			# Set/verify funcs for sys-libs/libcap.
-			_libcap()        { setcap "${caps}" "${file}" ; }
-			_libcap_verify() { setcap -v "${caps}" "${file}" >/dev/null ; }
-
-			# Set/verify funcs for sys-libs/libcap-ng.
-			# Note: filecap only supports =ep mode.
-			# It also expects a different form:
-			#  setcap cap_foo,cap_bar
-			#  filecap foo bar
-			_libcap_ng() {
-				local caps=",${caps%=ep}"
-				filecap "${file}" "${caps//,cap_}"
-			}
-			_libcap_ng_verify() {
-				# libcap-ng has a crappy interface
-				local rcaps icaps caps=",${caps%=ep}"
-				rcaps=$(filecap "${file}" | \
-					sed -nr \
-						-e "s:^.{${#file}} +::" \
-						-e 's:, +:\n:g' \
-						-e 2p | \
-					LC_ALL=C sort)
-				[[ ${PIPESTATUS[0]} -eq 0 ]] || return 1
-				icaps=$(echo "${caps//,cap_}" | LC_ALL=C sort)
-				[[ ${rcaps} == ${icaps} ]]
-			}
-
-			local out cmd notfound=0
-			for cmd in _libcap _libcap_ng ; do
-				if ! out=$(LC_ALL=C ${cmd} 2>&1) ; then
-					case ${out} in
-					*"command not found"*)
-						: $(( ++notfound ))
-						continue
-						;;
-					# ENOTSUP and EOPNOTSUPP might be the same value which means
-					# strerror() on them is unstable -- we can get both. #559608
-					*"Not supported"*|\
-					*"Operation not supported"*)
-						local fstype=$(stat -f -c %T "${file}")
-						ewarn "Could not set caps on '${file}' due to missing filesystem support:"
-						ewarn "* enable XATTR support for '${fstype}' in your kernel (if configurable)"
-						ewarn "* mount the fs with the user_xattr option (if not the default)"
-						ewarn "* enable the relevant FS_SECURITY option (if configurable)"
-						break
-						;;
-					*)
-						eerror "Setting caps '${caps}' on file '${file}' failed:"
-						eerror "${out}"
-						die "could not set caps"
-						;;
-					esac
-				else
-					# Sanity check that everything took.
-					${cmd}_verify || die "Checking caps '${caps}' on '${file}' failed"
-
-					# Everything worked.  Move on to the next file.
-					continue 2
-				fi
-			done
-			if [[ ${notfound} -eq 2 ]] && [[ -z ${_FCAPS_WARNED} ]] ; then
-				_FCAPS_WARNED="true"
-				ewarn "Could not find cap utils; make sure libcap or libcap-ng is available."
+			if ! out=$(LC_ALL=C setcap "${caps}" "${file}" 2>&1) ; then
+				case ${out} in
+				# ENOTSUP and EOPNOTSUPP might be the same value which means
+				# strerror() on them is unstable -- we can get both. #559608
+				*"Not supported"*|\
+				*"Operation not supported"*)
+					local fstype=$(stat -f -c %T "${file}")
+					ewarn "Could not set caps on '${file}' due to missing filesystem support:"
+					ewarn "* enable XATTR support for '${fstype}' in your kernel (if configurable)"
+					ewarn "* mount the fs with the user_xattr option (if not the default)"
+					ewarn "* enable the relevant FS_SECURITY option (if configurable)"
+					;;
+				*)
+					eerror "Setting caps '${caps}' on file '${file}' failed:"
+					eerror "${out}"
+					die "could not set caps"
+					;;
+				esac
+			else
+				# Sanity check that everything took.
+				setcap -v "${caps}" "${file}" >/dev/null \
+					|| die "Checking caps '${caps}' on '${file}' failed"
+
+				# Everything worked.  Move on to the next file.
+				continue
 			fi
 		fi