Similar to suid binaries, abuild will now error out if the package
includes binaries with setcap(8) capabilities but doesn't have `setcap`
in `$options`. This eases identifying package which ship binaries
with extra capabilities.
Furthermore, if these binaries are executable by others a warning is
emitted. This warning could be changed to an error in the future.
The recommendation is to make such binaries only executable by owner
and group, thereby requiring the system administrator to explicitly
add users to a specific group in order to give them accesses to these
capabilities.
See: https://gitlab.alpinelinux.org/alpine/tsc/-/issues/45
Discussion: This change requires abuild to depend on the `libcap`
package for the `getcap` binary. It does not seem to be possible
at the moment to use scanelf(1) to identify these binaries.
Packages installing python3 site packages for python3 in version 3.x.y
depend on python3~3.x. This automatically adds the required
dependencies.
Unit test cases have been added by reusing the `py3-foo-and-bar` test
package. However, the path of that has been renamed to contain spaces
to be extra sure the logic is safe in regrade to spaces in path
names.
This reverts commit 489fc06e405ca8301d4f7a3e967572ceec93e24a.
this needs way more thought to work, see
32f314f8076d509bd4c541b1d250b3744947867f in aports
we should probably just create *-pyc splits instead. these
won't reduce mirror size, but at least allow easily uninstalling the cache.
use a fake openssl for abuild-keykey and pre-generate the abuild keys.
This makes tests run significantly faster as we dont need to generate
new keys for each abuild-keygen test.
abump sources the APKBUILD to be able to check some variables. When the
APKBUILD exports variables in the global scope, that affects the abump
environment as well.
When abump then executes abuild, it will inherrit the environment from
abump. This is an issue under the following circumstances:
* The APKBUILD only updates the value of an exported variable if it's
not set
* The default value includes a variable set by abuild, like `$srcdir`.
Because the variable is set by abuild, but not abump, the resulting
exported variable is different. Because it's then set incorrectly in the
abump environment, it's no longer updated with the correct variable when
abuild is invoked.
