The setfattr/getfattr commands were not guaranteed to be available and
abuild wouldn't properly error when they are not. That may cause some
hidden issues.
Changing the code to not need setfattr/getfattr like it is done in
default_dbg ([3ad93d9a83]) and pacman mkpkg ([pacman@88d054093c1]).
The code works by first writing the stripped output into a temporary file
and then replace the contents of the already existing file without changing
any file metadata.
[3ad93d9a83]: 3ad93d9a83
[pacman@88d054093c1]: 88d054093c
the '@' characted serves as a repository separator (eg. pkg@repo) so we
should not add a cmd: provides for binaries having this character.
This avoids conflicts with for example `who` from coreutils and `who@`
from ucspi-tpc6.
fixes https://gitlab.alpinelinux.org/alpine/abuild/-/issues/10074
This is mainly needed for alpine-baselayout which creates all
directories, and most of them are empty. The code in question
would remove directories we explicitly want alpine-baselayout
to create and own.
Similar to suid binaries, abuild will now error out if the package
includes binaries with setcap(8) capabilities but doesn't have `setcap`
in `$options`. This eases identifying package which ship binaries
with extra capabilities.
Furthermore, if these binaries are executable by others a warning is
emitted. This warning could be changed to an error in the future.
The recommendation is to make such binaries only executable by owner
and group, thereby requiring the system administrator to explicitly
add users to a specific group in order to give them accesses to these
capabilities.
See: https://gitlab.alpinelinux.org/alpine/tsc/-/issues/45
Discussion: This change requires abuild to depend on the `libcap`
package for the `getcap` binary. It does not seem to be possible
at the moment to use scanelf(1) to identify these binaries.
Packages installing python3 site packages for python3 in version 3.x.y
depend on python3~3.x. This automatically adds the required
dependencies.
Unit test cases have been added by reusing the `py3-foo-and-bar` test
package. However, the path of that has been renamed to contain spaces
to be extra sure the logic is safe in regrade to spaces in path
names.
This reverts commit 489fc06e40.
this needs way more thought to work, see
32f314f8076d509bd4c541b1d250b3744947867f in aports
we should probably just create *-pyc splits instead. these
won't reduce mirror size, but at least allow easily uninstalling the cache.