[SCM] libdvd-pkg/master: drop most capabilities(7) before build
onlyjob at users.alioth.debian.org
onlyjob at users.alioth.debian.org
Sun Jun 30 17:15:58 UTC 2013
The following commit has been merged in the master branch:
commit 3fe5a082657493a10f6b231238d34bf0d7012ac1
Author: Dmitry Smirnov <onlyjob at member.fsf.org>
Date: Sat Jun 29 14:04:22 2013 +1000
drop most capabilities(7) before build
diff --git a/debian/b-i_libdvdcss.sh b/debian/b-i_libdvdcss.sh
index 4097491..5a94e82 100755
--- a/debian/b-i_libdvdcss.sh
+++ b/debian/b-i_libdvdcss.sh
@@ -81,7 +81,10 @@ perl -pi -e "s{^Depends:\K}{ ${PKGI}, }mg" debian/control
## building package
echo "${PKGI}: Building the package..."
-dpkg-buildpackage -b -uc
+CAPSH=$(which capsh) \
+&& ${CAPSH} --secbits=0x14 --drop=cap_dac_read_search,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog-ep --print \
+ -- -c 'dpkg-buildpackage -b -uc' \
+|| dpkg-buildpackage -b -uc
## installing
echo "${PKGI}: Installing..."
diff --git a/debian/control b/debian/control
index 240538c..342ca78 100644
--- a/debian/control
+++ b/debian/control
@@ -13,7 +13,7 @@ Architecture: all
Provides: ${guest:Provides}
Depends: ${misc:Depends} ,build-essential
,${guest:Build-Depends}
-Recommends: ${guest:Recommends}
+Recommends: ${guest:Recommends} ,libcap2-bin
Suggests: ${guest:Suggests}
Description: download and install software necessary to play video DVDs
This package fetches, compiles from source code and installs library
--
libdvdcss-pkg packaging
More information about the pkg-multimedia-commits
mailing list