Bug 228878

Summary: exp run request: removal of deprecated sys/capability.h header
Product: Ports & Packages Reporter: Eitan Adler <eadler>
Component: Ports FrameworkAssignee: Port Management Team <portmgr>
Status: Closed FIXED    
Severity: Affects Only Me CC: emaste, pi
Priority: --- Flags: eadler: exp-run?
Version: Latest   
Hardware: Any   
OS: Any   
Bug Depends on: 233007, 233008, 233026, 233090, 233091, 233092, 233169    
Bug Blocks:    
Attachments:
Description Flags
remove header none

Description Eitan Adler freebsd_committer freebsd_triage 2018-06-10 19:18:27 UTC
Created attachment 194139 [details]
remove header

This is a request for an exp-run for the attached diff which removes the sys/capability.h header.
Comment 1 Antoine Brodin freebsd_committer 2018-06-10 19:30:03 UTC
Please provide a patch for all the ports that support sandboxing too.
Comment 2 Eitan Adler freebsd_committer freebsd_triage 2018-06-10 19:33:26 UTC
As far as I could tell from grepping my copies of distfiles (which was done before the original commit) most ports already already include the correct header.

A few that don't already have appropriate patching: ftp/vsftpd/files/patch-sysdeputil.c x11/nvidia-driver/Makefile

I did find one port which did not: but only due to a local patch: net/ngrep/files/patch-ngrep.c

Would you be willing to try and an exp-run with the warning replaced with an #error, and I'll then patch any failing ports?
Comment 3 Eitan Adler freebsd_committer freebsd_triage 2018-06-10 19:34:50 UTC
I meant multimedia/linux_dvbwrapper-kmod/files/patch-linux__dvbwrapper.c, not ftp/vsftpd/files/patch-sysdeputil.c
Comment 4 Antoine Brodin freebsd_committer 2018-06-10 19:52:04 UTC
some examples: ports-mgmt/pkg , net/tcpdump, devel/py-pycapsicum
Comment 5 Eitan Adler freebsd_committer freebsd_triage 2018-06-10 20:04:45 UTC
Of those: 
pkg: includes the correct header: 
py-pycapsicum: not in my original set: includes the correct header based on OSVERSION

net/tcpdump: this one looks like a real issue: it would have failed to compile, but not silently ignored the problem.

Would you be willing to try and an exp-run with the warning replaced with an #error, and I'll then patch any failing ports?
Comment 6 Antoine Brodin freebsd_committer 2018-06-10 20:07:57 UTC
(In reply to Eitan Adler from comment #5)

pkg doesn't include the correct header:

work/pkg-1.10.5/libpkg/ssh.c:#include <sys/capability.h>
work/pkg-1.10.5/src/info.c:#include <sys/capability.h>
work/pkg-1.10.5/src/clean.c:#include <sys/capability.h>
work/pkg-1.10.5/src/event.c:#include <sys/capability.h>
work/pkg-1.10.5/src/audit.c:#include <sys/capability.h>
work/pkg-1.10.5/src/updating.c:#include <sys/capability.h>
work/pkg-1.10.5/src/upgrade.c:#include <sys/capability.h>
work/pkg-1.10.5/src/ssh.c:#include <sys/capability.h>

py-pycapsicum doesn't include the correct header, OSVERSION doesn't exist

A #error won't work, it will break all ports that expect the posix one.
Comment 7 Eitan Adler freebsd_committer freebsd_triage 2018-06-10 20:10:33 UTC
Ah. I had pkg-devel installed. Sorry.
Alright, I guess this header will live forever.
Comment 8 Antoine Brodin freebsd_committer 2018-11-05 23:25:32 UTC
Reopen
Comment 9 Ed Maste freebsd_committer 2018-11-05 23:53:50 UTC
(In reply to Antoine Brodin from comment #6)
> A #error won't work, it will break all ports that expect the posix one.

These are broken today though, so it would be useful to identify them as well.
Comment 10 Ed Maste freebsd_committer 2018-11-06 00:00:17 UTC
py-pycapsicum change in https://github.com/stillson/pycapsicum2/pull/3
Comment 11 Ed Maste freebsd_committer 2018-11-06 14:08:31 UTC
Via Debian Code Search, Debian packages that contain the string <sys/capability.h>:

alfred
alljoyn-core-1504
alljoyn-core-1509
alljoyn-core-1604
android-framework-23
android-platform-external-libselinux
android-platform-frameworks-base
android-platform-frameworks-native
android-platform-libcore
android-platform-system-core
android-tools
arping
asterisk
autodir
avahi
bacula
bareos
bind9
bluez
bubblewrap
cacti-spine
cadvisor
cdrkit
chromium-browser
chrony
cifs-utils
clsync
collectd
commons-daemon
coreutils
criu
cvsd
cyrus-imapd
dar
diod
dnscrypt-proxy
dovecot
fakeroot
fastd
flatpak
freebsd-buildutils
freebsd-glue
freeradius
gcc-8
gcc-snapshot
gitlab-shell
glibc
gnulib
gnupg1
golang-golang-x-sys
golang-gopkg-hlandau-svcutils.v1
grub2
gstreamer1.0
gvfs
heimdal
hercules
hhvm
iproute2
iputils
jack-audio-connection-kit
kfreebsd-10
kfreebsd-kernel-headers
kinit
kismet
klibc
kodi
kwin
ladvd
ldb
libapache2-mod-ruid2
libcap2
libexplain
libgcrypt20
libguestfs
liblinux-prctl-perl
libteam
libzorpll
limba
linux
lua-ljsyscall
mcstrans
miredo
mitmproxy
mpm-itk
mtr
mumble
muse
ncrack
netdata
nfs-ganesha
ntdb
ntopng
ntp
ntpsec
openscap
openssh
openssh-ssh1
pax-utils
pinentry
procenv
proftpd-dfsg
proxsmtp
pulseaudio
pure-ftpd
python-oslo.privsep
python-prctl
qemu
qtwebengine-opensource-src
quagga
resource-agents
rlinetd
rpm
rtkit
samba
samhain
smcroute
snapd
squid
sshguard
sslh
stress-ng
strongswan
systemd
tcpcrypt
tcpdump
tdb
terminatorx
tevent
tor
trafficserver
ufsutils
ui-utilcpp
umview
util-vserver
uwsgi
vdr
vdr-plugin-xineliboutput
vsftpd
wavemon
wireshark
wpa
zfsutils
zorp
zsh
Comment 12 commit-hook freebsd_committer 2018-11-09 17:59:45 UTC
A commit references this bug:

Author: emaste
Date: Fri Nov  9 17:59:27 UTC 2018
New revision: 340291
URL: https://svnweb.freebsd.org/changeset/base/340291

Log:
  MFC r340171: capability.h: add comment about planned removal timeline

  PR:		228878

Changes:
_U  stable/11/
  stable/11/sys/sys/capability.h
Comment 13 Ed Maste freebsd_committer 2018-11-09 18:26:37 UTC
(Continuing to use Debian's package search tools as we don't have indexing/search for the ports tree.)

I looked at Debian packages that have both <sys/capability.h> and cap_enter with results as follows:

Debian packages which do not appear to have a FreeBSD equivalent:

cadvisor
freebsd-buildutils
freebsd-glue
glibc
kfreebsd-10
lua-ljsyscall
openssh-ssh1

Packages which include deprecated sys/capability.h header (and now have a PR):

dnscrypt-proxy (dnscrypt-proxy2)
gitlab-shell
golang-golang-x-sys (lang/go)

Packages which include sys/capability.h expecting the Linux one:

mumble
qemu

Packages with no issue (e.g. have version-specific includes, check for both capsicum.h and capability.h, ports is patched and patch submitted upstream, etc.):

openssh
sshguard
tcpdump
Comment 14 Antoine Brodin freebsd_committer 2018-11-09 19:30:38 UTC
Here are the ports for which the "this file includes <sys/capability.h> which is deprecated" warning appears in the build log:

databases/ldb
databases/ldb12
databases/ldb13
databases/ntdb
databases/tdb
devel/libexplain
devel/py-pycapsicum
devel/talloc
devel/tevent
emulators/hercules
ftp/vsftpd-ext
net-mgmt/wmi-client
net/arping
net/miredo
net/samba46
net/samba47
net/samba48
net/tcpdump
ports-mgmt/pkg
security/fakeroot
security/sshguard
security/tor
security/tor-devel
shells/jailkit
sysutils/dar
sysutils/procenv
www/kcgi
www/mohawk
Comment 15 Ed Maste freebsd_committer 2018-11-09 22:16:45 UTC
These ones are being handled (have a PR, fix, etc.):
devel/py-pycapsicum
net/tcpdump
ports-mgmt/pkg
security/sshguard
sysutils/procenv

These are non-issues (looking for the Linux header)
databases/ldb
databases/ldb12
databases/ldb13

I did not investigate these:
net/samba46
net/samba47
net/samba48
databases/ntdb
databases/tdb
devel/libexplain
devel/talloc
devel/tevent
emulators/hercules
ftp/vsftpd-ext
net-mgmt/wmi-client
net/arping
net/miredo
security/fakeroot
security/tor
security/tor-devel
shells/jailkit
sysutils/dar
www/kcgi
www/mohawk
Comment 16 Ed Maste freebsd_committer 2018-11-12 16:11:16 UTC
OK (wants Linux headers):
databases/ntdb
databases/tdb
devel/libexplain
devel/talloc
devel/tevent
emulators/hercules
ftp/vsftpd-ext
net-mgmt/wmi-client
net/arping
net/miredo
net/samba46
net/samba47
net/samba48
security/fakeroot
security/tor
security/tor-devel
shells/jailkit
sysutils/dar

OK (has __FreeBSD_version test or equivalent):
www/mohawk

Needs a fix:
www/kcgi
Comment 17 commit-hook freebsd_committer 2018-11-18 14:59:01 UTC
A commit references this bug:

Author: emaste
Date: Sun Nov 18 14:58:02 UTC 2018
New revision: 340586
URL: https://svnweb.freebsd.org/changeset/base/340586

Log:
  MFC r340171: capability.h: add comment about planned removal timeline

  PR:	228878

Changes:
_U  stable/12/
  stable/12/sys/sys/capability.h
Comment 18 Ed Maste freebsd_committer 2019-02-25 18:16:31 UTC
devel/py-pycapsicum - upstream patch submitted
net/tcpdump - addressed by r484310
ports-mgmt/pkg - committed upstream but not yet in a release
security/sshguard - OK, checks for capsicum.h and capability.h
sysutils/procenv - capsicum.h patch added in r490132
www/kcgi - capsicum.h patch added in r484808
Comment 19 commit-hook freebsd_committer 2019-06-18 14:14:11 UTC
A commit references this bug:

Author: emaste
Date: Tue Jun 18 14:13:52 UTC 2019
New revision: 349170
URL: https://svnweb.freebsd.org/changeset/base/349170

Log:
  Remove sys/capability.h for the third time

  In all supported (and most unsupported) FreeBSD versions the appropriate
  header for Capsicum is sys/capsicum.h.  Software including sys/capability.h
  is most likely looking for Linux capabilities based on the withdrawn
  POSIX.1e draft.

  This header was previously removed in r334929 and r340156, but reverted
  each time due to ports failures.  These issues have now (broadly) been
  addressed.

  PR:		228878 [exp-run]
  Submitted by:	eadler (r334929)
  Relnotes:	Yes
  Sponsored by:	The FreeBSD Foundation

Changes:
  head/ObsoleteFiles.inc
  head/sys/sys/capability.h
Comment 20 Ed Maste freebsd_committer 2019-06-18 14:18:49 UTC
Committed in r349170, if there's any remaining fallout it will be addressed on a case-by-case basis.