Created attachment 194139 [details] remove header This is a request for an exp-run for the attached diff which removes the sys/capability.h header.
Please provide a patch for all the ports that support sandboxing too.
As far as I could tell from grepping my copies of distfiles (which was done before the original commit) most ports already already include the correct header. A few that don't already have appropriate patching: ftp/vsftpd/files/patch-sysdeputil.c x11/nvidia-driver/Makefile I did find one port which did not: but only due to a local patch: net/ngrep/files/patch-ngrep.c Would you be willing to try and an exp-run with the warning replaced with an #error, and I'll then patch any failing ports?
I meant multimedia/linux_dvbwrapper-kmod/files/patch-linux__dvbwrapper.c, not ftp/vsftpd/files/patch-sysdeputil.c
some examples: ports-mgmt/pkg , net/tcpdump, devel/py-pycapsicum
Of those: pkg: includes the correct header: py-pycapsicum: not in my original set: includes the correct header based on OSVERSION net/tcpdump: this one looks like a real issue: it would have failed to compile, but not silently ignored the problem. Would you be willing to try and an exp-run with the warning replaced with an #error, and I'll then patch any failing ports?
(In reply to Eitan Adler from comment #5) pkg doesn't include the correct header: work/pkg-1.10.5/libpkg/ssh.c:#include <sys/capability.h> work/pkg-1.10.5/src/info.c:#include <sys/capability.h> work/pkg-1.10.5/src/clean.c:#include <sys/capability.h> work/pkg-1.10.5/src/event.c:#include <sys/capability.h> work/pkg-1.10.5/src/audit.c:#include <sys/capability.h> work/pkg-1.10.5/src/updating.c:#include <sys/capability.h> work/pkg-1.10.5/src/upgrade.c:#include <sys/capability.h> work/pkg-1.10.5/src/ssh.c:#include <sys/capability.h> py-pycapsicum doesn't include the correct header, OSVERSION doesn't exist A #error won't work, it will break all ports that expect the posix one.
Ah. I had pkg-devel installed. Sorry. Alright, I guess this header will live forever.
Reopen
(In reply to Antoine Brodin from comment #6) > A #error won't work, it will break all ports that expect the posix one. These are broken today though, so it would be useful to identify them as well.
py-pycapsicum change in https://github.com/stillson/pycapsicum2/pull/3
Via Debian Code Search, Debian packages that contain the string <sys/capability.h>: alfred alljoyn-core-1504 alljoyn-core-1509 alljoyn-core-1604 android-framework-23 android-platform-external-libselinux android-platform-frameworks-base android-platform-frameworks-native android-platform-libcore android-platform-system-core android-tools arping asterisk autodir avahi bacula bareos bind9 bluez bubblewrap cacti-spine cadvisor cdrkit chromium-browser chrony cifs-utils clsync collectd commons-daemon coreutils criu cvsd cyrus-imapd dar diod dnscrypt-proxy dovecot fakeroot fastd flatpak freebsd-buildutils freebsd-glue freeradius gcc-8 gcc-snapshot gitlab-shell glibc gnulib gnupg1 golang-golang-x-sys golang-gopkg-hlandau-svcutils.v1 grub2 gstreamer1.0 gvfs heimdal hercules hhvm iproute2 iputils jack-audio-connection-kit kfreebsd-10 kfreebsd-kernel-headers kinit kismet klibc kodi kwin ladvd ldb libapache2-mod-ruid2 libcap2 libexplain libgcrypt20 libguestfs liblinux-prctl-perl libteam libzorpll limba linux lua-ljsyscall mcstrans miredo mitmproxy mpm-itk mtr mumble muse ncrack netdata nfs-ganesha ntdb ntopng ntp ntpsec openscap openssh openssh-ssh1 pax-utils pinentry procenv proftpd-dfsg proxsmtp pulseaudio pure-ftpd python-oslo.privsep python-prctl qemu qtwebengine-opensource-src quagga resource-agents rlinetd rpm rtkit samba samhain smcroute snapd squid sshguard sslh stress-ng strongswan systemd tcpcrypt tcpdump tdb terminatorx tevent tor trafficserver ufsutils ui-utilcpp umview util-vserver uwsgi vdr vdr-plugin-xineliboutput vsftpd wavemon wireshark wpa zfsutils zorp zsh
A commit references this bug: Author: emaste Date: Fri Nov 9 17:59:27 UTC 2018 New revision: 340291 URL: https://svnweb.freebsd.org/changeset/base/340291 Log: MFC r340171: capability.h: add comment about planned removal timeline PR: 228878 Changes: _U stable/11/ stable/11/sys/sys/capability.h
(Continuing to use Debian's package search tools as we don't have indexing/search for the ports tree.) I looked at Debian packages that have both <sys/capability.h> and cap_enter with results as follows: Debian packages which do not appear to have a FreeBSD equivalent: cadvisor freebsd-buildutils freebsd-glue glibc kfreebsd-10 lua-ljsyscall openssh-ssh1 Packages which include deprecated sys/capability.h header (and now have a PR): dnscrypt-proxy (dnscrypt-proxy2) gitlab-shell golang-golang-x-sys (lang/go) Packages which include sys/capability.h expecting the Linux one: mumble qemu Packages with no issue (e.g. have version-specific includes, check for both capsicum.h and capability.h, ports is patched and patch submitted upstream, etc.): openssh sshguard tcpdump
Here are the ports for which the "this file includes <sys/capability.h> which is deprecated" warning appears in the build log: databases/ldb databases/ldb12 databases/ldb13 databases/ntdb databases/tdb devel/libexplain devel/py-pycapsicum devel/talloc devel/tevent emulators/hercules ftp/vsftpd-ext net-mgmt/wmi-client net/arping net/miredo net/samba46 net/samba47 net/samba48 net/tcpdump ports-mgmt/pkg security/fakeroot security/sshguard security/tor security/tor-devel shells/jailkit sysutils/dar sysutils/procenv www/kcgi www/mohawk
These ones are being handled (have a PR, fix, etc.): devel/py-pycapsicum net/tcpdump ports-mgmt/pkg security/sshguard sysutils/procenv These are non-issues (looking for the Linux header) databases/ldb databases/ldb12 databases/ldb13 I did not investigate these: net/samba46 net/samba47 net/samba48 databases/ntdb databases/tdb devel/libexplain devel/talloc devel/tevent emulators/hercules ftp/vsftpd-ext net-mgmt/wmi-client net/arping net/miredo security/fakeroot security/tor security/tor-devel shells/jailkit sysutils/dar www/kcgi www/mohawk
OK (wants Linux headers): databases/ntdb databases/tdb devel/libexplain devel/talloc devel/tevent emulators/hercules ftp/vsftpd-ext net-mgmt/wmi-client net/arping net/miredo net/samba46 net/samba47 net/samba48 security/fakeroot security/tor security/tor-devel shells/jailkit sysutils/dar OK (has __FreeBSD_version test or equivalent): www/mohawk Needs a fix: www/kcgi
A commit references this bug: Author: emaste Date: Sun Nov 18 14:58:02 UTC 2018 New revision: 340586 URL: https://svnweb.freebsd.org/changeset/base/340586 Log: MFC r340171: capability.h: add comment about planned removal timeline PR: 228878 Changes: _U stable/12/ stable/12/sys/sys/capability.h
devel/py-pycapsicum - upstream patch submitted net/tcpdump - addressed by r484310 ports-mgmt/pkg - committed upstream but not yet in a release security/sshguard - OK, checks for capsicum.h and capability.h sysutils/procenv - capsicum.h patch added in r490132 www/kcgi - capsicum.h patch added in r484808
A commit references this bug: Author: emaste Date: Tue Jun 18 14:13:52 UTC 2019 New revision: 349170 URL: https://svnweb.freebsd.org/changeset/base/349170 Log: Remove sys/capability.h for the third time In all supported (and most unsupported) FreeBSD versions the appropriate header for Capsicum is sys/capsicum.h. Software including sys/capability.h is most likely looking for Linux capabilities based on the withdrawn POSIX.1e draft. This header was previously removed in r334929 and r340156, but reverted each time due to ports failures. These issues have now (broadly) been addressed. PR: 228878 [exp-run] Submitted by: eadler (r334929) Relnotes: Yes Sponsored by: The FreeBSD Foundation Changes: head/ObsoleteFiles.inc head/sys/sys/capability.h
Committed in r349170, if there's any remaining fallout it will be addressed on a case-by-case basis.