www-servers/copyparty: Drop vulnerable versions

https://github.com/9001/copyparty/security/advisories/GHSA-62cr-6wp5-q43h Signed-off-by: Esteve Varela Colominas <esteve.varela@gmail.com>
2026-04-07 03:10:15 -04:00 · 2026-02-27 18:17:18 +01:00
parent 925a6bc8fc
commit 74f47d009f
3 changed files with 0 additions and 337 deletions
--- a/www-servers/copyparty/Manifest
+++ b/www-servers/copyparty/Manifest
@@ -1,3 +1 @@
 DIST copyparty-1.20.10.tar.gz 1744090 BLAKE2B 46079103bc4efed5b3c2a94c4f2ed0ebe3744592fd563ab936c67cc19712022deb8b7fe7fb3214b9845babcf18fe6414ac0dabe8471c30a86702e7de94b1ee37 SHA512 c7eeff99722daf3098a04caea59458f08ee3e65a59f97cc8dff3ca7358b4258349551035574b5ef5cd7d2e6c059f248c466a2c6b31f179e8dcc26b37f0d8e21b
-DIST copyparty-1.20.2.tar.gz 1711250 BLAKE2B d9d74ae3f26a8797a567adc3a9e4219f8119d5ac24d9054bbd6ce027687821eb4240095d16f9be0a46d24f8eb3905fb36d3a2d0fd8c2c1feb15a0f60906a8790 SHA512 c179b49b4d2199c9bf62f3419a0176f6a2850da945cfd4360710bc961395f9b854fcaff733d0bf67201b33567b5b0bbe2932221b64032f20490407b6282e9e1c
-DIST copyparty-1.20.6.tar.gz 1708724 BLAKE2B bc2b3a7cd9a7d084c6a815959e9f31be15fb64c6f7ecf9c25377f16bd7670d2aea438e910a1b8419b913a9afdeb9164ab363f182f712986a4e6a59baa24c2a8e SHA512 a235222fc9a05202d98ca047070181955cf321570128b076902d7430656e36728e6f65173cc22806321041c5edf76a0923857919f0388086c6ac23b03c32c6f4
--- a/www-servers/copyparty/copyparty-1.20.2.ebuild
+++ b/www-servers/copyparty/copyparty-1.20.2.ebuild
@@ -1,165 +0,0 @@
-# Copyright 2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{11..14} )
-DISTUTILS_USE_PEP517=setuptools
-inherit distutils-r1 optfeature edo readme.gentoo-r1
-
-DESCRIPTION="Easy-to-use, feature-packed, protable file server"
-HOMEPAGE="https://github.com/9001/copyparty"
-
-SRC_URI="https://github.com/9001/copyparty/releases/download/v${PV}/copyparty-${PV}.tar.gz"
-
-LICENSE="MIT"  # TODO: licenses of copyparty/web/deps
-SLOT="0"
-KEYWORDS="~amd64"
-IUSE="test"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	dev-python/jinja2[${PYTHON_USEDEP}]
-"
-BDEPEND="
-	test? ( dev-python/strip-hints )
-"
-
-DISABLE_AUTOFORMATTING=y
-DOC_CONTENTS="\
-# TODO: This package is unfinished and lacks some features
-
- Service scripts:
-- contrib/openrc/copyparty: Hardcodes /usr/local/bin, runs as root, exposes /mnt as RW (!?)
-- contrib/systemd/copyparty.service: Hardcodes /usr/local/bin, runs as root, in /var/lib/copyparty
-- contrib/systemd/copyparty@.service: Runs as an arbitrary user, in /var/lib/copyparty-jail, at boot
-- contrib/systemd/copyparty-user.service: User service, runs in /var/lib/copyparty-jail
-Ideally, both systemd and openrc scripts would have the same behavior.
-I also think it'd be sane to default to a new user/group named copyparty,
-and create /var/lib/copyparty with the correct permissions.
-
- Default configuration: There's a bunch of examples, find them using:
-\`find docs contrib -name '*.conf'\`.
-Ideally one of these would be installed as /etc/copyparty.conf, and an
-/etc/copyparty.d directory would be created. I'm not sure what would be
-acceptable defaults.
-
- Jailing the service with prisonparty/bubbleparty: This program is very
-feature-packed, and has a decent security track record, but just has a
-massive attack surface with serious repercussions. Some packages provide a
-'prisonparty' service, which runs the program in a chroot. This script
-hardcodes a lot of things that I'm not sure will work on gentoo, and would
-need matching openrc/systemd services as well.
-
-# Note about TLS and certificates
-
-This program implements TLS natively, in order to be able to access the
-WebCrypto API in browsers[1].
-
-If you intend to expose it to the internet, it's advised to run it through a
-reverse proxy[2], like nginx, in order to have a proper TLS implementation, and
-more modern transport features.
-
-If that's not an option, by default, the https:// URL will use a builtin,
-insecure certificate. Install app-crypt/cfssl in order to have it generate a
-custom certificate.
-
-[1]: https://github.com/9001/copyparty/blob/2c26aecd878c185ce358f661d57612f91c21d4b1/copyparty/cert.py#L37-L43
-[2]: https://github.com/9001/copyparty#reverse-proxy
-
-# Bundled dependency notice
-
-A few 'web dependencies' are supplied in the copyparty/web/deps directory.
-These are mostly things that run in the web browser, such as javascript
-libraries, markdown editors, some assets such as fonts, and a sha512 function
-implemented in webassembly.
-
-An attempt at rebuilding these was made, but the scripts required too much
-patching and should be adapted upstream to be more easily buildable without
-docker. Additionally, it's difficult to package npm dependencies in gentoo.
-https://gist.github.com/mid-kid/cc7c0c2e1c188c8b135663d547e3dd35"
-
-src_prepare() {
-	# Use a $TMPDIR for testing, not /dev/shm
-	sed -e 's/\["\/dev\/shm"[^]]*\]/[]/' \
-		-i tests/util.py || die
-
-	distutils-r1_src_prepare
-}
-
-python_test() {
-	edo bash scripts/run-tests.sh python3
-}
-
-python_install() {
-	distutils-r1_python_install
-
-	# Reuse the bundled copy of fusepy for partyfuse
-	# patched in scripts/deps-docker/Dockerfile (under "build fusepy")
-	sed -e "1a$(printf '%s\\n' \
-			'import copyparty.web.deps.fuse as fuse,sys,os' \
-			'sys.path.append(os.path.dirname(fuse.__file__))' \
-		)" -i "${D}$(python_get_scriptdir)/partyfuse" || die
-
-	# Useful utilities listed in bin/README.md
-	# These need to be executed inside the server's data directory
-	# Installed into /usr/libexec as not a single other package installs them
-	python_scriptinto /usr/libexec/copyparty
-	python_doscript bin/partyjournal.py bin/dbtool.py
-}
-
-src_install() {
-	distutils-r1_src_install
-	readme.gentoo_create_doc
-
-	# Not all of the documentation is useful, but it's hard to filter,
-	# and plenty of it is quite useful.
-	dodoc -r docs contrib
-
-	# These additional scripts can be used through command-line flags or
-	# configuration files, so it makes sense to put them in a predictable
-	# location.  A few of these will require customization, the user should
-	# copy them to /etc.
-	insinto /usr/share/copyparty
-	doins -r bin/handlers bin/hooks bin/mtag
-
-	# Every other package seems to install this, but it needs a service script,
-	# as well as proper creation of the jail + testing.
-	#newbin bin/prisonparty.sh prisonparty
-
-	# Bubbleparty seems more reasonable, yet I don't see this included in other
-	# packages.  Would need an optional sys-apps/bubblewrap dependency.
-	#newbin bin/bubbleparty.sh bubbleparty
-
-	# Skipped tools:
-	# - bin/partyfuse-streaming.py: Doc tells me this doesn't exist
-	# - bin/partyfuse2.py: The regular partyfuse.py is better supported
-	# - bin/unforget.py: Not listed in README.md, questionable utility
-	# - bin/zmq-recv.py: Not listed in README.md, questionable utility
-}
-
-pkg_postinst() {
-	# Optfeature descriptions from copyparty/svchub.py:SvcHub._feature_test()
-	optfeature "sessions and file/media indexing" dev-lang/python[sqlite]
-	optfeature "image thumbnails (plenty fast)" dev-python/pillow
-	#optfeature "image thumbnails (faster, eats more ram)" vips  # pyvips not packaged (yet)
-	optfeature "create thumbnails as webp files" dev-python/pillow[webp]
-	optfeature "transcode audio, create spectrograms, video thumbnails, \
-good-but-slow image thumbnails, read audio/media tags" media-video/ffmpeg
-	optfeature "read audio tags (ffprobe is better but slower)" media-libs/mutagen
-	optfeature "secure password hashing (advanced users only)" dev-python/argon2-cffi
-	optfeature "send zeromq messages from event-hooks" dev-python/pyzmq
-	optfeature "read .heif images with pillow (rarely useful)" dev-python/pillow-heif
-	optfeature "read .avif images with pillow (rarely useful)" dev-python/pillow[avif]
-	#optfeature "read RAW images" rawpy  # rawpy not packaged (yet)
-
-	# Optfeatures from pyproject.toml:project.optional-dependencies not listed above
-	optfeature "sftp protocol support" dev-python/paramiko
-	optfeature "ftp protocol support" dev-python/pyftpdlib
-	optfeature "ftps protocol support" "dev-python/pyftpdlib dev-python/pyopenssl"
-	#optfeature "tftp protocol support" partftpy  # partftpy not packaged (yet)
-
-	# Additional programs not detected above
-	optfeature "automatically generate SSL certificate at startup" app-crypt/cfssl
-	optfeature "scrypt password hashing" dev-lang/python[ssl]  # hashlib.scrypt()
-}
--- a/www-servers/copyparty/copyparty-1.20.6.ebuild
+++ b/www-servers/copyparty/copyparty-1.20.6.ebuild
@@ -1,170 +0,0 @@
-# Copyright 2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{11..14} )
-DISTUTILS_USE_PEP517=setuptools
-inherit distutils-r1 optfeature edo readme.gentoo-r1
-
-DESCRIPTION="Easy-to-use, feature-packed, protable file server"
-HOMEPAGE="https://github.com/9001/copyparty"
-
-SRC_URI="https://github.com/9001/copyparty/releases/download/v${PV}/copyparty-${PV}.tar.gz"
-
-LICENSE="MIT"  # TODO: licenses of copyparty/web/deps
-SLOT="0"
-KEYWORDS="~amd64"
-IUSE="test"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	dev-python/jinja2[${PYTHON_USEDEP}]
-"
-BDEPEND="
-	test? ( dev-python/strip-hints )
-"
-
-DISABLE_AUTOFORMATTING=y
-DOC_CONTENTS="\
-# TODO: This package is unfinished and lacks some features
-
- Missing service scripts:
-- OpenRC system service running as different user/group (default to copyparty)
-- Systemd system service running as different user/group (default to copyparty)
-- Systemd user service
-
- Existing upstream service scripts:
-- contrib/openrc/copyparty: Hardcodes /usr/local/bin, runs as root, exposes /mnt as RW (!?)
-- contrib/systemd/copyparty.service: Hardcodes /usr/local/bin, runs as root, in /var/lib/copyparty
-- contrib/systemd/copyparty@.service: Runs as an arbitrary user, in /var/lib/copyparty-jail, at boot
-- contrib/systemd/copyparty-user.service: User service, runs in /var/lib/copyparty-jail
-
- Default configuration: There's a bunch of examples, find them using:
-\`find docs contrib -name '*.conf'\`.
-Ideally one of these would be installed as /etc/copyparty.conf, and an
-/etc/copyparty.d directory would be created. I'm not sure what would be
-acceptable defaults.
-
- Jailing the service with prisonparty/bubbleparty: This program is very
-feature-packed, and has a decent security track record, but just has a
-massive attack surface with serious repercussions. Some packages provide a
-'prisonparty' service, which runs the program in a chroot. This script
-hardcodes a lot of things that I'm not sure will work on gentoo, and would
-need matching openrc/systemd services as well.
-
-# Note about TLS and certificates
-
-This program implements TLS natively, in order to be able to access the
-WebCrypto API in browsers[1].
-
-If you intend to expose it to the internet, it's advised to run it through a
-reverse proxy[2], like nginx, in order to have a proper TLS implementation, and
-more modern transport features.
-
-If that's not an option, by default, the https:// URL will use a builtin,
-insecure certificate. Install app-crypt/cfssl in order to have it generate a
-custom certificate.
-
-[1]: https://github.com/9001/copyparty/blob/2c26aecd878c185ce358f661d57612f91c21d4b1/copyparty/cert.py#L37-L43
-[2]: https://github.com/9001/copyparty#reverse-proxy
-
-# Bundled dependency notice
-
-A few 'web dependencies' are supplied in the copyparty/web/deps directory.
-These are mostly things that run in the web browser, such as javascript
-libraries, markdown editors, some assets such as fonts, and a sha512 function
-implemented in webassembly.
-
-An attempt at rebuilding these was made, but the scripts required too much
-patching and should be adapted upstream to be more easily buildable without
-docker. Additionally, it's difficult to package npm dependencies in gentoo.
-https://gist.github.com/mid-kid/cc7c0c2e1c188c8b135663d547e3dd35"
-
-src_prepare() {
-	# Use a $TMPDIR for testing, not /dev/shm
-	sed -e 's/\["\/dev\/shm"[^]]*\]/[]/' \
-		-i tests/util.py || die
-
-	distutils-r1_src_prepare
-}
-
-python_test() {
-	edo bash scripts/run-tests.sh python3
-}
-
-python_install() {
-	distutils-r1_python_install
-
-	# Reuse the bundled copy of fusepy for partyfuse
-	# patched in scripts/deps-docker/Dockerfile (under "build fusepy")
-	sed -e "1a$(printf '%s\\n' \
-			'import copyparty.web.deps.fuse as fuse,sys,os' \
-			'sys.path.append(os.path.dirname(fuse.__file__))' \
-		)" -i "${D}$(python_get_scriptdir)/partyfuse" || die
-
-	# Useful utilities listed in bin/README.md
-	# These need to be executed inside the server's data directory
-	# Installed into /usr/libexec as not a single other package installs them
-	python_scriptinto /usr/libexec/copyparty
-	python_doscript bin/partyjournal.py bin/dbtool.py
-}
-
-src_install() {
-	distutils-r1_src_install
-	readme.gentoo_create_doc
-
-	exeinto /etc/user/init.d
-	newexe "${FILESDIR}/copyparty-user.initd" copyparty
-
-	# Not all of the documentation is useful, but it's hard to filter,
-	# and plenty of it is quite useful.
-	dodoc -r docs contrib
-
-	# These additional scripts can be used through command-line flags or
-	# configuration files, so it makes sense to put them in a predictable
-	# location.  A few of these will require customization, the user should
-	# copy them to /etc.
-	insinto /usr/share/copyparty
-	doins -r bin/handlers bin/hooks bin/mtag
-
-	# Every other package seems to install this, but it needs a service script,
-	# as well as proper creation of the jail + testing.
-	#newbin bin/prisonparty.sh prisonparty
-
-	# Bubbleparty seems more reasonable, yet I don't see this included in other
-	# packages.  Would need an optional sys-apps/bubblewrap dependency.
-	#newbin bin/bubbleparty.sh bubbleparty
-
-	# Skipped tools:
-	# - bin/partyfuse-streaming.py: Doc tells me this doesn't exist
-	# - bin/partyfuse2.py: The regular partyfuse.py is better supported
-	# - bin/unforget.py: Not listed in README.md, questionable utility
-	# - bin/zmq-recv.py: Not listed in README.md, questionable utility
-}
-
-pkg_postinst() {
-	# Optfeature descriptions from copyparty/svchub.py:SvcHub._feature_test()
-	optfeature "sessions and file/media indexing" dev-lang/python[sqlite]
-	optfeature "image thumbnails (plenty fast)" dev-python/pillow
-	#optfeature "image thumbnails (faster, eats more ram)" vips  # pyvips not packaged (yet)
-	optfeature "create thumbnails as webp files" dev-python/pillow[webp]
-	optfeature "transcode audio, create spectrograms, video thumbnails, \
-good-but-slow image thumbnails, read audio/media tags" media-video/ffmpeg
-	optfeature "read audio tags (ffprobe is better but slower)" media-libs/mutagen
-	optfeature "secure password hashing (advanced users only)" dev-python/argon2-cffi
-	optfeature "send zeromq messages from event-hooks" dev-python/pyzmq
-	optfeature "read .heif images with pillow (rarely useful)" dev-python/pillow-heif
-	optfeature "read .avif images with pillow (rarely useful)" dev-python/pillow[avif]
-	#optfeature "read RAW images" rawpy  # rawpy not packaged (yet)
-
-	# Optfeatures from pyproject.toml:project.optional-dependencies not listed above
-	optfeature "sftp protocol support" dev-python/paramiko
-	optfeature "ftp protocol support" dev-python/pyftpdlib
-	optfeature "ftps protocol support" "dev-python/pyftpdlib dev-python/pyopenssl"
-	#optfeature "tftp protocol support" partftpy  # partftpy not packaged (yet)
-
-	# Additional programs not detected above
-	optfeature "automatically generate SSL certificate at startup" app-crypt/cfssl
-	optfeature "scrypt password hashing" dev-lang/python[ssl]  # hashlib.scrypt()
-}