From 1de1aafab8257a7ff610e04e351c5db8c9c8517e Mon Sep 17 00:00:00 2001
From: Rene Groeschke <rene@elastic.co>
Date: Wed, 6 Sep 2023 09:22:55 +0200
Subject: [PATCH 1/3] Add setgid property to Deb packaging

With gradle 8.3 it is not possible to configure setgid permissions via the dirMode property anymore.
Therefore we need a dedicated property in the packaging tasks to take this into account
---
 .../com/netflix/gradle/plugins/deb/DebCopyAction.groovy   | 5 ++++-
 .../gradle/plugins/packaging/CopySpecEnhancement.groovy   | 8 ++++++++
 .../plugins/packaging/SystemPackagingExtension.groovy     | 8 ++++++++
 .../gradle/plugins/packaging/SystemPackagingTask.groovy   | 1 +
 4 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/main/groovy/com/netflix/gradle/plugins/deb/DebCopyAction.groovy b/src/main/groovy/com/netflix/gradle/plugins/deb/DebCopyAction.groovy
index c2de08ed..4294a876 100755
--- a/src/main/groovy/com/netflix/gradle/plugins/deb/DebCopyAction.groovy
+++ b/src/main/groovy/com/netflix/gradle/plugins/deb/DebCopyAction.groovy
@@ -135,9 +135,12 @@ class DebCopyAction extends AbstractPackagingCopyAction<Deb> {
             Integer uid = (Integer) lookup(specToLookAt, 'uid') ?: task.uid ?: 0
             String group = lookup(specToLookAt, 'permissionGroup') ?: task.permissionGroup
             Integer gid = (Integer) lookup(specToLookAt, 'gid') ?: task.gid ?: 0
+            String setgid = lookup(specToLookAt, 'setgid') ?: task.setgid
 
             int fileMode = dirDetails.mode
-
+            if (setgid) {
+                fileMode = fileMode | 02000
+            }
             debFileVisitorStrategy.addDirectory(dirDetails, user, uid, group, gid, fileMode)
         }
     }
diff --git a/src/main/groovy/com/netflix/gradle/plugins/packaging/CopySpecEnhancement.groovy b/src/main/groovy/com/netflix/gradle/plugins/packaging/CopySpecEnhancement.groovy
index c8313a64..bc55d182 100644
--- a/src/main/groovy/com/netflix/gradle/plugins/packaging/CopySpecEnhancement.groovy
+++ b/src/main/groovy/com/netflix/gradle/plugins/packaging/CopySpecEnhancement.groovy
@@ -49,6 +49,14 @@ class CopySpecEnhancement {
         user(spec, userArg)
     }
 
+    static void setgid(CopySpec spec, boolean setgid) {
+        appendFieldToCopySpec(spec, 'setgid', setgid)
+    }
+
+    static void setSetgid(CopySpec spec, boolean setgid) {
+        setgid(spec, setgid)
+    }
+
     static void permissionGroup(CopySpec spec, String permissionGroup) {
         appendFieldToCopySpec(spec, 'permissionGroup', permissionGroup)
     }
diff --git a/src/main/groovy/com/netflix/gradle/plugins/packaging/SystemPackagingExtension.groovy b/src/main/groovy/com/netflix/gradle/plugins/packaging/SystemPackagingExtension.groovy
index 927831c3..dfd5c9a7 100755
--- a/src/main/groovy/com/netflix/gradle/plugins/packaging/SystemPackagingExtension.groovy
+++ b/src/main/groovy/com/netflix/gradle/plugins/packaging/SystemPackagingExtension.groovy
@@ -47,6 +47,8 @@ class SystemPackagingExtension {
     File signingKeyRingFile
     String user
     String permissionGroup // Group is used by Gradle on tasks.
+    boolean setgid
+
     /**
      * In Debian, this is the Section and has to be provided. Valid values are: admin, cli-mono, comm, database, debug,
      * devel, doc, editors, education, electronics, embedded, fonts, games, gnome, gnu-r, gnustep, graphics, hamradio,
@@ -180,6 +182,12 @@ class SystemPackagingExtension {
         return permissionGroup
     }
 
+    @Input
+    @Optional
+    String getSetgid() {
+        return setgid
+    }
+
     @Input
     @Optional
     String getPackageGroup() {
diff --git a/src/main/groovy/com/netflix/gradle/plugins/packaging/SystemPackagingTask.groovy b/src/main/groovy/com/netflix/gradle/plugins/packaging/SystemPackagingTask.groovy
index 18ccce7b..cc99dc04 100755
--- a/src/main/groovy/com/netflix/gradle/plugins/packaging/SystemPackagingTask.groovy
+++ b/src/main/groovy/com/netflix/gradle/plugins/packaging/SystemPackagingTask.groovy
@@ -103,6 +103,7 @@ abstract class SystemPackagingTask extends OsPackageAbstractArchiveTask {
             mapping.map('maintainer', { parentExten?.getMaintainer() ?: getPackager() })
             mapping.map('uploaders', { parentExten?.getUploaders() ?: getPackager() })
             mapping.map('permissionGroup', { parentExten?.getPermissionGroup() ?: '' })
+            mapping.map('setgid', { parentExten?.getSetgid() ?: false })
             mapping.map('packageGroup', { parentExten?.getPackageGroup() })
             mapping.map('buildHost', { parentExten?.getBuildHost() ?: HOST_NAME })
             mapping.map('summary', { parentExten?.getSummary() ?: getPackageName() })

From 87fec2da47f2d1a65d8db026543af3d2e07a7261 Mon Sep 17 00:00:00 2001
From: Rene Groeschke <rene@elastic.co>
Date: Wed, 6 Sep 2023 11:05:47 +0200
Subject: [PATCH 2/3] Add setgid support to rpm task

---
 .../com/netflix/gradle/plugins/rpm/RpmCopyAction.groovy      | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/groovy/com/netflix/gradle/plugins/rpm/RpmCopyAction.groovy b/src/main/groovy/com/netflix/gradle/plugins/rpm/RpmCopyAction.groovy
index 60b6ae2d..83d62d48 100755
--- a/src/main/groovy/com/netflix/gradle/plugins/rpm/RpmCopyAction.groovy
+++ b/src/main/groovy/com/netflix/gradle/plugins/rpm/RpmCopyAction.groovy
@@ -186,7 +186,10 @@ class RpmCopyAction extends AbstractPackagingCopyAction<Rpm> {
             Directive directive = (Directive) lookup(specToLookAt, 'fileType') ?: task.fileType
             String user = lookup(specToLookAt, 'user') ?: task.user
             String group = lookup(specToLookAt, 'permissionGroup') ?: task.permissionGroup
-
+            String setgid = lookup(specToLookAt, 'setgid') ?: task.setgid
+            if (setgid) {
+                dirMode = dirMode | 02000
+            }
             rpmFileVisitorStrategy.addDirectory(dirDetails, dirMode, directive, user, group, addParentsDir)
         }
     }

From 5b21d5110eecb13be1bb91a3cb298b0d7107e487 Mon Sep 17 00:00:00 2001
From: Rene Groeschke <rene@elastic.co>
Date: Wed, 6 Sep 2023 14:33:39 +0200
Subject: [PATCH 3/3] Fix setgid access method

---
 .../gradle/plugins/packaging/SystemPackagingExtension.groovy  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/groovy/com/netflix/gradle/plugins/packaging/SystemPackagingExtension.groovy b/src/main/groovy/com/netflix/gradle/plugins/packaging/SystemPackagingExtension.groovy
index dfd5c9a7..37d225c3 100755
--- a/src/main/groovy/com/netflix/gradle/plugins/packaging/SystemPackagingExtension.groovy
+++ b/src/main/groovy/com/netflix/gradle/plugins/packaging/SystemPackagingExtension.groovy
@@ -47,7 +47,7 @@ class SystemPackagingExtension {
     File signingKeyRingFile
     String user
     String permissionGroup // Group is used by Gradle on tasks.
-    boolean setgid
+    Boolean setgid
 
     /**
      * In Debian, this is the Section and has to be provided. Valid values are: admin, cli-mono, comm, database, debug,
@@ -184,7 +184,7 @@ class SystemPackagingExtension {
 
     @Input
     @Optional
-    String getSetgid() {
+    Boolean getSetgid() {
         return setgid
     }