* [PATCH v4] iputils: Fix cap_net_raw for installed binaries
@ 2021-02-27 0:40 Jate Sujjavanich
0 siblings, 0 replies; only message in thread
From: Jate Sujjavanich @ 2021-02-27 0:40 UTC (permalink / raw)
To: openembedded-core, richard.purdie, alex.kanavin, quaresma.jose
Cc: Jate Sujjavanich
Add libcap-native to libcap PACKAGECONFIG making native setcap available
during the build. This assures its availability during install and prevents
meson from searching absolute paths and the resulting possible host
contamination.
Move -DNO_SETCAP_OR_SUID=true to the libcap PACKAGECONFIG negative case
This will prevent possible non-determinism for the setuid case.
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
---
meta/recipes-extended/iputils/iputils_s20200821.bb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-extended/iputils/iputils_s20200821.bb b/meta/recipes-extended/iputils/iputils_s20200821.bb
index 28dd194a12..b7bb7ec84f 100644
--- a/meta/recipes-extended/iputils/iputils_s20200821.bb
+++ b/meta/recipes-extended/iputils/iputils_s20200821.bb
@@ -13,6 +13,7 @@ DEPENDS = "gnutls"
SRC_URI = "git://github.com/iputils/iputils \
file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \
"
+
SRCREV = "23c3782ae0c7f9c6ae59dbed8ad9204f8758542b"
S = "${WORKDIR}/git"
@@ -26,7 +27,7 @@ CVE_CHECK_WHITELIST += "CVE-2000-1213 CVE-2000-1214"
PACKAGECONFIG ??= "libcap rarpd \
${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod traceroute6', '', d)} \
${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
-PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap"
+PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false -DNO_SETCAP_OR_SUID=true, libcap libcap-native"
PACKAGECONFIG[libidn] = "-DUSE_IDN=true, -DUSE_IDN=false, libidn2"
PACKAGECONFIG[gettext] = "-DUSE_GETTEXT=true, -DUSE_GETTEXT=false, gettext"
PACKAGECONFIG[ninfod] = "-DBUILD_NINFOD=true,-DBUILD_NINFOD=false,"
@@ -38,8 +39,7 @@ PACKAGECONFIG[docs] = "-DBUILD_HTML_MANS=true -DBUILD_MANS=true,-DBUILD_HTML_MAN
inherit meson systemd update-alternatives
-# Have to disable setcap/suid as its not deterministic
-EXTRA_OEMESON += "--prefix=${root_prefix}/ -DNO_SETCAP_OR_SUID=true"
+EXTRA_OEMESON += "--prefix=${root_prefix}/"
ALTERNATIVE_PRIORITY = "100"
--
2.25.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-02-27 0:40 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-02-27 0:40 [PATCH v4] iputils: Fix cap_net_raw for installed binaries Jate Sujjavanich
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.