Search for setcap in STAGING_DIR_NATIVE to avoid host contamination. Add
DEPENDS for libcap-native to supply this if we select libcap for
PACKAGECONFIG.
The previous setting of NO_SETCAP_OR_SUID broke setuid or setcap of
/bin/ping and other executables.
Signed-off-by: Jate Sujjavanich <jate...@gmail.com>
---
...ort-for-setcap-in-STAGING_DIR_NATIVE.patch | 39 +++++++++++++++++++
.../iputils/iputils_s20200821.bb | 5 ++-
2 files changed, 42 insertions(+), 2 deletions(-)
create mode 100644
meta/recipes-extended/iputils/iputils/0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch
diff --git
a/meta/recipes-extended/iputils/iputils/0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch
b/meta/recipes-extended/iputils/iputils/0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch
new file mode 100644
index 0000000000..fcd60fa673
--- /dev/null
+++
b/meta/recipes-extended/iputils/iputils/0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch
@@ -0,0 +1,39 @@
+From 701d390a6cdd9f1ff201b315400d4a32e990a2c8 Mon Sep 17 00:00:00 2001
+From: Jate Sujjavanich <jate...@gmail.com>
+Date: Wed, 17 Feb 2021 02:13:34 +0000
+Subject: [PATCH] Add support for setcap in STAGING_DIR_NATIVE
+
+Upstream-Status: Pending
+---
+ meson.build | 3 ++-
+ meson_options.txt | 3 +++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/meson.build b/meson.build
+index aff75a2..f2babbc 100644
+--- a/meson.build
++++ b/meson.build
+@@ -215,7 +215,8 @@ config_h = configure_file(
+ output : 'config.h',
+ configuration : conf)
+
+-setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap', required
: false)
++stagingdirnative = get_option('stagingdirnative')
++setcap = find_program(stagingdirnative + '/usr/sbin/setcap', stagingdirnative
+ '/sbin/setcap', required : false)
+ if cap_dep.found() and setcap.found()
+ perm_type = 'caps'
+ setcap_path = setcap.path()
+diff --git a/meson_options.txt b/meson_options.txt
+index aade675..418e004 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -66,3 +66,6 @@ option('systemdunitdir', type: 'string', value: '',
+
+ option('USE_GETTEXT', type: 'boolean', value: true,
+ description: 'Enable I18N')
++
++option('stagingdirnative', type: 'string', value: '',
++ description: 'Directory for native binaries')
+--
+2.25.1
+
diff --git a/meta/recipes-extended/iputils/iputils_s20200821.bb
b/meta/recipes-extended/iputils/iputils_s20200821.bb
index 8b63a23c61..feb97d5086 100644
--- a/meta/recipes-extended/iputils/iputils_s20200821.bb
+++ b/meta/recipes-extended/iputils/iputils_s20200821.bb
@@ -12,6 +12,7 @@ DEPENDS = "gnutls"
SRC_URI = "git://github.com/iputils/iputils \
file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \
+ file://0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch \
"
SRCREV = "23c3782ae0c7f9c6ae59dbed8ad9204f8758542b"
@@ -26,7 +27,7 @@ CVE_CHECK_WHITELIST += "CVE-2000-1213 CVE-2000-1214"
PACKAGECONFIG ??= "libcap rarpd \
${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod
traceroute6', '', d)} \
${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
-PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap"
+PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap libcap-native"
PACKAGECONFIG[libidn] = "-DUSE_IDN=true, -DUSE_IDN=false, libidn2"
PACKAGECONFIG[gettext] = "-DUSE_GETTEXT=true, -DUSE_GETTEXT=false, gettext"
PACKAGECONFIG[ninfod] = "-DBUILD_NINFOD=true,-DBUILD_NINFOD=false,"
@@ -38,7 +39,7 @@ PACKAGECONFIG[docs] = "-DBUILD_HTML_MANS=true
-DBUILD_MANS=true,-DBUILD_HTML_MAN
inherit meson systemd update-alternatives
-EXTRA_OEMESON += "--prefix=${root_prefix}/"
+EXTRA_OEMESON += "--prefix=${root_prefix}/
-Dstagingdirnative=${STAGING_DIR_NATIVE}"
ALTERNATIVE_PRIORITY = "100"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148326):
https://lists.openembedded.org/g/openembedded-core/message/148326
Mute This Topic: https://lists.openembedded.org/mt/80738250/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
