Search for setcap in STAGING_DIR_NATIVE to avoid host contamination. Add DEPENDS for libcap-native to supply this if we select libcap for PACKAGECONFIG.
The previous setting of NO_SETCAP_OR_SUID broke setuid or setcap of /bin/ping and other executables. Signed-off-by: Jate Sujjavanich <jate...@gmail.com> --- ...ort-for-setcap-in-STAGING_DIR_NATIVE.patch | 39 +++++++++++++++++++ .../iputils/iputils_s20200821.bb | 5 ++- 2 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 meta/recipes-extended/iputils/iputils/0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch diff --git a/meta/recipes-extended/iputils/iputils/0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch b/meta/recipes-extended/iputils/iputils/0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch new file mode 100644 index 0000000000..fcd60fa673 --- /dev/null +++ b/meta/recipes-extended/iputils/iputils/0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch @@ -0,0 +1,39 @@ +From 701d390a6cdd9f1ff201b315400d4a32e990a2c8 Mon Sep 17 00:00:00 2001 +From: Jate Sujjavanich <jate...@gmail.com> +Date: Wed, 17 Feb 2021 02:13:34 +0000 +Subject: [PATCH] Add support for setcap in STAGING_DIR_NATIVE + +Upstream-Status: Pending +--- + meson.build | 3 ++- + meson_options.txt | 3 +++ + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/meson.build b/meson.build +index aff75a2..f2babbc 100644 +--- a/meson.build ++++ b/meson.build +@@ -215,7 +215,8 @@ config_h = configure_file( + output : 'config.h', + configuration : conf) + +-setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap', required : false) ++stagingdirnative = get_option('stagingdirnative') ++setcap = find_program(stagingdirnative + '/usr/sbin/setcap', stagingdirnative + '/sbin/setcap', required : false) + if cap_dep.found() and setcap.found() + perm_type = 'caps' + setcap_path = setcap.path() +diff --git a/meson_options.txt b/meson_options.txt +index aade675..418e004 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -66,3 +66,6 @@ option('systemdunitdir', type: 'string', value: '', + + option('USE_GETTEXT', type: 'boolean', value: true, + description: 'Enable I18N') ++ ++option('stagingdirnative', type: 'string', value: '', ++ description: 'Directory for native binaries') +-- +2.25.1 + diff --git a/meta/recipes-extended/iputils/iputils_s20200821.bb b/meta/recipes-extended/iputils/iputils_s20200821.bb index 8b63a23c61..feb97d5086 100644 --- a/meta/recipes-extended/iputils/iputils_s20200821.bb +++ b/meta/recipes-extended/iputils/iputils_s20200821.bb @@ -12,6 +12,7 @@ DEPENDS = "gnutls" SRC_URI = "git://github.com/iputils/iputils \ file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \ + file://0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch \ " SRCREV = "23c3782ae0c7f9c6ae59dbed8ad9204f8758542b" @@ -26,7 +27,7 @@ CVE_CHECK_WHITELIST += "CVE-2000-1213 CVE-2000-1214" PACKAGECONFIG ??= "libcap rarpd \ ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod traceroute6', '', d)} \ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" -PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap" +PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap libcap-native" PACKAGECONFIG[libidn] = "-DUSE_IDN=true, -DUSE_IDN=false, libidn2" PACKAGECONFIG[gettext] = "-DUSE_GETTEXT=true, -DUSE_GETTEXT=false, gettext" PACKAGECONFIG[ninfod] = "-DBUILD_NINFOD=true,-DBUILD_NINFOD=false," @@ -38,7 +39,7 @@ PACKAGECONFIG[docs] = "-DBUILD_HTML_MANS=true -DBUILD_MANS=true,-DBUILD_HTML_MAN inherit meson systemd update-alternatives -EXTRA_OEMESON += "--prefix=${root_prefix}/" +EXTRA_OEMESON += "--prefix=${root_prefix}/ -Dstagingdirnative=${STAGING_DIR_NATIVE}" ALTERNATIVE_PRIORITY = "100" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#148326): https://lists.openembedded.org/g/openembedded-core/message/148326 Mute This Topic: https://lists.openembedded.org/mt/80738250/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-