On Mon, Mar 8, 2021 at 11:23 AM Andreas Müller <[email protected]> wrote:
>
> On Mon, Mar 8, 2021 at 2:55 PM Daniel Wagenknecht
> <[email protected]> wrote:
> >
> > file capabilities need to be set on gnome-keyring-daemon. This is now
> > possible using pkg_postinst function on the build host. Previous
> > workarounds are not needed anymore.
> >
> > Signed-off-by: Daniel Wagenknecht <[email protected]>
> > ---
> > .../recipes-gnome/gnome-keyring/gnome-keyring_3.34.0.bb | 8 +++-----
> > 1 file changed, 3 insertions(+), 5 deletions(-)
> >
> > diff --git a/meta-gnome/recipes-gnome/gnome-keyring/gnome-keyring_3.34.0.bb
> > b/meta-gnome/recipes-gnome/gnome-keyring/gnome-keyring_3.34.0.bb
> > index 52c254b28..be6d922bc 100644
> > --- a/meta-gnome/recipes-gnome/gnome-keyring/gnome-keyring_3.34.0.bb
> > +++ b/meta-gnome/recipes-gnome/gnome-keyring/gnome-keyring_3.34.0.bb
> > @@ -43,9 +43,7 @@ FILES_${PN} += " \
> > ${libdir}/pkcs11/gnome-keyring-pkcs11.so \
> > "
> >
> > -# fix | gnome-keyring-daemon: insufficient process capabilities, unsecure
> > memory might get used
> ^ Please leave this part of the comment - it is still valid and
> explaining why setcap is necessary
right, since its a comment I have edited the patch and staged it in master-next.
> > -# This does not make it through pseudo so perform on-target - sigh
> > -pkg_postinst_ontarget_${PN} () {
> > - setcap cap_ipc_lock+ep `which gnome-keyring-daemon`
> > +pkg_postinst_${PN} () {
> > + setcap cap_ipc_lock+ep $D/${bindir}/gnome-keyring-daemon
> > }
> > -RDEPENDS_${PN} += "libcap-bin"
> > +PACKAGE_WRITE_DEPS += "libcap-native"
> > --
> Cheers
>
> Andreas
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#89988):
https://lists.openembedded.org/g/openembedded-devel/message/89988
Mute This Topic: https://lists.openembedded.org/mt/81173816/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
