Re: [OE-core] [PATCH v2 2/2] iputils: Use STAGING_DIR_NATIVE for setcap detection
I think we need the revert patch, the libcap-native DEPENDS, and then some logic to exclude the hard-coded paths to setcap if we are cross-compiling. This seems more mesonic and may be submittable upstream. Your hypothesis that they hard code the setcap paths for non-root users makes sense, Richard. Per Alex, oe-core does exclude the build machine from PATH in the cross environment. I was going by the PATH in the target devshell which adds the build machine's paths. Version 3 of the patchset is forthcoming. - Jate On Fri, Feb 19, 2021 at 6:34 AM Richard Purdie < richard.pur...@linuxfoundation.org> wrote: > On Fri, 2021-02-19 at 11:26 +, Jose Quaresma wrote: > > The only change needed on the recipe are: > > > > -PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap" > > +PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap > libcap-native" > > > > The patch 0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch is not > need because > > with the addition of the libcap-native the meson find_program will find > the setcap binary on the native > > sysroot and will use it. > > Ok, we can take that change. > > I'm assuming you still want/need the revert (patch 1/2) as well > though? > > That does give us a problem since on systems where libcap > isn't in PACKAGECONFIG, the binaries will be non-deterministic > again. > > Cheers, > > Richard > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#148354): https://lists.openembedded.org/g/openembedded-core/message/148354 Mute This Topic: https://lists.openembedded.org/mt/80738250/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 2/2] iputils: Use STAGING_DIR_NATIVE for setcap detection
On Fri, 2021-02-19 at 11:26 +, Jose Quaresma wrote: > The only change needed on the recipe are: > > -PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap" > +PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap > libcap-native" > > The patch 0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch is not need > because > with the addition of the libcap-native the meson find_program will find the > setcap binary on the native > sysroot and will use it. Ok, we can take that change. I'm assuming you still want/need the revert (patch 1/2) as well though? That does give us a problem since on systems where libcap isn't in PACKAGECONFIG, the binaries will be non-deterministic again. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#148349): https://lists.openembedded.org/g/openembedded-core/message/148349 Mute This Topic: https://lists.openembedded.org/mt/80738250/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 2/2] iputils: Use STAGING_DIR_NATIVE for setcap detection
Hi,
The only change needed on the recipe are:
-PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap"
+PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap
libcap-native"
The patch 0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch is not
need because
with the addition of the libcap-native the meson find_program will find
the setcap binary on the native sysroot
and will use it.
Richard Purdie escreveu no dia quinta,
18/02/2021 à(s) 21:44:
> On Thu, 2021-02-18 at 20:58 +0100, Alexander Kanavin wrote:
> > On Thu, 18 Feb 2021 at 20:22, Jate Sujjavanich
> wrote:
> > > +-setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap',
> required : false)
> > > ++stagingdirnative = get_option('stagingdirnative')
> > > ++setcap = find_program(stagingdirnative + '/usr/sbin/setcap',
> stagingdirnative + '/sbin/setcap', required
> > > : false)
> > >
> >
> > Just remove the hardcoded paths from find_program altogether (see meson
> manual), and it will take the binary
> > from PATH env var, which is exactly how native sysroots are supposed to
> work.
>
> I'm guessing upstream does this so you can build as a normal user who
> doesn't have sbin in PATH and still use setcap during "make install".
>
> We need something upstream might accept. I suspect what we need here
> is a way to specify a specific path to the util and then fall back on
> the current approach if the feature is enabled but no path provided.
> Please do ensure that it won't look in the host's directories unless
> its enabled though.
>
> Cheers,
>
> Richard
>
>
>
>
>
--
Best regards,
José Quaresma
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148348):
https://lists.openembedded.org/g/openembedded-core/message/148348
Mute This Topic: https://lists.openembedded.org/mt/80738250/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 2/2] iputils: Use STAGING_DIR_NATIVE for setcap detection
On Thu, 2021-02-18 at 20:58 +0100, Alexander Kanavin wrote:
> On Thu, 18 Feb 2021 at 20:22, Jate Sujjavanich wrote:
> > +-setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap',
> > required : false)
> > ++stagingdirnative = get_option('stagingdirnative')
> > ++setcap = find_program(stagingdirnative + '/usr/sbin/setcap',
> > stagingdirnative + '/sbin/setcap', required
> > : false)
> >
>
> Just remove the hardcoded paths from find_program altogether (see meson
> manual), and it will take the binary
> from PATH env var, which is exactly how native sysroots are supposed to work.
I'm guessing upstream does this so you can build as a normal user who
doesn't have sbin in PATH and still use setcap during "make install".
We need something upstream might accept. I suspect what we need here
is a way to specify a specific path to the util and then fall back on
the current approach if the feature is enabled but no path provided.
Please do ensure that it won't look in the host's directories unless
its enabled though.
Cheers,
Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148333):
https://lists.openembedded.org/g/openembedded-core/message/148333
Mute This Topic: https://lists.openembedded.org/mt/80738250/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [PATCH v2 2/2] iputils: Use STAGING_DIR_NATIVE for setcap detection
On Thu, 18 Feb 2021 at 20:22, Jate Sujjavanich wrote:
> +-setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap',
> required : false)
> ++stagingdirnative = get_option('stagingdirnative')
> ++setcap = find_program(stagingdirnative + '/usr/sbin/setcap',
> stagingdirnative + '/sbin/setcap', required : false)
>
Just remove the hardcoded paths from find_program altogether (see meson
manual), and it will take the binary from PATH env var, which is exactly
how native sysroots are supposed to work.
Alex
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148328):
https://lists.openembedded.org/g/openembedded-core/message/148328
Mute This Topic: https://lists.openembedded.org/mt/80738250/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[OE-core] [PATCH v2 2/2] iputils: Use STAGING_DIR_NATIVE for setcap detection
Search for setcap in STAGING_DIR_NATIVE to avoid host contamination. Add
DEPENDS for libcap-native to supply this if we select libcap for
PACKAGECONFIG.
The previous setting of NO_SETCAP_OR_SUID broke setuid or setcap of
/bin/ping and other executables.
Signed-off-by: Jate Sujjavanich
---
...ort-for-setcap-in-STAGING_DIR_NATIVE.patch | 39 +++
.../iputils/iputils_s20200821.bb | 5 ++-
2 files changed, 42 insertions(+), 2 deletions(-)
create mode 100644
meta/recipes-extended/iputils/iputils/0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch
diff --git
a/meta/recipes-extended/iputils/iputils/0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch
b/meta/recipes-extended/iputils/iputils/0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch
new file mode 100644
index 00..fcd60fa673
--- /dev/null
+++
b/meta/recipes-extended/iputils/iputils/0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch
@@ -0,0 +1,39 @@
+From 701d390a6cdd9f1ff201b315400d4a32e990a2c8 Mon Sep 17 00:00:00 2001
+From: Jate Sujjavanich
+Date: Wed, 17 Feb 2021 02:13:34 +
+Subject: [PATCH] Add support for setcap in STAGING_DIR_NATIVE
+
+Upstream-Status: Pending
+---
+ meson.build | 3 ++-
+ meson_options.txt | 3 +++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/meson.build b/meson.build
+index aff75a2..f2babbc 100644
+--- a/meson.build
b/meson.build
+@@ -215,7 +215,8 @@ config_h = configure_file(
+ output : 'config.h',
+ configuration : conf)
+
+-setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap', required
: false)
++stagingdirnative = get_option('stagingdirnative')
++setcap = find_program(stagingdirnative + '/usr/sbin/setcap', stagingdirnative
+ '/sbin/setcap', required : false)
+ if cap_dep.found() and setcap.found()
+ perm_type = 'caps'
+ setcap_path = setcap.path()
+diff --git a/meson_options.txt b/meson_options.txt
+index aade675..418e004 100644
+--- a/meson_options.txt
b/meson_options.txt
+@@ -66,3 +66,6 @@ option('systemdunitdir', type: 'string', value: '',
+
+ option('USE_GETTEXT', type: 'boolean', value: true,
+ description: 'Enable I18N')
++
++option('stagingdirnative', type: 'string', value: '',
++ description: 'Directory for native binaries')
+--
+2.25.1
+
diff --git a/meta/recipes-extended/iputils/iputils_s20200821.bb
b/meta/recipes-extended/iputils/iputils_s20200821.bb
index 8b63a23c61..feb97d5086 100644
--- a/meta/recipes-extended/iputils/iputils_s20200821.bb
+++ b/meta/recipes-extended/iputils/iputils_s20200821.bb
@@ -12,6 +12,7 @@ DEPENDS = "gnutls"
SRC_URI = "git://github.com/iputils/iputils \
file://0001-rarpd-rdisc-Drop-PrivateUsers.patch \
+ file://0001-Add-support-for-setcap-in-STAGING_DIR_NATIVE.patch \
"
SRCREV = "23c3782ae0c7f9c6ae59dbed8ad9204f8758542b"
@@ -26,7 +27,7 @@ CVE_CHECK_WHITELIST += "CVE-2000-1213 CVE-2000-1214"
PACKAGECONFIG ??= "libcap rarpd \
${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod
traceroute6', '', d)} \
${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
-PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap"
+PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap libcap-native"
PACKAGECONFIG[libidn] = "-DUSE_IDN=true, -DUSE_IDN=false, libidn2"
PACKAGECONFIG[gettext] = "-DUSE_GETTEXT=true, -DUSE_GETTEXT=false, gettext"
PACKAGECONFIG[ninfod] = "-DBUILD_NINFOD=true,-DBUILD_NINFOD=false,"
@@ -38,7 +39,7 @@ PACKAGECONFIG[docs] = "-DBUILD_HTML_MANS=true
-DBUILD_MANS=true,-DBUILD_HTML_MAN
inherit meson systemd update-alternatives
-EXTRA_OEMESON += "--prefix=${root_prefix}/"
+EXTRA_OEMESON += "--prefix=${root_prefix}/
-Dstagingdirnative=${STAGING_DIR_NATIVE}"
ALTERNATIVE_PRIORITY = "100"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#148326):
https://lists.openembedded.org/g/openembedded-core/message/148326
Mute This Topic: https://lists.openembedded.org/mt/80738250/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
