diff options
| author |   Jate Sujjavanich <jatedev@gmail.com> | 2021-02-27 00:40:10 +0000 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-03-02 14:15:27 +0000 |
| commit | 6b31f6b9a6a12a12d1d10b8634012e50ef778ec4 (patch) | |
| tree | 0ff9c3a84f14378c5f0656a6b7fdef0523d0d189 | |
| parent | 91264e14a088013b138e82520744f79fa7c8d585 (diff) | |
| download | openembedded-core-contrib-6b31f6b9a6a12a12d1d10b8634012e50ef778ec4.tar.gz | |
iputils: Fix cap_net_raw for installed binaries
Add libcap-native to libcap PACKAGECONFIG making native setcap available
during the build. This assures its availability during install and prevents
meson from searching absolute paths and the resulting possible host
contamination.
Move -DNO_SETCAP_OR_SUID=true to the libcap PACKAGECONFIG negative case
This will prevent possible non-determinism for the setuid case.
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-extended/iputils/iputils_s20200821.bb | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/meta/recipes-extended/iputils/iputils_s20200821.bb b/meta/recipes-extended/iputils/iputils_s20200821.bb index 28dd194a12..e43abf2629 100644 --- a/meta/recipes-extended/iputils/iputils_s20200821.bb +++ b/meta/recipes-extended/iputils/iputils_s20200821.bb @@ -26,7 +26,7 @@ CVE_CHECK_WHITELIST += "CVE-2000-1213 CVE-2000-1214" PACKAGECONFIG ??= "libcap rarpd \ ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod traceroute6', '', d)} \ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}" -PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap" +PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false -DNO_SETCAP_OR_SUID=true, libcap libcap-native" PACKAGECONFIG[libidn] = "-DUSE_IDN=true, -DUSE_IDN=false, libidn2" PACKAGECONFIG[gettext] = "-DUSE_GETTEXT=true, -DUSE_GETTEXT=false, gettext" PACKAGECONFIG[ninfod] = "-DBUILD_NINFOD=true,-DBUILD_NINFOD=false," @@ -38,8 +38,7 @@ PACKAGECONFIG[docs] = "-DBUILD_HTML_MANS=true -DBUILD_MANS=true,-DBUILD_HTML_MAN inherit meson systemd update-alternatives -# Have to disable setcap/suid as its not deterministic -EXTRA_OEMESON += "--prefix=${root_prefix}/ -DNO_SETCAP_OR_SUID=true" +EXTRA_OEMESON += "--prefix=${root_prefix}/" ALTERNATIVE_PRIORITY = "100" |