rpms/tracker-miners
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Bypass kernel landlock check during build

Browse Source 
As landlock is a relatively new feature, the kernel runtime check fails
when run on a builder with an older kernel, e.g. in CS/RHEL.

https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/300
https://gitlab.gnome.org/GNOME/tracker-miners/-/merge_requests/508
This commit is contained in:
Yaakov Selkowitz 2024-02-11 19:45:09 -05:00
parent 32422c2923
commit 1867702488
2 changed files with 88 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
508.patch Normal file
View File

@ -0,0 +1,82 @@
From 2d83d23b56897a047b598a402f505cbad751c261 Mon Sep 17 00:00:00 2001
From: Yaakov Selkowitz <yselkowi@redhat.com>
Date: Sun, 11 Feb 2024 19:37:59 -0500
Subject: [PATCH] build: handle landlock feature as a tristate option
The kernel runtime test does not always work as intended for
distribution builds. Instead, if the landlock feature is explicitly
enabled, then just check that the header is present (meaning the code
will compile). Only if the feature is auto, then check the kernel.
Closes: https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/300
---
meson.build | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
diff --git a/meson.build b/meson.build
index 0e0b51e02..3c9099291 100644
--- a/meson.build
+++ b/meson.build
@@ -187,7 +187,11 @@ endif
have_landlock = cc.has_header('linux/landlock.h', required: get_option('landlock'))
-if have_landlock and not get_option('landlock').disabled()
+# If landlock feature is explicitly enabled and header is present, do not perform
+# a runtime test, as this might be e.g. a distribution build in an isolated build
+# environment and/or on an older kernel. If feature is auto, then run-check the
+# kernel as well. https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/300
+if have_landlock and get_option('landlock').auto()
landlock_check = cc.run('''
#include <fcntl.h>
#include <linux/landlock.h>
@@ -202,10 +206,8 @@ if have_landlock and not get_option('landlock').disabled()
''',
name: 'landlock is enabled in kernel')
- landlock_enabled = (landlock_check.compiled() and landlock_check.returncode() == 0)
-
- if get_option('landlock').enabled() and not landlock_enabled
- error('Landlock was enabled in build options, but is disabled in the kernel')
+ if not (landlock_check.compiled() and landlock_check.returncode() == 0)
+ error('Landlock was auto-enabled in build options, but is disabled in the kernel')
endif
endif
@@ -395,7 +397,7 @@ conf.set('HAVE_POSIX_FADVISE', cc.has_function('posix_fadvise', prefix : '#inclu
conf.set('HAVE_STATVFS64', cc.has_header_symbol('sys/statvfs.h', 'statvfs64', args: '-D_LARGEFILE64_SOURCE'))
conf.set('HAVE_STRNLEN', cc.has_function('strnlen', prefix : '#include <string.h>'))
conf.set('HAVE_MEMFD_CREATE', cc.has_function('memfd_create', prefix : '#define _GNU_SOURCE\n#include <sys/mman.h>'))
-conf.set('HAVE_LANDLOCK', have_landlock and landlock_enabled)
+conf.set('HAVE_LANDLOCK', have_landlock)
conf.set_quoted('LOCALEDIR', get_option('prefix') / get_option('localedir'))
conf.set_quoted('SHAREDIR', get_option('prefix') / get_option('datadir'))
@@ -507,7 +509,7 @@ summary = [
' Domain prefix: ' + get_option('domain_prefix'),
'\nFeature Support:',
' File monitoring: @0@glib'.format(have_fanotify ? 'fanotify ' : ''),
- ' Landlock: ' + (have_landlock and landlock_enabled).to_string(),
+ ' Landlock: ' + have_landlock.to_string(),
' BTRFS subvolumes: ' + have_btrfs_ioctl.to_string(),
' Battery/mains power detection: ' + battery_detection_library_name,
' Support for network status detection: ' + have_network_manager.to_string(),
@@ -567,14 +569,10 @@ if not get_option('seccomp')
warning('Seccomp sandboxing is disabled.')
unsafe = true
endif
-if get_option('landlock').disabled()
+if get_option('landlock').disabled() or not have_landlock
warning('Landlock sandboxing is disabled.')
unsafe = true
endif
-if have_landlock and not landlock_enabled
- warning('Landlock sandboxing is disabled by kernel configuration.')
- unsafe = true
-endif
if unsafe
warning('Run at your own risk. Distribution is discouraged.')
--
GitLab

7
tracker-miners.spec
View File

@ -33,7 +33,7 @@
Name: tracker-miners Name: tracker-miners
Version: 3.7~alpha Version: 3.7~alpha
Release: 3%{?dist} Release: 4%{?dist}
Summary: Tracker miners and metadata extractors Summary: Tracker miners and metadata extractors
# libtracker-extract and libtracker-miner libraries are LGPLv2+; the miners are a mix of GPLv2+ and LGPLv2+ code # libtracker-extract and libtracker-miner libraries are LGPLv2+; the miners are a mix of GPLv2+ and LGPLv2+ code
@ -41,6 +41,8 @@ License: GPL-2.0-or-later AND LGPL-2.1-or-later
URL: https://gnome.pages.gitlab.gnome.org/tracker/ URL: https://gnome.pages.gitlab.gnome.org/tracker/
Source0: https://download.gnome.org/sources/%{name}/3.7/%{name}-%{tarball_version}.tar.xz Source0: https://download.gnome.org/sources/%{name}/3.7/%{name}-%{tarball_version}.tar.xz
Source1: flatpak-fixup.sh Source1: flatpak-fixup.sh
# bypass kernel landlock check for distribution builds
Patch0: https://gitlab.gnome.org/GNOME/tracker-miners/-/merge_requests/508.patch
BuildRequires: asciidoc BuildRequires: asciidoc
BuildRequires: gcc BuildRequires: gcc
@ -175,6 +177,9 @@ install -D -m 0755 %{SOURCE1} %{buildroot}%{_bindir}/%{name}-flatpak-fixup.sh
%changelog %changelog
* Mon Feb 12 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 3.7~alpha-4
- Bypass kernel landlock check during build
* Wed Jan 31 2024 Pete Walter <pwalter@fedoraproject.org> - 3.7~alpha-3 * Wed Jan 31 2024 Pete Walter <pwalter@fedoraproject.org> - 3.7~alpha-3
- Rebuild for ICU 74 - Rebuild for ICU 74