tracker-miners/508.patch

From 2d83d23b56897a047b598a402f505cbad751c261 Mon Sep 17 00:00:00 2001
From: Yaakov Selkowitz <yselkowi@redhat.com>
Date: Sun, 11 Feb 2024 19:37:59 -0500
Subject: [PATCH] build: handle landlock feature as a tristate option

The kernel runtime test does not always work as intended for
distribution builds.  Instead, if the landlock feature is explicitly
enabled, then just check that the header is present (meaning the code
will compile).  Only if the feature is auto, then check the kernel.

Closes: https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/300
---
 meson.build | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/meson.build b/meson.build
index 0e0b51e02..3c9099291 100644
--- a/meson.build
+++ b/meson.build
@@ -187,7 +187,11 @@ endif
 
 have_landlock = cc.has_header('linux/landlock.h', required: get_option('landlock'))
 
-if have_landlock and not get_option('landlock').disabled()
+# If landlock feature is explicitly enabled and header is present, do not perform
+# a runtime test, as this might be e.g. a distribution build in an isolated build
+# environment and/or on an older kernel.  If feature is auto, then run-check the
+# kernel as well.  https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/300
+if have_landlock and get_option('landlock').auto()
   landlock_check = cc.run('''
       #include <fcntl.h>
       #include <linux/landlock.h>
@@ -202,10 +206,8 @@ if have_landlock and not get_option('landlock').disabled()
   ''',
   name: 'landlock is enabled in kernel')
 
-  landlock_enabled = (landlock_check.compiled() and landlock_check.returncode() == 0)
-
-  if get_option('landlock').enabled() and not landlock_enabled
-    error('Landlock was enabled in build options, but is disabled in the kernel')
+  if not (landlock_check.compiled() and landlock_check.returncode() == 0)
+    error('Landlock was auto-enabled in build options, but is disabled in the kernel')
   endif
 endif
 
@@ -395,7 +397,7 @@ conf.set('HAVE_POSIX_FADVISE', cc.has_function('posix_fadvise', prefix : '#inclu
 conf.set('HAVE_STATVFS64', cc.has_header_symbol('sys/statvfs.h', 'statvfs64', args: '-D_LARGEFILE64_SOURCE'))
 conf.set('HAVE_STRNLEN', cc.has_function('strnlen', prefix : '#include <string.h>'))
 conf.set('HAVE_MEMFD_CREATE', cc.has_function('memfd_create', prefix : '#define _GNU_SOURCE\n#include <sys/mman.h>'))
-conf.set('HAVE_LANDLOCK', have_landlock and landlock_enabled)
+conf.set('HAVE_LANDLOCK', have_landlock)
 
 conf.set_quoted('LOCALEDIR', get_option('prefix') / get_option('localedir'))
 conf.set_quoted('SHAREDIR', get_option('prefix') / get_option('datadir'))
@@ -507,7 +509,7 @@ summary = [
   '    Domain prefix:                          ' + get_option('domain_prefix'),
   '\nFeature Support:',
   '    File monitoring:                        @0@glib'.format(have_fanotify ? 'fanotify ' : ''),
-  '    Landlock:                               ' + (have_landlock and landlock_enabled).to_string(),
+  '    Landlock:                               ' + have_landlock.to_string(),
   '    BTRFS subvolumes:                       ' + have_btrfs_ioctl.to_string(),
   '    Battery/mains power detection:          ' + battery_detection_library_name,
   '    Support for network status detection:   ' + have_network_manager.to_string(),
@@ -567,14 +569,10 @@ if not get_option('seccomp')
   warning('Seccomp sandboxing is disabled.')
   unsafe = true
 endif
-if get_option('landlock').disabled()
+if get_option('landlock').disabled() or not have_landlock
   warning('Landlock sandboxing is disabled.')
   unsafe = true
 endif
-if have_landlock and not landlock_enabled
-  warning('Landlock sandboxing is disabled by kernel configuration.')
-  unsafe = true
-endif
 
 if unsafe
   warning('Run at your own risk. Distribution is discouraged.')
-- 
GitLab