iputils: Fix cap_net_raw for installed binaries

Add libcap-native to libcap PACKAGECONFIG  making native setcap available
during the build. This assures its availability during install and prevents
meson from searching absolute paths and the resulting possible host
contamination.

Move -DNO_SETCAP_OR_SUID=true to the libcap PACKAGECONFIG negative case
This will prevent possible non-determinism for the setuid case.

(From OE-Core rev: 6b31f6b9a6a12a12d1d10b8634012e50ef778ec4)

Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Jate Sujjavanich
2021-02-27 00:40:10 +00:00
committed by Richard Purdie
parent 3f7a2ca81b
commit e3ef99a911

View File

@@ -26,7 +26,7 @@ CVE_CHECK_WHITELIST += "CVE-2000-1213 CVE-2000-1214"
PACKAGECONFIG ??= "libcap rarpd \
${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ninfod traceroute6', '', d)} \
${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap"
PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false -DNO_SETCAP_OR_SUID=true, libcap libcap-native"
PACKAGECONFIG[libidn] = "-DUSE_IDN=true, -DUSE_IDN=false, libidn2"
PACKAGECONFIG[gettext] = "-DUSE_GETTEXT=true, -DUSE_GETTEXT=false, gettext"
PACKAGECONFIG[ninfod] = "-DBUILD_NINFOD=true,-DBUILD_NINFOD=false,"
@@ -38,8 +38,7 @@ PACKAGECONFIG[docs] = "-DBUILD_HTML_MANS=true -DBUILD_MANS=true,-DBUILD_HTML_MAN
inherit meson systemd update-alternatives
# Have to disable setcap/suid as its not deterministic
EXTRA_OEMESON += "--prefix=${root_prefix}/ -DNO_SETCAP_OR_SUID=true"
EXTRA_OEMESON += "--prefix=${root_prefix}/"
ALTERNATIVE_PRIORITY = "100"