From 0169e9000856bd2f9a15dcbb4caff5d95840c29a Mon Sep 17 00:00:00 2001 From: oreo639 Date: Mon, 15 Apr 2024 01:01:21 -0700 Subject: [PATCH] tracker-miners: enable landlock Landlock is a method of unprivileged sandboxing to restrict, for example, fs access for certian processes. It requires linux5.13+ along with landlock being enabled in the kernel. The latter has been the case since 2020 661f17ea74e86eee3488327327b65bb24516dea8 however, those using older kernels will no longer be able to use tracker-miners. This will make the gnome-music and gnome-photos unusable on such kernels. --- srcpkgs/tracker-miners/template | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/srcpkgs/tracker-miners/template b/srcpkgs/tracker-miners/template index 32c9c116114dc2..27191fe0841581 100644 --- a/srcpkgs/tracker-miners/template +++ b/srcpkgs/tracker-miners/template @@ -1,19 +1,18 @@ # Template file for 'tracker-miners' pkgname=tracker-miners version=3.7.1 -revision=1 +revision=2 build_style=meson build_helper=qemu # missing libgrss for miner_rss -configure_args="-Dtracker_core=system -Dextract=true - -Dfunctional_tests=false -Dcue=enabled -Dexif=enabled +configure_args="-Dtracker_core=system -Dextract=true -Dcue=enabled -Dexif=enabled -Dgif=enabled -Dgsf=enabled -Diptc=enabled -Diso=enabled -Djpeg=enabled -Dpdf=enabled -Dplaylist=enabled -Dpng=enabled -Draw=enabled -Dtiff=enabled -Dxml=enabled -Dxmp=enabled -Dxps=enabled -Dminer_rss=false -Dbattery_detection=upower -Dcharset_detection=icu -Dgeneric_media_extractor=gstreamer -Dgstreamer_backend=discoverer -Dsystemd_user_services=false -Dnetwork_manager=enabled - -Dlandlock=disabled" + $(vopt_feature landlock)" hostmakedepends="pkg-config glib-devel intltool asciidoc" makedepends="tracker-devel ffmpeg-devel dbus-devel exempi-devel libglib-devel libgexiv2-devel gstreamer1-devel icu-devel libcue-devel @@ -22,6 +21,7 @@ makedepends="tracker-devel ffmpeg-devel dbus-devel exempi-devel poppler-glib-devel totem-pl-parser-devel upower-devel zlib-devel gst-plugins-base1-devel giflib-devel NetworkManager-devel libharfbuzz" +checkdepends="python3-gobject tracker dbus gst-plugins-good1 gst-plugins-bad1" short_desc="Data miners for tracker" maintainer="Orphaned " license="GPL-2.0-or-later" @@ -29,7 +29,25 @@ homepage="https://tracker.gnome.org/" changelog="https://gitlab.gnome.org/GNOME/tracker-miners/-/raw/master/NEWS" distfiles="${GNOME_SITE}/tracker-miners/${version%.*}/tracker-miners-${version}.tar.xz" checksum=50a3abe40cfb0b35ced43ec716dbf1368992e444ef7a0babf202c7ac6ab2f6f4 -make_check=no # relies on unsupported ops in chroot +make_check_pre="dbus-run-session" +make_check=ci-skip # TODO: d-bus tests timeout ci + +build_options="landlock" +desc_option_landlock="Enable enhanced sandboxing (requires linux5.13+ kernel support)" +build_options_default="landlock" + +if [ "$XBPS_TARGET_LIBC" = "musl" ]; then + CFLAGS+=" -DSYS_landlock_create_ruleset=444 -DSYS_landlock_add_rule=445 -DSYS_landlock_restrict_self=446" +fi + +pre_check() { + oldhome="$HOME" + HOME="${wrksrc}" +} + +post_check() { + HOME="$oldhome" +} tracker3-miners_package() { depends="${sourcepkg}>=${version}_${revision}"