From a8986d14f07db80ae7d615d712e165d4c22f6de4 Mon Sep 17 00:00:00 2001 From: oreo639 Date: Mon, 15 Apr 2024 01:01:21 -0700 Subject: [PATCH] tracker-miners: enable landlock Landlock is a method of unprivileged sandboxing to restrict, for example, fs access for certian processes. It requires linux5.13+ along with landlock being enabled in the kernel. The latter has been the case since 2020 661f17ea74e86eee3488327327b65bb24516dea8 however, those using older kernels will no longer be able to use tracker-miners. This will make the gnome-music and gnome-photos unusable on such kernels. --- .../patches/fix-musl-missing-include.patch | 10 +++++++ srcpkgs/tracker-miners/template | 29 +++++++++++++++---- 2 files changed, 34 insertions(+), 5 deletions(-) create mode 100644 srcpkgs/tracker-miners/patches/fix-musl-missing-include.patch diff --git a/srcpkgs/tracker-miners/patches/fix-musl-missing-include.patch b/srcpkgs/tracker-miners/patches/fix-musl-missing-include.patch new file mode 100644 index 00000000000000..9446e10a609f55 --- /dev/null +++ b/srcpkgs/tracker-miners/patches/fix-musl-missing-include.patch @@ -0,0 +1,10 @@ +--- a/src/libtracker-miners-common/tracker-landlock.c ++++ b/src/libtracker-miners-common/tracker-landlock.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + #include "tracker-debug.h" + diff --git a/srcpkgs/tracker-miners/template b/srcpkgs/tracker-miners/template index 32c9c116114dc2..92b3863efd342c 100644 --- a/srcpkgs/tracker-miners/template +++ b/srcpkgs/tracker-miners/template @@ -1,19 +1,18 @@ # Template file for 'tracker-miners' pkgname=tracker-miners version=3.7.1 -revision=1 +revision=2 build_style=meson build_helper=qemu # missing libgrss for miner_rss -configure_args="-Dtracker_core=system -Dextract=true - -Dfunctional_tests=false -Dcue=enabled -Dexif=enabled +configure_args="-Dtracker_core=system -Dextract=true -Dcue=enabled -Dexif=enabled -Dgif=enabled -Dgsf=enabled -Diptc=enabled -Diso=enabled -Djpeg=enabled -Dpdf=enabled -Dplaylist=enabled -Dpng=enabled -Draw=enabled -Dtiff=enabled -Dxml=enabled -Dxmp=enabled -Dxps=enabled -Dminer_rss=false -Dbattery_detection=upower -Dcharset_detection=icu -Dgeneric_media_extractor=gstreamer -Dgstreamer_backend=discoverer -Dsystemd_user_services=false -Dnetwork_manager=enabled - -Dlandlock=disabled" + $(vopt_feature landlock)" hostmakedepends="pkg-config glib-devel intltool asciidoc" makedepends="tracker-devel ffmpeg-devel dbus-devel exempi-devel libglib-devel libgexiv2-devel gstreamer1-devel icu-devel libcue-devel @@ -22,6 +21,7 @@ makedepends="tracker-devel ffmpeg-devel dbus-devel exempi-devel poppler-glib-devel totem-pl-parser-devel upower-devel zlib-devel gst-plugins-base1-devel giflib-devel NetworkManager-devel libharfbuzz" +checkdepends="python3-gobject tracker dbus gst-plugins-good1 gst-plugins-bad1" short_desc="Data miners for tracker" maintainer="Orphaned " license="GPL-2.0-or-later" @@ -29,7 +29,26 @@ homepage="https://tracker.gnome.org/" changelog="https://gitlab.gnome.org/GNOME/tracker-miners/-/raw/master/NEWS" distfiles="${GNOME_SITE}/tracker-miners/${version%.*}/tracker-miners-${version}.tar.xz" checksum=50a3abe40cfb0b35ced43ec716dbf1368992e444ef7a0babf202c7ac6ab2f6f4 -make_check=no # relies on unsupported ops in chroot +make_check_pre="dbus-run-session" +make_check=ci-skip # TODO: d-bus tests timeout ci + +build_options="landlock" +desc_option_landlock="Enable enhanced sandboxing (requires linux5.13+ kernel support)" +build_options_default="landlock" + +if [ "$XBPS_TARGET_LIBC" = "musl" ]; then + CFLAGS+=" -DSYS_landlock_create_ruleset=444 -DSYS_landlock_add_rule=445 -DSYS_landlock_restrict_self=446" +fi + +pre_check() { + # Tests must run inside of home directory for changes to be tracked + oldhome="$HOME" + HOME="${wrksrc}" +} + +post_check() { + HOME="$oldhome" +} tracker3-miners_package() { depends="${sourcepkg}>=${version}_${revision}"