Jose,

Yes, I forgot to add a sentence saying that my testing confirmed what you
said. Your explanation was helpful in learning about this meson build.

- Jate

On Wed, Mar 3, 2021 at 8:41 AM Jose Quaresma [off-list ref]
wrote:

Hi Jate,

Is that behavior that you explain that I am trying to said.

Jate Sujjavanich [off-list ref] escreveu no dia quarta, 24/02/2021
à(s) 17:19:

quoted

I tested removing the cross-compile detection patch and removing libcap
from PACKAGECONFIG. The build does find setcap on the build machine.

log.do_configure:
CONFIGURATION
Capatiblity (with libcap): false
...
Program /usr/sbin/setcap found: YES (/usr/sbin/setcap)

However, meson did pass perm_type = setuid to setcap-setuid.sh.

log.do_install
[1/2]
/workdir/poky/build/tmp/work/core2-64-poky-linux/iputils/s20200821-r0/reci
pe-sysroot-native/usr/bin/meson install --no-rebuild
setcap-setuid.sh: changing
'/workdir/poky/build/tmp/work/core2-64-poky-linux/ipu
tils/s20200821-r0/image//bin/ping' to be setuid root executable
ownership of
'/workdir/poky/build/tmp/work/core2-64-poky-linux/iputils/s20200821-r0/image//bin/ping'
retained as root

The conditional code in meson.build does fall back to setuid mode based
on the presence of libcap stored in cap_dep.found(). So I think you are
right, Jose.
if cap_dep.found() and setcap.found()
        perm_type = 'caps'
        setcap_path = setcap.path()
else
        perm_type = 'setuid'
        setcap_path = '/dev/null'
endif

And setcap-setuid.sh uses a simple chown and chmod. I *think* these are
universal in posix and that we don't have to worry about host contamination.
        setuid)
                _log "changing '$exec_path' to be setuid root executable"
                chown -v root "$exec_path"
                chmod -v u+s "$exec_path"

- Jate


On Mon, Feb 22, 2021 at 3:26 PM Richard Purdie <
richard.purdie@linuxfoundation.org> wrote:

quoted

On Mon, 2021-02-22 at 17:39 +0000, Jose Quaresma wrote:

quoted

Hi,

Jate Sujjavanich [off-list ref] escreveu no dia segunda,

22/02/2021 à(s) 15:58:

quoted

quoted

If libcap is disabled in PACKAGECONFIG, then arguments two and three

mean

quoted

quoted

find_program find could setcap on the build machine. This would mean

it is

quoted

quoted

 not strictly determined by the recipe and it's determined by the
configuration of the build machine instead.

In this case the meson will not use the setcap from the build machine

because

quoted

the libcap not found on the target sysroot. The libcap is a

dependencie when

quoted

PACKAGECONFIG+="libcap" and in this case the meson it will fallback to

use

quoted

setuid.

https://github.com/iputils/iputils/blob/f0c64bbb2b1563647bfeeed8d82bc4d2d2312d8a/meson.build#L221

Whilst it may not use libcap, I seem to remember issues with the output
still not being deterministic since there was something in the out which
indicated the presence of setcap (or not).

Cheers,

Richard

--
Best regards,

José Quaresma