Accepting request 453192 from home:Zaitor
I think our users are better served with non-crashing tracker than sandboxing, even if thats a sec feature and needed for some of flatpak features, until upstream sorts this out, I recommend we disabled it OBS-URL: https://build.opensuse.org/request/show/453192 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/tracker?expand=0&rev=113
This commit is contained in:
Bjørn Lie
Git OBS Bridge
parent
84ab484742
commit
a44f725097
@ -1,3 +1,19 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Jan 28 17:24:08 UTC 2017 - zaitor@opensuse.org
|
||||
|
||||
- Disable pkgconfig(libseccomp) BuildRequires as this feature
|
||||
(sandboxing) is not ready for use (boo#1017652).
|
||||
- Conditionally apply translations-update-upstream BuildRequires
|
||||
and macro for non-openSUSE only.
|
||||
- Replace NetworkManager-devel with pkgconfig(libnm-glib)
|
||||
BuildRequires: Align with what configure looks for.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Jan 28 16:36:02 UTC 2017 - zaitor@opensuse.org
|
||||
|
||||
- Add tracker-fix-more-whitelists-sandbox.patch: Whitelist more
|
||||
syscalls (bgo#776117).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 20 08:35:20 UTC 2017 - zaitor@opensuse.org
|
||||
|
||||
|
||||
@ -54,7 +54,8 @@ Source0: http://download.gnome.org/sources/tracker/1.10/%{_name}-%{versio
|
||||
Source2: README.SUSE.rss
|
||||
# PATCH-FIX-UPSTREAM tracker-extract-private.patch bgo#725689 dimstar@opensuse.org -- Do not maintain LT versioning for private libs
|
||||
Patch0: tracker-extract-private.patch
|
||||
BuildRequires: NetworkManager-devel >= 0.8
|
||||
# PATCH-FIX-UPSTREAM tracker-fix-more-whitelists-sandbox.patch bgo#776117 zaitor@opensuse.org -- Whitelist more syscalls
|
||||
Patch1: tracker-fix-more-whitelists-sandbox.patch
|
||||
BuildRequires: enca-devel
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: gcc-c++
|
||||
@ -70,7 +71,9 @@ BuildRequires: gstreamer-plugins-base-devel >= 0.10.31
|
||||
BuildRequires: libicu-devel
|
||||
BuildRequires: libuuid-devel
|
||||
BuildRequires: sqlite3-devel >= 3.7.15
|
||||
%if !0%{?is_opensuse}
|
||||
BuildRequires: translation-update-upstream
|
||||
%endif
|
||||
BuildRequires: update-desktop-files
|
||||
BuildRequires: vala >= 0.12.0
|
||||
BuildRequires: zlib-devel
|
||||
@ -79,7 +82,9 @@ BuildRequires: pkgconfig(libavcodec) >= 0.8.4
|
||||
BuildRequires: pkgconfig(libavformat) >= 0.8.4
|
||||
BuildRequires: pkgconfig(libavutil) >= 0.8.4
|
||||
BuildRequires: pkgconfig(libmediaart-2.0) >= 0.1.0
|
||||
BuildRequires: pkgconfig(libseccomp) >= 2.0
|
||||
BuildRequires: pkgconfig(libnm-glib) >= 0.8
|
||||
# Disabled as this feature is clearly not ready for public consumption...
|
||||
#BuildRequires: pkgconfig(libseccomp) >= 2.0
|
||||
BuildRequires: pkgconfig(upower-glib)
|
||||
%if !%{build_extras}
|
||||
# Dependencies for extractors / writeback
|
||||
@ -473,11 +478,14 @@ This package contains an nautilus plugin to tag files with Tracker.
|
||||
%prep
|
||||
%setup -q -n %{_name}-%{version}
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%if !0%{?is_opensuse}
|
||||
translation-update-upstream
|
||||
%endif
|
||||
cp %{S:2} src/miners/rss/README.SUSE
|
||||
|
||||
%build
|
||||
#Needed for patch0 and patch2
|
||||
#Needed for patch0
|
||||
NOCONFIGURE=1 gnome-autogen.sh
|
||||
%configure \
|
||||
--disable-static \
|
||||
|
||||
27
tracker-fix-more-whitelists-sandbox.patch
Normal file
27
tracker-fix-more-whitelists-sandbox.patch
Normal file
@ -0,0 +1,27 @@
|
||||
From 163aea34323d932d6bad6e14ca7d5e19ff2c766a Mon Sep 17 00:00:00 2001
|
||||
From: Carlos Garnacho <carlosg@gnome.org>
|
||||
Date: Thu, 19 Jan 2017 13:07:40 +0100
|
||||
Subject: libtracker-common: Whitelist waitid/waitpid/wait4
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=776117
|
||||
---
|
||||
src/libtracker-common/tracker-seccomp.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/libtracker-common/tracker-seccomp.c b/src/libtracker-common/tracker-seccomp.c
|
||||
index c46dfa6..0c75895 100644
|
||||
--- a/src/libtracker-common/tracker-seccomp.c
|
||||
+++ b/src/libtracker-common/tracker-seccomp.c
|
||||
@@ -103,6 +103,9 @@ tracker_seccomp_init (void)
|
||||
ALLOW_RULE (sched_yield);
|
||||
ALLOW_RULE (sched_getaffinity);
|
||||
ALLOW_RULE (nanosleep);
|
||||
+ ALLOW_RULE (waitid);
|
||||
+ ALLOW_RULE (waitpid);
|
||||
+ ALLOW_RULE (wait4);
|
||||
/* Main loops */
|
||||
ALLOW_RULE (poll);
|
||||
ALLOW_RULE (ppoll);
|
||||
--
|
||||
cgit v0.12
|
||||
|
||||
@ -1,3 +1,19 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Jan 28 17:24:08 UTC 2017 - zaitor@opensuse.org
|
||||
|
||||
- Disable pkgconfig(libseccomp) BuildRequires as this feature
|
||||
(sandboxing) is not ready for use (boo#1017652).
|
||||
- Conditionally apply translations-update-upstream BuildRequires
|
||||
and macro for non-openSUSE only.
|
||||
- Replace NetworkManager-devel with pkgconfig(libnm-glib)
|
||||
BuildRequires: Align with what configure looks for.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Jan 28 16:36:02 UTC 2017 - zaitor@opensuse.org
|
||||
|
||||
- Add tracker-fix-more-whitelists-sandbox.patch: Whitelist more
|
||||
syscalls (bgo#776117).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 20 08:35:20 UTC 2017 - zaitor@opensuse.org
|
||||
|
||||
|
||||
14
tracker.spec
14
tracker.spec
@ -53,7 +53,8 @@ Source0: http://download.gnome.org/sources/tracker/1.10/%{_name}-%{versio
|
||||
Source2: README.SUSE.rss
|
||||
# PATCH-FIX-UPSTREAM tracker-extract-private.patch bgo#725689 dimstar@opensuse.org -- Do not maintain LT versioning for private libs
|
||||
Patch0: tracker-extract-private.patch
|
||||
BuildRequires: NetworkManager-devel >= 0.8
|
||||
# PATCH-FIX-UPSTREAM tracker-fix-more-whitelists-sandbox.patch bgo#776117 zaitor@opensuse.org -- Whitelist more syscalls
|
||||
Patch1: tracker-fix-more-whitelists-sandbox.patch
|
||||
BuildRequires: enca-devel
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: gcc-c++
|
||||
@ -69,7 +70,9 @@ BuildRequires: gstreamer-plugins-base-devel >= 0.10.31
|
||||
BuildRequires: libicu-devel
|
||||
BuildRequires: libuuid-devel
|
||||
BuildRequires: sqlite3-devel >= 3.7.15
|
||||
%if !0%{?is_opensuse}
|
||||
BuildRequires: translation-update-upstream
|
||||
%endif
|
||||
BuildRequires: update-desktop-files
|
||||
BuildRequires: vala >= 0.12.0
|
||||
BuildRequires: zlib-devel
|
||||
@ -78,7 +81,9 @@ BuildRequires: pkgconfig(libavcodec) >= 0.8.4
|
||||
BuildRequires: pkgconfig(libavformat) >= 0.8.4
|
||||
BuildRequires: pkgconfig(libavutil) >= 0.8.4
|
||||
BuildRequires: pkgconfig(libmediaart-2.0) >= 0.1.0
|
||||
BuildRequires: pkgconfig(libseccomp) >= 2.0
|
||||
BuildRequires: pkgconfig(libnm-glib) >= 0.8
|
||||
# Disabled as this feature is clearly not ready for public consumption...
|
||||
#BuildRequires: pkgconfig(libseccomp) >= 2.0
|
||||
BuildRequires: pkgconfig(upower-glib)
|
||||
%if !%{build_extras}
|
||||
# Dependencies for extractors / writeback
|
||||
@ -472,11 +477,14 @@ This package contains an nautilus plugin to tag files with Tracker.
|
||||
%prep
|
||||
%setup -q -n %{_name}-%{version}
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%if !0%{?is_opensuse}
|
||||
translation-update-upstream
|
||||
%endif
|
||||
cp %{S:2} src/miners/rss/README.SUSE
|
||||
|
||||
%build
|
||||
#Needed for patch0 and patch2
|
||||
#Needed for patch0
|
||||
NOCONFIGURE=1 gnome-autogen.sh
|
||||
%configure \
|
||||
--disable-static \
|
||||
|
||||
Loading…
Reference in New Issue
Block a user