aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRasmus Thomsen <oss@cogitri.dev>2019-12-11 21:50:23 +0100
committerRasmus Thomsen <oss@cogitri.dev>2019-12-11 21:55:00 +0100
commit7b1355454aae81280a182b4cc48cafe06a2358e3 (patch)
treeb6f1a90cc45d7744bb450422be5b5e5194551cfd
parentdd391e1104c64f181afbe20438e56216cf6d4b8f (diff)
community/tracker-miners: fix seccomp rules
-rw-r--r--community/tracker-miners/APKBUILD10
-rw-r--r--community/tracker-miners/fix-seccomp.patch29
2 files changed, 35 insertions, 4 deletions
diff --git a/community/tracker-miners/APKBUILD b/community/tracker-miners/APKBUILD
index 3c1558fde71..52e1c9d68c0 100644
--- a/community/tracker-miners/APKBUILD
+++ b/community/tracker-miners/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
pkgname=tracker-miners
pkgver=2.3.1
-pkgrel=0
+pkgrel=1
pkgdesc="Data miners for tracker"
url="https://developer.gnome.org/libtracker-miner/stable"
arch="all !s390x" # networkmanager not avail due to iwd
@@ -16,8 +16,9 @@ makedepends="meson glib-dev intltool tracker-dev ffmpeg-dev dbus-dev exempi-dev
giflib-dev"
checkdepends="bash coreutils python3 py3-gobject3"
options="!check" # Requires itself to be installed on the system
-subpackages="$pkgname-doc $pkgname-lang"
-source="https://download.gnome.org/sources/tracker-miners/${pkgver%.*}/tracker-miners-$pkgver.tar.xz"
+subpackages="$pkgname-doc $pkgname-lang $pkgname-dbg"
+source="https://download.gnome.org/sources/tracker-miners/${pkgver%.*}/tracker-miners-$pkgver.tar.xz
+ fix-seccomp.patch"
build() {
meson \
@@ -41,4 +42,5 @@ package() {
DESTDIR="$pkgdir" ninja -C output install
}
-sha512sums="ab5e42a759dda5f589efa258cfca7ba49703ca6fed4141c68f341d56ba887371c51fd8b9f22cf1b49425b10d26a9fe946fdcaa5b54e8771ff4a52abddf0c4b7b tracker-miners-2.3.1.tar.xz"
+sha512sums="ab5e42a759dda5f589efa258cfca7ba49703ca6fed4141c68f341d56ba887371c51fd8b9f22cf1b49425b10d26a9fe946fdcaa5b54e8771ff4a52abddf0c4b7b tracker-miners-2.3.1.tar.xz
+268ae16aaa5685a0a80f0bc918b3ab052adcb38c055fe151603e8dd26ca72d61a67787d954d54c1efa76f5eb71827ad46c9e0c4ce0b405cdd3f2e1f2b5e11e05 fix-seccomp.patch"
diff --git a/community/tracker-miners/fix-seccomp.patch b/community/tracker-miners/fix-seccomp.patch
new file mode 100644
index 00000000000..2243640f2f0
--- /dev/null
+++ b/community/tracker-miners/fix-seccomp.patch
@@ -0,0 +1,29 @@
+https://gitlab.gnome.org/GNOME/tracker-miners/merge_requests/128
+
+diff --git a/src/libtracker-miners-common/tracker-seccomp.c b/src/libtracker-miners-common/tracker-seccomp.c
+index c5e8871..cea9927 100644
+--- a/src/libtracker-miners-common/tracker-seccomp.c
++++ b/src/libtracker-miners-common/tracker-seccomp.c
+@@ -138,7 +138,6 @@ tracker_seccomp_init (void)
+ /* Descriptors */
+ ALLOW_RULE (close);
+ ALLOW_RULE (read);
+- ALLOW_RULE (pread64);
+ ALLOW_RULE (lseek);
+ ALLOW_RULE (_llseek);
+ ALLOW_RULE (fadvise64);
+@@ -209,6 +208,14 @@ tracker_seccomp_init (void)
+ SCMP_CMP(2, SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)) < 0)
+ goto out;
+
++ /* Syscalls may differ between libcs */
++#if !defined(__GLIBC__)
++ ALLOW_RULE (rt_sigreturn);
++ ALLOW_RULE (readv);
++#else
++ ALLOW_RULE (pread64);
++#endif
++
+ g_debug ("Loading seccomp rules.");
+
+ if (seccomp_load (ctx) >= 0) {