meson: Allow to set using setcap-setuid.sh per app

by adding new variables SETCAP_OR_SUID_{ARPING,CLOCKDIFF,PING,TRACEROUTE6}. All but SETCAP_OR_SUID_ARPING are enabled by default (arping is disabled due ARP Poisoning). Old variable NO_SETCAP_OR_SUID is still kept as a global switch off. Therefore compatibility with previous settings is kept. Variables are used as a condition to run setcap-setuid.sh, thus removing none parameter (added by d45a8c8 iputils#175) which is not needed now. Fixes: iputils#204 Tested-by: Sami Kerola <[email protected]> Signed-off-by: Petr Vorel <[email protected]>
Mingli-Yu · Jul 16, 2019 · 054670a · 054670a
1 parent aed8db0
commit 054670a
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 33 deletions.
diff --git a/build-aux/setcap-setuid.sh b/build-aux/setcap-setuid.sh
@@ -14,10 +14,6 @@ _log() {
 }
 
 case "$perm_type" in
-	none)
-		# Gentoo needs build system to back off.
-		# https://github.com/iputils/iputils/issues/175
-		;;
 	caps)
 		params="cap_net_raw+p"
 		_log "calling: $setcap $params $exec_path"

diff --git a/meson.build b/meson.build
@@ -226,10 +226,7 @@ config_h = configure_file(
 	configuration : conf)
 
 setcap = find_program('setcap', '/usr/sbin/setcap', '/sbin/setcap', required : false)
-if get_option('NO_SETCAP_OR_SUID')
-	perm_type = 'none'
-	setcap_path = '/dev/null'
-elif cap_dep.found() and setcap.found()
+if cap_dep.found() and setcap.found()
 	perm_type = 'caps'
 	setcap_path = setcap.path()
 else
@@ -249,12 +246,14 @@ if build_ping == true
 		dependencies : [m_dep, cap_dep, idn_dep, intl_dep, crypto_dep, resolv_dep],
 		link_with : [libcommon],
 		install: true)
-	meson.add_install_script('build-aux/setcap-setuid.sh',
-		join_paths(get_option('prefix'), get_option('bindir')),
-		'ping',
-		perm_type,
-		setcap_path
-	)
+	if (get_option('SETCAP_OR_SUID_PING') and not get_option('NO_SETCAP_OR_SUID'))
+		meson.add_install_script('build-aux/setcap-setuid.sh',
+			join_paths(get_option('prefix'), get_option('bindir')),
+			'ping',
+			perm_type,
+			setcap_path
+		)
+	endif
 endif
 
 if build_tracepath == true
@@ -269,25 +268,29 @@ if build_traceroute6 == true
 		dependencies : [cap_dep, intl_dep, idn_dep],
 		link_with : [libcommon],
 		install: true)
-	meson.add_install_script('build-aux/setcap-setuid.sh',
-		join_paths(get_option('prefix'), get_option('bindir')),
-		'traceroute6',
-		perm_type,
-		setcap_path
-	)
+	if (get_option('SETCAP_OR_SUID_TRACEROUTE6') and not get_option('NO_SETCAP_OR_SUID'))
+		meson.add_install_script('build-aux/setcap-setuid.sh',
+			join_paths(get_option('prefix'), get_option('bindir')),
+			'traceroute6',
+			perm_type,
+			setcap_path
+		)
+	endif
 endif
 
 if build_clockdiff == true
 	executable('clockdiff', ['clockdiff.c', git_version_h],
 		dependencies : [cap_dep, intl_dep],
 		link_with : [libcommon],
 		install: true)
-	meson.add_install_script('build-aux/setcap-setuid.sh',
-		join_paths(get_option('prefix'), get_option('bindir')),
-		'clockdiff',
-		perm_type,
-		setcap_path
-	)
+	if (get_option('SETCAP_OR_SUID_CLOCKDIFF') and not get_option('NO_SETCAP_OR_SUID'))
+		meson.add_install_script('build-aux/setcap-setuid.sh',
+			join_paths(get_option('prefix'), get_option('bindir')),
+			'clockdiff',
+			perm_type,
+			setcap_path
+		)
+	endif
 endif
 
 if build_rinfod == true
@@ -312,12 +315,14 @@ if build_arping == true
 		dependencies : [rt_dep, cap_dep, idn_dep, intl_dep],
 		link_with : [libcommon],
 		install: true)
-	meson.add_install_script('build-aux/setcap-setuid.sh',
-		join_paths(get_option('prefix'), get_option('bindir')),
-		'arping',
-		perm_type,
-		setcap_path
-	)
+	if (get_option('SETCAP_OR_SUID_ARPING') and not get_option('NO_SETCAP_OR_SUID'))
+		meson.add_install_script('build-aux/setcap-setuid.sh',
+			join_paths(get_option('prefix'), get_option('bindir')),
+			'arping',
+			perm_type,
+			setcap_path
+		)
+	endif
 endif
 
 if build_tftpd == true

diff --git a/meson_options.txt b/meson_options.txt
@@ -48,7 +48,19 @@ option('BUILD_HTML_MANS', type : 'boolean', value : false,
 	description : 'Build html manuals')
 
 option('NO_SETCAP_OR_SUID', type : 'boolean', value : false,
-	description : 'Allow disabling build-aux/setcap-setuid.sh')
+       description : 'Disable setting setcap or setuid with build-aux/setcap-setuid.sh')
+
+option('SETCAP_OR_SUID_ARPING', type : 'boolean', value : false,
+	description : 'Set setcap or setuid on arping with build-aux/setcap-setuid.sh')
+
+option('SETCAP_OR_SUID_CLOCKDIFF', type : 'boolean', value : true,
+	description : 'Set setcap or setuid on clockdiff with build-aux/setcap-setuid.sh')
+
+option('SETCAP_OR_SUID_PING', type : 'boolean', value : true,
+	description : 'Set setcap or setuid on ping with build-aux/setcap-setuid.sh')
+
+option('SETCAP_OR_SUID_TRACEROUTE6', type : 'boolean', value : true,
+	description : 'Set setcap or setuid on traceroute6 with build-aux/setcap-setuid.sh')
 
 option('ARPING_DEFAULT_DEVICE', type : 'string', value : '',
 	description : 'Default device for arping')