[tracker-miners/wip/carlosg/better-extractor-errors] build: Add -Dseccomp setting, default on

[Carlos Garnacho <carlosg src gnome org>]

commit 7949bd52a58160ae9591d7e42192b41a328e142c
Author: Carlos Garnacho <carlosg gnome org>
Date:   Sat Nov 14 11:45:39 2020 +0100

    build: Add -Dseccomp setting, default on
    
    We need to keep seccomp disabled to content coverage reports, but
    we don't want it to be easy to have it disabled. Make it a build
    time option that we use in our CI, with a big warning about it
    being malign.
    
    Users: don't use -Dseccomp=false builds, even if it seems like it
    fixes something.
    Distributors: don't let other people use -Dseccomp=false builds.

 .gitlab-ci.yml    |  2 +-
 meson.build       | 10 +++++++---
 meson_options.txt |  2 ++
 3 files changed, 10 insertions(+), 4 deletions(-)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index cf067a7da..1dd69e73f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -71,7 +71,7 @@ coverage-analysis:
     - dnf install -y gcovr
     - su tracker -c '.gitlab-ci/checkout-tracker.sh'
     - su tracker -c 'mkdir -p coverage-build/coveragereport'
-    - su tracker -c 'cd coverage-build; meson .. --prefix=/usr -Dtracker_core=subproject -Db_lto=true 
-Db_coverage=true'
+    - su tracker -c 'cd coverage-build; meson .. --prefix=/usr -Dtracker_core=subproject -Db_lto=true 
-Db_coverage=true -Dseccomp=false'
     - su tracker -c 'cd coverage-build; ninja'
     - su tracker -c 'cd coverage-build; env LANG=C.UTF-8 LC_ALL=C.UTF-8 dbus-run-session eatmydata meson 
test --print-errorlogs ${MESON_TEST_EXTRA_ARGS}'
     - su tracker -c 'cd coverage-build; gcovr --html-details --print-summary --root=.. --exclude=subprojects 
--exclude=../subprojects --exclude=../tests --output coveragereport/index.html'
diff --git a/meson.build b/meson.build
index 1e0e72412..f8e12d51d 100644
--- a/meson.build
+++ b/meson.build
@@ -287,10 +287,10 @@ unsupported_cpus = [
 
 system_supports_seccomp = host_system == 'linux'
 cpu_supports_seccomp = not unsupported_cpus.contains(host_cpu)
-seccomp_required = system_supports_seccomp and cpu_supports_seccomp
+seccomp_required = system_supports_seccomp and cpu_supports_seccomp and get_option('seccomp') and 
get_option('extract')
 
 if not libseccomp.found() and seccomp_required
-  error('Libseccomp is mandatory for sandboxed metadata extraction')
+  error('Libseccomp is necessary for sandboxed metadata extraction')
 endif
 
 ####################################################################
@@ -343,7 +343,7 @@ conf.set('HAVE_LIBCUE2', libcue.found() and libcue.version().version_compare('>=
 conf.set('HAVE_LIBICU_CHARSET_DETECTION', charset_library_name == 'icu')
 conf.set('HAVE_LIBEXIF', libexif.found())
 conf.set('HAVE_LIBIPTCDATA', libiptcdata.found())
-conf.set('HAVE_LIBSECCOMP', libseccomp.found())
+conf.set('HAVE_LIBSECCOMP', seccomp_required and libseccomp.found())
 conf.set('HAVE_MALLOC_TRIM', have_malloc_trim)
 conf.set('HAVE_UPOWER', battery_detection_library_name == 'upower')
 conf.set('HAVE_NETWORK_MANAGER', have_network_manager)
@@ -521,3 +521,7 @@ if have_tracker_writeback
 endif
 
 message('\n'.join(summary))
+
+if not get_option('seccomp')
+  warning('Sandboxing is disabled. Run at your own risk. Distribution is discouraged.')
+endif
diff --git a/meson_options.txt b/meson_options.txt
index 48c57aadb..e117c0d5e 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -15,6 +15,8 @@ option('miner_rss', type: 'boolean', value: true,
        description: 'Enable the Tracker RSS miner')
 option('writeback', type: 'boolean', value: true,
        description: 'Enable Tracker writeback feature')
+option('seccomp', type: 'boolean', value: true,
+       description: 'Enable seccomp support in Tracker metadata extractor')
 option('domain_prefix', type: 'string', value: 'org.freedesktop',
        description: 'Domain prefix to use, useful for sandboxing')
 option('miner_fs_cache_location', type: 'string', value: '',