From cb6b19fdbf3e8822916a2925906e9caaff43bc8c Mon Sep 17 00:00:00 2001
From: Carl Hetherington <cth@carlh.net>
Date: Sat, 13 Nov 2021 19:43:19 +0100
Subject: [PATCH] Remove setuid root and use setcap instead in RPM packages.

---
 cscript | 1 +
 wscript | 4 ----
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/cscript b/cscript
index 1e3bb9c38..49a07fdb6 100644
--- a/cscript
+++ b/cscript
@@ -408,6 +408,7 @@ def make_spec(filename, version, target, options, requires=None):
     print('', file=f)
     print('%post', file=f)
     print('/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :', file=f)
+    print('setcap "cap_dac_override+ep cap_sys_admin+ep" /usr/bin/dcpomatic2_disk_writer', file=f)
     print('', file=f)
     print('%postun', file=f)
     print('if [ $1 -eq 0 ] ; then', file=f)
diff --git a/wscript b/wscript
index cfc47d6cc..5c729bd43 100644
--- a/wscript
+++ b/wscript
@@ -664,10 +664,6 @@ def create_version_cc(version, cxx_flags):
 def post(ctx):
     if ctx.cmd == 'install' and ctx.env.TARGET_LINUX:
         ctx.exec_command('/sbin/ldconfig')
-        # setuid root executable
-        exe = os.path.join(ctx.env['INSTALL_PREFIX'], 'bin/%s/dcpomatic2_disk_writer')
-        if os.path.exists(exe):
-            os.chmod(exe, 0o4755)
 
 def pot(bld):
     bld.recurse('src')
-- 
2.30.2