[Focal] do we need to vendor QtBase for the shader caching patch?
Our Qt 5.12.9 in Xenial carry this patch:
I wonder if it's worth it to start vendoring QtBase for Focal just for this patch? Otherwise, we'll have to edit our AppArmor policy to allow r/w to .cache/qtshadercache-*
to have shader caching (or just don't have it).
Full text from ubports/development/core/apparmor-easyprof-ubuntu!18 (comment 1173105479) (update: I've checked the bug tracker. No, Qt 5.15.x series doesn't seem to have this patch backported.)
Ok, this is tricky one. So, according to Python [1]:
os.access() is not a good and sufficient permission check. It only checks DAC (discrete access control) permissions and suffers from TOCTOU issues.
That means, no, we can't make
access()
returns failure from an AppArmor rules.Qt 6 and 5.15(.?) contains the "fallback to local path at write" code, due to, surprise surprise, @Flohack74's bug report [2]! However, Qt 5.12.8 currently in Ubuntu Focal doesn't contain it.
Our Qt 5.12.9 in Xenial carries this patch [3]. However, I'm sort of reluctant to start vendoring QtBase in Focal. @Flohack74 do you think it's worth it?
(BTW I think the rule can stay - it should silence audit messages.)
[1] https://bugs.python.org/issue42481#msg381943
[2] https://bugreports.qt.io/browse/QTBUG-96789 https://github.com/qt/qtbase/commit/46e6a9a759ae89f905107ccad191ca5ddf442e53
[3] https://gitlab.com/ubports/development/core/packaging/qtbase/-/blob/ubports/xenial/debian/patches/QTBUG-96789.diff