subject:"\[oe\] \[meta\-oe\]\[PATCH\] libseccomp\: import from meta\-security"

Re: [oe] [meta-oe][PATCH] libseccomp: import from meta-security

2019-07-26 Thread Khem Raj

On Fri, Jul 26, 2019 at 2:00 AM akuster808  wrote:
>
>
>
> On 7/25/19 8:23 PM, Bruce Ashfield wrote:
> > On Thu, Jul 25, 2019 at 11:01 PM Yu, Mingli  wrote:
> >>
> >>
> >> On 2019年07月26日 10:46, Bruce Ashfield wrote:
> >>>
> >>> On Thu, Jul 25, 2019 at 10:28 PM Yu, Mingli  >>> > wrote:
> >>>
> >>>
> >>>
> >>> On 2019年07月25日 21:45, Bruce Ashfield wrote:
> >>>  > On Thu, Jul 25, 2019 at 3:06 AM  >>> > wrote:
> >>>  >>
> >>>  >> From: Mingli Yu  >>> >
> >>>  >
> >>>  > Can you share some details as to why this should be pulled from
> >>>  > meta-security into a different repo ?
> >>>
> >>> Considering there is also some security related recipe under
> >>> meta-oe/recipes-security/, I think it's not strange to add a new one
> >>> libseccomp and libseccomp also provides a basic common filtering
> >>> mechanism.
> >>>
> >>>
> >>> .. but it is literally churn for the sake of churn.
> >>>
> >>> Meaning, that isn't a great reason to move something. If Armin wanted to
> >>> put the recipe in meta-oe, he would have done it himself.
> >> ^_^, I noticed Armin did try to do this in this thread "[oe]
> >> [meta-oe][PATCH 1/2] libseccomp: move lib from meta-security to meta-oe"
> >> in Jun 1, 2018.
> > In that case, follow up to that thread so folks can remember why it
> > didn't happen, or check to see if it was simply forgotten. Putting the
> > maintainers on the cc' from the start of something like this helps
> > immensely.
> >
> > But I see you added Armin to this thread, so that should be enough.
>
> I am fine if we move the recipe. The issue was Khem didn't want the
> "bash" dependency and I never followed up to clean that up.
>

I think this cleanup would be good to have before we move this in. It
has built well
in preliminary build testing, since there are recipes in meta-oe using
this package it
will become a common place to have it so there might be value.

Other way would be to see if security-recipes in meta-oe could be
moved out into meta-security

> I would have responded sooner but this is the first time I have reliable
> Internet.
>
> - armin
> >
> > Bruce
> >
> >>>
> >>> Meanwhile, the below yocto compliance check error disappears once we
> >>> move libseccomp from meta-security to meta-oe.
> >>> ERROR: Nothing PROVIDES 'libseccomp' (but
> >>> 
> >>> /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb
> >>> 
> >>> DEPENDS on or otherwise requires it).
> >>> Close matches:
> >>> libcomps
> >>> ERROR: Required build target 'meta-world-pkgdata' has no buildable
> >>> providers.
> >>>
> >>> Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
> >>> 'cri-o', 'libseccomp']
> >>>
> >>>
> >>> Also not a valid reason. We've just fixed meta-virtualization, so
> >>> there's no need to shuffle something like this around, just to keep
> >>> another layers compliance check working.
> >>>
> >>> Bruce
> >>>
> >>>
> >>> Thanks,
> >>>
> >>>  >
> >>>  > It seems to fit the mandate of meta-security quite nicely ;)
> >>>  >
> >>>  > Is there some sort of dependency issue, or other technical problem
> >>>  > that is causing a problem ?
> >>>  >
> >>>  > Bruce
> >>>  >
> >>>  >>
> >>>  >> Signed-off-by: Mingli Yu  >>> >
> >>>  >> ---
> >>>  >>   .../recipes-security/libseccomp/files/run-ptest|  4 +++
> >>>  >>   .../libseccomp/libseccomp_2.4.1.bb
> >>>  | 41 
> >>> ++
> >>>  >>   2 files changed, 45 insertions(+)
> >>>  >>   create mode 100644
> >>> meta-oe/recipes-security/libseccomp/files/run-ptest
> >>>  >>   create mode 100644
> >>> meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >>> 
> >>>  >>
> >>>  >> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest
> >>> b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >>>  >> new file mode 100644
> >>>  >> index 000..54b4a63
> >>>  >> --- /dev/null
> >>>  >> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >>>  >> @@ -0,0 +1,4 @@
> >>>  >> +#!/bin/sh
> >>>  >> +
> >>>  >> +cd tests
> >>>  >> +./regression -a
> >>>  >> diff --git
> >>> a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >>> 
> >>> b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >>> 
> >>>  >> new file mode 100644
> >>>  >> index 000..dba1be5
> >>>  >> --- /dev/null
> >>>  >> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >>> 
> >>>  >> @@ -0,0 +1,41 @@
> >>>  >> +SUMMARY = "interface to

Re: [oe] [meta-oe][PATCH] libseccomp: import from meta-security

2019-07-26 Thread akuster808



On 7/25/19 8:23 PM, Bruce Ashfield wrote:
> On Thu, Jul 25, 2019 at 11:01 PM Yu, Mingli  wrote:
>>
>>
>> On 2019年07月26日 10:46, Bruce Ashfield wrote:
>>>
>>> On Thu, Jul 25, 2019 at 10:28 PM Yu, Mingli >> > wrote:
>>>
>>>
>>>
>>> On 2019年07月25日 21:45, Bruce Ashfield wrote:
>>>  > On Thu, Jul 25, 2019 at 3:06 AM >> > wrote:
>>>  >>
>>>  >> From: Mingli Yu >> >
>>>  >
>>>  > Can you share some details as to why this should be pulled from
>>>  > meta-security into a different repo ?
>>>
>>> Considering there is also some security related recipe under
>>> meta-oe/recipes-security/, I think it's not strange to add a new one
>>> libseccomp and libseccomp also provides a basic common filtering
>>> mechanism.
>>>
>>>
>>> .. but it is literally churn for the sake of churn.
>>>
>>> Meaning, that isn't a great reason to move something. If Armin wanted to
>>> put the recipe in meta-oe, he would have done it himself.
>> ^_^, I noticed Armin did try to do this in this thread "[oe]
>> [meta-oe][PATCH 1/2] libseccomp: move lib from meta-security to meta-oe"
>> in Jun 1, 2018.
> In that case, follow up to that thread so folks can remember why it
> didn't happen, or check to see if it was simply forgotten. Putting the
> maintainers on the cc' from the start of something like this helps
> immensely.
>
> But I see you added Armin to this thread, so that should be enough.

I am fine if we move the recipe. The issue was Khem didn't want the
"bash" dependency and I never followed up to clean that up.

I would have responded sooner but this is the first time I have reliable
Internet.

- armin
>
> Bruce
>
>>>
>>> Meanwhile, the below yocto compliance check error disappears once we
>>> move libseccomp from meta-security to meta-oe.
>>> ERROR: Nothing PROVIDES 'libseccomp' (but
>>> 
>>> /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb
>>> 
>>> DEPENDS on or otherwise requires it).
>>> Close matches:
>>> libcomps
>>> ERROR: Required build target 'meta-world-pkgdata' has no buildable
>>> providers.
>>>
>>> Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
>>> 'cri-o', 'libseccomp']
>>>
>>>
>>> Also not a valid reason. We've just fixed meta-virtualization, so
>>> there's no need to shuffle something like this around, just to keep
>>> another layers compliance check working.
>>>
>>> Bruce
>>>
>>>
>>> Thanks,
>>>
>>>  >
>>>  > It seems to fit the mandate of meta-security quite nicely ;)
>>>  >
>>>  > Is there some sort of dependency issue, or other technical problem
>>>  > that is causing a problem ?
>>>  >
>>>  > Bruce
>>>  >
>>>  >>
>>>  >> Signed-off-by: Mingli Yu >> >
>>>  >> ---
>>>  >>   .../recipes-security/libseccomp/files/run-ptest|  4 +++
>>>  >>   .../libseccomp/libseccomp_2.4.1.bb
>>>  | 41 ++
>>>  >>   2 files changed, 45 insertions(+)
>>>  >>   create mode 100644
>>> meta-oe/recipes-security/libseccomp/files/run-ptest
>>>  >>   create mode 100644
>>> meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>>> 
>>>  >>
>>>  >> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest
>>> b/meta-oe/recipes-security/libseccomp/files/run-ptest
>>>  >> new file mode 100644
>>>  >> index 000..54b4a63
>>>  >> --- /dev/null
>>>  >> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
>>>  >> @@ -0,0 +1,4 @@
>>>  >> +#!/bin/sh
>>>  >> +
>>>  >> +cd tests
>>>  >> +./regression -a
>>>  >> diff --git
>>> a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>>> 
>>> b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>>> 
>>>  >> new file mode 100644
>>>  >> index 000..dba1be5
>>>  >> --- /dev/null
>>>  >> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>>> 
>>>  >> @@ -0,0 +1,41 @@
>>>  >> +SUMMARY = "interface to seccomp filtering mechanism"
>>>  >> +DESCRIPTION = "The libseccomp library provides and easy to use,
>>> platform independent,interface to the Linux Kernel's syscall
>>> filtering mechanism: seccomp."
>>>  >> +SECTION = "security"
>>>  >> +LICENSE = "LGPL-2.1"
>>>  >> +LIC_FILES_CHKSUM =
>>> 
>>> "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
>>>  >> +
>>>  >> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
>>>  >> +
>>>  >> +SRC_URI =
>>> "git://github.com/seccomp/libseccomp.git;branch=release-2.4
>>>

Re: [oe] [meta-oe][PATCH] libseccomp: import from meta-security

2019-07-26 Thread Yu, Mingli

On 2019年07月26日 11:23, Bruce Ashfield wrote:

On Thu, Jul 25, 2019 at 11:01 PM Yu, Mingli  wrote:

On 2019年07月26日 10:46, Bruce Ashfield wrote:

On Thu, Jul 25, 2019 at 10:28 PM Yu, Mingli mailto:mingli...@windriver.com>> wrote:

 On 2019年07月25日 21:45, Bruce Ashfield wrote:
  > On Thu, Jul 25, 2019 at 3:06 AM mailto:mingli...@windriver.com>> wrote:
  >>
  >> From: Mingli Yu mailto:mingli...@windriver.com>>
  >
  > Can you share some details as to why this should be pulled from
  > meta-security into a different repo ?

 Considering there is also some security related recipe under
 meta-oe/recipes-security/, I think it's not strange to add a new one
 libseccomp and libseccomp also provides a basic common filtering
 mechanism.

.. but it is literally churn for the sake of churn.

Meaning, that isn't a great reason to move something. If Armin wanted to
put the recipe in meta-oe, he would have done it himself.

^_^, I noticed Armin did try to do this in this thread "[oe]
[meta-oe][PATCH 1/2] libseccomp: move lib from meta-security to meta-oe"
in Jun 1, 2018.

In that case, follow up to that thread so folks can remember why it
didn't happen, or check to see if it was simply forgotten. Putting the
maintainers on the cc' from the start of something like this helps
immensely.

But I see you added Armin to this thread, so that should be enough.

Hi Bruce,

I'm okay to keep libseccomp under meta-security and can consider moving 
it to meta-oe if anyone thinks it is worth.

Bruce

 Meanwhile, the below yocto compliance check error disappears once we
 move libseccomp from meta-security to meta-oe.
 ERROR: Nothing PROVIDES 'libseccomp' (but
 /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb

 DEPENDS on or otherwise requires it).
 Close matches:
 libcomps
 ERROR: Required build target 'meta-world-pkgdata' has no buildable
 providers.

 Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
 'cri-o', 'libseccomp']

I will find other solution to solve the above error related to yocto 
compliance check.

Thanks,

Also not a valid reason. We've just fixed meta-virtualization, so
there's no need to shuffle something like this around, just to keep
another layers compliance check working.

Bruce

 Thanks,

  >
  > It seems to fit the mandate of meta-security quite nicely ;)
  >
  > Is there some sort of dependency issue, or other technical problem
  > that is causing a problem ?
  >
  > Bruce
  >
  >>
  >> Signed-off-by: Mingli Yu mailto:mingli...@windriver.com>>
  >> ---
  >>   .../recipes-security/libseccomp/files/run-ptest|  4 +++
  >>   .../libseccomp/libseccomp_2.4.1.bb
  | 41 ++
  >>   2 files changed, 45 insertions(+)
  >>   create mode 100644
 meta-oe/recipes-security/libseccomp/files/run-ptest
  >>   create mode 100644
 meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb

  >>
  >> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest
 b/meta-oe/recipes-security/libseccomp/files/run-ptest
  >> new file mode 100644
  >> index 000..54b4a63
  >> --- /dev/null
  >> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
  >> @@ -0,0 +1,4 @@
  >> +#!/bin/sh
  >> +
  >> +cd tests
  >> +./regression -a
  >> diff --git
 a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb

 b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb

  >> new file mode 100644
  >> index 000..dba1be5
  >> --- /dev/null
  >> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb

  >> @@ -0,0 +1,41 @@
  >> +SUMMARY = "interface to seccomp filtering mechanism"
  >> +DESCRIPTION = "The libseccomp library provides and easy to use,
 platform independent,interface to the Linux Kernel's syscall
 filtering mechanism: seccomp."
  >> +SECTION = "security"
  >> +LICENSE = "LGPL-2.1"
  >> +LIC_FILES_CHKSUM =
 "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
  >> +
  >> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
  >> +
  >> +SRC_URI =
 "git://github.com/seccomp/libseccomp.git;branch=release-2.4
  \
  >> +   file://run-ptest \
  >> +"
  >> +
  >> +S = "${WORKDIR}/git"
  >> +
  >> +inherit autotools-brokensep pkgconfig ptest
  >> +
  >> +PACKAGECONFIG ??= ""
  >> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
  >> +
  >> +do_compile_ptest() {
  >> +oe_runmake -C

Re: [oe] [meta-oe][PATCH] libseccomp: import from meta-security

2019-07-25 Thread Bruce Ashfield

On Thu, Jul 25, 2019 at 11:01 PM Yu, Mingli  wrote:
>
>
>
> On 2019年07月26日 10:46, Bruce Ashfield wrote:
> >
> >
> > On Thu, Jul 25, 2019 at 10:28 PM Yu, Mingli  > > wrote:
> >
> >
> >
> > On 2019年07月25日 21:45, Bruce Ashfield wrote:
> >  > On Thu, Jul 25, 2019 at 3:06 AM  > > wrote:
> >  >>
> >  >> From: Mingli Yu  > >
> >  >
> >  > Can you share some details as to why this should be pulled from
> >  > meta-security into a different repo ?
> >
> > Considering there is also some security related recipe under
> > meta-oe/recipes-security/, I think it's not strange to add a new one
> > libseccomp and libseccomp also provides a basic common filtering
> > mechanism.
> >
> >
> > .. but it is literally churn for the sake of churn.
> >
> > Meaning, that isn't a great reason to move something. If Armin wanted to
> > put the recipe in meta-oe, he would have done it himself.
>
> ^_^, I noticed Armin did try to do this in this thread "[oe]
> [meta-oe][PATCH 1/2] libseccomp: move lib from meta-security to meta-oe"
> in Jun 1, 2018.

In that case, follow up to that thread so folks can remember why it
didn't happen, or check to see if it was simply forgotten. Putting the
maintainers on the cc' from the start of something like this helps
immensely.

But I see you added Armin to this thread, so that should be enough.

Bruce

>
> >
> >
> > Meanwhile, the below yocto compliance check error disappears once we
> > move libseccomp from meta-security to meta-oe.
> > ERROR: Nothing PROVIDES 'libseccomp' (but
> > 
> > /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb
> > 
> > DEPENDS on or otherwise requires it).
> > Close matches:
> > libcomps
> > ERROR: Required build target 'meta-world-pkgdata' has no buildable
> > providers.
> >
> > Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
> > 'cri-o', 'libseccomp']
> >
> >
> > Also not a valid reason. We've just fixed meta-virtualization, so
> > there's no need to shuffle something like this around, just to keep
> > another layers compliance check working.
> >
> > Bruce
> >
> >
> > Thanks,
> >
> >  >
> >  > It seems to fit the mandate of meta-security quite nicely ;)
> >  >
> >  > Is there some sort of dependency issue, or other technical problem
> >  > that is causing a problem ?
> >  >
> >  > Bruce
> >  >
> >  >>
> >  >> Signed-off-by: Mingli Yu  > >
> >  >> ---
> >  >>   .../recipes-security/libseccomp/files/run-ptest|  4 +++
> >  >>   .../libseccomp/libseccomp_2.4.1.bb
> >  | 41 ++
> >  >>   2 files changed, 45 insertions(+)
> >  >>   create mode 100644
> > meta-oe/recipes-security/libseccomp/files/run-ptest
> >  >>   create mode 100644
> > meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> > 
> >  >>
> >  >> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest
> > b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >  >> new file mode 100644
> >  >> index 000..54b4a63
> >  >> --- /dev/null
> >  >> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >  >> @@ -0,0 +1,4 @@
> >  >> +#!/bin/sh
> >  >> +
> >  >> +cd tests
> >  >> +./regression -a
> >  >> diff --git
> > a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> > 
> > b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> > 
> >  >> new file mode 100644
> >  >> index 000..dba1be5
> >  >> --- /dev/null
> >  >> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> > 
> >  >> @@ -0,0 +1,41 @@
> >  >> +SUMMARY = "interface to seccomp filtering mechanism"
> >  >> +DESCRIPTION = "The libseccomp library provides and easy to use,
> > platform independent,interface to the Linux Kernel's syscall
> > filtering mechanism: seccomp."
> >  >> +SECTION = "security"
> >  >> +LICENSE = "LGPL-2.1"
> >  >> +LIC_FILES_CHKSUM =
> > 
> > "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
> >  >> +
> >  >> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
> >  >> +
> >  >> +SRC_URI =
> > "git://github.com/seccomp/libseccomp.git;branch=release-2.4
> >  \
> >  >> +   file://run-ptest \
> >  >> +"
> >  >> +
> >  >> +S = "${WORKDIR}/git"
> >  >> +
> >  >> +inherit autotools-brokensep pkgconfig ptest
> >  >> +
> >  >> +PACKAGECONFIG ??= ""
> >  >>

Re: [oe] [meta-oe][PATCH] libseccomp: import from meta-security

2019-07-25 Thread Yu, Mingli




On 2019年07月26日 10:46, Bruce Ashfield wrote:



On Thu, Jul 25, 2019 at 10:28 PM Yu, Mingli mailto:mingli...@windriver.com>> wrote:



On 2019年07月25日 21:45, Bruce Ashfield wrote:
 > On Thu, Jul 25, 2019 at 3:06 AM mailto:mingli...@windriver.com>> wrote:
 >>
 >> From: Mingli Yu mailto:mingli...@windriver.com>>
 >
 > Can you share some details as to why this should be pulled from
 > meta-security into a different repo ?

Considering there is also some security related recipe under
meta-oe/recipes-security/, I think it's not strange to add a new one
libseccomp and libseccomp also provides a basic common filtering
mechanism.


.. but it is literally churn for the sake of churn.

Meaning, that isn't a great reason to move something. If Armin wanted to
put the recipe in meta-oe, he would have done it himself.


^_^, I noticed Armin did try to do this in this thread "[oe] 
[meta-oe][PATCH 1/2] libseccomp: move lib from meta-security to meta-oe" 
in Jun 1, 2018.





Meanwhile, the below yocto compliance check error disappears once we
move libseccomp from meta-security to meta-oe.
ERROR: Nothing PROVIDES 'libseccomp' (but
/buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb

DEPENDS on or otherwise requires it).
Close matches:
libcomps
ERROR: Required build target 'meta-world-pkgdata' has no buildable
providers.

Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
'cri-o', 'libseccomp']


Also not a valid reason. We've just fixed meta-virtualization, so
there's no need to shuffle something like this around, just to keep
another layers compliance check working.

Bruce


Thanks,

 >
 > It seems to fit the mandate of meta-security quite nicely ;)
 >
 > Is there some sort of dependency issue, or other technical problem
 > that is causing a problem ?
 >
 > Bruce
 >
 >>
 >> Signed-off-by: Mingli Yu mailto:mingli...@windriver.com>>
 >> ---
 >>   .../recipes-security/libseccomp/files/run-ptest|  4 +++
 >>   .../libseccomp/libseccomp_2.4.1.bb
 | 41 ++
 >>   2 files changed, 45 insertions(+)
 >>   create mode 100644
meta-oe/recipes-security/libseccomp/files/run-ptest
 >>   create mode 100644
meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb

 >>
 >> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest
b/meta-oe/recipes-security/libseccomp/files/run-ptest
 >> new file mode 100644
 >> index 000..54b4a63
 >> --- /dev/null
 >> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
 >> @@ -0,0 +1,4 @@
 >> +#!/bin/sh
 >> +
 >> +cd tests
 >> +./regression -a
 >> diff --git
a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb

b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb

 >> new file mode 100644
 >> index 000..dba1be5
 >> --- /dev/null
 >> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb

 >> @@ -0,0 +1,41 @@
 >> +SUMMARY = "interface to seccomp filtering mechanism"
 >> +DESCRIPTION = "The libseccomp library provides and easy to use,
platform independent,interface to the Linux Kernel's syscall
filtering mechanism: seccomp."
 >> +SECTION = "security"
 >> +LICENSE = "LGPL-2.1"
 >> +LIC_FILES_CHKSUM =
"file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
 >> +
 >> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
 >> +
 >> +SRC_URI =
"git://github.com/seccomp/libseccomp.git;branch=release-2.4
 \
 >> +   file://run-ptest \
 >> +"
 >> +
 >> +S = "${WORKDIR}/git"
 >> +
 >> +inherit autotools-brokensep pkgconfig ptest
 >> +
 >> +PACKAGECONFIG ??= ""
 >> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
 >> +
 >> +do_compile_ptest() {
 >> +oe_runmake -C tests check-build
 >> +}
 >> +
 >> +do_install_ptest() {
 >> +install -d ${D}${PTEST_PATH}/tests
 >> +install -d ${D}${PTEST_PATH}/tools
 >> +for file in $(find tests/* -executable -type f); do
 >> +install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
 >> +done
 >> +for file in $(find tests/*.tests -type f); do
 >> +install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
 >> +done
 >> +for file in $(find tools/* -executable -type f); do
 >> +install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
 >> +done
 >> +}
 >> +
 >> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
 >> +FILES_${PN}-dbg +=

Re: [oe] [meta-oe][PATCH] libseccomp: import from meta-security

2019-07-25 Thread Bruce Ashfield

On Thu, Jul 25, 2019 at 10:28 PM Yu, Mingli  wrote:

>
>
> On 2019年07月25日 21:45, Bruce Ashfield wrote:
> > On Thu, Jul 25, 2019 at 3:06 AM  wrote:
> >>
> >> From: Mingli Yu 
> >
> > Can you share some details as to why this should be pulled from
> > meta-security into a different repo ?
>
> Considering there is also some security related recipe under
> meta-oe/recipes-security/, I think it's not strange to add a new one
> libseccomp and libseccomp also provides a basic common filtering mechanism.
>

.. but it is literally churn for the sake of churn.

Meaning, that isn't a great reason to move something. If Armin wanted to
put the recipe in meta-oe, he would have done it himself.



>
> Meanwhile, the below yocto compliance check error disappears once we
> move libseccomp from meta-security to meta-oe.
> ERROR: Nothing PROVIDES 'libseccomp' (but
> /buildarea/layers/meta-virtualization/recipes-containers/cri-o/
> cri-o_git.bb
> DEPENDS on or otherwise requires it).
> Close matches:
> libcomps
> ERROR: Required build target 'meta-world-pkgdata' has no buildable
> providers.
>
> Missing or unbuildable dependency chain was: ['meta-world-pkgdata',
> 'cri-o', 'libseccomp']
>

Also not a valid reason. We've just fixed meta-virtualization, so there's
no need to shuffle something like this around, just to keep another layers
compliance check working.

Bruce



>
> Thanks,
>
> >
> > It seems to fit the mandate of meta-security quite nicely ;)
> >
> > Is there some sort of dependency issue, or other technical problem
> > that is causing a problem ?
> >
> > Bruce
> >
> >>
> >> Signed-off-by: Mingli Yu 
> >> ---
> >>   .../recipes-security/libseccomp/files/run-ptest|  4 +++
> >>   .../libseccomp/libseccomp_2.4.1.bb | 41
> ++
> >>   2 files changed, 45 insertions(+)
> >>   create mode 100644 meta-oe/recipes-security/libseccomp/files/run-ptest
> >>   create mode 100644 meta-oe/recipes-security/libseccomp/
> libseccomp_2.4.1.bb
> >>
> >> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest
> b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >> new file mode 100644
> >> index 000..54b4a63
> >> --- /dev/null
> >> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
> >> @@ -0,0 +1,4 @@
> >> +#!/bin/sh
> >> +
> >> +cd tests
> >> +./regression -a
> >> diff --git a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >> new file mode 100644
> >> index 000..dba1be5
> >> --- /dev/null
> >> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> >> @@ -0,0 +1,41 @@
> >> +SUMMARY = "interface to seccomp filtering mechanism"
> >> +DESCRIPTION = "The libseccomp library provides and easy to use,
> platform independent,interface to the Linux Kernel's syscall filtering
> mechanism: seccomp."
> >> +SECTION = "security"
> >> +LICENSE = "LGPL-2.1"
> >> +LIC_FILES_CHKSUM =
> "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
> >> +
> >> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
> >> +
> >> +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.4
> \
> >> +   file://run-ptest \
> >> +"
> >> +
> >> +S = "${WORKDIR}/git"
> >> +
> >> +inherit autotools-brokensep pkgconfig ptest
> >> +
> >> +PACKAGECONFIG ??= ""
> >> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
> >> +
> >> +do_compile_ptest() {
> >> +oe_runmake -C tests check-build
> >> +}
> >> +
> >> +do_install_ptest() {
> >> +install -d ${D}${PTEST_PATH}/tests
> >> +install -d ${D}${PTEST_PATH}/tools
> >> +for file in $(find tests/* -executable -type f); do
> >> +install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >> +done
> >> +for file in $(find tests/*.tests -type f); do
> >> +install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >> +done
> >> +for file in $(find tools/* -executable -type f); do
> >> +install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
> >> +done
> >> +}
> >> +
> >> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
> >> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/*
> ${libdir}/${PN}/tools/.debug"
> >> +
> >> +RDEPENDS_${PN}-ptest = "bash"
> >> --
> >> 2.7.4
> >>
> >> --
> >> ___
> >> Openembedded-devel mailing list
> >> Openembedded-devel@lists.openembedded.org
> >> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> >
> >
> >
>


-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await thee
at its end
- "Use the force Harry" - Gandalf, Star Trek II
-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Re: [oe] [meta-oe][PATCH] libseccomp: import from meta-security

2019-07-25 Thread Yu, Mingli




On 2019年07月25日 21:45, Bruce Ashfield wrote:

On Thu, Jul 25, 2019 at 3:06 AM  wrote:


From: Mingli Yu 


Can you share some details as to why this should be pulled from
meta-security into a different repo ?


Considering there is also some security related recipe under 
meta-oe/recipes-security/, I think it's not strange to add a new one 
libseccomp and libseccomp also provides a basic common filtering mechanism.


Meanwhile, the below yocto compliance check error disappears once we
move libseccomp from meta-security to meta-oe.
ERROR: Nothing PROVIDES 'libseccomp' (but 
/buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb 
DEPENDS on or otherwise requires it).

Close matches:
libcomps
ERROR: Required build target 'meta-world-pkgdata' has no buildable 
providers.


Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 
'cri-o', 'libseccomp']


Thanks,



It seems to fit the mandate of meta-security quite nicely ;)

Is there some sort of dependency issue, or other technical problem
that is causing a problem ?

Bruce



Signed-off-by: Mingli Yu 
---
  .../recipes-security/libseccomp/files/run-ptest|  4 +++
  .../libseccomp/libseccomp_2.4.1.bb | 41 ++
  2 files changed, 45 insertions(+)
  create mode 100644 meta-oe/recipes-security/libseccomp/files/run-ptest
  create mode 100644 meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb

diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest 
b/meta-oe/recipes-security/libseccomp/files/run-ptest
new file mode 100644
index 000..54b4a63
--- /dev/null
+++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+cd tests
+./regression -a
diff --git a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb 
b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
new file mode 100644
index 000..dba1be5
--- /dev/null
+++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
@@ -0,0 +1,41 @@
+SUMMARY = "interface to seccomp filtering mechanism"
+DESCRIPTION = "The libseccomp library provides and easy to use, platform 
independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp."
+SECTION = "security"
+LICENSE = "LGPL-2.1"
+LIC_FILES_CHKSUM = 
"file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
+
+SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
+
+SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.4 \
+   file://run-ptest \
+"
+
+S = "${WORKDIR}/git"
+
+inherit autotools-brokensep pkgconfig ptest
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
+
+do_compile_ptest() {
+oe_runmake -C tests check-build
+}
+
+do_install_ptest() {
+install -d ${D}${PTEST_PATH}/tests
+install -d ${D}${PTEST_PATH}/tools
+for file in $(find tests/* -executable -type f); do
+install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
+done
+for file in $(find tests/*.tests -type f); do
+install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
+done
+for file in $(find tools/* -executable -type f); do
+install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
+done
+}
+
+FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
+FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* 
${libdir}/${PN}/tools/.debug"
+
+RDEPENDS_${PN}-ptest = "bash"
--
2.7.4

--
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel





--
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Re: [oe] [meta-oe][PATCH] libseccomp: import from meta-security

2019-07-25 Thread Bruce Ashfield

On Thu, Jul 25, 2019 at 3:06 AM  wrote:
>
> From: Mingli Yu 

Can you share some details as to why this should be pulled from
meta-security into a different repo ?

It seems to fit the mandate of meta-security quite nicely ;)

Is there some sort of dependency issue, or other technical problem
that is causing a problem ?

Bruce

>
> Signed-off-by: Mingli Yu 
> ---
>  .../recipes-security/libseccomp/files/run-ptest|  4 +++
>  .../libseccomp/libseccomp_2.4.1.bb | 41 
> ++
>  2 files changed, 45 insertions(+)
>  create mode 100644 meta-oe/recipes-security/libseccomp/files/run-ptest
>  create mode 100644 meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
>
> diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest 
> b/meta-oe/recipes-security/libseccomp/files/run-ptest
> new file mode 100644
> index 000..54b4a63
> --- /dev/null
> +++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
> @@ -0,0 +1,4 @@
> +#!/bin/sh
> +
> +cd tests
> +./regression -a
> diff --git a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb 
> b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> new file mode 100644
> index 000..dba1be5
> --- /dev/null
> +++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
> @@ -0,0 +1,41 @@
> +SUMMARY = "interface to seccomp filtering mechanism"
> +DESCRIPTION = "The libseccomp library provides and easy to use, platform 
> independent,interface to the Linux Kernel's syscall filtering mechanism: 
> seccomp."
> +SECTION = "security"
> +LICENSE = "LGPL-2.1"
> +LIC_FILES_CHKSUM = 
> "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
> +
> +SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
> +
> +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.4 \
> +   file://run-ptest \
> +"
> +
> +S = "${WORKDIR}/git"
> +
> +inherit autotools-brokensep pkgconfig ptest
> +
> +PACKAGECONFIG ??= ""
> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
> +
> +do_compile_ptest() {
> +oe_runmake -C tests check-build
> +}
> +
> +do_install_ptest() {
> +install -d ${D}${PTEST_PATH}/tests
> +install -d ${D}${PTEST_PATH}/tools
> +for file in $(find tests/* -executable -type f); do
> +install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> +done
> +for file in $(find tests/*.tests -type f); do
> +install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> +done
> +for file in $(find tools/* -executable -type f); do
> +install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
> +done
> +}
> +
> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* 
> ${libdir}/${PN}/tools/.debug"
> +
> +RDEPENDS_${PN}-ptest = "bash"
> --
> 2.7.4
>
> --
> ___
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel



-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-oe][PATCH] libseccomp: import from meta-security

2019-07-25 Thread mingli.yu

From: Mingli Yu 

Signed-off-by: Mingli Yu 
---
 .../recipes-security/libseccomp/files/run-ptest|  4 +++
 .../libseccomp/libseccomp_2.4.1.bb | 41 ++
 2 files changed, 45 insertions(+)
 create mode 100644 meta-oe/recipes-security/libseccomp/files/run-ptest
 create mode 100644 meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb

diff --git a/meta-oe/recipes-security/libseccomp/files/run-ptest 
b/meta-oe/recipes-security/libseccomp/files/run-ptest
new file mode 100644
index 000..54b4a63
--- /dev/null
+++ b/meta-oe/recipes-security/libseccomp/files/run-ptest
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+cd tests
+./regression -a
diff --git a/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb 
b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
new file mode 100644
index 000..dba1be5
--- /dev/null
+++ b/meta-oe/recipes-security/libseccomp/libseccomp_2.4.1.bb
@@ -0,0 +1,41 @@
+SUMMARY = "interface to seccomp filtering mechanism"
+DESCRIPTION = "The libseccomp library provides and easy to use, platform 
independent,interface to the Linux Kernel's syscall filtering mechanism: 
seccomp."
+SECTION = "security"
+LICENSE = "LGPL-2.1"
+LIC_FILES_CHKSUM = 
"file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
+
+SRCREV = "fb43972ea1aab24f2a70193fb7445c2674f594e3"
+
+SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.4 \
+   file://run-ptest \
+"
+
+S = "${WORKDIR}/git"
+
+inherit autotools-brokensep pkgconfig ptest
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[python] = "--enable-python, --disable-python, python"
+
+do_compile_ptest() {
+oe_runmake -C tests check-build
+}
+
+do_install_ptest() {
+install -d ${D}${PTEST_PATH}/tests
+install -d ${D}${PTEST_PATH}/tools
+for file in $(find tests/* -executable -type f); do
+install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
+done
+for file in $(find tests/*.tests -type f); do
+install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
+done
+for file in $(find tools/* -executable -type f); do
+install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
+done
+}
+
+FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
+FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* 
${libdir}/${PN}/tools/.debug"
+
+RDEPENDS_${PN}-ptest = "bash"
-- 
2.7.4

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Re: [oe] [meta-oe][PATCH] libseccomp: import from meta-security

Re: [oe] [meta-oe][PATCH] libseccomp: import from meta-security

Re: [oe] [meta-oe][PATCH] libseccomp: import from meta-security

Re: [oe] [meta-oe][PATCH] libseccomp: import from meta-security

Re: [oe] [meta-oe][PATCH] libseccomp: import from meta-security

Re: [oe] [meta-oe][PATCH] libseccomp: import from meta-security

Re: [oe] [meta-oe][PATCH] libseccomp: import from meta-security

Re: [oe] [meta-oe][PATCH] libseccomp: import from meta-security

[oe] [meta-oe][PATCH] libseccomp: import from meta-security

9 matches

Site Navigation

Mail list logo

Footer information