Re: [yocto] Building Custom Python 3 Packages
On Saturday, 2 September 2017 12:42:09 AM NZST Alexander Kanavin wrote: > On 08/31/2017 04:54 PM, Seilis, Aaron wrote: > > This clearly indicates that the issue is that the build is looking > > for setup.py in the ${B} location, but it is only present in the ${S} > > location when `devtool modify` has been run. I have tried setting > > ${B} to ${S} explicitly in the recipe, but this doesn't result in > > ${B} being changed when I run `bitbake -e mytool`. I could always > > copy ${S} to ${B} in the recipe, but that seems a bit hack-ish. > > > > Did I miss something or is there another way that Python builds are > > intended to work? > > I think this might be a limitation of setuptools: they do not support > out-of-tree builds (which is a must for devtool modify'). If you can > figure out how to solve it, that would be nice! devtool modify does not require out-of-tree builds - I think in this instance it's assuming that's OK, and it's supposed to be following what the recipe originally used so that may be a bug. The workaround is to tell it to use the same directory with the -s/--same-dir option. Cheers, Paul -- Paul Eggleton Intel Open Source Technology Centre -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-raspberrypi][PATCH v2 2/2] bluez5: enable bluetooth on raspberrypi0-wifi
Add functions/variable to enabling bluetooth on raspberrypi0-wifi. Signed-off-by: Yusuke Mitsuki--- recipes-connectivity/bluez5/bluez5_%.bbappend | 12 1 file changed, 12 insertions(+) diff --git a/recipes-connectivity/bluez5/bluez5_%.bbappend b/recipes-connectivity/bluez5/bluez5_%.bbappend index b2fbf22..03efd5c 100644 --- a/recipes-connectivity/bluez5/bluez5_%.bbappend +++ b/recipes-connectivity/bluez5/bluez5_%.bbappend @@ -25,6 +25,7 @@ BCM_BT_FIRMWARE = " \ BCM_BT_SERVICE = " brcm43438.service" +# for raspberrypi3 SRC_URI_append_raspberrypi3 = " ${BCM_BT_SOURCES}" do_install_append_raspberrypi3() { @@ -34,3 +35,14 @@ do_install_append_raspberrypi3() { FILES_${PN}_append_raspberrypi3 = " ${BCM_BT_FIRMWARE}" SYSTEMD_SERVICE_${PN}_append_raspberrypi3 = " ${BCM_BT_SERVICE}" + +# for raspberrypi0-wifi +SRC_URI_append_raspberrypi0-wifi = " ${BCM_BT_SOURCES}" + +do_install_append_raspberrypi0-wifi() { +enable_bcm_bluetooth +} + +FILES_${PN}_append_raspberrypi0-wifi = " ${BCM_BT_FIRMWARE}" + +SYSTEMD_SERVICE_${PN}_append_raspberrypi0-wifi = " ${BCM_BT_SERVICE}" -- 2.7.4 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-raspberrypi][PATCH v2 1/2] bluez5: add functions/variables to enabling bluetooth on another raspberrypi
functions/variables in this bbappend implemented for only raspberrypi3. But these must be able to used to enabling bluetooth on another raspberrypi that has bluetooth feature such as raspberrypi0-wifi. The simple solution is a duplicating these but it is not good ideas for maintainance. Add functions/variables follows to simplify to enabling bluetooth on another raspberrypi that has bluetooth. - BCM_BT_SOURCES - enable_bcm_bluetooth() - BCM_BT_FIRMWARE - BCM_BT_SERVICE Signed-off-by: Yusuke Mitsuki--- recipes-connectivity/bluez5/bluez5_%.bbappend | 18 ++ 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/recipes-connectivity/bluez5/bluez5_%.bbappend b/recipes-connectivity/bluez5/bluez5_%.bbappend index 956d776..b2fbf22 100644 --- a/recipes-connectivity/bluez5/bluez5_%.bbappend +++ b/recipes-connectivity/bluez5/bluez5_%.bbappend @@ -1,6 +1,6 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" -SRC_URI_append_raspberrypi3 = " \ +BCM_BT_SOURCES = " \ file://BCM43430A1.hcd \ file://0001-bcm43xx-Add-bcm43xx-3wire-variant.patch \ file://0002-bcm43xx-The-UART-speed-must-be-reset-after-the-firmw.patch \ @@ -9,7 +9,7 @@ SRC_URI_append_raspberrypi3 = " \ file://brcm43438.service \ " -do_install_append_raspberrypi3() { +enable_bcm_bluetooth() { install -d ${D}/lib/firmware/brcm/ install -m 0644 ${WORKDIR}/BCM43430A1.hcd ${D}/lib/firmware/brcm/BCM43430A1.hcd @@ -19,8 +19,18 @@ do_install_append_raspberrypi3() { fi } -FILES_${PN}_append_raspberrypi3 = " \ +BCM_BT_FIRMWARE = " \ /lib/firmware/brcm/BCM43430A1.hcd \ " -SYSTEMD_SERVICE_${PN}_append_raspberrypi3 = " brcm43438.service" +BCM_BT_SERVICE = " brcm43438.service" + +SRC_URI_append_raspberrypi3 = " ${BCM_BT_SOURCES}" + +do_install_append_raspberrypi3() { +enable_bcm_bluetooth +} + +FILES_${PN}_append_raspberrypi3 = " ${BCM_BT_FIRMWARE}" + +SYSTEMD_SERVICE_${PN}_append_raspberrypi3 = " ${BCM_BT_SERVICE}" -- 2.7.4 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] [meta-raspberrypi][PATCH] bluez5: add functions for raspberrypi0-wifi
Sorry I am late. I could not get time enough for this work. I will send patches soon. By the way, If the Michal's work that Andrei pointed and my patches are similar, please drop my patches. 2017-09-04 20:05 GMT+09:00 Andrei Gherzan: > > > On Fri, Aug 25, 2017 at 9:17 PM, Yusuke Mitsuki < > mickey.happygolu...@gmail.com> wrote: > >> okay. I will try. >> >> 2017-08-25 17:51 GMT+09:00 Paul Barker : >> >>> On Thu, Aug 24, 2017 at 1:05 PM, Yusuke Mitsuki >>> wrote: >>> > hciattach on raspberrypi0-wifi failed because BCM43430A1.hcd is not >>> found. >>> > >>> > Paches that in order to use bluetooth with BCM43430 are not enabled. >>> > Functions are only enabled with raspberrypi3 in bluez5_%.bbappend like >>> as follows: >>> > >>> > - SRC_URI_append_raspberrypi3 >>> > - do_install_append_raspberrypi3() >>> > - FILES_${PN}_append_raspberrypi3 >>> > - SYSTEMD_SERVICE_${PN}_append_raspberrypi3 >>> > >>> > These should be enabled with raspberrypi0-wifi too. >>> > >>> > Signed-off-by: Yusuke Mitsuki >>> > --- >>> > recipes-connectivity/bluez5/bluez5_%.bbappend | 25 >>> + >>> > 1 file changed, 25 insertions(+) >>> > >>> > diff --git a/recipes-connectivity/bluez5/bluez5_%.bbappend >>> b/recipes-connectivity/bluez5/bluez5_%.bbappend >>> > index 956d776..075dc2b 100644 >>> > --- a/recipes-connectivity/bluez5/bluez5_%.bbappend >>> > +++ b/recipes-connectivity/bluez5/bluez5_%.bbappend >>> > @@ -24,3 +24,28 @@ FILES_${PN}_append_raspberrypi3 = " \ >>> > " >>> > >>> > SYSTEMD_SERVICE_${PN}_append_raspberrypi3 = " brcm43438.service" >>> > + >>> > +SRC_URI_append_raspberrypi0-wifi = " \ >>> > +file://BCM43430A1.hcd \ >>> > +file://0001-bcm43xx-Add-bcm43xx-3wire-variant.patch \ >>> > + >>> > file://0002-bcm43xx-The-UART-speed-must-be-reset-after-the-firmw.patch >>> \ >>> > +file://0003-Increase-firmware-load-timeout-to-30s.patch \ >>> > +file://0004-Move-the-43xx-firmware-into-lib-firmware.patch \ >>> > +file://brcm43438.service \ >>> > +" >>> > + >>> > +do_install_append_raspberrypi0-wifi() { >>> > +install -d ${D}/lib/firmware/brcm/ >>> > +install -m 0644 ${WORKDIR}/BCM43430A1.hcd >>> ${D}/lib/firmware/brcm/BCM43430A1.hcd >>> > + >>> > +if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', >>> 'false', d)}; then >>> > +install -d ${D}${systemd_unitdir}/system >>> > +install -m 0644 ${WORKDIR}/brcm43438.service >>> ${D}${systemd_unitdir}/system >>> > +fi >>> > +} >>> > + >>> > +FILES_${PN}_append_raspberrypi0-wifi = " \ >>> > +/lib/firmware/brcm/BCM43430A1.hcd \ >>> > +" >>> > + >>> > +SYSTEMD_SERVICE_${PN}_append_raspberrypi0-wifi = " brcm43438.service" >>> >>> I don't like the amount of duplication here. Could you define some >>> common variables and use those in the appends? This will make it >>> easier to change/upgrade in the future and avoid risk of the >>> duplicates falling out of sync with each other. >>> >>> Eg. >>> >>> RPI_WIFI_SOURCES = "" >>> >>> SRC_URI_append_raspberrypi3 = "${RPI_WIFI_SOURCES}" >>> SRC_URI_append_raspberrypi0-wifi = "${RPI_WIFI_SOURCES}" >>> >>> > I know Michal worked on this not long ago. Michal, could you give us some > hints here? Maybe backport the changes in resinOS? > > > -- > Andrei Gherzan > > -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Yocto Project Status WW35’17
And do not forget the OpenEmbedded Developer Meeting in Prague before ELCE: https://www.openembedded.org/wiki/OEDEM_2017 Philip On 08/28/2017 10:42 AM, Jolley, Stephen K wrote: > Current Dev Position: YP 2.4 M3 > > Next Deadline: YP 2.4 M3 (In QA) > > > SWAT team rotation: Paul -> Todor on Aug. 25, 2017. > > SWAT team rotation: Todor -> Tracy on Aug. 18, 2017. > > https://wiki.yoctoproject.org/wiki/Yocto_Build_Failure_Swat_Team > > > Key Status/Updates: > > ·We’ve reached feature freeze for 2.4 and the M3 rc1 build is in QA. > See: https://wiki.yoctoproject.org/wiki/2.4_QA_Status > > ·Some things did not make 2.4. In particular, the python manifest > rework didn’t, nor did the multiple kernels work or the switch to pkgconf by > default. These patchsets were too late in the cycle and potentially caused > too many issues. I’ve started queueing some things on master-next-2.5 in the > meantime. > > ·We’ve continued to struggle with various autobuilder reported > failures although current master appears to be working better than we’ve had > things for a while. > > ·Some fixes were merged for the bitbake server reconnection issues > and this should remove the traceback many people were seeing and generally > clean up some of the behavior for reconnections. > > ·There were some staging.bbclass fixes that have recently merged > which allow the system to cope much better with changing things like the > pkgconfig provider. > > > Planned upcoming dot releases: > > YP 2.2.2 Cut off June 5, 2017 - Not ready to do an rc2 yet. > > YP 2.2.2 Release by June, 16 2017 > > YP 2.3.2 Cut off Sept. 1, 2017 > > YP 2.3.2 Release by Sept. 15, 2017 > > > Key YP 2.4 Dates are: > > YP 2.4 M3 Cut off is Aug. 21, 2017 (In QA) > > YP 2.4 M3 Release by Sept. 1, 2017 > > YP 2.4 M4 (Final) Cut off is Sept. 18, 2017 > > YP 2.4 M4 (Final) Release by Oct. 20, 2017 > > > Tracking Metrics: > > WDD 2504 (last week 2476) > > (https://wiki.yoctoproject.org/charts/combo.html) > > > Key Status Links for YP: > > https://wiki.yoctoproject.org/wiki/Yocto_Project_v2.4_Status > > https://wiki.yoctoproject.org/wiki/Yocto_2.4_Schedule > > https://wiki.yoctoproject.org/wiki/Yocto_2.4_Features > > > [If anyone has suggestions for other information you’d like to see on this > weekly status update, let us know!] > > > Thanks, > > Stephen K. Jolley > Yocto Project Program Manager > INTEL, MS JF1-255, 2111 N.E. 25th Avenue, Hillsboro, OR 97124 > • Work Telephone:(503) 712-0534 > •Cell: (208) 244-4460 > • Email: stephen.k.jol...@intel.com > > > > -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] Build RPi without wireless?
How do I build a Raspberry Pi image without WiFi or Bluetooth, or any of the related utilities? There seem to be lots of packages involved in this, and I can't figure out what's pulling them in in the first place. -- Ciao, Paul D. DeRocco Paulmailto:pdero...@ix.netcom.com -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] Adding dependency to recipe, when dependency ins't in build system
Hello, I have a custom recipe which has been building just fine. I am now trying to add a runtime dependency (debian dependency) on the package, and I can't seem to figure it out. The main issue is the dependency isn't in the yocto build system. I started off with what I know, and added below to the recipe. RDEPENDS_${PN} = "" And I received the following error. ERROR: Nothing RPROVIDES 'package_dependency' (but /home/yocto/fsl-release-bsp/sources/meta-custom/recipes-connectivity/ntpd-config/ntpd-config_1.0.bb RDEPENDS on or otherwise requires it) NOTE: Runtime target 'miraclemax' is unbuildable, removing... Missing or unbuildable dependency chain was: ['miraclemax'] ERROR: Required build target 'ntpd-config' has no buildable providers. Missing or unbuildable dependency chain was: ['ntpd-config', 'miraclemax'] After reading through some of the documentation. I found that RDEPENDS will through an error if the package isn't in the build system. I then tried some INSANE_SKIP INSANE_SKIP_${PN} += "build-deps" And was still getting the above error. Is there any way for me to add a dependency to a package without it being in the build system? -- Regards, Demetrius Pampouktsis -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] Yocto Project Status WW36’17
Current Dev Position: YP 2.4 M4 Next Deadline: YP 2.4 Final Cut off is Sept. 18, 2017 SWAT team rotation: Todor -> Tracy on Sept. 1, 2017. SWAT team rotation: Tracy -> Alejandro on Sept. 8, 2017 https://wiki.yoctoproject.org/wiki/Yocto_Build_Failure_Swat_Team Key Status/Updates: ·M3 rc1 was released, there were some issues found but nothing which couldn’t be addressed in M4 so we’re on track for release. ·We’ve found and fixed a number of BB_SERVER_TIMEOUT issues to the point that it can now be used with oe-selftest which gives us a good confidence level in the functionality for release. If anyone does see issues with the bitbake server changes please report them as we’ve resolved most of the known issues (the remaining ones are with the xmlrpc server). ·We are seeing intermittent qemu issues on the autobuilder and also intermittent failures particularly on qemuppc. We’re doing what we can to investigate these. ·Huge thanks to Armin for finding out the issues we were seeing on the autobuilder for morty. We continue to see some issues with one of the newest autobuilder workers but believe that many of the other issues we were seeing have been resolved and hope that the 2.2.2 release can proceed soon and be given to QA. ·Pyro has also seen many patches recently and is likely heading to a new point release once these have been tested and merged. Planned upcoming dot releases: YP 2.2.2 Cut off June 5, 2017 - Not ready to do an rc2 yet. YP 2.2.2 Release by June, 16 2017 YP 2.3.2 Cut off Sept. 1, 2017 YP 2.3.2 Release by Sept. 15, 2017 Key YP 2.4 Dates are: YP 2.4 M4 (Final) Cut off is Sept. 18, 2017 YP 2.4 M4 (Final) Release by Oct. 20, 2017 Tracking Metrics: WDD 2529 (last week 2504) (https://wiki.yoctoproject.org/charts/combo.html) Key Status Links for YP: https://wiki.yoctoproject.org/wiki/Yocto_Project_v2.4_Status https://wiki.yoctoproject.org/wiki/Yocto_2.4_Schedule https://wiki.yoctoproject.org/wiki/Yocto_2.4_Features [If anyone has suggestions for other information you’d like to see on this weekly status update, let us know!] Thanks, Stephen K. Jolley Yocto Project Program Manager INTEL, MS JF1-255, 2111 N.E. 25th Avenue, Hillsboro, OR 97124 • Work Telephone:(503) 712-0534 •Cell: (208) 244-4460 • Email: stephen.k.jol...@intel.com -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] Minutes: Yocto Project Technical Team Meeting
Attendees: Richard, Joshua L., Ross, Saul, Trevor, Stephano, Stephen, Leo, Joshua W., Michael, Bill Mills, Mark, Agenda: * Opens collection - 5 min (Stephen) * Yocto Project status - 5 min (Stephen/team) YP 2.4 M3 released last Friday. https://wiki.yoctoproject.org/wiki/Yocto_Project_v2.4_Status https://wiki.yoctoproject.org/wiki/Yocto_2.4_Schedule https://wiki.yoctoproject.org/wiki/Yocto_2.4_Features * Opens - 10 min * Team Sharing - 10 min * YP 2.4 M4 is in process, we are feature frozen. Richard discussed the features which were accepted into YP 2.4 and those which will push to YP 2.5. Discussed issues we are having with Autobuilder. * We discussed Pseudo issues. We have lost ongoing support for Pseudo and are struggling with issues. * YP 2.2.2 is now almost ready to be tested, most all the issues have been fixed. This should go in soon. * YP 2.3.2 is also being prepared to be tested. * Build times have improved with the new Autobuilders. * Discussed the need to test layers with YP Compatible testing. Thanks, Stephen K. Jolley Yocto Project Program Manager INTEL, MS JF1-255, 2111 N.E. 25th Avenue, Hillsboro, OR 97124 * Work Telephone: (503) 712-0534 *Cell: (208) 244-4460 * Email:stephen.k.jol...@intel.com -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-security][PATCH] nmap: update to 7.60
LIC_CHKSUM_FILES changed do to yr update. add a few more PACKCONFIG Signed-off-by: Armin Kuster--- recipes-security/nmap/{nmap_7.50.bb => nmap_7.60.bb} | 8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) rename recipes-security/nmap/{nmap_7.50.bb => nmap_7.60.bb} (84%) diff --git a/recipes-security/nmap/nmap_7.50.bb b/recipes-security/nmap/nmap_7.60.bb similarity index 84% rename from recipes-security/nmap/nmap_7.50.bb rename to recipes-security/nmap/nmap_7.60.bb index 30ae06f..a6616eb 100644 --- a/recipes-security/nmap/nmap_7.50.bb +++ b/recipes-security/nmap/nmap_7.60.bb @@ -3,15 +3,15 @@ DESCRIPTION = "Nmap ("Network Mapper") is a free and open source (license) utili SECTION = "security" LICENSE = "GPL-2.0" -LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=87c6956e28c3603a0a1dda11bcdc227a" +LIC_FILES_CHKSUM = "file://COPYING;beginline=7;endline=12;md5=700c690f4ca6b1754f3f1db8645e42d9" SRC_URI = "http://nmap.org/dist/${BP}.tar.bz2 \ file://nmap-redefine-the-python-library-dir.patch \ file://nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch \ " -SRC_URI[md5sum] = "435c7e095bdd4565e0f69c41743a45be" -SRC_URI[sha256sum] = "e9a96a8e02bfc9e80c617932acc61112c23089521ee7d6b1502ecf8e3b1674b2" +SRC_URI[md5sum] = "4e454266559ddf2c4e2109866c62560c" +SRC_URI[sha256sum] = "a8796ecc4fa6c38aad6139d9515dc8113023a82e9d787e5a5fb5fa1b05516f21" inherit autotools-brokensep pkgconfig pythonnative distro_features_check @@ -21,6 +21,8 @@ PACKAGECONFIG += " ${@bb.utils.contains('IMAGE_FEATURES', 'x11-base', 'zenmap', PACKAGECONFIG[pcap] = "--with-pcap=linux, --without-pcap, libpcap, libpcap" PACKAGECONFIG[pcre] = "--with-libpcre=${STAGING_LIBDIR}/.., --with-libpcre=included, libpre" PACKAGECONFIG[ssl] = "--with-openssl=${STAGING_LIBDIR}/.., --without-openssl, openssl, openssl" +PACKAGECONFIG[ssh2] = "--with-openssh2=${STAGING_LIBDIR}/.., --without-openssh2, libssh2, libssh2" +PACKAGECONFIG[libz] = "--with-libz=${STAGING_LIBDIR}/.., --without-libz, zlib, zlib" #disable/enable packages PACKAGECONFIG[nping] = ",--without-nping," -- 2.7.4 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-oracle-java] Is oracle-jse-jre broken on arm target ?
Hello everyone, I'm trying to add embedded JRE to a custom i.MX6 board, and when I add oracle-jse-jre recipe to my image, it starts to add a lot of native stuff so I think it's broken? As I understand it, the recipe downloads JDK and run jrecreate.sh to generate needed JRE. For me, the only thing needed by jrecreate is a valid java installation on host with JAVA_HOME set? Someone is using that recipe on arm? Best Regards, Vincent -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] The differences between rpm 4.x and rpm 5.x in Morty (Poky 2.2)
Hello Ross, Copy that. I can add smartpm for now for Morty, there is still time to experiment. I guess, I'll even wait for Rocko (Poky 2.4). I guess, this one will come October/November time frame. I still need to learn (much) more, to understand beyond classical Linux environment I am very well familiar with. Yocto is yet another, different beast for configuring and making final distros... :-) Thank you, Zoran On Mon, Sep 4, 2017 at 4:33 PM, Burton, Rosswrote: > On 4 September 2017 at 14:25, Zoran Stojsavljevic < > zoran.stojsavlje...@gmail.com> wrote: > >> How can I achieve this for Morty? I know that I need to place DNF recipes >> into recipes-devtools/. >> >> Where should I place rpm 4.x, so it'll have only DNF to be dependent from >> it? >> > > There were about 30 patches involved in the smart to DNF migration and > you'd need to backport most of them if you wanted to use dnf with morty. > > If you *need* to use Morty then you'll have to use RPM+Smart (or dpkg, or > opkg). If you want to use RPM+DNF then upgrading to Pyro is the only > sensible way. > > Ross > -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH] attr: fix ptest failures when selinux enabled
From: Kai KangWhen selinux is enabled, a file has a default attribute "security.selinux" and the output of getfattr shows: # file: here security.selinux="system_u:object_r:lib_t:s0" That always causes more output of command getfattr than expected. Filter out selinux related attribute info, and if the file has only selinux attribute info, remove its whole output. Signed-off-by: Kai Kang --- .../fix-ptest-failures-when-selinux-enabled.patch | 41 ++ recipes-support/attr/attr_%.bbappend | 5 +++ 2 files changed, 46 insertions(+) create mode 100644 recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch create mode 100644 recipes-support/attr/attr_%.bbappend diff --git a/recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch b/recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch new file mode 100644 index 000..e1eefa7 --- /dev/null +++ b/recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch @@ -0,0 +1,41 @@ +Upstream-Status: Pending + +When enable selinux, file has a default attribute: + +# file: here +security.selinux="system_u:object_r:lib_t:s0" + +That cause there is always more output than expected. + +Filter out selinux related attribute info to make ptest pass. + +Signed-off-by: Kai Kang +--- +diff --git a/test/run b/test/run +index cf15252..945741e 100755 +--- a/test/run b/test/run +@@ -132,6 +132,23 @@ sub process_test() { +print "[$prog_line] \$ ", join(' ', + map { s/\s/\\$&/g; $_ } @$p), " -- "; +my $result = exec_test($prog, $in); ++ ++ # filter selinux related attributes info ++ my @strip1; ++ my @strip2; ++ foreach (@$result) { ++ unless (/security.selinux=.*\n/) { ++ push @strip1, $_; ++ } ++ } ++ for (my $i = 0; $i <= $#strip1; $i++) { ++ if ($strip1[$i] =~ /^# file:.*/ && $strip1[$i+1] =~ /^\n$/) { ++ $i++; ++ } else { ++ push @strip2, $strip1[$i]; ++ } ++ } ++ $result = \@strip2; +my @good = (); +my $nmax = (@$out > @$result) ? @$out : @$result; +for (my $n=0; $n < $nmax; $n++) { diff --git a/recipes-support/attr/attr_%.bbappend b/recipes-support/attr/attr_%.bbappend new file mode 100644 index 000..6be8191 --- /dev/null +++ b/recipes-support/attr/attr_%.bbappend @@ -0,0 +1,5 @@ +inherit selinux + +FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" + +SRC_URI += "${@target_selinux(d, 'file://fix-ptest-failures-when-selinux-enabled.patch')}" -- 2.14.1 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 19/21] setools: uprev to 4.1.1
From: Wenzong FanSETools v4 is a rewrite of SETools in Python, details refer to: https://github.com/TresysTechnology/setools/wiki/Changes-Since-SETools-v3 Changes for upreving: * removed setools_3.3.8.bb and all useless patch * add patches to fix cross-compiling issues: - setools4-fixes-for-cross-compiling.patch - setools4-fix-cross-compiling-errors-for-powerpc-mips.patch Signed-off-by: Wenzong Fan --- ...-Don-t-check-selinux-policies-if-disabled.patch | 25 -- .../setools-Fix-man-pages-and-getoptions.patch | 80 -- .../setools-Fix-output-to-match-policy-lines.patch | 36 --- ...-Fix-python-setools-Makefile.am-for-cross.patch | 33 --- ...-sepol-calls-to-work-with-latest-libsepol.patch | 36 --- .../setools-Fix-test-bug-for-unary-operator.patch | 25 -- .../setools/setools-Remove-unused-variables.patch | 279 - ...s-Update-for-2015-02-02-Userspace-release.patch | 114 - .../setools/setools/setools-configure-ac.patch | 107 .../setools-configure-with-latest-libsepol.patch | 33 --- .../setools/setools/setools-cross-ar.patch | 17 -- .../setools-neverallow-rules-all-always-fail.patch | 31 --- ...ols-seinfo-should-exit-with-correct-errno.patch | 134 -- recipes-security/setools/setools/setools.pam | 4 - ...x-cross-compiling-errors-for-powerpc-mips.patch | 35 +++ .../setools4-fixes-for-cross-compiling.patch | 40 +++ .../setools/{setools_3.3.8.bb => setools_4.1.1.bb} | 100 ++-- 17 files changed, 91 insertions(+), 1038 deletions(-) delete mode 100644 recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch delete mode 100644 recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch delete mode 100644 recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch delete mode 100644 recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch delete mode 100644 recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch delete mode 100644 recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch delete mode 100644 recipes-security/setools/setools/setools-Remove-unused-variables.patch delete mode 100644 recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch delete mode 100644 recipes-security/setools/setools/setools-configure-ac.patch delete mode 100644 recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch delete mode 100644 recipes-security/setools/setools/setools-cross-ar.patch delete mode 100644 recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch delete mode 100644 recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch delete mode 100644 recipes-security/setools/setools/setools.pam create mode 100644 recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch create mode 100644 recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch rename recipes-security/setools/{setools_3.3.8.bb => setools_4.1.1.bb} (11%) diff --git a/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch b/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch deleted file mode 100644 index ed841e8..000 --- a/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 7515aa80e7ead8d3016ea161e5d0eb9c59399278 Mon Sep 17 00:00:00 2001 -From: Xin Ouyang -Date: Wed, 7 Mar 2012 14:36:19 +0800 -Subject: [meta-selinux][PATCH] setools: Don't check selinux policies if disabled. - - configure.ac |2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/configure.ac b/configure.ac -index e1db271..899e5e9 100644 a/configure.ac -+++ b/configure.ac -@@ -390,7 +390,7 @@ if test "x${enable_selinux_check}" = "xyes"; then - use_selinux=yes - fi - else -- use_selinux=yes -+ use_selinux=no - fi - - AC_CACHE_SAVE --- -1.7.5.4 - diff --git a/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch b/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch deleted file mode 100644 index 455da1e..000 --- a/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch +++ /dev/null @@ -1,80 +0,0 @@ -From ecaccf49ee95fe2c3a57a0d2184aaec98a967172 Mon Sep 17 00:00:00 2001 -From: Xin Ouyang -Date: Wed, 7 Mar 2012 10:53:36 +0800 -Subject: [meta-selinux][PATCH 3/7] setools: Fix man pages and getoptions - -Integrated from Fedora: -https://community.dev.fedoraproject.org/packages/setools/sources/patches/ - man/replcon.1|2 ++ - man/seinfo.1 |
[yocto] [meta-selinux][PATCH 21/21] selinux-python: add setools to RDEPENDS
From: Wenzong FanSigned-off-by: Wenzong Fan --- recipes-security/selinux/selinux-python.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/recipes-security/selinux/selinux-python.inc b/recipes-security/selinux/selinux-python.inc index cc907ae..55060e3 100644 --- a/recipes-security/selinux/selinux-python.inc +++ b/recipes-security/selinux/selinux-python.inc @@ -37,6 +37,7 @@ RDEPENDS_${BPN} += "\ python-unixadmin \ libselinux-python \ libsemanage-python \ +setools \ " RDEPENDS_${BPN}-semanage += "\ python-core \ -- 2.13.0 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 20/21] packagegroup-*: sync package names
From: Wenzong FanSome new packages added after SELinux uprev to 2.7, sync the package names accordingly: policycoreutils-audit2allow -> selinux-python-audit2allow policycoreutils-chcat-> selinux-python-chcat policycoreutils-python -> selinux-python policycoreutils-semanage -> selinux-python-semanage policycoreutils-sandbox -> selinux-sandbox policycoreutils-sepolgen-ifgen -> selinux-python-sepolgen-ifgen policycoreutils-sepolicy -> selinux-python-sepolicy, selinux-dbus policycoreutils-semodule-deps-> semodule-utils-semodule-deps policycoreutils-semodule-expand -> semodule-utils-semodule-expand policycoreutils-semodule-link-> semodule-utils-semodule-link policycoreutils-semodule-package -> semodule-utils-semodule-package system-config-selinux-> selinux-gui sepolgen -> selinux-python-sepolgen Signed-off-by: Wenzong Fan --- .../packagegroups/packagegroup-core-selinux.bb | 2 +- .../packagegroup-selinux-policycoreutils.bb| 25 +++--- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/recipes-security/packagegroups/packagegroup-core-selinux.bb b/recipes-security/packagegroups/packagegroup-core-selinux.bb index 128dfba..fd501d6 100644 --- a/recipes-security/packagegroups/packagegroup-core-selinux.bb +++ b/recipes-security/packagegroups/packagegroup-core-selinux.bb @@ -17,7 +17,7 @@ RDEPENDS_${PN} = " \ libselinux-bin \ libsemanage \ checkpolicy \ - sepolgen \ + selinux-python-sepolgen \ packagegroup-selinux-policycoreutils \ setools \ setools-console \ diff --git a/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb b/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb index b566134..e1ddee6 100644 --- a/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb +++ b/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb @@ -12,27 +12,28 @@ PACKAGES = "\ ALLOW_EMPTY_${PN} = "1" RDEPENDS_${PN} = "\ - policycoreutils-audit2allow \ - policycoreutils-chcat \ policycoreutils-fixfiles \ policycoreutils-genhomedircon \ policycoreutils-loadpolicy \ policycoreutils-newrole \ - policycoreutils-python \ policycoreutils-runinit \ - policycoreutils-sandbox \ policycoreutils-secon \ - policycoreutils-semanage \ policycoreutils-semodule \ - policycoreutils-semodule-deps \ - policycoreutils-semodule-expand \ - policycoreutils-semodule-link \ - policycoreutils-semodule-package \ - policycoreutils-sepolgen-ifgen \ - policycoreutils-sepolicy \ policycoreutils-sestatus \ policycoreutils-setfiles \ policycoreutils-setsebool \ policycoreutils-hll \ - system-config-selinux \ + semodule-utils-semodule-deps \ + semodule-utils-semodule-expand \ + semodule-utils-semodule-link \ + semodule-utils-semodule-package \ + selinux-python-audit2allow \ + selinux-python-sepolgen-ifgen \ + selinux-python-semanage \ + selinux-python-sepolicy \ + selinux-python-chcat \ + selinux-python \ + selinux-sandbox \ + selinux-dbus \ + selinux-gui \ " -- 2.13.0 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 18/21] refpolicy_common: depends on semodule-utils-native
From: Wenzong FanThose tools have been moved from policycoreutils to semodule-utils: semodule_deps, semodule_expand, semodule_link, semodule_package Signed-off-by: Wenzong Fan --- recipes-security/refpolicy/refpolicy_common.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index 4a7b7eb..2ce02ac 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc @@ -29,7 +29,7 @@ FILES_${PN}-dev =+ " \ EXTRANATIVEPATH += "bzip2-native" -DEPENDS += "bzip2-replacement-native checkpolicy-native policycoreutils-native m4-native" +DEPENDS += "bzip2-replacement-native checkpolicy-native policycoreutils-native semodule-utils-native m4-native" RDEPENDS_${PN}-dev =+ " \ python \ -- 2.13.0 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 17/21] refpolicy: fix a typo in RDEPENDS
From: Jackie HuangUnderscore ("_") should be used for variable overrides. Signed-off-by: Jackie Huang --- recipes-security/refpolicy/refpolicy_common.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-security/refpolicy/refpolicy_common.inc b/recipes-security/refpolicy/refpolicy_common.inc index 6a45e79..4a7b7eb 100644 --- a/recipes-security/refpolicy/refpolicy_common.inc +++ b/recipes-security/refpolicy/refpolicy_common.inc @@ -31,7 +31,7 @@ EXTRANATIVEPATH += "bzip2-native" DEPENDS += "bzip2-replacement-native checkpolicy-native policycoreutils-native m4-native" -RDEPENDS-${PN}-dev =+ " \ +RDEPENDS_${PN}-dev =+ " \ python \ " -- 2.13.0 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 16/21] policycoreutils: fixes for 2.7 uprev
From: Wenzong FanRemove setools from DEPENDS/RDEPENDS, it was required by sepolicy, sepolgen, semanage which have been moved to python/*. Rebase patch: - policycoreutils-fixfiles-de-bashify.patch Drop useless patch: - policycoreutils-loadpolicy-symlink.patch Signed-off-by: Wenzong Fan --- recipes-security/selinux/policycoreutils.inc | 4 +- .../policycoreutils-fixfiles-de-bashify.patch | 53 ++ recipes-security/selinux/policycoreutils_2.7.bb| 3 -- 3 files changed, 27 insertions(+), 33 deletions(-) diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc index 5e03ba0..fc181f7 100644 --- a/recipes-security/selinux/policycoreutils.inc +++ b/recipes-security/selinux/policycoreutils.inc @@ -16,7 +16,7 @@ PAM_SRC_URI = "file://pam.d/newrole \ " DEPENDS += "libsepol libselinux libsemanage libcap gettext-native" -EXTRA_DEPENDS = "libcap-ng libcgroup setools" +EXTRA_DEPENDS = "libcap-ng libcgroup" DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}" inherit selinux pythonnative @@ -60,7 +60,7 @@ RDEPENDS_${BPN}-setsebool += "\ libselinux \ libsemanage \ " -RDEPENDS_${BPN} += "setools setools-libs selinux-python" +RDEPENDS_${BPN} += "selinux-python" WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}" ERROR_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', d)}" diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch index 44d7525..0144de7 100644 --- a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch +++ b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch @@ -13,12 +13,13 @@ so we'll try that instead. Upstream-Status: Pending Signed-off-by: Joe MacDonald +Signed-off-by: Wenzong Fan --- - scripts/fixfiles | 26 +++--- - 1 file changed, 15 insertions(+), 11 deletions(-) + scripts/fixfiles | 23 ++- + 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/scripts/fixfiles b/scripts/fixfiles -index 5c29eb9..10a5078 100755 +index 1aa330f..a10837d 100755 --- a/scripts/fixfiles +++ b/scripts/fixfiles @@ -1,4 +1,4 @@ @@ -27,29 +28,39 @@ index 5c29eb9..10a5078 100755 # fixfiles # # Script to restore labels on a SELinux box -@@ -25,7 +25,7 @@ +@@ -27,7 +27,7 @@ set -o nounset # number if the current kernel version is greater than 2.6.30, a negative # number if the current is less than 2.6.30 and 0 if they are the same. # -function useseclabel { -+useseclabel() { ++useseclabel { VER=`uname -r` SUP=2.6.30 expr '(' "$VER" : '\([^.]*\)' ')' '-' '(' "$SUP" : '\([^.]*\)' ')' '|' \ -@@ -91,9 +91,9 @@ exclude_dirs_from_relabelling() { +@@ -93,9 +93,10 @@ exclude_dirs_from_relabelling() { # skip not absolute path # skip not directory [ -z "${i}" ] && continue --[[ "${i}" =~ "^[[:blank:]]*#" ]] && continue +-[[ "${i}" =~ ^[[:blank:]]*# ]] && continue -[[ ! "${i}" =~ ^/.* ]] && continue -[[ ! -d "${i}" ]] && continue +echo "${i}" | egrep -q '^[[:space:]]*#' && continue +echo "${i}" | egrep -v '^/.*' && continue +[ ! -d "${i}" ] && continue ++ exclude_from_relabelling="$exclude_from_relabelling -e $i" - logit "skipping the directory $i" done < /etc/selinux/fixfiles_exclude_dirs -@@ -205,8 +205,12 @@ fi + fi +@@ -138,7 +139,7 @@ fi + # Log directories excluded from relabelling by configuration file + # + LogExcluded() { +-for i in ${EXCLUDEDIRS//-e / }; do ++for i in `echo ${EXCLUDEDIRS} | sed -e 's/-e / /g'`; do + echo "skipping the directory $i" + done + } +@@ -201,8 +202,12 @@ fi } rpmlist() { @@ -64,29 +75,15 @@ index 5c29eb9..10a5078 100755 } # -@@ -233,10 +237,10 @@ if [ -n "${exclude_dirs}" ] - then - TEMPFCFILE=`mktemp ${FC}.XX` - test -z "$TEMPFCFILE" && exit -- /bin/cp -p ${FC} ${TEMPFCFILE} &>/dev/null || exit -- tmpdirs=${tempdirs//-e/} -- for p in ${tmpdirs} -+ /bin/cp -p ${FC} ${TEMPFCFILE} >/dev/null 2>&1 || exit -+ for p in ${tempdirs} - do -+ [ ${p} = "-e" ] && continue - p="${p%/}" - p1="${p}(/.*)? -- <>" - echo "${p1}" >> $TEMPFCFILE -@@ -288,7 +292,7 @@ relabel() { - restore Relabel +@@ -276,7 +281,7 @@ relabel() { + exit 1 fi -if [ $fullFlag == 1 ]; then -+if [ $fullFlag = 1 ]; then ++if [ $fullFlag = 1 ]; then fullrelabel + return fi - -- -1.9.1 +2.13.0 diff --git a/recipes-security/selinux/policycoreutils_2.7.bb
[yocto] [meta-selinux][PATCH 15/21] selinux-gui: add package 2.7 (20170804)
From: Wenzong FanMove policycoreutils/gui to gui and cleanup policycoreutils.inc. Signed-off-by: Wenzong Fan --- recipes-security/selinux/policycoreutils.inc | 7 --- recipes-security/selinux/selinux-gui.inc | 15 +++ recipes-security/selinux/selinux-gui_2.7.bb | 7 +++ 3 files changed, 22 insertions(+), 7 deletions(-) create mode 100644 recipes-security/selinux/selinux-gui.inc create mode 100644 recipes-security/selinux/selinux-gui_2.7.bb diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc index 8a9027b..5e03ba0 100644 --- a/recipes-security/selinux/policycoreutils.inc +++ b/recipes-security/selinux/policycoreutils.inc @@ -78,7 +78,6 @@ PACKAGES =+ "\ ${PN}-sestatus \ ${PN}-setfiles \ ${PN}-setsebool \ - system-config-selinux \ " FILES_${PN}-fixfiles += "${base_sbindir}/fixfiles" FILES_${PN}-genhomedircon += "${sbindir}/genhomedircon" @@ -112,12 +111,6 @@ FILES_${PN}-setsebool += "\ ${datadir}/bash-completion/completions/setsebool \ " -FILES_system-config-selinux = " \ -${datadir}/system-config-selinux/* \ -${datadir}/icons/hicolor/ \ -${datadir}/polkit-1/actions/org.selinux.config.policy \ -" - export STAGING_INCDIR export STAGING_LIBDIR export BUILD_SYS diff --git a/recipes-security/selinux/selinux-gui.inc b/recipes-security/selinux/selinux-gui.inc new file mode 100644 index 000..1096f3f --- /dev/null +++ b/recipes-security/selinux/selinux-gui.inc @@ -0,0 +1,15 @@ +SUMMARY = "SELinux GUI tools" +DESCRIPTION = "\ +Provide SELinux Management tool (system-config-selinux) and SELinux \ +Policy Generation Tool (selinux-polgengui)" + +SECTION = "base" +LICENSE = "GPLv2+" + +RDEPENDS_${PN} += "python" + +FILES_${PN} += " \ +${datadir}/system-config-selinux/* \ +${datadir}/icons/hicolor/* \ +${datadir}/polkit-1/actions/org.selinux.config.policy \ +" diff --git a/recipes-security/selinux/selinux-gui_2.7.bb b/recipes-security/selinux/selinux-gui_2.7.bb new file mode 100644 index 000..3531591 --- /dev/null +++ b/recipes-security/selinux/selinux-gui_2.7.bb @@ -0,0 +1,7 @@ +include selinux_20170804.inc +include ${BPN}.inc + +LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" + +SRC_URI[md5sum] = "f3555cb50a9e67b42bc917ede1982c7d" +SRC_URI[sha256sum] = "693fb3347041b5a2273c52c33be0a256b109e60f2039ae1d7e90ba8a2ec0324f" -- 2.13.0 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 11/21] selinux-sandbox: add package 2.7 (20170804)
From: Wenzong FanMove policycoreutils/sandbox to sandbox: * Move and rebase patch: - policycoreutils-sandbox-de-bashify.patch * Cleanup policycoreutils.inc Signed-off-by: Wenzong Fan --- recipes-security/selinux/policycoreutils.inc | 17 - recipes-security/selinux/selinux-sandbox.inc | 28 ++ .../sandbox-de-bashify.patch} | 13 +- recipes-security/selinux/selinux-sandbox_2.7.bb| 7 ++ 4 files changed, 42 insertions(+), 23 deletions(-) create mode 100644 recipes-security/selinux/selinux-sandbox.inc rename recipes-security/selinux/{policycoreutils/policycoreutils-sandbox-de-bashify.patch => selinux-sandbox/sandbox-de-bashify.patch} (79%) create mode 100644 recipes-security/selinux/selinux-sandbox_2.7.bb diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc index e8f6e5f..9e45e0c 100644 --- a/recipes-security/selinux/policycoreutils.inc +++ b/recipes-security/selinux/policycoreutils.inc @@ -9,7 +9,6 @@ LICENSE = "GPLv2+" SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ file://policycoreutils-fixfiles-de-bashify.patch \ -file://policycoreutils-sandbox-de-bashify.patch \ " PAM_SRC_URI = "file://pam.d/newrole \ @@ -64,15 +63,6 @@ RDEPENDS_${BPN}-python += "\ libsemanage-python \ " RDEPENDS_${BPN}-runinit += "libselinux" -RDEPENDS_${BPN}-sandbox += "\ - python-math \ - python-shell \ - python-subprocess \ - python-textutils \ - python-unixadmin \ - libselinux-python \ - ${BPN}-python \ -" RDEPENDS_${BPN}-secon += "libselinux" RDEPENDS_${BPN}-semanage = "\ python-core \ @@ -128,7 +118,6 @@ PACKAGES =+ "\ ${PN}-newrole \ ${PN}-python \ ${PN}-runinit \ - ${PN}-sandbox \ ${PN}-secon \ ${PN}-semanage \ ${PN}-semodule \ @@ -171,12 +160,6 @@ FILES_${PN}-runinit += "\ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/run_init', '', d)} \ " FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/.debug/* ${prefix}/libexec/selinux/hll/.debug" -FILES_${PN}-sandbox += "\ - ${datadir}/sandbox/* \ - ${bindir}/sandbox \ - ${sbindir}/seunshare \ - ${sysconfdir}/sysconfig/sandbox \ -" FILES_${PN}-secon += "${bindir}/secon" FILES_${PN}-semanage = "\ ${sbindir}/semanage \ diff --git a/recipes-security/selinux/selinux-sandbox.inc b/recipes-security/selinux/selinux-sandbox.inc new file mode 100644 index 000..8616dd7 --- /dev/null +++ b/recipes-security/selinux/selinux-sandbox.inc @@ -0,0 +1,28 @@ +SUMMARY = "Run cmd under an SELinux sandbox" +DESCRIPTION = "\ +Run application within a tightly confined SELinux domain. The default \ +sandbox domain only allows applications the ability to read and write \ +stdin, stdout and any other file descriptors handed to it." + +SECTION = "base" +LICENSE = "GPLv2+" + +SRC_URI += "file://sandbox-de-bashify.patch \ +" + +DEPENDS += "libcap-ng libselinux" + +RDEPENDS_${PN} += "\ +python-math \ +python-shell \ +python-subprocess \ +python-textutils \ +python-unixadmin \ +libselinux-python \ +selinux-python \ +" + +FILES_${PN} += "\ +${datadir}/sandbox/sandboxX.sh \ +${datadir}/sandbox/start \ +" diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-sandbox-de-bashify.patch b/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch similarity index 79% rename from recipes-security/selinux/policycoreutils/policycoreutils-sandbox-de-bashify.patch rename to recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch index c078ef6..18cef4b 100644 --- a/recipes-security/selinux/policycoreutils/policycoreutils-sandbox-de-bashify.patch +++ b/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch @@ -9,25 +9,26 @@ sandboxX script, so point them at /bin/sh instead. Upstream-Status: Pending Signed-off-by: Joe MacDonald +Signed-off-by: Wenzong Fan --- sandbox/sandbox.init | 2 +- sandbox/sandboxX.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -diff --git a/sandbox/sandbox.init b/sandbox/sandbox.init +diff --git a/sandbox.init b/sandbox.init index b3979bf..1893dc8 100644 a/sandbox/sandbox.init -+++ b/sandbox/sandbox.init +--- a/sandbox.init b/sandbox.init @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh ## BEGIN INIT INFO # Provides: sandbox # Default-Start: 3 4 5 -diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh +diff --git a/sandboxX.sh b/sandboxX.sh index eaa500d..8755d75 100644 a/sandbox/sandboxX.sh -+++ b/sandbox/sandboxX.sh +--- a/sandboxX.sh b/sandboxX.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh
[yocto] [meta-selinux][PATCH 10/21] restorecond: add package 2.7 (20170804)
From: Wenzong FanMove policycoreutils/restorecond to restorecond: * Move and rebase patch: - policycoreutils-make-O_CLOEXEC-optional.patch * Cleanup policycoreutils_2.7.bb. Signed-off-by: Wenzong Fan --- recipes-security/selinux/policycoreutils_2.7.bb| 1 - recipes-security/selinux/restorecond.inc | 28 ++ .../policycoreutils-make-O_CLOEXEC-optional.patch | 8 +++ recipes-security/selinux/restorecond_2.7.bb| 7 ++ 4 files changed, 39 insertions(+), 5 deletions(-) create mode 100644 recipes-security/selinux/restorecond.inc rename recipes-security/selinux/{policycoreutils => restorecond}/policycoreutils-make-O_CLOEXEC-optional.patch (90%) create mode 100644 recipes-security/selinux/restorecond_2.7.bb diff --git a/recipes-security/selinux/policycoreutils_2.7.bb b/recipes-security/selinux/policycoreutils_2.7.bb index d407ac3..54ec69a 100644 --- a/recipes-security/selinux/policycoreutils_2.7.bb +++ b/recipes-security/selinux/policycoreutils_2.7.bb @@ -8,7 +8,6 @@ SRC_URI[sha256sum] = "0a1b8a4a323b854981c6755ff025fe98a0f1cff307f109abb260f0490f SRC_URI += "\ file://policycoreutils-fix-sepolicy-install-path.patch \ - file://policycoreutils-make-O_CLOEXEC-optional.patch \ file://policycoreutils-loadpolicy-symlink.patch \ file://policycoreutils-process-ValueError-for-sepolicy-seobject.patch \ file://policycoreutils-fix-TypeError-for-seobject.py.patch \ diff --git a/recipes-security/selinux/restorecond.inc b/recipes-security/selinux/restorecond.inc new file mode 100644 index 000..6f12d23 --- /dev/null +++ b/recipes-security/selinux/restorecond.inc @@ -0,0 +1,28 @@ +SUMMARY = "Daemon to watch for file creation and set default file context" +DESCRIPTION = "\ +The restorecond daemon uses inotify to watch files listed in the \ +/etc/selinux/restorecond.conf, when they are created, this daemon \ +will make sure they have the correct file context associated with \ +the policy." + +SECTION = "base" +LICENSE = "GPLv2+" + +SRC_URI += "file://policycoreutils-make-O_CLOEXEC-optional.patch \ +" + +inherit systemd update-rc.d + +DEPENDS += "libsepol libselinux libpcre dbus-glib glib-2.0 pkgconfig-native" + +FILES_${PN} += "${datadir}/dbus-1/services/org.selinux.Restorecond.service \ +" + +do_install_prepend() { +export SYSTEMDDIR=${D}/${systemd_unitdir} +} + +SYSTEMD_SERVICE_restorecond = "restorecond.service" +INITSCRIPT_PACKAGES = "restorecond" +INITSCRIPT_NAME_restorecond = "restorecond" +INITSCRIPT_PARAMS_restorecond = "defaults" diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch similarity index 90% rename from recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch rename to recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch index d50356e..ab1a10a 100644 --- a/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch +++ b/recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch @@ -16,13 +16,13 @@ Uptream-Status: Inappropriate [O_CLOEXEC has been in Linux since 2007 and POSIX Signed-off-by: Joe MacDonald Signed-off-by: Wenzong Fan --- - restorecond/user.c |8 +++- + user.c |8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) -diff --git a/restorecond/user.c b/restorecond/user.c +diff --git a/user.c b/user.c index 2c28676..6235772 100644 a/restorecond/user.c -+++ b/restorecond/user.c +--- a/user.c b/user.c @@ -202,7 +202,13 @@ static int local_server() { perror("asprintf"); return -1; diff --git a/recipes-security/selinux/restorecond_2.7.bb b/recipes-security/selinux/restorecond_2.7.bb new file mode 100644 index 000..1f9a70c --- /dev/null +++ b/recipes-security/selinux/restorecond_2.7.bb @@ -0,0 +1,7 @@ +include selinux_20170804.inc +include ${BPN}.inc + +LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" + +SRC_URI[md5sum] = "46f8ad0a37f955ef148d4e19b8cc8b1f" +SRC_URI[sha256sum] = "cb8e0a8d706cb2c1f105125f3514defcbcfb49199183a7f91ab0bdf1f24d" -- 2.13.0 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 14/21] selinux-dbus: add package 2.7 (20170804)
From: Wenzong FanMove policycoreutils/sepolicy/dbus to dbus. Signed-off-by: Wenzong Fan --- recipes-security/selinux/selinux-dbus.inc| 14 ++ recipes-security/selinux/selinux-dbus_2.7.bb | 7 +++ 2 files changed, 21 insertions(+) create mode 100644 recipes-security/selinux/selinux-dbus.inc create mode 100644 recipes-security/selinux/selinux-dbus_2.7.bb diff --git a/recipes-security/selinux/selinux-dbus.inc b/recipes-security/selinux/selinux-dbus.inc new file mode 100644 index 000..1b66136 --- /dev/null +++ b/recipes-security/selinux/selinux-dbus.inc @@ -0,0 +1,14 @@ +SUMMARY = "SELinux dbus service files" +DESCRIPTION = "\ +Provide SELinux dbus service files and scripts." + +SECTION = "base" +LICENSE = "GPLv2+" + +RDEPENDS_${PN} += "python selinux-python-sepolicy" + +FILES_${PN} += "\ +${datadir}/system-config-selinux/selinux_server.py \ +${datadir}/polkit-1/actions/org.selinux.policy \ +${datadir}/dbus-1/system-services/org.selinux.service \ +" diff --git a/recipes-security/selinux/selinux-dbus_2.7.bb b/recipes-security/selinux/selinux-dbus_2.7.bb new file mode 100644 index 000..a4f14ed --- /dev/null +++ b/recipes-security/selinux/selinux-dbus_2.7.bb @@ -0,0 +1,7 @@ +include selinux_20170804.inc +include ${BPN}.inc + +LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" + +SRC_URI[md5sum] = "6944aa95cfb44e4d76b1aff48b38f08e" +SRC_URI[sha256sum] = "a7f3dbe68c0d02cd1cbe6aac06e87c2957668cb88083389654fabacb79641ae4" -- 2.13.0 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 13/21] semodule-utils: add package 2.7 (20170804)
From: Wenzong FanMove policycoreutils/semodule_* to semodule-utils/*: - policycoreutils/semodule_deps-> semodule-utils/semodule_deps - policycoreutils/semodule_expand -> semodule-utils/semodule_expand - policycoreutils/semodule_link-> semodule-utils/semodule_link - policycoreutils/semodule_package -> semodule-utils/semodule_package * Cleanup policycoreutils.inc Signed-off-by: Wenzong Fan --- recipes-security/selinux/policycoreutils.inc | 13 + recipes-security/selinux/semodule-utils.inc| 27 ++ recipes-security/selinux/semodule-utils_2.7.bb | 7 +++ 3 files changed, 35 insertions(+), 12 deletions(-) create mode 100644 recipes-security/selinux/semodule-utils.inc create mode 100644 recipes-security/selinux/semodule-utils_2.7.bb diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc index 05fd43d..8a9027b 100644 --- a/recipes-security/selinux/policycoreutils.inc +++ b/recipes-security/selinux/policycoreutils.inc @@ -75,10 +75,6 @@ PACKAGES =+ "\ ${PN}-runinit \ ${PN}-secon \ ${PN}-semodule \ - ${PN}-semodule-deps \ - ${PN}-semodule-expand \ - ${PN}-semodule-link \ - ${PN}-semodule-package \ ${PN}-sestatus \ ${PN}-setfiles \ ${PN}-setsebool \ @@ -102,13 +98,6 @@ FILES_${PN}-runinit += "\ FILES_${PN}-dbg += "${prefix}/libexec/selinux/hll/.debug" FILES_${PN}-secon += "${bindir}/secon" FILES_${PN}-semodule += "${sbindir}/semodule" -FILES_${PN}-semodule-deps += "${bindir}/semodule_deps" -FILES_${PN}-semodule-expand += "${bindir}/semodule_expand" -FILES_${PN}-semodule-link += "${bindir}/semodule_link" -FILES_${PN}-semodule-package += "\ - ${bindir}/semodule_package \ - ${bindir}/semodule_unpackage \ -" FILES_${PN}-hll += "${prefix}/libexec/selinux/hll/*" FILES_${PN}-sestatus += "\ ${sbindir}/sestatus \ @@ -142,7 +131,7 @@ EXTRA_OEMAKE += "INITDIR=${D}/etc/init.d" BBCLASSEXTEND = "native" -PCU_NATIVE_CMDS = "setfiles semodule_package semodule semodule_link semodule_expand semodule_deps hll" +PCU_NATIVE_CMDS = "setfiles semodule hll" do_compile_virtclass-native() { for PCU_CMD in ${PCU_NATIVE_CMDS} ; do diff --git a/recipes-security/selinux/semodule-utils.inc b/recipes-security/selinux/semodule-utils.inc new file mode 100644 index 000..1e92745 --- /dev/null +++ b/recipes-security/selinux/semodule-utils.inc @@ -0,0 +1,27 @@ +SUMMARY = "Utilities to manipulate SELinux policy module package" +DESCRIPTION = "\ +The utilities to create, expand, link and show the dependencies between \ +the SELinux policy module packages." + +SECTION = "base" +LICENSE = "GPLv2+" + +DEPENDS += "libsepol" + +EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a" + +PACKAGES =+ "\ +${PN}-semodule-deps \ +${PN}-semodule-expand \ +${PN}-semodule-link \ +${PN}-semodule-package \ +" +FILES_${PN}-semodule-deps += "${bindir}/semodule_deps" +FILES_${PN}-semodule-expand += "${bindir}/semodule_expand" +FILES_${PN}-semodule-link += "${bindir}/semodule_link" +FILES_${PN}-semodule-package += "\ +${bindir}/semodule_package \ +${bindir}/semodule_unpackage \ +" + +BBCLASSEXTEND = "native" diff --git a/recipes-security/selinux/semodule-utils_2.7.bb b/recipes-security/selinux/semodule-utils_2.7.bb new file mode 100644 index 000..fbb88bf --- /dev/null +++ b/recipes-security/selinux/semodule-utils_2.7.bb @@ -0,0 +1,7 @@ +include selinux_20170804.inc +include ${BPN}.inc + +LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" + +SRC_URI[md5sum] = "678e3a5225f9645d40fd9d13bbaa156f" +SRC_URI[sha256sum] = "90c98b3362a43b4da2a51a9176820a56f3e615225e23e3395bc566c4490786ba" -- 2.13.0 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 09/21] mcstrans: add package 2.7 (20170804)
From: Wenzong FanMove policycoreutils/mcstrans to mcstrans: * Move and rebase patches: - mcstrans-de-bashify.patch - 0001-mcstrans-fix-the-init-script.patch * Remove useless patch: - enable-mcstrans.patch * Cleanup policycoreutils_2.7.bb and policycoreutils.inc. Signed-off-by: Wenzong Fan --- recipes-security/selinux/mcstrans.inc | 49 ++ .../0001-mcstrans-fix-the-init-script.patch| 9 +-- .../mcstrans-de-bashify.patch | 20 +- recipes-security/selinux/mcstrans_2.7.bb | 7 ++ recipes-security/selinux/policycoreutils.inc | 76 +- .../selinux/policycoreutils/enable-mcstrans.patch | 17 - recipes-security/selinux/policycoreutils_2.7.bb| 2 - 7 files changed, 79 insertions(+), 101 deletions(-) create mode 100644 recipes-security/selinux/mcstrans.inc rename recipes-security/selinux/{policycoreutils => mcstrans}/0001-mcstrans-fix-the-init-script.patch (74%) rename recipes-security/selinux/{policycoreutils => mcstrans}/mcstrans-de-bashify.patch (22%) create mode 100644 recipes-security/selinux/mcstrans_2.7.bb delete mode 100644 recipes-security/selinux/policycoreutils/enable-mcstrans.patch diff --git a/recipes-security/selinux/mcstrans.inc b/recipes-security/selinux/mcstrans.inc new file mode 100644 index 000..590e6d2 --- /dev/null +++ b/recipes-security/selinux/mcstrans.inc @@ -0,0 +1,49 @@ +SUMMARY = "Daemon to translate SELinux MCS/MLS sensitivity labels" +DESCRIPTION = "\ +mcstrans provides an translation daemon to translate SELinux categories \ +from internal representations to user defined representation." + +SECTION = "base" +LICENSE = "GPLv2+" + +SRC_URI += "file://mcstrans-de-bashify.patch \ +file://0001-mcstrans-fix-the-init-script.patch \ +" + +inherit systemd update-rc.d + +DEPENDS += "libsepol libselinux libcap" + +EXTRA_OEMAKE += "SYSTEMDDIR=${D}${systemd_unitdir}" +do_install_append() { +install -d ${D}${sbindir} +install -m 755 utils/untranscon ${D}${sbindir}/ +install -m 755 utils/transcon ${D}${sbindir}/ + +if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then +install -d ${D}${sysconfdir}/tmpfiles.d +echo "d ${localstatedir}/run/setrans - - - -" \ +> ${D}${sysconfdir}/tmpfiles.d/setrans.conf +else +install -d ${D}${sysconfdir}/default/volatiles +echo "d root root 0755 /var/run/setrans none" \ +>${D}${sysconfdir}/default/volatiles/volatiles.80_mcstrans +fi +install -d ${D}${datadir}/mcstrans +cp -r share/* ${D}${datadir}/mcstrans/. +} + +SYSTEMD_SERVICE_mcstrans = "mcstrans.service" +INITSCRIPT_PACKAGES = "mcstrans" +INITSCRIPT_NAME_mcstrans = "mcstrans" +INITSCRIPT_PARAMS_mcstrans = "defaults" + +pkg_postinst_mcstrans () { +if [ -z "$D" ]; then +if command -v systemd-tmpfiles >/dev/null; then +systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/setrans.conf +elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then +${sysconfdir}/init.d/populate-volatile.sh update +fi +fi +} diff --git a/recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch b/recipes-security/selinux/mcstrans/0001-mcstrans-fix-the-init-script.patch similarity index 74% rename from recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch rename to recipes-security/selinux/mcstrans/0001-mcstrans-fix-the-init-script.patch index 39be80a..5f7163d 100644 --- a/recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch +++ b/recipes-security/selinux/mcstrans/0001-mcstrans-fix-the-init-script.patch @@ -5,14 +5,15 @@ Upstream-Status: Inappropriate [embedded specific] replace daemon with start-stop-daemon, due to not daemon functions Signed-off-by: Roy Li +Signed-off-by: Wenzong Fan --- - mcstrans/src/mcstrans.init | 2 +- + src/mcstrans.init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/mcstrans/src/mcstrans.init b/mcstrans/src/mcstrans.init +diff --git a/src/mcstrans.init b/src/mcstrans.init index 2804ec0..c660290 100644 a/mcstrans/src/mcstrans.init -+++ b/mcstrans/src/mcstrans.init +--- a/src/mcstrans.init b/src/mcstrans.init @@ -51,7 +51,7 @@ start(){ fi diff --git a/recipes-security/selinux/policycoreutils/mcstrans-de-bashify.patch b/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch similarity index 22% rename from recipes-security/selinux/policycoreutils/mcstrans-de-bashify.patch rename to recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch index 86141a2..805d7e5 100644 --- a/recipes-security/selinux/policycoreutils/mcstrans-de-bashify.patch +++ b/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch @@ -1,9 +1,23 @@ +commit
[yocto] [meta-selinux][PATCH 08/21] sepolgen: remove package
From: Wenzong FanThe package has been moved to selinux-python/sepolgen. Signed-off-by: Wenzong Fan --- recipes-security/selinux/sepolgen.inc| 34 recipes-security/selinux/sepolgen_2.6.bb | 7 --- recipes-security/selinux/sepolgen_git.bb | 7 --- 3 files changed, 48 deletions(-) delete mode 100644 recipes-security/selinux/sepolgen.inc delete mode 100644 recipes-security/selinux/sepolgen_2.6.bb delete mode 100644 recipes-security/selinux/sepolgen_git.bb diff --git a/recipes-security/selinux/sepolgen.inc b/recipes-security/selinux/sepolgen.inc deleted file mode 100644 index daf213d..000 --- a/recipes-security/selinux/sepolgen.inc +++ /dev/null @@ -1,34 +0,0 @@ -SUMMARY = "Python modules for supporting various SELinux utilities." -DESCRIPTION = "\ -This package contains a Python module that forms the core of the \ -modern audit2allow (which is a part of the package policycoreutils). \ -The sepolgen library is structured to give flexibility to the \ -application using it. The library contains: Reference Policy \ -Representation, which are Objects for representing policies and the \ -reference policy interfaces. Secondly, it has objects and algorithms \ -for representing access and sets of access in an abstract way and \ -searching that access. It also has a parser for reference policy \ -"headers". It contains infrastructure for parsing SELinux related \ -messages as produced by the audit system. It has facilities for \ -generating policy based on required access." - -SECTION = "base" -LICENSE = "LGPLv2+" - -FILES_${PN} = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" - -DEPENDS += "python" - -inherit python-dir - -FILES_${PN} += "${libdir}/python${PYTHON_BASEVERSION}/site-packages \ - /var/lib/sepolgen" - -do_install() { - oe_runmake DESTDIR=${D} \ - PYTHONLIBDIR='${libdir}/python${PYTHON_BASEVERSION}/site-packages' \ - install -} - -BBCLASSEXTEND = "native" - diff --git a/recipes-security/selinux/sepolgen_2.6.bb b/recipes-security/selinux/sepolgen_2.6.bb deleted file mode 100644 index 7825863..000 --- a/recipes-security/selinux/sepolgen_2.6.bb +++ /dev/null @@ -1,7 +0,0 @@ -include selinux_20161014.inc -include ${BPN}.inc - -LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" - -SRC_URI[md5sum] = "84faa46a0eb0b603e903efeed239c244" -SRC_URI[sha256sum] = "6a327b1576d914e57ad796a541a7a9bcceefb14c44539993de0fdb8e7a60" diff --git a/recipes-security/selinux/sepolgen_git.bb b/recipes-security/selinux/sepolgen_git.bb deleted file mode 100644 index 9b3cbe2..000 --- a/recipes-security/selinux/sepolgen_git.bb +++ /dev/null @@ -1,7 +0,0 @@ -PR = "r99" -PV = "1.2.1+git${SRCPV}" - -include selinux_git.inc -include ${BPN}.inc - -LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" -- 2.13.0 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 07/21] policycoreutils: uprev to 2.7 (20170804)
From: Wenzong FanUprev the recipe file as is. Some packages have been moved out from policycoreutils, they will be added as new packages and the policycoreutils.inc need to be cleaned up from later commits accordingly. Moved packages: From:To: - policycoreutils/gui gui - policycoreutils/mcstrans mcstrans - policycoreutils/restorecond restorecond - policycoreutils/sandbox sandbox - policycoreutils/sepolicy/dbusdbus - policycoreutils/semodule_depssemodule-utils/semodule_deps - policycoreutils/semodule_expand semodule-utils/semodule_expand - policycoreutils/semodule_linksemodule-utils/semodule_link - policycoreutils/semodule_package semodule-utils/semodule_package - policycoreutils/semanage python/semanage - policycoreutils/audit2allow python/audit2allow - policycoreutils/sepolgen-ifgen python/audit2allow/sepolgen-ifgen - policycoreutils/sepolicy python/sepolicy - policycoreutils/scripts/chcatpython/chcat Released package list refer to: https://github.com/SELinuxProject/selinux/wiki/Releases Cleanup the patch file that have been removed in 2.6: - policycoreutils-fts_flags-FTS_NOCHDIR.patch Signed-off-by: Wenzong Fan --- .../policycoreutils-fts_flags-FTS_NOCHDIR.patch| 25 -- ...licycoreutils_2.6.bb => policycoreutils_2.7.bb} | 6 +++--- 2 files changed, 3 insertions(+), 28 deletions(-) delete mode 100644 recipes-security/selinux/policycoreutils/policycoreutils-fts_flags-FTS_NOCHDIR.patch rename recipes-security/selinux/{policycoreutils_2.6.bb => policycoreutils_2.7.bb} (74%) diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fts_flags-FTS_NOCHDIR.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fts_flags-FTS_NOCHDIR.patch deleted file mode 100644 index fd04b51..000 --- a/recipes-security/selinux/policycoreutils/policycoreutils-fts_flags-FTS_NOCHDIR.patch +++ /dev/null @@ -1,25 +0,0 @@ -This works around a bug in the default libc used by OE. FTS functions are -supposed to change the current working directory as they walk the file -hierarchy. The fts_accpath member of the FTSENT structure relies on this -behavior and without it the path is not relative to cwd as expected. -Supplying the FTS_NOCHDIR flag disables this optimization and causes -fts_accpath to be relative to the directory where the traversal started. -Use of this flag doesn't effect compatibility with glibc. - -An alternative fix could replace the use of fts_accpath with fts_path -which is absolute. - -Signed-off-by: Philip Tricca -Index: policycoreutils/setfiles/setfiles.c -=== policycoreutils.orig/setfiles/setfiles.c -+++ policycoreutils/setfiles/setfiles.c -@@ -194,7 +194,7 @@ int main(int argc, char **argv) - r_opts.expand_realpath = 0; - r_opts.abort_on_error = 1; - r_opts.add_assoc = 1; -- r_opts.fts_flags = FTS_PHYSICAL | FTS_XDEV; -+ r_opts.fts_flags = FTS_PHYSICAL | FTS_XDEV | FTS_NOCHDIR; - ctx_validate = 1; - } else { - /* diff --git a/recipes-security/selinux/policycoreutils_2.6.bb b/recipes-security/selinux/policycoreutils_2.7.bb similarity index 74% rename from recipes-security/selinux/policycoreutils_2.6.bb rename to recipes-security/selinux/policycoreutils_2.7.bb index 6a625b3..50f15d0 100644 --- a/recipes-security/selinux/policycoreutils_2.6.bb +++ b/recipes-security/selinux/policycoreutils_2.7.bb @@ -1,10 +1,10 @@ -include selinux_20161014.inc +include selinux_20170804.inc include ${BPN}.inc LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" -SRC_URI[md5sum] = "0358f0136e2dd9a8c9e99f181aaab1b2" -SRC_URI[sha256sum] = "68891b376f5048edc53c6ccb2fca44da3dc7f4563f4b6894e201d70c04a05a29" +SRC_URI[md5sum] = "65311b66ae01f7b7ad7c2ea7401b68ed" +SRC_URI[sha256sum] = "0a1b8a4a323b854981c6755ff025fe98a0f1cff307f109abb260f0490f13e4f4" SRC_URI += "\ file://policycoreutils-fix-sepolicy-install-path.patch \ -- 2.13.0 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 05/21] checkpolicy: uprev to 2.7 (20170804)
From: Wenzong FanRemove patch that included by new version: - checkpolicy-Do-not-link-against-libfl.patch Specify LIBSEPOLA to fix build error: make[1]: *** No rule to make target `/usr/lib/libsepol.a' Signed-off-by: Wenzong Fan --- recipes-security/selinux/checkpolicy.inc | 3 +- .../checkpolicy-Do-not-link-against-libfl.patch| 46 -- .../{checkpolicy_2.6.bb => checkpolicy_2.7.bb} | 6 +-- 3 files changed, 4 insertions(+), 51 deletions(-) delete mode 100644 recipes-security/selinux/checkpolicy/checkpolicy-Do-not-link-against-libfl.patch rename recipes-security/selinux/{checkpolicy_2.6.bb => checkpolicy_2.7.bb} (35%) diff --git a/recipes-security/selinux/checkpolicy.inc b/recipes-security/selinux/checkpolicy.inc index efcd821..878c656 100644 --- a/recipes-security/selinux/checkpolicy.inc +++ b/recipes-security/selinux/checkpolicy.inc @@ -11,10 +11,9 @@ LICENSE = "GPLv2+" DEPENDS += "libsepol bison-native flex-native" -SRC_URI += "file://checkpolicy-Do-not-link-against-libfl.patch" - EXTRA_OEMAKE += "PREFIX=${D}" EXTRA_OEMAKE += "LEX='flex'" +EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a" do_install_append() { install test/dismod ${D}/${bindir}/sedismod diff --git a/recipes-security/selinux/checkpolicy/checkpolicy-Do-not-link-against-libfl.patch b/recipes-security/selinux/checkpolicy/checkpolicy-Do-not-link-against-libfl.patch deleted file mode 100644 index e19209e..000 --- a/recipes-security/selinux/checkpolicy/checkpolicy-Do-not-link-against-libfl.patch +++ /dev/null @@ -1,46 +0,0 @@ -checkpolicy: Don't link against libfl - -In policy_scan.l file, we have already removed all references to yywrap by -adding "%option noyywrap" statements to each flex source file that doesn't -override yywrap. After this, we no longer need to link against libfl and so -no longer get errors about undefined references to yylex. - -Upstream-status: Pending - -Signed-off-by: Chong Lu -Signed-off-by: Shrikant Bobade ¶ - - Makefile |2 +- - test/Makefile |2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile b/Makefile -index e5fae3d..14ac70e 100644 a/Makefile -+++ b/Makefile -@@ -19,7 +19,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \ - CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o - CHECKMODOBJS = $(CHECKOBJS) checkmodule.o - --LDLIBS=$(LIBDIR)/libsepol.a -lfl -+LDLIBS=$(LIBDIR)/libsepol.a - - GENERATED=lex.yy.c y.tab.c y.tab.h - -diff --git a/test/Makefile b/test/Makefile -index 63b4d24..0f19a8a 100644 a/test/Makefile -+++ b/test/Makefile -@@ -9,7 +9,7 @@ INCLUDEDIR ?= $(PREFIX)/include - CFLAGS ?= -g -Wall -W -Werror -O2 -pipe - override CFLAGS += -I$(INCLUDEDIR) - --LDLIBS=-lfl $(LIBDIR)/libsepol.a -L$(LIBDIR) -+LDLIBS=$(LIBDIR)/libsepol.a -L$(LIBDIR) - - all: dispol dismod - --- -1.7.9.5 - diff --git a/recipes-security/selinux/checkpolicy_2.6.bb b/recipes-security/selinux/checkpolicy_2.7.bb similarity index 35% rename from recipes-security/selinux/checkpolicy_2.6.bb rename to recipes-security/selinux/checkpolicy_2.7.bb index f67c150..90b8109 100644 --- a/recipes-security/selinux/checkpolicy_2.6.bb +++ b/recipes-security/selinux/checkpolicy_2.7.bb @@ -1,7 +1,7 @@ -include selinux_20161014.inc +include selinux_20170804.inc include ${BPN}.inc LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833" -SRC_URI[md5sum] = "2b581f8fe8eb8f55f111088e15d76c3a" -SRC_URI[sha256sum] = "0bebd18688ca8027b1b3b4ff1532c0626f1fe49883ae6cb74d9d385940e74157" +SRC_URI[md5sum] = "5c718eaad4d3015bd5665ffde77b50fd" +SRC_URI[sha256sum] = "5413479f1dcde866c19896b4dbfec315d822aa431606e1d03c944408984c3201" -- 2.13.0 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 06/21] secilc: uprev to 2.7 (20170804)
From: Wenzong FanSigned-off-by: Wenzong Fan --- recipes-security/selinux/{secilc_2.6.bb => secilc_2.7.bb} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename recipes-security/selinux/{secilc_2.6.bb => secilc_2.7.bb} (35%) diff --git a/recipes-security/selinux/secilc_2.6.bb b/recipes-security/selinux/secilc_2.7.bb similarity index 35% rename from recipes-security/selinux/secilc_2.6.bb rename to recipes-security/selinux/secilc_2.7.bb index 0f84b0e..611f165 100644 --- a/recipes-security/selinux/secilc_2.6.bb +++ b/recipes-security/selinux/secilc_2.7.bb @@ -1,7 +1,7 @@ -include selinux_20161014.inc +include selinux_20170804.inc include ${BPN}.inc LIC_FILES_CHKSUM = "file://COPYING;md5=5fb82e8deb357d4e5fd8f3fed01d2f38" -SRC_URI[md5sum] = "38c06fb8d97206a12016b4516ee23efc" -SRC_URI[sha256sum] = "a84838c15bb7b0141238b48294b15ff0e1618107f547541a0067d1ddabcc9502" +SRC_URI[md5sum] = "301a4e477bc7214be16558f7c2dcbcff" +SRC_URI[sha256sum] = "9ec63dd64645c718f66d33c96299adfe0445b0aa62d7ac8c642f873c570609c5" -- 2.13.0 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)
From: Wenzong FanRemove patches that included by new version: - 0001-libsemanage-simplify-string-utilities-functions.patch - 0002-libsemanage-add-semanage_str_replace-utility-functio.patch - 0003-libsemanage-genhomedircon-drop-ustr-dependency.patch - 0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch - libsemanage-fix-path-len-limit.patch Rebase patch: - libsemanage-allow-to-disable-audit-support.patch Set PYCEXT and PYSITEDIR to generate the _semanage.so and install it to ${libdir}/python${PYTHON_BASEVERSION}/site-packages. Signed-off-by: Wenzong Fan --- recipes-security/selinux/libsemanage.inc | 2 + ...anage-simplify-string-utilities-functions.patch | 115 ...-add-semanage_str_replace-utility-functio.patch | 164 --- ...manage-genhomedircon-drop-ustr-dependency.patch | 323 - ...-remove-ustr-library-from-Makefiles-READM.patch | 61 ...ibsemanage-allow-to-disable-audit-support.patch | 68 +++-- .../libsemanage-fix-path-len-limit.patch | 28 -- .../{libsemanage_2.6.bb => libsemanage_2.7.bb} | 11 +- 8 files changed, 42 insertions(+), 730 deletions(-) delete mode 100644 recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch delete mode 100644 recipes-security/selinux/libsemanage/0002-libsemanage-add-semanage_str_replace-utility-functio.patch delete mode 100644 recipes-security/selinux/libsemanage/0003-libsemanage-genhomedircon-drop-ustr-dependency.patch delete mode 100644 recipes-security/selinux/libsemanage/0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch delete mode 100644 recipes-security/selinux/libsemanage/libsemanage-fix-path-len-limit.patch rename recipes-security/selinux/{libsemanage_2.6.bb => libsemanage_2.7.bb} (50%) diff --git a/recipes-security/selinux/libsemanage.inc b/recipes-security/selinux/libsemanage.inc index 504101d..9b238c8 100644 --- a/recipes-security/selinux/libsemanage.inc +++ b/recipes-security/selinux/libsemanage.inc @@ -40,6 +40,8 @@ do_install() { oe_runmake install-pywrap swigify \ DESTDIR=${D} \ +PYCEXT='.so' \ + PYSITEDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages' \ PYLIBVER='python${PYTHON_BASEVERSION}' \ PYLIBDIR='${D}/${libdir}/$(PYLIBVER)' diff --git a/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch b/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch deleted file mode 100644 index fd478d0..000 --- a/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch +++ /dev/null @@ -1,115 +0,0 @@ -From 514a5df959ea0e13db4e87f73c2ac5edcceebd52 Mon Sep 17 00:00:00 2001 -From: Nicolas Iooss -Date: Wed, 21 Dec 2016 19:21:01 +0100 -Subject: [meta-selinux][PATCH 1/4] libsemanage: simplify string utilities functions - -Use string functions from C standard library instead of ustr. This makes -the code simpler and make utilities.c no longer depend on ustr library. - -This changes how semanage_split() behaves when delim is not empty (NULL -or "") and the input string contains several successive delimiters: -semanage_split("foobar", ":") returned "bar" and now returns ":bar". -This would not have any impact in the current code as semanage_split() -is only called with delim="=" (through semanage_findval(), in -libsemanage/src/genhomedircon.c), in order to split a "key=value" -statement. - -Signed-off-by: Nicolas Iooss -(cherry picked from commit a228bb3736c5957d41ad9e01eb1283fc6883a6e5) - libsemanage/src/utilities.c | 59 ++--- - 1 file changed, 13 insertions(+), 46 deletions(-) - -diff --git a/libsemanage/src/utilities.c b/libsemanage/src/utilities.c -index f48ffa4..fa86cc7 100644 a/libsemanage/src/utilities.c -+++ b/libsemanage/src/utilities.c -@@ -26,7 +26,6 @@ - #include - #include - #include --#include - - #define TRUE 1 - #define FALSE 0 -@@ -74,64 +73,32 @@ char *semanage_split_on_space(const char *str) - { - /* as per the man page, these are the isspace() chars */ - const char *seps = "\f\n\r\t\v "; -- size_t slen = strlen(seps); -- size_t off = 0, rside_len = 0; -- char *retval = NULL; -- Ustr *ustr = USTR_NULL, *temp = USTR_NULL; -+ size_t off = 0; - - if (!str) -- goto done; -- if (!(ustr = ustr_dup_cstr(str))) -- goto done; -- temp = -- ustr_split_spn_chrs(ustr, , seps, slen, USTR_NULL, -- USTR_FLAG_SPLIT_DEF); -- if (!temp) -- goto done; -- /* throw away the left hand side */ -- ustr_sc_free(); -- -- rside_len = ustr_len(ustr) - off; -- temp = ustr_dup_subustr(ustr, off +
[yocto] [meta-selinux][PATCH 03/21] libselinux: uprev to 2.7 (20170804)
From: Wenzong FanSpecify LIBSEPOLA to fix build error: make[1]: *** No rule to make target `/usr/lib/libsepol.a', needed by `python-2.7audit2why.so'. Stop. Add python-importlib to RDEPENDS_${PN}-python. Signed-off-by: Wenzong Fan --- recipes-security/selinux/libselinux.inc | 3 ++- recipes-security/selinux/{libselinux_2.6.bb => libselinux_2.7.bb} | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) rename recipes-security/selinux/{libselinux_2.6.bb => libselinux_2.7.bb} (72%) diff --git a/recipes-security/selinux/libselinux.inc b/recipes-security/selinux/libselinux.inc index ad00d10..bd5ce8d 100644 --- a/recipes-security/selinux/libselinux.inc +++ b/recipes-security/selinux/libselinux.inc @@ -8,6 +8,7 @@ LICENSE = "PD" inherit lib_package pythonnative DEPENDS += "libsepol python libpcre swig-native" +RDEPENDS_${PN}-python += "python-importlib" PACKAGES += "${PN}-python" FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*" @@ -21,7 +22,7 @@ def get_policyconfigarch(d): return "ARCH=%s" % (target) EXTRA_OEMAKE += "${@get_policyconfigarch(d)}" -EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre'" +EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre' LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'" do_compile_append() { oe_runmake pywrap -j1 \ diff --git a/recipes-security/selinux/libselinux_2.6.bb b/recipes-security/selinux/libselinux_2.7.bb similarity index 72% rename from recipes-security/selinux/libselinux_2.6.bb rename to recipes-security/selinux/libselinux_2.7.bb index b9ad231..e0d01fc 100644 --- a/recipes-security/selinux/libselinux_2.6.bb +++ b/recipes-security/selinux/libselinux_2.7.bb @@ -1,10 +1,10 @@ -include selinux_20161014.inc +include selinux_20170804.inc include ${BPN}.inc LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0" -SRC_URI[md5sum] = "0e066ba6d6e590ba4b53eed64905d901" -SRC_URI[sha256sum] = "4ea2dde50665c202253ba5caac7738370ea0337c47b251ba981c60d24e1a118a" +SRC_URI[md5sum] = "1d48ee4e9fadd76794d70c806b69ba7d" +SRC_URI[sha256sum] = "d0fec0769b3ad60aa7baf9b9a4b7a056827769dc2dadda0dc0eb59b3d1c18c57" SRC_URI += "\ file://libselinux-drop-Wno-unused-but-set-variable.patch \ -- 2.13.0 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 02/21] libsepol: uprev to 2.7 (20170804)
From: Wenzong FanSigned-off-by: Wenzong Fan --- recipes-security/selinux/{libsepol_2.6.bb => libsepol_2.7.bb} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename recipes-security/selinux/{libsepol_2.6.bb => libsepol_2.7.bb} (49%) diff --git a/recipes-security/selinux/libsepol_2.6.bb b/recipes-security/selinux/libsepol_2.7.bb similarity index 49% rename from recipes-security/selinux/libsepol_2.6.bb rename to recipes-security/selinux/libsepol_2.7.bb index e593fe9..f38f7ba 100644 --- a/recipes-security/selinux/libsepol_2.6.bb +++ b/recipes-security/selinux/libsepol_2.7.bb @@ -1,9 +1,9 @@ -include selinux_20161014.inc +include selinux_20170804.inc include ${BPN}.inc LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343" -SRC_URI[md5sum] = "dc1dfd31aea4c6e4b521f3aa2bddf7de" -SRC_URI[sha256sum] = "d856d6506054f52abeaa3543ea2f2344595a3dc05d0d873ed7f724f7a16b1874" +SRC_URI[md5sum] = "9424b93fd6efd853b9360f29265c5aa3" +SRC_URI[sha256sum] = "d69d3bd8ec901a3bd5adf2be2fb47fb1a685ed73066ab482e7e505371a48f9e7" SRC_URI += "file://0001-src-Makefile-fix-includedir-in-libsepol.pc.patch" -- 2.13.0 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH 01/21] selinux: uprev include file to 20170804
From: Wenzong FanSigned-off-by: Wenzong Fan --- recipes-security/selinux/{selinux_20161014.inc => selinux_20170804.inc} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename recipes-security/selinux/{selinux_20161014.inc => selinux_20170804.inc} (84%) diff --git a/recipes-security/selinux/selinux_20161014.inc b/recipes-security/selinux/selinux_20170804.inc similarity index 84% rename from recipes-security/selinux/selinux_20161014.inc rename to recipes-security/selinux/selinux_20170804.inc index c97e35b..1c11208 100644 --- a/recipes-security/selinux/selinux_20161014.inc +++ b/recipes-security/selinux/selinux_20170804.inc @@ -1,4 +1,4 @@ -SELINUX_RELEASE = "20161014" +SELINUX_RELEASE = "20170804" SRC_URI = "https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz; -- 2.13.0 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto