Re: [yocto] Building Custom Python 3 Packages

2017-09-05 Thread Paul Eggleton 
On Saturday, 2 September 2017 12:42:09 AM NZST Alexander Kanavin wrote:
> On 08/31/2017 04:54 PM, Seilis, Aaron wrote:
> > This clearly indicates that the issue is that the build is looking
> > for setup.py in the ${B} location, but it is only present in the ${S}
> > location when `devtool modify` has been run. I have tried setting
> > ${B} to ${S} explicitly in the recipe, but this doesn't result in
> > ${B} being changed when I run `bitbake -e mytool`. I could always
> > copy ${S} to ${B} in the recipe, but that seems a bit hack-ish.
> > 
> > Did I miss something or is there another way that Python builds are
> > intended to work?
> 
> I think this might be a limitation of setuptools: they do not support 
> out-of-tree builds (which is a must for devtool modify'). If you can 
> figure out how to solve it, that would be nice!

devtool modify does not require out-of-tree builds - I think in this instance 
it's assuming that's OK, and it's supposed to be following what the recipe 
originally used so that may be a bug. The workaround is to tell it to use the 
same directory with the -s/--same-dir option.

Cheers,
Paul

-- 

Paul Eggleton
Intel Open Source Technology Centre
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-raspberrypi][PATCH v2 2/2] bluez5: enable bluetooth on raspberrypi0-wifi

2017-09-05 Thread Yusuke Mitsuki 
Add functions/variable to enabling bluetooth on raspberrypi0-wifi.

Signed-off-by: Yusuke Mitsuki 
---
 recipes-connectivity/bluez5/bluez5_%.bbappend | 12 
 1 file changed, 12 insertions(+)

diff --git a/recipes-connectivity/bluez5/bluez5_%.bbappend 
b/recipes-connectivity/bluez5/bluez5_%.bbappend
index b2fbf22..03efd5c 100644
--- a/recipes-connectivity/bluez5/bluez5_%.bbappend
+++ b/recipes-connectivity/bluez5/bluez5_%.bbappend
@@ -25,6 +25,7 @@ BCM_BT_FIRMWARE =  " \
 
 BCM_BT_SERVICE =  " brcm43438.service"
 
+# for raspberrypi3
 SRC_URI_append_raspberrypi3 = " ${BCM_BT_SOURCES}"
 
 do_install_append_raspberrypi3() {
@@ -34,3 +35,14 @@ do_install_append_raspberrypi3() {
 FILES_${PN}_append_raspberrypi3 = " ${BCM_BT_FIRMWARE}"
 
 SYSTEMD_SERVICE_${PN}_append_raspberrypi3 = " ${BCM_BT_SERVICE}"
+
+# for raspberrypi0-wifi
+SRC_URI_append_raspberrypi0-wifi = " ${BCM_BT_SOURCES}"
+
+do_install_append_raspberrypi0-wifi() {
+enable_bcm_bluetooth
+}
+
+FILES_${PN}_append_raspberrypi0-wifi = " ${BCM_BT_FIRMWARE}"
+
+SYSTEMD_SERVICE_${PN}_append_raspberrypi0-wifi = " ${BCM_BT_SERVICE}"
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-raspberrypi][PATCH v2 1/2] bluez5: add functions/variables to enabling bluetooth on another raspberrypi

2017-09-05 Thread Yusuke Mitsuki 
functions/variables in this bbappend implemented for only raspberrypi3.
But these must be able to used to enabling bluetooth on another raspberrypi 
that has bluetooth feature such as raspberrypi0-wifi.

The simple solution is a duplicating these but it is not good ideas for 
maintainance.

Add functions/variables follows to simplify to enabling bluetooth on another 
raspberrypi that has bluetooth.
- BCM_BT_SOURCES
- enable_bcm_bluetooth()
- BCM_BT_FIRMWARE
- BCM_BT_SERVICE

Signed-off-by: Yusuke Mitsuki 
---
 recipes-connectivity/bluez5/bluez5_%.bbappend | 18 ++
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/recipes-connectivity/bluez5/bluez5_%.bbappend 
b/recipes-connectivity/bluez5/bluez5_%.bbappend
index 956d776..b2fbf22 100644
--- a/recipes-connectivity/bluez5/bluez5_%.bbappend
+++ b/recipes-connectivity/bluez5/bluez5_%.bbappend
@@ -1,6 +1,6 @@
 FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
 
-SRC_URI_append_raspberrypi3 = " \
+BCM_BT_SOURCES =  " \
 file://BCM43430A1.hcd \
 file://0001-bcm43xx-Add-bcm43xx-3wire-variant.patch \
 file://0002-bcm43xx-The-UART-speed-must-be-reset-after-the-firmw.patch \
@@ -9,7 +9,7 @@ SRC_URI_append_raspberrypi3 = " \
 file://brcm43438.service \
 "
 
-do_install_append_raspberrypi3() {
+enable_bcm_bluetooth() {
 install -d ${D}/lib/firmware/brcm/
 install -m 0644 ${WORKDIR}/BCM43430A1.hcd 
${D}/lib/firmware/brcm/BCM43430A1.hcd
 
@@ -19,8 +19,18 @@ do_install_append_raspberrypi3() {
 fi
 }
 
-FILES_${PN}_append_raspberrypi3 = " \
+BCM_BT_FIRMWARE =  " \
 /lib/firmware/brcm/BCM43430A1.hcd \
 "
 
-SYSTEMD_SERVICE_${PN}_append_raspberrypi3 = " brcm43438.service"
+BCM_BT_SERVICE =  " brcm43438.service"
+
+SRC_URI_append_raspberrypi3 = " ${BCM_BT_SOURCES}"
+
+do_install_append_raspberrypi3() {
+enable_bcm_bluetooth
+}
+
+FILES_${PN}_append_raspberrypi3 = " ${BCM_BT_FIRMWARE}"
+
+SYSTEMD_SERVICE_${PN}_append_raspberrypi3 = " ${BCM_BT_SERVICE}"
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] [meta-raspberrypi][PATCH] bluez5: add functions for raspberrypi0-wifi

2017-09-05 Thread Yusuke Mitsuki 
Sorry I am late.
I could not get time enough for this work.

I will send patches soon.

By the way, If the Michal's  work that Andrei pointed and my patches are
similar, please drop my patches.



2017-09-04 20:05 GMT+09:00 Andrei Gherzan :

>
>
> On Fri, Aug 25, 2017 at 9:17 PM, Yusuke Mitsuki <
> mickey.happygolu...@gmail.com> wrote:
>
>> okay. I will try.
>>
>> 2017-08-25 17:51 GMT+09:00 Paul Barker :
>>
>>> On Thu, Aug 24, 2017 at 1:05 PM, Yusuke Mitsuki
>>>  wrote:
>>> > hciattach on raspberrypi0-wifi failed because BCM43430A1.hcd is not
>>> found.
>>> >
>>> > Paches that in order to use bluetooth with BCM43430 are not enabled.
>>> > Functions are only enabled with raspberrypi3 in bluez5_%.bbappend like
>>> as follows:
>>> >
>>> > - SRC_URI_append_raspberrypi3
>>> > - do_install_append_raspberrypi3()
>>> > - FILES_${PN}_append_raspberrypi3
>>> > - SYSTEMD_SERVICE_${PN}_append_raspberrypi3
>>> >
>>> > These should be enabled with raspberrypi0-wifi too.
>>> >
>>> > Signed-off-by: Yusuke Mitsuki 
>>> > ---
>>> >  recipes-connectivity/bluez5/bluez5_%.bbappend | 25
>>> +
>>> >  1 file changed, 25 insertions(+)
>>> >
>>> > diff --git a/recipes-connectivity/bluez5/bluez5_%.bbappend
>>> b/recipes-connectivity/bluez5/bluez5_%.bbappend
>>> > index 956d776..075dc2b 100644
>>> > --- a/recipes-connectivity/bluez5/bluez5_%.bbappend
>>> > +++ b/recipes-connectivity/bluez5/bluez5_%.bbappend
>>> > @@ -24,3 +24,28 @@ FILES_${PN}_append_raspberrypi3 = " \
>>> >  "
>>> >
>>> >  SYSTEMD_SERVICE_${PN}_append_raspberrypi3 = " brcm43438.service"
>>> > +
>>> > +SRC_URI_append_raspberrypi0-wifi = " \
>>> > +file://BCM43430A1.hcd \
>>> > +file://0001-bcm43xx-Add-bcm43xx-3wire-variant.patch \
>>> > +
>>> > file://0002-bcm43xx-The-UART-speed-must-be-reset-after-the-firmw.patch
>>> \
>>> > +file://0003-Increase-firmware-load-timeout-to-30s.patch \
>>> > +file://0004-Move-the-43xx-firmware-into-lib-firmware.patch \
>>> > +file://brcm43438.service \
>>> > +"
>>> > +
>>> > +do_install_append_raspberrypi0-wifi() {
>>> > +install -d ${D}/lib/firmware/brcm/
>>> > +install -m 0644 ${WORKDIR}/BCM43430A1.hcd
>>> ${D}/lib/firmware/brcm/BCM43430A1.hcd
>>> > +
>>> > +if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true',
>>> 'false', d)}; then
>>> > +install -d ${D}${systemd_unitdir}/system
>>> > +install -m 0644 ${WORKDIR}/brcm43438.service
>>> ${D}${systemd_unitdir}/system
>>> > +fi
>>> > +}
>>> > +
>>> > +FILES_${PN}_append_raspberrypi0-wifi = " \
>>> > +/lib/firmware/brcm/BCM43430A1.hcd \
>>> > +"
>>> > +
>>> > +SYSTEMD_SERVICE_${PN}_append_raspberrypi0-wifi = " brcm43438.service"
>>>
>>> I don't like the amount of duplication here. Could you define some
>>> common variables and use those in the appends? This will make it
>>> easier to change/upgrade in the future and avoid risk of the
>>> duplicates falling out of sync with each other.
>>>
>>> Eg.
>>>
>>> RPI_WIFI_SOURCES = ""
>>>
>>> SRC_URI_append_raspberrypi3 = "${RPI_WIFI_SOURCES}"
>>> SRC_URI_append_raspberrypi0-wifi = "${RPI_WIFI_SOURCES}"
>>>
>>>
> I know Michal worked on this not long ago. Michal, could you give us some
> hints here? Maybe backport the changes in resinOS?
>
>
> --
> Andrei Gherzan
>
>
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] Yocto Project Status WW35’17

2017-09-05 Thread Philip Balister 
And do not forget the OpenEmbedded Developer Meeting in Prague before ELCE:

https://www.openembedded.org/wiki/OEDEM_2017

Philip

On 08/28/2017 10:42 AM, Jolley, Stephen K wrote:
> Current Dev Position: YP 2.4 M3
> 
> Next Deadline: YP 2.4 M3 (In QA)
> 
> 
> SWAT team rotation: Paul -> Todor on Aug. 25, 2017.
> 
> SWAT team rotation: Todor -> Tracy on Aug. 18, 2017.
> 
> https://wiki.yoctoproject.org/wiki/Yocto_Build_Failure_Swat_Team
> 
> 
> Key Status/Updates:
> 
> ·We’ve reached feature freeze for 2.4 and the M3 rc1 build is in QA.  
> See: https://wiki.yoctoproject.org/wiki/2.4_QA_Status
> 
> ·Some things did not make 2.4. In particular, the python manifest 
> rework didn’t, nor did the multiple kernels work or the switch to pkgconf by 
> default. These patchsets were too late in the cycle and potentially caused 
> too many issues. I’ve started queueing some things on master-next-2.5 in the 
> meantime.
> 
> ·We’ve continued to struggle with various autobuilder reported 
> failures although current master appears to be working better than we’ve had 
> things for a while.
> 
> ·Some fixes were merged for the bitbake server reconnection issues 
> and this should remove the traceback many people were seeing and generally 
> clean up some of the behavior for reconnections.
> 
> ·There were some staging.bbclass fixes that have recently merged 
> which allow the system to cope much better with changing things like the 
> pkgconfig provider.
> 
> 
> Planned upcoming dot releases:
> 
> YP 2.2.2 Cut off June 5, 2017 - Not ready to do an rc2 yet.
> 
> YP 2.2.2 Release by June, 16 2017
> 
> YP 2.3.2 Cut off Sept. 1, 2017
> 
> YP 2.3.2 Release by Sept. 15, 2017
> 
> 
> Key YP 2.4 Dates are:
> 
> YP 2.4 M3 Cut off is Aug. 21, 2017 (In QA)
> 
> YP 2.4 M3 Release by Sept. 1, 2017
> 
> YP 2.4 M4 (Final) Cut off is Sept. 18, 2017
> 
> YP 2.4 M4 (Final) Release by Oct. 20, 2017
> 
> 
> Tracking Metrics:
> 
> WDD 2504 (last week 2476)
> 
> (https://wiki.yoctoproject.org/charts/combo.html)
> 
> 
> Key Status Links for YP:
> 
> https://wiki.yoctoproject.org/wiki/Yocto_Project_v2.4_Status
> 
> https://wiki.yoctoproject.org/wiki/Yocto_2.4_Schedule
> 
> https://wiki.yoctoproject.org/wiki/Yocto_2.4_Features
> 
> 
> [If anyone has suggestions for other information you’d like to see on this 
> weekly status update, let us know!]
> 
> 
> Thanks,
> 
> Stephen K. Jolley
> Yocto Project Program Manager
> INTEL, MS JF1-255, 2111 N.E. 25th Avenue, Hillsboro, OR 97124
> •   Work Telephone:(503) 712-0534
> •Cell:   (208) 244-4460
> • Email:  stephen.k.jol...@intel.com
> 
> 
> 
> 
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] Build RPi without wireless?

2017-09-05 Thread Paul D. DeRocco 
How do I build a Raspberry Pi image without WiFi or Bluetooth, or any of
the related utilities? There seem to be lots of packages involved in this,
and I can't figure out what's pulling them in in the first place.

-- 

Ciao,   Paul D. DeRocco
Paulmailto:pdero...@ix.netcom.com

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] Adding dependency to recipe, when dependency ins't in build system

2017-09-05 Thread Demetrius Pampouktsis 
Hello,

I have a custom recipe which has been building just fine. I am now
trying to add a runtime dependency (debian dependency) on the package,
and I can't seem to figure it out. The main issue is the dependency
isn't in the yocto build system.

I started off with what I know, and added below to the recipe.
 RDEPENDS_${PN} = ""

And I received the following error.

ERROR: Nothing RPROVIDES 'package_dependency' (but
/home/yocto/fsl-release-bsp/sources/meta-custom/recipes-connectivity/ntpd-config/ntpd-config_1.0.bb
RDEPENDS on or otherwise requires it)
NOTE: Runtime target 'miraclemax' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['miraclemax']
ERROR: Required build target 'ntpd-config' has no buildable providers.
Missing or unbuildable dependency chain was: ['ntpd-config', 'miraclemax']

After reading through some of the documentation. I found that RDEPENDS
will through an error if the package isn't in the build system.

I then tried some INSANE_SKIP
INSANE_SKIP_${PN} += "build-deps"

And was still getting the above error.

Is there any way for me to add a dependency to a package without it
being in the build system?
-- 
Regards,
Demetrius Pampouktsis
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] Yocto Project Status WW36’17

2017-09-05 Thread Jolley, Stephen K 
Current Dev Position: YP 2.4 M4

Next Deadline: YP 2.4 Final Cut off is Sept. 18, 2017


SWAT team rotation: Todor -> Tracy on Sept. 1, 2017.

SWAT team rotation: Tracy -> Alejandro on Sept. 8, 2017

https://wiki.yoctoproject.org/wiki/Yocto_Build_Failure_Swat_Team


Key Status/Updates:

·M3 rc1 was released, there were some issues found but nothing which 
couldn’t be addressed in M4 so we’re on track for release.

·We’ve found and fixed a number of BB_SERVER_TIMEOUT issues to the 
point that it can now be used with oe-selftest which gives us a good confidence 
level in the functionality for release. If anyone does see issues with the 
bitbake server changes please report them as we’ve resolved most of the known 
issues (the remaining ones are with the xmlrpc server).

·We are seeing intermittent qemu issues on the autobuilder and also 
intermittent failures particularly on qemuppc. We’re doing what we can to 
investigate these.

·Huge thanks to Armin for finding out the issues we were seeing on the 
autobuilder for morty. We continue to see some issues with one of the newest 
autobuilder workers but believe that many of the other issues we were seeing 
have been resolved and hope that the 2.2.2 release can proceed soon and be 
given to QA.

·Pyro has also seen many patches recently and is likely heading to a 
new point release once these have been tested and merged.


Planned upcoming dot releases:

YP 2.2.2 Cut off June 5, 2017 - Not ready to do an rc2 yet.

YP 2.2.2 Release by June, 16 2017

YP 2.3.2 Cut off Sept. 1, 2017

YP 2.3.2 Release by Sept. 15, 2017


Key YP 2.4 Dates are:

YP 2.4 M4 (Final) Cut off is Sept. 18, 2017

YP 2.4 M4 (Final) Release by Oct. 20, 2017


Tracking Metrics:

WDD 2529 (last week 2504)

(https://wiki.yoctoproject.org/charts/combo.html)


Key Status Links for YP:

https://wiki.yoctoproject.org/wiki/Yocto_Project_v2.4_Status

https://wiki.yoctoproject.org/wiki/Yocto_2.4_Schedule

https://wiki.yoctoproject.org/wiki/Yocto_2.4_Features


[If anyone has suggestions for other information you’d like to see on this 
weekly status update, let us know!]


Thanks,

Stephen K. Jolley
Yocto Project Program Manager
INTEL, MS JF1-255, 2111 N.E. 25th Avenue, Hillsboro, OR 97124
•   Work Telephone:(503) 712-0534
•Cell:   (208) 244-4460
• Email:  stephen.k.jol...@intel.com

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] Minutes: Yocto Project Technical Team Meeting

2017-09-05 Thread Jolley, Stephen K 
Attendees: Richard, Joshua L., Ross, Saul, Trevor, Stephano, Stephen, Leo, 
Joshua W., Michael, Bill Mills, Mark,

Agenda:

* Opens collection - 5 min (Stephen)
* Yocto Project status - 5 min (Stephen/team)
YP 2.4 M3 released last Friday.
https://wiki.yoctoproject.org/wiki/Yocto_Project_v2.4_Status
https://wiki.yoctoproject.org/wiki/Yocto_2.4_Schedule
https://wiki.yoctoproject.org/wiki/Yocto_2.4_Features

* Opens - 10 min

* Team Sharing - 10 min
*   YP 2.4 M4 is in process, we are feature frozen. Richard discussed the 
features which were accepted into YP 2.4 and those which will push to YP 2.5. 
Discussed issues we are having with Autobuilder.
*   We discussed Pseudo issues.  We have lost ongoing support for Pseudo 
and are struggling with issues.
*   YP 2.2.2 is now almost ready to be tested, most all the issues have 
been fixed. This should go in soon.
*   YP 2.3.2 is also being prepared to be tested.
*   Build times have improved with the new Autobuilders.
*   Discussed the need to test layers with YP Compatible testing.

Thanks,

Stephen K. Jolley
Yocto Project Program Manager
INTEL, MS JF1-255, 2111 N.E. 25th Avenue, Hillsboro, OR 97124
*   Work Telephone: (503) 712-0534
*Cell:  (208) 244-4460
* Email:stephen.k.jol...@intel.com

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-security][PATCH] nmap: update to 7.60

2017-09-05 Thread Armin Kuster 
LIC_CHKSUM_FILES changed do to yr update.

add a few more PACKCONFIG

Signed-off-by: Armin Kuster 
---
 recipes-security/nmap/{nmap_7.50.bb => nmap_7.60.bb} | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)
 rename recipes-security/nmap/{nmap_7.50.bb => nmap_7.60.bb} (84%)

diff --git a/recipes-security/nmap/nmap_7.50.bb 
b/recipes-security/nmap/nmap_7.60.bb
similarity index 84%
rename from recipes-security/nmap/nmap_7.50.bb
rename to recipes-security/nmap/nmap_7.60.bb
index 30ae06f..a6616eb 100644
--- a/recipes-security/nmap/nmap_7.50.bb
+++ b/recipes-security/nmap/nmap_7.60.bb
@@ -3,15 +3,15 @@ DESCRIPTION = "Nmap ("Network Mapper") is a free and open 
source (license) utili
 SECTION = "security"
 LICENSE = "GPL-2.0"
 
-LIC_FILES_CHKSUM = 
"file://COPYING;beginline=7;endline=12;md5=87c6956e28c3603a0a1dda11bcdc227a"
+LIC_FILES_CHKSUM = 
"file://COPYING;beginline=7;endline=12;md5=700c690f4ca6b1754f3f1db8645e42d9"
 
 SRC_URI = "http://nmap.org/dist/${BP}.tar.bz2 \
file://nmap-redefine-the-python-library-dir.patch \
file://nmap-replace-shtool-mkdir-with-coreutils-mkdir-command.patch 
\
 "
 
-SRC_URI[md5sum] = "435c7e095bdd4565e0f69c41743a45be"
-SRC_URI[sha256sum] = 
"e9a96a8e02bfc9e80c617932acc61112c23089521ee7d6b1502ecf8e3b1674b2"
+SRC_URI[md5sum] = "4e454266559ddf2c4e2109866c62560c"
+SRC_URI[sha256sum] = 
"a8796ecc4fa6c38aad6139d9515dc8113023a82e9d787e5a5fb5fa1b05516f21"
 
 inherit autotools-brokensep pkgconfig pythonnative distro_features_check
 
@@ -21,6 +21,8 @@ PACKAGECONFIG += " ${@bb.utils.contains('IMAGE_FEATURES', 
'x11-base', 'zenmap',
 PACKAGECONFIG[pcap] = "--with-pcap=linux, --without-pcap, libpcap, libpcap"
 PACKAGECONFIG[pcre] = "--with-libpcre=${STAGING_LIBDIR}/.., 
--with-libpcre=included, libpre"
 PACKAGECONFIG[ssl] = "--with-openssl=${STAGING_LIBDIR}/.., --without-openssl, 
openssl, openssl"
+PACKAGECONFIG[ssh2] = "--with-openssh2=${STAGING_LIBDIR}/.., 
--without-openssh2, libssh2, libssh2"
+PACKAGECONFIG[libz] = "--with-libz=${STAGING_LIBDIR}/.., --without-libz, zlib, 
zlib"
 
 #disable/enable packages
 PACKAGECONFIG[nping] = ",--without-nping,"
-- 
2.7.4

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-oracle-java] Is oracle-jse-jre broken on arm target ?

2017-09-05 Thread Vincent Prince 
Hello everyone,

I'm trying to add embedded JRE to a custom i.MX6 board, and when I
add oracle-jse-jre recipe to my image, it starts to add a lot of native
stuff so I think it's broken?

As I understand it, the recipe downloads JDK and run jrecreate.sh to
generate needed JRE.
For me, the only thing needed by jrecreate is a valid java installation on
host with JAVA_HOME set?

Someone is using that recipe on arm?

Best Regards,
Vincent
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Re: [yocto] The differences between rpm 4.x and rpm 5.x in Morty (Poky 2.2)

2017-09-05 Thread Zoran Stojsavljevic 
Hello Ross,

Copy that. I can add smartpm for now for Morty, there is still time to
experiment. I guess, I'll even wait for Rocko (Poky 2.4). I guess, this one
will come October/November time frame.

I still need to learn (much) more, to understand beyond classical Linux
environment I am very well familiar with. Yocto is yet another, different
beast for configuring and making final distros... :-)

Thank you,
Zoran

On Mon, Sep 4, 2017 at 4:33 PM, Burton, Ross  wrote:

> On 4 September 2017 at 14:25, Zoran Stojsavljevic <
> zoran.stojsavlje...@gmail.com> wrote:
>
>> How can I achieve this for Morty? I know that I need to place DNF recipes
>> into recipes-devtools/.
>>
>> Where should I place rpm 4.x, so it'll have only DNF to be dependent from
>> it?
>>
>
> There were about 30 patches involved in the smart to DNF migration and
> you'd need to backport most of them if you wanted to use dnf with morty.
>
> If you *need* to use Morty then you'll have to use RPM+Smart (or dpkg, or
> opkg).  If you want to use RPM+DNF then upgrading to Pyro is the only
> sensible way.
>
> Ross
>
-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-selinux][PATCH] attr: fix ptest failures when selinux enabled

2017-09-05 Thread kai.kang 
From: Kai Kang 

When selinux is enabled, a file has a default attribute
"security.selinux" and the output of getfattr shows:

  # file: here
  security.selinux="system_u:object_r:lib_t:s0"

That always causes more output of command getfattr than expected.

Filter out selinux related attribute info, and if the file has only
selinux attribute info, remove its whole output.

Signed-off-by: Kai Kang 
---
 .../fix-ptest-failures-when-selinux-enabled.patch  | 41 ++
 recipes-support/attr/attr_%.bbappend   |  5 +++
 2 files changed, 46 insertions(+)
 create mode 100644 
recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch
 create mode 100644 recipes-support/attr/attr_%.bbappend

diff --git 
a/recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch 
b/recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch
new file mode 100644
index 000..e1eefa7
--- /dev/null
+++ b/recipes-support/attr/attr/fix-ptest-failures-when-selinux-enabled.patch
@@ -0,0 +1,41 @@
+Upstream-Status: Pending
+
+When enable selinux, file has a default attribute:
+
+# file: here
+security.selinux="system_u:object_r:lib_t:s0"
+
+That cause there is always more output than expected.
+
+Filter out selinux related attribute info to make ptest pass.
+
+Signed-off-by: Kai Kang 
+---
+diff --git a/test/run b/test/run
+index cf15252..945741e 100755
+--- a/test/run
 b/test/run
+@@ -132,6 +132,23 @@ sub process_test() {
+print "[$prog_line] \$ ", join(' ',
+  map { s/\s/\\$&/g; $_ } @$p), " -- ";
+my $result = exec_test($prog, $in);
++
++   # filter selinux related attributes info
++   my @strip1;
++   my @strip2;
++   foreach (@$result) {
++   unless (/security.selinux=.*\n/) {
++   push @strip1, $_;
++   }
++   }
++   for (my $i = 0; $i <= $#strip1; $i++) {
++   if ($strip1[$i] =~ /^# file:.*/ && $strip1[$i+1] =~ /^\n$/) {
++   $i++;
++   } else {
++   push @strip2, $strip1[$i];
++   }
++   }
++   $result = \@strip2;
+my @good = ();
+my $nmax = (@$out > @$result) ? @$out : @$result;
+for (my $n=0; $n < $nmax; $n++) {
diff --git a/recipes-support/attr/attr_%.bbappend 
b/recipes-support/attr/attr_%.bbappend
new file mode 100644
index 000..6be8191
--- /dev/null
+++ b/recipes-support/attr/attr_%.bbappend
@@ -0,0 +1,5 @@
+inherit selinux
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
+
+SRC_URI += "${@target_selinux(d, 
'file://fix-ptest-failures-when-selinux-enabled.patch')}"
-- 
2.14.1

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-selinux][PATCH 19/21] setools: uprev to 4.1.1

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

SETools v4 is a rewrite of SETools in Python, details refer to:
https://github.com/TresysTechnology/setools/wiki/Changes-Since-SETools-v3

Changes for upreving:
* removed setools_3.3.8.bb and all useless patch
* add patches to fix cross-compiling issues:
  - setools4-fixes-for-cross-compiling.patch
  - setools4-fix-cross-compiling-errors-for-powerpc-mips.patch

Signed-off-by: Wenzong Fan 
---
 ...-Don-t-check-selinux-policies-if-disabled.patch |  25 --
 .../setools-Fix-man-pages-and-getoptions.patch |  80 --
 .../setools-Fix-output-to-match-policy-lines.patch |  36 ---
 ...-Fix-python-setools-Makefile.am-for-cross.patch |  33 ---
 ...-sepol-calls-to-work-with-latest-libsepol.patch |  36 ---
 .../setools-Fix-test-bug-for-unary-operator.patch  |  25 --
 .../setools/setools-Remove-unused-variables.patch  | 279 -
 ...s-Update-for-2015-02-02-Userspace-release.patch | 114 -
 .../setools/setools/setools-configure-ac.patch | 107 
 .../setools-configure-with-latest-libsepol.patch   |  33 ---
 .../setools/setools/setools-cross-ar.patch |  17 --
 .../setools-neverallow-rules-all-always-fail.patch |  31 ---
 ...ols-seinfo-should-exit-with-correct-errno.patch | 134 --
 recipes-security/setools/setools/setools.pam   |   4 -
 ...x-cross-compiling-errors-for-powerpc-mips.patch |  35 +++
 .../setools4-fixes-for-cross-compiling.patch   |  40 +++
 .../setools/{setools_3.3.8.bb => setools_4.1.1.bb} | 100 ++--
 17 files changed, 91 insertions(+), 1038 deletions(-)
 delete mode 100644 
recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch
 delete mode 100644 
recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch
 delete mode 100644 
recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch
 delete mode 100644 
recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch
 delete mode 100644 
recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch
 delete mode 100644 
recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch
 delete mode 100644 
recipes-security/setools/setools/setools-Remove-unused-variables.patch
 delete mode 100644 
recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch
 delete mode 100644 recipes-security/setools/setools/setools-configure-ac.patch
 delete mode 100644 
recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch
 delete mode 100644 recipes-security/setools/setools/setools-cross-ar.patch
 delete mode 100644 
recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch
 delete mode 100644 
recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch
 delete mode 100644 recipes-security/setools/setools/setools.pam
 create mode 100644 
recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
 create mode 100644 
recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
 rename recipes-security/setools/{setools_3.3.8.bb => setools_4.1.1.bb} (11%)

diff --git 
a/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch
 
b/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch
deleted file mode 100644
index ed841e8..000
--- 
a/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 7515aa80e7ead8d3016ea161e5d0eb9c59399278 Mon Sep 17 00:00:00 2001
-From: Xin Ouyang 
-Date: Wed, 7 Mar 2012 14:36:19 +0800
-Subject: [meta-selinux][PATCH] setools: Don't check selinux policies if 
disabled.
-

- configure.ac |2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index e1db271..899e5e9 100644
 a/configure.ac
-+++ b/configure.ac
-@@ -390,7 +390,7 @@ if test "x${enable_selinux_check}" = "xyes"; then
-   use_selinux=yes
-   fi
- else
--  use_selinux=yes
-+  use_selinux=no
- fi
- 
- AC_CACHE_SAVE
--- 
-1.7.5.4
-
diff --git 
a/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch 
b/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch
deleted file mode 100644
index 455da1e..000
--- 
a/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From ecaccf49ee95fe2c3a57a0d2184aaec98a967172 Mon Sep 17 00:00:00 2001
-From: Xin Ouyang 
-Date: Wed, 7 Mar 2012 10:53:36 +0800
-Subject: [meta-selinux][PATCH 3/7] setools: Fix man pages and getoptions
-
-Integrated from Fedora:
-https://community.dev.fedoraproject.org/packages/setools/sources/patches/

- man/replcon.1|2 ++
- man/seinfo.1 |

[yocto] [meta-selinux][PATCH 21/21] selinux-python: add setools to RDEPENDS

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

Signed-off-by: Wenzong Fan 
---
 recipes-security/selinux/selinux-python.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/recipes-security/selinux/selinux-python.inc 
b/recipes-security/selinux/selinux-python.inc
index cc907ae..55060e3 100644
--- a/recipes-security/selinux/selinux-python.inc
+++ b/recipes-security/selinux/selinux-python.inc
@@ -37,6 +37,7 @@ RDEPENDS_${BPN} += "\
 python-unixadmin \
 libselinux-python \
 libsemanage-python \
+setools \
 "
 RDEPENDS_${BPN}-semanage += "\
 python-core \
-- 
2.13.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-selinux][PATCH 20/21] packagegroup-*: sync package names

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

Some new packages added after SELinux uprev to 2.7, sync the package
names accordingly:

  policycoreutils-audit2allow  -> selinux-python-audit2allow
  policycoreutils-chcat-> selinux-python-chcat
  policycoreutils-python   -> selinux-python
  policycoreutils-semanage -> selinux-python-semanage
  policycoreutils-sandbox  -> selinux-sandbox
  policycoreutils-sepolgen-ifgen   -> selinux-python-sepolgen-ifgen
  policycoreutils-sepolicy -> selinux-python-sepolicy,
  selinux-dbus
  policycoreutils-semodule-deps-> semodule-utils-semodule-deps
  policycoreutils-semodule-expand  -> semodule-utils-semodule-expand
  policycoreutils-semodule-link-> semodule-utils-semodule-link
  policycoreutils-semodule-package -> semodule-utils-semodule-package
  system-config-selinux-> selinux-gui
  sepolgen -> selinux-python-sepolgen

Signed-off-by: Wenzong Fan 
---
 .../packagegroups/packagegroup-core-selinux.bb |  2 +-
 .../packagegroup-selinux-policycoreutils.bb| 25 +++---
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/recipes-security/packagegroups/packagegroup-core-selinux.bb 
b/recipes-security/packagegroups/packagegroup-core-selinux.bb
index 128dfba..fd501d6 100644
--- a/recipes-security/packagegroups/packagegroup-core-selinux.bb
+++ b/recipes-security/packagegroups/packagegroup-core-selinux.bb
@@ -17,7 +17,7 @@ RDEPENDS_${PN} = " \
libselinux-bin \
libsemanage \
checkpolicy \
-   sepolgen \
+   selinux-python-sepolgen \
packagegroup-selinux-policycoreutils \
setools \
setools-console \
diff --git 
a/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb 
b/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb
index b566134..e1ddee6 100644
--- a/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb
+++ b/recipes-security/packagegroups/packagegroup-selinux-policycoreutils.bb
@@ -12,27 +12,28 @@ PACKAGES = "\
 ALLOW_EMPTY_${PN} = "1"
 
 RDEPENDS_${PN} = "\
-   policycoreutils-audit2allow \
-   policycoreutils-chcat \
policycoreutils-fixfiles \
policycoreutils-genhomedircon \
policycoreutils-loadpolicy \
policycoreutils-newrole \
-   policycoreutils-python \
policycoreutils-runinit \
-   policycoreutils-sandbox \
policycoreutils-secon \
-   policycoreutils-semanage \
policycoreutils-semodule \
-   policycoreutils-semodule-deps \
-   policycoreutils-semodule-expand \
-   policycoreutils-semodule-link \
-   policycoreutils-semodule-package \
-   policycoreutils-sepolgen-ifgen \
-   policycoreutils-sepolicy \
policycoreutils-sestatus \
policycoreutils-setfiles \
policycoreutils-setsebool \
policycoreutils-hll \
-   system-config-selinux \
+   semodule-utils-semodule-deps \
+   semodule-utils-semodule-expand \
+   semodule-utils-semodule-link \
+   semodule-utils-semodule-package \
+   selinux-python-audit2allow \
+   selinux-python-sepolgen-ifgen \
+   selinux-python-semanage \
+   selinux-python-sepolicy \
+   selinux-python-chcat \
+   selinux-python \
+   selinux-sandbox \
+   selinux-dbus \
+   selinux-gui \
 "
-- 
2.13.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-selinux][PATCH 18/21] refpolicy_common: depends on semodule-utils-native

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

Those tools have been moved from policycoreutils to semodule-utils:
  semodule_deps, semodule_expand, semodule_link, semodule_package

Signed-off-by: Wenzong Fan 
---
 recipes-security/refpolicy/refpolicy_common.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/refpolicy/refpolicy_common.inc 
b/recipes-security/refpolicy/refpolicy_common.inc
index 4a7b7eb..2ce02ac 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -29,7 +29,7 @@ FILES_${PN}-dev =+ " \
 
 EXTRANATIVEPATH += "bzip2-native"
 
-DEPENDS += "bzip2-replacement-native checkpolicy-native policycoreutils-native 
m4-native"
+DEPENDS += "bzip2-replacement-native checkpolicy-native policycoreutils-native 
semodule-utils-native m4-native"
 
 RDEPENDS_${PN}-dev =+ " \
 python \
-- 
2.13.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-selinux][PATCH 17/21] refpolicy: fix a typo in RDEPENDS

2017-09-05 Thread wenzong.fan 
From: Jackie Huang 

Underscore ("_") should be used for variable overrides.

Signed-off-by: Jackie Huang 
---
 recipes-security/refpolicy/refpolicy_common.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/refpolicy/refpolicy_common.inc 
b/recipes-security/refpolicy/refpolicy_common.inc
index 6a45e79..4a7b7eb 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -31,7 +31,7 @@ EXTRANATIVEPATH += "bzip2-native"
 
 DEPENDS += "bzip2-replacement-native checkpolicy-native policycoreutils-native 
m4-native"
 
-RDEPENDS-${PN}-dev =+ " \
+RDEPENDS_${PN}-dev =+ " \
 python \
 "
 
-- 
2.13.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-selinux][PATCH 16/21] policycoreutils: fixes for 2.7 uprev

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

Remove setools from DEPENDS/RDEPENDS, it was required by sepolicy,
sepolgen, semanage which have been moved to python/*.

Rebase patch:
  - policycoreutils-fixfiles-de-bashify.patch

Drop useless patch:
  - policycoreutils-loadpolicy-symlink.patch

Signed-off-by: Wenzong Fan 
---
 recipes-security/selinux/policycoreutils.inc   |  4 +-
 .../policycoreutils-fixfiles-de-bashify.patch  | 53 ++
 recipes-security/selinux/policycoreutils_2.7.bb|  3 --
 3 files changed, 27 insertions(+), 33 deletions(-)

diff --git a/recipes-security/selinux/policycoreutils.inc 
b/recipes-security/selinux/policycoreutils.inc
index 5e03ba0..fc181f7 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -16,7 +16,7 @@ PAM_SRC_URI = "file://pam.d/newrole \
 "
 
 DEPENDS += "libsepol libselinux libsemanage libcap gettext-native"
-EXTRA_DEPENDS = "libcap-ng libcgroup setools"
+EXTRA_DEPENDS = "libcap-ng libcgroup"
 DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"
 
 inherit selinux pythonnative
@@ -60,7 +60,7 @@ RDEPENDS_${BPN}-setsebool += "\
libselinux \
libsemanage \
 "
-RDEPENDS_${BPN} += "setools setools-libs selinux-python"
+RDEPENDS_${BPN} += "selinux-python"
 
 WARN_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${WARN_QA}', d)}"
 ERROR_QA := "${@oe_filter_out('unsafe-references-in-scripts', '${ERROR_QA}', 
d)}"
diff --git 
a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
 
b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
index 44d7525..0144de7 100644
--- 
a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
+++ 
b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
@@ -13,12 +13,13 @@ so we'll try that instead.
 Upstream-Status: Pending
 
 Signed-off-by: Joe MacDonald 
+Signed-off-by: Wenzong Fan 
 ---
- scripts/fixfiles | 26 +++---
- 1 file changed, 15 insertions(+), 11 deletions(-)
+ scripts/fixfiles | 23 ++-
+ 1 file changed, 14 insertions(+), 9 deletions(-)
 
 diff --git a/scripts/fixfiles b/scripts/fixfiles
-index 5c29eb9..10a5078 100755
+index 1aa330f..a10837d 100755
 --- a/scripts/fixfiles
 +++ b/scripts/fixfiles
 @@ -1,4 +1,4 @@
@@ -27,29 +28,39 @@ index 5c29eb9..10a5078 100755
  # fixfiles
  #
  # Script to restore labels on a SELinux box
-@@ -25,7 +25,7 @@
+@@ -27,7 +27,7 @@ set -o nounset
  # number if the current kernel version is greater than 2.6.30, a negative
  # number if the current is less than 2.6.30 and 0 if they are the same.
  #
 -function useseclabel {
-+useseclabel() {
++useseclabel {
VER=`uname -r`
SUP=2.6.30
expr '(' "$VER" : '\([^.]*\)' ')' '-' '(' "$SUP" : '\([^.]*\)' ')' '|' \
-@@ -91,9 +91,9 @@ exclude_dirs_from_relabelling() {
+@@ -93,9 +93,10 @@ exclude_dirs_from_relabelling() {
  # skip not absolute path
  # skip not directory
  [ -z "${i}" ] && continue
--[[ "${i}" =~ "^[[:blank:]]*#" ]] && continue
+-[[ "${i}" =~ ^[[:blank:]]*# ]] && continue
 -[[ ! "${i}" =~ ^/.* ]] && continue
 -[[ ! -d "${i}" ]] && continue
 +echo "${i}" | egrep -q '^[[:space:]]*#' && continue
 +echo "${i}" | egrep -v '^/.*' && continue
 +[ ! -d "${i}" ] && continue
++
  exclude_from_relabelling="$exclude_from_relabelling -e $i"
- logit "skipping the directory $i"
done < /etc/selinux/fixfiles_exclude_dirs
-@@ -205,8 +205,12 @@ fi
+ fi
+@@ -138,7 +139,7 @@ fi
+ # Log directories excluded from relabelling by configuration file
+ #
+ LogExcluded() {
+-for i in ${EXCLUDEDIRS//-e / }; do
++for i in `echo ${EXCLUDEDIRS} | sed -e 's/-e / /g'`; do
+ echo "skipping the directory $i"
+ done
+ }
+@@ -201,8 +202,12 @@ fi
  }
  
  rpmlist() {
@@ -64,29 +75,15 @@ index 5c29eb9..10a5078 100755
  }
  
  #
-@@ -233,10 +237,10 @@ if [ -n "${exclude_dirs}" ]
- then
-   TEMPFCFILE=`mktemp ${FC}.XX`
-   test -z "$TEMPFCFILE" && exit
--  /bin/cp -p ${FC} ${TEMPFCFILE} &>/dev/null || exit
--  tmpdirs=${tempdirs//-e/}
--  for p in ${tmpdirs}
-+  /bin/cp -p ${FC} ${TEMPFCFILE} >/dev/null 2>&1 || exit
-+  for p in ${tempdirs}
-   do
-+  [ ${p} = "-e" ] && continue
-   p="${p%/}"
-   p1="${p}(/.*)? -- <>"
-   echo "${p1}" >> $TEMPFCFILE
-@@ -288,7 +292,7 @@ relabel() {
-   restore Relabel
+@@ -276,7 +281,7 @@ relabel() {
+   exit 1
  fi
  
 -if [ $fullFlag == 1  ]; then
-+if [ $fullFlag = 1 ]; then
++if [ $fullFlag = 1  ]; then
fullrelabel
+   return
  fi
- 
 -- 
-1.9.1
+2.13.0
 
diff --git a/recipes-security/selinux/policycoreutils_2.7.bb

[yocto] [meta-selinux][PATCH 15/21] selinux-gui: add package 2.7 (20170804)

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

Move policycoreutils/gui to gui and cleanup policycoreutils.inc.

Signed-off-by: Wenzong Fan 
---
 recipes-security/selinux/policycoreutils.inc |  7 ---
 recipes-security/selinux/selinux-gui.inc | 15 +++
 recipes-security/selinux/selinux-gui_2.7.bb  |  7 +++
 3 files changed, 22 insertions(+), 7 deletions(-)
 create mode 100644 recipes-security/selinux/selinux-gui.inc
 create mode 100644 recipes-security/selinux/selinux-gui_2.7.bb

diff --git a/recipes-security/selinux/policycoreutils.inc 
b/recipes-security/selinux/policycoreutils.inc
index 8a9027b..5e03ba0 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -78,7 +78,6 @@ PACKAGES =+ "\
${PN}-sestatus \
${PN}-setfiles \
${PN}-setsebool \
-   system-config-selinux \
 "
 FILES_${PN}-fixfiles += "${base_sbindir}/fixfiles"
 FILES_${PN}-genhomedircon += "${sbindir}/genhomedircon"
@@ -112,12 +111,6 @@ FILES_${PN}-setsebool += "\
${datadir}/bash-completion/completions/setsebool \
 "
 
-FILES_system-config-selinux = " \
-${datadir}/system-config-selinux/* \
-${datadir}/icons/hicolor/ \
-${datadir}/polkit-1/actions/org.selinux.config.policy \
-"
-
 export STAGING_INCDIR
 export STAGING_LIBDIR
 export BUILD_SYS
diff --git a/recipes-security/selinux/selinux-gui.inc 
b/recipes-security/selinux/selinux-gui.inc
new file mode 100644
index 000..1096f3f
--- /dev/null
+++ b/recipes-security/selinux/selinux-gui.inc
@@ -0,0 +1,15 @@
+SUMMARY = "SELinux GUI tools"
+DESCRIPTION = "\
+Provide SELinux Management tool (system-config-selinux) and SELinux \
+Policy Generation Tool (selinux-polgengui)"
+
+SECTION = "base"
+LICENSE = "GPLv2+"
+
+RDEPENDS_${PN} += "python"
+
+FILES_${PN} += " \
+${datadir}/system-config-selinux/* \
+${datadir}/icons/hicolor/* \
+${datadir}/polkit-1/actions/org.selinux.config.policy \
+"
diff --git a/recipes-security/selinux/selinux-gui_2.7.bb 
b/recipes-security/selinux/selinux-gui_2.7.bb
new file mode 100644
index 000..3531591
--- /dev/null
+++ b/recipes-security/selinux/selinux-gui_2.7.bb
@@ -0,0 +1,7 @@
+include selinux_20170804.inc
+include ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "f3555cb50a9e67b42bc917ede1982c7d"
+SRC_URI[sha256sum] = 
"693fb3347041b5a2273c52c33be0a256b109e60f2039ae1d7e90ba8a2ec0324f"
-- 
2.13.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-selinux][PATCH 11/21] selinux-sandbox: add package 2.7 (20170804)

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

Move policycoreutils/sandbox to sandbox:

* Move and rebase patch:
  - policycoreutils-sandbox-de-bashify.patch

* Cleanup policycoreutils.inc

Signed-off-by: Wenzong Fan 
---
 recipes-security/selinux/policycoreutils.inc   | 17 -
 recipes-security/selinux/selinux-sandbox.inc   | 28 ++
 .../sandbox-de-bashify.patch}  | 13 +-
 recipes-security/selinux/selinux-sandbox_2.7.bb|  7 ++
 4 files changed, 42 insertions(+), 23 deletions(-)
 create mode 100644 recipes-security/selinux/selinux-sandbox.inc
 rename 
recipes-security/selinux/{policycoreutils/policycoreutils-sandbox-de-bashify.patch
 => selinux-sandbox/sandbox-de-bashify.patch} (79%)
 create mode 100644 recipes-security/selinux/selinux-sandbox_2.7.bb

diff --git a/recipes-security/selinux/policycoreutils.inc 
b/recipes-security/selinux/policycoreutils.inc
index e8f6e5f..9e45e0c 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -9,7 +9,6 @@ LICENSE = "GPLv2+"
 
 SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', 
'', d)} \
 file://policycoreutils-fixfiles-de-bashify.patch \
-file://policycoreutils-sandbox-de-bashify.patch \
"
 
 PAM_SRC_URI = "file://pam.d/newrole \
@@ -64,15 +63,6 @@ RDEPENDS_${BPN}-python += "\
libsemanage-python \
 "
 RDEPENDS_${BPN}-runinit += "libselinux"
-RDEPENDS_${BPN}-sandbox += "\
-   python-math \
-   python-shell \
-   python-subprocess \
-   python-textutils \
-   python-unixadmin \
-   libselinux-python \
-   ${BPN}-python \
-"
 RDEPENDS_${BPN}-secon += "libselinux"
 RDEPENDS_${BPN}-semanage = "\
python-core \
@@ -128,7 +118,6 @@ PACKAGES =+ "\
${PN}-newrole \
${PN}-python \
${PN}-runinit \
-   ${PN}-sandbox \
${PN}-secon \
${PN}-semanage \
${PN}-semodule \
@@ -171,12 +160,6 @@ FILES_${PN}-runinit += "\
${@bb.utils.contains('DISTRO_FEATURES', 'pam', 
'${sysconfdir}/pam.d/run_init', '', d)} \
 "
 FILES_${PN}-dbg += 
"${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/.debug/* 
${prefix}/libexec/selinux/hll/.debug"
-FILES_${PN}-sandbox += "\
-   ${datadir}/sandbox/* \
-   ${bindir}/sandbox \
-   ${sbindir}/seunshare \
-   ${sysconfdir}/sysconfig/sandbox \
-"
 FILES_${PN}-secon += "${bindir}/secon"
 FILES_${PN}-semanage = "\
${sbindir}/semanage \
diff --git a/recipes-security/selinux/selinux-sandbox.inc 
b/recipes-security/selinux/selinux-sandbox.inc
new file mode 100644
index 000..8616dd7
--- /dev/null
+++ b/recipes-security/selinux/selinux-sandbox.inc
@@ -0,0 +1,28 @@
+SUMMARY = "Run cmd under an SELinux sandbox"
+DESCRIPTION = "\
+Run application within a tightly confined SELinux domain. The default \
+sandbox domain only allows applications the ability to read and write \
+stdin, stdout and any other file descriptors handed to it."
+
+SECTION = "base"
+LICENSE = "GPLv2+"
+
+SRC_URI += "file://sandbox-de-bashify.patch \
+"
+
+DEPENDS += "libcap-ng libselinux"
+
+RDEPENDS_${PN} += "\
+python-math \
+python-shell \
+python-subprocess \
+python-textutils \
+python-unixadmin \
+libselinux-python \
+selinux-python \
+"
+
+FILES_${PN} += "\
+${datadir}/sandbox/sandboxX.sh \
+${datadir}/sandbox/start \
+"
diff --git 
a/recipes-security/selinux/policycoreutils/policycoreutils-sandbox-de-bashify.patch
 b/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
similarity index 79%
rename from 
recipes-security/selinux/policycoreutils/policycoreutils-sandbox-de-bashify.patch
rename to recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
index c078ef6..18cef4b 100644
--- 
a/recipes-security/selinux/policycoreutils/policycoreutils-sandbox-de-bashify.patch
+++ b/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
@@ -9,25 +9,26 @@ sandboxX script, so point them at /bin/sh instead.
 Upstream-Status: Pending
 
 Signed-off-by: Joe MacDonald 
+Signed-off-by: Wenzong Fan 
 ---
  sandbox/sandbox.init | 2 +-
  sandbox/sandboxX.sh  | 2 +-
  2 files changed, 2 insertions(+), 2 deletions(-)
 
-diff --git a/sandbox/sandbox.init b/sandbox/sandbox.init
+diff --git a/sandbox.init b/sandbox.init
 index b3979bf..1893dc8 100644
 a/sandbox/sandbox.init
-+++ b/sandbox/sandbox.init
+--- a/sandbox.init
 b/sandbox.init
 @@ -1,4 +1,4 @@
 -#!/bin/bash
 +#!/bin/sh
  ## BEGIN INIT INFO
  # Provides: sandbox
  # Default-Start: 3 4 5
-diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
+diff --git a/sandboxX.sh b/sandboxX.sh
 index eaa500d..8755d75 100644
 a/sandbox/sandboxX.sh
-+++ b/sandbox/sandboxX.sh
+--- a/sandboxX.sh
 b/sandboxX.sh
 @@ -1,4 +1,4 @@
 -#!/bin/bash
 +#!/bin/sh

[yocto] [meta-selinux][PATCH 10/21] restorecond: add package 2.7 (20170804)

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

Move policycoreutils/restorecond to restorecond:

* Move and rebase patch:
  - policycoreutils-make-O_CLOEXEC-optional.patch

* Cleanup policycoreutils_2.7.bb.

Signed-off-by: Wenzong Fan 
---
 recipes-security/selinux/policycoreutils_2.7.bb|  1 -
 recipes-security/selinux/restorecond.inc   | 28 ++
 .../policycoreutils-make-O_CLOEXEC-optional.patch  |  8 +++
 recipes-security/selinux/restorecond_2.7.bb|  7 ++
 4 files changed, 39 insertions(+), 5 deletions(-)
 create mode 100644 recipes-security/selinux/restorecond.inc
 rename recipes-security/selinux/{policycoreutils => 
restorecond}/policycoreutils-make-O_CLOEXEC-optional.patch (90%)
 create mode 100644 recipes-security/selinux/restorecond_2.7.bb

diff --git a/recipes-security/selinux/policycoreutils_2.7.bb 
b/recipes-security/selinux/policycoreutils_2.7.bb
index d407ac3..54ec69a 100644
--- a/recipes-security/selinux/policycoreutils_2.7.bb
+++ b/recipes-security/selinux/policycoreutils_2.7.bb
@@ -8,7 +8,6 @@ SRC_URI[sha256sum] = 
"0a1b8a4a323b854981c6755ff025fe98a0f1cff307f109abb260f0490f
 
 SRC_URI += "\
file://policycoreutils-fix-sepolicy-install-path.patch \
-   file://policycoreutils-make-O_CLOEXEC-optional.patch \
file://policycoreutils-loadpolicy-symlink.patch \
file://policycoreutils-process-ValueError-for-sepolicy-seobject.patch \
file://policycoreutils-fix-TypeError-for-seobject.py.patch \
diff --git a/recipes-security/selinux/restorecond.inc 
b/recipes-security/selinux/restorecond.inc
new file mode 100644
index 000..6f12d23
--- /dev/null
+++ b/recipes-security/selinux/restorecond.inc
@@ -0,0 +1,28 @@
+SUMMARY = "Daemon to watch for file creation and set default file context"
+DESCRIPTION = "\
+The restorecond daemon uses inotify to watch files listed in the \
+/etc/selinux/restorecond.conf, when they are created, this daemon \
+will make sure they have the correct file context associated with \
+the policy."
+
+SECTION = "base"
+LICENSE = "GPLv2+"
+
+SRC_URI += "file://policycoreutils-make-O_CLOEXEC-optional.patch \
+"
+
+inherit systemd update-rc.d
+
+DEPENDS += "libsepol libselinux libpcre dbus-glib glib-2.0 pkgconfig-native"
+
+FILES_${PN} += "${datadir}/dbus-1/services/org.selinux.Restorecond.service \
+"
+
+do_install_prepend() {
+export SYSTEMDDIR=${D}/${systemd_unitdir}
+}
+
+SYSTEMD_SERVICE_restorecond = "restorecond.service"
+INITSCRIPT_PACKAGES = "restorecond"
+INITSCRIPT_NAME_restorecond = "restorecond"
+INITSCRIPT_PARAMS_restorecond = "defaults"
diff --git 
a/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
 
b/recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch
similarity index 90%
rename from 
recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
rename to 
recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch
index d50356e..ab1a10a 100644
--- 
a/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
+++ 
b/recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch
@@ -16,13 +16,13 @@ Uptream-Status: Inappropriate [O_CLOEXEC has been in Linux 
since 2007 and POSIX
 Signed-off-by: Joe MacDonald 
 Signed-off-by: Wenzong Fan 
 ---
- restorecond/user.c |8 +++-
+ user.c |8 +++-
  1 file changed, 7 insertions(+), 1 deletion(-)
 
-diff --git a/restorecond/user.c b/restorecond/user.c
+diff --git a/user.c b/user.c
 index 2c28676..6235772 100644
 a/restorecond/user.c
-+++ b/restorecond/user.c
+--- a/user.c
 b/user.c
 @@ -202,7 +202,13 @@ static int local_server() {
perror("asprintf");
return -1;
diff --git a/recipes-security/selinux/restorecond_2.7.bb 
b/recipes-security/selinux/restorecond_2.7.bb
new file mode 100644
index 000..1f9a70c
--- /dev/null
+++ b/recipes-security/selinux/restorecond_2.7.bb
@@ -0,0 +1,7 @@
+include selinux_20170804.inc
+include ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "46f8ad0a37f955ef148d4e19b8cc8b1f"
+SRC_URI[sha256sum] = 
"cb8e0a8d706cb2c1f105125f3514defcbcfb49199183a7f91ab0bdf1f24d"
-- 
2.13.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-selinux][PATCH 14/21] selinux-dbus: add package 2.7 (20170804)

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

Move policycoreutils/sepolicy/dbus to dbus.

Signed-off-by: Wenzong Fan 
---
 recipes-security/selinux/selinux-dbus.inc| 14 ++
 recipes-security/selinux/selinux-dbus_2.7.bb |  7 +++
 2 files changed, 21 insertions(+)
 create mode 100644 recipes-security/selinux/selinux-dbus.inc
 create mode 100644 recipes-security/selinux/selinux-dbus_2.7.bb

diff --git a/recipes-security/selinux/selinux-dbus.inc 
b/recipes-security/selinux/selinux-dbus.inc
new file mode 100644
index 000..1b66136
--- /dev/null
+++ b/recipes-security/selinux/selinux-dbus.inc
@@ -0,0 +1,14 @@
+SUMMARY = "SELinux dbus service files"
+DESCRIPTION = "\
+Provide SELinux dbus service files and scripts."
+
+SECTION = "base"
+LICENSE = "GPLv2+"
+
+RDEPENDS_${PN} += "python selinux-python-sepolicy"
+
+FILES_${PN} += "\
+${datadir}/system-config-selinux/selinux_server.py \
+${datadir}/polkit-1/actions/org.selinux.policy \
+${datadir}/dbus-1/system-services/org.selinux.service \
+"
diff --git a/recipes-security/selinux/selinux-dbus_2.7.bb 
b/recipes-security/selinux/selinux-dbus_2.7.bb
new file mode 100644
index 000..a4f14ed
--- /dev/null
+++ b/recipes-security/selinux/selinux-dbus_2.7.bb
@@ -0,0 +1,7 @@
+include selinux_20170804.inc
+include ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "6944aa95cfb44e4d76b1aff48b38f08e"
+SRC_URI[sha256sum] = 
"a7f3dbe68c0d02cd1cbe6aac06e87c2957668cb88083389654fabacb79641ae4"
-- 
2.13.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-selinux][PATCH 13/21] semodule-utils: add package 2.7 (20170804)

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

Move policycoreutils/semodule_* to semodule-utils/*:
  - policycoreutils/semodule_deps-> semodule-utils/semodule_deps
  - policycoreutils/semodule_expand  -> semodule-utils/semodule_expand
  - policycoreutils/semodule_link-> semodule-utils/semodule_link
  - policycoreutils/semodule_package -> semodule-utils/semodule_package

* Cleanup policycoreutils.inc

Signed-off-by: Wenzong Fan 
---
 recipes-security/selinux/policycoreutils.inc   | 13 +
 recipes-security/selinux/semodule-utils.inc| 27 ++
 recipes-security/selinux/semodule-utils_2.7.bb |  7 +++
 3 files changed, 35 insertions(+), 12 deletions(-)
 create mode 100644 recipes-security/selinux/semodule-utils.inc
 create mode 100644 recipes-security/selinux/semodule-utils_2.7.bb

diff --git a/recipes-security/selinux/policycoreutils.inc 
b/recipes-security/selinux/policycoreutils.inc
index 05fd43d..8a9027b 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -75,10 +75,6 @@ PACKAGES =+ "\
${PN}-runinit \
${PN}-secon \
${PN}-semodule \
-   ${PN}-semodule-deps \
-   ${PN}-semodule-expand \
-   ${PN}-semodule-link \
-   ${PN}-semodule-package \
${PN}-sestatus \
${PN}-setfiles \
${PN}-setsebool \
@@ -102,13 +98,6 @@ FILES_${PN}-runinit += "\
 FILES_${PN}-dbg += "${prefix}/libexec/selinux/hll/.debug"
 FILES_${PN}-secon += "${bindir}/secon"
 FILES_${PN}-semodule += "${sbindir}/semodule"
-FILES_${PN}-semodule-deps += "${bindir}/semodule_deps"
-FILES_${PN}-semodule-expand += "${bindir}/semodule_expand"
-FILES_${PN}-semodule-link += "${bindir}/semodule_link"
-FILES_${PN}-semodule-package += "\
-   ${bindir}/semodule_package \
-   ${bindir}/semodule_unpackage \
-"
 FILES_${PN}-hll += "${prefix}/libexec/selinux/hll/*"
 FILES_${PN}-sestatus += "\
${sbindir}/sestatus \
@@ -142,7 +131,7 @@ EXTRA_OEMAKE += "INITDIR=${D}/etc/init.d"
 
 BBCLASSEXTEND = "native"
 
-PCU_NATIVE_CMDS = "setfiles semodule_package semodule semodule_link 
semodule_expand semodule_deps hll"
+PCU_NATIVE_CMDS = "setfiles semodule hll"
 
 do_compile_virtclass-native() {
for PCU_CMD in ${PCU_NATIVE_CMDS} ; do
diff --git a/recipes-security/selinux/semodule-utils.inc 
b/recipes-security/selinux/semodule-utils.inc
new file mode 100644
index 000..1e92745
--- /dev/null
+++ b/recipes-security/selinux/semodule-utils.inc
@@ -0,0 +1,27 @@
+SUMMARY = "Utilities to manipulate SELinux policy module package"
+DESCRIPTION = "\
+The utilities to create, expand, link and show the dependencies between \
+the SELinux policy module packages."
+
+SECTION = "base"
+LICENSE = "GPLv2+"
+
+DEPENDS += "libsepol"
+
+EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
+
+PACKAGES =+ "\
+${PN}-semodule-deps \
+${PN}-semodule-expand \
+${PN}-semodule-link \
+${PN}-semodule-package \
+"
+FILES_${PN}-semodule-deps += "${bindir}/semodule_deps"
+FILES_${PN}-semodule-expand += "${bindir}/semodule_expand"
+FILES_${PN}-semodule-link += "${bindir}/semodule_link"
+FILES_${PN}-semodule-package += "\
+${bindir}/semodule_package \
+${bindir}/semodule_unpackage \
+"
+
+BBCLASSEXTEND = "native"
diff --git a/recipes-security/selinux/semodule-utils_2.7.bb 
b/recipes-security/selinux/semodule-utils_2.7.bb
new file mode 100644
index 000..fbb88bf
--- /dev/null
+++ b/recipes-security/selinux/semodule-utils_2.7.bb
@@ -0,0 +1,7 @@
+include selinux_20170804.inc
+include ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "678e3a5225f9645d40fd9d13bbaa156f"
+SRC_URI[sha256sum] = 
"90c98b3362a43b4da2a51a9176820a56f3e615225e23e3395bc566c4490786ba"
-- 
2.13.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-selinux][PATCH 09/21] mcstrans: add package 2.7 (20170804)

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

Move policycoreutils/mcstrans to mcstrans:

* Move and rebase patches:
  - mcstrans-de-bashify.patch
  - 0001-mcstrans-fix-the-init-script.patch

* Remove useless patch:
  - enable-mcstrans.patch

* Cleanup policycoreutils_2.7.bb and policycoreutils.inc.

Signed-off-by: Wenzong Fan 
---
 recipes-security/selinux/mcstrans.inc  | 49 ++
 .../0001-mcstrans-fix-the-init-script.patch|  9 +--
 .../mcstrans-de-bashify.patch  | 20 +-
 recipes-security/selinux/mcstrans_2.7.bb   |  7 ++
 recipes-security/selinux/policycoreutils.inc   | 76 +-
 .../selinux/policycoreutils/enable-mcstrans.patch  | 17 -
 recipes-security/selinux/policycoreutils_2.7.bb|  2 -
 7 files changed, 79 insertions(+), 101 deletions(-)
 create mode 100644 recipes-security/selinux/mcstrans.inc
 rename recipes-security/selinux/{policycoreutils => 
mcstrans}/0001-mcstrans-fix-the-init-script.patch (74%)
 rename recipes-security/selinux/{policycoreutils => 
mcstrans}/mcstrans-de-bashify.patch (22%)
 create mode 100644 recipes-security/selinux/mcstrans_2.7.bb
 delete mode 100644 
recipes-security/selinux/policycoreutils/enable-mcstrans.patch

diff --git a/recipes-security/selinux/mcstrans.inc 
b/recipes-security/selinux/mcstrans.inc
new file mode 100644
index 000..590e6d2
--- /dev/null
+++ b/recipes-security/selinux/mcstrans.inc
@@ -0,0 +1,49 @@
+SUMMARY = "Daemon to translate SELinux MCS/MLS sensitivity labels"
+DESCRIPTION = "\
+mcstrans provides an translation daemon to translate SELinux categories \
+from internal representations to user defined representation."
+
+SECTION = "base"
+LICENSE = "GPLv2+"
+
+SRC_URI += "file://mcstrans-de-bashify.patch \
+file://0001-mcstrans-fix-the-init-script.patch \
+"
+
+inherit systemd update-rc.d
+
+DEPENDS += "libsepol libselinux libcap"
+
+EXTRA_OEMAKE += "SYSTEMDDIR=${D}${systemd_unitdir}"
+do_install_append() {
+install -d ${D}${sbindir}
+install -m 755 utils/untranscon ${D}${sbindir}/
+install -m 755 utils/transcon ${D}${sbindir}/
+
+if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', 
d)}; then
+install -d ${D}${sysconfdir}/tmpfiles.d
+echo "d ${localstatedir}/run/setrans - - - -" \
+> ${D}${sysconfdir}/tmpfiles.d/setrans.conf
+else
+install -d ${D}${sysconfdir}/default/volatiles
+echo "d root root 0755 /var/run/setrans none" \
+>${D}${sysconfdir}/default/volatiles/volatiles.80_mcstrans
+fi
+install -d ${D}${datadir}/mcstrans
+cp -r share/* ${D}${datadir}/mcstrans/.
+}
+
+SYSTEMD_SERVICE_mcstrans = "mcstrans.service"
+INITSCRIPT_PACKAGES = "mcstrans"
+INITSCRIPT_NAME_mcstrans = "mcstrans"
+INITSCRIPT_PARAMS_mcstrans = "defaults"
+
+pkg_postinst_mcstrans () {
+if [ -z "$D" ]; then
+if command -v systemd-tmpfiles >/dev/null; then
+systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/setrans.conf
+elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
+${sysconfdir}/init.d/populate-volatile.sh update
+fi
+fi
+}
diff --git 
a/recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch
 b/recipes-security/selinux/mcstrans/0001-mcstrans-fix-the-init-script.patch
similarity index 74%
rename from 
recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch
rename to 
recipes-security/selinux/mcstrans/0001-mcstrans-fix-the-init-script.patch
index 39be80a..5f7163d 100644
--- 
a/recipes-security/selinux/policycoreutils/0001-mcstrans-fix-the-init-script.patch
+++ b/recipes-security/selinux/mcstrans/0001-mcstrans-fix-the-init-script.patch
@@ -5,14 +5,15 @@ Upstream-Status: Inappropriate [embedded specific]
 replace daemon with start-stop-daemon, due to not daemon functions
 
 Signed-off-by: Roy Li 
+Signed-off-by: Wenzong Fan 
 ---
- mcstrans/src/mcstrans.init | 2 +-
+ src/mcstrans.init | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/mcstrans/src/mcstrans.init b/mcstrans/src/mcstrans.init
+diff --git a/src/mcstrans.init b/src/mcstrans.init
 index 2804ec0..c660290 100644
 a/mcstrans/src/mcstrans.init
-+++ b/mcstrans/src/mcstrans.init
+--- a/src/mcstrans.init
 b/src/mcstrans.init
 @@ -51,7 +51,7 @@ start(){
fi
  
diff --git a/recipes-security/selinux/policycoreutils/mcstrans-de-bashify.patch 
b/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
similarity index 22%
rename from recipes-security/selinux/policycoreutils/mcstrans-de-bashify.patch
rename to recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
index 86141a2..805d7e5 100644
--- a/recipes-security/selinux/policycoreutils/mcstrans-de-bashify.patch
+++ b/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
@@ -1,9 +1,23 @@
+commit

[yocto] [meta-selinux][PATCH 08/21] sepolgen: remove package

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

The package has been moved to selinux-python/sepolgen.

Signed-off-by: Wenzong Fan 
---
 recipes-security/selinux/sepolgen.inc| 34 
 recipes-security/selinux/sepolgen_2.6.bb |  7 ---
 recipes-security/selinux/sepolgen_git.bb |  7 ---
 3 files changed, 48 deletions(-)
 delete mode 100644 recipes-security/selinux/sepolgen.inc
 delete mode 100644 recipes-security/selinux/sepolgen_2.6.bb
 delete mode 100644 recipes-security/selinux/sepolgen_git.bb

diff --git a/recipes-security/selinux/sepolgen.inc 
b/recipes-security/selinux/sepolgen.inc
deleted file mode 100644
index daf213d..000
--- a/recipes-security/selinux/sepolgen.inc
+++ /dev/null
@@ -1,34 +0,0 @@
-SUMMARY = "Python modules for supporting various SELinux utilities."
-DESCRIPTION = "\
-This package contains a Python module that forms the core of the \
-modern audit2allow (which is a part of the package policycoreutils). \
-The sepolgen library is structured to give flexibility to the \
-application using it. The library contains: Reference Policy \
-Representation, which are Objects for representing policies and the \
-reference policy interfaces. Secondly, it has objects and algorithms \
-for representing access and sets of access in an abstract way and \
-searching that access. It also has a parser for reference policy \
-"headers". It contains infrastructure for parsing SELinux related \
-messages as produced by the audit system. It has facilities for \
-generating policy based on required access."
- 
-SECTION = "base"
-LICENSE = "LGPLv2+"
-
-FILES_${PN} = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"
-
-DEPENDS += "python"
-
-inherit python-dir
-
-FILES_${PN} += "${libdir}/python${PYTHON_BASEVERSION}/site-packages \
-   /var/lib/sepolgen"
-
-do_install() {
-   oe_runmake DESTDIR=${D} \
-   
PYTHONLIBDIR='${libdir}/python${PYTHON_BASEVERSION}/site-packages' \
-   install
-}
-
-BBCLASSEXTEND = "native"
-
diff --git a/recipes-security/selinux/sepolgen_2.6.bb 
b/recipes-security/selinux/sepolgen_2.6.bb
deleted file mode 100644
index 7825863..000
--- a/recipes-security/selinux/sepolgen_2.6.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-include selinux_20161014.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "84faa46a0eb0b603e903efeed239c244"
-SRC_URI[sha256sum] = 
"6a327b1576d914e57ad796a541a7a9bcceefb14c44539993de0fdb8e7a60"
diff --git a/recipes-security/selinux/sepolgen_git.bb 
b/recipes-security/selinux/sepolgen_git.bb
deleted file mode 100644
index 9b3cbe2..000
--- a/recipes-security/selinux/sepolgen_git.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-PR = "r99"
-PV = "1.2.1+git${SRCPV}"
-
-include selinux_git.inc
-include ${BPN}.inc
- 
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-- 
2.13.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-selinux][PATCH 07/21] policycoreutils: uprev to 2.7 (20170804)

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

Uprev the recipe file as is.

Some packages have been moved out from policycoreutils, they will be
added as new packages and the policycoreutils.inc need to be cleaned
up from later commits accordingly.

Moved packages:
From:To:
  - policycoreutils/gui  gui
  - policycoreutils/mcstrans mcstrans
  - policycoreutils/restorecond  restorecond
  - policycoreutils/sandbox  sandbox
  - policycoreutils/sepolicy/dbusdbus
  - policycoreutils/semodule_depssemodule-utils/semodule_deps
  - policycoreutils/semodule_expand  semodule-utils/semodule_expand
  - policycoreutils/semodule_linksemodule-utils/semodule_link
  - policycoreutils/semodule_package semodule-utils/semodule_package
  - policycoreutils/semanage python/semanage
  - policycoreutils/audit2allow  python/audit2allow
  - policycoreutils/sepolgen-ifgen   python/audit2allow/sepolgen-ifgen
  - policycoreutils/sepolicy python/sepolicy
  - policycoreutils/scripts/chcatpython/chcat

Released package list refer to:
  https://github.com/SELinuxProject/selinux/wiki/Releases

Cleanup the patch file that have been removed in 2.6:
  - policycoreutils-fts_flags-FTS_NOCHDIR.patch

Signed-off-by: Wenzong Fan 
---
 .../policycoreutils-fts_flags-FTS_NOCHDIR.patch| 25 --
 ...licycoreutils_2.6.bb => policycoreutils_2.7.bb} |  6 +++---
 2 files changed, 3 insertions(+), 28 deletions(-)
 delete mode 100644 
recipes-security/selinux/policycoreutils/policycoreutils-fts_flags-FTS_NOCHDIR.patch
 rename recipes-security/selinux/{policycoreutils_2.6.bb => 
policycoreutils_2.7.bb} (74%)

diff --git 
a/recipes-security/selinux/policycoreutils/policycoreutils-fts_flags-FTS_NOCHDIR.patch
 
b/recipes-security/selinux/policycoreutils/policycoreutils-fts_flags-FTS_NOCHDIR.patch
deleted file mode 100644
index fd04b51..000
--- 
a/recipes-security/selinux/policycoreutils/policycoreutils-fts_flags-FTS_NOCHDIR.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-This works around a bug in the default libc used by OE. FTS functions are
-supposed to change the current working directory as they walk the file
-hierarchy. The fts_accpath member of the FTSENT structure relies on this
-behavior and without it the path is not relative to cwd as expected.
-Supplying the FTS_NOCHDIR flag disables this optimization and causes
-fts_accpath to be relative to the directory where the traversal started.
-Use of this flag doesn't effect compatibility with glibc.
-
-An alternative fix could replace the use of fts_accpath with fts_path
-which is absolute.
-
-Signed-off-by: Philip Tricca 
-Index: policycoreutils/setfiles/setfiles.c
-===
 policycoreutils.orig/setfiles/setfiles.c
-+++ policycoreutils/setfiles/setfiles.c
-@@ -194,7 +194,7 @@ int main(int argc, char **argv)
-   r_opts.expand_realpath = 0;
-   r_opts.abort_on_error = 1;
-   r_opts.add_assoc = 1;
--  r_opts.fts_flags = FTS_PHYSICAL | FTS_XDEV;
-+  r_opts.fts_flags = FTS_PHYSICAL | FTS_XDEV | FTS_NOCHDIR;
-   ctx_validate = 1;
-   } else {
-   /*
diff --git a/recipes-security/selinux/policycoreutils_2.6.bb 
b/recipes-security/selinux/policycoreutils_2.7.bb
similarity index 74%
rename from recipes-security/selinux/policycoreutils_2.6.bb
rename to recipes-security/selinux/policycoreutils_2.7.bb
index 6a625b3..50f15d0 100644
--- a/recipes-security/selinux/policycoreutils_2.6.bb
+++ b/recipes-security/selinux/policycoreutils_2.7.bb
@@ -1,10 +1,10 @@
-include selinux_20161014.inc
+include selinux_20170804.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
-SRC_URI[md5sum] = "0358f0136e2dd9a8c9e99f181aaab1b2"
-SRC_URI[sha256sum] = 
"68891b376f5048edc53c6ccb2fca44da3dc7f4563f4b6894e201d70c04a05a29"
+SRC_URI[md5sum] = "65311b66ae01f7b7ad7c2ea7401b68ed"
+SRC_URI[sha256sum] = 
"0a1b8a4a323b854981c6755ff025fe98a0f1cff307f109abb260f0490f13e4f4"
 
 SRC_URI += "\
file://policycoreutils-fix-sepolicy-install-path.patch \
-- 
2.13.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-selinux][PATCH 05/21] checkpolicy: uprev to 2.7 (20170804)

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

Remove patch that included by new version:
  - checkpolicy-Do-not-link-against-libfl.patch

Specify LIBSEPOLA to fix build error:
  make[1]: *** No rule to make target `/usr/lib/libsepol.a'

Signed-off-by: Wenzong Fan 
---
 recipes-security/selinux/checkpolicy.inc   |  3 +-
 .../checkpolicy-Do-not-link-against-libfl.patch| 46 --
 .../{checkpolicy_2.6.bb => checkpolicy_2.7.bb} |  6 +--
 3 files changed, 4 insertions(+), 51 deletions(-)
 delete mode 100644 
recipes-security/selinux/checkpolicy/checkpolicy-Do-not-link-against-libfl.patch
 rename recipes-security/selinux/{checkpolicy_2.6.bb => checkpolicy_2.7.bb} 
(35%)

diff --git a/recipes-security/selinux/checkpolicy.inc 
b/recipes-security/selinux/checkpolicy.inc
index efcd821..878c656 100644
--- a/recipes-security/selinux/checkpolicy.inc
+++ b/recipes-security/selinux/checkpolicy.inc
@@ -11,10 +11,9 @@ LICENSE = "GPLv2+"
 
 DEPENDS += "libsepol bison-native flex-native"
 
-SRC_URI += "file://checkpolicy-Do-not-link-against-libfl.patch"
-
 EXTRA_OEMAKE += "PREFIX=${D}" 
 EXTRA_OEMAKE += "LEX='flex'"
+EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
 
 do_install_append() {
install test/dismod ${D}/${bindir}/sedismod
diff --git 
a/recipes-security/selinux/checkpolicy/checkpolicy-Do-not-link-against-libfl.patch
 
b/recipes-security/selinux/checkpolicy/checkpolicy-Do-not-link-against-libfl.patch
deleted file mode 100644
index e19209e..000
--- 
a/recipes-security/selinux/checkpolicy/checkpolicy-Do-not-link-against-libfl.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-checkpolicy: Don't link against libfl
-
-In policy_scan.l file, we have already removed all references to yywrap by
-adding "%option noyywrap" statements to each flex source file that doesn't
-override yywrap. After this, we no longer need to link against libfl and so
-no longer get errors about undefined references to yylex.
-
-Upstream-status: Pending
-
-Signed-off-by: Chong Lu 
-Signed-off-by: Shrikant Bobade ¶
-

- Makefile  |2 +-
- test/Makefile |2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index e5fae3d..14ac70e 100644
 a/Makefile
-+++ b/Makefile
-@@ -19,7 +19,7 @@ CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o 
parse_util.o \
- CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
- CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
- 
--LDLIBS=$(LIBDIR)/libsepol.a -lfl
-+LDLIBS=$(LIBDIR)/libsepol.a
- 
- GENERATED=lex.yy.c y.tab.c y.tab.h
- 
-diff --git a/test/Makefile b/test/Makefile
-index 63b4d24..0f19a8a 100644
 a/test/Makefile
-+++ b/test/Makefile
-@@ -9,7 +9,7 @@ INCLUDEDIR ?= $(PREFIX)/include
- CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
- override CFLAGS += -I$(INCLUDEDIR)
- 
--LDLIBS=-lfl $(LIBDIR)/libsepol.a -L$(LIBDIR)
-+LDLIBS=$(LIBDIR)/libsepol.a -L$(LIBDIR)
- 
- all: dispol dismod
- 
--- 
-1.7.9.5
-
diff --git a/recipes-security/selinux/checkpolicy_2.6.bb 
b/recipes-security/selinux/checkpolicy_2.7.bb
similarity index 35%
rename from recipes-security/selinux/checkpolicy_2.6.bb
rename to recipes-security/selinux/checkpolicy_2.7.bb
index f67c150..90b8109 100644
--- a/recipes-security/selinux/checkpolicy_2.6.bb
+++ b/recipes-security/selinux/checkpolicy_2.7.bb
@@ -1,7 +1,7 @@
-include selinux_20161014.inc
+include selinux_20170804.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
-SRC_URI[md5sum] = "2b581f8fe8eb8f55f111088e15d76c3a"
-SRC_URI[sha256sum] = 
"0bebd18688ca8027b1b3b4ff1532c0626f1fe49883ae6cb74d9d385940e74157"
+SRC_URI[md5sum] = "5c718eaad4d3015bd5665ffde77b50fd"
+SRC_URI[sha256sum] = 
"5413479f1dcde866c19896b4dbfec315d822aa431606e1d03c944408984c3201"
-- 
2.13.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-selinux][PATCH 06/21] secilc: uprev to 2.7 (20170804)

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

Signed-off-by: Wenzong Fan 
---
 recipes-security/selinux/{secilc_2.6.bb => secilc_2.7.bb} | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 rename recipes-security/selinux/{secilc_2.6.bb => secilc_2.7.bb} (35%)

diff --git a/recipes-security/selinux/secilc_2.6.bb 
b/recipes-security/selinux/secilc_2.7.bb
similarity index 35%
rename from recipes-security/selinux/secilc_2.6.bb
rename to recipes-security/selinux/secilc_2.7.bb
index 0f84b0e..611f165 100644
--- a/recipes-security/selinux/secilc_2.6.bb
+++ b/recipes-security/selinux/secilc_2.7.bb
@@ -1,7 +1,7 @@
-include selinux_20161014.inc
+include selinux_20170804.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=5fb82e8deb357d4e5fd8f3fed01d2f38"
 
-SRC_URI[md5sum] = "38c06fb8d97206a12016b4516ee23efc"
-SRC_URI[sha256sum] = 
"a84838c15bb7b0141238b48294b15ff0e1618107f547541a0067d1ddabcc9502"
+SRC_URI[md5sum] = "301a4e477bc7214be16558f7c2dcbcff"
+SRC_URI[sha256sum] = 
"9ec63dd64645c718f66d33c96299adfe0445b0aa62d7ac8c642f873c570609c5"
-- 
2.13.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-selinux][PATCH 04/21] libsemanage: uprev to 2.7 (20170804)

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

Remove patches that included by new version:
  - 0001-libsemanage-simplify-string-utilities-functions.patch
  - 0002-libsemanage-add-semanage_str_replace-utility-functio.patch
  - 0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
  - 0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch
  - libsemanage-fix-path-len-limit.patch

Rebase patch:
  - libsemanage-allow-to-disable-audit-support.patch

Set PYCEXT and PYSITEDIR to generate the _semanage.so and install it
to ${libdir}/python${PYTHON_BASEVERSION}/site-packages.

Signed-off-by: Wenzong Fan 
---
 recipes-security/selinux/libsemanage.inc   |   2 +
 ...anage-simplify-string-utilities-functions.patch | 115 
 ...-add-semanage_str_replace-utility-functio.patch | 164 ---
 ...manage-genhomedircon-drop-ustr-dependency.patch | 323 -
 ...-remove-ustr-library-from-Makefiles-READM.patch |  61 
 ...ibsemanage-allow-to-disable-audit-support.patch |  68 +++--
 .../libsemanage-fix-path-len-limit.patch   |  28 --
 .../{libsemanage_2.6.bb => libsemanage_2.7.bb} |  11 +-
 8 files changed, 42 insertions(+), 730 deletions(-)
 delete mode 100644 
recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
 delete mode 100644 
recipes-security/selinux/libsemanage/0002-libsemanage-add-semanage_str_replace-utility-functio.patch
 delete mode 100644 
recipes-security/selinux/libsemanage/0003-libsemanage-genhomedircon-drop-ustr-dependency.patch
 delete mode 100644 
recipes-security/selinux/libsemanage/0004-libsemanage-remove-ustr-library-from-Makefiles-READM.patch
 delete mode 100644 
recipes-security/selinux/libsemanage/libsemanage-fix-path-len-limit.patch
 rename recipes-security/selinux/{libsemanage_2.6.bb => libsemanage_2.7.bb} 
(50%)

diff --git a/recipes-security/selinux/libsemanage.inc 
b/recipes-security/selinux/libsemanage.inc
index 504101d..9b238c8 100644
--- a/recipes-security/selinux/libsemanage.inc
+++ b/recipes-security/selinux/libsemanage.inc
@@ -40,6 +40,8 @@ do_install() {
 
 oe_runmake install-pywrap swigify \
 DESTDIR=${D} \
+PYCEXT='.so' \
+
PYSITEDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages' \
 PYLIBVER='python${PYTHON_BASEVERSION}' \
 PYLIBDIR='${D}/${libdir}/$(PYLIBVER)'
 
diff --git 
a/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
 
b/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
deleted file mode 100644
index fd478d0..000
--- 
a/recipes-security/selinux/libsemanage/0001-libsemanage-simplify-string-utilities-functions.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From 514a5df959ea0e13db4e87f73c2ac5edcceebd52 Mon Sep 17 00:00:00 2001
-From: Nicolas Iooss 
-Date: Wed, 21 Dec 2016 19:21:01 +0100
-Subject: [meta-selinux][PATCH 1/4] libsemanage: simplify string utilities 
functions
-
-Use string functions from C standard library instead of ustr. This makes
-the code simpler and make utilities.c no longer depend on ustr library.
-
-This changes how semanage_split() behaves when delim is not empty (NULL
-or "") and the input string contains several successive delimiters:
-semanage_split("foobar", ":") returned "bar" and now returns ":bar".
-This would not have any impact in the current code as semanage_split()
-is only called with delim="=" (through semanage_findval(), in
-libsemanage/src/genhomedircon.c), in order to split a "key=value"
-statement.
-
-Signed-off-by: Nicolas Iooss 
-(cherry picked from commit a228bb3736c5957d41ad9e01eb1283fc6883a6e5)

- libsemanage/src/utilities.c | 59 ++---
- 1 file changed, 13 insertions(+), 46 deletions(-)
-
-diff --git a/libsemanage/src/utilities.c b/libsemanage/src/utilities.c
-index f48ffa4..fa86cc7 100644
 a/libsemanage/src/utilities.c
-+++ b/libsemanage/src/utilities.c
-@@ -26,7 +26,6 @@
- #include 
- #include 
- #include 
--#include 
- 
- #define TRUE 1
- #define FALSE 0
-@@ -74,64 +73,32 @@ char *semanage_split_on_space(const char *str)
- {
-   /* as per the man page, these are the isspace() chars */
-   const char *seps = "\f\n\r\t\v ";
--  size_t slen = strlen(seps);
--  size_t off = 0, rside_len = 0;
--  char *retval = NULL;
--  Ustr *ustr = USTR_NULL, *temp = USTR_NULL;
-+  size_t off = 0;
- 
-   if (!str)
--  goto done;
--  if (!(ustr = ustr_dup_cstr(str)))
--  goto done;
--  temp =
--  ustr_split_spn_chrs(ustr, , seps, slen, USTR_NULL,
--  USTR_FLAG_SPLIT_DEF);
--  if (!temp)
--  goto done;
--  /* throw away the left hand side */
--  ustr_sc_free();
--
--  rside_len = ustr_len(ustr) - off;
--  temp = ustr_dup_subustr(ustr, off +

[yocto] [meta-selinux][PATCH 03/21] libselinux: uprev to 2.7 (20170804)

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

Specify LIBSEPOLA to fix build error:
  make[1]: *** No rule to make target `/usr/lib/libsepol.a',
  needed by `python-2.7audit2why.so'.  Stop.

Add python-importlib to RDEPENDS_${PN}-python.

Signed-off-by: Wenzong Fan 
---
 recipes-security/selinux/libselinux.inc   | 3 ++-
 recipes-security/selinux/{libselinux_2.6.bb => libselinux_2.7.bb} | 6 +++---
 2 files changed, 5 insertions(+), 4 deletions(-)
 rename recipes-security/selinux/{libselinux_2.6.bb => libselinux_2.7.bb} (72%)

diff --git a/recipes-security/selinux/libselinux.inc 
b/recipes-security/selinux/libselinux.inc
index ad00d10..bd5ce8d 100644
--- a/recipes-security/selinux/libselinux.inc
+++ b/recipes-security/selinux/libselinux.inc
@@ -8,6 +8,7 @@ LICENSE = "PD"
 inherit lib_package pythonnative
 
 DEPENDS += "libsepol python libpcre swig-native"
+RDEPENDS_${PN}-python += "python-importlib"
 
 PACKAGES += "${PN}-python"
 FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"
@@ -21,7 +22,7 @@ def get_policyconfigarch(d):
 return "ARCH=%s" % (target)
 EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
 
-EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre'"
+EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre' 
LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'"
 
 do_compile_append() {
 oe_runmake pywrap -j1 \
diff --git a/recipes-security/selinux/libselinux_2.6.bb 
b/recipes-security/selinux/libselinux_2.7.bb
similarity index 72%
rename from recipes-security/selinux/libselinux_2.6.bb
rename to recipes-security/selinux/libselinux_2.7.bb
index b9ad231..e0d01fc 100644
--- a/recipes-security/selinux/libselinux_2.6.bb
+++ b/recipes-security/selinux/libselinux_2.7.bb
@@ -1,10 +1,10 @@
-include selinux_20161014.inc
+include selinux_20170804.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
 
-SRC_URI[md5sum] = "0e066ba6d6e590ba4b53eed64905d901"
-SRC_URI[sha256sum] = 
"4ea2dde50665c202253ba5caac7738370ea0337c47b251ba981c60d24e1a118a"
+SRC_URI[md5sum] = "1d48ee4e9fadd76794d70c806b69ba7d"
+SRC_URI[sha256sum] = 
"d0fec0769b3ad60aa7baf9b9a4b7a056827769dc2dadda0dc0eb59b3d1c18c57"
 
 SRC_URI += "\
 file://libselinux-drop-Wno-unused-but-set-variable.patch \
-- 
2.13.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-selinux][PATCH 02/21] libsepol: uprev to 2.7 (20170804)

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

Signed-off-by: Wenzong Fan 
---
 recipes-security/selinux/{libsepol_2.6.bb => libsepol_2.7.bb} | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 rename recipes-security/selinux/{libsepol_2.6.bb => libsepol_2.7.bb} (49%)

diff --git a/recipes-security/selinux/libsepol_2.6.bb 
b/recipes-security/selinux/libsepol_2.7.bb
similarity index 49%
rename from recipes-security/selinux/libsepol_2.6.bb
rename to recipes-security/selinux/libsepol_2.7.bb
index e593fe9..f38f7ba 100644
--- a/recipes-security/selinux/libsepol_2.6.bb
+++ b/recipes-security/selinux/libsepol_2.7.bb
@@ -1,9 +1,9 @@
-include selinux_20161014.inc
+include selinux_20170804.inc
 include ${BPN}.inc
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
 
-SRC_URI[md5sum] = "dc1dfd31aea4c6e4b521f3aa2bddf7de"
-SRC_URI[sha256sum] = 
"d856d6506054f52abeaa3543ea2f2344595a3dc05d0d873ed7f724f7a16b1874"
+SRC_URI[md5sum] = "9424b93fd6efd853b9360f29265c5aa3"
+SRC_URI[sha256sum] = 
"d69d3bd8ec901a3bd5adf2be2fb47fb1a685ed73066ab482e7e505371a48f9e7"
 
 SRC_URI += "file://0001-src-Makefile-fix-includedir-in-libsepol.pc.patch"
-- 
2.13.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

[yocto] [meta-selinux][PATCH 01/21] selinux: uprev include file to 20170804

2017-09-05 Thread wenzong.fan 
From: Wenzong Fan 

Signed-off-by: Wenzong Fan 
---
 recipes-security/selinux/{selinux_20161014.inc => selinux_20170804.inc} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename recipes-security/selinux/{selinux_20161014.inc => selinux_20170804.inc} 
(84%)

diff --git a/recipes-security/selinux/selinux_20161014.inc 
b/recipes-security/selinux/selinux_20170804.inc
similarity index 84%
rename from recipes-security/selinux/selinux_20161014.inc
rename to recipes-security/selinux/selinux_20170804.inc
index c97e35b..1c11208 100644
--- a/recipes-security/selinux/selinux_20161014.inc
+++ b/recipes-security/selinux/selinux_20170804.inc
@@ -1,4 +1,4 @@
-SELINUX_RELEASE = "20161014"
+SELINUX_RELEASE = "20170804"
 
 SRC_URI = 
"https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz;
 
-- 
2.13.0

-- 
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto