Hi Yi, So, just to confirm, this is needed in your experience (I don't have any builders that are that old, so I haven't verified). I just ask because we only just dropped this patch to begin with:
commit 6edbe15c3dba7da0cffc1c11099867553e9d5570 Author: Yi Zhao <[email protected]> Date: Thu Nov 14 09:49:01 2019 +0800 audit: switch to python3 * Switch to python3 * Drop patches: audit-python-configure.patch audit-python.patch fix-swig-host-contamination.patch Signed-off-by: Yi Zhao <[email protected]> Signed-off-by: Joe MacDonald <[email protected]> If we need to bring it back, though, obviously no concerns about it since the last time I did and update I carried it along. :-) -J. [[meta-selinux][PATCH] audit: fix host contamination for swig] On 19.12.27 (Fri 10:43) Yi Zhao wrote: > The audit build uses swig to generate a python wrapper. But there is a > hardcoded include directory in auditswig.i, which causes header files on > the host to be used when building. This will cause build error on some > old systems. e.g. on CentOS7 with buildtools: > audit_wrap.c: In function '_wrap_audit_rule_flags_set': > audit_wrap.c:5018:19: error: dereferencing pointer to incomplete type > 'struct audit_rule' > 5018 if (arg1) (arg1)->flags = arg2; > ^~ > > Signed-off-by: Yi Zhao <[email protected]> > --- > .../Fixed-swig-host-contamination-issue.patch | 57 +++++++++++++++++++ > recipes-security/audit/audit_2.8.5.bb | 1 + > 2 files changed, 58 insertions(+) > create mode 100644 > recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch > > diff --git > a/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch > b/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch > new file mode 100644 > index 0000000..7c26995 > --- /dev/null > +++ b/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch > @@ -0,0 +1,57 @@ > +From a07271f1cce82122610b622bcea4a8a37528f321 Mon Sep 17 00:00:00 2001 > +From: Li xin <[email protected]> > +Date: Sun, 19 Jul 2015 02:42:58 +0900 > +Subject: [PATCH] audit: Fixed swig host contamination issue > + > +The audit build uses swig to generate a python wrapper. > +Unfortunately, the swig info file references host include > +directories. Some of these were previously noticed and > +eliminated, but the one fixed here was not. > + > +Upstream-Status: Inappropriate [embedded specific] > + > +Signed-off-by: Anders Hedlund <[email protected]> > +Signed-off-by: Joe Slater <[email protected]> > +Signed-off-by: Yi Zhao <[email protected]> > +--- > + bindings/swig/python3/Makefile.am | 3 ++- > + bindings/swig/src/auditswig.i | 2 +- > + 2 files changed, 3 insertions(+), 2 deletions(-) > + > +diff --git a/bindings/swig/python3/Makefile.am > b/bindings/swig/python3/Makefile.am > +index 9938418..fa46aac 100644 > +--- a/bindings/swig/python3/Makefile.am > ++++ b/bindings/swig/python3/Makefile.am > +@@ -22,6 +22,7 @@ > + CONFIG_CLEAN_FILES = *.loT *.rej *.orig > + AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing $(PYTHON3_CFLAGS) > + AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES) > ++STDINC ?= /usr/include > + LIBS = $(top_builddir)/lib/libaudit.la > + SWIG_FLAGS = -python -py3 -modern > + SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib > $(PYTHON3_INCLUDES) > +@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h > ${top_builddir}/lib/libaudi > + _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la > + nodist__audit_la_SOURCES = audit_wrap.c > + audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i > +- swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} > ${srcdir}/../src/auditswig.i > ++ swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} -I$(STDINC) > ${srcdir}/../src/auditswig.i > + > + CLEANFILES = audit.py* audit_wrap.c *~ > + > +diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i > +index 7ebb373..424fb68 100644 > +--- a/bindings/swig/src/auditswig.i > ++++ b/bindings/swig/src/auditswig.i > +@@ -39,7 +39,7 @@ signed > + #define __attribute(X) /*nothing*/ > + typedef unsigned __u32; > + typedef unsigned uid_t; > +-%include "/usr/include/linux/audit.h" > ++%include "linux/audit.h" > + #define __extension__ /*nothing*/ > + #include <stdint.h> > + %include "../lib/libaudit.h" > +-- > +2.7.4 > + > diff --git a/recipes-security/audit/audit_2.8.5.bb > b/recipes-security/audit/audit_2.8.5.bb > index 1e76d5f..ee3b3b5 100644 > --- a/recipes-security/audit/audit_2.8.5.bb > +++ b/recipes-security/audit/audit_2.8.5.bb > @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = > "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" > > SRC_URI = > "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintenance \ > file://Add-substitue-functions-for-strndupa-rawmemchr.patch \ > + file://Fixed-swig-host-contamination-issue.patch \ > file://auditd \ > file://auditd.service \ > file://audit-volatile.conf \ > -- > 2.17.1 > -- -Joe MacDonald. :wq
signature.asc
Description: PGP signature
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#47839): https://lists.yoctoproject.org/g/yocto/message/47839 Mute This Topic: https://lists.yoctoproject.org/mt/69281245/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
