[PATCH 1/4] xen: split the flask package into a policy and tools package

[PATCH 1/4] xen: split the flask package into a policy and tools package

[Derek Straka]

Signed-off-by: Derek Straka <derek@asterius.io>
---
 recipes-extended/xen/xen.inc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/recipes-extended/xen/xen.inc b/recipes-extended/xen/xen.inc
index 2eba012..bc5ff85 100644
--- a/recipes-extended/xen/xen.inc
+++ b/recipes-extended/xen/xen.inc
@@ -153,6 +153,7 @@ PACKAGES = "\
     ${PN}-doc \
     ${PN}-efi \
     ${PN}-flask \
+    ${PN}-flask-tools \
     ${PN}-fsimage \
     ${PN}-gdbsx \
     ${PN}-hvmloader \
@@ -342,13 +343,16 @@ FILES_${PN}-devd = "\
     "
 
 FILES_${PN}-flask = "\
+    /boot/xenpolicy-${PV} \
+    "
+
+FILES_${PN}-flask-tools = "\
     ${sbindir}/flask-get-bool \
     ${sbindir}/flask-getenforce \
     ${sbindir}/flask-label-pci \
     ${sbindir}/flask-loadpolicy \
     ${sbindir}/flask-set-bool \
     ${sbindir}/flask-setenforce \
-    /boot/xenpolicy-${PV} \
     "
 
 FILES_${PN}-gdbsx = "\
-- 
1.9.1

[PATCH 2/4] xen: add the ability to configure the name of the policy

[Derek Straka]

When using non-release versions, the policy files may have a different name (xenpolicy-${PV}-unstable).  Allow the policy file name to be configured by the xen recipe.

Signed-off-by: Derek Straka <derek@asterius.io>
---
 recipes-extended/xen/xen.inc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/recipes-extended/xen/xen.inc b/recipes-extended/xen/xen.inc
index bc5ff85..77740cf 100644
--- a/recipes-extended/xen/xen.inc
+++ b/recipes-extended/xen/xen.inc
@@ -17,6 +17,8 @@ PACKAGECONFIG ??= " \
     ${@bb.utils.contains('XEN_TARGET_ARCH', 'x86_64', 'hvm', '', d)} \
     "
 
+FLASK_POLICY_FILE ?= "xenpolicy-${PV}"
+
 PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,virtual/libsdl,"
 PACKAGECONFIG[xsm] = "--enable-xsmpolicy,--disable-xsmpolicy,checkpolicy-native,"
 PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd,"
@@ -343,7 +345,7 @@ FILES_${PN}-devd = "\
     "
 
 FILES_${PN}-flask = "\
-    /boot/xenpolicy-${PV} \
+    /boot/${FLASK_POLICY_FILE} \
     "
 
 FILES_${PN}-flask-tools = "\
-- 
1.9.1

[PATCH 3/4] xen: add the flask policy to the set of files installed to the deploy directory

[Derek Straka]

Signed-off-by: Derek Straka <derek@asterius.io>
---
 recipes-extended/xen/xen.inc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/recipes-extended/xen/xen.inc b/recipes-extended/xen/xen.inc
index 77740cf..bddab6b 100644
--- a/recipes-extended/xen/xen.inc
+++ b/recipes-extended/xen/xen.inc
@@ -878,6 +878,12 @@ do_deploy() {
     if [ -f ${D}/boot/xen.gz ]; then
         install -m 0644 ${D}/boot/xen.gz ${DEPLOYDIR}/xen-${MACHINE}.gz
     fi
+    # Install the flask policy in the deploy directory if it exists
+    if [ -f ${D}/boot/${FLASK_POLICY_FILE} ]; then
+        install -m 0644 ${D}/boot/${FLASK_POLICY_FILE} ${DEPLOYDIR}
+        ln -sf ${FLASK_POLICY_FILE} xenpolicy-${MACHINE}
+        mv xenpolicy-${MACHINE} ${DEPLOYDIR}
+    fi
 }
 
 addtask deploy after do_populate_sysroot
-- 
1.9.1

[PATCH 4/4] xen: add the extra packages released with xen 4.7

[Derek Straka]

Signed-off-by: Derek Straka <derek@asterius.io>
---
 recipes-extended/xen/xen.inc | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/recipes-extended/xen/xen.inc b/recipes-extended/xen/xen.inc
index bddab6b..96255ec 100644
--- a/recipes-extended/xen/xen.inc
+++ b/recipes-extended/xen/xen.inc
@@ -165,8 +165,16 @@ PACKAGES = "\
     ${PN}-libblktapctl \
     ${PN}-libblktapctl-dev \
     ${PN}-libblktap-dev \
+    ${PN}-libxencall \
+    ${PN}-libxencall-dev \
+    ${PN}-libxenevtchn \
+    ${PN}-libxenevtchn-dev \
+    ${PN}-libxenforeignmemory \
+    ${PN}-libxenforeignmemory-dev \
     ${PN}-libfsimage \
     ${PN}-libfsimage-dev \
+    ${PN}-libxengnttab \
+    ${PN}-libxengnttab-dev \
     ${PN}-libvhd \
     ${PN}-libvhd-dev \
     ${PN}-libxenctrl \
@@ -179,6 +187,8 @@ PACKAGES = "\
     ${PN}-libxenstat-dev \
     ${PN}-libxenstore \
     ${PN}-libxenstore-dev \
+    ${PN}-libxentoollog \
+    ${PN}-libxentoollog-dev \
     ${PN}-libxenvchan \
     ${PN}-libxenvchan-dev \
     ${PN}-libxlutil \
@@ -204,6 +214,7 @@ PACKAGES = "\
     ${PN}-xenstat \
     ${PN}-xenstore \
     ${PN}-xenstored \
+    ${PN}-init-xenstore-dom \
     ${PN}-xentrace \
     ${PN}-xen-watchdog \
     ${PN}-xl \
@@ -291,12 +302,29 @@ FILES_${PN}-libxenstat-dev = "${libdir}/libxenstat.so"
 FILES_${PN}-libxenstore = "${libdir}/libxenstore.so.*"
 FILES_${PN}-libxenstore-dev = "${libdir}/libxenstore.so"
 
+FILES_${PN}-init-xenstore-dom = "${libdir}/xen/bin/init-xenstore-domain"
+
 FILES_${PN}-libblktap = "${libdir}/libblktap.so.*"
 FILES_${PN}-libblktap-dev = "${libdir}/libblktap.so"
 
+FILES_${PN}-libxencall = "${libdir}/libxencall.so.*"
+FILES_${PN}-libxencall-dev = "${libdir}/libxencall.so"
+
+FILES_${PN}-libxenevtchn = "${libdir}/libxenevtchn.so.*"
+FILES_${PN}-libxenevtchn-dev = "${libdir}/libxenevtchn.so"
+
+FILES_${PN}-libxenforeignmemory = "${libdir}/libxenforeignmemory.so.*"
+FILES_${PN}-libxenforeignmemory-dev = "${libdir}/libxenforeignmemory.so"
+
 FILES_${PN}-libfsimage = "${libdir}/libfsimage.so.*"
 FILES_${PN}-libfsimage-dev = "${libdir}/libfsimage.so"
 
+FILES_${PN}-libxengnttab = "${libdir}/libxengnttab.so.*"
+FILES_${PN}-libxengnttab-dev = "${libdir}/libxengnttab.so"
+
+FILES_${PN}-libxentoollog = "${libdir}/libxentoollog.so.*"
+FILES_${PN}-libxentoollog-dev = "${libdir}/libxentoollog.so"
+
 FILES_${PN}-fsimage = "${libdir}/fs/*/*fsimage.so"
 
 FILES_${PN}-hypervisor = "\
-- 
1.9.1

Re: [PATCH 1/4] xen: split the flask package into a policy and tools package

[Doug Goldstein]

[-- Attachment #1.1: Type: text/plain, Size: 169 bytes --]

On 3/24/16 10:31 AM, Derek Straka wrote:
> Signed-off-by: Derek Straka <derek@asterius.io>

Reviewed-by: Doug Goldstein <cardoe@cardoe.com>

-- 
Doug Goldstein


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 978 bytes --]

Re: [PATCH 2/4] xen: add the ability to configure the name of the policy

[Doug Goldstein]

[-- Attachment #1.1: Type: text/plain, Size: 351 bytes --]

On 3/24/16 10:31 AM, Derek Straka wrote:
> When using non-release versions, the policy files may have a different name (xenpolicy-${PV}-unstable).  Allow the policy file name to be configured by the xen recipe.
> 
> Signed-off-by: Derek Straka <derek@asterius.io>
> ---

Reviewed-by: Doug Goldstein <cardoe@cardoe.com>

-- 
Doug Goldstein


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 978 bytes --]

Re: [PATCH 3/4] xen: add the flask policy to the set of files installed to the deploy directory

[Doug Goldstein]

[-- Attachment #1.1: Type: text/plain, Size: 176 bytes --]

On 3/24/16 10:31 AM, Derek Straka wrote:
> Signed-off-by: Derek Straka <derek@asterius.io>
> ---

Reviewed-by: Doug Goldstein <cardoe@cardoe.com>

-- 
Doug Goldstein


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 978 bytes --]

Re: [PATCH 4/4] xen: add the extra packages released with xen 4.7

[Doug Goldstein]

[-- Attachment #1.1: Type: text/plain, Size: 176 bytes --]

On 3/24/16 10:31 AM, Derek Straka wrote:
> Signed-off-by: Derek Straka <derek@asterius.io>
> ---

Reviewed-by: Doug Goldstein <cardoe@cardoe.com>

-- 
Doug Goldstein


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 978 bytes --]

Re: [PATCH 1/4] xen: split the flask package into a policy and tools package

[Chris Patterson]

LGTM +1, tested.

On Thu, Mar 24, 2016 at 1:55 PM, Doug Goldstein <cardoe@cardoe.com> wrote:
> On 3/24/16 10:31 AM, Derek Straka wrote:
>> Signed-off-by: Derek Straka <derek@asterius.io>
>
> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
>
> --
> Doug Goldstein
>
>
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization
>

Re: [PATCH 2/4] xen: add the ability to configure the name of the policy

[Chris Patterson]

On Thu, Mar 24, 2016 at 11:31 AM, Derek Straka <derek@asterius.io> wrote:
> When using non-release versions, the policy files may have a different name (xenpolicy-${PV}-unstable).  Allow the policy file name to be configured by the xen recipe.
>
> Signed-off-by: Derek Straka <derek@asterius.io>
> ---
>  recipes-extended/xen/xen.inc | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/recipes-extended/xen/xen.inc b/recipes-extended/xen/xen.inc
> index bc5ff85..77740cf 100644
> --- a/recipes-extended/xen/xen.inc
> +++ b/recipes-extended/xen/xen.inc
> @@ -17,6 +17,8 @@ PACKAGECONFIG ??= " \
>      ${@bb.utils.contains('XEN_TARGET_ARCH', 'x86_64', 'hvm', '', d)} \
>      "
>
> +FLASK_POLICY_FILE ?= "xenpolicy-${PV}"
> +
>  PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,virtual/libsdl,"
>  PACKAGECONFIG[xsm] = "--enable-xsmpolicy,--disable-xsmpolicy,checkpolicy-native,"
>  PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd,"
> @@ -343,7 +345,7 @@ FILES_${PN}-devd = "\
>      "
>
>  FILES_${PN}-flask = "\
> -    /boot/xenpolicy-${PV} \
> +    /boot/${FLASK_POLICY_FILE} \

Looks fine to me, but could this just simply be a wildcard (i.e.
/boot/xenpolicy-*)?  Is there a case where it would generate multiple
images and you would want to key off just one?

Re: [PATCH 2/4] xen: add the ability to configure the name of the policy

[Derek Straka]

[-- Attachment #1: Type: text/plain, Size: 1769 bytes --]

I had the specific file called out for symlinking during do_deploy.  I can
wildcard the policy file here and symlink to the first one if more than one
policy file exists.  Right now I don't know of a case where more than one
policy is created, so it may never be an issue.

On Fri, Mar 25, 2016 at 9:26 PM, Chris Patterson <cjp256@gmail.com> wrote:

> On Thu, Mar 24, 2016 at 11:31 AM, Derek Straka <derek@asterius.io> wrote:
> > When using non-release versions, the policy files may have a different
> name (xenpolicy-${PV}-unstable).  Allow the policy file name to be
> configured by the xen recipe.
> >
> > Signed-off-by: Derek Straka <derek@asterius.io>
> > ---
> >  recipes-extended/xen/xen.inc | 4 +++-
> >  1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/recipes-extended/xen/xen.inc b/recipes-extended/xen/xen.inc
> > index bc5ff85..77740cf 100644
> > --- a/recipes-extended/xen/xen.inc
> > +++ b/recipes-extended/xen/xen.inc
> > @@ -17,6 +17,8 @@ PACKAGECONFIG ??= " \
> >      ${@bb.utils.contains('XEN_TARGET_ARCH', 'x86_64', 'hvm', '', d)} \
> >      "
> >
> > +FLASK_POLICY_FILE ?= "xenpolicy-${PV}"
> > +
> >  PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,virtual/libsdl,"
> >  PACKAGECONFIG[xsm] =
> "--enable-xsmpolicy,--disable-xsmpolicy,checkpolicy-native,"
> >  PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd,"
> > @@ -343,7 +345,7 @@ FILES_${PN}-devd = "\
> >      "
> >
> >  FILES_${PN}-flask = "\
> > -    /boot/xenpolicy-${PV} \
> > +    /boot/${FLASK_POLICY_FILE} \
>
> Looks fine to me, but could this just simply be a wildcard (i.e.
> /boot/xenpolicy-*)?  Is there a case where it would generate multiple
> images and you would want to key off just one?
>

[-- Attachment #2: Type: text/html, Size: 2418 bytes --]

Re: [PATCH 2/4] xen: add the ability to configure the name of the policy

[Chris Patterson]

On Mon, Mar 28, 2016 at 9:06 AM, Derek Straka <derek@asterius.io> wrote:
> I had the specific file called out for symlinking during do_deploy.  I can
> wildcard the policy file here and symlink to the first one if more than one
> policy file exists.  Right now I don't know of a case where more than one
> policy is created, so it may never be an issue.
>

Thank you, I missed the other patch and this makes more sense now. +1