* [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9
@ 2019-11-14 1:48 Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 01/19] python-ipy: upgrade to 1.00 and add python3 version Yi Zhao
` (18 more replies)
0 siblings, 19 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
* Upgrade to 2.9
* Switch to python3
* Refresh patches
Yi Zhao (19):
python-ipy: upgrade to 1.00 and add python3 version
selinux: uprev inc files to 2.9 (20190315)
libsepol: uprev to 2.9 (20190315)
libselinux: uprev to 2.9 (20190315)
libselinux-python: add recipe
libsemanage: uprev to 2.9 (20190315)
checkpolicy: uprev to 2.9 (20190315)
secilc: uprev to 2.9 (20190315)
policycoreutils: uprev to 2.9 (20190315)
mcstrans: uprev to 2.9 (20190315)
restorecond: uprev to 2.9 (20190315)
selinux-python: uprev to 2.9 (20190315)
selinux-dbus: uprev to 2.9 (20190315)
selinux-sandbox: uprev to 2.9 (20190315)
selinux-gui: uprev to 2.9 (20190315)
semodule-utils: uprev to 2.9 (20190315)
selinux-init: fix build error when enable usrmerge feature
setools: upgrade 4.1.1 -> 4.2.2
audit: switch to python3
recipes-devtools/python/python-ipy.inc | 18 +++
recipes-devtools/python/python-ipy_0.83.bb | 32 ------
recipes-devtools/python/python-ipy_1.00.bb | 2 +
recipes-devtools/python/python3-ipy_1.00.bb | 2 +
.../audit/audit/audit-python-configure.patch | 46 --------
.../audit/audit/audit-python.patch | 64 -----------
.../audit/fix-swig-host-contamination.patch | 56 ----------
recipes-security/audit/audit_2.8.5.bb | 11 +-
recipes-security/selinux/checkpolicy_2.8.bb | 7 --
recipes-security/selinux/checkpolicy_2.9.bb | 7 ++
.../selinux/libselinux-python.inc | 40 +++++++
...elinux_2.8.bb => libselinux-python_2.9.bb} | 14 ++-
recipes-security/selinux/libselinux.inc | 24 +---
...t-define-gettid-if-glibc-2.30-is-use.patch | 60 ----------
...file-fix-includedir-in-libselinux.pc.patch | 28 -----
.../{libselinux_2.8.bb => libselinux_2.9.bb} | 10 +-
recipes-security/selinux/libsemanage.inc | 26 ++---
...file-fix-includedir-in-libselinux.pc.patch | 28 -----
...anage-Fix-execve-segfaults-on-Ubuntu.patch | 12 +-
...anage-allow-to-disable-audit-support.patch | 26 +++--
...anage-define-FD_CLOEXEC-as-necessary.patch | 16 +--
...-disable-expand-check-on-policy-load.patch | 6 +-
...age-drop-Wno-unused-but-set-variable.patch | 12 +-
.../libsemanage-fix-path-nologin.patch | 39 -------
recipes-security/selinux/libsemanage_2.8.bb | 18 ---
recipes-security/selinux/libsemanage_2.9.bb | 15 +++
...kefile-fix-includedir-in-libsepol.pc.patch | 29 -----
recipes-security/selinux/libsepol_2.8.bb | 9 --
recipes-security/selinux/libsepol_2.9.bb | 7 ++
recipes-security/selinux/mcstrans.inc | 4 +-
.../mcstrans/mcstrans-de-bashify.patch | 23 ++--
...tch => mcstrans-fix-the-init-script.patch} | 14 ++-
recipes-security/selinux/mcstrans_2.8.bb | 7 --
recipes-security/selinux/mcstrans_2.9.bb | 7 ++
recipes-security/selinux/policycoreutils.inc | 16 +--
.../selinux/policycoreutils_2.8.bb | 8 --
.../selinux/policycoreutils_2.9.bb | 8 ++
...icycoreutils-make-O_CLOEXEC-optional.patch | 29 +++--
recipes-security/selinux/restorecond_2.8.bb | 7 --
recipes-security/selinux/restorecond_2.9.bb | 7 ++
recipes-security/selinux/secilc_2.8.bb | 7 --
recipes-security/selinux/secilc_2.9.bb | 7 ++
recipes-security/selinux/selinux-dbus.inc | 2 +-
recipes-security/selinux/selinux-dbus_2.8.bb | 7 --
recipes-security/selinux/selinux-dbus_2.9.bb | 7 ++
recipes-security/selinux/selinux-gui.inc | 2 +-
recipes-security/selinux/selinux-gui_2.8.bb | 7 --
recipes-security/selinux/selinux-gui_2.9.bb | 7 ++
recipes-security/selinux/selinux-initsh.inc | 5 +-
recipes-security/selinux/selinux-python.inc | 62 +++++------
.../fix-TypeError-for-seobject.py.patch | 30 -----
.../fix-sepolicy-install-path.patch | 8 +-
...ess-ValueError-for-sepolicy-seobject.patch | 47 --------
.../selinux/selinux-python_2.8.bb | 7 --
.../selinux/selinux-python_2.9.bb | 7 ++
recipes-security/selinux/selinux-sandbox.inc | 10 +-
.../selinux-sandbox/sandbox-de-bashify.patch | 9 +-
.../selinux/selinux-sandbox_2.8.bb | 7 --
.../selinux/selinux-sandbox_2.9.bb | 7 ++
recipes-security/selinux/selinux_20180524.inc | 5 -
recipes-security/selinux/selinux_20190315.inc | 8 ++
recipes-security/selinux/selinux_common.inc | 4 +-
.../selinux/semodule-utils_2.8.bb | 7 --
.../selinux/semodule-utils_2.9.bb | 7 ++
...e-with-GCC-7-due-to-possible-truncat.patch | 105 ------------------
...ss-compiling-errors-for-powerpc-mips.patch | 35 ------
.../setools4-fixes-for-cross-compiling.patch | 34 +++---
.../{setools_4.1.1.bb => setools_4.2.2.bb} | 14 +--
68 files changed, 348 insertions(+), 910 deletions(-)
create mode 100644 recipes-devtools/python/python-ipy.inc
delete mode 100644 recipes-devtools/python/python-ipy_0.83.bb
create mode 100644 recipes-devtools/python/python-ipy_1.00.bb
create mode 100644 recipes-devtools/python/python3-ipy_1.00.bb
delete mode 100644 recipes-security/audit/audit/audit-python-configure.patch
delete mode 100644 recipes-security/audit/audit/audit-python.patch
delete mode 100644 recipes-security/audit/audit/fix-swig-host-contamination.patch
delete mode 100644 recipes-security/selinux/checkpolicy_2.8.bb
create mode 100644 recipes-security/selinux/checkpolicy_2.9.bb
create mode 100644 recipes-security/selinux/libselinux-python.inc
copy recipes-security/selinux/{libselinux_2.8.bb => libselinux-python_2.9.bb} (50%)
delete mode 100644 recipes-security/selinux/libselinux/0001-libselinux-Do-not-define-gettid-if-glibc-2.30-is-use.patch
delete mode 100644 recipes-security/selinux/libselinux/0001-src-Makefile-fix-includedir-in-libselinux.pc.patch
rename recipes-security/selinux/{libselinux_2.8.bb => libselinux_2.9.bb} (50%)
delete mode 100644 recipes-security/selinux/libsemanage/0001-src-Makefile-fix-includedir-in-libselinux.pc.patch
delete mode 100644 recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch
delete mode 100644 recipes-security/selinux/libsemanage_2.8.bb
create mode 100644 recipes-security/selinux/libsemanage_2.9.bb
delete mode 100644 recipes-security/selinux/libsepol/0001-src-Makefile-fix-includedir-in-libsepol.pc.patch
delete mode 100644 recipes-security/selinux/libsepol_2.8.bb
create mode 100644 recipes-security/selinux/libsepol_2.9.bb
rename recipes-security/selinux/mcstrans/{0001-mcstrans-fix-the-init-script.patch => mcstrans-fix-the-init-script.patch} (69%)
delete mode 100644 recipes-security/selinux/mcstrans_2.8.bb
create mode 100644 recipes-security/selinux/mcstrans_2.9.bb
delete mode 100644 recipes-security/selinux/policycoreutils_2.8.bb
create mode 100644 recipes-security/selinux/policycoreutils_2.9.bb
delete mode 100644 recipes-security/selinux/restorecond_2.8.bb
create mode 100644 recipes-security/selinux/restorecond_2.9.bb
delete mode 100644 recipes-security/selinux/secilc_2.8.bb
create mode 100644 recipes-security/selinux/secilc_2.9.bb
delete mode 100644 recipes-security/selinux/selinux-dbus_2.8.bb
create mode 100644 recipes-security/selinux/selinux-dbus_2.9.bb
delete mode 100644 recipes-security/selinux/selinux-gui_2.8.bb
create mode 100644 recipes-security/selinux/selinux-gui_2.9.bb
delete mode 100644 recipes-security/selinux/selinux-python/fix-TypeError-for-seobject.py.patch
delete mode 100644 recipes-security/selinux/selinux-python/process-ValueError-for-sepolicy-seobject.patch
delete mode 100644 recipes-security/selinux/selinux-python_2.8.bb
create mode 100644 recipes-security/selinux/selinux-python_2.9.bb
delete mode 100644 recipes-security/selinux/selinux-sandbox_2.8.bb
create mode 100644 recipes-security/selinux/selinux-sandbox_2.9.bb
delete mode 100644 recipes-security/selinux/selinux_20180524.inc
create mode 100644 recipes-security/selinux/selinux_20190315.inc
delete mode 100644 recipes-security/selinux/semodule-utils_2.8.bb
create mode 100644 recipes-security/selinux/semodule-utils_2.9.bb
delete mode 100644 recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
delete mode 100644 recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
rename recipes-security/setools/{setools_4.1.1.bb => setools_4.2.2.bb} (61%)
--
2.17.1
^ permalink raw reply [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 01/19] python-ipy: upgrade to 1.00 and add python3 version
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
@ 2019-11-14 1:48 ` Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 02/19] selinux: uprev inc files to 2.9 (20190315) Yi Zhao
` (17 subsequent siblings)
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-devtools/python/python-ipy.inc | 18 ++++++++++++
recipes-devtools/python/python-ipy_0.83.bb | 32 ---------------------
recipes-devtools/python/python-ipy_1.00.bb | 2 ++
recipes-devtools/python/python3-ipy_1.00.bb | 2 ++
4 files changed, 22 insertions(+), 32 deletions(-)
create mode 100644 recipes-devtools/python/python-ipy.inc
delete mode 100644 recipes-devtools/python/python-ipy_0.83.bb
create mode 100644 recipes-devtools/python/python-ipy_1.00.bb
create mode 100644 recipes-devtools/python/python3-ipy_1.00.bb
diff --git a/recipes-devtools/python/python-ipy.inc b/recipes-devtools/python/python-ipy.inc
new file mode 100644
index 0000000..ba4c2bd
--- /dev/null
+++ b/recipes-devtools/python/python-ipy.inc
@@ -0,0 +1,18 @@
+SUMMARY = "Python module for handling IPv4 and IPv6 Addresses and Networks"
+DESCRIPTION = "IPy is a Python module for handling IPv4 and IPv6 Addresses and Networks \
+in a fashion similar to perl's Net::IP and friends. The IP class allows \
+a comfortable parsing and handling for most notations in use for IPv4 \
+and IPv6 Addresses and Networks."
+SECTION = "devel/python"
+HOMEPAGE = "https://github.com/haypo/python-ipy"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://COPYING;md5=848d24919845901b4f48bae5f13252e6"
+
+SRC_URI[md5sum] = "1a90c68174234672241a7e60c7ea0fb9"
+SRC_URI[sha256sum] = "2f2bf658a858d43868d8a4352b3889cf78c66e2ce678b300dcf518c9149ba621"
+
+inherit pypi
+
+PYPI_PACKAGE = "IPy"
+
+BBCLASSEXTEND = "native"
diff --git a/recipes-devtools/python/python-ipy_0.83.bb b/recipes-devtools/python/python-ipy_0.83.bb
deleted file mode 100644
index df060fa..0000000
--- a/recipes-devtools/python/python-ipy_0.83.bb
+++ /dev/null
@@ -1,32 +0,0 @@
-SUMMARY = "Python module for handling IPv4 and IPv6 Addresses and Networks"
-DESCRIPTION = "IPy is a Python module for handling IPv4 and IPv6 Addresses and Networks \
-in a fashion similar to perl's Net::IP and friends. The IP class allows \
-a comfortable parsing and handling for most notations in use for IPv4 \
-and IPv6 Addresses and Networks."
-SECTION = "devel/python"
-HOMEPAGE = "https://github.com/haypo/python-ipy"
-DEPENDS = "python"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://COPYING;md5=ebc0028ff5cdaf7796604875027dcd55"
-
-SRC_URI = "https://pypi.python.org/packages/source/I/IPy/IPy-${PV}.tar.gz"
-
-SRC_URI[md5sum] = "7b8c6eb4111b15aea31b67108e769712"
-SRC_URI[sha256sum] = "61da5a532b159b387176f6eabf11946e7458b6df8fb8b91ff1d345ca7a6edab8"
-
-S = "${WORKDIR}/IPy-${PV}"
-
-inherit distutils
-
-# need to export these variables for python-config to work
-export BUILD_SYS
-export HOST_SYS
-export STAGING_INCDIR
-export STAGING_LIBDIR
-
-BBCLASSEXTEND = "native"
-
-do_install_append() {
- install -d ${D}/${datadir}/doc/${BPN}-${PV}
- install AUTHORS COPYING ChangeLog README ${D}/${datadir}/doc/${BPN}-${PV}
-}
diff --git a/recipes-devtools/python/python-ipy_1.00.bb b/recipes-devtools/python/python-ipy_1.00.bb
new file mode 100644
index 0000000..587a517
--- /dev/null
+++ b/recipes-devtools/python/python-ipy_1.00.bb
@@ -0,0 +1,2 @@
+inherit setuptools
+require python-ipy.inc
diff --git a/recipes-devtools/python/python3-ipy_1.00.bb b/recipes-devtools/python/python3-ipy_1.00.bb
new file mode 100644
index 0000000..ea6a105
--- /dev/null
+++ b/recipes-devtools/python/python3-ipy_1.00.bb
@@ -0,0 +1,2 @@
+inherit setuptools3
+require python-ipy.inc
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 02/19] selinux: uprev inc files to 2.9 (20190315)
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 01/19] python-ipy: upgrade to 1.00 and add python3 version Yi Zhao
@ 2019-11-14 1:48 ` Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 03/19] libsepol: uprev " Yi Zhao
` (16 subsequent siblings)
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
* Update SRC_URI
* Add UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/selinux_20180524.inc | 5 -----
recipes-security/selinux/selinux_20190315.inc | 8 ++++++++
recipes-security/selinux/selinux_common.inc | 4 +---
3 files changed, 9 insertions(+), 8 deletions(-)
delete mode 100644 recipes-security/selinux/selinux_20180524.inc
create mode 100644 recipes-security/selinux/selinux_20190315.inc
diff --git a/recipes-security/selinux/selinux_20180524.inc b/recipes-security/selinux/selinux_20180524.inc
deleted file mode 100644
index b36b333..0000000
--- a/recipes-security/selinux/selinux_20180524.inc
+++ /dev/null
@@ -1,5 +0,0 @@
-SELINUX_RELEASE = "20180524"
-
-SRC_URI = "https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz"
-
-include selinux_common.inc
diff --git a/recipes-security/selinux/selinux_20190315.inc b/recipes-security/selinux/selinux_20190315.inc
new file mode 100644
index 0000000..e79dd54
--- /dev/null
+++ b/recipes-security/selinux/selinux_20190315.inc
@@ -0,0 +1,8 @@
+SELINUX_RELEASE = "20190315"
+
+SRC_URI = "https://github.com/SELinuxProject/selinux/releases/download/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz"
+
+UPSTREAM_CHECK_URI = "https://github.com/SELinuxProject/selinux/releases"
+UPSTREAM_CHECK_REGEX = "libselinux-(?P<pver>.+)\.tar\.gz"
+
+require selinux_common.inc
diff --git a/recipes-security/selinux/selinux_common.inc b/recipes-security/selinux/selinux_common.inc
index 383f62d..f6c4a6b 100644
--- a/recipes-security/selinux/selinux_common.inc
+++ b/recipes-security/selinux/selinux_common.inc
@@ -1,9 +1,7 @@
HOMEPAGE = "https://github.com/SELinuxProject"
do_compile() {
- oe_runmake all \
- INCLUDEDIR='${STAGING_INCDIR}' \
- LIBDIR='${STAGING_LIBDIR}'
+ oe_runmake all
}
do_install() {
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 03/19] libsepol: uprev to 2.9 (20190315)
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 01/19] python-ipy: upgrade to 1.00 and add python3 version Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 02/19] selinux: uprev inc files to 2.9 (20190315) Yi Zhao
@ 2019-11-14 1:48 ` Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 04/19] libselinux: " Yi Zhao
` (15 subsequent siblings)
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
* Drop patch 0001-src-Makefile-fix-includedir-in-libsepol.pc.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...kefile-fix-includedir-in-libsepol.pc.patch | 29 -------------------
recipes-security/selinux/libsepol_2.8.bb | 9 ------
recipes-security/selinux/libsepol_2.9.bb | 7 +++++
3 files changed, 7 insertions(+), 38 deletions(-)
delete mode 100644 recipes-security/selinux/libsepol/0001-src-Makefile-fix-includedir-in-libsepol.pc.patch
delete mode 100644 recipes-security/selinux/libsepol_2.8.bb
create mode 100644 recipes-security/selinux/libsepol_2.9.bb
diff --git a/recipes-security/selinux/libsepol/0001-src-Makefile-fix-includedir-in-libsepol.pc.patch b/recipes-security/selinux/libsepol/0001-src-Makefile-fix-includedir-in-libsepol.pc.patch
deleted file mode 100644
index 987fdab..0000000
--- a/recipes-security/selinux/libsepol/0001-src-Makefile-fix-includedir-in-libsepol.pc.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 074dbf2f104d1a6ea1aa048600f44f9701c70a60 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Thu, 18 Feb 2016 02:04:59 +0000
-Subject: [PATCH] src/Makefile: fix includedir in libsepol.pc
-
-Upstream-Status: Pending
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- src/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/Makefile b/src/Makefile
-index ccb7023..2bb6290 100644
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -51,7 +51,7 @@ $(LIBSO): $(LOBJS) $(LIBMAP)
- ln -sf $@ $(TARGET)
-
- $(LIBPC): $(LIBPC).in ../VERSION
-- sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
-+ sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:${libdir}:; s:@includedir@:${prefix}/include:' < $< > $@
-
- $(LIBMAP): $(LIBMAP).in
- ifneq ($(DISABLE_CIL),y)
---
-2.7.4
-
diff --git a/recipes-security/selinux/libsepol_2.8.bb b/recipes-security/selinux/libsepol_2.8.bb
deleted file mode 100644
index d1f905b..0000000
--- a/recipes-security/selinux/libsepol_2.8.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-include selinux_20180524.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
-
-SRC_URI[md5sum] = "c19aa9dde1e78d1c2bd3109579e4d484"
-SRC_URI[sha256sum] = "3ad6916a8352bef0bad49acc8037a5f5b48c56f94e4cb4e1959ca475fa9d24d6"
-
-SRC_URI += "file://0001-src-Makefile-fix-includedir-in-libsepol.pc.patch"
diff --git a/recipes-security/selinux/libsepol_2.9.bb b/recipes-security/selinux/libsepol_2.9.bb
new file mode 100644
index 0000000..cd55be6
--- /dev/null
+++ b/recipes-security/selinux/libsepol_2.9.bb
@@ -0,0 +1,7 @@
+require selinux_20190315.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
+
+SRC_URI[md5sum] = "2fdefe870a61424d8f2d5d37551c6259"
+SRC_URI[sha256sum] = "a34b12b038d121e3e459b1cbaca3c9202e983137819c16baf63658390e3f1d5d"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 04/19] libselinux: uprev to 2.9 (20190315)
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
` (2 preceding siblings ...)
2019-11-14 1:48 ` [meta-selinux][PATCH 03/19] libsepol: uprev " Yi Zhao
@ 2019-11-14 1:48 ` Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 05/19] libselinux-python: add recipe Yi Zhao
` (14 subsequent siblings)
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
* Switch to python3
* Drop patches:
0001-libselinux-Do-not-define-gettid-if-glibc-2.30-is-use.patch
0001-src-Makefile-fix-includedir-in-libselinux.pc.patch
* Split into libselinux recipe and libselinux-python recipe to fix the
loop dependency error.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/libselinux.inc | 24 +-------
...t-define-gettid-if-glibc-2.30-is-use.patch | 60 -------------------
...file-fix-includedir-in-libselinux.pc.patch | 28 ---------
.../{libselinux_2.8.bb => libselinux_2.9.bb} | 10 ++--
4 files changed, 6 insertions(+), 116 deletions(-)
delete mode 100644 recipes-security/selinux/libselinux/0001-libselinux-Do-not-define-gettid-if-glibc-2.30-is-use.patch
delete mode 100644 recipes-security/selinux/libselinux/0001-src-Makefile-fix-includedir-in-libselinux.pc.patch
rename recipes-security/selinux/{libselinux_2.8.bb => libselinux_2.9.bb} (50%)
diff --git a/recipes-security/selinux/libselinux.inc b/recipes-security/selinux/libselinux.inc
index 6e115e3..8d381de 100644
--- a/recipes-security/selinux/libselinux.inc
+++ b/recipes-security/selinux/libselinux.inc
@@ -5,15 +5,10 @@ decisions. Required for any applications that use the SELinux API."
SECTION = "base"
LICENSE = "PD"
-inherit lib_package pythonnative
+inherit lib_package python3native
-DEPENDS += "libsepol python libpcre swig-native"
+DEPENDS += "libsepol libpcre"
DEPENDS_append_libc-musl = " fts"
-RDEPENDS_${PN}-python += "python-core python-shell"
-
-PACKAGES += "${PN}-python"
-FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"
-FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/selinux/.debug/*"
def get_policyconfigarch(d):
import re
@@ -26,19 +21,4 @@ EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre' LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'"
EXTRA_OEMAKE_append_libc-musl = " FTS_LDLIBS=-lfts"
-do_compile_append() {
- oe_runmake pywrap -j1 \
- INCLUDEDIR='${STAGING_INCDIR}' \
- LIBDIR='${STAGING_LIBDIR}' \
- PYINC='-I${STAGING_INCDIR}/python${PYTHON_BASEVERSION}'
-}
-
-do_install_append() {
- oe_runmake install-pywrap swigify \
- PYTHONLIBDIR=${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages
- if ! ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','true','false',d)}; then
- rm -rf ${D}${base_sbindir}
- fi
-}
-
BBCLASSEXTEND = "native"
diff --git a/recipes-security/selinux/libselinux/0001-libselinux-Do-not-define-gettid-if-glibc-2.30-is-use.patch b/recipes-security/selinux/libselinux/0001-libselinux-Do-not-define-gettid-if-glibc-2.30-is-use.patch
deleted file mode 100644
index fc3e37e..0000000
--- a/recipes-security/selinux/libselinux/0001-libselinux-Do-not-define-gettid-if-glibc-2.30-is-use.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 2c672b4cc39fbddb6faec2c7434832058f339d59 Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Mon, 11 Mar 2019 16:00:41 +0100
-Subject: [PATCH] libselinux: Do not define gettid() if glibc >= 2.30 is used
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Since version 2.30 glibc implements gettid() system call wrapper, see
-https://sourceware.org/bugzilla/show_bug.cgi?id=6399
-
-Fixes:
-cc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -I../include -D_GNU_SOURCE -DNO_ANDROID_BACKEND -c -o procattr.o procattr.c
-procattr.c:28:14: error: static declaration of ‘gettid’ follows non-static declaration
- 28 | static pid_t gettid(void)
- | ^~~~~~
-In file included from /usr/include/unistd.h:1170,
- from procattr.c:2:
-/usr/include/bits/unistd_ext.h:34:16: note: previous declaration of ‘gettid’ was here
- 34 | extern __pid_t gettid (void) __THROW;
- | ^~~~~~
-
-Upstream-Status: Backport
-[https://github.com/SELinuxProject/selinux/commit/707e4b8610733b5c9eaac0f00239778f3edb23c2]
-
-Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- src/procattr.c | 15 +++++++++++++--
- 1 file changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/src/procattr.c b/src/procattr.c
-index 8bf8432..3c7b87f 100644
---- a/src/procattr.c
-+++ b/src/procattr.c
-@@ -22,8 +22,19 @@ static pthread_key_t destructor_key;
- static int destructor_key_initialized = 0;
- static __thread char destructor_initialized;
-
--#ifndef __BIONIC__
--/* Bionic declares this in unistd.h and has a definition for it */
-+/* Bionic and glibc >= 2.30 declare gettid() system call wrapper in unistd.h and
-+ * has a definition for it */
-+#ifdef __BIONIC__
-+ #define OVERRIDE_GETTID 0
-+#elif !defined(__GLIBC_PREREQ)
-+ #define OVERRIDE_GETTID 1
-+#elif !__GLIBC_PREREQ(2,30)
-+ #define OVERRIDE_GETTID 1
-+#else
-+ #define OVERRIDE_GETTID 0
-+#endif
-+
-+#if OVERRIDE_GETTID
- static pid_t gettid(void)
- {
- return syscall(__NR_gettid);
---
-2.7.4
-
diff --git a/recipes-security/selinux/libselinux/0001-src-Makefile-fix-includedir-in-libselinux.pc.patch b/recipes-security/selinux/libselinux/0001-src-Makefile-fix-includedir-in-libselinux.pc.patch
deleted file mode 100644
index 46cfaaf..0000000
--- a/recipes-security/selinux/libselinux/0001-src-Makefile-fix-includedir-in-libselinux.pc.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 37f3299e8f5c468fe692f36356c2c35f968b6aee Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Thu, 18 Feb 2016 02:39:16 +0000
-Subject: [PATCH] src/Makefile: fix includedir in libselinux.pc
-
-Upstream-Status: Pending
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- src/Makefile | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/Makefile b/src/Makefile
-index 977b5c8..92a4289 100644
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -156,6 +156,7 @@ $(LIBSO): $(LOBJS)
-
- $(LIBPC): $(LIBPC).in ../VERSION
- sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):; s:@PCRE_MODULE@:$(PCRE_MODULE):' < $< > $@
-+ sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:${libdir}:; s:@includedir@:${prefix}/include:; s:@PCRE_MODULE@:$(PCRE_MODULE):' < $< > $@
-
- selinuxswig_python_exception.i: ../include/selinux/selinux.h
- bash -e exception.sh > $@ || (rm -f $@ ; false)
---
-2.7.4
-
diff --git a/recipes-security/selinux/libselinux_2.8.bb b/recipes-security/selinux/libselinux_2.9.bb
similarity index 50%
rename from recipes-security/selinux/libselinux_2.8.bb
rename to recipes-security/selinux/libselinux_2.9.bb
index 7545967..f04bc4a 100644
--- a/recipes-security/selinux/libselinux_2.8.bb
+++ b/recipes-security/selinux/libselinux_2.9.bb
@@ -1,16 +1,14 @@
-include selinux_20180524.inc
-include ${BPN}.inc
+require selinux_20190315.inc
+require ${BPN}.inc
LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
-SRC_URI[md5sum] = "56057e60192b21122c1aede8ff723ca2"
-SRC_URI[sha256sum] = "31db96ec7643ce10912b3c3f98506a08a9116dcfe151855fd349c3fda96187e1"
+SRC_URI[md5sum] = "bb449431b6ed55a0a0496dbc366d6e31"
+SRC_URI[sha256sum] = "1bccc8873e449587d9a2b2cf253de9b89a8291b9fbc7c59393ca9e5f5f4d2693"
SRC_URI += "\
file://libselinux-drop-Wno-unused-but-set-variable.patch \
file://libselinux-make-O_CLOEXEC-optional.patch \
file://libselinux-make-SOCK_CLOEXEC-optional.patch \
file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
- file://0001-src-Makefile-fix-includedir-in-libselinux.pc.patch \
- file://0001-libselinux-Do-not-define-gettid-if-glibc-2.30-is-use.patch \
"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 05/19] libselinux-python: add recipe
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
` (3 preceding siblings ...)
2019-11-14 1:48 ` [meta-selinux][PATCH 04/19] libselinux: " Yi Zhao
@ 2019-11-14 1:48 ` Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 06/19] libsemanage: uprev to 2.9 (20190315) Yi Zhao
` (13 subsequent siblings)
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
After switch to python3, There is a loop dependency error with
libselinux-python package when build libselinux. Split the original
libselinux recipe into libselinux and libselinux-python.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
.../selinux/libselinux-python.inc | 40 +++++++++++++++++++
.../selinux/libselinux-python_2.9.bb | 18 +++++++++
2 files changed, 58 insertions(+)
create mode 100644 recipes-security/selinux/libselinux-python.inc
create mode 100644 recipes-security/selinux/libselinux-python_2.9.bb
diff --git a/recipes-security/selinux/libselinux-python.inc b/recipes-security/selinux/libselinux-python.inc
new file mode 100644
index 0000000..62354b2
--- /dev/null
+++ b/recipes-security/selinux/libselinux-python.inc
@@ -0,0 +1,40 @@
+SUMMARY = "SELinux library and simple utilities"
+DESCRIPTION = "libselinux provides an API for SELinux applications to get and set \
+process and file security contexts and to obtain security policy \
+decisions. Required for any applications that use the SELinux API."
+SECTION = "base"
+LICENSE = "PD"
+
+FILESEXTRAPATHS_prepend := "${THISDIR}/libselinux:"
+
+inherit python3-dir
+
+DEPENDS += "python3 swig-native"
+RDEPENDS_${PN} += "libselinux python3-core python3-shell"
+
+def get_policyconfigarch(d):
+ import re
+ target = d.getVar('TARGET_ARCH', True)
+ p = re.compile('i.86')
+ target = p.sub('i386',target)
+ return "ARCH=%s" % (target)
+EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
+
+EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre' LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'"
+EXTRA_OEMAKE_append_libc-musl = " FTS_LDLIBS=-lfts"
+
+FILES_${PN} = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"
+
+do_compile() {
+ oe_runmake pywrap -j1 \
+ PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
+ PYINC='-I${STAGING_INCDIR}/${PYLIBVER}' \
+ PYLIBS='-L${STAGING_LIBDIR}/${PYLIBVER} -l${PYLIBVER}'
+}
+
+do_install() {
+ oe_runmake install-pywrap swigify \
+ PYCEXT='.so' \
+ PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
+ PYTHONLIBDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages'
+}
diff --git a/recipes-security/selinux/libselinux-python_2.9.bb b/recipes-security/selinux/libselinux-python_2.9.bb
new file mode 100644
index 0000000..8e3aae1
--- /dev/null
+++ b/recipes-security/selinux/libselinux-python_2.9.bb
@@ -0,0 +1,18 @@
+SELINUX_RELEASE = "20190315"
+
+SRC_URI = "https://github.com/SELinuxProject/selinux/releases/download/${SELINUX_RELEASE}/libselinux-${PV}.tar.gz"
+
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
+
+SRC_URI[md5sum] = "bb449431b6ed55a0a0496dbc366d6e31"
+SRC_URI[sha256sum] = "1bccc8873e449587d9a2b2cf253de9b89a8291b9fbc7c59393ca9e5f5f4d2693"
+
+SRC_URI += "\
+ file://libselinux-drop-Wno-unused-but-set-variable.patch \
+ file://libselinux-make-O_CLOEXEC-optional.patch \
+ file://libselinux-make-SOCK_CLOEXEC-optional.patch \
+ file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
+ "
+S = "${WORKDIR}/libselinux-${PV}"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 06/19] libsemanage: uprev to 2.9 (20190315)
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
` (4 preceding siblings ...)
2019-11-14 1:48 ` [meta-selinux][PATCH 05/19] libselinux-python: add recipe Yi Zhao
@ 2019-11-14 1:48 ` Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 07/19] checkpolicy: " Yi Zhao
` (12 subsequent siblings)
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
* Switch to python3
* Drop patches:
libsemanage-fix-path-nologin.patch
0001-src-Makefile-fix-includedir-in-libselinux.pc.patch
* Rebase patches
* Update policy version to 31
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/libsemanage.inc | 26 ++++++-------
...file-fix-includedir-in-libselinux.pc.patch | 28 -------------
...anage-Fix-execve-segfaults-on-Ubuntu.patch | 12 ++++--
...anage-allow-to-disable-audit-support.patch | 26 +++++++------
...anage-define-FD_CLOEXEC-as-necessary.patch | 16 ++++----
...-disable-expand-check-on-policy-load.patch | 6 ++-
...age-drop-Wno-unused-but-set-variable.patch | 12 +++---
.../libsemanage-fix-path-nologin.patch | 39 -------------------
recipes-security/selinux/libsemanage_2.8.bb | 18 ---------
recipes-security/selinux/libsemanage_2.9.bb | 15 +++++++
10 files changed, 70 insertions(+), 128 deletions(-)
delete mode 100644 recipes-security/selinux/libsemanage/0001-src-Makefile-fix-includedir-in-libselinux.pc.patch
delete mode 100644 recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch
delete mode 100644 recipes-security/selinux/libsemanage_2.8.bb
create mode 100644 recipes-security/selinux/libsemanage_2.9.bb
diff --git a/recipes-security/selinux/libsemanage.inc b/recipes-security/selinux/libsemanage.inc
index be0a5f1..9dc1095 100644
--- a/recipes-security/selinux/libsemanage.inc
+++ b/recipes-security/selinux/libsemanage.inc
@@ -6,41 +6,39 @@ on binary policies such as customizing policy boolean settings."
SECTION = "base"
LICENSE = "LGPLv2.1+"
-inherit lib_package python-dir
+inherit lib_package python3-dir
-DEPENDS += "libsepol libselinux bzip2 python bison-native flex-native swig-native"
-DEPENDS_append_class-target += "audit"
+DEPENDS += "libsepol libselinux bzip2 python3 bison-native flex-native swig-native"
+DEPENDS_append_class-target = " audit"
PACKAGES =+ "${PN}-python"
# For /usr/libexec/selinux/semanage_migrate_store
-RDEPENDS_${PN}-python += "python"
+RDEPENDS_${PN}-python += "python3-core"
FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \
${libexecdir}/selinux/semanage_migrate_store"
FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug/*"
+FILES_${PN} += "${libexecdir}"
+
EXTRA_OEMAKE_class-native += "DISABLE_AUDIT=y"
do_compile_append() {
oe_runmake pywrap \
- INCLUDEDIR='${STAGING_INCDIR}' \
- LIBDIR='${STAGING_LIBDIR}' \
- PYLIBVER='python${PYTHON_BASEVERSION}' \
- PYINC='-I${STAGING_INCDIR}/$(PYLIBVER)' \
- PYLIB='-L${STAGING_LIBDIR}/$(PYLIBVER) -l$(PYLIBVER)' \
- PYTHONLIBDIR='${PYLIB}'
+ PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
+ PYINC='-I${STAGING_INCDIR}/${PYLIBVER}' \
+ PYLIBS='-L${STAGING_LIBDIR}/${PYLIBVER} -l${PYLIBVER}'
}
do_install_append() {
oe_runmake install-pywrap swigify \
PYCEXT='.so' \
- PYTHONLIBDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages' \
- PYLIBVER='python${PYTHON_BASEVERSION}' \
- PYLIBDIR='${D}/${libdir}/$(PYLIBVER)'
+ PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
+ PYTHONLIBDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages'
# Update "policy-version" for semanage.conf
- sed -i 's/^#\s*\(policy-version\s*=\).*$/\1 30/' \
+ sed -i 's/^#\s*\(policy-version\s*=\).*$/\1 31/' \
${D}/etc/selinux/semanage.conf
}
diff --git a/recipes-security/selinux/libsemanage/0001-src-Makefile-fix-includedir-in-libselinux.pc.patch b/recipes-security/selinux/libsemanage/0001-src-Makefile-fix-includedir-in-libselinux.pc.patch
deleted file mode 100644
index 73613d3..0000000
--- a/recipes-security/selinux/libsemanage/0001-src-Makefile-fix-includedir-in-libselinux.pc.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From e773c0952b06370d81e9b113f9b0b3388e323e52 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Thu, 18 Feb 2016 02:39:16 +0000
-Subject: [PATCH] src/Makefile: fix includedir in libselinux.pc
-
-Upstream-Status: Pending
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- src/Makefile | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/Makefile b/src/Makefile
-index dea751e..4af4568 100644
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -93,6 +93,7 @@ $(LIBSO): $(LOBJS)
-
- $(LIBPC): $(LIBPC).in ../VERSION
- sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
-+ sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:${libdir}:; s:@includedir@:${prefix}/include:' < $< > $@
-
- semanageswig_python_exception.i: ../include/semanage/semanage.h
- bash -e exception.sh > $@ || (rm -f $@ ; false)
---
-2.7.4
-
diff --git a/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch b/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
index e3c2f82..0b1f3d8 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
@@ -1,4 +1,4 @@
-From c87bef28e768e2f6bc8612a768ebf9099d156576 Mon Sep 17 00:00:00 2001
+From 01a37b94a1f5605a395e8b45ee9ec653ce716c06 Mon Sep 17 00:00:00 2001
From: Xin Ouyang <Xin.Ouyang@windriver.com>
Date: Mon, 26 Mar 2012 15:15:16 +0800
Subject: [PATCH] libsemanage: Fix execve segfaults on Ubuntu.
@@ -9,15 +9,18 @@ Such as "make load" while building refpolicy.
http://oss.tresys.com/pipermail/refpolicy/2011-December/004859.html
+Upstream-Status: Pending
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
src/semanage_store.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/semanage_store.c b/src/semanage_store.c
-index 6158d08..1923f0f 100644
+index 58dded6..1a94545 100644
--- a/src/semanage_store.c
+++ b/src/semanage_store.c
-@@ -1405,7 +1405,7 @@ static int semanage_exec_prog(semanage_handle_t * sh,
+@@ -1441,7 +1441,7 @@ static int semanage_exec_prog(semanage_handle_t * sh,
if (forkval == 0) {
/* child process. file descriptors will be closed
* because they were set as close-on-exec. */
@@ -26,3 +29,6 @@ index 6158d08..1923f0f 100644
_exit(EXIT_FAILURE); /* if execve() failed */
}
+--
+2.7.4
+
diff --git a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
index 205bc97..6ea9c29 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
@@ -1,4 +1,4 @@
-From 8981b979e36afe2d8384b63c3f48fa8854d1983a Mon Sep 17 00:00:00 2001
+From 50f8f9f090425d23ecab2bedc949bc65bc4d58dc Mon Sep 17 00:00:00 2001
From: Wenzong Fan <wenzong.fan@windriver.com>
Date: Mon, 20 Jan 2014 03:53:48 -0500
Subject: [PATCH] libsemanage: allow to disable audit support
@@ -6,7 +6,6 @@ Subject: [PATCH] libsemanage: allow to disable audit support
Upstream-Status: Pending
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
-
---
src/Makefile | 10 +++++++++-
src/seusers_local.c | 13 +++++++++++++
@@ -14,10 +13,10 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
3 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/src/Makefile b/src/Makefile
-index d457208..e8831ab 100644
+index 8240c3a..1485d23 100644
--- a/src/Makefile
+++ b/src/Makefile
-@@ -29,6 +29,14 @@ ifeq ($(DEBUG),1)
+@@ -26,6 +26,14 @@ ifeq ($(DEBUG),1)
export LDFLAGS = -g
endif
@@ -32,7 +31,7 @@ index d457208..e8831ab 100644
LEX = flex
LFLAGS = -s
YACC = bison
-@@ -91,7 +99,7 @@ $(LIBA): $(OBJS)
+@@ -88,7 +96,7 @@ $(LIBA): $(OBJS)
$(RANLIB) $@
$(LIBSO): $(LOBJS)
@@ -42,7 +41,7 @@ index d457208..e8831ab 100644
$(LIBPC): $(LIBPC).in ../VERSION
diff --git a/src/seusers_local.c b/src/seusers_local.c
-index 42c3a8b..9ee31e2 100644
+index a79e2d3..ce76dee 100644
--- a/src/seusers_local.c
+++ b/src/seusers_local.c
@@ -8,7 +8,11 @@ typedef struct semanage_seuser record_t;
@@ -57,7 +56,7 @@ index 42c3a8b..9ee31e2 100644
#include <errno.h>
#include "user_internal.h"
#include "seuser_internal.h"
-@@ -51,6 +55,7 @@ static char *semanage_user_roles(semanage_handle_t * handle, const char *sename)
+@@ -55,6 +59,7 @@ static char *semanage_user_roles(semanage_handle_t * handle, const char *sename)
return roles;
}
@@ -65,7 +64,7 @@ index 42c3a8b..9ee31e2 100644
static int semanage_seuser_audit(semanage_handle_t * handle,
const semanage_seuser_t * seuser,
const semanage_seuser_t * previous,
-@@ -114,6 +119,7 @@ err:
+@@ -119,6 +124,7 @@ err:
free(proles);
return rc;
}
@@ -73,7 +72,7 @@ index 42c3a8b..9ee31e2 100644
int semanage_seuser_modify_local(semanage_handle_t * handle,
const semanage_seuser_key_t * key,
-@@ -158,8 +164,11 @@ int semanage_seuser_modify_local(semanage_handle_t * handle,
+@@ -163,8 +169,11 @@ int semanage_seuser_modify_local(semanage_handle_t * handle,
(void) semanage_seuser_query(handle, key, &previous);
handle->msg_callback = callback;
rc = dbase_modify(handle, dconfig, key, new);
@@ -85,7 +84,7 @@ index 42c3a8b..9ee31e2 100644
err:
if (previous)
semanage_seuser_free(previous);
-@@ -175,8 +184,12 @@ int semanage_seuser_del_local(semanage_handle_t * handle,
+@@ -180,8 +189,12 @@ int semanage_seuser_del_local(semanage_handle_t * handle,
dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
rc = dbase_del(handle, dconfig, key);
semanage_seuser_query(handle, key, &seuser);
@@ -99,10 +98,10 @@ index 42c3a8b..9ee31e2 100644
semanage_seuser_free(seuser);
return rc;
diff --git a/tests/Makefile b/tests/Makefile
-index 2ef8d30..50d582a 100644
+index 324766a..5732ec7 100644
--- a/tests/Makefile
+++ b/tests/Makefile
-@@ -6,10 +6,18 @@ SOURCES = $(sort $(wildcard *.c))
+@@ -3,10 +3,18 @@ SOURCES = $(sort $(wildcard *.c))
###########################################################################
@@ -122,3 +121,6 @@ index 2ef8d30..50d582a 100644
OBJECTS = $(SOURCES:.c=.o)
+--
+2.7.4
+
diff --git a/recipes-security/selinux/libsemanage/libsemanage-define-FD_CLOEXEC-as-necessary.patch b/recipes-security/selinux/libsemanage/libsemanage-define-FD_CLOEXEC-as-necessary.patch
index 8b15a80..0c77c7a 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-define-FD_CLOEXEC-as-necessary.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-define-FD_CLOEXEC-as-necessary.patch
@@ -1,4 +1,4 @@
-From 0e97e4d19627f78bf04445cd51902ccf4f7cf239 Mon Sep 17 00:00:00 2001
+From 81f2e8b62ad2298a197c4b16e7182a133c1e116f Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe.macdonald@windriver.com>
Date: Tue, 15 Oct 2013 10:17:38 -0400
Subject: [PATCH] libsemanage: define FD_CLOEXEC as necessary
@@ -10,15 +10,14 @@ asm-generic/fcntl.h on more modern platforms.
Uptream-Status: Inappropriate
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
-
---
- libsemanage/src/semanage_store.c | 5 +++++
+ src/semanage_store.c | 5 +++++
1 file changed, 5 insertions(+)
-diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
-index 1923f0f..f7a8760 100644
---- a/libsemanage/src/semanage_store.c
-+++ b/libsemanage/src/semanage_store.c
+diff --git a/src/semanage_store.c b/src/semanage_store.c
+index 1a94545..b586a8f 100644
+--- a/src/semanage_store.c
++++ b/src/semanage_store.c
@@ -66,6 +66,11 @@ typedef struct dbase_policydb dbase_t;
#define TRUE 1
@@ -31,3 +30,6 @@ index 1923f0f..f7a8760 100644
enum semanage_file_defs {
SEMANAGE_ROOT,
SEMANAGE_TRANS_LOCK,
+--
+2.7.4
+
diff --git a/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch b/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
index ea7ba20..d1e5720 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
@@ -1,4 +1,4 @@
-From 4376342a5382df384cb387e2a63eaf0bddb51d26 Mon Sep 17 00:00:00 2001
+From 35196d58cd37fec89fcf95e3d43b41de7008f0be Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe@deserted.net>
Date: Wed, 7 May 2014 11:36:27 -0400
Subject: [PATCH] libsemanage: disable expand-check on policy load
@@ -12,7 +12,6 @@ Upstream-Status: Denied [upstream developers want to preserve the default
checking: http://marc.info/?l=selinux&m=121794804217721&w=2]
Signed-off-by: Joe MacDonald <joe@deserted.net>
-
---
src/semanage.conf | 4 ++++
1 file changed, 4 insertions(+)
@@ -29,3 +28,6 @@ index dc8d46b..254f156 100644
+# Don't check the entire policy hierarchy when inserting / expanding a policy
+# module. This results in a significant speed-up in policy loading.
+expand-check=0
+--
+2.7.4
+
diff --git a/recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch b/recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch
index cf88150..de71e27 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch
@@ -1,21 +1,20 @@
-From 3f65789f172003c499f24f00d73a42867fccd277 Mon Sep 17 00:00:00 2001
+From 90a2459d1683e53f4a896b977e6b396db562c903 Mon Sep 17 00:00:00 2001
From: Randy MacLeod <Randy.MacLeod@windriver.com>
Date: Tue, 30 Apr 2013 23:15:57 -0400
Subject: [PATCH] libselinux: drop flag: -Wno-unused-but-set-variable
-Upstream status: inappropriate (older compilers only).
+Upstream-Status: Inappropriate (older compilers only).
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
-
---
src/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Makefile b/src/Makefile
-index fdb178f..d457208 100644
+index e029f09..8240c3a 100644
--- a/src/Makefile
+++ b/src/Makefile
-@@ -58,7 +58,7 @@ OBJS= $(patsubst %.c,%.o,$(SRCS)) conf-scan.o conf-parse.o
+@@ -55,7 +55,7 @@ OBJS= $(patsubst %.c,%.o,$(SRCS)) conf-scan.o conf-parse.o
LOBJS= $(patsubst %.c,%.lo,$(SRCS)) conf-scan.lo conf-parse.lo
CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
@@ -24,3 +23,6 @@ index fdb178f..d457208 100644
-Wno-unused-parameter
override CFLAGS += -I../include -D_GNU_SOURCE
+--
+2.7.4
+
diff --git a/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch b/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch
deleted file mode 100644
index 43c5382..0000000
--- a/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 1f8164e044f2f727b08c28a69bea19cbf49b071b Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Fri, 8 Feb 2013 15:16:07 +0800
-Subject: [PATCH] libsemange: fix incorrect path for nologin
-
-shadow package of oe-core and Debian has installed nologin into
-/usr/sbin, so fix this path.
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
-
----
- src/genhomedircon.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/genhomedircon.c b/src/genhomedircon.c
-index b9a74b7..d574ee2 100644
---- a/src/genhomedircon.c
-+++ b/src/genhomedircon.c
-@@ -60,7 +60,7 @@
-
- /* other paths */
- #define PATH_SHELLS_FILE "/etc/shells"
--#define PATH_NOLOGIN_SHELL "/sbin/nologin"
-+#define PATH_NOLOGIN_SHELL "/usr/sbin/nologin"
-
- /* comments written to context file */
- #define COMMENT_FILE_CONTEXT_HEADER "#\n#\n# " \
-@@ -395,7 +395,7 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
-
- /* NOTE: old genhomedircon printed a warning on match */
- if (hand.matched) {
-- WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy. This usually indicates an incorrectly defined system account. If it is a system account please make sure its uid is less than %u or greater than %u or its login shell is /sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid, maxuid);
-+ WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy. This usually indicates an incorrectly defined system account. If it is a system account please make sure its uid is less than %u or greater than %u or its login shell is /usr/sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid, maxuid);
- } else {
- if (semanage_list_push(&homedir_list, path))
- goto fail;
diff --git a/recipes-security/selinux/libsemanage_2.8.bb b/recipes-security/selinux/libsemanage_2.8.bb
deleted file mode 100644
index 38942e3..0000000
--- a/recipes-security/selinux/libsemanage_2.8.bb
+++ /dev/null
@@ -1,18 +0,0 @@
-include selinux_20180524.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
-
-SRC_URI[md5sum] = "62ed7bb2ede677a735f2750751677a4f"
-SRC_URI[sha256sum] = "1c0de8d2c51e5460926c21e371105c84a39087dfd8f8e9f0cc1d017e4cbea8e2"
-
-SRC_URI += "\
- file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
- file://libsemanage-fix-path-nologin.patch \
- file://libsemanage-drop-Wno-unused-but-set-variable.patch \
- file://libsemanage-define-FD_CLOEXEC-as-necessary.patch;striplevel=2 \
- file://libsemanage-allow-to-disable-audit-support.patch \
- file://libsemanage-disable-expand-check-on-policy-load.patch \
- file://0001-src-Makefile-fix-includedir-in-libselinux.pc.patch \
- "
-FILES_${PN} += "/usr/libexec"
diff --git a/recipes-security/selinux/libsemanage_2.9.bb b/recipes-security/selinux/libsemanage_2.9.bb
new file mode 100644
index 0000000..83320a1
--- /dev/null
+++ b/recipes-security/selinux/libsemanage_2.9.bb
@@ -0,0 +1,15 @@
+require selinux_20190315.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
+
+SRC_URI[md5sum] = "25f086ff66175a0ca0e7b34dbe8586b7"
+SRC_URI[sha256sum] = "2576349d344492e73b468059767268dec1dabd8c35f3c7222c3ec2448737bc1c"
+
+SRC_URI += "\
+ file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
+ file://libsemanage-drop-Wno-unused-but-set-variable.patch \
+ file://libsemanage-define-FD_CLOEXEC-as-necessary.patch \
+ file://libsemanage-allow-to-disable-audit-support.patch \
+ file://libsemanage-disable-expand-check-on-policy-load.patch \
+ "
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 07/19] checkpolicy: uprev to 2.9 (20190315)
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
` (5 preceding siblings ...)
2019-11-14 1:48 ` [meta-selinux][PATCH 06/19] libsemanage: uprev to 2.9 (20190315) Yi Zhao
@ 2019-11-14 1:48 ` Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 08/19] secilc: " Yi Zhao
` (11 subsequent siblings)
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/checkpolicy_2.8.bb | 7 -------
recipes-security/selinux/checkpolicy_2.9.bb | 7 +++++++
2 files changed, 7 insertions(+), 7 deletions(-)
delete mode 100644 recipes-security/selinux/checkpolicy_2.8.bb
create mode 100644 recipes-security/selinux/checkpolicy_2.9.bb
diff --git a/recipes-security/selinux/checkpolicy_2.8.bb b/recipes-security/selinux/checkpolicy_2.8.bb
deleted file mode 100644
index 05e738e..0000000
--- a/recipes-security/selinux/checkpolicy_2.8.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-include selinux_20180524.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "5d23a3209048c8cf70f3c13c4ce4245f"
-SRC_URI[sha256sum] = "9dec811c24b88e58c3bf741365eacf1dbb945531a2fcb8f284aacf68098194c8"
diff --git a/recipes-security/selinux/checkpolicy_2.9.bb b/recipes-security/selinux/checkpolicy_2.9.bb
new file mode 100644
index 0000000..1183ea9
--- /dev/null
+++ b/recipes-security/selinux/checkpolicy_2.9.bb
@@ -0,0 +1,7 @@
+require selinux_20190315.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "3b0e327f6c1a143f9720a1fbefede3c0"
+SRC_URI[sha256sum] = "a946c32b284532447857e4c48830f8816867c61220c8c08bdd32e6f691335f8e"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 08/19] secilc: uprev to 2.9 (20190315)
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
` (6 preceding siblings ...)
2019-11-14 1:48 ` [meta-selinux][PATCH 07/19] checkpolicy: " Yi Zhao
@ 2019-11-14 1:48 ` Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 09/19] policycoreutils: " Yi Zhao
` (10 subsequent siblings)
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/secilc_2.8.bb | 7 -------
recipes-security/selinux/secilc_2.9.bb | 7 +++++++
2 files changed, 7 insertions(+), 7 deletions(-)
delete mode 100644 recipes-security/selinux/secilc_2.8.bb
create mode 100644 recipes-security/selinux/secilc_2.9.bb
diff --git a/recipes-security/selinux/secilc_2.8.bb b/recipes-security/selinux/secilc_2.8.bb
deleted file mode 100644
index 89e0684..0000000
--- a/recipes-security/selinux/secilc_2.8.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-include selinux_20180524.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=5fb82e8deb357d4e5fd8f3fed01d2f38"
-
-SRC_URI[md5sum] = "a3c363545842aadc6645a94112b476e7"
-SRC_URI[sha256sum] = "cfe15f2e06b3013c9dfc46cf42234ff07fb61866c4c29d739eb8858f83b214d4"
diff --git a/recipes-security/selinux/secilc_2.9.bb b/recipes-security/selinux/secilc_2.9.bb
new file mode 100644
index 0000000..8207905
--- /dev/null
+++ b/recipes-security/selinux/secilc_2.9.bb
@@ -0,0 +1,7 @@
+require selinux_20190315.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=5fb82e8deb357d4e5fd8f3fed01d2f38"
+
+SRC_URI[md5sum] = "489cedf50fa277ce07765053ffcdb4d5"
+SRC_URI[sha256sum] = "73a1806e33a669e23545da2d35d0e5038714721f6bf71974eaa533b3ebde61b2"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 09/19] policycoreutils: uprev to 2.9 (20190315)
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
` (7 preceding siblings ...)
2019-11-14 1:48 ` [meta-selinux][PATCH 08/19] secilc: " Yi Zhao
@ 2019-11-14 1:48 ` Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 10/19] mcstrans: " Yi Zhao
` (9 subsequent siblings)
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
* Switch to python3
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/policycoreutils.inc | 16 ++++------------
recipes-security/selinux/policycoreutils_2.8.bb | 8 --------
recipes-security/selinux/policycoreutils_2.9.bb | 8 ++++++++
3 files changed, 12 insertions(+), 20 deletions(-)
delete mode 100644 recipes-security/selinux/policycoreutils_2.8.bb
create mode 100644 recipes-security/selinux/policycoreutils_2.9.bb
diff --git a/recipes-security/selinux/policycoreutils.inc b/recipes-security/selinux/policycoreutils.inc
index 85ff164..92f7a75 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils.inc
@@ -19,7 +19,7 @@ DEPENDS += "libsepol libselinux libsemanage libcap gettext-native"
EXTRA_DEPENDS = "libcap-ng libcgroup"
DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"
-inherit selinux pythonnative
+inherit selinux python3native
RDEPENDS_${BPN}-fixfiles += "\
${BPN}-setfiles \
@@ -27,7 +27,6 @@ RDEPENDS_${BPN}-fixfiles += "\
findutils \
"
RDEPENDS_${BPN}-genhomedircon += "\
- ${BPN}-genhomedircon \
${BPN}-semodule \
"
RDEPENDS_${BPN}-loadpolicy += "\
@@ -45,10 +44,6 @@ RDEPENDS_${BPN}-semodule += "\
libselinux \
libsemanage \
"
-# static link to libsepol
-RDEPENDS_${BPN}-semodule-expand += "libsepol libselinux"
-RDEPENDS_${BPN}-semodule-link += "libsepol libselinux"
-RDEPENDS_${BPN}-semodule-package += "libsepol libselinux"
RDEPENDS_${BPN}-sestatus += "libselinux"
RDEPENDS_${BPN}-setfiles += "\
libselinux \
@@ -61,10 +56,6 @@ RDEPENDS_${BPN}-setsebool += "\
"
RDEPENDS_${BPN} += "selinux-python"
-WARN_QA_remove = " unsafe-references-in-scripts"
-ERROR_QA_remove = " unsafe-references-in-scripts"
-
-
PACKAGES =+ "\
${PN}-fixfiles \
${PN}-genhomedircon \
@@ -102,6 +93,7 @@ FILES_${PN}-sestatus += "\
"
FILES_${PN}-setfiles += "\
${base_sbindir}/restorecon \
+ ${base_sbindir}/restorecon_xattr \
${base_sbindir}/setfiles \
"
FILES_${PN}-setsebool += "\
@@ -147,7 +139,7 @@ sysroot_stage_dirs_append_class-native() {
}
do_compile_prepend() {
- export PYTHON=python
+ export PYTHON=python3
export PYLIBVER='python${PYTHON_BASEVERSION}'
export PYTHON_CPPFLAGS="-I${STAGING_INCDIR}/${PYLIBVER}"
export PYTHON_LDFLAGS="${STAGING_LIBDIR}/lib${PYLIBVER}.so"
@@ -155,7 +147,7 @@ do_compile_prepend() {
}
do_install_prepend() {
- export PYTHON=python
+ export PYTHON=python3
export SBINDIR="${D}/${base_sbindir}"
}
diff --git a/recipes-security/selinux/policycoreutils_2.8.bb b/recipes-security/selinux/policycoreutils_2.8.bb
deleted file mode 100644
index 85f6ff0..0000000
--- a/recipes-security/selinux/policycoreutils_2.8.bb
+++ /dev/null
@@ -1,8 +0,0 @@
-include selinux_20180524.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "da5ceb9c7e1e6f8c573731031b91cffe"
-SRC_URI[sha256sum] = "986553a235f27bee7ad7c2b7c35ea51eb2ee68e2cf03b661b1585de101bc1099"
-
diff --git a/recipes-security/selinux/policycoreutils_2.9.bb b/recipes-security/selinux/policycoreutils_2.9.bb
new file mode 100644
index 0000000..08ba54a
--- /dev/null
+++ b/recipes-security/selinux/policycoreutils_2.9.bb
@@ -0,0 +1,8 @@
+require selinux_20190315.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "0fbebdb4761353726cc739d5528f21d8"
+SRC_URI[sha256sum] = "c53c344f28007b3c0742bd958751e9b5d2385898adeb8aec6281ae57342f0f7b"
+
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 10/19] mcstrans: uprev to 2.9 (20190315)
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
` (8 preceding siblings ...)
2019-11-14 1:48 ` [meta-selinux][PATCH 09/19] policycoreutils: " Yi Zhao
@ 2019-11-14 1:48 ` Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 11/19] restorecond: " Yi Zhao
` (8 subsequent siblings)
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
* Rebase patches
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/mcstrans.inc | 4 ++--
.../mcstrans/mcstrans-de-bashify.patch | 23 +++++++++++--------
...tch => mcstrans-fix-the-init-script.patch} | 14 +++++++----
recipes-security/selinux/mcstrans_2.8.bb | 7 ------
recipes-security/selinux/mcstrans_2.9.bb | 7 ++++++
5 files changed, 32 insertions(+), 23 deletions(-)
rename recipes-security/selinux/mcstrans/{0001-mcstrans-fix-the-init-script.patch => mcstrans-fix-the-init-script.patch} (69%)
delete mode 100644 recipes-security/selinux/mcstrans_2.8.bb
create mode 100644 recipes-security/selinux/mcstrans_2.9.bb
diff --git a/recipes-security/selinux/mcstrans.inc b/recipes-security/selinux/mcstrans.inc
index 0eb8720..b9c670b 100644
--- a/recipes-security/selinux/mcstrans.inc
+++ b/recipes-security/selinux/mcstrans.inc
@@ -7,7 +7,7 @@ SECTION = "base"
LICENSE = "GPLv2+"
SRC_URI += "file://mcstrans-de-bashify.patch \
- file://0001-mcstrans-fix-the-init-script.patch \
+ file://mcstrans-fix-the-init-script.patch \
"
inherit systemd update-rc.d
@@ -29,7 +29,7 @@ do_install_append() {
else
install -d ${D}${sysconfdir}/default/volatiles
echo "d root root 0755 /var/run/setrans none" \
- >${D}${sysconfdir}/default/volatiles/volatiles.80_mcstrans
+ >${D}${sysconfdir}/default/volatiles/80_mcstrans
fi
install -d ${D}${datadir}/mcstrans
cp -r share/* ${D}${datadir}/mcstrans/.
diff --git a/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch b/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
index 805d7e5..27fd677 100644
--- a/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
+++ b/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
@@ -1,21 +1,23 @@
-commit 54875dcb50f5e40fc86d6fe98dde244bfe4751af
-Author: Joe MacDonald <joe_macdonald@mentor.com>
-Date: Fri Aug 7 15:16:45 2015 -0400
+From 544b3c078374e5001e7fdc1b7d0b2eafda36f8fe Mon Sep 17 00:00:00 2001
+From: Joe MacDonald <joe_macdonald@mentor.com>
+Date: Fri, 7 Aug 2015 15:16:45 -0400
+Subject: [PATCH] mcstrans: remove dependency on bash in initscript
- mcstrans: remove dependency on bash in initscript
+There were no apparent bashisms in mcstrans.init, so remove the
+dependency on bash.
- There were no apparent bashisms in mcstrans.init, so remove the dependency
- on bash.
-
- Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
+Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Upstream-Status: Pending
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- src/mcstrans.init | 2 +-
+ src/mcstrans.init | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/mcstrans.init b/src/mcstrans.init
+index 2804ec0..8b4737d 100644
--- a/src/mcstrans.init
+++ b/src/mcstrans.init
@@ -1,4 +1,4 @@
@@ -24,3 +26,6 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
#
# mcstransd This starts and stops mcstransd
#
+--
+2.7.4
+
diff --git a/recipes-security/selinux/mcstrans/0001-mcstrans-fix-the-init-script.patch b/recipes-security/selinux/mcstrans/mcstrans-fix-the-init-script.patch
similarity index 69%
rename from recipes-security/selinux/mcstrans/0001-mcstrans-fix-the-init-script.patch
rename to recipes-security/selinux/mcstrans/mcstrans-fix-the-init-script.patch
index 5f7163d..79be090 100644
--- a/recipes-security/selinux/mcstrans/0001-mcstrans-fix-the-init-script.patch
+++ b/recipes-security/selinux/mcstrans/mcstrans-fix-the-init-script.patch
@@ -1,17 +1,21 @@
-[PATCH] mcstrans: fix the init script
-
-Upstream-Status: Inappropriate [embedded specific]
+From 4d918a9679d2902ca2d41fe769a4d76f07a67b5f Mon Sep 17 00:00:00 2001
+From: Roy Li <rongqing.li@windriver.com>
+Date: Wed, 6 Nov 2019 22:13:33 +0800
+Subject: [PATCH] mcstrans: fix the init script
replace daemon with start-stop-daemon, due to not daemon functions
+Upstream-Status: Inappropriate [embedded specific]
+
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
src/mcstrans.init | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/mcstrans.init b/src/mcstrans.init
-index 2804ec0..c660290 100644
+index 8b4737d..86c89ea 100644
--- a/src/mcstrans.init
+++ b/src/mcstrans.init
@@ -51,7 +51,7 @@ start(){
@@ -24,5 +28,5 @@ index 2804ec0..c660290 100644
echo
if test $RETVAL = 0 ; then
--
-1.9.1
+2.7.4
diff --git a/recipes-security/selinux/mcstrans_2.8.bb b/recipes-security/selinux/mcstrans_2.8.bb
deleted file mode 100644
index 8923c3c..0000000
--- a/recipes-security/selinux/mcstrans_2.8.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-include selinux_20180524.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
-
-SRC_URI[md5sum] = "3a0edb2a8b6a255199824abd58c0906c"
-SRC_URI[sha256sum] = "ec6ea65660550ed6bbd2a834725ba7526ac53599753d7b95072e4afd4afc14e4"
diff --git a/recipes-security/selinux/mcstrans_2.9.bb b/recipes-security/selinux/mcstrans_2.9.bb
new file mode 100644
index 0000000..34aab03
--- /dev/null
+++ b/recipes-security/selinux/mcstrans_2.9.bb
@@ -0,0 +1,7 @@
+require selinux_20190315.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
+
+SRC_URI[md5sum] = "0f70a1eb6565a9f61a017cc408ea4c7a"
+SRC_URI[sha256sum] = "7eddce6ffefc9a26340f2720ba9afd7d041a31569844842d0199bfe27c5efb19"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 11/19] restorecond: uprev to 2.9 (20190315)
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
` (9 preceding siblings ...)
2019-11-14 1:48 ` [meta-selinux][PATCH 10/19] mcstrans: " Yi Zhao
@ 2019-11-14 1:48 ` Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 12/19] selinux-python: " Yi Zhao
` (7 subsequent siblings)
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
* Rebase patches
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...icycoreutils-make-O_CLOEXEC-optional.patch | 29 +++++++++++--------
recipes-security/selinux/restorecond_2.8.bb | 7 -----
recipes-security/selinux/restorecond_2.9.bb | 7 +++++
3 files changed, 24 insertions(+), 19 deletions(-)
delete mode 100644 recipes-security/selinux/restorecond_2.8.bb
create mode 100644 recipes-security/selinux/restorecond_2.9.bb
diff --git a/recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch
index ab1a10a..2928aff 100644
--- a/recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch
+++ b/recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch
@@ -1,29 +1,34 @@
+From 4adc1c02e4da42f64249c05534875e732f043693 Mon Sep 17 00:00:00 2001
+From: Joe MacDonald <joe_macdonald@mentor.com>
+Date: Wed, 6 Nov 2019 23:17:50 +0800
Subject: [PATCH] policycoreutils: make O_CLOEXEC optional
-Various commits in the selinux tree in the current release added O_CLOEXEC
-to open() calls in an attempt to address file descriptor leaks as
-described:
+Various commits in the selinux tree in the current release added
+O_CLOEXEC to open() calls in an attempt to address file descriptor leaks
+as described:
- http://danwalsh.livejournal.com/53603.html
+ http://danwalsh.livejournal.com/53603.html
However O_CLOEXEC isn't available on all platforms, so make it a
-compile-time option and generate a warning when it is not available. The
-actual impact of leaking these file descriptors is minimal, though it does
-produce curious AVC Denied messages.
+compile-time option and generate a warning when it is not available.
+The actual impact of leaking these file descriptors is minimal, though
+it does produce curious AVC Denied messages.
-Uptream-Status: Inappropriate [O_CLOEXEC has been in Linux since 2007 and POSIX since 2008]
+Uptream-Status: Inappropriate
+[O_CLOEXEC has been in Linux since 2007 and POSIX since 2008]
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- user.c | 8 +++++++-
+ user.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/user.c b/user.c
-index 2c28676..6235772 100644
+index 714aae7..bbf018e 100644
--- a/user.c
+++ b/user.c
-@@ -202,7 +202,13 @@ static int local_server() {
+@@ -202,7 +202,13 @@ static int local_server(void) {
perror("asprintf");
return -1;
}
@@ -39,5 +44,5 @@ index 2c28676..6235772 100644
g_warning ("Lock file: %s", ptr);
--
-1.7.9.5
+2.7.4
diff --git a/recipes-security/selinux/restorecond_2.8.bb b/recipes-security/selinux/restorecond_2.8.bb
deleted file mode 100644
index 4a83a23..0000000
--- a/recipes-security/selinux/restorecond_2.8.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-include selinux_20180524.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "cfe4e4d6184623fdcb9bc2681e693abb"
-SRC_URI[sha256sum] = "323cab1128e5308cd85fea0e5c98e3c8973e1ada0b659f2fce76187e192271bf"
diff --git a/recipes-security/selinux/restorecond_2.9.bb b/recipes-security/selinux/restorecond_2.9.bb
new file mode 100644
index 0000000..2ccac18
--- /dev/null
+++ b/recipes-security/selinux/restorecond_2.9.bb
@@ -0,0 +1,7 @@
+require selinux_20190315.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "1a24cb2a23d8bd01d3f8d9bb2031981f"
+SRC_URI[sha256sum] = "cbf9820583e641ee0462fa7bc89e6024676af281e025703e17b2d019b1a25a4f"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 12/19] selinux-python: uprev to 2.9 (20190315)
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
` (10 preceding siblings ...)
2019-11-14 1:48 ` [meta-selinux][PATCH 11/19] restorecond: " Yi Zhao
@ 2019-11-14 1:48 ` Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 13/19] selinux-dbus: " Yi Zhao
` (6 subsequent siblings)
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
* Switch to python3
* Drop patches:
fix-TypeError-for-seobject.py.patch
process-ValueError-for-sepolicy-seobject.patch
* Rebase patches
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/selinux-python.inc | 62 +++++++++----------
.../fix-TypeError-for-seobject.py.patch | 30 ---------
.../fix-sepolicy-install-path.patch | 8 +--
...ess-ValueError-for-sepolicy-seobject.patch | 47 --------------
.../selinux/selinux-python_2.8.bb | 7 ---
.../selinux/selinux-python_2.9.bb | 7 +++
6 files changed, 40 insertions(+), 121 deletions(-)
delete mode 100644 recipes-security/selinux/selinux-python/fix-TypeError-for-seobject.py.patch
delete mode 100644 recipes-security/selinux/selinux-python/process-ValueError-for-sepolicy-seobject.patch
delete mode 100644 recipes-security/selinux/selinux-python_2.8.bb
create mode 100644 recipes-security/selinux/selinux-python_2.9.bb
diff --git a/recipes-security/selinux/selinux-python.inc b/recipes-security/selinux/selinux-python.inc
index 8b34bff..5e27781 100644
--- a/recipes-security/selinux/selinux-python.inc
+++ b/recipes-security/selinux/selinux-python.inc
@@ -6,60 +6,54 @@ SELinux utilities audit2allow, chcat, semanage ..."
SECTION = "base"
LICENSE = "GPLv2+"
-SRC_URI += "file://fix-sepolicy-install-path.patch \
- file://fix-TypeError-for-seobject.py.patch \
- file://process-ValueError-for-sepolicy-seobject.patch \
-"
+SRC_URI += "file://fix-sepolicy-install-path.patch"
-inherit python-dir
+inherit python3-dir
-DEPENDS += "python-native libsepol"
+DEPENDS += "python3 libsepol"
RDEPENDS_${BPN}-audit2allow += "\
- python-core \
- python-textutils \
+ python3-core \
libselinux-python \
${BPN}-sepolgen \
"
RDEPENDS_${BPN}-chcat += "\
- python-core \
- python-codecs \
- python-shell \
- python-stringold \
- python-unixadmin \
+ python3-core \
+ python3-codecs \
+ python3-shell \
+ python3-stringold \
+ python3-unixadmin \
libselinux-python \
${BPN} \
"
RDEPENDS_${BPN} += "\
- python-core \
- python-codecs \
- python-io \
- python-ipy \
- python-re \
- python-stringold \
- python-syslog \
- python-unixadmin \
+ python3-core \
+ python3-codecs \
+ python3-io \
+ python3-ipy \
+ python3-stringold \
+ python3-syslog \
+ python3-unixadmin \
libselinux-python \
libsemanage-python \
setools \
"
RDEPENDS_${BPN}-semanage += "\
- python-core \
- python-ipy \
- python-compression \
- python-xml \
- python-misc \
+ python3-core \
+ python3-ipy \
+ python3-compression \
+ python3-xml \
+ python3-misc \
libselinux-python \
${BPN} \
"
RDEPENDS_${BPN}-sepolicy += "\
- python-argparse \
- python-codecs \
- python-core \
- python-syslog \
+ python3-core \
+ python3-codecs \
+ python3-syslog \
${BPN} \
"
RDEPENDS_${BPN}-sepolgen-ifgen += "\
- python \
+ python3-core \
libselinux-python \
"
@@ -96,7 +90,7 @@ FILES_${PN}-sepolgen += "\
${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolgen* \
${localstatedir}/lib/sepolgen/perm_map \
"
-# Map to policycoreutils-python in 2.6
+
FILES_${PN} += "\
${libdir}/python${PYTHON_BASEVERSION}/site-packages/seobject.py* \
${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy*.egg-info \
@@ -104,9 +98,11 @@ FILES_${PN} += "\
"
EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
+
do_install() {
- oe_runmake DESTDIR=${D} \
+ oe_runmake DESTDIR="${D}" \
LIBDIR="${libdir}" \
+ PYLIBVER='python${PYTHON_BASEVERSION}' \
PYTHONLIBDIR='${libdir}/python${PYTHON_BASEVERSION}/site-packages' \
install
}
diff --git a/recipes-security/selinux/selinux-python/fix-TypeError-for-seobject.py.patch b/recipes-security/selinux/selinux-python/fix-TypeError-for-seobject.py.patch
deleted file mode 100644
index 62cdeee..0000000
--- a/recipes-security/selinux/selinux-python/fix-TypeError-for-seobject.py.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 98c2944ffa3e35095187e1df9ff33498bbd0fa54 Mon Sep 17 00:00:00 2001
-From: Wenzong Fan <wenzong.fan@windriver.com>
-Date: Tue, 1 Apr 2014 02:53:36 -0400
-Subject: [PATCH] policycoreutils: fix TypeError for seobject.py
-
-File "/usr/lib64/python2.7/site-packages/seobject.py", line 109, in log
- message += " sename=" + sename
-TypeError: cannot concatenate 'str' and 'NoneType' objects
-
-Uptream-Status: Pending
-
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
-
----
- semanage/seobject.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/semanage/seobject.py b/semanage/seobject.py
-index 70fd192..23ab77e 100644
---- a/semanage/seobject.py
-+++ b/semanage/seobject.py
-@@ -146,7 +146,7 @@ except:
-
- def log(self, msg, name="", sename="", serole="", serange="", oldsename="", oldserole="", oldserange=""):
- message = " %s name=%s" % (msg, name)
-- if sename != "":
-+ if sename != "" and sename != None:
- message += " sename=" + sename
- if oldsename != "":
- message += " oldsename=" + oldsename
diff --git a/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch b/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch
index 6f68c94..30a19eb 100644
--- a/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch
+++ b/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch
@@ -1,4 +1,4 @@
-From c1aae6cc131371729f098e4b0aa02142a85b5890 Mon Sep 17 00:00:00 2001
+From e57022e3577770188ad3570005b7107a09cf3bb9 Mon Sep 17 00:00:00 2001
From: Xin Ouyang <Xin.Ouyang@windriver.com>
Date: Mon, 23 Sep 2013 21:17:59 +0800
Subject: [PATCH] policycoreutils: fix install path for new pymodule sepolicy
@@ -13,10 +13,10 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sepolicy/Makefile b/sepolicy/Makefile
-index fb8a132..a6ee749 100644
+index 69f29fa..a18d1c3 100644
--- a/sepolicy/Makefile
+++ b/sepolicy/Makefile
-@@ -8,6 +8,8 @@ BASHCOMPLETIONDIR ?= $(PREFIX)/share/bash-completion/completions
+@@ -9,6 +9,8 @@ BASHCOMPLETIONDIR ?= $(PREFIX)/share/bash-completion/completions
CFLAGS ?= -Wall -Werror -Wextra -W
override CFLAGS += -DPACKAGE="policycoreutils" -DSHARED -shared
@@ -25,7 +25,7 @@ index fb8a132..a6ee749 100644
BASHCOMPLETIONS=sepolicy-bash-completion.sh
all: python-build
-@@ -26,7 +28,7 @@ test:
+@@ -27,7 +29,7 @@ test:
@$(PYTHON) test_sepolicy.py -v
install:
diff --git a/recipes-security/selinux/selinux-python/process-ValueError-for-sepolicy-seobject.patch b/recipes-security/selinux/selinux-python/process-ValueError-for-sepolicy-seobject.patch
deleted file mode 100644
index b0bcd1d..0000000
--- a/recipes-security/selinux/selinux-python/process-ValueError-for-sepolicy-seobject.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 1a8bd0ca13746b5241af5736dee9a25ab360652b Mon Sep 17 00:00:00 2001
-From: Wenzong Fan <wenzong.fan@windriver.com>
-Date: Sun, 30 Mar 2014 22:25:59 -0400
-Subject: [PATCH] semanage: process ValueError for sepolicy, seobject
-
-The sepolicy, seobject modules raise many unprocessed ValueError, just
-process them in semanage to make the script proivdes error message but
-not error trace.
-
-Uptream-Status: Pending
-
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
-
----
- semanage/semanage | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/semanage/semanage b/semanage/semanage
-index 313537c..2977dd0 100644
---- a/semanage/semanage
-+++ b/semanage/semanage
-@@ -25,8 +25,14 @@
-
- import traceback
- import argparse
--import seobject
- import sys
-+try:
-+ import seobject
-+ import sepolicy
-+except ValueError, e:
-+ print "Error: %s\n" % e
-+ sys.exit(1)
-+
- PROGNAME = "policycoreutils"
- try:
- import gettext
-@@ -73,9 +79,6 @@ usage_interface_dict = {' --add': ('-t TYPE', '-r RANGE', 'interface'), ' --modi
- usage_boolean = "semanage boolean [-h] [-n] [-N] [-S STORE] ["
- usage_boolean_dict = {' --modify': ('(', '--on', '|', '--off', ')', 'boolean'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
-
--import sepolicy
--
--
- class CheckRole(argparse.Action):
-
- def __call__(self, parser, namespace, value, option_string=None):
diff --git a/recipes-security/selinux/selinux-python_2.8.bb b/recipes-security/selinux/selinux-python_2.8.bb
deleted file mode 100644
index d63fdef..0000000
--- a/recipes-security/selinux/selinux-python_2.8.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-include selinux_20180524.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "bd9850808203c76f07efd396bde790e3"
-SRC_URI[sha256sum] = "e69f5e24820cb247a3d881a9c90efba1e64d76af863c82fb81bc3b87ed71e238"
diff --git a/recipes-security/selinux/selinux-python_2.9.bb b/recipes-security/selinux/selinux-python_2.9.bb
new file mode 100644
index 0000000..250a99c
--- /dev/null
+++ b/recipes-security/selinux/selinux-python_2.9.bb
@@ -0,0 +1,7 @@
+require selinux_20190315.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "e9dfedd1139dd9998f5a09abfb670454"
+SRC_URI[sha256sum] = "3650b5393b0d1790cac66db00e34f059aa91c23cfe3c2559676594e295d75fde"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 13/19] selinux-dbus: uprev to 2.9 (20190315)
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
` (11 preceding siblings ...)
2019-11-14 1:48 ` [meta-selinux][PATCH 12/19] selinux-python: " Yi Zhao
@ 2019-11-14 1:48 ` Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 14/19] selinux-sandbox: " Yi Zhao
` (5 subsequent siblings)
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
* Switch to python3
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/selinux-dbus.inc | 2 +-
recipes-security/selinux/selinux-dbus_2.8.bb | 7 -------
recipes-security/selinux/selinux-dbus_2.9.bb | 7 +++++++
3 files changed, 8 insertions(+), 8 deletions(-)
delete mode 100644 recipes-security/selinux/selinux-dbus_2.8.bb
create mode 100644 recipes-security/selinux/selinux-dbus_2.9.bb
diff --git a/recipes-security/selinux/selinux-dbus.inc b/recipes-security/selinux/selinux-dbus.inc
index 1b66136..62e45b7 100644
--- a/recipes-security/selinux/selinux-dbus.inc
+++ b/recipes-security/selinux/selinux-dbus.inc
@@ -5,7 +5,7 @@ Provide SELinux dbus service files and scripts."
SECTION = "base"
LICENSE = "GPLv2+"
-RDEPENDS_${PN} += "python selinux-python-sepolicy"
+RDEPENDS_${PN} += "python3-core selinux-python-sepolicy"
FILES_${PN} += "\
${datadir}/system-config-selinux/selinux_server.py \
diff --git a/recipes-security/selinux/selinux-dbus_2.8.bb b/recipes-security/selinux/selinux-dbus_2.8.bb
deleted file mode 100644
index 5091624..0000000
--- a/recipes-security/selinux/selinux-dbus_2.8.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-include selinux_20180524.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "23f0264df3ed123904a17d71f2a5b325"
-SRC_URI[sha256sum] = "3339cb9cd77579bab6158afc054409c3bf952e282ef957ea732b19c9f4697bc6"
diff --git a/recipes-security/selinux/selinux-dbus_2.9.bb b/recipes-security/selinux/selinux-dbus_2.9.bb
new file mode 100644
index 0000000..ab00ffc
--- /dev/null
+++ b/recipes-security/selinux/selinux-dbus_2.9.bb
@@ -0,0 +1,7 @@
+require selinux_20190315.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "e403f9745fad67aae5903909572ca5b8"
+SRC_URI[sha256sum] = "ac54cecdea6a88b4a818981ac82654d054a3c5232b1b282ebf7418c3e350cc7a"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 14/19] selinux-sandbox: uprev to 2.9 (20190315)
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
` (12 preceding siblings ...)
2019-11-14 1:48 ` [meta-selinux][PATCH 13/19] selinux-dbus: " Yi Zhao
@ 2019-11-14 1:48 ` Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 15/19] selinux-gui: " Yi Zhao
` (4 subsequent siblings)
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
* Switch to python3
* Rebase patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/selinux-sandbox.inc | 10 ++++------
.../selinux/selinux-sandbox/sandbox-de-bashify.patch | 9 +++++----
recipes-security/selinux/selinux-sandbox_2.8.bb | 7 -------
recipes-security/selinux/selinux-sandbox_2.9.bb | 7 +++++++
4 files changed, 16 insertions(+), 17 deletions(-)
delete mode 100644 recipes-security/selinux/selinux-sandbox_2.8.bb
create mode 100644 recipes-security/selinux/selinux-sandbox_2.9.bb
diff --git a/recipes-security/selinux/selinux-sandbox.inc b/recipes-security/selinux/selinux-sandbox.inc
index 854640c..c8e335a 100644
--- a/recipes-security/selinux/selinux-sandbox.inc
+++ b/recipes-security/selinux/selinux-sandbox.inc
@@ -13,12 +13,10 @@ SRC_URI += "file://sandbox-de-bashify.patch \
DEPENDS += "libcap-ng libselinux"
RDEPENDS_${PN} += "\
- python-core \
- python-math \
- python-shell \
- python-subprocess \
- python-textutils \
- python-unixadmin \
+ python3-core \
+ python3-math \
+ python3-shell \
+ python3-unixadmin \
libselinux-python \
selinux-python \
"
diff --git a/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch b/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
index 18cef4b..e9622f0 100644
--- a/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
+++ b/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
@@ -1,4 +1,4 @@
-From d3e778e0062ca441c80e2a3ef2b508f5566e1f70 Mon Sep 17 00:00:00 2001
+From b92c39f0be5552c19923f75aef4487348a08b7dc Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe_macdonald@mentor.com>
Date: Fri, 20 Feb 2015 21:07:47 -0500
Subject: [PATCH] sandbox: de-bashify
@@ -10,9 +10,10 @@ Upstream-Status: Pending
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- sandbox/sandbox.init | 2 +-
- sandbox/sandboxX.sh | 2 +-
+ sandbox.init | 2 +-
+ sandboxX.sh | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/sandbox.init b/sandbox.init
@@ -36,5 +37,5 @@ index eaa500d..8755d75 100644
context=`id -Z | secon -t -l -P`
export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
--
-1.9.1
+2.7.4
diff --git a/recipes-security/selinux/selinux-sandbox_2.8.bb b/recipes-security/selinux/selinux-sandbox_2.8.bb
deleted file mode 100644
index 1eb6c2d..0000000
--- a/recipes-security/selinux/selinux-sandbox_2.8.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-include selinux_20180524.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "957f5d0fc7724f93f502d1d632568894"
-SRC_URI[sha256sum] = "025f84f76e07b7bfc9ba1e9215f4ddb646d41a2e935a65e07560feaa6fc20ef3"
diff --git a/recipes-security/selinux/selinux-sandbox_2.9.bb b/recipes-security/selinux/selinux-sandbox_2.9.bb
new file mode 100644
index 0000000..b1dd462
--- /dev/null
+++ b/recipes-security/selinux/selinux-sandbox_2.9.bb
@@ -0,0 +1,7 @@
+require selinux_20190315.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "3482b8fa6648160e97ba48ad26f84e7d"
+SRC_URI[sha256sum] = "01915f57f08642751dea550a87f82a6f2fcec754be48dcfa28266c14bd044262"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 15/19] selinux-gui: uprev to 2.9 (20190315)
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
` (13 preceding siblings ...)
2019-11-14 1:48 ` [meta-selinux][PATCH 14/19] selinux-sandbox: " Yi Zhao
@ 2019-11-14 1:48 ` Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 16/19] semodule-utils: " Yi Zhao
` (3 subsequent siblings)
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
* Switch to python3
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/selinux-gui.inc | 2 +-
recipes-security/selinux/selinux-gui_2.8.bb | 7 -------
recipes-security/selinux/selinux-gui_2.9.bb | 7 +++++++
3 files changed, 8 insertions(+), 8 deletions(-)
delete mode 100644 recipes-security/selinux/selinux-gui_2.8.bb
create mode 100644 recipes-security/selinux/selinux-gui_2.9.bb
diff --git a/recipes-security/selinux/selinux-gui.inc b/recipes-security/selinux/selinux-gui.inc
index 1096f3f..725eb23 100644
--- a/recipes-security/selinux/selinux-gui.inc
+++ b/recipes-security/selinux/selinux-gui.inc
@@ -6,7 +6,7 @@ Policy Generation Tool (selinux-polgengui)"
SECTION = "base"
LICENSE = "GPLv2+"
-RDEPENDS_${PN} += "python"
+RDEPENDS_${PN} += "python3-core"
FILES_${PN} += " \
${datadir}/system-config-selinux/* \
diff --git a/recipes-security/selinux/selinux-gui_2.8.bb b/recipes-security/selinux/selinux-gui_2.8.bb
deleted file mode 100644
index 2c0fcd8..0000000
--- a/recipes-security/selinux/selinux-gui_2.8.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-include selinux_20180524.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "52000c14ffa86840220915bd1d777845"
-SRC_URI[sha256sum] = "17acd3004f01f92b288cc1322317d7964f5039fb26ba1542b6713a7147a2351d"
diff --git a/recipes-security/selinux/selinux-gui_2.9.bb b/recipes-security/selinux/selinux-gui_2.9.bb
new file mode 100644
index 0000000..0bb051c
--- /dev/null
+++ b/recipes-security/selinux/selinux-gui_2.9.bb
@@ -0,0 +1,7 @@
+require selinux_20190315.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "1bfe5eeb861f8563a7b397ab8530ab52"
+SRC_URI[sha256sum] = "bbd9e1799cc0c22d64c815c3033a54393f6f84947ff2841a4df60ded5eee0510"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 16/19] semodule-utils: uprev to 2.9 (20190315)
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
` (14 preceding siblings ...)
2019-11-14 1:48 ` [meta-selinux][PATCH 15/19] selinux-gui: " Yi Zhao
@ 2019-11-14 1:48 ` Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 17/19] selinux-init: fix build error when enable usrmerge feature Yi Zhao
` (2 subsequent siblings)
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/semodule-utils_2.8.bb | 7 -------
recipes-security/selinux/semodule-utils_2.9.bb | 7 +++++++
2 files changed, 7 insertions(+), 7 deletions(-)
delete mode 100644 recipes-security/selinux/semodule-utils_2.8.bb
create mode 100644 recipes-security/selinux/semodule-utils_2.9.bb
diff --git a/recipes-security/selinux/semodule-utils_2.8.bb b/recipes-security/selinux/semodule-utils_2.8.bb
deleted file mode 100644
index c56f776..0000000
--- a/recipes-security/selinux/semodule-utils_2.8.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-include selinux_20180524.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "51c69e612481ce971e2ae825139d2ca0"
-SRC_URI[sha256sum] = "44f59c13070c637440b143ceab4dfe1efb9018b1e47828dd8789def74c1ccadf"
diff --git a/recipes-security/selinux/semodule-utils_2.9.bb b/recipes-security/selinux/semodule-utils_2.9.bb
new file mode 100644
index 0000000..a9c0fbd
--- /dev/null
+++ b/recipes-security/selinux/semodule-utils_2.9.bb
@@ -0,0 +1,7 @@
+require selinux_20190315.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+SRC_URI[md5sum] = "9e7e6afe33459cae2de5360e97f1e702"
+SRC_URI[sha256sum] = "8083679ee634570f6e9a18632f2c2862b9134fa308b689b2e1952a369ae5d907"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 17/19] selinux-init: fix build error when enable usrmerge feature
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
` (15 preceding siblings ...)
2019-11-14 1:48 ` [meta-selinux][PATCH 16/19] semodule-utils: " Yi Zhao
@ 2019-11-14 1:48 ` Yi Zhao
2019-11-14 1:49 ` [meta-selinux][PATCH 18/19] setools: upgrade 4.1.1 -> 4.2.2 Yi Zhao
2019-11-14 1:49 ` [meta-selinux][PATCH 19/19] audit: switch to python3 Yi Zhao
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:48 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
Fix the following error when enable usrmerge feature:
ERROR: selinux-init-0.1-r0 do_package: QA Issue: selinux-init:
Files/directories were installed but not shipped in any package:
/usr
Please set FILES such that these items are packaged. Alternatively if
they are unneeded, avoid installing them or delete them within
do_install.
selinux-init: 1 installed and not shipped files. [installed-vs-shipped]
We don't need to install systemd service file when systemd feature is
not enabled.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/selinux-initsh.inc | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/recipes-security/selinux/selinux-initsh.inc b/recipes-security/selinux/selinux-initsh.inc
index 8e31cda..f27750d 100644
--- a/recipes-security/selinux/selinux-initsh.inc
+++ b/recipes-security/selinux/selinux-initsh.inc
@@ -27,10 +27,9 @@ do_install () {
-e '/.*HERE$/d' -e '/.*Contents.*sysvinit/d' \
${D}${sysconfdir}/init.d/${SELINUX_SCRIPT_DST}
- install -d ${D}${systemd_unitdir}/system
- install -m 0644 ${WORKDIR}/${SELINUX_SCRIPT_SRC}.service ${D}${systemd_unitdir}/system
-
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+ install -d ${D}${systemd_unitdir}/system
+ install -m 0644 ${WORKDIR}/${SELINUX_SCRIPT_SRC}.service ${D}${systemd_unitdir}/system
install -d ${D}${bindir}
install -m 0755 ${WORKDIR}/${SELINUX_SCRIPT_SRC}.sh ${D}${bindir}
sed -i -e '/.*HERE$/d' ${D}${bindir}/${SELINUX_SCRIPT_SRC}.sh
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 18/19] setools: upgrade 4.1.1 -> 4.2.2
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
` (16 preceding siblings ...)
2019-11-14 1:48 ` [meta-selinux][PATCH 17/19] selinux-init: fix build error when enable usrmerge feature Yi Zhao
@ 2019-11-14 1:49 ` Yi Zhao
2019-12-19 17:32 ` Joe MacDonald
2019-11-14 1:49 ` [meta-selinux][PATCH 19/19] audit: switch to python3 Yi Zhao
18 siblings, 1 reply; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:49 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
* Switch to python3
* Drop patches:
Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...e-with-GCC-7-due-to-possible-truncat.patch | 105 ------------------
...ss-compiling-errors-for-powerpc-mips.patch | 35 ------
.../setools4-fixes-for-cross-compiling.patch | 34 +++---
.../{setools_4.1.1.bb => setools_4.2.2.bb} | 14 +--
4 files changed, 19 insertions(+), 169 deletions(-)
delete mode 100644 recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
delete mode 100644 recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
rename recipes-security/setools/{setools_4.1.1.bb => setools_4.2.2.bb} (61%)
diff --git a/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch b/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
deleted file mode 100644
index a5af041..0000000
--- a/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-Upstream-Status: Backport [https://github.com/TresysTechnology/setools/commit/e41adf0]
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From e41adf01647c695b80b112b337e76021bb9f30c3 Mon Sep 17 00:00:00 2001
-From: Laurent Bigonville <bigon@bigon.be>
-Date: Tue, 26 Sep 2017 15:15:30 +0200
-Subject: [PATCH] Fix build failure with GCC 7 due to possible truncation of
- snprintf output
-
-setools fails to build under GCC7 -Wformat -Werror with the following error:
-
-x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wno-sign-compare -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -Ilibqpol -Ilibqpol/include -I/usr/include/python3.6m -c libqpol/policy_extend.c -o build/temp.linux-amd64-3.6/libqpol/policy_extend.o -Werror -Wextra -Waggregate-return -Wfloat-equal -Wformat -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-include-dirs -Wnested-externs -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wstrict-prototypes -Wunknown-pragmas -Wwrite-strings -Wno-missing-field-initializers -Wno-unused-parameter -Wno-cast-qual -Wno-shadow -Wno-unreachable-code -fno-exceptions
-libqpol/policy_extend.c: In function 'policy_extend':
-libqpol/policy_extend.c:161:27: error: '%04zd' directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
- snprintf(buff, 9, "@ttr%04zd", i + 1);
- ^~~~~
-libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295]
- snprintf(buff, 9, "@ttr%04zd", i + 1);
- ^~~~~~~~~~~
-
-Increase the size of the buffer to avoid collisions
-
-Closes: https://github.com/TresysTechnology/setools/issues/174
-Signed-off-by: Laurent Bigonville <bigon@bigon.be>
----
- libqpol/policy_extend.c | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/libqpol/policy_extend.c b/libqpol/policy_extend.c
-index 742819b..739e184 100644
---- a/libqpol/policy_extend.c
-+++ b/libqpol/policy_extend.c
-@@ -110,7 +110,7 @@ static int qpol_policy_remove_bogus_aliases(qpol_policy_t * policy)
- * Builds data for the attributes and inserts them into the policydb.
- * This function modifies the policydb. Names created for attributes
- * are of the form @ttr<value> where value is the value of the attribute
-- * as a four digit number (prepended with 0's as needed).
-+ * as a ten digit number (prepended with 0's as needed).
- * @param policy The policy from which to read the attribute map and
- * create the type data for the attributes. This policy will be altered
- * by this function.
-@@ -125,7 +125,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
- uint32_t bit = 0, count = 0;
- ebitmap_node_t *node = NULL;
- type_datum_t *tmp_type = NULL, *orig_type;
-- char *tmp_name = NULL, buff[10];
-+ char *tmp_name = NULL, buff[16];
- int error = 0, retv;
-
- INFO(policy, "%s", "Generating attributes for policy. (Step 4 of 5)");
-@@ -137,7 +137,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
-
- db = &policy->p->p;
-
-- memset(&buff, 0, 10 * sizeof(char));
-+ memset(&buff, 0, 16 * sizeof(char));
-
- for (i = 0; i < db->p_types.nprim; i++) {
- /* skip types */
-@@ -158,7 +158,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
- * with this attribute */
- /* Does not exist */
- if (db->p_type_val_to_name[i] == NULL){
-- snprintf(buff, 9, "@ttr%04zd", i + 1);
-+ snprintf(buff, 15, "@ttr%010zd", i + 1);
- tmp_name = strdup(buff);
- if (!tmp_name) {
- error = errno;
-@@ -240,7 +240,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
- * Builds data for empty attributes and inserts them into the policydb.
- * This function modifies the policydb. Names created for the attributes
- * are of the form @ttr<value> where value is the value of the attribute
-- * as a four digit number (prepended with 0's as needed).
-+ * as a ten digit number (prepended with 0's as needed).
- * @param policy The policy to which to add type data for attributes.
- * This policy will be altered by this function.
- * @return Returns 0 on success and < 0 on failure; if the call fails,
-@@ -251,7 +251,7 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
- static int qpol_policy_fill_attr_holes(qpol_policy_t * policy)
- {
- policydb_t *db = NULL;
-- char *tmp_name = NULL, buff[10];
-+ char *tmp_name = NULL, buff[16];
- int error = 0, retv = 0;
- ebitmap_t tmp_bmap = { NULL, 0 };
- type_datum_t *tmp_type = NULL;
-@@ -265,12 +265,12 @@ static int qpol_policy_fill_attr_holes(qpol_policy_t * policy)
-
- db = &policy->p->p;
-
-- memset(&buff, 0, 10 * sizeof(char));
-+ memset(&buff, 0, 16 * sizeof(char));
-
- for (i = 0; i < db->p_types.nprim; i++) {
- if (db->type_val_to_struct[i])
- continue;
-- snprintf(buff, 9, "@ttr%04zd", i + 1);
-+ snprintf(buff, 15, "@ttr%010zd", i + 1);
- tmp_name = strdup(buff);
- if (!tmp_name) {
- error = errno;
---
-2.20.1
-
diff --git a/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch b/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
deleted file mode 100644
index 9a6b818..0000000
--- a/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From dc86d880ae0d66233679112a2bf0115c39df68f1 Mon Sep 17 00:00:00 2001
-From: Wenzong Fan <wenzong.fan@windriver.com>
-Date: Fri, 17 Feb 2017 08:57:35 +0000
-Subject: [meta-selinux][PATCH] setools4: fix cross-compiling errors for powerpc, mips
-
-Fix build errors:
-| libqpol/policy.c: In function 'qpol_binpol_version':
-| libqpol/policy.c:95:24: error: implicit declaration of function 'bswap_32' [-Werror=implicit-function-declaration]
-| #define le32_to_cpu(x) bswap_32(x)
-
-Upstream-Status: Pending
-
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
----
- libqpol/policy.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/libqpol/policy.c b/libqpol/policy.c
-index ae3acb5..b5b87f9 100644
---- a/libqpol/policy.c
-+++ b/libqpol/policy.c
-@@ -45,6 +45,10 @@
- # include <asm/types.h>
- #endif
-
-+#if defined(_ARCH_PPC) || defined(mips)
-+#include <byteswap.h>
-+#endif
-+
- #include <sepol/debug.h>
- #include <sepol/handle.h>
- #include <sepol/policydb/flask_types.h>
---
-2.11.0
-
diff --git a/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch b/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
index 5c43c49..51c7603 100644
--- a/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
+++ b/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
@@ -1,7 +1,7 @@
-From a104374147b398838edc04e937c92e762ea3f5d9 Mon Sep 17 00:00:00 2001
+From e0a112874d10dbf741c27b107edddedd86d51529 Mon Sep 17 00:00:00 2001
From: Wenzong Fan <wenzong.fan@windriver.com>
Date: Tue, 14 Feb 2017 06:32:35 +0000
-Subject: [meta-selinux][PATCH] setools4: fixes for cross compiling
+Subject: [PATCH] setools4: fixes for cross compiling
* search libsepol from $STAGING_LIBDIR
* fix manual install path as '/usr/share/man/man1'
@@ -9,32 +9,24 @@ Subject: [meta-selinux][PATCH] setools4: fixes for cross compiling
Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- setup.py | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
+ setup.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/setup.py b/setup.py
-index 2ca44c9..300ff70 100644
+index ac8a876..df7ebbc 100644
--- a/setup.py
+++ b/setup.py
-@@ -77,7 +77,7 @@ class BuildExtCommand(build_ext):
- build_ext.run(self)
+@@ -78,7 +78,7 @@ class QtHelpCommand(Command):
--base_lib_dirs = ['.', '/usr/lib64', '/usr/lib', '/usr/local/lib']
-+base_lib_dirs = [os.environ["STAGING_LIBDIR"]]
- include_dirs = ['libqpol', 'libqpol/include']
+ # Library linkage
+-lib_dirs = ['.', '/usr/lib64', '/usr/lib', '/usr/local/lib']
++lib_dirs = [os.environ["STAGING_LIBDIR"]]
+ include_dirs = []
- try:
-@@ -182,7 +182,7 @@ setup(name='setools',
- 'build_qhc': QtHelpCommand},
- packages=['setools', 'setools.diff', 'setools.policyrep', 'setoolsgui', 'setoolsgui.apol'],
- scripts=['apol', 'sediff', 'seinfo', 'seinfoflow', 'sesearch', 'sedta'],
-- data_files=[(join(sys.prefix, 'share/man/man1'), glob.glob("man/*.1"))],
-+ data_files=[('/usr/share/man/man1', glob.glob("man/*.1"))],
- package_data={'': ['*.ui', '*.qhc', '*.qch'], 'setools': ['perm_map']},
- ext_modules=ext_py_mods,
- test_suite='tests',
+ with suppress(KeyError):
--
-2.13.0
+2.7.4
diff --git a/recipes-security/setools/setools_4.1.1.bb b/recipes-security/setools/setools_4.2.2.bb
similarity index 61%
rename from recipes-security/setools/setools_4.1.1.bb
rename to recipes-security/setools/setools_4.2.2.bb
index db529f4..6e5a950 100644
--- a/recipes-security/setools/setools_4.1.1.bb
+++ b/recipes-security/setools/setools_4.2.2.bb
@@ -9,26 +9,24 @@ SECTION = "base"
LICENSE = "GPLv2 & LGPLv2.1"
S = "${WORKDIR}/git"
-SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.1 \
+SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.2 \
file://setools4-fixes-for-cross-compiling.patch \
- file://setools4-fix-cross-compiling-errors-for-powerpc-mips.patch \
- file://Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch \
"
-SRCREV = "e03617eb7ab5a035633bff66500b95d25232e331"
+SRCREV = "15bffa7823b9a999f9d51533785ade18fe44df08"
LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=83a5eb6974c11f30785e90d0eeccf40c \
file://${S}/COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://${S}/COPYING.LGPL;md5=4fbd65380cdd255951079008b364516c"
-DEPENDS += "bison-native flex-native swig-native python libsepol"
+DEPENDS += "bison-native flex-native swig-native python3 python3-cython-native libsepol"
-RDEPENDS_${PN} += "python-networkx python-enum34 python-decorator python-setuptools \
- python-logging python-json python-argparse libselinux-python"
+RDEPENDS_${PN} += "python3-networkx python3-decorator python3-setuptools \
+ python3-logging python3-json libselinux-python"
RPROVIDES_${PN} += "${PN}-console"
-inherit setuptools
+inherit setuptools3
do_install_append() {
# Need PyQt5 support, disable gui tools
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* [meta-selinux][PATCH 19/19] audit: switch to python3
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
` (17 preceding siblings ...)
2019-11-14 1:49 ` [meta-selinux][PATCH 18/19] setools: upgrade 4.1.1 -> 4.2.2 Yi Zhao
@ 2019-11-14 1:49 ` Yi Zhao
18 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-11-14 1:49 UTC (permalink / raw)
To: yocto, joe, Joe_MacDonald
* Switch to python3
* Drop patches:
audit-python-configure.patch
audit-python.patch
fix-swig-host-contamination.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
.../audit/audit/audit-python-configure.patch | 46 -------------
.../audit/audit/audit-python.patch | 64 -------------------
.../audit/fix-swig-host-contamination.patch | 56 ----------------
recipes-security/audit/audit_2.8.5.bb | 11 ++--
4 files changed, 4 insertions(+), 173 deletions(-)
delete mode 100644 recipes-security/audit/audit/audit-python-configure.patch
delete mode 100644 recipes-security/audit/audit/audit-python.patch
delete mode 100644 recipes-security/audit/audit/fix-swig-host-contamination.patch
diff --git a/recipes-security/audit/audit/audit-python-configure.patch b/recipes-security/audit/audit/audit-python-configure.patch
deleted file mode 100644
index 37096b0..0000000
--- a/recipes-security/audit/audit/audit-python-configure.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 6a2710db094061e1956fac3ed81114d0e958ea21 Mon Sep 17 00:00:00 2001
-From: Li xin <lixin.fnst@cn.fujitsu.com>
-Date: Sun, 19 Jul 2015 00:49:13 +0900
-Subject: [PATCH] audit: python cross-compile
-
-Upstream-Status: Inappropriate [embedded specific]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
-Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
-Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com>
----
- configure.ac | 17 ++---------------
- 1 file changed, 2 insertions(+), 15 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 6e345f1..54bdbf1 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -99,21 +99,8 @@ if test "x$use_python" = xno ; then
- else
- AC_MSG_RESULT(testing)
- AM_PATH_PYTHON
--PYINCLUDEDIR=`python${am_cv_python_version} -c "from distutils import sysconfig; print(sysconfig.get_config_var('INCLUDEPY'))"`
--if test -f ${PYINCLUDEDIR}/Python.h ; then
-- python_found="yes"
-- AC_SUBST(PYINCLUDEDIR)
-- pybind_dir="python"
-- AC_SUBST(pybind_dir)
-- AC_MSG_NOTICE(Python bindings will be built)
--else
-- python_found="no"
-- if test "x$use_python" = xyes ; then
-- AC_MSG_ERROR([Python explicitly requested and python headers were not found])
-- else
-- AC_MSG_WARN("Python headers not found - python bindings will not be made")
-- fi
--fi
-+python_found="yes"
-+AC_MSG_NOTICE(Python bindings will be built)
- fi
- AM_CONDITIONAL(HAVE_PYTHON, test ${python_found} = "yes")
-
---
-2.7.4
-
diff --git a/recipes-security/audit/audit/audit-python.patch b/recipes-security/audit/audit/audit-python.patch
deleted file mode 100644
index c1a2595..0000000
--- a/recipes-security/audit/audit/audit-python.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 9d95d7e28a2c4cbefa998d375de180c731a151b1 Mon Sep 17 00:00:00 2001
-From: Li xin <lixin.fnst@cn.fujitsu.com>
-Date: Sun, 19 Jul 2015 01:40:48 +0900
-Subject: [PATCH] Remove hard coded python include directory
-
-Upstream-Status: Inappropriate [embedded specific]
-
-Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
----
- bindings/Makefile.am | 8 +++++++-
- bindings/python/python2/Makefile.am | 3 ++-
- bindings/swig/python/Makefile.am | 5 +++--
- 3 files changed, 12 insertions(+), 4 deletions(-)
-
-diff --git a/bindings/Makefile.am b/bindings/Makefile.am
-index 5b5c576..7a15205 100644
---- a/bindings/Makefile.am
-+++ b/bindings/Makefile.am
-@@ -22,4 +22,10 @@
-
- CONFIG_CLEAN_FILES = *.loT *.rej *.orig
-
--SUBDIRS = python golang swig
-+SUBDIRS = swig
-+if HAVE_PYTHON
-+SUBDIRS += python
-+endif
-+if HAVE_GOLANG
-+SUBDIRS += golang
-+endif
-diff --git a/bindings/python/python2/Makefile.am b/bindings/python/python2/Makefile.am
-index 1dcb5bc..6226358 100644
---- a/bindings/python/python2/Makefile.am
-+++ b/bindings/python/python2/Makefile.am
-@@ -23,7 +23,8 @@
-
- CONFIG_CLEAN_FILES = *.loT *.rej *.orig
- AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing
--AM_CPPFLAGS = -I$(top_builddir) -I@PYINCLUDEDIR@
-+PYINC ?= /usr/include/python$(PYTHON_VERSION)
-+AM_CPPFLAGS = -I$(top_builddir) -I${PYINC}
-
- pyexec_LTLIBRARIES = auparse.la
-
-diff --git a/bindings/swig/python/Makefile.am b/bindings/swig/python/Makefile.am
-index 8c98b94..ae7c52b 100644
---- a/bindings/swig/python/Makefile.am
-+++ b/bindings/swig/python/Makefile.am
-@@ -21,9 +21,10 @@
- #
- CONFIG_CLEAN_FILES = *.loT *.rej *.orig
- AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing
--AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib -I@PYINCLUDEDIR@
-+PYINC ?= /usr/include/$(PYLIBVER)
-+AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib -I${PYINC}
- SWIG_FLAGS = -python
--SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib -I@PYINCLUDEDIR@
-+SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib -I${PYINC}
- pyexec_PYTHON = audit.py
- pyexec_LTLIBRARIES = _audit.la
- pyexec_SOLIBRARIES = _audit.so
---
-2.7.4
-
diff --git a/recipes-security/audit/audit/fix-swig-host-contamination.patch b/recipes-security/audit/audit/fix-swig-host-contamination.patch
deleted file mode 100644
index 184f515..0000000
--- a/recipes-security/audit/audit/fix-swig-host-contamination.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From bd70f570ffb82991feb7a539ac1abf3165d417a4 Mon Sep 17 00:00:00 2001
-From: Li xin <lixin.fnst@cn.fujitsu.com>
-Date: Sun, 19 Jul 2015 02:42:58 +0900
-Subject: [PATCH] audit: Fixed swig host contamination issue
-
-The audit build uses swig to generate a python wrapper.
-Unfortunately, the swig info file references host include
-directories. Some of these were previously noticed and
-eliminated, but the one fixed here was not.
-
-Upstream-Status: Inappropriate [embedded specific]
-
-Signed-off-by: Anders Hedlund <anders.hedlund@windriver.com>
-Signed-off-by: Joe Slater <jslater@windriver.com>
----
- bindings/swig/python/Makefile.am | 3 ++-
- bindings/swig/src/auditswig.i | 2 +-
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/bindings/swig/python/Makefile.am b/bindings/swig/python/Makefile.am
-index ae7c52b..c580bc0 100644
---- a/bindings/swig/python/Makefile.am
-+++ b/bindings/swig/python/Makefile.am
-@@ -22,6 +22,7 @@
- CONFIG_CLEAN_FILES = *.loT *.rej *.orig
- AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing
- PYINC ?= /usr/include/$(PYLIBVER)
-+STDINC ?= /usr/include
- AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib -I${PYINC}
- SWIG_FLAGS = -python
- SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib -I${PYINC}
-@@ -35,7 +36,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h ${top_builddir}/lib/libaudi
- _audit_la_LIBADD = $(top_builddir)/lib/libaudit.la
- nodist__audit_la_SOURCES = audit_wrap.c
- audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i
-- swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} ${srcdir}/../src/auditswig.i
-+ swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} -I$(STDINC) ${srcdir}/../src/auditswig.i
-
- CLEANFILES = audit.py* audit_wrap.c *~
-
-diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
-index 7ebb373..424fb68 100644
---- a/bindings/swig/src/auditswig.i
-+++ b/bindings/swig/src/auditswig.i
-@@ -39,7 +39,7 @@ signed
- #define __attribute(X) /*nothing*/
- typedef unsigned __u32;
- typedef unsigned uid_t;
--%include "/usr/include/linux/audit.h"
-+%include "linux/audit.h"
- #define __extension__ /*nothing*/
- #include <stdint.h>
- %include "../lib/libaudit.h"
---
-2.7.4
-
diff --git a/recipes-security/audit/audit_2.8.5.bb b/recipes-security/audit/audit_2.8.5.bb
index 2b47812..1e76d5f 100644
--- a/recipes-security/audit/audit_2.8.5.bb
+++ b/recipes-security/audit/audit_2.8.5.bb
@@ -8,9 +8,6 @@ LICENSE = "GPLv2+ & LGPLv2+"
LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintenance \
- file://audit-python-configure.patch \
- file://audit-python.patch \
- file://fix-swig-host-contamination.patch \
file://Add-substitue-functions-for-strndupa-rawmemchr.patch \
file://auditd \
file://auditd.service \
@@ -20,7 +17,7 @@ SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintena
S = "${WORKDIR}/git"
SRCREV = "5fae55c1ad15b3cefe6890eba7311af163e9133c"
-inherit autotools pythonnative update-rc.d systemd
+inherit autotools python3native update-rc.d systemd
UPDATERCPN = "auditd"
INITSCRIPT_NAME = "auditd"
@@ -29,16 +26,16 @@ INITSCRIPT_PARAMS = "defaults"
SYSTEMD_PACKAGES = "auditd"
SYSTEMD_SERVICE_auditd = "auditd.service"
-DEPENDS += "python tcp-wrappers libcap-ng linux-libc-headers (>= 2.6.30) swig-native"
+DEPENDS += "python3 tcp-wrappers libcap-ng linux-libc-headers swig-native"
EXTRA_OECONF += "--without-prelude \
--with-libwrap \
--enable-gssapi-krb5=no \
--with-libcap-ng=yes \
- --with-python=yes \
+ --with-python3=yes \
--libdir=${base_libdir} \
--sbindir=${base_sbindir} \
- --without-python3 \
+ --without-python \
--without-golang \
--disable-zos-remote \
"
--
2.17.1
^ permalink raw reply related [flat|nested] 22+ messages in thread
* Re: [meta-selinux][PATCH 18/19] setools: upgrade 4.1.1 -> 4.2.2
2019-11-14 1:49 ` [meta-selinux][PATCH 18/19] setools: upgrade 4.1.1 -> 4.2.2 Yi Zhao
@ 2019-12-19 17:32 ` Joe MacDonald
2019-12-20 0:55 ` Yi Zhao
0 siblings, 1 reply; 22+ messages in thread
From: Joe MacDonald @ 2019-12-19 17:32 UTC (permalink / raw)
To: Yi Zhao; +Cc: yocto
[-- Attachment #1: Type: text/plain, Size: 14294 bytes --]
Hi Yi,
I've merged the rest of this series, but this one fails to apply. It looks
like your tree didn't contain:
commit 5fd3c5b71edb99659aeb5cb5903088d84517382e (relabel, master)
Author: Christophe PRIOUZEAU <christophe.priouzeau@st.com>
Date: Tue Nov 5 14:47:09 2019 +0000
autorelabel: only selinux-autorelabel need autorelabel file
With previous implementation, several packages provided
.autorelabel file while only selinux-autorelabel manage it.
If there is several packages which try to install .autorelabel
file, an issue occur during installation of packagegroup-core-selinux.
Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Can you take a look at it and verify which parts of the change are still
necessary given the above change?
Thanks.
-J.
On Wed, Nov 13, 2019 at 8:50 PM Yi Zhao <yi.zhao@windriver.com> wrote:
> * Switch to python3
>
> * Drop patches:
> Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
> setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
>
> Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
> ---
> ...e-with-GCC-7-due-to-possible-truncat.patch | 105 ------------------
> ...ss-compiling-errors-for-powerpc-mips.patch | 35 ------
> .../setools4-fixes-for-cross-compiling.patch | 34 +++---
> .../{setools_4.1.1.bb => setools_4.2.2.bb} | 14 +--
> 4 files changed, 19 insertions(+), 169 deletions(-)
> delete mode 100644
> recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
> delete mode 100644
> recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
> rename recipes-security/setools/{setools_4.1.1.bb => setools_4.2.2.bb}
> (61%)
>
> diff --git
> a/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
> b/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
> deleted file mode 100644
> index a5af041..0000000
> ---
> a/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
> +++ /dev/null
> @@ -1,105 +0,0 @@
> -Upstream-Status: Backport [
> https://github.com/TresysTechnology/setools/commit/e41adf0]
> -
> -Signed-off-by: Kai Kang <kai.kang@windriver.com>
> -
> -From e41adf01647c695b80b112b337e76021bb9f30c3 Mon Sep 17 00:00:00 2001
> -From: Laurent Bigonville <bigon@bigon.be>
> -Date: Tue, 26 Sep 2017 15:15:30 +0200
> -Subject: [PATCH] Fix build failure with GCC 7 due to possible truncation
> of
> - snprintf output
> -
> -setools fails to build under GCC7 -Wformat -Werror with the following
> error:
> -
> -x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall
> -Wstrict-prototypes -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=.
> -fstack-protector-strong -Wformat -Werror=format-security -Wno-sign-compare
> -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -Ilibqpol -Ilibqpol/include
> -I/usr/include/python3.6m -c libqpol/policy_extend.c -o
> build/temp.linux-amd64-3.6/libqpol/policy_extend.o -Werror -Wextra
> -Waggregate-return -Wfloat-equal -Wformat -Wformat=2 -Winit-self
> -Wmissing-format-attribute -Wmissing-include-dirs -Wnested-externs
> -Wold-style-definition -Wpointer-arith -Wredundant-decls
> -Wstrict-prototypes -Wunknown-pragmas -Wwrite-strings
> -Wno-missing-field-initializers -Wno-unused-parameter -Wno-cast-qual
> -Wno-shadow -Wno-unreachable-code -fno-exceptions
> -libqpol/policy_extend.c: In function 'policy_extend':
> -libqpol/policy_extend.c:161:27: error: '%04zd' directive output may be
> truncated writing between 4 and 10 bytes into a region of size 5
> [-Werror=format-truncation=]
> - snprintf(buff, 9, "@ttr%04zd", i + 1);
> - ^~~~~
> -libqpol/policy_extend.c:161:22: note: directive argument in the range [1,
> 4294967295]
> - snprintf(buff, 9, "@ttr%04zd", i + 1);
> - ^~~~~~~~~~~
> -
> -Increase the size of the buffer to avoid collisions
> -
> -Closes: https://github.com/TresysTechnology/setools/issues/174
> -Signed-off-by: Laurent Bigonville <bigon@bigon.be>
> ----
> - libqpol/policy_extend.c | 16 ++++++++--------
> - 1 file changed, 8 insertions(+), 8 deletions(-)
> -
> -diff --git a/libqpol/policy_extend.c b/libqpol/policy_extend.c
> -index 742819b..739e184 100644
> ---- a/libqpol/policy_extend.c
> -+++ b/libqpol/policy_extend.c
> -@@ -110,7 +110,7 @@ static int
> qpol_policy_remove_bogus_aliases(qpol_policy_t * policy)
> - * Builds data for the attributes and inserts them into the policydb.
> - * This function modifies the policydb. Names created for attributes
> - * are of the form @ttr<value> where value is the value of the attribute
> -- * as a four digit number (prepended with 0's as needed).
> -+ * as a ten digit number (prepended with 0's as needed).
> - * @param policy The policy from which to read the attribute map and
> - * create the type data for the attributes. This policy will be altered
> - * by this function.
> -@@ -125,7 +125,7 @@ static int
> qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
> - uint32_t bit = 0, count = 0;
> - ebitmap_node_t *node = NULL;
> - type_datum_t *tmp_type = NULL, *orig_type;
> -- char *tmp_name = NULL, buff[10];
> -+ char *tmp_name = NULL, buff[16];
> - int error = 0, retv;
> -
> - INFO(policy, "%s", "Generating attributes for policy. (Step 4 of
> 5)");
> -@@ -137,7 +137,7 @@ static int
> qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
> -
> - db = &policy->p->p;
> -
> -- memset(&buff, 0, 10 * sizeof(char));
> -+ memset(&buff, 0, 16 * sizeof(char));
> -
> - for (i = 0; i < db->p_types.nprim; i++) {
> - /* skip types */
> -@@ -158,7 +158,7 @@ static int
> qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
> - * with this attribute */
> - /* Does not exist */
> - if (db->p_type_val_to_name[i] == NULL){
> -- snprintf(buff, 9, "@ttr%04zd", i + 1);
> -+ snprintf(buff, 15, "@ttr%010zd", i + 1);
> - tmp_name = strdup(buff);
> - if (!tmp_name) {
> - error = errno;
> -@@ -240,7 +240,7 @@ static int
> qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
> - * Builds data for empty attributes and inserts them into the policydb.
> - * This function modifies the policydb. Names created for the attributes
> - * are of the form @ttr<value> where value is the value of the attribute
> -- * as a four digit number (prepended with 0's as needed).
> -+ * as a ten digit number (prepended with 0's as needed).
> - * @param policy The policy to which to add type data for attributes.
> - * This policy will be altered by this function.
> - * @return Returns 0 on success and < 0 on failure; if the call fails,
> -@@ -251,7 +251,7 @@ static int
> qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
> - static int qpol_policy_fill_attr_holes(qpol_policy_t * policy)
> - {
> - policydb_t *db = NULL;
> -- char *tmp_name = NULL, buff[10];
> -+ char *tmp_name = NULL, buff[16];
> - int error = 0, retv = 0;
> - ebitmap_t tmp_bmap = { NULL, 0 };
> - type_datum_t *tmp_type = NULL;
> -@@ -265,12 +265,12 @@ static int
> qpol_policy_fill_attr_holes(qpol_policy_t * policy)
> -
> - db = &policy->p->p;
> -
> -- memset(&buff, 0, 10 * sizeof(char));
> -+ memset(&buff, 0, 16 * sizeof(char));
> -
> - for (i = 0; i < db->p_types.nprim; i++) {
> - if (db->type_val_to_struct[i])
> - continue;
> -- snprintf(buff, 9, "@ttr%04zd", i + 1);
> -+ snprintf(buff, 15, "@ttr%010zd", i + 1);
> - tmp_name = strdup(buff);
> - if (!tmp_name) {
> - error = errno;
> ---
> -2.20.1
> -
> diff --git
> a/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
> b/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
> deleted file mode 100644
> index 9a6b818..0000000
> ---
> a/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
> +++ /dev/null
> @@ -1,35 +0,0 @@
> -From dc86d880ae0d66233679112a2bf0115c39df68f1 Mon Sep 17 00:00:00 2001
> -From: Wenzong Fan <wenzong.fan@windriver.com>
> -Date: Fri, 17 Feb 2017 08:57:35 +0000
> -Subject: [meta-selinux][PATCH] setools4: fix cross-compiling errors for
> powerpc, mips
> -
> -Fix build errors:
> -| libqpol/policy.c: In function 'qpol_binpol_version':
> -| libqpol/policy.c:95:24: error: implicit declaration of function
> 'bswap_32' [-Werror=implicit-function-declaration]
> -| #define le32_to_cpu(x) bswap_32(x)
> -
> -Upstream-Status: Pending
> -
> -Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
> ----
> - libqpol/policy.c | 4 ++++
> - 1 file changed, 4 insertions(+)
> -
> -diff --git a/libqpol/policy.c b/libqpol/policy.c
> -index ae3acb5..b5b87f9 100644
> ---- a/libqpol/policy.c
> -+++ b/libqpol/policy.c
> -@@ -45,6 +45,10 @@
> - # include <asm/types.h>
> - #endif
> -
> -+#if defined(_ARCH_PPC) || defined(mips)
> -+#include <byteswap.h>
> -+#endif
> -+
> - #include <sepol/debug.h>
> - #include <sepol/handle.h>
> - #include <sepol/policydb/flask_types.h>
> ---
> -2.11.0
> -
> diff --git
> a/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
> b/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
> index 5c43c49..51c7603 100644
> ---
> a/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
> +++
> b/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
> @@ -1,7 +1,7 @@
> -From a104374147b398838edc04e937c92e762ea3f5d9 Mon Sep 17 00:00:00 2001
> +From e0a112874d10dbf741c27b107edddedd86d51529 Mon Sep 17 00:00:00 2001
> From: Wenzong Fan <wenzong.fan@windriver.com>
> Date: Tue, 14 Feb 2017 06:32:35 +0000
> -Subject: [meta-selinux][PATCH] setools4: fixes for cross compiling
> +Subject: [PATCH] setools4: fixes for cross compiling
>
> * search libsepol from $STAGING_LIBDIR
> * fix manual install path as '/usr/share/man/man1'
> @@ -9,32 +9,24 @@ Subject: [meta-selinux][PATCH] setools4: fixes for cross
> compiling
> Upstream-Status: Inappropriate [embedded specific]
>
> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
> +Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
> ---
> - setup.py | 4 ++--
> - 1 file changed, 2 insertions(+), 2 deletions(-)
> + setup.py | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/setup.py b/setup.py
> -index 2ca44c9..300ff70 100644
> +index ac8a876..df7ebbc 100644
> --- a/setup.py
> +++ b/setup.py
> -@@ -77,7 +77,7 @@ class BuildExtCommand(build_ext):
> - build_ext.run(self)
> +@@ -78,7 +78,7 @@ class QtHelpCommand(Command):
>
>
> --base_lib_dirs = ['.', '/usr/lib64', '/usr/lib', '/usr/local/lib']
> -+base_lib_dirs = [os.environ["STAGING_LIBDIR"]]
> - include_dirs = ['libqpol', 'libqpol/include']
> + # Library linkage
> +-lib_dirs = ['.', '/usr/lib64', '/usr/lib', '/usr/local/lib']
> ++lib_dirs = [os.environ["STAGING_LIBDIR"]]
> + include_dirs = []
>
> - try:
> -@@ -182,7 +182,7 @@ setup(name='setools',
> - 'build_qhc': QtHelpCommand},
> - packages=['setools', 'setools.diff', 'setools.policyrep',
> 'setoolsgui', 'setoolsgui.apol'],
> - scripts=['apol', 'sediff', 'seinfo', 'seinfoflow', 'sesearch',
> 'sedta'],
> -- data_files=[(join(sys.prefix, 'share/man/man1'),
> glob.glob("man/*.1"))],
> -+ data_files=[('/usr/share/man/man1', glob.glob("man/*.1"))],
> - package_data={'': ['*.ui', '*.qhc', '*.qch'], 'setools':
> ['perm_map']},
> - ext_modules=ext_py_mods,
> - test_suite='tests',
> + with suppress(KeyError):
> --
> -2.13.0
> +2.7.4
>
> diff --git a/recipes-security/setools/setools_4.1.1.bb
> b/recipes-security/setools/setools_4.2.2.bb
> similarity index 61%
> rename from recipes-security/setools/setools_4.1.1.bb
> rename to recipes-security/setools/setools_4.2.2.bb
> index db529f4..6e5a950 100644
> --- a/recipes-security/setools/setools_4.1.1.bb
> +++ b/recipes-security/setools/setools_4.2.2.bb
> @@ -9,26 +9,24 @@ SECTION = "base"
> LICENSE = "GPLv2 & LGPLv2.1"
>
> S = "${WORKDIR}/git"
> -SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.1
> <http://github.com/SELinuxProject/$%7BBPN%7D.git;branch=4.1> \
> +SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.2
> <http://github.com/SELinuxProject/$%7BBPN%7D.git;branch=4.2> \
> file://setools4-fixes-for-cross-compiling.patch \
> -
> file://setools4-fix-cross-compiling-errors-for-powerpc-mips.patch \
> -
> file://Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch \
> "
>
> -SRCREV = "e03617eb7ab5a035633bff66500b95d25232e331"
> +SRCREV = "15bffa7823b9a999f9d51533785ade18fe44df08"
>
> LIC_FILES_CHKSUM =
> "file://${S}/COPYING;md5=83a5eb6974c11f30785e90d0eeccf40c \
>
> file://${S}/COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
>
> file://${S}/COPYING.LGPL;md5=4fbd65380cdd255951079008b364516c"
>
> -DEPENDS += "bison-native flex-native swig-native python libsepol"
> +DEPENDS += "bison-native flex-native swig-native python3
> python3-cython-native libsepol"
>
> -RDEPENDS_${PN} += "python-networkx python-enum34 python-decorator
> python-setuptools \
> - python-logging python-json python-argparse
> libselinux-python"
> +RDEPENDS_${PN} += "python3-networkx python3-decorator python3-setuptools \
> + python3-logging python3-json libselinux-python"
>
> RPROVIDES_${PN} += "${PN}-console"
>
> -inherit setuptools
> +inherit setuptools3
>
> do_install_append() {
> # Need PyQt5 support, disable gui tools
> --
> 2.17.1
>
>
--
Joe MacDonald
:wq
[-- Attachment #2: Type: text/html, Size: 18480 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
* Re: [meta-selinux][PATCH 18/19] setools: upgrade 4.1.1 -> 4.2.2
2019-12-19 17:32 ` Joe MacDonald
@ 2019-12-20 0:55 ` Yi Zhao
0 siblings, 0 replies; 22+ messages in thread
From: Yi Zhao @ 2019-12-20 0:55 UTC (permalink / raw)
To: Joe MacDonald; +Cc: yocto
[-- Attachment #1: Type: text/plain, Size: 16965 bytes --]
On 12/20/19 1:32 AM, Joe MacDonald wrote:
> Hi Yi,
>
> I've merged the rest of this series, but this one fails to apply. It
> looks like your tree didn't contain:
>
> commit 5fd3c5b71edb99659aeb5cb5903088d84517382e (relabel, master)
> Author: Christophe PRIOUZEAU <christophe.priouzeau@st.com
> <mailto:christophe.priouzeau@st.com>>
> Date: Tue Nov 5 14:47:09 2019 +0000
>
> autorelabel: only selinux-autorelabel need autorelabel file
>
> With previous implementation, several packages provided
> .autorelabel file while only selinux-autorelabel manage it.
> If there is several packages which try to install .autorelabel
> file, an issue occur during installation of packagegroup-core-selinux.
>
> Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com
> <mailto:christophe.priouzeau@st.com>>
> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com
> <mailto:joe_macdonald@mentor.com>>
>
> Can you take a look at it and verify which parts of the change are
> still necessary given the above change?
Sure. I will send V2.
//Yi
>
> Thanks.
> -J.
>
> On Wed, Nov 13, 2019 at 8:50 PM Yi Zhao <yi.zhao@windriver.com
> <mailto:yi.zhao@windriver.com>> wrote:
>
> * Switch to python3
>
> * Drop patches:
> Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
> setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
>
> Signed-off-by: Yi Zhao <yi.zhao@windriver.com
> <mailto:yi.zhao@windriver.com>>
> ---
> ...e-with-GCC-7-due-to-possible-truncat.patch | 105
> ------------------
> ...ss-compiling-errors-for-powerpc-mips.patch | 35 ------
> .../setools4-fixes-for-cross-compiling.patch | 34 +++---
> .../{setools_4.1.1.bb <http://setools_4.1.1.bb> =>
> setools_4.2.2.bb <http://setools_4.2.2.bb>} | 14 +--
> 4 files changed, 19 insertions(+), 169 deletions(-)
> delete mode 100644
> recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
> delete mode 100644
> recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
> rename recipes-security/setools/{setools_4.1.1.bb
> <http://setools_4.1.1.bb> => setools_4.2.2.bb
> <http://setools_4.2.2.bb>} (61%)
>
> diff --git
> a/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
> b/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
> deleted file mode 100644
> index a5af041..0000000
> ---
> a/recipes-security/setools/setools/Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch
> +++ /dev/null
> @@ -1,105 +0,0 @@
> -Upstream-Status: Backport
> [https://github.com/TresysTechnology/setools/commit/e41adf0]
> -
> -Signed-off-by: Kai Kang <kai.kang@windriver.com
> <mailto:kai.kang@windriver.com>>
> -
> -From e41adf01647c695b80b112b337e76021bb9f30c3 Mon Sep 17 00:00:00
> 2001
> -From: Laurent Bigonville <bigon@bigon.be <mailto:bigon@bigon.be>>
> -Date: Tue, 26 Sep 2017 15:15:30 +0200
> -Subject: [PATCH] Fix build failure with GCC 7 due to possible
> truncation of
> - snprintf output
> -
> -setools fails to build under GCC7 -Wformat -Werror with the
> following error:
> -
> -x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall
> -Wstrict-prototypes -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=.
> -fstack-protector-strong -Wformat -Werror=format-security
> -Wno-sign-compare -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -Ilibqpol
> -Ilibqpol/include -I/usr/include/python3.6m -c
> libqpol/policy_extend.c -o
> build/temp.linux-amd64-3.6/libqpol/policy_extend.o -Werror -Wextra
> -Waggregate-return -Wfloat-equal -Wformat -Wformat=2 -Winit-self
> -Wmissing-format-attribute -Wmissing-include-dirs -Wnested-externs
> -Wold-style-definition -Wpointer-arith -Wredundant-decls
> -Wstrict-prototypes -Wunknown-pragmas -Wwrite-strings
> -Wno-missing-field-initializers -Wno-unused-parameter
> -Wno-cast-qual -Wno-shadow -Wno-unreachable-code -fno-exceptions
> -libqpol/policy_extend.c: In function 'policy_extend':
> -libqpol/policy_extend.c:161:27: error: '%04zd' directive output
> may be truncated writing between 4 and 10 bytes into a region of
> size 5 [-Werror=format-truncation=]
> - snprintf(buff, 9, "@ttr%04zd", i + 1);
> - ^~~~~
> -libqpol/policy_extend.c:161:22: note: directive argument in the
> range [1, 4294967295]
> - snprintf(buff, 9, "@ttr%04zd", i + 1);
> - ^~~~~~~~~~~
> -
> -Increase the size of the buffer to avoid collisions
> -
> -Closes: https://github.com/TresysTechnology/setools/issues/174
> -Signed-off-by: Laurent Bigonville <bigon@bigon.be
> <mailto:bigon@bigon.be>>
> ----
> - libqpol/policy_extend.c | 16 ++++++++--------
> - 1 file changed, 8 insertions(+), 8 deletions(-)
> -
> -diff --git a/libqpol/policy_extend.c b/libqpol/policy_extend.c
> -index 742819b..739e184 100644
> ---- a/libqpol/policy_extend.c
> -+++ b/libqpol/policy_extend.c
> -@@ -110,7 +110,7 @@ static int
> qpol_policy_remove_bogus_aliases(qpol_policy_t * policy)
> - * Builds data for the attributes and inserts them into the
> policydb.
> - * This function modifies the policydb. Names created for
> attributes
> - * are of the form @ttr<value> where value is the value of the
> attribute
> -- * as a four digit number (prepended with 0's as needed).
> -+ * as a ten digit number (prepended with 0's as needed).
> - * @param policy The policy from which to read the attribute
> map and
> - * create the type data for the attributes. This policy will be
> altered
> - * by this function.
> -@@ -125,7 +125,7 @@ static int
> qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
> - uint32_t bit = 0, count = 0;
> - ebitmap_node_t *node = NULL;
> - type_datum_t *tmp_type = NULL, *orig_type;
> -- char *tmp_name = NULL, buff[10];
> -+ char *tmp_name = NULL, buff[16];
> - int error = 0, retv;
> -
> - INFO(policy, "%s", "Generating attributes for policy.
> (Step 4 of 5)");
> -@@ -137,7 +137,7 @@ static int
> qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
> -
> - db = &policy->p->p;
> -
> -- memset(&buff, 0, 10 * sizeof(char));
> -+ memset(&buff, 0, 16 * sizeof(char));
> -
> - for (i = 0; i < db->p_types.nprim; i++) {
> - /* skip types */
> -@@ -158,7 +158,7 @@ static int
> qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
> - * with this attribute */
> - /* Does not exist */
> - if (db->p_type_val_to_name[i] == NULL){
> -- snprintf(buff, 9, "@ttr%04zd", i + 1);
> -+ snprintf(buff, 15, "@ttr%010zd", i + 1);
> - tmp_name = strdup(buff);
> - if (!tmp_name) {
> - error = errno;
> -@@ -240,7 +240,7 @@ static int
> qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
> - * Builds data for empty attributes and inserts them into the
> policydb.
> - * This function modifies the policydb. Names created for the
> attributes
> - * are of the form @ttr<value> where value is the value of the
> attribute
> -- * as a four digit number (prepended with 0's as needed).
> -+ * as a ten digit number (prepended with 0's as needed).
> - * @param policy The policy to which to add type data for
> attributes.
> - * This policy will be altered by this function.
> - * @return Returns 0 on success and < 0 on failure; if the call
> fails,
> -@@ -251,7 +251,7 @@ static int
> qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
> - static int qpol_policy_fill_attr_holes(qpol_policy_t * policy)
> - {
> - policydb_t *db = NULL;
> -- char *tmp_name = NULL, buff[10];
> -+ char *tmp_name = NULL, buff[16];
> - int error = 0, retv = 0;
> - ebitmap_t tmp_bmap = { NULL, 0 };
> - type_datum_t *tmp_type = NULL;
> -@@ -265,12 +265,12 @@ static int
> qpol_policy_fill_attr_holes(qpol_policy_t * policy)
> -
> - db = &policy->p->p;
> -
> -- memset(&buff, 0, 10 * sizeof(char));
> -+ memset(&buff, 0, 16 * sizeof(char));
> -
> - for (i = 0; i < db->p_types.nprim; i++) {
> - if (db->type_val_to_struct[i])
> - continue;
> -- snprintf(buff, 9, "@ttr%04zd", i + 1);
> -+ snprintf(buff, 15, "@ttr%010zd", i + 1);
> - tmp_name = strdup(buff);
> - if (!tmp_name) {
> - error = errno;
> ---
> -2.20.1
> -
> diff --git
> a/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
> b/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
> deleted file mode 100644
> index 9a6b818..0000000
> ---
> a/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
> +++ /dev/null
> @@ -1,35 +0,0 @@
> -From dc86d880ae0d66233679112a2bf0115c39df68f1 Mon Sep 17 00:00:00
> 2001
> -From: Wenzong Fan <wenzong.fan@windriver.com
> <mailto:wenzong.fan@windriver.com>>
> -Date: Fri, 17 Feb 2017 08:57:35 +0000
> -Subject: [meta-selinux][PATCH] setools4: fix cross-compiling
> errors for powerpc, mips
> -
> -Fix build errors:
> -| libqpol/policy.c: In function 'qpol_binpol_version':
> -| libqpol/policy.c:95:24: error: implicit declaration of function
> 'bswap_32' [-Werror=implicit-function-declaration]
> -| #define le32_to_cpu(x) bswap_32(x)
> -
> -Upstream-Status: Pending
> -
> -Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com
> <mailto:wenzong.fan@windriver.com>>
> ----
> - libqpol/policy.c | 4 ++++
> - 1 file changed, 4 insertions(+)
> -
> -diff --git a/libqpol/policy.c b/libqpol/policy.c
> -index ae3acb5..b5b87f9 100644
> ---- a/libqpol/policy.c
> -+++ b/libqpol/policy.c
> -@@ -45,6 +45,10 @@
> - # include <asm/types.h>
> - #endif
> -
> -+#if defined(_ARCH_PPC) || defined(mips)
> -+#include <byteswap.h>
> -+#endif
> -+
> - #include <sepol/debug.h>
> - #include <sepol/handle.h>
> - #include <sepol/policydb/flask_types.h>
> ---
> -2.11.0
> -
> diff --git
> a/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
> b/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
> index 5c43c49..51c7603 100644
> ---
> a/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
> +++
> b/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
> @@ -1,7 +1,7 @@
> -From a104374147b398838edc04e937c92e762ea3f5d9 Mon Sep 17 00:00:00
> 2001
> +From e0a112874d10dbf741c27b107edddedd86d51529 Mon Sep 17 00:00:00
> 2001
> From: Wenzong Fan <wenzong.fan@windriver.com
> <mailto:wenzong.fan@windriver.com>>
> Date: Tue, 14 Feb 2017 06:32:35 +0000
> -Subject: [meta-selinux][PATCH] setools4: fixes for cross compiling
> +Subject: [PATCH] setools4: fixes for cross compiling
>
> * search libsepol from $STAGING_LIBDIR
> * fix manual install path as '/usr/share/man/man1'
> @@ -9,32 +9,24 @@ Subject: [meta-selinux][PATCH] setools4: fixes
> for cross compiling
> Upstream-Status: Inappropriate [embedded specific]
>
> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com
> <mailto:wenzong.fan@windriver.com>>
> +Signed-off-by: Yi Zhao <yi.zhao@windriver.com
> <mailto:yi.zhao@windriver.com>>
> ---
> - setup.py | 4 ++--
> - 1 file changed, 2 insertions(+), 2 deletions(-)
> + setup.py | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/setup.py b/setup.py
> -index 2ca44c9..300ff70 100644
> +index ac8a876..df7ebbc 100644
> --- a/setup.py
> +++ b/setup.py
> -@@ -77,7 +77,7 @@ class BuildExtCommand(build_ext):
> - build_ext.run(self)
> +@@ -78,7 +78,7 @@ class QtHelpCommand(Command):
>
>
> --base_lib_dirs = ['.', '/usr/lib64', '/usr/lib', '/usr/local/lib']
> -+base_lib_dirs = [os.environ["STAGING_LIBDIR"]]
> - include_dirs = ['libqpol', 'libqpol/include']
> + # Library linkage
> +-lib_dirs = ['.', '/usr/lib64', '/usr/lib', '/usr/local/lib']
> ++lib_dirs = [os.environ["STAGING_LIBDIR"]]
> + include_dirs = []
>
> - try:
> -@@ -182,7 +182,7 @@ setup(name='setools',
> - 'build_qhc': QtHelpCommand},
> - packages=['setools', 'setools.diff', 'setools.policyrep',
> 'setoolsgui', 'setoolsgui.apol'],
> - scripts=['apol', 'sediff', 'seinfo', 'seinfoflow',
> 'sesearch', 'sedta'],
> -- data_files=[(join(sys.prefix, 'share/man/man1'),
> glob.glob("man/*.1"))],
> -+ data_files=[('/usr/share/man/man1', glob.glob("man/*.1"))],
> - package_data={'': ['*.ui', '*.qhc', '*.qch'], 'setools':
> ['perm_map']},
> - ext_modules=ext_py_mods,
> - test_suite='tests',
> + with suppress(KeyError):
> --
> -2.13.0
> +2.7.4
>
> diff --git a/recipes-security/setools/setools_4.1.1.bb
> <http://setools_4.1.1.bb>
> b/recipes-security/setools/setools_4.2.2.bb <http://setools_4.2.2.bb>
> similarity index 61%
> rename from recipes-security/setools/setools_4.1.1.bb
> <http://setools_4.1.1.bb>
> rename to recipes-security/setools/setools_4.2.2.bb
> <http://setools_4.2.2.bb>
> index db529f4..6e5a950 100644
> --- a/recipes-security/setools/setools_4.1.1.bb
> <http://setools_4.1.1.bb>
> +++ b/recipes-security/setools/setools_4.2.2.bb
> <http://setools_4.2.2.bb>
> @@ -9,26 +9,24 @@ SECTION = "base"
> LICENSE = "GPLv2 & LGPLv2.1"
>
> S = "${WORKDIR}/git"
> -SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.1
> <http://github.com/SELinuxProject/$%7BBPN%7D.git;branch=4.1> \
> +SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.2
> <http://github.com/SELinuxProject/$%7BBPN%7D.git;branch=4.2> \
> file://setools4-fixes-for-cross-compiling.patch \
> - file://setools4-fix-cross-compiling-errors-for-powerpc-mips.patch \
> - file://Fix-build-failure-with-GCC-7-due-to-possible-truncat.patch \
> "
>
> -SRCREV = "e03617eb7ab5a035633bff66500b95d25232e331"
> +SRCREV = "15bffa7823b9a999f9d51533785ade18fe44df08"
>
> LIC_FILES_CHKSUM =
> "file://${S}/COPYING;md5=83a5eb6974c11f30785e90d0eeccf40c \
> file://${S}/COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
> file://${S}/COPYING.LGPL;md5=4fbd65380cdd255951079008b364516c"
>
> -DEPENDS += "bison-native flex-native swig-native python libsepol"
> +DEPENDS += "bison-native flex-native swig-native python3
> python3-cython-native libsepol"
>
> -RDEPENDS_${PN} += "python-networkx python-enum34 python-decorator
> python-setuptools \
> - python-logging python-json python-argparse
> libselinux-python"
> +RDEPENDS_${PN} += "python3-networkx python3-decorator
> python3-setuptools \
> + python3-logging python3-json libselinux-python"
>
> RPROVIDES_${PN} += "${PN}-console"
>
> -inherit setuptools
> +inherit setuptools3
>
> do_install_append() {
> # Need PyQt5 support, disable gui tools
> --
> 2.17.1
>
>
>
> --
> Joe MacDonald
> :wq
[-- Attachment #2: Type: text/html, Size: 24810 bytes --]
^ permalink raw reply [flat|nested] 22+ messages in thread
end of thread, other threads:[~2019-12-20 0:55 UTC | newest]
Thread overview: 22+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-14 1:48 [meta-selinux][PATCH 00/19] selinux: upgrade 2.8 -> 2.9 Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 01/19] python-ipy: upgrade to 1.00 and add python3 version Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 02/19] selinux: uprev inc files to 2.9 (20190315) Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 03/19] libsepol: uprev " Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 04/19] libselinux: " Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 05/19] libselinux-python: add recipe Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 06/19] libsemanage: uprev to 2.9 (20190315) Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 07/19] checkpolicy: " Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 08/19] secilc: " Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 09/19] policycoreutils: " Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 10/19] mcstrans: " Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 11/19] restorecond: " Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 12/19] selinux-python: " Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 13/19] selinux-dbus: " Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 14/19] selinux-sandbox: " Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 15/19] selinux-gui: " Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 16/19] semodule-utils: " Yi Zhao
2019-11-14 1:48 ` [meta-selinux][PATCH 17/19] selinux-init: fix build error when enable usrmerge feature Yi Zhao
2019-11-14 1:49 ` [meta-selinux][PATCH 18/19] setools: upgrade 4.1.1 -> 4.2.2 Yi Zhao
2019-12-19 17:32 ` Joe MacDonald
2019-12-20 0:55 ` Yi Zhao
2019-11-14 1:49 ` [meta-selinux][PATCH 19/19] audit: switch to python3 Yi Zhao
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.