* [PATCH 0/6] Add libseccomp
@ 2021-04-24 15:56 Armin Kuster
2021-04-24 15:56 ` [PATCH 1/6] libseccomp: move recipe from meta-security to core Armin Kuster
` (6 more replies)
0 siblings, 7 replies; 20+ messages in thread
From: Armin Kuster @ 2021-04-24 15:56 UTC (permalink / raw)
To: openembedded-core
This ports over the libseccomp pkg from meta-security.
Use DISTRO_FEATURE check to enable recipe
Add PACKAGECONFIG tweaking for a few core pkgs if
DISTRO_FEATURE (seccomp) is set for a few core pkgs.
Skipped updating "file" as I don't recall the issues file enabled with
seccomp had on pseudo
Added pkg grp for adding libseccomp to base pkg grp
Add "seccomp" to DEFUALT_FEATURES as its on the same level as xattr.
I relealize some changes may be controversial and don't need to be
taken.
enjoy.
Armin Kuster (6):
libseccomp: move recipe from meta-security to core
qemu: Enable seccomp if FEATURE is set
gnutls: Enable seccomp if FEATURE is set
systemd: Enable seccomp if FEATURE is set
packagegroups/packagegroup-base: add seccomp grp
default-distrovars.inc: Add seccomp to DISTRO_FEATURES_DEFAULT
.../distro/include/default-distrovars.inc | 2 +-
.../packagegroups/packagegroup-base.bb | 6 +++
meta/recipes-core/systemd/systemd_247.6.bb | 3 +-
meta/recipes-devtools/qemu/qemu_5.2.0.bb | 1 +
meta/recipes-support/gnutls/gnutls_3.7.1.bb | 2 +-
.../libseccomp/files/run-ptest | 4 ++
.../libseccomp/libseccomp_2.5.1.bb | 49 +++++++++++++++++++
7 files changed, 63 insertions(+), 4 deletions(-)
create mode 100644 meta/recipes-support/libseccomp/files/run-ptest
create mode 100644 meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
--
2.25.1
^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH 1/6] libseccomp: move recipe from meta-security to core
2021-04-24 15:56 [PATCH 0/6] Add libseccomp Armin Kuster
@ 2021-04-24 15:56 ` Armin Kuster
2021-04-24 16:19 ` [OE-core] " Khem Raj
2021-04-24 22:16 ` Khem Raj
2021-04-24 15:56 ` [PATCH 2/6] qemu: Enable seccomp if FEATURE is set Armin Kuster
` (5 subsequent siblings)
6 siblings, 2 replies; 20+ messages in thread
From: Armin Kuster @ 2021-04-24 15:56 UTC (permalink / raw)
To: openembedded-core
ptest results:
Regression Test Summary
tests run: 1404
tests skipped: 369
tests passed: 1402
tests failed: 2
tests errored: 154
Add feature_check so that the other recipes who can take
advantage of this funtionality can enable it.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../libseccomp/files/run-ptest | 4 ++
.../libseccomp/libseccomp_2.5.1.bb | 49 +++++++++++++++++++
2 files changed, 53 insertions(+)
create mode 100644 meta/recipes-support/libseccomp/files/run-ptest
create mode 100644 meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
diff --git a/meta/recipes-support/libseccomp/files/run-ptest b/meta/recipes-support/libseccomp/files/run-ptest
new file mode 100644
index 00000000000..54b4a63cd2c
--- /dev/null
+++ b/meta/recipes-support/libseccomp/files/run-ptest
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+cd tests
+./regression -a
diff --git a/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
new file mode 100644
index 00000000000..667d5da8242
--- /dev/null
+++ b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
@@ -0,0 +1,49 @@
+SUMMARY = "interface to seccomp filtering mechanism"
+DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp."
+SECTION = "security"
+LICENSE = "LGPL-2.1"
+LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
+
+DEPENDS += "gperf-native"
+
+SRCREV = "4bf70431a339a2886ab8c82e9a45378f30c6e6c7"
+
+SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5 \
+ file://run-ptest \
+ "
+
+COMPATIBLE_HOST_riscv32 = "null"
+
+S = "${WORKDIR}/git"
+
+inherit autotools-brokensep pkgconfig ptest features_check
+
+REQUIRED_DISTRO_FEATURES = "seccomp"
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[python] = "--enable-python, --disable-python, python3"
+
+DISABLE_STATIC = ""
+
+do_compile_ptest() {
+ oe_runmake -C tests check-build
+}
+
+do_install_ptest() {
+ install -d ${D}${PTEST_PATH}/tests
+ install -d ${D}${PTEST_PATH}/tools
+ for file in $(find tests/* -executable -type f); do
+ install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
+ done
+ for file in $(find tests/*.tests -type f); do
+ install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
+ done
+ for file in $(find tools/* -executable -type f); do
+ install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
+ done
+}
+
+FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
+FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug"
+
+RDEPENDS_${PN}-ptest = "coreutils bash"
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH 2/6] qemu: Enable seccomp if FEATURE is set
2021-04-24 15:56 [PATCH 0/6] Add libseccomp Armin Kuster
2021-04-24 15:56 ` [PATCH 1/6] libseccomp: move recipe from meta-security to core Armin Kuster
@ 2021-04-24 15:56 ` Armin Kuster
2021-04-24 15:56 ` [PATCH 3/6] gnutls: " Armin Kuster
` (4 subsequent siblings)
6 siblings, 0 replies; 20+ messages in thread
From: Armin Kuster @ 2021-04-24 15:56 UTC (permalink / raw)
To: openembedded-core
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-devtools/qemu/qemu_5.2.0.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-devtools/qemu/qemu_5.2.0.bb b/meta/recipes-devtools/qemu/qemu_5.2.0.bb
index 7afa66e3960..f265204b105 100644
--- a/meta/recipes-devtools/qemu/qemu_5.2.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_5.2.0.bb
@@ -22,6 +22,7 @@ PACKAGECONFIG ??= " \
fdt sdl kvm \
${@bb.utils.filter('DISTRO_FEATURES', 'alsa xen', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer glx', '', d)} \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)} \
"
PACKAGECONFIG_class-nativesdk ??= "fdt sdl kvm \
${@bb.utils.contains('DISTRO_FEATURES', 'opengl', 'virglrenderer glx', '', d)} \
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH 3/6] gnutls: Enable seccomp if FEATURE is set
2021-04-24 15:56 [PATCH 0/6] Add libseccomp Armin Kuster
2021-04-24 15:56 ` [PATCH 1/6] libseccomp: move recipe from meta-security to core Armin Kuster
2021-04-24 15:56 ` [PATCH 2/6] qemu: Enable seccomp if FEATURE is set Armin Kuster
@ 2021-04-24 15:56 ` Armin Kuster
2021-04-24 15:56 ` [PATCH 4/6] systemd: " Armin Kuster
` (3 subsequent siblings)
6 siblings, 0 replies; 20+ messages in thread
From: Armin Kuster @ 2021-04-24 15:56 UTC (permalink / raw)
To: openembedded-core
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-support/gnutls/gnutls_3.7.1.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/gnutls/gnutls_3.7.1.bb b/meta/recipes-support/gnutls/gnutls_3.7.1.bb
index 51d472c8285..3e1958c9695 100644
--- a/meta/recipes-support/gnutls/gnutls_3.7.1.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.7.1.bb
@@ -27,7 +27,7 @@ SRC_URI[sha256sum] = "3777d7963eca5e06eb315686163b7b3f5045e2baac5e54e038ace9835e
inherit autotools texinfo pkgconfig gettext lib_package gtk-doc
-PACKAGECONFIG ??= "libidn"
+PACKAGECONFIG ??= "libidn ${@bb.utils.filter('DISTRO_FEATURES', 'seccomp', d)}"
# You must also have CONFIG_SECCOMP enabled in the kernel for
# seccomp to work.
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH 4/6] systemd: Enable seccomp if FEATURE is set
2021-04-24 15:56 [PATCH 0/6] Add libseccomp Armin Kuster
` (2 preceding siblings ...)
2021-04-24 15:56 ` [PATCH 3/6] gnutls: " Armin Kuster
@ 2021-04-24 15:56 ` Armin Kuster
2021-04-26 6:42 ` [OE-core] " Mikko Rapeli
2021-04-24 15:56 ` [PATCH 5/6] packagegroups/packagegroup-base: add seccomp grp Armin Kuster
` (2 subsequent siblings)
6 siblings, 1 reply; 20+ messages in thread
From: Armin Kuster @ 2021-04-24 15:56 UTC (permalink / raw)
To: openembedded-core
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-core/systemd/systemd_247.6.bb | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/meta/recipes-core/systemd/systemd_247.6.bb b/meta/recipes-core/systemd/systemd_247.6.bb
index 32afa159ec3..ce6ac7ebaa0 100644
--- a/meta/recipes-core/systemd/systemd_247.6.bb
+++ b/meta/recipes-core/systemd/systemd_247.6.bb
@@ -65,7 +65,7 @@ PAM_PLUGINS = " \
"
PACKAGECONFIG ??= " \
- ${@bb.utils.filter('DISTRO_FEATURES', 'acl audit efi ldconfig pam selinux smack usrmerge polkit', d)} \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'acl audit efi ldconfig pam selinux smack usrmerge polkit seccomp', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'wifi', 'rfkill', '', d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'xkbcommon', '', d)} \
backlight \
@@ -177,7 +177,6 @@ PACKAGECONFIG[quotacheck] = "-Dquotacheck=true,-Dquotacheck=false"
PACKAGECONFIG[randomseed] = "-Drandomseed=true,-Drandomseed=false"
PACKAGECONFIG[resolved] = "-Dresolve=true,-Dresolve=false"
PACKAGECONFIG[rfkill] = "-Drfkill=true,-Drfkill=false"
-# libseccomp is found in meta-security
PACKAGECONFIG[seccomp] = "-Dseccomp=true,-Dseccomp=false,libseccomp"
PACKAGECONFIG[selinux] = "-Dselinux=true,-Dselinux=false,libselinux,initscripts-sushell"
PACKAGECONFIG[smack] = "-Dsmack=true,-Dsmack=false"
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH 5/6] packagegroups/packagegroup-base: add seccomp grp
2021-04-24 15:56 [PATCH 0/6] Add libseccomp Armin Kuster
` (3 preceding siblings ...)
2021-04-24 15:56 ` [PATCH 4/6] systemd: " Armin Kuster
@ 2021-04-24 15:56 ` Armin Kuster
2021-04-24 16:23 ` [OE-core] " Khem Raj
2021-04-24 15:56 ` [PATCH 6/6] default-distrovars.inc: Add seccomp to DISTRO_FEATURES_DEFAULT Armin Kuster
[not found] ` <1678D666E2EA61E5.6439@lists.openembedded.org>
6 siblings, 1 reply; 20+ messages in thread
From: Armin Kuster @ 2021-04-24 15:56 UTC (permalink / raw)
To: openembedded-core
This allows for inclusion of the package when
the FEATURE is set
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/recipes-core/packagegroups/packagegroup-base.bb | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/meta/recipes-core/packagegroups/packagegroup-base.bb b/meta/recipes-core/packagegroups/packagegroup-base.bb
index 6d4d7e6f7e7..3482ea43133 100644
--- a/meta/recipes-core/packagegroups/packagegroup-base.bb
+++ b/meta/recipes-core/packagegroups/packagegroup-base.bb
@@ -38,6 +38,7 @@ PACKAGES = ' \
${@bb.utils.contains("DISTRO_FEATURES", "ppp", "packagegroup-base-ppp", "", d)} \
${@bb.utils.contains("DISTRO_FEATURES", "smbfs", "packagegroup-base-smbfs", "", d)} \
${@bb.utils.contains("DISTRO_FEATURES", "zeroconf", "packagegroup-base-zeroconf", "", d)} \
+ ${@bb.utils.contains("DISTRO_FEATURES", "seccomp", "packagegroup-base-seccomp", "", d)} \
\
'
@@ -76,6 +77,7 @@ RDEPENDS_packagegroup-base = "\
${@bb.utils.contains('DISTRO_FEATURES', 'ipsec', 'packagegroup-base-ipsec', '',d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'ppp', 'packagegroup-base-ppp', '',d)} \
${@bb.utils.contains('DISTRO_FEATURES', 'zeroconf', 'packagegroup-base-zeroconf', '',d)} \
+ ${@bb.utils.contains("DISTRO_FEATURES", "seccomp", "packagegroup-base-seccomp", "", d)} \
"
@@ -343,3 +345,7 @@ RDEPENDS_packagegroup-base-serial = "\
SUMMARY_packagegroup-base-phone = "Cellular telephony (voice) support"
RDEPENDS_packagegroup-base-phone = "\
ofono"
+
+SUMMARY_packagegroup-base-seccomp = "Seccomp support"
+RDEPENDS_packagegroup-base-seccomp = "\
+ libseccomp"
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* [PATCH 6/6] default-distrovars.inc: Add seccomp to DISTRO_FEATURES_DEFAULT
2021-04-24 15:56 [PATCH 0/6] Add libseccomp Armin Kuster
` (4 preceding siblings ...)
2021-04-24 15:56 ` [PATCH 5/6] packagegroups/packagegroup-base: add seccomp grp Armin Kuster
@ 2021-04-24 15:56 ` Armin Kuster
[not found] ` <1678D666E2EA61E5.6439@lists.openembedded.org>
6 siblings, 0 replies; 20+ messages in thread
From: Armin Kuster @ 2021-04-24 15:56 UTC (permalink / raw)
To: openembedded-core
Since xattr is included, seccomp should be too
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta/conf/distro/include/default-distrovars.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/conf/distro/include/default-distrovars.inc b/meta/conf/distro/include/default-distrovars.inc
index 9fcc10f83a7..45f4633c354 100644
--- a/meta/conf/distro/include/default-distrovars.inc
+++ b/meta/conf/distro/include/default-distrovars.inc
@@ -10,7 +10,7 @@ LOCALE_UTF8_ONLY ?= "0"
LOCALE_UTF8_IS_DEFAULT ?= "1"
LOCALE_UTF8_IS_DEFAULT_class-nativesdk = "0"
-DISTRO_FEATURES_DEFAULT ?= "acl alsa argp bluetooth debuginfod ext2 ipv4 ipv6 largefile pcmcia usbgadget usbhost wifi xattr nfs zeroconf pci 3g nfc x11 vfat"
+DISTRO_FEATURES_DEFAULT ?= "acl alsa argp bluetooth debuginfod ext2 ipv4 ipv6 largefile pcmcia usbgadget usbhost wifi xattr nfs zeroconf pci 3g nfc x11 vfat seccomp"
DISTRO_FEATURES ?= "${DISTRO_FEATURES_DEFAULT}"
IMAGE_FEATURES ?= ""
--
2.25.1
^ permalink raw reply related [flat|nested] 20+ messages in thread
* Re: [OE-core] [PATCH 1/6] libseccomp: move recipe from meta-security to core
2021-04-24 15:56 ` [PATCH 1/6] libseccomp: move recipe from meta-security to core Armin Kuster
@ 2021-04-24 16:19 ` Khem Raj
2021-04-24 16:55 ` Armin Kuster
2021-04-24 22:16 ` Khem Raj
1 sibling, 1 reply; 20+ messages in thread
From: Khem Raj @ 2021-04-24 16:19 UTC (permalink / raw)
To: Armin Kuster; +Cc: Patches and discussions about the oe-core layer
On Sat, Apr 24, 2021 at 8:56 AM Armin Kuster <akuster808@gmail.com> wrote:
>
> ptest results:
> Regression Test Summary
> tests run: 1404
> tests skipped: 369
> tests passed: 1402
> tests failed: 2
> tests errored: 154
>
> Add feature_check so that the other recipes who can take
> advantage of this funtionality can enable it.
>
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> ---
> .../libseccomp/files/run-ptest | 4 ++
> .../libseccomp/libseccomp_2.5.1.bb | 49 +++++++++++++++++++
> 2 files changed, 53 insertions(+)
> create mode 100644 meta/recipes-support/libseccomp/files/run-ptest
> create mode 100644 meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
>
> diff --git a/meta/recipes-support/libseccomp/files/run-ptest b/meta/recipes-support/libseccomp/files/run-ptest
> new file mode 100644
> index 00000000000..54b4a63cd2c
> --- /dev/null
> +++ b/meta/recipes-support/libseccomp/files/run-ptest
> @@ -0,0 +1,4 @@
> +#!/bin/sh
> +
> +cd tests
> +./regression -a
> diff --git a/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
> new file mode 100644
> index 00000000000..667d5da8242
> --- /dev/null
> +++ b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
> @@ -0,0 +1,49 @@
> +SUMMARY = "interface to seccomp filtering mechanism"
> +DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp."
> +SECTION = "security"
> +LICENSE = "LGPL-2.1"
> +LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
> +
> +DEPENDS += "gperf-native"
> +
> +SRCREV = "4bf70431a339a2886ab8c82e9a45378f30c6e6c7"
> +
> +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5 \
> + file://run-ptest \
> + "
> +
> +COMPATIBLE_HOST_riscv32 = "null"
> +
> +S = "${WORKDIR}/git"
> +
> +inherit autotools-brokensep pkgconfig ptest features_check
> +
> +REQUIRED_DISTRO_FEATURES = "seccomp"
> +
> +PACKAGECONFIG ??= ""
> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python3"
> +
> +DISABLE_STATIC = ""
do we need apps to use some static libs ? if so which library is it,
Or is it all internal?
> +
> +do_compile_ptest() {
> + oe_runmake -C tests check-build
> +}
> +
> +do_install_ptest() {
> + install -d ${D}${PTEST_PATH}/tests
> + install -d ${D}${PTEST_PATH}/tools
> + for file in $(find tests/* -executable -type f); do
> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> + done
> + for file in $(find tests/*.tests -type f); do
> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> + done
> + for file in $(find tools/* -executable -type f); do
> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
> + done
> +}
> +
> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug"
> +
> +RDEPENDS_${PN}-ptest = "coreutils bash"
> --
> 2.25.1
>
>
>
>
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [OE-core] [PATCH 5/6] packagegroups/packagegroup-base: add seccomp grp
2021-04-24 15:56 ` [PATCH 5/6] packagegroups/packagegroup-base: add seccomp grp Armin Kuster
@ 2021-04-24 16:23 ` Khem Raj
2021-04-24 16:57 ` Armin Kuster
0 siblings, 1 reply; 20+ messages in thread
From: Khem Raj @ 2021-04-24 16:23 UTC (permalink / raw)
To: Armin Kuster; +Cc: Patches and discussions about the oe-core layer
On Sat, Apr 24, 2021 at 8:56 AM Armin Kuster <akuster808@gmail.com> wrote:
>
> This allows for inclusion of the package when
> the FEATURE is set
>
isn't liibseccomp a library which would be automatically included if a
package needs it ?
in that case we may avoid this packagegrooup
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> ---
> meta/recipes-core/packagegroups/packagegroup-base.bb | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/meta/recipes-core/packagegroups/packagegroup-base.bb b/meta/recipes-core/packagegroups/packagegroup-base.bb
> index 6d4d7e6f7e7..3482ea43133 100644
> --- a/meta/recipes-core/packagegroups/packagegroup-base.bb
> +++ b/meta/recipes-core/packagegroups/packagegroup-base.bb
> @@ -38,6 +38,7 @@ PACKAGES = ' \
> ${@bb.utils.contains("DISTRO_FEATURES", "ppp", "packagegroup-base-ppp", "", d)} \
> ${@bb.utils.contains("DISTRO_FEATURES", "smbfs", "packagegroup-base-smbfs", "", d)} \
> ${@bb.utils.contains("DISTRO_FEATURES", "zeroconf", "packagegroup-base-zeroconf", "", d)} \
> + ${@bb.utils.contains("DISTRO_FEATURES", "seccomp", "packagegroup-base-seccomp", "", d)} \
> \
> '
>
> @@ -76,6 +77,7 @@ RDEPENDS_packagegroup-base = "\
> ${@bb.utils.contains('DISTRO_FEATURES', 'ipsec', 'packagegroup-base-ipsec', '',d)} \
> ${@bb.utils.contains('DISTRO_FEATURES', 'ppp', 'packagegroup-base-ppp', '',d)} \
> ${@bb.utils.contains('DISTRO_FEATURES', 'zeroconf', 'packagegroup-base-zeroconf', '',d)} \
> + ${@bb.utils.contains("DISTRO_FEATURES", "seccomp", "packagegroup-base-seccomp", "", d)} \
> "
>
>
> @@ -343,3 +345,7 @@ RDEPENDS_packagegroup-base-serial = "\
> SUMMARY_packagegroup-base-phone = "Cellular telephony (voice) support"
> RDEPENDS_packagegroup-base-phone = "\
> ofono"
> +
> +SUMMARY_packagegroup-base-seccomp = "Seccomp support"
> +RDEPENDS_packagegroup-base-seccomp = "\
> + libseccomp"
> --
> 2.25.1
>
>
>
>
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [OE-core] [PATCH 1/6] libseccomp: move recipe from meta-security to core
2021-04-24 16:19 ` [OE-core] " Khem Raj
@ 2021-04-24 16:55 ` Armin Kuster
2021-04-24 17:18 ` Khem Raj
0 siblings, 1 reply; 20+ messages in thread
From: Armin Kuster @ 2021-04-24 16:55 UTC (permalink / raw)
To: Khem Raj; +Cc: Patches and discussions about the oe-core layer
On 4/24/21 9:19 AM, Khem Raj wrote:
> On Sat, Apr 24, 2021 at 8:56 AM Armin Kuster <akuster808@gmail.com> wrote:
>> ptest results:
>> Regression Test Summary
>> tests run: 1404
>> tests skipped: 369
>> tests passed: 1402
>> tests failed: 2
>> tests errored: 154
>>
>> Add feature_check so that the other recipes who can take
>> advantage of this funtionality can enable it.
>>
>> Signed-off-by: Armin Kuster <akuster808@gmail.com>
>> ---
>> .../libseccomp/files/run-ptest | 4 ++
>> .../libseccomp/libseccomp_2.5.1.bb | 49 +++++++++++++++++++
>> 2 files changed, 53 insertions(+)
>> create mode 100644 meta/recipes-support/libseccomp/files/run-ptest
>> create mode 100644 meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
>>
>> diff --git a/meta/recipes-support/libseccomp/files/run-ptest b/meta/recipes-support/libseccomp/files/run-ptest
>> new file mode 100644
>> index 00000000000..54b4a63cd2c
>> --- /dev/null
>> +++ b/meta/recipes-support/libseccomp/files/run-ptest
>> @@ -0,0 +1,4 @@
>> +#!/bin/sh
>> +
>> +cd tests
>> +./regression -a
>> diff --git a/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
>> new file mode 100644
>> index 00000000000..667d5da8242
>> --- /dev/null
>> +++ b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
>> @@ -0,0 +1,49 @@
>> +SUMMARY = "interface to seccomp filtering mechanism"
>> +DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp."
>> +SECTION = "security"
>> +LICENSE = "LGPL-2.1"
>> +LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
>> +
>> +DEPENDS += "gperf-native"
>> +
>> +SRCREV = "4bf70431a339a2886ab8c82e9a45378f30c6e6c7"
>> +
>> +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5 \
>> + file://run-ptest \
>> + "
>> +
>> +COMPATIBLE_HOST_riscv32 = "null"
>> +
>> +S = "${WORKDIR}/git"
>> +
>> +inherit autotools-brokensep pkgconfig ptest features_check
>> +
>> +REQUIRED_DISTRO_FEATURES = "seccomp"
>> +
>> +PACKAGECONFIG ??= ""
>> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python3"
>> +
>> +DISABLE_STATIC = ""
> do we need apps to use some static libs ? if so which library is it,
> Or is it all internal?
The commit that added that:
commit 2153c59b429293120095a2bd4562f4f7553c1ae7
Author: Stefan Agner <stefan.agner@toradex.com>
Date: Sun Sep 1 21:48:13 2019 +0200
libseccomp: build static library always
Always build static library. This is required e.g. for runc from
meta-virtualization in its default configuration.
Meta-virt is one of the reasons I am this patch set.
-armin
>
>> +
>> +do_compile_ptest() {
>> + oe_runmake -C tests check-build
>> +}
>> +
>> +do_install_ptest() {
>> + install -d ${D}${PTEST_PATH}/tests
>> + install -d ${D}${PTEST_PATH}/tools
>> + for file in $(find tests/* -executable -type f); do
>> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>> + done
>> + for file in $(find tests/*.tests -type f); do
>> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>> + done
>> + for file in $(find tools/* -executable -type f); do
>> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
>> + done
>> +}
>> +
>> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
>> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug"
>> +
>> +RDEPENDS_${PN}-ptest = "coreutils bash"
>> --
>> 2.25.1
>>
>>
>>
>>
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [OE-core] [PATCH 5/6] packagegroups/packagegroup-base: add seccomp grp
2021-04-24 16:23 ` [OE-core] " Khem Raj
@ 2021-04-24 16:57 ` Armin Kuster
0 siblings, 0 replies; 20+ messages in thread
From: Armin Kuster @ 2021-04-24 16:57 UTC (permalink / raw)
To: Khem Raj; +Cc: Patches and discussions about the oe-core layer
On 4/24/21 9:23 AM, Khem Raj wrote:
> On Sat, Apr 24, 2021 at 8:56 AM Armin Kuster <akuster808@gmail.com> wrote:
>> This allows for inclusion of the package when
>> the FEATURE is set
>>
> isn't liibseccomp a library which would be automatically included if a
> package needs it ?
> in that case we may avoid this packagegrooup
Err, you are right..
thanks,
Armin
>> Signed-off-by: Armin Kuster <akuster808@gmail.com>
>> ---
>> meta/recipes-core/packagegroups/packagegroup-base.bb | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/meta/recipes-core/packagegroups/packagegroup-base.bb b/meta/recipes-core/packagegroups/packagegroup-base.bb
>> index 6d4d7e6f7e7..3482ea43133 100644
>> --- a/meta/recipes-core/packagegroups/packagegroup-base.bb
>> +++ b/meta/recipes-core/packagegroups/packagegroup-base.bb
>> @@ -38,6 +38,7 @@ PACKAGES = ' \
>> ${@bb.utils.contains("DISTRO_FEATURES", "ppp", "packagegroup-base-ppp", "", d)} \
>> ${@bb.utils.contains("DISTRO_FEATURES", "smbfs", "packagegroup-base-smbfs", "", d)} \
>> ${@bb.utils.contains("DISTRO_FEATURES", "zeroconf", "packagegroup-base-zeroconf", "", d)} \
>> + ${@bb.utils.contains("DISTRO_FEATURES", "seccomp", "packagegroup-base-seccomp", "", d)} \
>> \
>> '
>>
>> @@ -76,6 +77,7 @@ RDEPENDS_packagegroup-base = "\
>> ${@bb.utils.contains('DISTRO_FEATURES', 'ipsec', 'packagegroup-base-ipsec', '',d)} \
>> ${@bb.utils.contains('DISTRO_FEATURES', 'ppp', 'packagegroup-base-ppp', '',d)} \
>> ${@bb.utils.contains('DISTRO_FEATURES', 'zeroconf', 'packagegroup-base-zeroconf', '',d)} \
>> + ${@bb.utils.contains("DISTRO_FEATURES", "seccomp", "packagegroup-base-seccomp", "", d)} \
>> "
>>
>>
>> @@ -343,3 +345,7 @@ RDEPENDS_packagegroup-base-serial = "\
>> SUMMARY_packagegroup-base-phone = "Cellular telephony (voice) support"
>> RDEPENDS_packagegroup-base-phone = "\
>> ofono"
>> +
>> +SUMMARY_packagegroup-base-seccomp = "Seccomp support"
>> +RDEPENDS_packagegroup-base-seccomp = "\
>> + libseccomp"
>> --
>> 2.25.1
>>
>>
>>
>>
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [OE-core] [PATCH 1/6] libseccomp: move recipe from meta-security to core
2021-04-24 16:55 ` Armin Kuster
@ 2021-04-24 17:18 ` Khem Raj
0 siblings, 0 replies; 20+ messages in thread
From: Khem Raj @ 2021-04-24 17:18 UTC (permalink / raw)
To: akuster808; +Cc: Patches and discussions about the oe-core layer
[-- Attachment #1: Type: text/plain, Size: 4144 bytes --]
On Sat, Apr 24, 2021 at 9:55 AM akuster808 <akuster808@gmail.com> wrote:
>
>
> On 4/24/21 9:19 AM, Khem Raj wrote:
> > On Sat, Apr 24, 2021 at 8:56 AM Armin Kuster <akuster808@gmail.com>
> wrote:
> >> ptest results:
> >> Regression Test Summary
> >> tests run: 1404
> >> tests skipped: 369
> >> tests passed: 1402
> >> tests failed: 2
> >> tests errored: 154
> >>
> >> Add feature_check so that the other recipes who can take
> >> advantage of this funtionality can enable it.
> >>
> >> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> >> ---
> >> .../libseccomp/files/run-ptest | 4 ++
> >> .../libseccomp/libseccomp_2.5.1.bb | 49 +++++++++++++++++++
> >> 2 files changed, 53 insertions(+)
> >> create mode 100644 meta/recipes-support/libseccomp/files/run-ptest
> >> create mode 100644 meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
> >>
> >> diff --git a/meta/recipes-support/libseccomp/files/run-ptest
> b/meta/recipes-support/libseccomp/files/run-ptest
> >> new file mode 100644
> >> index 00000000000..54b4a63cd2c
> >> --- /dev/null
> >> +++ b/meta/recipes-support/libseccomp/files/run-ptest
> >> @@ -0,0 +1,4 @@
> >> +#!/bin/sh
> >> +
> >> +cd tests
> >> +./regression -a
> >> diff --git a/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
> b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
> >> new file mode 100644
> >> index 00000000000..667d5da8242
> >> --- /dev/null
> >> +++ b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
> >> @@ -0,0 +1,49 @@
> >> +SUMMARY = "interface to seccomp filtering mechanism"
> >> +DESCRIPTION = "The libseccomp library provides and easy to use,
> platform independent,interface to the Linux Kernel's syscall filtering
> mechanism: seccomp."
> >> +SECTION = "security"
> >> +LICENSE = "LGPL-2.1"
> >> +LIC_FILES_CHKSUM =
> "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
> >> +
> >> +DEPENDS += "gperf-native"
> >> +
> >> +SRCREV = "4bf70431a339a2886ab8c82e9a45378f30c6e6c7"
> >> +
> >> +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5
> \
> >> + file://run-ptest \
> >> + "
> >> +
> >> +COMPATIBLE_HOST_riscv32 = "null"
> >> +
> >> +S = "${WORKDIR}/git"
> >> +
> >> +inherit autotools-brokensep pkgconfig ptest features_check
> >> +
> >> +REQUIRED_DISTRO_FEATURES = "seccomp"
> >> +
> >> +PACKAGECONFIG ??= ""
> >> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python3"
> >> +
> >> +DISABLE_STATIC = ""
> > do we need apps to use some static libs ? if so which library is it,
> > Or is it all internal?
>
> The commit that added that:
>
> commit 2153c59b429293120095a2bd4562f4f7553c1ae7
> Author: Stefan Agner <stefan.agner@toradex.com>
> Date: Sun Sep 1 21:48:13 2019 +0200
>
> libseccomp: build static library always
>
> Always build static library. This is required e.g. for runc from
> meta-virtualization in its default configuration.
>
> Meta-virt is one of the reasons I am this patch set.
>
Ok since it can silently link to any app perhaps turning this into a
packageconfig could be a good improvement
>
> -armin
> >
> >> +
> >> +do_compile_ptest() {
> >> + oe_runmake -C tests check-build
> >> +}
> >> +
> >> +do_install_ptest() {
> >> + install -d ${D}${PTEST_PATH}/tests
> >> + install -d ${D}${PTEST_PATH}/tools
> >> + for file in $(find tests/* -executable -type f); do
> >> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >> + done
> >> + for file in $(find tests/*.tests -type f); do
> >> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >> + done
> >> + for file in $(find tools/* -executable -type f); do
> >> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
> >> + done
> >> +}
> >> +
> >> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
> >> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/*
> ${libdir}/${PN}/tools/.debug"
> >> +
> >> +RDEPENDS_${PN}-ptest = "coreutils bash"
> >> --
> >> 2.25.1
> >>
> >>
> >>
> >>
>
>
[-- Attachment #2: Type: text/html, Size: 6256 bytes --]
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [OE-core] [PATCH 1/6] libseccomp: move recipe from meta-security to core
2021-04-24 15:56 ` [PATCH 1/6] libseccomp: move recipe from meta-security to core Armin Kuster
2021-04-24 16:19 ` [OE-core] " Khem Raj
@ 2021-04-24 22:16 ` Khem Raj
2021-04-25 3:46 ` Khem Raj
2021-04-25 18:26 ` Armin Kuster
1 sibling, 2 replies; 20+ messages in thread
From: Khem Raj @ 2021-04-24 22:16 UTC (permalink / raw)
To: Armin Kuster; +Cc: Patches and discussions about the oe-core layer
riscv32 is not happy
ERROR: Nothing PROVIDES 'libseccomp' (but
/home/jenkins/oe/world/yoe/sources/openembedded-core/meta/recipes-core/systemd/systemd_247.6.bb,
/home/jenkins/oe/world/yoe/sources/openembedded-core/meta/recipes-support/gnutls/gnutls_3.7.1.bb
DEPENDS on or otherwise requires it)
libseccomp was skipped: incompatible with host riscv32-yoe-linux (not
in COMPATIBLE_HOST)
see
http://jenkins.nas-admin.org/view/OE/job/oe_world_qemuriscv32/1123/consoleFull
On Sat, Apr 24, 2021 at 8:56 AM Armin Kuster <akuster808@gmail.com> wrote:
>
> ptest results:
> Regression Test Summary
> tests run: 1404
> tests skipped: 369
> tests passed: 1402
> tests failed: 2
> tests errored: 154
>
> Add feature_check so that the other recipes who can take
> advantage of this funtionality can enable it.
>
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> ---
> .../libseccomp/files/run-ptest | 4 ++
> .../libseccomp/libseccomp_2.5.1.bb | 49 +++++++++++++++++++
> 2 files changed, 53 insertions(+)
> create mode 100644 meta/recipes-support/libseccomp/files/run-ptest
> create mode 100644 meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
>
> diff --git a/meta/recipes-support/libseccomp/files/run-ptest b/meta/recipes-support/libseccomp/files/run-ptest
> new file mode 100644
> index 00000000000..54b4a63cd2c
> --- /dev/null
> +++ b/meta/recipes-support/libseccomp/files/run-ptest
> @@ -0,0 +1,4 @@
> +#!/bin/sh
> +
> +cd tests
> +./regression -a
> diff --git a/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
> new file mode 100644
> index 00000000000..667d5da8242
> --- /dev/null
> +++ b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
> @@ -0,0 +1,49 @@
> +SUMMARY = "interface to seccomp filtering mechanism"
> +DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp."
> +SECTION = "security"
> +LICENSE = "LGPL-2.1"
> +LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
> +
> +DEPENDS += "gperf-native"
> +
> +SRCREV = "4bf70431a339a2886ab8c82e9a45378f30c6e6c7"
> +
> +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5 \
> + file://run-ptest \
> + "
> +
> +COMPATIBLE_HOST_riscv32 = "null"
> +
> +S = "${WORKDIR}/git"
> +
> +inherit autotools-brokensep pkgconfig ptest features_check
> +
> +REQUIRED_DISTRO_FEATURES = "seccomp"
> +
> +PACKAGECONFIG ??= ""
> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python3"
> +
> +DISABLE_STATIC = ""
> +
> +do_compile_ptest() {
> + oe_runmake -C tests check-build
> +}
> +
> +do_install_ptest() {
> + install -d ${D}${PTEST_PATH}/tests
> + install -d ${D}${PTEST_PATH}/tools
> + for file in $(find tests/* -executable -type f); do
> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> + done
> + for file in $(find tests/*.tests -type f); do
> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> + done
> + for file in $(find tools/* -executable -type f); do
> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
> + done
> +}
> +
> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug"
> +
> +RDEPENDS_${PN}-ptest = "coreutils bash"
> --
> 2.25.1
>
>
>
>
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [OE-core] [PATCH 1/6] libseccomp: move recipe from meta-security to core
2021-04-24 22:16 ` Khem Raj
@ 2021-04-25 3:46 ` Khem Raj
2021-04-25 18:27 ` Armin Kuster
2021-04-25 18:26 ` Armin Kuster
1 sibling, 1 reply; 20+ messages in thread
From: Khem Raj @ 2021-04-25 3:46 UTC (permalink / raw)
To: Armin Kuster; +Cc: Patches and discussions about the oe-core layer
musl/x86 apt fails
https://errors.yoctoproject.org/Errors/Details/577480/
On Sat, Apr 24, 2021 at 3:16 PM Khem Raj <raj.khem@gmail.com> wrote:
>
> riscv32 is not happy
>
> ERROR: Nothing PROVIDES 'libseccomp' (but
> /home/jenkins/oe/world/yoe/sources/openembedded-core/meta/recipes-core/systemd/systemd_247.6.bb,
> /home/jenkins/oe/world/yoe/sources/openembedded-core/meta/recipes-support/gnutls/gnutls_3.7.1.bb
> DEPENDS on or otherwise requires it)
> libseccomp was skipped: incompatible with host riscv32-yoe-linux (not
> in COMPATIBLE_HOST)
>
> see
> http://jenkins.nas-admin.org/view/OE/job/oe_world_qemuriscv32/1123/consoleFull
>
> On Sat, Apr 24, 2021 at 8:56 AM Armin Kuster <akuster808@gmail.com> wrote:
> >
> > ptest results:
> > Regression Test Summary
> > tests run: 1404
> > tests skipped: 369
> > tests passed: 1402
> > tests failed: 2
> > tests errored: 154
> >
> > Add feature_check so that the other recipes who can take
> > advantage of this funtionality can enable it.
> >
> > Signed-off-by: Armin Kuster <akuster808@gmail.com>
> > ---
> > .../libseccomp/files/run-ptest | 4 ++
> > .../libseccomp/libseccomp_2.5.1.bb | 49 +++++++++++++++++++
> > 2 files changed, 53 insertions(+)
> > create mode 100644 meta/recipes-support/libseccomp/files/run-ptest
> > create mode 100644 meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
> >
> > diff --git a/meta/recipes-support/libseccomp/files/run-ptest b/meta/recipes-support/libseccomp/files/run-ptest
> > new file mode 100644
> > index 00000000000..54b4a63cd2c
> > --- /dev/null
> > +++ b/meta/recipes-support/libseccomp/files/run-ptest
> > @@ -0,0 +1,4 @@
> > +#!/bin/sh
> > +
> > +cd tests
> > +./regression -a
> > diff --git a/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
> > new file mode 100644
> > index 00000000000..667d5da8242
> > --- /dev/null
> > +++ b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
> > @@ -0,0 +1,49 @@
> > +SUMMARY = "interface to seccomp filtering mechanism"
> > +DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp."
> > +SECTION = "security"
> > +LICENSE = "LGPL-2.1"
> > +LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
> > +
> > +DEPENDS += "gperf-native"
> > +
> > +SRCREV = "4bf70431a339a2886ab8c82e9a45378f30c6e6c7"
> > +
> > +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5 \
> > + file://run-ptest \
> > + "
> > +
> > +COMPATIBLE_HOST_riscv32 = "null"
> > +
> > +S = "${WORKDIR}/git"
> > +
> > +inherit autotools-brokensep pkgconfig ptest features_check
> > +
> > +REQUIRED_DISTRO_FEATURES = "seccomp"
> > +
> > +PACKAGECONFIG ??= ""
> > +PACKAGECONFIG[python] = "--enable-python, --disable-python, python3"
> > +
> > +DISABLE_STATIC = ""
> > +
> > +do_compile_ptest() {
> > + oe_runmake -C tests check-build
> > +}
> > +
> > +do_install_ptest() {
> > + install -d ${D}${PTEST_PATH}/tests
> > + install -d ${D}${PTEST_PATH}/tools
> > + for file in $(find tests/* -executable -type f); do
> > + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> > + done
> > + for file in $(find tests/*.tests -type f); do
> > + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> > + done
> > + for file in $(find tools/* -executable -type f); do
> > + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
> > + done
> > +}
> > +
> > +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
> > +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug"
> > +
> > +RDEPENDS_${PN}-ptest = "coreutils bash"
> > --
> > 2.25.1
> >
> >
> >
> >
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [OE-core] [PATCH 1/6] libseccomp: move recipe from meta-security to core
2021-04-24 22:16 ` Khem Raj
2021-04-25 3:46 ` Khem Raj
@ 2021-04-25 18:26 ` Armin Kuster
2021-04-26 0:10 ` Khem Raj
1 sibling, 1 reply; 20+ messages in thread
From: Armin Kuster @ 2021-04-25 18:26 UTC (permalink / raw)
To: Khem Raj; +Cc: Patches and discussions about the oe-core layer
On 4/24/21 3:16 PM, Khem Raj wrote:
> riscv32 is not happy
that is not supported by libseccomp per their supported arch list. I
came across that yesterday.
>
> ERROR: Nothing PROVIDES 'libseccomp' (but
> /home/jenkins/oe/world/yoe/sources/openembedded-core/meta/recipes-core/systemd/systemd_247.6.bb,
> /home/jenkins/oe/world/yoe/sources/openembedded-core/meta/recipes-support/gnutls/gnutls_3.7.1.bb
> DEPENDS on or otherwise requires it)
> libseccomp was skipped: incompatible with host riscv32-yoe-linux (not
> in COMPATIBLE_HOST)
I suspect we need to exclude the arch for now. I didn't notice any patch
to add that yet.
-armin
>
> see
> http://jenkins.nas-admin.org/view/OE/job/oe_world_qemuriscv32/1123/consoleFull
>
> On Sat, Apr 24, 2021 at 8:56 AM Armin Kuster <akuster808@gmail.com> wrote:
>> ptest results:
>> Regression Test Summary
>> tests run: 1404
>> tests skipped: 369
>> tests passed: 1402
>> tests failed: 2
>> tests errored: 154
>>
>> Add feature_check so that the other recipes who can take
>> advantage of this funtionality can enable it.
>>
>> Signed-off-by: Armin Kuster <akuster808@gmail.com>
>> ---
>> .../libseccomp/files/run-ptest | 4 ++
>> .../libseccomp/libseccomp_2.5.1.bb | 49 +++++++++++++++++++
>> 2 files changed, 53 insertions(+)
>> create mode 100644 meta/recipes-support/libseccomp/files/run-ptest
>> create mode 100644 meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
>>
>> diff --git a/meta/recipes-support/libseccomp/files/run-ptest b/meta/recipes-support/libseccomp/files/run-ptest
>> new file mode 100644
>> index 00000000000..54b4a63cd2c
>> --- /dev/null
>> +++ b/meta/recipes-support/libseccomp/files/run-ptest
>> @@ -0,0 +1,4 @@
>> +#!/bin/sh
>> +
>> +cd tests
>> +./regression -a
>> diff --git a/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
>> new file mode 100644
>> index 00000000000..667d5da8242
>> --- /dev/null
>> +++ b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
>> @@ -0,0 +1,49 @@
>> +SUMMARY = "interface to seccomp filtering mechanism"
>> +DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp."
>> +SECTION = "security"
>> +LICENSE = "LGPL-2.1"
>> +LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
>> +
>> +DEPENDS += "gperf-native"
>> +
>> +SRCREV = "4bf70431a339a2886ab8c82e9a45378f30c6e6c7"
>> +
>> +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5 \
>> + file://run-ptest \
>> + "
>> +
>> +COMPATIBLE_HOST_riscv32 = "null"
>> +
>> +S = "${WORKDIR}/git"
>> +
>> +inherit autotools-brokensep pkgconfig ptest features_check
>> +
>> +REQUIRED_DISTRO_FEATURES = "seccomp"
>> +
>> +PACKAGECONFIG ??= ""
>> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python3"
>> +
>> +DISABLE_STATIC = ""
>> +
>> +do_compile_ptest() {
>> + oe_runmake -C tests check-build
>> +}
>> +
>> +do_install_ptest() {
>> + install -d ${D}${PTEST_PATH}/tests
>> + install -d ${D}${PTEST_PATH}/tools
>> + for file in $(find tests/* -executable -type f); do
>> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>> + done
>> + for file in $(find tests/*.tests -type f); do
>> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>> + done
>> + for file in $(find tools/* -executable -type f); do
>> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
>> + done
>> +}
>> +
>> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
>> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug"
>> +
>> +RDEPENDS_${PN}-ptest = "coreutils bash"
>> --
>> 2.25.1
>>
>>
>>
>>
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [OE-core] [PATCH 1/6] libseccomp: move recipe from meta-security to core
2021-04-25 3:46 ` Khem Raj
@ 2021-04-25 18:27 ` Armin Kuster
0 siblings, 0 replies; 20+ messages in thread
From: Armin Kuster @ 2021-04-25 18:27 UTC (permalink / raw)
To: Khem Raj; +Cc: Patches and discussions about the oe-core layer
On 4/24/21 8:46 PM, Khem Raj wrote:
> musl/x86 apt fails
Right. RP told me yesterday. I have been looking into it.
I say your patch. thanks.
-armin
>
> https://errors.yoctoproject.org/Errors/Details/577480/
>
> On Sat, Apr 24, 2021 at 3:16 PM Khem Raj <raj.khem@gmail.com> wrote:
>> riscv32 is not happy
>>
>> ERROR: Nothing PROVIDES 'libseccomp' (but
>> /home/jenkins/oe/world/yoe/sources/openembedded-core/meta/recipes-core/systemd/systemd_247.6.bb,
>> /home/jenkins/oe/world/yoe/sources/openembedded-core/meta/recipes-support/gnutls/gnutls_3.7.1.bb
>> DEPENDS on or otherwise requires it)
>> libseccomp was skipped: incompatible with host riscv32-yoe-linux (not
>> in COMPATIBLE_HOST)
>>
>> see
>> http://jenkins.nas-admin.org/view/OE/job/oe_world_qemuriscv32/1123/consoleFull
>>
>> On Sat, Apr 24, 2021 at 8:56 AM Armin Kuster <akuster808@gmail.com> wrote:
>>> ptest results:
>>> Regression Test Summary
>>> tests run: 1404
>>> tests skipped: 369
>>> tests passed: 1402
>>> tests failed: 2
>>> tests errored: 154
>>>
>>> Add feature_check so that the other recipes who can take
>>> advantage of this funtionality can enable it.
>>>
>>> Signed-off-by: Armin Kuster <akuster808@gmail.com>
>>> ---
>>> .../libseccomp/files/run-ptest | 4 ++
>>> .../libseccomp/libseccomp_2.5.1.bb | 49 +++++++++++++++++++
>>> 2 files changed, 53 insertions(+)
>>> create mode 100644 meta/recipes-support/libseccomp/files/run-ptest
>>> create mode 100644 meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
>>>
>>> diff --git a/meta/recipes-support/libseccomp/files/run-ptest b/meta/recipes-support/libseccomp/files/run-ptest
>>> new file mode 100644
>>> index 00000000000..54b4a63cd2c
>>> --- /dev/null
>>> +++ b/meta/recipes-support/libseccomp/files/run-ptest
>>> @@ -0,0 +1,4 @@
>>> +#!/bin/sh
>>> +
>>> +cd tests
>>> +./regression -a
>>> diff --git a/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
>>> new file mode 100644
>>> index 00000000000..667d5da8242
>>> --- /dev/null
>>> +++ b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
>>> @@ -0,0 +1,49 @@
>>> +SUMMARY = "interface to seccomp filtering mechanism"
>>> +DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp."
>>> +SECTION = "security"
>>> +LICENSE = "LGPL-2.1"
>>> +LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
>>> +
>>> +DEPENDS += "gperf-native"
>>> +
>>> +SRCREV = "4bf70431a339a2886ab8c82e9a45378f30c6e6c7"
>>> +
>>> +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5 \
>>> + file://run-ptest \
>>> + "
>>> +
>>> +COMPATIBLE_HOST_riscv32 = "null"
>>> +
>>> +S = "${WORKDIR}/git"
>>> +
>>> +inherit autotools-brokensep pkgconfig ptest features_check
>>> +
>>> +REQUIRED_DISTRO_FEATURES = "seccomp"
>>> +
>>> +PACKAGECONFIG ??= ""
>>> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python3"
>>> +
>>> +DISABLE_STATIC = ""
>>> +
>>> +do_compile_ptest() {
>>> + oe_runmake -C tests check-build
>>> +}
>>> +
>>> +do_install_ptest() {
>>> + install -d ${D}${PTEST_PATH}/tests
>>> + install -d ${D}${PTEST_PATH}/tools
>>> + for file in $(find tests/* -executable -type f); do
>>> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>>> + done
>>> + for file in $(find tests/*.tests -type f); do
>>> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>>> + done
>>> + for file in $(find tools/* -executable -type f); do
>>> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
>>> + done
>>> +}
>>> +
>>> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
>>> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug"
>>> +
>>> +RDEPENDS_${PN}-ptest = "coreutils bash"
>>> --
>>> 2.25.1
>>>
>>>
>>>
>>>
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [OE-core] [PATCH 1/6] libseccomp: move recipe from meta-security to core
[not found] ` <1678D666E2EA61E5.6439@lists.openembedded.org>
@ 2021-04-25 19:17 ` Armin Kuster
0 siblings, 0 replies; 20+ messages in thread
From: Armin Kuster @ 2021-04-25 19:17 UTC (permalink / raw)
To: openembedded-core
On 4/24/21 8:56 AM, Armin Kuster via lists.openembedded.org wrote:
> ptest results:
> Regression Test Summary
> tests run: 1404
> tests skipped: 369
> tests passed: 1402
> tests failed: 2
> tests errored: 154
Ptest on x86 musl with the patches in master-next many thanks to
Richard and Khem for their fixes.
Regression Test Summary
tests run: 8150
tests skipped: 114
tests passed: 8148
tests failed: 2
tests errored: 0
Many of the skipped are do to missing valgrind or wrong arch.
-armin
>
> Add feature_check so that the other recipes who can take
> advantage of this funtionality can enable it.
>
> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> ---
> .../libseccomp/files/run-ptest | 4 ++
> .../libseccomp/libseccomp_2.5.1.bb | 49 +++++++++++++++++++
> 2 files changed, 53 insertions(+)
> create mode 100644 meta/recipes-support/libseccomp/files/run-ptest
> create mode 100644 meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
>
> diff --git a/meta/recipes-support/libseccomp/files/run-ptest b/meta/recipes-support/libseccomp/files/run-ptest
> new file mode 100644
> index 00000000000..54b4a63cd2c
> --- /dev/null
> +++ b/meta/recipes-support/libseccomp/files/run-ptest
> @@ -0,0 +1,4 @@
> +#!/bin/sh
> +
> +cd tests
> +./regression -a
> diff --git a/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
> new file mode 100644
> index 00000000000..667d5da8242
> --- /dev/null
> +++ b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
> @@ -0,0 +1,49 @@
> +SUMMARY = "interface to seccomp filtering mechanism"
> +DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp."
> +SECTION = "security"
> +LICENSE = "LGPL-2.1"
> +LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
> +
> +DEPENDS += "gperf-native"
> +
> +SRCREV = "4bf70431a339a2886ab8c82e9a45378f30c6e6c7"
> +
> +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5 \
> + file://run-ptest \
> + "
> +
> +COMPATIBLE_HOST_riscv32 = "null"
> +
> +S = "${WORKDIR}/git"
> +
> +inherit autotools-brokensep pkgconfig ptest features_check
> +
> +REQUIRED_DISTRO_FEATURES = "seccomp"
> +
> +PACKAGECONFIG ??= ""
> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python3"
> +
> +DISABLE_STATIC = ""
> +
> +do_compile_ptest() {
> + oe_runmake -C tests check-build
> +}
> +
> +do_install_ptest() {
> + install -d ${D}${PTEST_PATH}/tests
> + install -d ${D}${PTEST_PATH}/tools
> + for file in $(find tests/* -executable -type f); do
> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> + done
> + for file in $(find tests/*.tests -type f); do
> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> + done
> + for file in $(find tools/* -executable -type f); do
> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
> + done
> +}
> +
> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug"
> +
> +RDEPENDS_${PN}-ptest = "coreutils bash"
>
>
>
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [OE-core] [PATCH 1/6] libseccomp: move recipe from meta-security to core
2021-04-25 18:26 ` Armin Kuster
@ 2021-04-26 0:10 ` Khem Raj
2021-04-26 14:24 ` Armin Kuster
0 siblings, 1 reply; 20+ messages in thread
From: Khem Raj @ 2021-04-26 0:10 UTC (permalink / raw)
To: akuster808; +Cc: Patches and discussions about the oe-core layer
On Sun, Apr 25, 2021 at 11:26 AM akuster808 <akuster808@gmail.com> wrote:
>
>
>
> On 4/24/21 3:16 PM, Khem Raj wrote:
> > riscv32 is not happy
>
> that is not supported by libseccomp per their supported arch list. I
> came across that yesterday.
I think the problem is when we enable it by default in DISTRO_FEATURES
perhaps we should add an explicit
DISTRO_FEATURES_remove_riscv32 = "seccomp"
in default-distrovars.inc
> >
> > ERROR: Nothing PROVIDES 'libseccomp' (but
> > /home/jenkins/oe/world/yoe/sources/openembedded-core/meta/recipes-core/systemd/systemd_247.6.bb,
> > /home/jenkins/oe/world/yoe/sources/openembedded-core/meta/recipes-support/gnutls/gnutls_3.7.1.bb
> > DEPENDS on or otherwise requires it)
> > libseccomp was skipped: incompatible with host riscv32-yoe-linux (not
> > in COMPATIBLE_HOST)
> I suspect we need to exclude the arch for now. I didn't notice any patch
> to add that yet.
>
> -armin
> >
> > see
> > http://jenkins.nas-admin.org/view/OE/job/oe_world_qemuriscv32/1123/consoleFull
> >
> > On Sat, Apr 24, 2021 at 8:56 AM Armin Kuster <akuster808@gmail.com> wrote:
> >> ptest results:
> >> Regression Test Summary
> >> tests run: 1404
> >> tests skipped: 369
> >> tests passed: 1402
> >> tests failed: 2
> >> tests errored: 154
> >>
> >> Add feature_check so that the other recipes who can take
> >> advantage of this funtionality can enable it.
> >>
> >> Signed-off-by: Armin Kuster <akuster808@gmail.com>
> >> ---
> >> .../libseccomp/files/run-ptest | 4 ++
> >> .../libseccomp/libseccomp_2.5.1.bb | 49 +++++++++++++++++++
> >> 2 files changed, 53 insertions(+)
> >> create mode 100644 meta/recipes-support/libseccomp/files/run-ptest
> >> create mode 100644 meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
> >>
> >> diff --git a/meta/recipes-support/libseccomp/files/run-ptest b/meta/recipes-support/libseccomp/files/run-ptest
> >> new file mode 100644
> >> index 00000000000..54b4a63cd2c
> >> --- /dev/null
> >> +++ b/meta/recipes-support/libseccomp/files/run-ptest
> >> @@ -0,0 +1,4 @@
> >> +#!/bin/sh
> >> +
> >> +cd tests
> >> +./regression -a
> >> diff --git a/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
> >> new file mode 100644
> >> index 00000000000..667d5da8242
> >> --- /dev/null
> >> +++ b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
> >> @@ -0,0 +1,49 @@
> >> +SUMMARY = "interface to seccomp filtering mechanism"
> >> +DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp."
> >> +SECTION = "security"
> >> +LICENSE = "LGPL-2.1"
> >> +LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
> >> +
> >> +DEPENDS += "gperf-native"
> >> +
> >> +SRCREV = "4bf70431a339a2886ab8c82e9a45378f30c6e6c7"
> >> +
> >> +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5 \
> >> + file://run-ptest \
> >> + "
> >> +
> >> +COMPATIBLE_HOST_riscv32 = "null"
> >> +
> >> +S = "${WORKDIR}/git"
> >> +
> >> +inherit autotools-brokensep pkgconfig ptest features_check
> >> +
> >> +REQUIRED_DISTRO_FEATURES = "seccomp"
> >> +
> >> +PACKAGECONFIG ??= ""
> >> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python3"
> >> +
> >> +DISABLE_STATIC = ""
> >> +
> >> +do_compile_ptest() {
> >> + oe_runmake -C tests check-build
> >> +}
> >> +
> >> +do_install_ptest() {
> >> + install -d ${D}${PTEST_PATH}/tests
> >> + install -d ${D}${PTEST_PATH}/tools
> >> + for file in $(find tests/* -executable -type f); do
> >> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >> + done
> >> + for file in $(find tests/*.tests -type f); do
> >> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
> >> + done
> >> + for file in $(find tools/* -executable -type f); do
> >> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
> >> + done
> >> +}
> >> +
> >> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
> >> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug"
> >> +
> >> +RDEPENDS_${PN}-ptest = "coreutils bash"
> >> --
> >> 2.25.1
> >>
> >>
> >>
> >>
>
>
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [OE-core] [PATCH 4/6] systemd: Enable seccomp if FEATURE is set
2021-04-24 15:56 ` [PATCH 4/6] systemd: " Armin Kuster
@ 2021-04-26 6:42 ` Mikko Rapeli
0 siblings, 0 replies; 20+ messages in thread
From: Mikko Rapeli @ 2021-04-26 6:42 UTC (permalink / raw)
To: akuster808; +Cc: openembedded-core
Hi,
Patch itself is ok, but I'll just comment that I've seen some boot time regressions
coming from systemd seccomp support. On NXP iMX8 and dunfell, systemd needed a
few 100 ms more time in early boot if seccomp was enabled. I could not figure out
where this was lost though. Could be just kernel or BSP SW configuration problem that
we had. Ideas what could be causing this would be nice to hear...
Cheers,
-Mikko
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [OE-core] [PATCH 1/6] libseccomp: move recipe from meta-security to core
2021-04-26 0:10 ` Khem Raj
@ 2021-04-26 14:24 ` Armin Kuster
0 siblings, 0 replies; 20+ messages in thread
From: Armin Kuster @ 2021-04-26 14:24 UTC (permalink / raw)
To: Khem Raj; +Cc: Patches and discussions about the oe-core layer
On 4/25/21 5:10 PM, Khem Raj wrote:
> On Sun, Apr 25, 2021 at 11:26 AM akuster808 <akuster808@gmail.com> wrote:
>>
>>
>> On 4/24/21 3:16 PM, Khem Raj wrote:
>>> riscv32 is not happy
>> that is not supported by libseccomp per their supported arch list. I
>> came across that yesterday.
> I think the problem is when we enable it by default in DISTRO_FEATURES
> perhaps we should add an explicit
>
> DISTRO_FEATURES_remove_riscv32 = "seccomp"
>
> in default-distrovars.inc
sounds good. libseccomp hit master this morning.
-armin
>
>>> ERROR: Nothing PROVIDES 'libseccomp' (but
>>> /home/jenkins/oe/world/yoe/sources/openembedded-core/meta/recipes-core/systemd/systemd_247.6.bb,
>>> /home/jenkins/oe/world/yoe/sources/openembedded-core/meta/recipes-support/gnutls/gnutls_3.7.1.bb
>>> DEPENDS on or otherwise requires it)
>>> libseccomp was skipped: incompatible with host riscv32-yoe-linux (not
>>> in COMPATIBLE_HOST)
>> I suspect we need to exclude the arch for now. I didn't notice any patch
>> to add that yet.
>>
>> -armin
>>> see
>>> http://jenkins.nas-admin.org/view/OE/job/oe_world_qemuriscv32/1123/consoleFull
>>>
>>> On Sat, Apr 24, 2021 at 8:56 AM Armin Kuster <akuster808@gmail.com> wrote:
>>>> ptest results:
>>>> Regression Test Summary
>>>> tests run: 1404
>>>> tests skipped: 369
>>>> tests passed: 1402
>>>> tests failed: 2
>>>> tests errored: 154
>>>>
>>>> Add feature_check so that the other recipes who can take
>>>> advantage of this funtionality can enable it.
>>>>
>>>> Signed-off-by: Armin Kuster <akuster808@gmail.com>
>>>> ---
>>>> .../libseccomp/files/run-ptest | 4 ++
>>>> .../libseccomp/libseccomp_2.5.1.bb | 49 +++++++++++++++++++
>>>> 2 files changed, 53 insertions(+)
>>>> create mode 100644 meta/recipes-support/libseccomp/files/run-ptest
>>>> create mode 100644 meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
>>>>
>>>> diff --git a/meta/recipes-support/libseccomp/files/run-ptest b/meta/recipes-support/libseccomp/files/run-ptest
>>>> new file mode 100644
>>>> index 00000000000..54b4a63cd2c
>>>> --- /dev/null
>>>> +++ b/meta/recipes-support/libseccomp/files/run-ptest
>>>> @@ -0,0 +1,4 @@
>>>> +#!/bin/sh
>>>> +
>>>> +cd tests
>>>> +./regression -a
>>>> diff --git a/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
>>>> new file mode 100644
>>>> index 00000000000..667d5da8242
>>>> --- /dev/null
>>>> +++ b/meta/recipes-support/libseccomp/libseccomp_2.5.1.bb
>>>> @@ -0,0 +1,49 @@
>>>> +SUMMARY = "interface to seccomp filtering mechanism"
>>>> +DESCRIPTION = "The libseccomp library provides and easy to use, platform independent,interface to the Linux Kernel's syscall filtering mechanism: seccomp."
>>>> +SECTION = "security"
>>>> +LICENSE = "LGPL-2.1"
>>>> +LIC_FILES_CHKSUM = "file://LICENSE;beginline=0;endline=1;md5=8eac08d22113880357ceb8e7c37f989f"
>>>> +
>>>> +DEPENDS += "gperf-native"
>>>> +
>>>> +SRCREV = "4bf70431a339a2886ab8c82e9a45378f30c6e6c7"
>>>> +
>>>> +SRC_URI = "git://github.com/seccomp/libseccomp.git;branch=release-2.5 \
>>>> + file://run-ptest \
>>>> + "
>>>> +
>>>> +COMPATIBLE_HOST_riscv32 = "null"
>>>> +
>>>> +S = "${WORKDIR}/git"
>>>> +
>>>> +inherit autotools-brokensep pkgconfig ptest features_check
>>>> +
>>>> +REQUIRED_DISTRO_FEATURES = "seccomp"
>>>> +
>>>> +PACKAGECONFIG ??= ""
>>>> +PACKAGECONFIG[python] = "--enable-python, --disable-python, python3"
>>>> +
>>>> +DISABLE_STATIC = ""
>>>> +
>>>> +do_compile_ptest() {
>>>> + oe_runmake -C tests check-build
>>>> +}
>>>> +
>>>> +do_install_ptest() {
>>>> + install -d ${D}${PTEST_PATH}/tests
>>>> + install -d ${D}${PTEST_PATH}/tools
>>>> + for file in $(find tests/* -executable -type f); do
>>>> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>>>> + done
>>>> + for file in $(find tests/*.tests -type f); do
>>>> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tests
>>>> + done
>>>> + for file in $(find tools/* -executable -type f); do
>>>> + install -m 744 ${S}/${file} ${D}/${PTEST_PATH}/tools
>>>> + done
>>>> +}
>>>> +
>>>> +FILES_${PN} = "${bindir} ${libdir}/${BPN}.so*"
>>>> +FILES_${PN}-dbg += "${libdir}/${PN}/tests/.debug/* ${libdir}/${PN}/tools/.debug"
>>>> +
>>>> +RDEPENDS_${PN}-ptest = "coreutils bash"
>>>> --
>>>> 2.25.1
>>>>
>>>>
>>>>
>>>>
>>
^ permalink raw reply [flat|nested] 20+ messages in thread
end of thread, other threads:[~2021-04-26 14:24 UTC | newest]
Thread overview: 20+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-24 15:56 [PATCH 0/6] Add libseccomp Armin Kuster
2021-04-24 15:56 ` [PATCH 1/6] libseccomp: move recipe from meta-security to core Armin Kuster
2021-04-24 16:19 ` [OE-core] " Khem Raj
2021-04-24 16:55 ` Armin Kuster
2021-04-24 17:18 ` Khem Raj
2021-04-24 22:16 ` Khem Raj
2021-04-25 3:46 ` Khem Raj
2021-04-25 18:27 ` Armin Kuster
2021-04-25 18:26 ` Armin Kuster
2021-04-26 0:10 ` Khem Raj
2021-04-26 14:24 ` Armin Kuster
2021-04-24 15:56 ` [PATCH 2/6] qemu: Enable seccomp if FEATURE is set Armin Kuster
2021-04-24 15:56 ` [PATCH 3/6] gnutls: " Armin Kuster
2021-04-24 15:56 ` [PATCH 4/6] systemd: " Armin Kuster
2021-04-26 6:42 ` [OE-core] " Mikko Rapeli
2021-04-24 15:56 ` [PATCH 5/6] packagegroups/packagegroup-base: add seccomp grp Armin Kuster
2021-04-24 16:23 ` [OE-core] " Khem Raj
2021-04-24 16:57 ` Armin Kuster
2021-04-24 15:56 ` [PATCH 6/6] default-distrovars.inc: Add seccomp to DISTRO_FEATURES_DEFAULT Armin Kuster
[not found] ` <1678D666E2EA61E5.6439@lists.openembedded.org>
2021-04-25 19:17 ` [OE-core] [PATCH 1/6] libseccomp: move recipe from meta-security to core Armin Kuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.