* [meta-selinux][PATCH 02/16] libsepol: upgrade 3.3 -> 3.4
2022-08-28 2:29 [meta-selinux][PATCH 01/16] selinux: upgrade 3.3 -> 3.4 Yi Zhao
@ 2022-08-28 2:29 ` Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 03/16] libselinux: " Yi Zhao
` (13 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Yi Zhao @ 2022-08-28 2:29 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
.../selinux/{libsepol_3.3.bb => libsepol_3.4.bb} | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
rename recipes-security/selinux/{libsepol_3.3.bb => libsepol_3.4.bb} (80%)
diff --git a/recipes-security/selinux/libsepol_3.3.bb b/recipes-security/selinux/libsepol_3.4.bb
similarity index 80%
rename from recipes-security/selinux/libsepol_3.3.bb
rename to recipes-security/selinux/libsepol_3.4.bb
index 80d8819..49312da 100644
--- a/recipes-security/selinux/libsepol_3.3.bb
+++ b/recipes-security/selinux/libsepol_3.4.bb
@@ -13,10 +13,6 @@ inherit lib_package
S = "${WORKDIR}/git/libsepol"
-# Change RANLIB for cross compiling, use host-tools $(AR) rather than
-# local ranlib.
-EXTRA_OEMAKE += "RANLIB='$(AR) s'"
-
-DEPENDS += "flex-native"
+DEPENDS = "flex-native"
BBCLASSEXTEND = "native"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [meta-selinux][PATCH 03/16] libselinux: upgrade 3.3 -> 3.4
2022-08-28 2:29 [meta-selinux][PATCH 01/16] selinux: upgrade 3.3 -> 3.4 Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 02/16] libsepol: " Yi Zhao
@ 2022-08-28 2:29 ` Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 04/16] libselinux-python: " Yi Zhao
` (12 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Yi Zhao @ 2022-08-28 2:29 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Use libpcre2 instead of libpcre.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
.../selinux/{libselinux_3.3.bb => libselinux_3.4.bb} | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
rename recipes-security/selinux/{libselinux_3.3.bb => libselinux_3.4.bb} (77%)
diff --git a/recipes-security/selinux/libselinux_3.3.bb b/recipes-security/selinux/libselinux_3.4.bb
similarity index 77%
rename from recipes-security/selinux/libselinux_3.3.bb
rename to recipes-security/selinux/libselinux_3.4.bb
index 1144840..8009d6d 100644
--- a/recipes-security/selinux/libselinux_3.3.bb
+++ b/recipes-security/selinux/libselinux_3.4.bb
@@ -8,9 +8,9 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
require selinux_common.inc
-inherit lib_package python3native pkgconfig
+inherit lib_package pkgconfig
-DEPENDS += "libsepol libpcre"
+DEPENDS = "libsepol libpcre2"
DEPENDS:append:libc-musl = " fts"
S = "${WORKDIR}/git/libselinux"
@@ -22,8 +22,7 @@ def get_policyconfigarch(d):
target = p.sub('i386',target)
return "ARCH=%s" % (target)
-EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
-EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre' LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'"
+EXTRA_OEMAKE = "${@get_policyconfigarch(d)}"
EXTRA_OEMAKE:append:libc-musl = " FTS_LDLIBS=-lfts"
BBCLASSEXTEND = "native"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [meta-selinux][PATCH 04/16] libselinux-python: upgrade 3.3 -> 3.4
2022-08-28 2:29 [meta-selinux][PATCH 01/16] selinux: upgrade 3.3 -> 3.4 Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 02/16] libsepol: " Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 03/16] libselinux: " Yi Zhao
@ 2022-08-28 2:29 ` Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 05/16] libsemanage: " Yi Zhao
` (11 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Yi Zhao @ 2022-08-28 2:29 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
* Use libpcre2 instead of libpcre.
* Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...linux-python_3.3.bb => libselinux-python_3.4.bb} | 13 +++++++------
...ix-python-modules-install-path-for-multili.patch | 8 ++++----
...PYCEXT-and-rely-on-the-installed-file-nam.patch} | 8 ++++----
3 files changed, 15 insertions(+), 14 deletions(-)
rename recipes-security/selinux/{libselinux-python_3.3.bb => libselinux-python_3.4.bb} (79%)
rename recipes-security/selinux/libselinux/{0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch => 0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch} (94%)
diff --git a/recipes-security/selinux/libselinux-python_3.3.bb b/recipes-security/selinux/libselinux-python_3.4.bb
similarity index 79%
rename from recipes-security/selinux/libselinux-python_3.3.bb
rename to recipes-security/selinux/libselinux-python_3.4.bb
index 136f538..a850369 100644
--- a/recipes-security/selinux/libselinux-python_3.3.bb
+++ b/recipes-security/selinux/libselinux-python_3.4.bb
@@ -8,18 +8,20 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
require selinux_common.inc
-inherit python3native python3targetconfig pkgconfig
+inherit python3targetconfig pkgconfig
FILESEXTRAPATHS:prepend := "${THISDIR}/libselinux:"
SRC_URI += "\
file://0001-Makefile-fix-python-modules-install-path-for-multili.patch \
- file://0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch \
+ file://0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch \
"
S = "${WORKDIR}/git/libselinux"
-DEPENDS += "python3 swig-native libpcre libsepol"
-RDEPENDS:${PN} += "libselinux python3-core python3-shell"
+DEPENDS = "libsepol libpcre2 swig-native"
+DEPENDS:append:libc-musl = " fts"
+
+RDEPENDS:${PN} = "libselinux python3-core python3-shell"
def get_policyconfigarch(d):
import re
@@ -28,8 +30,7 @@ def get_policyconfigarch(d):
target = p.sub('i386',target)
return "ARCH=%s" % (target)
-EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
-EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre' LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'"
+EXTRA_OEMAKE = "${@get_policyconfigarch(d)}"
EXTRA_OEMAKE:append:libc-musl = " FTS_LDLIBS=-lfts"
FILES:${PN} = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"
diff --git a/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch b/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
index 9dfd8d4..9750cd6 100644
--- a/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
+++ b/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
@@ -1,4 +1,4 @@
-From 41540f5c4e3552a2806097613f016d1a2fd4754a Mon Sep 17 00:00:00 2001
+From 1ff60a36bb0bfc95ce33cf950f58e121548a3c8a Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Mon, 13 Apr 2020 12:44:23 +0800
Subject: [PATCH] Makefile: fix python modules install path for multilib
@@ -11,10 +11,10 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Makefile b/src/Makefile
-index 190016e..dcdeb10 100644
+index 04bf4f2..81ae6a2 100644
--- a/src/Makefile
+++ b/src/Makefile
-@@ -174,7 +174,7 @@ install: all
+@@ -181,7 +181,7 @@ install: all
ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
install-pywrap: pywrap
@@ -24,5 +24,5 @@ index 190016e..dcdeb10 100644
ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
--
-2.17.1
+2.25.1
diff --git a/recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch b/recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
similarity index 94%
rename from recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
rename to recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
index 0fafcef..db7d68f 100644
--- a/recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
+++ b/recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
@@ -1,4 +1,4 @@
-From 1542c79660484a2f2e24ee0593586dba35c3ad13 Mon Sep 17 00:00:00 2001
+From dae53d7cd4d7875f7fb7aba016a0331559044eea Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Date: Fri, 25 Oct 2019 13:37:14 +0200
Subject: [PATCH] Do not use PYCEXT, and rely on the installed file name
@@ -27,7 +27,7 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/Makefile b/src/Makefile
-index dcdeb10..da6f719 100644
+index 81ae6a2..37399e1 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -15,7 +15,6 @@ INCLUDEDIR ?= $(PREFIX)/include
@@ -38,7 +38,7 @@ index dcdeb10..da6f719 100644
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]')
RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
-@@ -176,7 +175,7 @@ install: all
+@@ -183,7 +182,7 @@ install: all
install-pywrap: pywrap
$(PYTHON) setup.py install --prefix=$(PREFIX) --root=$(DESTDIR) --install-lib=$(PYTHONLIBDIR) $(PYTHON_SETUP_ARGS)
install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
@@ -48,5 +48,5 @@ index dcdeb10..da6f719 100644
install-rubywrap: rubywrap
test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
--
-2.17.1
+2.25.1
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [meta-selinux][PATCH 05/16] libsemanage: upgrade 3.3 -> 3.4
2022-08-28 2:29 [meta-selinux][PATCH 01/16] selinux: upgrade 3.3 -> 3.4 Yi Zhao
` (2 preceding siblings ...)
2022-08-28 2:29 ` [meta-selinux][PATCH 04/16] libselinux-python: " Yi Zhao
@ 2022-08-28 2:29 ` Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 06/16] checkpolicy: " Yi Zhao
` (10 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Yi Zhao @ 2022-08-28 2:29 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
.../libsemanage-Fix-execve-segfaults-on-Ubuntu.patch | 10 +++++-----
.../libsemanage-allow-to-disable-audit-support.patch | 8 ++++----
...bsemanage-disable-expand-check-on-policy-load.patch | 8 ++++----
.../selinux/{libsemanage_3.3.bb => libsemanage_3.4.bb} | 9 +++++----
4 files changed, 18 insertions(+), 17 deletions(-)
rename recipes-security/selinux/{libsemanage_3.3.bb => libsemanage_3.4.bb} (91%)
diff --git a/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch b/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
index 0b1f3d8..5a03d30 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
@@ -1,4 +1,4 @@
-From 01a37b94a1f5605a395e8b45ee9ec653ce716c06 Mon Sep 17 00:00:00 2001
+From 2111f86dce8defd9bebd9b43008339e3b5af0aa7 Mon Sep 17 00:00:00 2001
From: Xin Ouyang <Xin.Ouyang@windriver.com>
Date: Mon, 26 Mar 2012 15:15:16 +0800
Subject: [PATCH] libsemanage: Fix execve segfaults on Ubuntu.
@@ -9,7 +9,7 @@ Such as "make load" while building refpolicy.
http://oss.tresys.com/pipermail/refpolicy/2011-December/004859.html
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
@@ -17,10 +17,10 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/semanage_store.c b/src/semanage_store.c
-index 58dded6..1a94545 100644
+index 14a0957..0a9200e 100644
--- a/src/semanage_store.c
+++ b/src/semanage_store.c
-@@ -1441,7 +1441,7 @@ static int semanage_exec_prog(semanage_handle_t * sh,
+@@ -1470,7 +1470,7 @@ static int semanage_exec_prog(semanage_handle_t * sh,
if (forkval == 0) {
/* child process. file descriptors will be closed
* because they were set as close-on-exec. */
@@ -30,5 +30,5 @@ index 58dded6..1a94545 100644
}
--
-2.7.4
+2.25.1
diff --git a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
index ff5cb00..19263d8 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
@@ -1,9 +1,9 @@
-From e76867515be3bc296174aeb26c7996a0939a2a8c Mon Sep 17 00:00:00 2001
+From 5718384543ff06ad4032e90291f9e4398a2749c4 Mon Sep 17 00:00:00 2001
From: Wenzong Fan <wenzong.fan@windriver.com>
Date: Mon, 20 Jan 2014 03:53:48 -0500
Subject: [PATCH] libsemanage: allow to disable audit support
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
@@ -13,7 +13,7 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
3 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/src/Makefile b/src/Makefile
-index a0eb374..afc4437 100644
+index 71c2a1d..52f335e 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -26,6 +26,14 @@ ifeq ($(DEBUG),1)
@@ -122,5 +122,5 @@ index 69f49a3..f914492 100644
OBJECTS = $(SOURCES:.c=.o)
POLICIES = $(CILS:.cil=.policy)
--
-2.17.1
+2.25.1
diff --git a/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch b/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
index d1e5720..6e0faeb 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
@@ -1,4 +1,4 @@
-From 35196d58cd37fec89fcf95e3d43b41de7008f0be Mon Sep 17 00:00:00 2001
+From dd52bfb66d710473aeb75c5fe92d5cf0a66b637e Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe@deserted.net>
Date: Wed, 7 May 2014 11:36:27 -0400
Subject: [PATCH] libsemanage: disable expand-check on policy load
@@ -17,10 +17,10 @@ Signed-off-by: Joe MacDonald <joe@deserted.net>
1 file changed, 4 insertions(+)
diff --git a/src/semanage.conf b/src/semanage.conf
-index dc8d46b..254f156 100644
+index 98d769b..708fa8c 100644
--- a/src/semanage.conf
+++ b/src/semanage.conf
-@@ -39,3 +39,7 @@ module-store = direct
+@@ -40,3 +40,7 @@ module-store = direct
# By default, semanage will generate policies for the SELinux target.
# To build policies for Xen, uncomment the following line.
#target-platform = xen
@@ -29,5 +29,5 @@ index dc8d46b..254f156 100644
+# module. This results in a significant speed-up in policy loading.
+expand-check=0
--
-2.7.4
+2.25.1
diff --git a/recipes-security/selinux/libsemanage_3.3.bb b/recipes-security/selinux/libsemanage_3.4.bb
similarity index 91%
rename from recipes-security/selinux/libsemanage_3.3.bb
rename to recipes-security/selinux/libsemanage_3.4.bb
index b17eb68..08d2c9c 100644
--- a/recipes-security/selinux/libsemanage_3.3.bb
+++ b/recipes-security/selinux/libsemanage_3.4.bb
@@ -16,23 +16,24 @@ SRC_URI += "file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
file://libsemanage-disable-expand-check-on-policy-load.patch \
"
-DEPENDS += "libsepol libselinux bzip2 python3 bison-native flex-native swig-native"
+DEPENDS = "libsepol libselinux bison-native swig-native"
+
DEPENDS:append:class-target = " audit"
S = "${WORKDIR}/git/libsemanage"
+EXTRA_OEMAKE:class-native = "DISABLE_AUDIT=y"
+
PACKAGES =+ "${PN}-python"
# For /usr/libexec/selinux/semanage_migrate_store
-RDEPENDS:${PN}-python += "python3-core"
+RDEPENDS:${PN}-python = "python3-core"
FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \
${libexecdir}/selinux/semanage_migrate_store"
FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug/*"
FILES:${PN} += "${libexecdir}"
-EXTRA_OEMAKE:class-native += "DISABLE_AUDIT=y"
-
do_compile:append() {
oe_runmake pywrap \
PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [meta-selinux][PATCH 06/16] checkpolicy: upgrade 3.3 -> 3.4
2022-08-28 2:29 [meta-selinux][PATCH 01/16] selinux: upgrade 3.3 -> 3.4 Yi Zhao
` (3 preceding siblings ...)
2022-08-28 2:29 ` [meta-selinux][PATCH 05/16] libsemanage: " Yi Zhao
@ 2022-08-28 2:29 ` Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 07/16] secilc: " Yi Zhao
` (9 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Yi Zhao @ 2022-08-28 2:29 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
.../selinux/{checkpolicy_3.3.bb => checkpolicy_3.4.bb} | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
rename recipes-security/selinux/{checkpolicy_3.3.bb => checkpolicy_3.4.bb} (84%)
diff --git a/recipes-security/selinux/checkpolicy_3.3.bb b/recipes-security/selinux/checkpolicy_3.4.bb
similarity index 84%
rename from recipes-security/selinux/checkpolicy_3.3.bb
rename to recipes-security/selinux/checkpolicy_3.4.bb
index ad90cc2..3df1bbb 100644
--- a/recipes-security/selinux/checkpolicy_3.3.bb
+++ b/recipes-security/selinux/checkpolicy_3.4.bb
@@ -11,10 +11,7 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
require selinux_common.inc
-DEPENDS += "libsepol bison-native flex-native"
-
-EXTRA_OEMAKE += "LEX='flex'"
-EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
+DEPENDS = "libsepol bison-native"
S = "${WORKDIR}/git/checkpolicy"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [meta-selinux][PATCH 07/16] secilc: upgrade 3.3 -> 3.4
2022-08-28 2:29 [meta-selinux][PATCH 01/16] selinux: upgrade 3.3 -> 3.4 Yi Zhao
` (4 preceding siblings ...)
2022-08-28 2:29 ` [meta-selinux][PATCH 06/16] checkpolicy: " Yi Zhao
@ 2022-08-28 2:29 ` Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 08/16] policycoreutils: " Yi Zhao
` (8 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Yi Zhao @ 2022-08-28 2:29 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Use precise license BSD-2-Clause instead of license BSD.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/selinux/{secilc_3.3.bb => secilc_3.4.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename recipes-security/selinux/{secilc_3.3.bb => secilc_3.4.bb} (85%)
diff --git a/recipes-security/selinux/secilc_3.3.bb b/recipes-security/selinux/secilc_3.4.bb
similarity index 85%
rename from recipes-security/selinux/secilc_3.3.bb
rename to recipes-security/selinux/secilc_3.4.bb
index 60ab2fe..e30cd3a 100644
--- a/recipes-security/selinux/secilc_3.3.bb
+++ b/recipes-security/selinux/secilc_3.4.bb
@@ -3,12 +3,12 @@ DESCRIPTION = "\
This package contains secilc, the SELinux Common Intermediate \
Language (CIL) compiler."
SECTION = "base"
-LICENSE = "BSD"
+LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=c7e802b9a3b0c2c852669864c08b9138"
require selinux_common.inc
-DEPENDS += "libsepol xmlto-native"
+DEPENDS = "libsepol xmlto-native"
S = "${WORKDIR}/git/secilc"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [meta-selinux][PATCH 08/16] policycoreutils: upgrade 3.3 -> 3.4
2022-08-28 2:29 [meta-selinux][PATCH 01/16] selinux: upgrade 3.3 -> 3.4 Yi Zhao
` (5 preceding siblings ...)
2022-08-28 2:29 ` [meta-selinux][PATCH 07/16] secilc: " Yi Zhao
@ 2022-08-28 2:29 ` Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 09/16] mcstrans: " Yi Zhao
` (7 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Yi Zhao @ 2022-08-28 2:29 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Refresh patch.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
.../policycoreutils-fixfiles-de-bashify.patch | 14 ++--
...oreutils_3.3.bb => policycoreutils_3.4.bb} | 72 +++++++++----------
2 files changed, 43 insertions(+), 43 deletions(-)
rename recipes-security/selinux/{policycoreutils_3.3.bb => policycoreutils_3.4.bb} (78%)
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
index 70cdd4f..0e80959 100644
--- a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
+++ b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
@@ -1,4 +1,4 @@
-From 25ca94680f2fe20f49b80e8b5b180a0dbb903f17 Mon Sep 17 00:00:00 2001
+From cdc8f6e887d9ab8944e3ae89dd18bf55edf080c4 Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe_macdonald@mentor.com>
Date: Fri, 20 Feb 2015 17:00:19 -0500
Subject: [PATCH] fixfiles: de-bashify
@@ -10,7 +10,7 @@ necessarily the best option here. Introducing a second invocation of rpm
is minimal overhead on an operation that should happen very infrequently,
so we'll try that instead.
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
@@ -19,7 +19,7 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/scripts/fixfiles b/scripts/fixfiles
-index 1aa330f..a10837d 100755
+index c72ca0e..143cc2e 100755
--- a/scripts/fixfiles
+++ b/scripts/fixfiles
@@ -1,4 +1,4 @@
@@ -51,7 +51,7 @@ index 1aa330f..a10837d 100755
exclude_from_relabelling="$exclude_from_relabelling -e $i"
done < /etc/selinux/fixfiles_exclude_dirs
fi
-@@ -138,7 +139,7 @@ fi
+@@ -140,7 +141,7 @@ fi
# Log directories excluded from relabelling by configuration file
#
LogExcluded() {
@@ -60,7 +60,7 @@ index 1aa330f..a10837d 100755
echo "skipping the directory $i"
done
}
-@@ -201,8 +202,12 @@ fi
+@@ -203,8 +204,12 @@ fi
}
rpmlist() {
@@ -75,7 +75,7 @@ index 1aa330f..a10837d 100755
}
#
-@@ -276,7 +281,7 @@ relabel() {
+@@ -295,7 +300,7 @@ relabel() {
exit 1
fi
@@ -85,5 +85,5 @@ index 1aa330f..a10837d 100755
return
fi
--
-2.13.0
+2.25.1
diff --git a/recipes-security/selinux/policycoreutils_3.3.bb b/recipes-security/selinux/policycoreutils_3.4.bb
similarity index 78%
rename from recipes-security/selinux/policycoreutils_3.3.bb
rename to recipes-security/selinux/policycoreutils_3.4.bb
index 552d354..ab871a3 100644
--- a/recipes-security/selinux/policycoreutils_3.3.bb
+++ b/recipes-security/selinux/policycoreutils_3.4.bb
@@ -18,48 +18,47 @@ PAM_SRC_URI = "file://pam.d/newrole \
file://pam.d/run_init \
"
-DEPENDS += "libsepol libselinux libsemanage libcap gettext-native"
-EXTRA_DEPENDS = "libcap-ng libcgroup"
-DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"
+DEPENDS = "libsepol libselinux libsemanage gettext-native"
+DEPENDS:append:class-target = " libcap-ng"
S = "${WORKDIR}/git/policycoreutils"
inherit selinux python3native
-RDEPENDS:${BPN}-fixfiles += "\
- ${BPN}-setfiles \
+RDEPENDS:${PN}-fixfiles = "\
+ ${PN}-setfiles \
grep \
findutils \
"
-RDEPENDS:${BPN}-genhomedircon += "\
- ${BPN}-semodule \
+RDEPENDS:${PN}-genhomedircon = "\
+ ${PN}-semodule \
"
-RDEPENDS:${BPN}-loadpolicy += "\
+RDEPENDS:${PN}-loadpolicy = "\
libselinux \
libsepol \
"
-RDEPENDS:${BPN}-newrole += "\
+RDEPENDS:${PN}-newrole = "\
libcap-ng \
libselinux \
"
-RDEPENDS:${BPN}-runinit += "libselinux"
-RDEPENDS:${BPN}-secon += "libselinux"
-RDEPENDS:${BPN}-semodule += "\
+RDEPENDS:${PN}-runinit = "libselinux"
+RDEPENDS:${PN}-secon = "libselinux"
+RDEPENDS:${PN}-semodule = "\
libsepol \
libselinux \
libsemanage \
"
-RDEPENDS:${BPN}-sestatus += "libselinux"
-RDEPENDS:${BPN}-setfiles += "\
+RDEPENDS:${PN}-sestatus = "libselinux"
+RDEPENDS:${PN}-setfiles = "\
libselinux \
libsepol \
"
-RDEPENDS:${BPN}-setsebool += "\
+RDEPENDS:${PN}-setsebool = "\
libsepol \
libselinux \
libsemanage \
"
-RDEPENDS:${BPN} += "selinux-python"
+RDEPENDS:${PN}:class-target = "selinux-python"
PACKAGES =+ "\
${PN}-fixfiles \
@@ -74,34 +73,34 @@ PACKAGES =+ "\
${PN}-setfiles \
${PN}-setsebool \
"
-FILES:${PN}-fixfiles += "${base_sbindir}/fixfiles"
-FILES:${PN}-genhomedircon += "${base_sbindir}/genhomedircon"
-FILES:${PN}-loadpolicy += "\
+FILES:${PN}-fixfiles = "${base_sbindir}/fixfiles"
+FILES:${PN}-genhomedircon = "${base_sbindir}/genhomedircon"
+FILES:${PN}-loadpolicy = "\
${base_sbindir}/load_policy \
"
-FILES:${PN}-newrole += "\
+FILES:${PN}-newrole = "\
${bindir}/newrole \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/newrole', '', d)} \
"
-FILES:${PN}-runinit += "\
+FILES:${PN}-runinit = "\
${base_sbindir}/run_init \
${base_sbindir}/open_init_pty \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/run_init', '', d)} \
"
FILES:${PN}-dbg += "${prefix}/libexec/selinux/hll/.debug"
-FILES:${PN}-secon += "${bindir}/secon"
-FILES:${PN}-semodule += "${base_sbindir}/semodule"
-FILES:${PN}-hll += "${prefix}/libexec/selinux/hll/*"
-FILES:${PN}-sestatus += "\
+FILES:${PN}-secon = "${bindir}/secon"
+FILES:${PN}-semodule = "${base_sbindir}/semodule"
+FILES:${PN}-hll = "${prefix}/libexec/selinux/hll/*"
+FILES:${PN}-sestatus = "\
${base_sbindir}/sestatus \
${sysconfdir}/sestatus.conf \
"
-FILES:${PN}-setfiles += "\
+FILES:${PN}-setfiles = "\
${base_sbindir}/restorecon \
${base_sbindir}/restorecon_xattr \
${base_sbindir}/setfiles \
"
-FILES:${PN}-setsebool += "\
+FILES:${PN}-setsebool = "\
${base_sbindir}/setsebool \
${datadir}/bash-completion/completions/setsebool \
"
@@ -115,11 +114,12 @@ PACKAGECONFIG:class-target ?= "\
${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)} \
audit \
"
+PACKAGECONFIG:class-native ?= ""
PACKAGECONFIG[libpam] = ",,libpam,"
PACKAGECONFIG[audit] = ",,audit,"
-EXTRA_OEMAKE += "\
+EXTRA_OEMAKE = "\
${@bb.utils.contains('PACKAGECONFIG', 'libpam', 'PAMH=y', 'PAMH=', d)} \
${@bb.utils.contains('PACKAGECONFIG', 'audit', 'AUDITH=y', 'AUDITH=', d)} \
INOTIFYH=n \
@@ -131,6 +131,14 @@ BBCLASSEXTEND = "native"
PCU_NATIVE_CMDS = "setfiles semodule hll"
+do_compile:prepend() {
+ export PYTHON=python3
+ export PYLIBVER='python${PYTHON_BASEVERSION}'
+ export PYTHON_CPPFLAGS="-I${STAGING_INCDIR}/${PYLIBVER}"
+ export PYTHON_LDFLAGS="${STAGING_LIBDIR}/lib${PYLIBVER}.so"
+ export PYTHON_SITE_PKG="${libdir}/${PYLIBVER}/site-packages"
+}
+
do_compile:class-native() {
for PCU_CMD in ${PCU_NATIVE_CMDS} ; do
oe_runmake -C $PCU_CMD \
@@ -143,14 +151,6 @@ sysroot_stage_dirs:append:class-native() {
cp -R $from/${prefix}/libexec $to/${prefix}/libexec
}
-do_compile:prepend() {
- export PYTHON=python3
- export PYLIBVER='python${PYTHON_BASEVERSION}'
- export PYTHON_CPPFLAGS="-I${STAGING_INCDIR}/${PYLIBVER}"
- export PYTHON_LDFLAGS="${STAGING_LIBDIR}/lib${PYLIBVER}.so"
- export PYTHON_SITE_PKG="${libdir}/${PYLIBVER}/site-packages"
-}
-
do_install:prepend() {
export PYTHON=python3
export SBINDIR="${D}/${base_sbindir}"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [meta-selinux][PATCH 09/16] mcstrans: upgrade 3.3 -> 3.4
2022-08-28 2:29 [meta-selinux][PATCH 01/16] selinux: upgrade 3.3 -> 3.4 Yi Zhao
` (6 preceding siblings ...)
2022-08-28 2:29 ` [meta-selinux][PATCH 08/16] policycoreutils: " Yi Zhao
@ 2022-08-28 2:29 ` Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 10/16] restorecond: " Yi Zhao
` (6 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Yi Zhao @ 2022-08-28 2:29 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Refresh patches.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
.../selinux/mcstrans/mcstrans-de-bashify.patch | 6 +++---
.../mcstrans/mcstrans-fix-the-init-script.patch | 4 ++--
.../selinux/{mcstrans_3.3.bb => mcstrans_3.4.bb} | 12 ++++++------
3 files changed, 11 insertions(+), 11 deletions(-)
rename recipes-security/selinux/{mcstrans_3.3.bb => mcstrans_3.4.bb} (87%)
diff --git a/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch b/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
index 27fd677..74ae879 100644
--- a/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
+++ b/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
@@ -1,4 +1,4 @@
-From 544b3c078374e5001e7fdc1b7d0b2eafda36f8fe Mon Sep 17 00:00:00 2001
+From 580a625e9e1266d92c248a5e3f471d12d42c149b Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe_macdonald@mentor.com>
Date: Fri, 7 Aug 2015 15:16:45 -0400
Subject: [PATCH] mcstrans: remove dependency on bash in initscript
@@ -8,7 +8,7 @@ dependency on bash.
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
@@ -27,5 +27,5 @@ index 2804ec0..8b4737d 100644
# mcstransd This starts and stops mcstransd
#
--
-2.7.4
+2.25.1
diff --git a/recipes-security/selinux/mcstrans/mcstrans-fix-the-init-script.patch b/recipes-security/selinux/mcstrans/mcstrans-fix-the-init-script.patch
index 79be090..a560722 100644
--- a/recipes-security/selinux/mcstrans/mcstrans-fix-the-init-script.patch
+++ b/recipes-security/selinux/mcstrans/mcstrans-fix-the-init-script.patch
@@ -1,4 +1,4 @@
-From 4d918a9679d2902ca2d41fe769a4d76f07a67b5f Mon Sep 17 00:00:00 2001
+From 123d5b6413905bfad535a072ff0ab5a495cb2a2a Mon Sep 17 00:00:00 2001
From: Roy Li <rongqing.li@windriver.com>
Date: Wed, 6 Nov 2019 22:13:33 +0800
Subject: [PATCH] mcstrans: fix the init script
@@ -28,5 +28,5 @@ index 8b4737d..86c89ea 100644
echo
if test $RETVAL = 0 ; then
--
-2.7.4
+2.25.1
diff --git a/recipes-security/selinux/mcstrans_3.3.bb b/recipes-security/selinux/mcstrans_3.4.bb
similarity index 87%
rename from recipes-security/selinux/mcstrans_3.3.bb
rename to recipes-security/selinux/mcstrans_3.4.bb
index cd8780b..b5d6b54 100644
--- a/recipes-security/selinux/mcstrans_3.3.bb
+++ b/recipes-security/selinux/mcstrans_3.4.bb
@@ -9,18 +9,18 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
require selinux_common.inc
-inherit systemd update-rc.d
+inherit pkgconfig systemd update-rc.d
SRC_URI += "file://mcstrans-de-bashify.patch \
file://mcstrans-fix-the-init-script.patch \
"
-DEPENDS += "libsepol libselinux libcap"
+DEPENDS = "libsepol libselinux libcap"
-EXTRA_OEMAKE += "SBINDIR=${base_sbindir} \
- INITDIR=${sysconfdir}/init.d \
- SYSTEMDDIR=${systemd_unitdir} \
- "
+EXTRA_OEMAKE = "SBINDIR=${base_sbindir} \
+ INITDIR=${sysconfdir}/init.d \
+ SYSTEMDDIR=${systemd_unitdir} \
+ "
S = "${WORKDIR}/git/mcstrans"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [meta-selinux][PATCH 10/16] restorecond: upgrade 3.3 -> 3.4
2022-08-28 2:29 [meta-selinux][PATCH 01/16] selinux: upgrade 3.3 -> 3.4 Yi Zhao
` (7 preceding siblings ...)
2022-08-28 2:29 ` [meta-selinux][PATCH 09/16] mcstrans: " Yi Zhao
@ 2022-08-28 2:29 ` Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 11/16] selinux-python: " Yi Zhao
` (5 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Yi Zhao @ 2022-08-28 2:29 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
.../selinux/{restorecond_3.3.bb => restorecond_3.4.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename recipes-security/selinux/{restorecond_3.3.bb => restorecond_3.4.bb} (86%)
diff --git a/recipes-security/selinux/restorecond_3.3.bb b/recipes-security/selinux/restorecond_3.4.bb
similarity index 86%
rename from recipes-security/selinux/restorecond_3.3.bb
rename to recipes-security/selinux/restorecond_3.4.bb
index ee1cb44..5b690d8 100644
--- a/recipes-security/selinux/restorecond_3.3.bb
+++ b/recipes-security/selinux/restorecond_3.4.bb
@@ -10,11 +10,11 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
require selinux_common.inc
-inherit systemd update-rc.d
+inherit pkgconfig systemd update-rc.d
-DEPENDS += "libsepol libselinux libpcre dbus-glib glib-2.0 pkgconfig-native"
+DEPENDS = "libsepol libselinux glib-2.0"
-EXTRA_OEMAKE += "SYSTEMDSYSTEMUNITDIR=${systemd_system_unitdir} \
+EXTRA_OEMAKE = "SYSTEMDSYSTEMUNITDIR=${systemd_system_unitdir} \
SYSTEMDUSERUNITDIR=${systemd_user_unitdir} \
"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [meta-selinux][PATCH 11/16] selinux-python: upgrade 3.3 -> 3.4
2022-08-28 2:29 [meta-selinux][PATCH 01/16] selinux: upgrade 3.3 -> 3.4 Yi Zhao
` (8 preceding siblings ...)
2022-08-28 2:29 ` [meta-selinux][PATCH 10/16] restorecond: " Yi Zhao
@ 2022-08-28 2:29 ` Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 12/16] selinux-dbus: " Yi Zhao
` (4 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Yi Zhao @ 2022-08-28 2:29 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
* Backport a patch to fix chcat runtime error.
* Refresh patch.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...andle-unsupported-languages-properly.patch | 173 ++++++++++++++++++
.../fix-sepolicy-install-path.patch | 4 +-
...ux-python_3.3.bb => selinux-python_3.4.bb} | 51 +++---
3 files changed, 201 insertions(+), 27 deletions(-)
create mode 100644 recipes-security/selinux/selinux-python/0001-gettext-handle-unsupported-languages-properly.patch
rename recipes-security/selinux/{selinux-python_3.3.bb => selinux-python_3.4.bb} (82%)
diff --git a/recipes-security/selinux/selinux-python/0001-gettext-handle-unsupported-languages-properly.patch b/recipes-security/selinux/selinux-python/0001-gettext-handle-unsupported-languages-properly.patch
new file mode 100644
index 0000000..b83300d
--- /dev/null
+++ b/recipes-security/selinux/selinux-python/0001-gettext-handle-unsupported-languages-properly.patch
@@ -0,0 +1,173 @@
+From 4693794ff8c52f87a4abdb68fe9dae6618023c03 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Fri, 24 Jun 2022 16:24:25 +0200
+Subject: [PATCH] gettext: handle unsupported languages properly
+
+With "fallback=True" gettext.translation behaves the same as
+gettext.install and uses NullTranslations in case the
+translation file for given language was not found (as opposed to
+throwing an exception).
+
+Fixes:
+ # LANG is set to any "unsupported" language, e.g. en_US.UTF-8
+ $ chcat --help
+ Traceback (most recent call last):
+ File "/usr/bin/chcat", line 39, in <module>
+ t = gettext.translation(PROGNAME,
+ File "/usr/lib64/python3.9/gettext.py", line 592, in translation
+ raise FileNotFoundError(ENOENT,
+ FileNotFoundError: [Errno 2] No translation file found for domain: 'selinux-python'
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+Reviewed-by: Daniel Burgener <dburgener@linux.microsoft.com>
+Acked-by: Petr Lautrbach <plautrba@redhat.com>
+
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/selinux/commit/344463076b2a91e1d2c7f5cc3835dc1a53a05e88]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ chcat/chcat | 5 +++--
+ semanage/semanage | 3 ++-
+ semanage/seobject.py | 3 ++-
+ sepolgen/src/sepolgen/sepolgeni18n.py | 4 +++-
+ sepolicy/sepolicy.py | 3 ++-
+ sepolicy/sepolicy/__init__.py | 3 ++-
+ sepolicy/sepolicy/generate.py | 3 ++-
+ sepolicy/sepolicy/gui.py | 3 ++-
+ sepolicy/sepolicy/interface.py | 3 ++-
+ 9 files changed, 20 insertions(+), 10 deletions(-)
+
+diff --git a/chcat/chcat b/chcat/chcat
+index e779fcc..952cb81 100755
+--- a/chcat/chcat
++++ b/chcat/chcat
+@@ -38,9 +38,10 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+-except ImportError:
++except:
+ try:
+ import builtins
+ builtins.__dict__['_'] = str
+diff --git a/semanage/semanage b/semanage/semanage
+index 8f4e44a..f45061a 100644
+--- a/semanage/semanage
++++ b/semanage/semanage
+@@ -38,7 +38,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/semanage/seobject.py b/semanage/seobject.py
+index ff8f4e9..0782c08 100644
+--- a/semanage/seobject.py
++++ b/semanage/seobject.py
+@@ -42,7 +42,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/sepolgen/src/sepolgen/sepolgeni18n.py b/sepolgen/src/sepolgen/sepolgeni18n.py
+index 56ebd80..1ff307d 100644
+--- a/sepolgen/src/sepolgen/sepolgeni18n.py
++++ b/sepolgen/src/sepolgen/sepolgeni18n.py
+@@ -19,7 +19,9 @@
+
+ try:
+ import gettext
+- t = gettext.translation( 'selinux-python' )
++ t = gettext.translation("selinux-python",
++ localedir="/usr/share/locale",
++ fallback=True)
+ _ = t.gettext
+ except:
+ def _(str):
+diff --git a/sepolicy/sepolicy.py b/sepolicy/sepolicy.py
+index 7ebe0ef..c7a70e0 100755
+--- a/sepolicy/sepolicy.py
++++ b/sepolicy/sepolicy.py
+@@ -36,7 +36,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/sepolicy/sepolicy/__init__.py b/sepolicy/sepolicy/__init__.py
+index 7208234..9c3caa0 100644
+--- a/sepolicy/sepolicy/__init__.py
++++ b/sepolicy/sepolicy/__init__.py
+@@ -31,7 +31,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/sepolicy/sepolicy/generate.py b/sepolicy/sepolicy/generate.py
+index 67189fc..3717d5d 100644
+--- a/sepolicy/sepolicy/generate.py
++++ b/sepolicy/sepolicy/generate.py
+@@ -56,7 +56,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/sepolicy/sepolicy/gui.py b/sepolicy/sepolicy/gui.py
+index b026374..5bdbfeb 100644
+--- a/sepolicy/sepolicy/gui.py
++++ b/sepolicy/sepolicy/gui.py
+@@ -49,7 +49,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/sepolicy/sepolicy/interface.py b/sepolicy/sepolicy/interface.py
+index 599f97f..43f8644 100644
+--- a/sepolicy/sepolicy/interface.py
++++ b/sepolicy/sepolicy/interface.py
+@@ -38,7 +38,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+--
+2.25.1
+
diff --git a/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch b/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch
index 4e91df7..bd14450 100644
--- a/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch
+++ b/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch
@@ -1,4 +1,4 @@
-From df40fadfb251cc2aebdbd2e216f99a8ae7da7763 Mon Sep 17 00:00:00 2001
+From d43220e336edf8ccaaa7bd3eb9c13874ed34d468 Mon Sep 17 00:00:00 2001
From: Xin Ouyang <Xin.Ouyang@windriver.com>
Date: Mon, 23 Sep 2013 21:17:59 +0800
Subject: [PATCH] sepolicy: fix install path for new pymodule sepolicy
@@ -26,5 +26,5 @@ index 3361be4..5842321 100644
install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy
(cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen)
--
-2.17.1
+2.25.1
diff --git a/recipes-security/selinux/selinux-python_3.3.bb b/recipes-security/selinux/selinux-python_3.4.bb
similarity index 82%
rename from recipes-security/selinux/selinux-python_3.3.bb
rename to recipes-security/selinux/selinux-python_3.4.bb
index 8f76718..cc279f2 100644
--- a/recipes-security/selinux/selinux-python_3.3.bb
+++ b/recipes-security/selinux/selinux-python_3.4.bb
@@ -10,40 +10,41 @@ require selinux_common.inc
inherit python3native
-SRC_URI += "file://fix-sepolicy-install-path.patch"
+SRC_URI += "file://fix-sepolicy-install-path.patch \
+ file://0001-gettext-handle-unsupported-languages-properly.patch \
+ "
S = "${WORKDIR}/git/python"
-EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
+DEPENDS = "libsepol libselinux gettext-native"
-DEPENDS += "python3 libsepol libselinux"
-RDEPENDS:${BPN}-audit2allow += "\
- python3-core \
- libselinux-python \
- ${BPN}-sepolgen \
-"
-RDEPENDS:${BPN}-chcat += "\
+RDEPENDS:${PN} = "\
python3-core \
python3-codecs \
- python3-shell \
+ python3-io \
+ python3-ipy \
python3-stringold \
+ python3-syslog \
python3-unixadmin \
libselinux-python \
- ${BPN} \
+ libsemanage-python \
+ setools \
"
-RDEPENDS:${BPN} += "\
+RDEPENDS:${PN}-audit2allow = "\
+ python3-core \
+ libselinux-python \
+ ${PN}-sepolgen \
+"
+RDEPENDS:${PN}-chcat = "\
python3-core \
python3-codecs \
- python3-io \
- python3-ipy \
+ python3-shell \
python3-stringold \
- python3-syslog \
python3-unixadmin \
libselinux-python \
- libsemanage-python \
- setools \
+ ${PN} \
"
-RDEPENDS:${BPN}-semanage += "\
+RDEPENDS:${PN}-semanage = "\
python3-core \
python3-ipy \
python3-compression \
@@ -51,16 +52,16 @@ RDEPENDS:${BPN}-semanage += "\
python3-misc \
libselinux-python \
audit-python \
- ${BPN} \
+ ${PN} \
"
-RDEPENDS:${BPN}-sepolicy += "\
+RDEPENDS:${PN}-sepolicy = "\
python3-core \
python3-codecs \
python3-syslog \
python3-multiprocessing \
- ${BPN} \
+ ${PN} \
"
-RDEPENDS:${BPN}-sepolgen-ifgen += "\
+RDEPENDS:${PN}-sepolgen-ifgen = "\
python3-core \
libselinux-python \
"
@@ -85,16 +86,16 @@ FILES:${PN}-semanage = "\
${datadir}/bash-completion/completions/semanage \
"
# The ${bindir}/sepolgen is a symlink to ${bindir}/sepolicy
-FILES:${PN}-sepolicy += "\
+FILES:${PN}-sepolicy = "\
${bindir}/sepolgen \
${bindir}/sepolicy \
${datadir}/bash-completion/completions/sepolicy \
"
-FILES:${PN}-sepolgen-ifgen += "\
+FILES:${PN}-sepolgen-ifgen = "\
${bindir}/sepolgen-ifgen \
${bindir}/sepolgen-ifgen-attr-helper \
"
-FILES:${PN}-sepolgen += "\
+FILES:${PN}-sepolgen = "\
${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolgen* \
${localstatedir}/lib/sepolgen/perm_map \
"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [meta-selinux][PATCH 12/16] selinux-dbus: upgrade 3.3 -> 3.4
2022-08-28 2:29 [meta-selinux][PATCH 01/16] selinux: upgrade 3.3 -> 3.4 Yi Zhao
` (9 preceding siblings ...)
2022-08-28 2:29 ` [meta-selinux][PATCH 11/16] selinux-python: " Yi Zhao
@ 2022-08-28 2:29 ` Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 13/16] selinux-gui: " Yi Zhao
` (3 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Yi Zhao @ 2022-08-28 2:29 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
.../selinux/{selinux-dbus_3.3.bb => selinux-dbus_3.4.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-security/selinux/{selinux-dbus_3.3.bb => selinux-dbus_3.4.bb} (89%)
diff --git a/recipes-security/selinux/selinux-dbus_3.3.bb b/recipes-security/selinux/selinux-dbus_3.4.bb
similarity index 89%
rename from recipes-security/selinux/selinux-dbus_3.3.bb
rename to recipes-security/selinux/selinux-dbus_3.4.bb
index 936baed..1619829 100644
--- a/recipes-security/selinux/selinux-dbus_3.3.bb
+++ b/recipes-security/selinux/selinux-dbus_3.4.bb
@@ -9,7 +9,7 @@ require selinux_common.inc
S = "${WORKDIR}/git/dbus"
-RDEPENDS:${PN} += "python3-core selinux-python-sepolicy"
+RDEPENDS:${PN} = "python3-core selinux-python-sepolicy"
FILES:${PN} += "\
${datadir}/system-config-selinux/selinux_server.py \
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [meta-selinux][PATCH 13/16] selinux-gui: upgrade 3.3 -> 3.4
2022-08-28 2:29 [meta-selinux][PATCH 01/16] selinux: upgrade 3.3 -> 3.4 Yi Zhao
` (10 preceding siblings ...)
2022-08-28 2:29 ` [meta-selinux][PATCH 12/16] selinux-dbus: " Yi Zhao
@ 2022-08-28 2:29 ` Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 14/16] selinux-sandbox: " Yi Zhao
` (2 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Yi Zhao @ 2022-08-28 2:29 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Backport a patch to fix chcat runtime error.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...andle-unsupported-languages-properly.patch | 199 ++++++++++++++++++
...{selinux-gui_3.3.bb => selinux-gui_3.4.bb} | 5 +-
2 files changed, 203 insertions(+), 1 deletion(-)
create mode 100644 recipes-security/selinux/selinux-gui/0001-gettext-handle-unsupported-languages-properly.patch
rename recipes-security/selinux/{selinux-gui_3.3.bb => selinux-gui_3.4.bb} (78%)
diff --git a/recipes-security/selinux/selinux-gui/0001-gettext-handle-unsupported-languages-properly.patch b/recipes-security/selinux/selinux-gui/0001-gettext-handle-unsupported-languages-properly.patch
new file mode 100644
index 0000000..d79db22
--- /dev/null
+++ b/recipes-security/selinux/selinux-gui/0001-gettext-handle-unsupported-languages-properly.patch
@@ -0,0 +1,199 @@
+From a0a67119412622141a7f8365eff10de6395be7ca Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Fri, 24 Jun 2022 16:24:25 +0200
+Subject: [PATCH] gettext: handle unsupported languages properly
+
+With "fallback=True" gettext.translation behaves the same as
+gettext.install and uses NullTranslations in case the
+translation file for given language was not found (as opposed to
+throwing an exception).
+
+Fixes:
+ # LANG is set to any "unsupported" language, e.g. en_US.UTF-8
+ $ chcat --help
+ Traceback (most recent call last):
+ File "/usr/bin/chcat", line 39, in <module>
+ t = gettext.translation(PROGNAME,
+ File "/usr/lib64/python3.9/gettext.py", line 592, in translation
+ raise FileNotFoundError(ENOENT,
+ FileNotFoundError: [Errno 2] No translation file found for domain: 'selinux-python'
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+Reviewed-by: Daniel Burgener <dburgener@linux.microsoft.com>
+Acked-by: Petr Lautrbach <plautrba@redhat.com>
+
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/selinux/commit/344463076b2a91e1d2c7f5cc3835dc1a53a05e88]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ booleansPage.py | 3 ++-
+ domainsPage.py | 3 ++-
+ fcontextPage.py | 3 ++-
+ loginsPage.py | 3 ++-
+ modulesPage.py | 3 ++-
+ polgengui.py | 3 ++-
+ portsPage.py | 3 ++-
+ semanagePage.py | 3 ++-
+ statusPage.py | 3 ++-
+ system-config-selinux.py | 3 ++-
+ usersPage.py | 3 ++-
+ 11 files changed, 22 insertions(+), 11 deletions(-)
+
+diff --git a/booleansPage.py b/booleansPage.py
+index 5beec58..ad11a9b 100644
+--- a/booleansPage.py
++++ b/booleansPage.py
+@@ -46,7 +46,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/domainsPage.py b/domainsPage.py
+index e08f34b..e6eadd6 100644
+--- a/domainsPage.py
++++ b/domainsPage.py
+@@ -38,7 +38,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/fcontextPage.py b/fcontextPage.py
+index bac2bec..767664f 100644
+--- a/fcontextPage.py
++++ b/fcontextPage.py
+@@ -55,7 +55,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/loginsPage.py b/loginsPage.py
+index 18b93d8..7e08232 100644
+--- a/loginsPage.py
++++ b/loginsPage.py
+@@ -37,7 +37,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/modulesPage.py b/modulesPage.py
+index c546d45..02b79f1 100644
+--- a/modulesPage.py
++++ b/modulesPage.py
+@@ -38,7 +38,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/polgengui.py b/polgengui.py
+index a18f1cb..7a3ecd5 100644
+--- a/polgengui.py
++++ b/polgengui.py
+@@ -71,7 +71,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/portsPage.py b/portsPage.py
+index 54aa80d..bee2bdf 100644
+--- a/portsPage.py
++++ b/portsPage.py
+@@ -43,7 +43,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/semanagePage.py b/semanagePage.py
+index 1371d4e..efad14d 100644
+--- a/semanagePage.py
++++ b/semanagePage.py
+@@ -30,7 +30,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/statusPage.py b/statusPage.py
+index c241ef8..832849e 100644
+--- a/statusPage.py
++++ b/statusPage.py
+@@ -43,7 +43,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/system-config-selinux.py b/system-config-selinux.py
+index 1b460c9..9f53b7f 100644
+--- a/system-config-selinux.py
++++ b/system-config-selinux.py
+@@ -53,7 +53,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+diff --git a/usersPage.py b/usersPage.py
+index d51bd96..9acd3b8 100644
+--- a/usersPage.py
++++ b/usersPage.py
+@@ -37,7 +37,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+--
+2.25.1
+
diff --git a/recipes-security/selinux/selinux-gui_3.3.bb b/recipes-security/selinux/selinux-gui_3.4.bb
similarity index 78%
rename from recipes-security/selinux/selinux-gui_3.3.bb
rename to recipes-security/selinux/selinux-gui_3.4.bb
index 9916afb..fa80860 100644
--- a/recipes-security/selinux/selinux-gui_3.3.bb
+++ b/recipes-security/selinux/selinux-gui_3.4.bb
@@ -8,9 +8,12 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
require selinux_common.inc
+SRC_URI += "file://0001-gettext-handle-unsupported-languages-properly.patch"
+
S = "${WORKDIR}/git/gui"
-RDEPENDS:${PN} += "python3-core"
+DEPENDS = "gettext-native"
+RDEPENDS:${PN} = "python3-core"
FILES:${PN} += " \
${datadir}/system-config-selinux/* \
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [meta-selinux][PATCH 14/16] selinux-sandbox: upgrade 3.3 -> 3.4
2022-08-28 2:29 [meta-selinux][PATCH 01/16] selinux: upgrade 3.3 -> 3.4 Yi Zhao
` (11 preceding siblings ...)
2022-08-28 2:29 ` [meta-selinux][PATCH 13/16] selinux-gui: " Yi Zhao
@ 2022-08-28 2:29 ` Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 15/16] semodule-utils: " Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 16/16] setools: fix buildpaths issue Yi Zhao
14 siblings, 0 replies; 16+ messages in thread
From: Yi Zhao @ 2022-08-28 2:29 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
* Backport a patch to fix chcat runtime error.
* Refresh patch.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
...andle-unsupported-languages-properly.patch | 49 +++++++++++++++++++
.../selinux-sandbox/sandbox-de-bashify.patch | 6 +--
...-sandbox_3.3.bb => selinux-sandbox_3.4.bb} | 8 +--
3 files changed, 57 insertions(+), 6 deletions(-)
create mode 100644 recipes-security/selinux/selinux-sandbox/0001-gettext-handle-unsupported-languages-properly.patch
rename recipes-security/selinux/{selinux-sandbox_3.3.bb => selinux-sandbox_3.4.bb} (77%)
diff --git a/recipes-security/selinux/selinux-sandbox/0001-gettext-handle-unsupported-languages-properly.patch b/recipes-security/selinux/selinux-sandbox/0001-gettext-handle-unsupported-languages-properly.patch
new file mode 100644
index 0000000..f1d8235
--- /dev/null
+++ b/recipes-security/selinux/selinux-sandbox/0001-gettext-handle-unsupported-languages-properly.patch
@@ -0,0 +1,49 @@
+From 70602601ac1cfc4399430ef8609b96fc224d1e25 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Fri, 24 Jun 2022 16:24:25 +0200
+Subject: [PATCH] gettext: handle unsupported languages properly
+
+With "fallback=True" gettext.translation behaves the same as
+gettext.install and uses NullTranslations in case the
+translation file for given language was not found (as opposed to
+throwing an exception).
+
+Fixes:
+ # LANG is set to any "unsupported" language, e.g. en_US.UTF-8
+ $ chcat --help
+ Traceback (most recent call last):
+ File "/usr/bin/chcat", line 39, in <module>
+ t = gettext.translation(PROGNAME,
+ File "/usr/lib64/python3.9/gettext.py", line 592, in translation
+ raise FileNotFoundError(ENOENT,
+ FileNotFoundError: [Errno 2] No translation file found for domain: 'selinux-python'
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+Reviewed-by: Daniel Burgener <dburgener@linux.microsoft.com>
+Acked-by: Petr Lautrbach <plautrba@redhat.com>
+
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/selinux/commit/344463076b2a91e1d2c7f5cc3835dc1a53a05e88]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ sandbox | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/sandbox b/sandbox
+index cd5709f..789621e 100644
+--- a/sandbox
++++ b/sandbox
+@@ -45,7 +45,8 @@ try:
+ kwargs['unicode'] = True
+ t = gettext.translation(PROGNAME,
+ localedir="/usr/share/locale",
+- **kwargs)
++ **kwargs,
++ fallback=True)
+ _ = t.gettext
+ except:
+ try:
+--
+2.25.1
+
diff --git a/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch b/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
index e9622f0..6258b7c 100644
--- a/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
+++ b/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
@@ -1,4 +1,4 @@
-From b92c39f0be5552c19923f75aef4487348a08b7dc Mon Sep 17 00:00:00 2001
+From d592d59eb4e7dbf8ce6dc84b3f4c0026fd7cc60c Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe_macdonald@mentor.com>
Date: Fri, 20 Feb 2015 21:07:47 -0500
Subject: [PATCH] sandbox: de-bashify
@@ -6,7 +6,7 @@ Subject: [PATCH] sandbox: de-bashify
There's no bashisms apparent in either the sandbox initscript nor the
sandboxX script, so point them at /bin/sh instead.
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
@@ -37,5 +37,5 @@ index eaa500d..8755d75 100644
context=`id -Z | secon -t -l -P`
export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
--
-2.7.4
+2.25.1
diff --git a/recipes-security/selinux/selinux-sandbox_3.3.bb b/recipes-security/selinux/selinux-sandbox_3.4.bb
similarity index 77%
rename from recipes-security/selinux/selinux-sandbox_3.3.bb
rename to recipes-security/selinux/selinux-sandbox_3.4.bb
index cc9baad..a5a8e13 100644
--- a/recipes-security/selinux/selinux-sandbox_3.3.bb
+++ b/recipes-security/selinux/selinux-sandbox_3.4.bb
@@ -9,13 +9,15 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
require selinux_common.inc
-SRC_URI += "file://sandbox-de-bashify.patch"
+SRC_URI += "file://sandbox-de-bashify.patch \
+ file://0001-gettext-handle-unsupported-languages-properly.patch \
+ "
S = "${WORKDIR}/git/sandbox"
-DEPENDS += "libcap-ng libselinux"
+DEPENDS = "libselinux libcap-ng gettext-native"
-RDEPENDS:${PN} += "\
+RDEPENDS:${PN} = "\
python3-core \
python3-math \
python3-shell \
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [meta-selinux][PATCH 15/16] semodule-utils: upgrade 3.3 -> 3.4
2022-08-28 2:29 [meta-selinux][PATCH 01/16] selinux: upgrade 3.3 -> 3.4 Yi Zhao
` (12 preceding siblings ...)
2022-08-28 2:29 ` [meta-selinux][PATCH 14/16] selinux-sandbox: " Yi Zhao
@ 2022-08-28 2:29 ` Yi Zhao
2022-08-28 2:29 ` [meta-selinux][PATCH 16/16] setools: fix buildpaths issue Yi Zhao
14 siblings, 0 replies; 16+ messages in thread
From: Yi Zhao @ 2022-08-28 2:29 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
.../{semodule-utils_3.3.bb => semodule-utils_3.4.bb} | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
rename recipes-security/selinux/{semodule-utils_3.3.bb => semodule-utils_3.4.bb} (70%)
diff --git a/recipes-security/selinux/semodule-utils_3.3.bb b/recipes-security/selinux/semodule-utils_3.4.bb
similarity index 70%
rename from recipes-security/selinux/semodule-utils_3.3.bb
rename to recipes-security/selinux/semodule-utils_3.4.bb
index 06e28f4..3f53cf0 100644
--- a/recipes-security/selinux/semodule-utils_3.3.bb
+++ b/recipes-security/selinux/semodule-utils_3.4.bb
@@ -8,10 +8,7 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
require selinux_common.inc
-DEPENDS += "libsepol"
-RDEPENDS:${PN}-dev = ""
-
-EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
+DEPENDS = "libsepol"
S = "${WORKDIR}/git/semodule-utils"
@@ -21,9 +18,9 @@ PACKAGES =+ "\
${PN}-semodule-package \
"
-FILES:${PN}-semodule-expand += "${bindir}/semodule_expand"
-FILES:${PN}-semodule-link += "${bindir}/semodule_link"
-FILES:${PN}-semodule-package += "\
+FILES:${PN}-semodule-expand = "${bindir}/semodule_expand"
+FILES:${PN}-semodule-link = "${bindir}/semodule_link"
+FILES:${PN}-semodule-package = "\
${bindir}/semodule_package \
${bindir}/semodule_unpackage \
"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [meta-selinux][PATCH 16/16] setools: fix buildpaths issue
2022-08-28 2:29 [meta-selinux][PATCH 01/16] selinux: upgrade 3.3 -> 3.4 Yi Zhao
` (13 preceding siblings ...)
2022-08-28 2:29 ` [meta-selinux][PATCH 15/16] semodule-utils: " Yi Zhao
@ 2022-08-28 2:29 ` Yi Zhao
14 siblings, 0 replies; 16+ messages in thread
From: Yi Zhao @ 2022-08-28 2:29 UTC (permalink / raw)
To: yocto, joe_macdonald, joe
Fixes:
QA Issue: File /usr/src/debug/setools/4.4.0-r0/setools/policyrep.c in package setools-src
contains reference to TMPDIR [buildpaths]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
recipes-security/setools/setools_4.4.0.bb | 33 ++++++++++++-----------
1 file changed, 17 insertions(+), 16 deletions(-)
diff --git a/recipes-security/setools/setools_4.4.0.bb b/recipes-security/setools/setools_4.4.0.bb
index f1557b1..81b0bfb 100644
--- a/recipes-security/setools/setools_4.4.0.bb
+++ b/recipes-security/setools/setools_4.4.0.bb
@@ -1,37 +1,38 @@
SUMMARY = "Policy analysis tools for SELinux"
DESCRIPTION = "\
SETools is a collection of graphical tools, command-line tools, and \
-libraries designed to facilitate SELinux policy analysis. \
-\n\
-This meta-package depends upon the main packages necessary to run \
-SETools."
+libraries designed to facilitate SELinux policy analysis."
SECTION = "base"
LICENSE = "GPL-2.0-only & LGPL-2.1-only"
-S = "${WORKDIR}/git"
SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.4;protocol=https \
file://setools4-fixes-for-cross-compiling.patch \
-"
-
+ "
SRCREV = "4758cdf803d93274f49cb6445cb2bab527d6549f"
LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=83a5eb6974c11f30785e90d0eeccf40c \
file://${S}/COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://${S}/COPYING.LGPL;md5=4fbd65380cdd255951079008b364516c"
-DEPENDS += "bison-native flex-native swig-native python3 python3-cython-native libsepol libselinux"
+S = "${WORKDIR}/git"
+
+DEPENDS = "python3-cython-native libsepol libselinux"
-RDEPENDS:${PN} += "python3-networkx python3-decorator python3-setuptools \
- python3-logging python3-json libselinux-python"
+RDEPENDS:${PN} = "python3-networkx python3-setuptools \
+ python3-logging libselinux-python"
-RPROVIDES:${PN} += "${PN}-console"
+RPROVIDES:${PN} = "${PN}-console"
inherit setuptools3
+do_install:prepend() {
+ sed -i -e 's:${RECIPE_SYSROOT}::g' ${S}/setools/policyrep.c
+}
+
do_install:append() {
- # Need PyQt5 support, disable gui tools
- rm -f ${D}${bindir}/apol
- rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setoolsgui
- rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setools/__pycache__
- rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setools/*/__pycache__
+ # Need PyQt5 support, disable gui tools
+ rm -f ${D}${bindir}/apol
+ rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setoolsgui
+ rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setools/__pycache__
+ rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setools/*/__pycache__
}
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread