[meta-selinux][PATCH 01/16] selinux: upgrade 3.3 -> 3.4

[meta-selinux][PATCH 01/16] selinux: upgrade 3.3 -> 3.4

[Yi Zhao]

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 recipes-security/selinux/selinux_common.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/selinux/selinux_common.inc b/recipes-security/selinux/selinux_common.inc
index 8bdf8ad..86c748f 100644
--- a/recipes-security/selinux/selinux_common.inc
+++ b/recipes-security/selinux/selinux_common.inc
@@ -1,7 +1,7 @@
 HOMEPAGE = "https://github.com/SELinuxProject"
 
 SRC_URI = "git://github.com/SELinuxProject/selinux.git;branch=master;protocol=https"
-SRCREV = "7f600c40bc18d8180993edcd54daf45124736776"
+SRCREV = "0a8c177dacdc1df96ea11bb8aa75e16c4fa82285"
 
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+)"
 
-- 
2.25.1

[meta-selinux][PATCH 02/16] libsepol: upgrade 3.3 -> 3.4

[Yi Zhao]

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 .../selinux/{libsepol_3.3.bb => libsepol_3.4.bb}            | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)
 rename recipes-security/selinux/{libsepol_3.3.bb => libsepol_3.4.bb} (80%)

diff --git a/recipes-security/selinux/libsepol_3.3.bb b/recipes-security/selinux/libsepol_3.4.bb
similarity index 80%
rename from recipes-security/selinux/libsepol_3.3.bb
rename to recipes-security/selinux/libsepol_3.4.bb
index 80d8819..49312da 100644
--- a/recipes-security/selinux/libsepol_3.3.bb
+++ b/recipes-security/selinux/libsepol_3.4.bb
@@ -13,10 +13,6 @@ inherit lib_package
 
 S = "${WORKDIR}/git/libsepol"
 
-# Change RANLIB for cross compiling, use host-tools $(AR) rather than
-# local ranlib.
-EXTRA_OEMAKE += "RANLIB='$(AR) s'"
-
-DEPENDS += "flex-native"
+DEPENDS = "flex-native"
 
 BBCLASSEXTEND = "native"
-- 
2.25.1

[meta-selinux][PATCH 03/16] libselinux: upgrade 3.3 -> 3.4

[Yi Zhao]

Use libpcre2 instead of libpcre.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 .../selinux/{libselinux_3.3.bb => libselinux_3.4.bb}       | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)
 rename recipes-security/selinux/{libselinux_3.3.bb => libselinux_3.4.bb} (77%)

diff --git a/recipes-security/selinux/libselinux_3.3.bb b/recipes-security/selinux/libselinux_3.4.bb
similarity index 77%
rename from recipes-security/selinux/libselinux_3.3.bb
rename to recipes-security/selinux/libselinux_3.4.bb
index 1144840..8009d6d 100644
--- a/recipes-security/selinux/libselinux_3.3.bb
+++ b/recipes-security/selinux/libselinux_3.4.bb
@@ -8,9 +8,9 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
 
 require selinux_common.inc
 
-inherit lib_package python3native pkgconfig
+inherit lib_package pkgconfig
 
-DEPENDS += "libsepol libpcre"
+DEPENDS = "libsepol libpcre2"
 DEPENDS:append:libc-musl = " fts"
 
 S = "${WORKDIR}/git/libselinux"
@@ -22,8 +22,7 @@ def get_policyconfigarch(d):
     target = p.sub('i386',target)
     return "ARCH=%s" % (target)
 
-EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
-EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre' LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'"
+EXTRA_OEMAKE = "${@get_policyconfigarch(d)}"
 EXTRA_OEMAKE:append:libc-musl = " FTS_LDLIBS=-lfts"
 
 BBCLASSEXTEND = "native"
-- 
2.25.1

[meta-selinux][PATCH 04/16] libselinux-python: upgrade 3.3 -> 3.4

[Yi Zhao]

* Use libpcre2 instead of libpcre.
* Refresh patches.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 ...linux-python_3.3.bb => libselinux-python_3.4.bb} | 13 +++++++------
 ...ix-python-modules-install-path-for-multili.patch |  8 ++++----
 ...PYCEXT-and-rely-on-the-installed-file-nam.patch} |  8 ++++----
 3 files changed, 15 insertions(+), 14 deletions(-)
 rename recipes-security/selinux/{libselinux-python_3.3.bb => libselinux-python_3.4.bb} (79%)
 rename recipes-security/selinux/libselinux/{0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch => 0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch} (94%)

diff --git a/recipes-security/selinux/libselinux-python_3.3.bb b/recipes-security/selinux/libselinux-python_3.4.bb
similarity index 79%
rename from recipes-security/selinux/libselinux-python_3.3.bb
rename to recipes-security/selinux/libselinux-python_3.4.bb
index 136f538..a850369 100644
--- a/recipes-security/selinux/libselinux-python_3.3.bb
+++ b/recipes-security/selinux/libselinux-python_3.4.bb
@@ -8,18 +8,20 @@ LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
 
 require selinux_common.inc
 
-inherit python3native python3targetconfig pkgconfig
+inherit python3targetconfig pkgconfig
 
 FILESEXTRAPATHS:prepend := "${THISDIR}/libselinux:"
 SRC_URI += "\
         file://0001-Makefile-fix-python-modules-install-path-for-multili.patch \
-        file://0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch \
+        file://0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch \
         "
 
 S = "${WORKDIR}/git/libselinux"
 
-DEPENDS += "python3 swig-native libpcre libsepol"
-RDEPENDS:${PN} += "libselinux python3-core python3-shell"
+DEPENDS = "libsepol libpcre2 swig-native"
+DEPENDS:append:libc-musl = " fts"
+
+RDEPENDS:${PN} = "libselinux python3-core python3-shell"
 
 def get_policyconfigarch(d):
     import re
@@ -28,8 +30,7 @@ def get_policyconfigarch(d):
     target = p.sub('i386',target)
     return "ARCH=%s" % (target)
 
-EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
-EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre' LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'"
+EXTRA_OEMAKE = "${@get_policyconfigarch(d)}"
 EXTRA_OEMAKE:append:libc-musl = " FTS_LDLIBS=-lfts"
 
 FILES:${PN} = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/*"
diff --git a/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch b/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
index 9dfd8d4..9750cd6 100644
--- a/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
+++ b/recipes-security/selinux/libselinux/0001-Makefile-fix-python-modules-install-path-for-multili.patch
@@ -1,4 +1,4 @@
-From 41540f5c4e3552a2806097613f016d1a2fd4754a Mon Sep 17 00:00:00 2001
+From 1ff60a36bb0bfc95ce33cf950f58e121548a3c8a Mon Sep 17 00:00:00 2001
 From: Yi Zhao <yi.zhao@windriver.com>
 Date: Mon, 13 Apr 2020 12:44:23 +0800
 Subject: [PATCH] Makefile: fix python modules install path for multilib
@@ -11,10 +11,10 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/Makefile b/src/Makefile
-index 190016e..dcdeb10 100644
+index 04bf4f2..81ae6a2 100644
 --- a/src/Makefile
 +++ b/src/Makefile
-@@ -174,7 +174,7 @@ install: all
+@@ -181,7 +181,7 @@ install: all
  	ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
  
  install-pywrap: pywrap
@@ -24,5 +24,5 @@ index 190016e..dcdeb10 100644
  	ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
  
 -- 
-2.17.1
+2.25.1
 
diff --git a/recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch b/recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
similarity index 94%
rename from recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
rename to recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
index 0fafcef..db7d68f 100644
--- a/recipes-security/selinux/libselinux/0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
+++ b/recipes-security/selinux/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
@@ -1,4 +1,4 @@
-From 1542c79660484a2f2e24ee0593586dba35c3ad13 Mon Sep 17 00:00:00 2001
+From dae53d7cd4d7875f7fb7aba016a0331559044eea Mon Sep 17 00:00:00 2001
 From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 Date: Fri, 25 Oct 2019 13:37:14 +0200
 Subject: [PATCH] Do not use PYCEXT, and rely on the installed file name
@@ -27,7 +27,7 @@ Signed-off-by: Changqing Li <changqing.li@windriver.com>
  1 file changed, 1 insertion(+), 2 deletions(-)
 
 diff --git a/src/Makefile b/src/Makefile
-index dcdeb10..da6f719 100644
+index 81ae6a2..37399e1 100644
 --- a/src/Makefile
 +++ b/src/Makefile
 @@ -15,7 +15,6 @@ INCLUDEDIR ?= $(PREFIX)/include
@@ -38,7 +38,7 @@ index dcdeb10..da6f719 100644
  RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
  RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]')
  RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
-@@ -176,7 +175,7 @@ install: all
+@@ -183,7 +182,7 @@ install: all
  install-pywrap: pywrap
  	$(PYTHON) setup.py install --prefix=$(PREFIX) --root=$(DESTDIR) --install-lib=$(PYTHONLIBDIR) $(PYTHON_SETUP_ARGS)
  	install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
@@ -48,5 +48,5 @@ index dcdeb10..da6f719 100644
  install-rubywrap: rubywrap
  	test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL) 
 -- 
-2.17.1
+2.25.1
 
-- 
2.25.1

[meta-selinux][PATCH 05/16] libsemanage: upgrade 3.3 -> 3.4

[Yi Zhao]

Refresh patches.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 .../libsemanage-Fix-execve-segfaults-on-Ubuntu.patch   | 10 +++++-----
 .../libsemanage-allow-to-disable-audit-support.patch   |  8 ++++----
 ...bsemanage-disable-expand-check-on-policy-load.patch |  8 ++++----
 .../selinux/{libsemanage_3.3.bb => libsemanage_3.4.bb} |  9 +++++----
 4 files changed, 18 insertions(+), 17 deletions(-)
 rename recipes-security/selinux/{libsemanage_3.3.bb => libsemanage_3.4.bb} (91%)

diff --git a/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch b/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
index 0b1f3d8..5a03d30 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
@@ -1,4 +1,4 @@
-From 01a37b94a1f5605a395e8b45ee9ec653ce716c06 Mon Sep 17 00:00:00 2001
+From 2111f86dce8defd9bebd9b43008339e3b5af0aa7 Mon Sep 17 00:00:00 2001
 From: Xin Ouyang <Xin.Ouyang@windriver.com>
 Date: Mon, 26 Mar 2012 15:15:16 +0800
 Subject: [PATCH] libsemanage: Fix execve segfaults on Ubuntu.
@@ -9,7 +9,7 @@ Such as "make load" while building refpolicy.
 
 http://oss.tresys.com/pipermail/refpolicy/2011-December/004859.html
 
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [embedded specific]
 
 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 ---
@@ -17,10 +17,10 @@ Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/semanage_store.c b/src/semanage_store.c
-index 58dded6..1a94545 100644
+index 14a0957..0a9200e 100644
 --- a/src/semanage_store.c
 +++ b/src/semanage_store.c
-@@ -1441,7 +1441,7 @@ static int semanage_exec_prog(semanage_handle_t * sh,
+@@ -1470,7 +1470,7 @@ static int semanage_exec_prog(semanage_handle_t * sh,
  	if (forkval == 0) {
  		/* child process.  file descriptors will be closed
  		 * because they were set as close-on-exec. */
@@ -30,5 +30,5 @@ index 58dded6..1a94545 100644
  	}
  
 -- 
-2.7.4
+2.25.1
 
diff --git a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
index ff5cb00..19263d8 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
@@ -1,9 +1,9 @@
-From e76867515be3bc296174aeb26c7996a0939a2a8c Mon Sep 17 00:00:00 2001
+From 5718384543ff06ad4032e90291f9e4398a2749c4 Mon Sep 17 00:00:00 2001
 From: Wenzong Fan <wenzong.fan@windriver.com>
 Date: Mon, 20 Jan 2014 03:53:48 -0500
 Subject: [PATCH] libsemanage: allow to disable audit support
 
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [embedded specific]
 
 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 ---
@@ -13,7 +13,7 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
  3 files changed, 31 insertions(+), 2 deletions(-)
 
 diff --git a/src/Makefile b/src/Makefile
-index a0eb374..afc4437 100644
+index 71c2a1d..52f335e 100644
 --- a/src/Makefile
 +++ b/src/Makefile
 @@ -26,6 +26,14 @@ ifeq ($(DEBUG),1)
@@ -122,5 +122,5 @@ index 69f49a3..f914492 100644
  OBJECTS = $(SOURCES:.c=.o)
  POLICIES = $(CILS:.cil=.policy)
 -- 
-2.17.1
+2.25.1
 
diff --git a/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch b/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
index d1e5720..6e0faeb 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
@@ -1,4 +1,4 @@
-From 35196d58cd37fec89fcf95e3d43b41de7008f0be Mon Sep 17 00:00:00 2001
+From dd52bfb66d710473aeb75c5fe92d5cf0a66b637e Mon Sep 17 00:00:00 2001
 From: Joe MacDonald <joe@deserted.net>
 Date: Wed, 7 May 2014 11:36:27 -0400
 Subject: [PATCH] libsemanage: disable expand-check on policy load
@@ -17,10 +17,10 @@ Signed-off-by: Joe MacDonald <joe@deserted.net>
  1 file changed, 4 insertions(+)
 
 diff --git a/src/semanage.conf b/src/semanage.conf
-index dc8d46b..254f156 100644
+index 98d769b..708fa8c 100644
 --- a/src/semanage.conf
 +++ b/src/semanage.conf
-@@ -39,3 +39,7 @@ module-store = direct
+@@ -40,3 +40,7 @@ module-store = direct
  # By default, semanage will generate policies for the SELinux target.
  # To build policies for Xen, uncomment the following line.
  #target-platform = xen
@@ -29,5 +29,5 @@ index dc8d46b..254f156 100644
 +# module.  This results in a significant speed-up in policy loading.
 +expand-check=0
 -- 
-2.7.4
+2.25.1
 
diff --git a/recipes-security/selinux/libsemanage_3.3.bb b/recipes-security/selinux/libsemanage_3.4.bb
similarity index 91%
rename from recipes-security/selinux/libsemanage_3.3.bb
rename to recipes-security/selinux/libsemanage_3.4.bb
index b17eb68..08d2c9c 100644
--- a/recipes-security/selinux/libsemanage_3.3.bb
+++ b/recipes-security/selinux/libsemanage_3.4.bb
@@ -16,23 +16,24 @@ SRC_URI += "file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
             file://libsemanage-disable-expand-check-on-policy-load.patch \
            "
 
-DEPENDS += "libsepol libselinux bzip2 python3 bison-native flex-native swig-native"
+DEPENDS = "libsepol libselinux bison-native swig-native"
+
 DEPENDS:append:class-target = " audit"
 
 S = "${WORKDIR}/git/libsemanage"
 
+EXTRA_OEMAKE:class-native = "DISABLE_AUDIT=y"
+
 PACKAGES =+ "${PN}-python"
 
 # For /usr/libexec/selinux/semanage_migrate_store
-RDEPENDS:${PN}-python += "python3-core"
+RDEPENDS:${PN}-python = "python3-core"
 
 FILES:${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \
                       ${libexecdir}/selinux/semanage_migrate_store"
 FILES:${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug/*"
 FILES:${PN} += "${libexecdir}"
 
-EXTRA_OEMAKE:class-native += "DISABLE_AUDIT=y"
-
 do_compile:append() {
     oe_runmake pywrap \
         PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
-- 
2.25.1

[meta-selinux][PATCH 06/16] checkpolicy: upgrade 3.3 -> 3.4

[Yi Zhao]

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 .../selinux/{checkpolicy_3.3.bb => checkpolicy_3.4.bb}       | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)
 rename recipes-security/selinux/{checkpolicy_3.3.bb => checkpolicy_3.4.bb} (84%)

diff --git a/recipes-security/selinux/checkpolicy_3.3.bb b/recipes-security/selinux/checkpolicy_3.4.bb
similarity index 84%
rename from recipes-security/selinux/checkpolicy_3.3.bb
rename to recipes-security/selinux/checkpolicy_3.4.bb
index ad90cc2..3df1bbb 100644
--- a/recipes-security/selinux/checkpolicy_3.3.bb
+++ b/recipes-security/selinux/checkpolicy_3.4.bb
@@ -11,10 +11,7 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
 require selinux_common.inc
 
-DEPENDS += "libsepol bison-native flex-native"
-
-EXTRA_OEMAKE += "LEX='flex'"
-EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
+DEPENDS = "libsepol bison-native"
 
 S = "${WORKDIR}/git/checkpolicy"
 
-- 
2.25.1

[meta-selinux][PATCH 07/16] secilc: upgrade 3.3 -> 3.4

[Yi Zhao]

Use precise license BSD-2-Clause instead of license BSD.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 recipes-security/selinux/{secilc_3.3.bb => secilc_3.4.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename recipes-security/selinux/{secilc_3.3.bb => secilc_3.4.bb} (85%)

diff --git a/recipes-security/selinux/secilc_3.3.bb b/recipes-security/selinux/secilc_3.4.bb
similarity index 85%
rename from recipes-security/selinux/secilc_3.3.bb
rename to recipes-security/selinux/secilc_3.4.bb
index 60ab2fe..e30cd3a 100644
--- a/recipes-security/selinux/secilc_3.3.bb
+++ b/recipes-security/selinux/secilc_3.4.bb
@@ -3,12 +3,12 @@ DESCRIPTION = "\
 This package contains secilc, the SELinux Common Intermediate \
 Language (CIL) compiler."
 SECTION = "base"
-LICENSE = "BSD"
+LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=c7e802b9a3b0c2c852669864c08b9138"
 
 require selinux_common.inc
 
-DEPENDS += "libsepol xmlto-native"
+DEPENDS = "libsepol xmlto-native"
 
 S = "${WORKDIR}/git/secilc"
 
-- 
2.25.1

[meta-selinux][PATCH 08/16] policycoreutils: upgrade 3.3 -> 3.4

[Yi Zhao]

Refresh patch.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 .../policycoreutils-fixfiles-de-bashify.patch | 14 ++--
 ...oreutils_3.3.bb => policycoreutils_3.4.bb} | 72 +++++++++----------
 2 files changed, 43 insertions(+), 43 deletions(-)
 rename recipes-security/selinux/{policycoreutils_3.3.bb => policycoreutils_3.4.bb} (78%)

diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
index 70cdd4f..0e80959 100644
--- a/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
+++ b/recipes-security/selinux/policycoreutils/policycoreutils-fixfiles-de-bashify.patch
@@ -1,4 +1,4 @@
-From 25ca94680f2fe20f49b80e8b5b180a0dbb903f17 Mon Sep 17 00:00:00 2001
+From cdc8f6e887d9ab8944e3ae89dd18bf55edf080c4 Mon Sep 17 00:00:00 2001
 From: Joe MacDonald <joe_macdonald@mentor.com>
 Date: Fri, 20 Feb 2015 17:00:19 -0500
 Subject: [PATCH] fixfiles: de-bashify
@@ -10,7 +10,7 @@ necessarily the best option here.  Introducing a second invocation of rpm
 is minimal overhead on an operation that should happen very infrequently,
 so we'll try that instead.
 
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [embedded specific]
 
 Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
@@ -19,7 +19,7 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
  1 file changed, 14 insertions(+), 9 deletions(-)
 
 diff --git a/scripts/fixfiles b/scripts/fixfiles
-index 1aa330f..a10837d 100755
+index c72ca0e..143cc2e 100755
 --- a/scripts/fixfiles
 +++ b/scripts/fixfiles
 @@ -1,4 +1,4 @@
@@ -51,7 +51,7 @@ index 1aa330f..a10837d 100755
  	  exclude_from_relabelling="$exclude_from_relabelling -e $i"
  	done < /etc/selinux/fixfiles_exclude_dirs
      fi
-@@ -138,7 +139,7 @@ fi
+@@ -140,7 +141,7 @@ fi
  # Log directories excluded from relabelling by configuration file
  #
  LogExcluded() {
@@ -60,7 +60,7 @@ index 1aa330f..a10837d 100755
      echo "skipping the directory $i"
  done
  }
-@@ -201,8 +202,12 @@ fi
+@@ -203,8 +204,12 @@ fi
  }
  
  rpmlist() {
@@ -75,7 +75,7 @@ index 1aa330f..a10837d 100755
  }
  
  #
-@@ -276,7 +281,7 @@ relabel() {
+@@ -295,7 +300,7 @@ relabel() {
  	exit 1
      fi
  
@@ -85,5 +85,5 @@ index 1aa330f..a10837d 100755
  	return
      fi
 -- 
-2.13.0
+2.25.1
 
diff --git a/recipes-security/selinux/policycoreutils_3.3.bb b/recipes-security/selinux/policycoreutils_3.4.bb
similarity index 78%
rename from recipes-security/selinux/policycoreutils_3.3.bb
rename to recipes-security/selinux/policycoreutils_3.4.bb
index 552d354..ab871a3 100644
--- a/recipes-security/selinux/policycoreutils_3.3.bb
+++ b/recipes-security/selinux/policycoreutils_3.4.bb
@@ -18,48 +18,47 @@ PAM_SRC_URI = "file://pam.d/newrole \
                file://pam.d/run_init \
               "
 
-DEPENDS += "libsepol libselinux libsemanage libcap gettext-native"
-EXTRA_DEPENDS = "libcap-ng libcgroup"
-DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"
+DEPENDS = "libsepol libselinux libsemanage gettext-native"
+DEPENDS:append:class-target = " libcap-ng"
 
 S = "${WORKDIR}/git/policycoreutils"
 
 inherit selinux python3native
 
-RDEPENDS:${BPN}-fixfiles += "\
-    ${BPN}-setfiles \
+RDEPENDS:${PN}-fixfiles = "\
+    ${PN}-setfiles \
     grep \
     findutils \
 "
-RDEPENDS:${BPN}-genhomedircon += "\
-    ${BPN}-semodule \
+RDEPENDS:${PN}-genhomedircon = "\
+    ${PN}-semodule \
 "
-RDEPENDS:${BPN}-loadpolicy += "\
+RDEPENDS:${PN}-loadpolicy = "\
     libselinux \
     libsepol \
 "
-RDEPENDS:${BPN}-newrole += "\
+RDEPENDS:${PN}-newrole = "\
     libcap-ng \
     libselinux \
 "
-RDEPENDS:${BPN}-runinit += "libselinux"
-RDEPENDS:${BPN}-secon += "libselinux"
-RDEPENDS:${BPN}-semodule += "\
+RDEPENDS:${PN}-runinit = "libselinux"
+RDEPENDS:${PN}-secon = "libselinux"
+RDEPENDS:${PN}-semodule = "\
     libsepol \
     libselinux \
     libsemanage \
 "
-RDEPENDS:${BPN}-sestatus += "libselinux"
-RDEPENDS:${BPN}-setfiles += "\
+RDEPENDS:${PN}-sestatus = "libselinux"
+RDEPENDS:${PN}-setfiles = "\
     libselinux \
     libsepol \
 "
-RDEPENDS:${BPN}-setsebool += "\
+RDEPENDS:${PN}-setsebool = "\
     libsepol \
     libselinux \
     libsemanage \
 "
-RDEPENDS:${BPN} += "selinux-python"
+RDEPENDS:${PN}:class-target = "selinux-python"
 
 PACKAGES =+ "\
     ${PN}-fixfiles \
@@ -74,34 +73,34 @@ PACKAGES =+ "\
     ${PN}-setfiles \
     ${PN}-setsebool \
 "
-FILES:${PN}-fixfiles += "${base_sbindir}/fixfiles"
-FILES:${PN}-genhomedircon += "${base_sbindir}/genhomedircon"
-FILES:${PN}-loadpolicy += "\
+FILES:${PN}-fixfiles = "${base_sbindir}/fixfiles"
+FILES:${PN}-genhomedircon = "${base_sbindir}/genhomedircon"
+FILES:${PN}-loadpolicy = "\
     ${base_sbindir}/load_policy \
 "
-FILES:${PN}-newrole += "\
+FILES:${PN}-newrole = "\
     ${bindir}/newrole \
     ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/newrole', '', d)} \
 "
-FILES:${PN}-runinit += "\
+FILES:${PN}-runinit = "\
     ${base_sbindir}/run_init \
     ${base_sbindir}/open_init_pty \
     ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${sysconfdir}/pam.d/run_init', '', d)} \
 "
 FILES:${PN}-dbg += "${prefix}/libexec/selinux/hll/.debug"
-FILES:${PN}-secon += "${bindir}/secon"
-FILES:${PN}-semodule += "${base_sbindir}/semodule"
-FILES:${PN}-hll += "${prefix}/libexec/selinux/hll/*"
-FILES:${PN}-sestatus += "\
+FILES:${PN}-secon = "${bindir}/secon"
+FILES:${PN}-semodule = "${base_sbindir}/semodule"
+FILES:${PN}-hll = "${prefix}/libexec/selinux/hll/*"
+FILES:${PN}-sestatus = "\
     ${base_sbindir}/sestatus \
     ${sysconfdir}/sestatus.conf \
 "
-FILES:${PN}-setfiles += "\
+FILES:${PN}-setfiles = "\
     ${base_sbindir}/restorecon \
     ${base_sbindir}/restorecon_xattr \
     ${base_sbindir}/setfiles \
 "
-FILES:${PN}-setsebool += "\
+FILES:${PN}-setsebool = "\
     ${base_sbindir}/setsebool \
     ${datadir}/bash-completion/completions/setsebool \
 "
@@ -115,11 +114,12 @@ PACKAGECONFIG:class-target ?= "\
         ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)} \
         audit \
 "
+PACKAGECONFIG:class-native ?= ""
 
 PACKAGECONFIG[libpam] = ",,libpam,"
 PACKAGECONFIG[audit] = ",,audit,"
 
-EXTRA_OEMAKE += "\
+EXTRA_OEMAKE = "\
         ${@bb.utils.contains('PACKAGECONFIG', 'libpam', 'PAMH=y', 'PAMH=', d)} \
         ${@bb.utils.contains('PACKAGECONFIG', 'audit', 'AUDITH=y', 'AUDITH=', d)} \
         INOTIFYH=n \
@@ -131,6 +131,14 @@ BBCLASSEXTEND = "native"
 
 PCU_NATIVE_CMDS = "setfiles semodule hll"
 
+do_compile:prepend() {
+    export PYTHON=python3
+    export PYLIBVER='python${PYTHON_BASEVERSION}'
+    export PYTHON_CPPFLAGS="-I${STAGING_INCDIR}/${PYLIBVER}"
+    export PYTHON_LDFLAGS="${STAGING_LIBDIR}/lib${PYLIBVER}.so"
+    export PYTHON_SITE_PKG="${libdir}/${PYLIBVER}/site-packages"
+}
+
 do_compile:class-native() {
     for PCU_CMD in ${PCU_NATIVE_CMDS} ; do
         oe_runmake -C $PCU_CMD \
@@ -143,14 +151,6 @@ sysroot_stage_dirs:append:class-native() {
     cp -R $from/${prefix}/libexec $to/${prefix}/libexec
 }
 
-do_compile:prepend() {
-    export PYTHON=python3
-    export PYLIBVER='python${PYTHON_BASEVERSION}'
-    export PYTHON_CPPFLAGS="-I${STAGING_INCDIR}/${PYLIBVER}"
-    export PYTHON_LDFLAGS="${STAGING_LIBDIR}/lib${PYLIBVER}.so"
-    export PYTHON_SITE_PKG="${libdir}/${PYLIBVER}/site-packages"
-}
-
 do_install:prepend() {
     export PYTHON=python3
     export SBINDIR="${D}/${base_sbindir}"
-- 
2.25.1

[meta-selinux][PATCH 09/16] mcstrans: upgrade 3.3 -> 3.4

[Yi Zhao]

Refresh patches.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 .../selinux/mcstrans/mcstrans-de-bashify.patch       |  6 +++---
 .../mcstrans/mcstrans-fix-the-init-script.patch      |  4 ++--
 .../selinux/{mcstrans_3.3.bb => mcstrans_3.4.bb}     | 12 ++++++------
 3 files changed, 11 insertions(+), 11 deletions(-)
 rename recipes-security/selinux/{mcstrans_3.3.bb => mcstrans_3.4.bb} (87%)

diff --git a/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch b/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
index 27fd677..74ae879 100644
--- a/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
+++ b/recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch
@@ -1,4 +1,4 @@
-From 544b3c078374e5001e7fdc1b7d0b2eafda36f8fe Mon Sep 17 00:00:00 2001
+From 580a625e9e1266d92c248a5e3f471d12d42c149b Mon Sep 17 00:00:00 2001
 From: Joe MacDonald <joe_macdonald@mentor.com>
 Date: Fri, 7 Aug 2015 15:16:45 -0400
 Subject: [PATCH] mcstrans: remove dependency on bash in initscript
@@ -8,7 +8,7 @@ dependency on bash.
 
 Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [embedded specific]
 
 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
@@ -27,5 +27,5 @@ index 2804ec0..8b4737d 100644
  # mcstransd        This starts and stops mcstransd
  #
 -- 
-2.7.4
+2.25.1
 
diff --git a/recipes-security/selinux/mcstrans/mcstrans-fix-the-init-script.patch b/recipes-security/selinux/mcstrans/mcstrans-fix-the-init-script.patch
index 79be090..a560722 100644
--- a/recipes-security/selinux/mcstrans/mcstrans-fix-the-init-script.patch
+++ b/recipes-security/selinux/mcstrans/mcstrans-fix-the-init-script.patch
@@ -1,4 +1,4 @@
-From 4d918a9679d2902ca2d41fe769a4d76f07a67b5f Mon Sep 17 00:00:00 2001
+From 123d5b6413905bfad535a072ff0ab5a495cb2a2a Mon Sep 17 00:00:00 2001
 From: Roy Li <rongqing.li@windriver.com>
 Date: Wed, 6 Nov 2019 22:13:33 +0800
 Subject: [PATCH] mcstrans: fix the init script
@@ -28,5 +28,5 @@ index 8b4737d..86c89ea 100644
  	echo
  	if test $RETVAL = 0 ; then
 -- 
-2.7.4
+2.25.1
 
diff --git a/recipes-security/selinux/mcstrans_3.3.bb b/recipes-security/selinux/mcstrans_3.4.bb
similarity index 87%
rename from recipes-security/selinux/mcstrans_3.3.bb
rename to recipes-security/selinux/mcstrans_3.4.bb
index cd8780b..b5d6b54 100644
--- a/recipes-security/selinux/mcstrans_3.3.bb
+++ b/recipes-security/selinux/mcstrans_3.4.bb
@@ -9,18 +9,18 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
 
 require selinux_common.inc
 
-inherit systemd update-rc.d
+inherit pkgconfig systemd update-rc.d
 
 SRC_URI += "file://mcstrans-de-bashify.patch \
             file://mcstrans-fix-the-init-script.patch \
            "
 
-DEPENDS += "libsepol libselinux libcap"
+DEPENDS = "libsepol libselinux libcap"
 
-EXTRA_OEMAKE += "SBINDIR=${base_sbindir} \
-                 INITDIR=${sysconfdir}/init.d \
-                 SYSTEMDDIR=${systemd_unitdir} \
-                "
+EXTRA_OEMAKE = "SBINDIR=${base_sbindir} \
+                INITDIR=${sysconfdir}/init.d \
+                SYSTEMDDIR=${systemd_unitdir} \
+               "
 
 S = "${WORKDIR}/git/mcstrans"
 
-- 
2.25.1

[meta-selinux][PATCH 10/16] restorecond: upgrade 3.3 -> 3.4

[Yi Zhao]

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 .../selinux/{restorecond_3.3.bb => restorecond_3.4.bb}      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 rename recipes-security/selinux/{restorecond_3.3.bb => restorecond_3.4.bb} (86%)

diff --git a/recipes-security/selinux/restorecond_3.3.bb b/recipes-security/selinux/restorecond_3.4.bb
similarity index 86%
rename from recipes-security/selinux/restorecond_3.3.bb
rename to recipes-security/selinux/restorecond_3.4.bb
index ee1cb44..5b690d8 100644
--- a/recipes-security/selinux/restorecond_3.3.bb
+++ b/recipes-security/selinux/restorecond_3.4.bb
@@ -10,11 +10,11 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
 require selinux_common.inc
 
-inherit systemd update-rc.d
+inherit pkgconfig systemd update-rc.d
 
-DEPENDS += "libsepol libselinux libpcre dbus-glib glib-2.0 pkgconfig-native"
+DEPENDS = "libsepol libselinux glib-2.0"
 
-EXTRA_OEMAKE += "SYSTEMDSYSTEMUNITDIR=${systemd_system_unitdir} \
+EXTRA_OEMAKE = "SYSTEMDSYSTEMUNITDIR=${systemd_system_unitdir} \
                  SYSTEMDUSERUNITDIR=${systemd_user_unitdir} \
                 "
 
-- 
2.25.1

[meta-selinux][PATCH 11/16] selinux-python: upgrade 3.3 -> 3.4

[Yi Zhao]

* Backport a patch to fix chcat runtime error.
* Refresh patch.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 ...andle-unsupported-languages-properly.patch | 173 ++++++++++++++++++
 .../fix-sepolicy-install-path.patch           |   4 +-
 ...ux-python_3.3.bb => selinux-python_3.4.bb} |  51 +++---
 3 files changed, 201 insertions(+), 27 deletions(-)
 create mode 100644 recipes-security/selinux/selinux-python/0001-gettext-handle-unsupported-languages-properly.patch
 rename recipes-security/selinux/{selinux-python_3.3.bb => selinux-python_3.4.bb} (82%)

diff --git a/recipes-security/selinux/selinux-python/0001-gettext-handle-unsupported-languages-properly.patch b/recipes-security/selinux/selinux-python/0001-gettext-handle-unsupported-languages-properly.patch
new file mode 100644
index 0000000..b83300d
--- /dev/null
+++ b/recipes-security/selinux/selinux-python/0001-gettext-handle-unsupported-languages-properly.patch
@@ -0,0 +1,173 @@
+From 4693794ff8c52f87a4abdb68fe9dae6618023c03 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Fri, 24 Jun 2022 16:24:25 +0200
+Subject: [PATCH] gettext: handle unsupported languages properly
+
+With "fallback=True" gettext.translation behaves the same as
+gettext.install and uses NullTranslations in case the
+translation file for given language was not found (as opposed to
+throwing an exception).
+
+Fixes:
+  # LANG is set to any "unsupported" language, e.g. en_US.UTF-8
+  $ chcat --help
+  Traceback (most recent call last):
+  File "/usr/bin/chcat", line 39, in <module>
+    t = gettext.translation(PROGNAME,
+  File "/usr/lib64/python3.9/gettext.py", line 592, in translation
+    raise FileNotFoundError(ENOENT,
+  FileNotFoundError: [Errno 2] No translation file found for domain: 'selinux-python'
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+Reviewed-by: Daniel Burgener <dburgener@linux.microsoft.com>
+Acked-by: Petr Lautrbach <plautrba@redhat.com>
+
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/selinux/commit/344463076b2a91e1d2c7f5cc3835dc1a53a05e88]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ chcat/chcat                           | 5 +++--
+ semanage/semanage                     | 3 ++-
+ semanage/seobject.py                  | 3 ++-
+ sepolgen/src/sepolgen/sepolgeni18n.py | 4 +++-
+ sepolicy/sepolicy.py                  | 3 ++-
+ sepolicy/sepolicy/__init__.py         | 3 ++-
+ sepolicy/sepolicy/generate.py         | 3 ++-
+ sepolicy/sepolicy/gui.py              | 3 ++-
+ sepolicy/sepolicy/interface.py        | 3 ++-
+ 9 files changed, 20 insertions(+), 10 deletions(-)
+
+diff --git a/chcat/chcat b/chcat/chcat
+index e779fcc..952cb81 100755
+--- a/chcat/chcat
++++ b/chcat/chcat
+@@ -38,9 +38,10 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+-except ImportError:
++except:
+     try:
+         import builtins
+         builtins.__dict__['_'] = str
+diff --git a/semanage/semanage b/semanage/semanage
+index 8f4e44a..f45061a 100644
+--- a/semanage/semanage
++++ b/semanage/semanage
+@@ -38,7 +38,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+diff --git a/semanage/seobject.py b/semanage/seobject.py
+index ff8f4e9..0782c08 100644
+--- a/semanage/seobject.py
++++ b/semanage/seobject.py
+@@ -42,7 +42,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+diff --git a/sepolgen/src/sepolgen/sepolgeni18n.py b/sepolgen/src/sepolgen/sepolgeni18n.py
+index 56ebd80..1ff307d 100644
+--- a/sepolgen/src/sepolgen/sepolgeni18n.py
++++ b/sepolgen/src/sepolgen/sepolgeni18n.py
+@@ -19,7 +19,9 @@
+ 
+ try: 
+     import gettext
+-    t = gettext.translation( 'selinux-python' )
++    t = gettext.translation("selinux-python",
++                        localedir="/usr/share/locale",
++                        fallback=True)
+     _ = t.gettext
+ except:
+     def _(str):
+diff --git a/sepolicy/sepolicy.py b/sepolicy/sepolicy.py
+index 7ebe0ef..c7a70e0 100755
+--- a/sepolicy/sepolicy.py
++++ b/sepolicy/sepolicy.py
+@@ -36,7 +36,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+diff --git a/sepolicy/sepolicy/__init__.py b/sepolicy/sepolicy/__init__.py
+index 7208234..9c3caa0 100644
+--- a/sepolicy/sepolicy/__init__.py
++++ b/sepolicy/sepolicy/__init__.py
+@@ -31,7 +31,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+diff --git a/sepolicy/sepolicy/generate.py b/sepolicy/sepolicy/generate.py
+index 67189fc..3717d5d 100644
+--- a/sepolicy/sepolicy/generate.py
++++ b/sepolicy/sepolicy/generate.py
+@@ -56,7 +56,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+diff --git a/sepolicy/sepolicy/gui.py b/sepolicy/sepolicy/gui.py
+index b026374..5bdbfeb 100644
+--- a/sepolicy/sepolicy/gui.py
++++ b/sepolicy/sepolicy/gui.py
+@@ -49,7 +49,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+diff --git a/sepolicy/sepolicy/interface.py b/sepolicy/sepolicy/interface.py
+index 599f97f..43f8644 100644
+--- a/sepolicy/sepolicy/interface.py
++++ b/sepolicy/sepolicy/interface.py
+@@ -38,7 +38,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+-- 
+2.25.1
+
diff --git a/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch b/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch
index 4e91df7..bd14450 100644
--- a/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch
+++ b/recipes-security/selinux/selinux-python/fix-sepolicy-install-path.patch
@@ -1,4 +1,4 @@
-From df40fadfb251cc2aebdbd2e216f99a8ae7da7763 Mon Sep 17 00:00:00 2001
+From d43220e336edf8ccaaa7bd3eb9c13874ed34d468 Mon Sep 17 00:00:00 2001
 From: Xin Ouyang <Xin.Ouyang@windriver.com>
 Date: Mon, 23 Sep 2013 21:17:59 +0800
 Subject: [PATCH] sepolicy: fix install path for new pymodule sepolicy
@@ -26,5 +26,5 @@ index 3361be4..5842321 100644
  	install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy
  	(cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen)
 -- 
-2.17.1
+2.25.1
 
diff --git a/recipes-security/selinux/selinux-python_3.3.bb b/recipes-security/selinux/selinux-python_3.4.bb
similarity index 82%
rename from recipes-security/selinux/selinux-python_3.3.bb
rename to recipes-security/selinux/selinux-python_3.4.bb
index 8f76718..cc279f2 100644
--- a/recipes-security/selinux/selinux-python_3.3.bb
+++ b/recipes-security/selinux/selinux-python_3.4.bb
@@ -10,40 +10,41 @@ require selinux_common.inc
 
 inherit python3native
 
-SRC_URI += "file://fix-sepolicy-install-path.patch"
+SRC_URI += "file://fix-sepolicy-install-path.patch \
+            file://0001-gettext-handle-unsupported-languages-properly.patch \
+           "
 
 S = "${WORKDIR}/git/python"
 
-EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
+DEPENDS = "libsepol libselinux gettext-native"
 
-DEPENDS += "python3 libsepol libselinux"
-RDEPENDS:${BPN}-audit2allow += "\
-        python3-core \
-        libselinux-python \
-        ${BPN}-sepolgen \
-"
-RDEPENDS:${BPN}-chcat += "\
+RDEPENDS:${PN} = "\
         python3-core \
         python3-codecs \
-        python3-shell \
+        python3-io \
+        python3-ipy \
         python3-stringold \
+        python3-syslog \
         python3-unixadmin \
         libselinux-python \
-        ${BPN} \
+        libsemanage-python \
+        setools \
 "
-RDEPENDS:${BPN} += "\
+RDEPENDS:${PN}-audit2allow = "\
+        python3-core \
+        libselinux-python \
+        ${PN}-sepolgen \
+"
+RDEPENDS:${PN}-chcat = "\
         python3-core \
         python3-codecs \
-        python3-io \
-        python3-ipy \
+        python3-shell \
         python3-stringold \
-        python3-syslog \
         python3-unixadmin \
         libselinux-python \
-        libsemanage-python \
-        setools \
+        ${PN} \
 "
-RDEPENDS:${BPN}-semanage += "\
+RDEPENDS:${PN}-semanage = "\
         python3-core \
         python3-ipy \
         python3-compression \
@@ -51,16 +52,16 @@ RDEPENDS:${BPN}-semanage += "\
         python3-misc \
         libselinux-python \
         audit-python \
-        ${BPN} \
+        ${PN} \
 "
-RDEPENDS:${BPN}-sepolicy += "\
+RDEPENDS:${PN}-sepolicy = "\
         python3-core \
         python3-codecs \
         python3-syslog \
         python3-multiprocessing \
-        ${BPN} \
+        ${PN} \
 "
-RDEPENDS:${BPN}-sepolgen-ifgen += "\
+RDEPENDS:${PN}-sepolgen-ifgen = "\
         python3-core \
         libselinux-python \
 "
@@ -85,16 +86,16 @@ FILES:${PN}-semanage = "\
         ${datadir}/bash-completion/completions/semanage \
 "
 # The ${bindir}/sepolgen is a symlink to ${bindir}/sepolicy
-FILES:${PN}-sepolicy += "\
+FILES:${PN}-sepolicy = "\
         ${bindir}/sepolgen \
         ${bindir}/sepolicy \
         ${datadir}/bash-completion/completions/sepolicy \
 "
-FILES:${PN}-sepolgen-ifgen += "\
+FILES:${PN}-sepolgen-ifgen = "\
         ${bindir}/sepolgen-ifgen \
         ${bindir}/sepolgen-ifgen-attr-helper \
 "
-FILES:${PN}-sepolgen += "\
+FILES:${PN}-sepolgen = "\
         ${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolgen* \
         ${localstatedir}/lib/sepolgen/perm_map \
 "
-- 
2.25.1

[meta-selinux][PATCH 12/16] selinux-dbus: upgrade 3.3 -> 3.4

[Yi Zhao]

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 .../selinux/{selinux-dbus_3.3.bb => selinux-dbus_3.4.bb}        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename recipes-security/selinux/{selinux-dbus_3.3.bb => selinux-dbus_3.4.bb} (89%)

diff --git a/recipes-security/selinux/selinux-dbus_3.3.bb b/recipes-security/selinux/selinux-dbus_3.4.bb
similarity index 89%
rename from recipes-security/selinux/selinux-dbus_3.3.bb
rename to recipes-security/selinux/selinux-dbus_3.4.bb
index 936baed..1619829 100644
--- a/recipes-security/selinux/selinux-dbus_3.3.bb
+++ b/recipes-security/selinux/selinux-dbus_3.4.bb
@@ -9,7 +9,7 @@ require selinux_common.inc
 
 S = "${WORKDIR}/git/dbus"
 
-RDEPENDS:${PN} += "python3-core selinux-python-sepolicy"
+RDEPENDS:${PN} = "python3-core selinux-python-sepolicy"
 
 FILES:${PN} += "\
         ${datadir}/system-config-selinux/selinux_server.py \
-- 
2.25.1

[meta-selinux][PATCH 13/16] selinux-gui: upgrade 3.3 -> 3.4

[Yi Zhao]

Backport a patch to fix chcat runtime error.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 ...andle-unsupported-languages-properly.patch | 199 ++++++++++++++++++
 ...{selinux-gui_3.3.bb => selinux-gui_3.4.bb} |   5 +-
 2 files changed, 203 insertions(+), 1 deletion(-)
 create mode 100644 recipes-security/selinux/selinux-gui/0001-gettext-handle-unsupported-languages-properly.patch
 rename recipes-security/selinux/{selinux-gui_3.3.bb => selinux-gui_3.4.bb} (78%)

diff --git a/recipes-security/selinux/selinux-gui/0001-gettext-handle-unsupported-languages-properly.patch b/recipes-security/selinux/selinux-gui/0001-gettext-handle-unsupported-languages-properly.patch
new file mode 100644
index 0000000..d79db22
--- /dev/null
+++ b/recipes-security/selinux/selinux-gui/0001-gettext-handle-unsupported-languages-properly.patch
@@ -0,0 +1,199 @@
+From a0a67119412622141a7f8365eff10de6395be7ca Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Fri, 24 Jun 2022 16:24:25 +0200
+Subject: [PATCH] gettext: handle unsupported languages properly
+
+With "fallback=True" gettext.translation behaves the same as
+gettext.install and uses NullTranslations in case the
+translation file for given language was not found (as opposed to
+throwing an exception).
+
+Fixes:
+  # LANG is set to any "unsupported" language, e.g. en_US.UTF-8
+  $ chcat --help
+  Traceback (most recent call last):
+  File "/usr/bin/chcat", line 39, in <module>
+    t = gettext.translation(PROGNAME,
+  File "/usr/lib64/python3.9/gettext.py", line 592, in translation
+    raise FileNotFoundError(ENOENT,
+  FileNotFoundError: [Errno 2] No translation file found for domain: 'selinux-python'
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+Reviewed-by: Daniel Burgener <dburgener@linux.microsoft.com>
+Acked-by: Petr Lautrbach <plautrba@redhat.com>
+
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/selinux/commit/344463076b2a91e1d2c7f5cc3835dc1a53a05e88]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ booleansPage.py          | 3 ++-
+ domainsPage.py           | 3 ++-
+ fcontextPage.py          | 3 ++-
+ loginsPage.py            | 3 ++-
+ modulesPage.py           | 3 ++-
+ polgengui.py             | 3 ++-
+ portsPage.py             | 3 ++-
+ semanagePage.py          | 3 ++-
+ statusPage.py            | 3 ++-
+ system-config-selinux.py | 3 ++-
+ usersPage.py             | 3 ++-
+ 11 files changed, 22 insertions(+), 11 deletions(-)
+
+diff --git a/booleansPage.py b/booleansPage.py
+index 5beec58..ad11a9b 100644
+--- a/booleansPage.py
++++ b/booleansPage.py
+@@ -46,7 +46,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+diff --git a/domainsPage.py b/domainsPage.py
+index e08f34b..e6eadd6 100644
+--- a/domainsPage.py
++++ b/domainsPage.py
+@@ -38,7 +38,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+diff --git a/fcontextPage.py b/fcontextPage.py
+index bac2bec..767664f 100644
+--- a/fcontextPage.py
++++ b/fcontextPage.py
+@@ -55,7 +55,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+diff --git a/loginsPage.py b/loginsPage.py
+index 18b93d8..7e08232 100644
+--- a/loginsPage.py
++++ b/loginsPage.py
+@@ -37,7 +37,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+diff --git a/modulesPage.py b/modulesPage.py
+index c546d45..02b79f1 100644
+--- a/modulesPage.py
++++ b/modulesPage.py
+@@ -38,7 +38,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+diff --git a/polgengui.py b/polgengui.py
+index a18f1cb..7a3ecd5 100644
+--- a/polgengui.py
++++ b/polgengui.py
+@@ -71,7 +71,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+diff --git a/portsPage.py b/portsPage.py
+index 54aa80d..bee2bdf 100644
+--- a/portsPage.py
++++ b/portsPage.py
+@@ -43,7 +43,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+diff --git a/semanagePage.py b/semanagePage.py
+index 1371d4e..efad14d 100644
+--- a/semanagePage.py
++++ b/semanagePage.py
+@@ -30,7 +30,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+diff --git a/statusPage.py b/statusPage.py
+index c241ef8..832849e 100644
+--- a/statusPage.py
++++ b/statusPage.py
+@@ -43,7 +43,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+diff --git a/system-config-selinux.py b/system-config-selinux.py
+index 1b460c9..9f53b7f 100644
+--- a/system-config-selinux.py
++++ b/system-config-selinux.py
+@@ -53,7 +53,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+diff --git a/usersPage.py b/usersPage.py
+index d51bd96..9acd3b8 100644
+--- a/usersPage.py
++++ b/usersPage.py
+@@ -37,7 +37,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+-- 
+2.25.1
+
diff --git a/recipes-security/selinux/selinux-gui_3.3.bb b/recipes-security/selinux/selinux-gui_3.4.bb
similarity index 78%
rename from recipes-security/selinux/selinux-gui_3.3.bb
rename to recipes-security/selinux/selinux-gui_3.4.bb
index 9916afb..fa80860 100644
--- a/recipes-security/selinux/selinux-gui_3.3.bb
+++ b/recipes-security/selinux/selinux-gui_3.4.bb
@@ -8,9 +8,12 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
 require selinux_common.inc
 
+SRC_URI += "file://0001-gettext-handle-unsupported-languages-properly.patch"
+
 S = "${WORKDIR}/git/gui"
 
-RDEPENDS:${PN} += "python3-core"
+DEPENDS = "gettext-native"
+RDEPENDS:${PN} = "python3-core"
 
 FILES:${PN} += " \
         ${datadir}/system-config-selinux/* \
-- 
2.25.1

[meta-selinux][PATCH 14/16] selinux-sandbox: upgrade 3.3 -> 3.4

[Yi Zhao]

* Backport a patch to fix chcat runtime error.
* Refresh patch.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 ...andle-unsupported-languages-properly.patch | 49 +++++++++++++++++++
 .../selinux-sandbox/sandbox-de-bashify.patch  |  6 +--
 ...-sandbox_3.3.bb => selinux-sandbox_3.4.bb} |  8 +--
 3 files changed, 57 insertions(+), 6 deletions(-)
 create mode 100644 recipes-security/selinux/selinux-sandbox/0001-gettext-handle-unsupported-languages-properly.patch
 rename recipes-security/selinux/{selinux-sandbox_3.3.bb => selinux-sandbox_3.4.bb} (77%)

diff --git a/recipes-security/selinux/selinux-sandbox/0001-gettext-handle-unsupported-languages-properly.patch b/recipes-security/selinux/selinux-sandbox/0001-gettext-handle-unsupported-languages-properly.patch
new file mode 100644
index 0000000..f1d8235
--- /dev/null
+++ b/recipes-security/selinux/selinux-sandbox/0001-gettext-handle-unsupported-languages-properly.patch
@@ -0,0 +1,49 @@
+From 70602601ac1cfc4399430ef8609b96fc224d1e25 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Fri, 24 Jun 2022 16:24:25 +0200
+Subject: [PATCH] gettext: handle unsupported languages properly
+
+With "fallback=True" gettext.translation behaves the same as
+gettext.install and uses NullTranslations in case the
+translation file for given language was not found (as opposed to
+throwing an exception).
+
+Fixes:
+  # LANG is set to any "unsupported" language, e.g. en_US.UTF-8
+  $ chcat --help
+  Traceback (most recent call last):
+  File "/usr/bin/chcat", line 39, in <module>
+    t = gettext.translation(PROGNAME,
+  File "/usr/lib64/python3.9/gettext.py", line 592, in translation
+    raise FileNotFoundError(ENOENT,
+  FileNotFoundError: [Errno 2] No translation file found for domain: 'selinux-python'
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+Reviewed-by: Daniel Burgener <dburgener@linux.microsoft.com>
+Acked-by: Petr Lautrbach <plautrba@redhat.com>
+
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/selinux/commit/344463076b2a91e1d2c7f5cc3835dc1a53a05e88]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ sandbox | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/sandbox b/sandbox
+index cd5709f..789621e 100644
+--- a/sandbox
++++ b/sandbox
+@@ -45,7 +45,8 @@ try:
+         kwargs['unicode'] = True
+     t = gettext.translation(PROGNAME,
+                     localedir="/usr/share/locale",
+-                    **kwargs)
++                    **kwargs,
++                    fallback=True)
+     _ = t.gettext
+ except:
+     try:
+-- 
+2.25.1
+
diff --git a/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch b/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
index e9622f0..6258b7c 100644
--- a/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
+++ b/recipes-security/selinux/selinux-sandbox/sandbox-de-bashify.patch
@@ -1,4 +1,4 @@
-From b92c39f0be5552c19923f75aef4487348a08b7dc Mon Sep 17 00:00:00 2001
+From d592d59eb4e7dbf8ce6dc84b3f4c0026fd7cc60c Mon Sep 17 00:00:00 2001
 From: Joe MacDonald <joe_macdonald@mentor.com>
 Date: Fri, 20 Feb 2015 21:07:47 -0500
 Subject: [PATCH] sandbox: de-bashify
@@ -6,7 +6,7 @@ Subject: [PATCH] sandbox: de-bashify
 There's no bashisms apparent in either the sandbox initscript nor the
 sandboxX script, so point them at /bin/sh instead.
 
-Upstream-Status: Pending
+Upstream-Status: Inappropriate [embedded specific]
 
 Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
@@ -37,5 +37,5 @@ index eaa500d..8755d75 100644
  context=`id -Z | secon -t -l -P`
  export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
 -- 
-2.7.4
+2.25.1
 
diff --git a/recipes-security/selinux/selinux-sandbox_3.3.bb b/recipes-security/selinux/selinux-sandbox_3.4.bb
similarity index 77%
rename from recipes-security/selinux/selinux-sandbox_3.3.bb
rename to recipes-security/selinux/selinux-sandbox_3.4.bb
index cc9baad..a5a8e13 100644
--- a/recipes-security/selinux/selinux-sandbox_3.3.bb
+++ b/recipes-security/selinux/selinux-sandbox_3.4.bb
@@ -9,13 +9,15 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
 require selinux_common.inc
 
-SRC_URI += "file://sandbox-de-bashify.patch"
+SRC_URI += "file://sandbox-de-bashify.patch \
+            file://0001-gettext-handle-unsupported-languages-properly.patch \
+           "
 
 S = "${WORKDIR}/git/sandbox"
 
-DEPENDS += "libcap-ng libselinux"
+DEPENDS = "libselinux libcap-ng gettext-native"
 
-RDEPENDS:${PN} += "\
+RDEPENDS:${PN} = "\
         python3-core \
         python3-math \
         python3-shell \
-- 
2.25.1

[meta-selinux][PATCH 15/16] semodule-utils: upgrade 3.3 -> 3.4

[Yi Zhao]

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 .../{semodule-utils_3.3.bb => semodule-utils_3.4.bb}  | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)
 rename recipes-security/selinux/{semodule-utils_3.3.bb => semodule-utils_3.4.bb} (70%)

diff --git a/recipes-security/selinux/semodule-utils_3.3.bb b/recipes-security/selinux/semodule-utils_3.4.bb
similarity index 70%
rename from recipes-security/selinux/semodule-utils_3.3.bb
rename to recipes-security/selinux/semodule-utils_3.4.bb
index 06e28f4..3f53cf0 100644
--- a/recipes-security/selinux/semodule-utils_3.3.bb
+++ b/recipes-security/selinux/semodule-utils_3.4.bb
@@ -8,10 +8,7 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
 require selinux_common.inc
 
-DEPENDS += "libsepol"
-RDEPENDS:${PN}-dev = ""
-
-EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
+DEPENDS = "libsepol"
 
 S = "${WORKDIR}/git/semodule-utils"
 
@@ -21,9 +18,9 @@ PACKAGES =+ "\
         ${PN}-semodule-package \
 "
 
-FILES:${PN}-semodule-expand += "${bindir}/semodule_expand"
-FILES:${PN}-semodule-link += "${bindir}/semodule_link"
-FILES:${PN}-semodule-package += "\
+FILES:${PN}-semodule-expand = "${bindir}/semodule_expand"
+FILES:${PN}-semodule-link = "${bindir}/semodule_link"
+FILES:${PN}-semodule-package = "\
         ${bindir}/semodule_package \
         ${bindir}/semodule_unpackage \
 "
-- 
2.25.1

[meta-selinux][PATCH 16/16] setools: fix buildpaths issue

[Yi Zhao]

Fixes:
QA Issue: File /usr/src/debug/setools/4.4.0-r0/setools/policyrep.c in package setools-src
contains reference to TMPDIR [buildpaths]

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
 recipes-security/setools/setools_4.4.0.bb | 33 ++++++++++++-----------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/recipes-security/setools/setools_4.4.0.bb b/recipes-security/setools/setools_4.4.0.bb
index f1557b1..81b0bfb 100644
--- a/recipes-security/setools/setools_4.4.0.bb
+++ b/recipes-security/setools/setools_4.4.0.bb
@@ -1,37 +1,38 @@
 SUMMARY = "Policy analysis tools for SELinux"
 DESCRIPTION = "\
 SETools is a collection of graphical tools, command-line tools, and \
-libraries designed to facilitate SELinux policy analysis. \
-\n\
-This meta-package depends upon the main packages necessary to run \
-SETools."
+libraries designed to facilitate SELinux policy analysis."
 SECTION = "base"
 LICENSE = "GPL-2.0-only & LGPL-2.1-only"
 
-S = "${WORKDIR}/git"
 SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.4;protocol=https \
            file://setools4-fixes-for-cross-compiling.patch \
-"
-
+          "
 SRCREV = "4758cdf803d93274f49cb6445cb2bab527d6549f"
 
 LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=83a5eb6974c11f30785e90d0eeccf40c \
                     file://${S}/COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                     file://${S}/COPYING.LGPL;md5=4fbd65380cdd255951079008b364516c"
 
-DEPENDS += "bison-native flex-native swig-native python3 python3-cython-native libsepol libselinux"
+S = "${WORKDIR}/git"
+
+DEPENDS = "python3-cython-native libsepol libselinux"
 
-RDEPENDS:${PN} += "python3-networkx python3-decorator python3-setuptools \
-                   python3-logging python3-json libselinux-python"
+RDEPENDS:${PN} = "python3-networkx python3-setuptools \
+                  python3-logging libselinux-python"
 
-RPROVIDES:${PN} += "${PN}-console"
+RPROVIDES:${PN} = "${PN}-console"
 
 inherit setuptools3
 
+do_install:prepend() {
+    sed -i -e 's:${RECIPE_SYSROOT}::g' ${S}/setools/policyrep.c
+}
+
 do_install:append() {
-	# Need PyQt5 support, disable gui tools
-	rm -f ${D}${bindir}/apol
-	rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setoolsgui
-	rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setools/__pycache__
-	rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setools/*/__pycache__
+    # Need PyQt5 support, disable gui tools
+    rm -f ${D}${bindir}/apol
+    rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setoolsgui
+    rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setools/__pycache__
+    rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setools/*/__pycache__
 }
-- 
2.25.1