* [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5
@ 2023-04-25 17:14 Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 01/13] package/libglib2/0003-disable-building-docs.patch: new patch Adam Duskett
` (13 more replies)
0 siblings, 14 replies; 25+ messages in thread
From: Adam Duskett @ 2023-04-25 17:14 UTC (permalink / raw)
To: buildroot
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
Fabrice Fontaine, Adam Duskett
It's been quite some time since anyone updated the SELinux packages (mainly me!)
Most of the changes are straight forward:
- Update the package to 3.5
- Change the license file from COPYING to LICENSE.
(The COPYING file has been renamed to LICENSE.)
Some notes for specific packages:
- Audit now installs ausearch to /usr/sbin (or we do?) As such, a small patch
for selinux-python is necessary to change the patch for ausearch from /sbin
to /usr/sbin
- libselinux now requires host-pip to install the python modules.
Surprisingly, host-pip3 cross-compiles the modules without issue and just
worked. I should buy a lottery ticket!
- I found out that if you have rst2html5 on the host, the glib meson package
tries to use it to generate documents, which causes a failure on installing
to the target. Luckily we don't want the documents so the fix is to simply
remove the docs/ subdirectroy from meson.build. This patch is tiny and won't
be a headache to maintain.
- A small upstream patch needs to be added to refpolicy to ensure refpolicy
builds without dbus selected.
Tested on Fedora 38. Both with pc_efi and aarch-virt configs.
Other tests ran and passed:
tests.init.test_systemd_selinux.TestSELinuxSystemdExt4
tests.init.test_systemd_selinux.TestSELinuxSystemdSquashfs
tests.core.test_selinux.TestSELinuxCustomGit
tests.core.test_selinux.TestSELinuxExtraModules
tests.core.test_selinux.TestSELinuxExtraModulesDirs
tests.core.test_selinux.TestSELinuxPackage
Changes v1 -> v2:
- Added refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch
Adam Duskett (13):
package/libglib2/0003-disable-building-docs.patch: new patch
package/python-pip: add host variant
package/libsepol: bump to version 3.5
package/libsemanage: bump to version 3.5
package/libselinux: bump to version 3.5
package/policycoreutils: bump to version 3.5
package/checkpolicy: bump to version 3.5
package/restorecond: bump to version 3.5
package/semodule-utils: bump to version 3.5
package/audit: bump to version 3.1
package/selinux-python: bump to version 3.5
package/setools: bump to version 4.4.2
package/refpolicy: bump to version 2.20221101
package/audit/audit.hash | 2 +-
package/audit/audit.mk | 2 +-
package/checkpolicy/checkpolicy.hash | 4 +-
package/checkpolicy/checkpolicy.mk | 4 +-
.../libglib2/0003-disable-building-docs.patch | 38 ++++++++++++++
package/libselinux/0001-fix-musl-build.patch | 4 +-
...T-and-rely-on-the-installed-file-nam.patch | 8 +--
package/libselinux/Config.in | 1 +
package/libselinux/libselinux.hash | 2 +-
package/libselinux/libselinux.mk | 16 ++++--
package/libsemanage/libsemanage.hash | 4 +-
package/libsemanage/libsemanage.mk | 4 +-
package/libsepol/libsepol.hash | 4 +-
package/libsepol/libsepol.mk | 4 +-
...-all-paths-that-use-an-absolute-path.patch | 2 +-
package/policycoreutils/policycoreutils.hash | 4 +-
package/policycoreutils/policycoreutils.mk | 4 +-
package/python-pip/python-pip.mk | 1 +
...ount-dbus-interface-must-be-optional.patch | 33 ++++++++++++
package/refpolicy/refpolicy.hash | 2 +-
package/refpolicy/refpolicy.mk | 2 +-
package/restorecond/restorecond.hash | 4 +-
package/restorecond/restorecond.mk | 4 +-
.../0001-fix-ausearch-path.patch | 37 ++++++++++++++
package/selinux-python/selinux-python.hash | 4 +-
package/selinux-python/selinux-python.mk | 4 +-
package/semodule-utils/semodule-utils.hash | 4 +-
package/semodule-utils/semodule-utils.mk | 4 +-
...e-setools.InfoFlowAnalysis-and-setoo.patch | 50 +++++++++----------
package/setools/setools.hash | 4 +-
package/setools/setools.mk | 2 +-
31 files changed, 191 insertions(+), 71 deletions(-)
create mode 100644 package/libglib2/0003-disable-building-docs.patch
create mode 100644 package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch
create mode 100644 package/selinux-python/0001-fix-ausearch-path.patch
--
2.40.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 25+ messages in thread
* [Buildroot] [PATCH v2 01/13] package/libglib2/0003-disable-building-docs.patch: new patch
2023-04-25 17:14 [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Adam Duskett
@ 2023-04-25 17:14 ` Adam Duskett
2023-04-25 21:03 ` Peter Seiderer
2023-05-09 19:43 ` Yann E. MORIN
2023-04-25 17:14 ` [Buildroot] [PATCH v2 02/13] package/python-pip: add host variant Adam Duskett
` (12 subsequent siblings)
13 siblings, 2 replies; 25+ messages in thread
From: Adam Duskett @ 2023-04-25 17:14 UTC (permalink / raw)
To: buildroot
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
Fabrice Fontaine, Adam Duskett
If rst2html5 is installed on a host system, meson will attempt to build
html5 documentation from the docs directory, resulting in the following
error:
/usr/local/bin/rst2html5.py
Traceback (most recent call last):
File "/usr/local/bin/rst2html5.py", line 27, in <module>
from docutils.core import publish_cmdline, default_description
ModuleNotFoundError: No module named 'docutils'
Since we don't need, nor want to build the documentation, remove the docs
subdirectory from being built entirely.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
.../libglib2/0003-disable-building-docs.patch | 38 +++++++++++++++++++
1 file changed, 38 insertions(+)
create mode 100644 package/libglib2/0003-disable-building-docs.patch
diff --git a/package/libglib2/0003-disable-building-docs.patch b/package/libglib2/0003-disable-building-docs.patch
new file mode 100644
index 0000000000..27a540bf61
--- /dev/null
+++ b/package/libglib2/0003-disable-building-docs.patch
@@ -0,0 +1,38 @@
+From f3b8515471aaa452f06d84da68372fcead8637d2 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <aduskett@gmail.com>
+Date: Mon, 24 Apr 2023 11:52:24 -0700
+Subject: [PATCH 1/1] disable building docs
+
+If rst2html5 is installed on a host system, meson will attempt to build
+html5 documentation from the docs directory, resulting in the following
+error:
+
+/usr/local/bin/rst2html5.py
+Traceback (most recent call last):
+ File "/usr/local/bin/rst2html5.py", line 27, in <module>
+ from docutils.core import publish_cmdline, default_description
+ModuleNotFoundError: No module named 'docutils'
+
+Since we don't need, nor want to build the documentation, remove the docs
+subdirectory from being built entirely.
+
+Signed-off-by: Adam Duskett <aduskett@gmail.com>
+---
+ meson.build | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/meson.build b/meson.build
+index 0cbc968..28e1147 100644
+--- a/meson.build
++++ b/meson.build
+@@ -2442,7 +2442,6 @@ if get_option('man')
+ endif
+
+ gnome = import('gnome')
+-subdir('docs/reference')
+
+ summary({
+ 'host cpu' : host_machine.cpu_family(),
+--
+2.40.0
+
--
2.40.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [Buildroot] [PATCH v2 02/13] package/python-pip: add host variant
2023-04-25 17:14 [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 01/13] package/libglib2/0003-disable-building-docs.patch: new patch Adam Duskett
@ 2023-04-25 17:14 ` Adam Duskett
2023-05-09 21:00 ` Yann E. MORIN
2023-06-12 15:52 ` Peter Korsgaard
2023-04-25 17:14 ` [Buildroot] [PATCH v2 03/13] package/libsepol: bump to version 3.5 Adam Duskett
` (11 subsequent siblings)
13 siblings, 2 replies; 25+ messages in thread
From: Adam Duskett @ 2023-04-25 17:14 UTC (permalink / raw)
To: buildroot
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
Fabrice Fontaine, Adam Duskett
In the following patch that updates libselinux, the libselinux python tools now
require pip to install.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
package/python-pip/python-pip.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/python-pip/python-pip.mk b/package/python-pip/python-pip.mk
index 8cf3aaa3ec..35ad7bede2 100644
--- a/package/python-pip/python-pip.mk
+++ b/package/python-pip/python-pip.mk
@@ -14,3 +14,4 @@ PYTHON_PIP_CPE_ID_VENDOR = pypa
PYTHON_PIP_CPE_ID_PRODUCT = pip
$(eval $(python-package))
+$(eval $(host-python-package))
--
2.40.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [Buildroot] [PATCH v2 03/13] package/libsepol: bump to version 3.5
2023-04-25 17:14 [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 01/13] package/libglib2/0003-disable-building-docs.patch: new patch Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 02/13] package/python-pip: add host variant Adam Duskett
@ 2023-04-25 17:14 ` Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 04/13] package/libsemanage: " Adam Duskett
` (10 subsequent siblings)
13 siblings, 0 replies; 25+ messages in thread
From: Adam Duskett @ 2023-04-25 17:14 UTC (permalink / raw)
To: buildroot
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
Fabrice Fontaine, Adam Duskett
Change the license file to LICENSE. The hash remains the same.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
package/libsepol/libsepol.hash | 4 ++--
package/libsepol/libsepol.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/libsepol/libsepol.hash b/package/libsepol/libsepol.hash
index 039e4e3c7e..c243aaae2b 100644
--- a/package/libsepol/libsepol.hash
+++ b/package/libsepol/libsepol.hash
@@ -1,5 +1,5 @@
# From: https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 2d97df3eb8466169b389c3660acbb90c54200ac96e452eca9f41a9639f4f238b libsepol-3.3.tar.gz
+sha256 78fdaf69924db780bac78546e43d9c44074bad798c2c415d0b9bb96d065ee8a2 libsepol-3.5.tar.gz
# Hash for license file
-sha256 6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3 COPYING
+sha256 6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3 LICENSE
diff --git a/package/libsepol/libsepol.mk b/package/libsepol/libsepol.mk
index 8551a5de79..f7782542ec 100644
--- a/package/libsepol/libsepol.mk
+++ b/package/libsepol/libsepol.mk
@@ -4,10 +4,10 @@
#
################################################################################
-LIBSEPOL_VERSION = 3.3
+LIBSEPOL_VERSION = 3.5
LIBSEPOL_SITE = https://github.com/SELinuxProject/selinux/releases/download/$(LIBSEPOL_VERSION)
LIBSEPOL_LICENSE = LGPL-2.1+
-LIBSEPOL_LICENSE_FILES = COPYING
+LIBSEPOL_LICENSE_FILES = LICENSE
LIBSEPOL_CPE_ID_VENDOR = selinuxproject
LIBSEPOL_INSTALL_STAGING = YES
--
2.40.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [Buildroot] [PATCH v2 04/13] package/libsemanage: bump to version 3.5
2023-04-25 17:14 [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Adam Duskett
` (2 preceding siblings ...)
2023-04-25 17:14 ` [Buildroot] [PATCH v2 03/13] package/libsepol: bump to version 3.5 Adam Duskett
@ 2023-04-25 17:14 ` Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 05/13] package/libselinux: " Adam Duskett
` (9 subsequent siblings)
13 siblings, 0 replies; 25+ messages in thread
From: Adam Duskett @ 2023-04-25 17:14 UTC (permalink / raw)
To: buildroot
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
Fabrice Fontaine, Adam Duskett
Change the license file to LICENSE. The hash remains the same.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
package/libsemanage/libsemanage.hash | 4 ++--
package/libsemanage/libsemanage.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/libsemanage/libsemanage.hash b/package/libsemanage/libsemanage.hash
index 1f333aac30..73df34bde9 100644
--- a/package/libsemanage/libsemanage.hash
+++ b/package/libsemanage/libsemanage.hash
@@ -1,5 +1,5 @@
# From: https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 84d0ec5afa34bbbb471f602d8c1bf317d12443d07852a34b60741d428d597ce8 libsemanage-3.3.tar.gz
+sha256 f53534e50247538280ed0d76c6ce81d8fb3939bd64cadb89da10dba42e40dd9c libsemanage-3.5.tar.gz
# Hash for license file
-sha256 6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3 COPYING
+sha256 6095e9ffa777dd22839f7801aa845b31c9ed07f3d6bf8a26dc5d2dec8ccc0ef3 LICENSE
diff --git a/package/libsemanage/libsemanage.mk b/package/libsemanage/libsemanage.mk
index db9f16bb6a..0fbdc5ae8d 100644
--- a/package/libsemanage/libsemanage.mk
+++ b/package/libsemanage/libsemanage.mk
@@ -4,10 +4,10 @@
#
################################################################################
-LIBSEMANAGE_VERSION = 3.3
+LIBSEMANAGE_VERSION = 3.5
LIBSEMANAGE_SITE = https://github.com/SELinuxProject/selinux/releases/download/$(LIBSEMANAGE_VERSION)
LIBSEMANAGE_LICENSE = LGPL-2.1+
-LIBSEMANAGE_LICENSE_FILES = COPYING
+LIBSEMANAGE_LICENSE_FILES = LICENSE
LIBSEMANAGE_DEPENDENCIES = host-bison host-flex audit libselinux bzip2
LIBSEMANAGE_CPE_ID_VENDOR = selinuxproject
LIBSEMANAGE_INSTALL_STAGING = YES
--
2.40.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [Buildroot] [PATCH v2 05/13] package/libselinux: bump to version 3.5
2023-04-25 17:14 [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Adam Duskett
` (3 preceding siblings ...)
2023-04-25 17:14 ` [Buildroot] [PATCH v2 04/13] package/libsemanage: " Adam Duskett
@ 2023-04-25 17:14 ` Adam Duskett
2023-05-09 21:02 ` Yann E. MORIN
2023-04-25 17:14 ` [Buildroot] [PATCH v2 06/13] package/policycoreutils: " Adam Duskett
` (8 subsequent siblings)
13 siblings, 1 reply; 25+ messages in thread
From: Adam Duskett @ 2023-04-25 17:14 UTC (permalink / raw)
To: buildroot
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
Fabrice Fontaine, Adam Duskett
- libselinux now requires pip to install the python tools.
- Rebase patches for version 3.5
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
package/libselinux/0001-fix-musl-build.patch | 4 ++--
...CEXT-and-rely-on-the-installed-file-nam.patch | 8 ++++----
package/libselinux/Config.in | 1 +
package/libselinux/libselinux.hash | 2 +-
package/libselinux/libselinux.mk | 16 +++++++++++++---
5 files changed, 21 insertions(+), 10 deletions(-)
diff --git a/package/libselinux/0001-fix-musl-build.patch b/package/libselinux/0001-fix-musl-build.patch
index 44189e6400..b8b16be26f 100644
--- a/package/libselinux/0001-fix-musl-build.patch
+++ b/package/libselinux/0001-fix-musl-build.patch
@@ -12,13 +12,13 @@ Domain, and we want to avoid license propagation, so this macro is
completely written from scratch, and non-optimal.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
-[Updated for 3.0]
+[Updated for 3.5]
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
diff --git a/src/booleans.c b/src/booleans.c
index ffa8d26..8569002 100644
--- a/src/booleans.c
+++ b/src/booleans.c
-@@ -65,6 +65,14 @@ int security_get_boolean_names(char ***names, int *len)
+@@ -64,6 +64,14 @@ int security_get_boolean_names(char ***names, int *len)
goto bad;
}
diff --git a/package/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch b/package/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
index 18c79b3b4d..c744ca4069 100644
--- a/package/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
+++ b/package/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
@@ -18,7 +18,7 @@ was installed.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
[Refreshed for 3.1]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-[Refreshed for 3.0]
+[Refreshed for 3.5]
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
---
src/Makefile | 3 +--
@@ -31,14 +31,14 @@ index 190016e2af34..7ee22fd35da3 100644
@@ -15,7 +15,6 @@ INCLUDEDIR ?= $(PREFIX)/include
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
- PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))")
+ PYTHONLIBDIR ?= $(shell $(PYTHON) -c "import sysconfig; print(sysconfig.get_path('platlib', vars={'platbase': '$(PREFIX)', 'base': '$(PREFIX)'}))")
-PYCEXT ?= $(shell $(PYTHON) -c 'import importlib.machinery;print(importlib.machinery.EXTENSION_SUFFIXES[0])')
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]')
RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
-@@ -184,7 +183,7 @@ install: all
+@@ -189,7 +188,7 @@ install: all
install-pywrap: pywrap
- $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS)
+ $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --ignore-installed --no-deps` $(PYTHON_SETUP_ARGS) .
install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
- ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
+ ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux*.so $(DESTDIR)$(PYTHONLIBDIR)/
diff --git a/package/libselinux/Config.in b/package/libselinux/Config.in
index 3098fe3ea4..bc40e32a46 100644
--- a/package/libselinux/Config.in
+++ b/package/libselinux/Config.in
@@ -6,6 +6,7 @@ config BR2_PACKAGE_LIBSELINUX
select BR2_PACKAGE_LIBSEPOL
select BR2_PACKAGE_PCRE2
select BR2_PACKAGE_MUSL_FTS if !BR2_TOOLCHAIN_USES_GLIBC
+ select BR2_PACKAGE_PYTHON_SETUPTOOLS if BR2_PACKAGE_PYTHON3
help
libselinux is the runtime SELinux library that provides
interfaces (e.g. library functions for the SELinux kernel
diff --git a/package/libselinux/libselinux.hash b/package/libselinux/libselinux.hash
index a2e0083f7b..14bc627a80 100644
--- a/package/libselinux/libselinux.hash
+++ b/package/libselinux/libselinux.hash
@@ -1,5 +1,5 @@
# From: https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 acfdee27633d2496508c28727c3d41d3748076f66d42fccde2e6b9f3463a7057 libselinux-3.3.tar.gz
+sha256 9a3a3705ac13a2ccca2de6d652b6356fead10f36fb33115c185c5ccdf29eec19 libselinux-3.5.tar.gz
# Hash for license file
sha256 86657b4c0fe868d7cbd977cb04c63b6c667e08fa51595a7bc846ad4bed8fc364 LICENSE
diff --git a/package/libselinux/libselinux.mk b/package/libselinux/libselinux.mk
index db35da130f..b8de21edaa 100644
--- a/package/libselinux/libselinux.mk
+++ b/package/libselinux/libselinux.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBSELINUX_VERSION = 3.3
+LIBSELINUX_VERSION = 3.5
LIBSELINUX_SITE = https://github.com/SELinuxProject/selinux/releases/download/$(LIBSELINUX_VERSION)
LIBSELINUX_LICENSE = Public Domain
LIBSELINUX_LICENSE_FILES = LICENSE
@@ -31,7 +31,11 @@ LIBSELINUX_MAKE_OPTS += FTS_LDLIBS=-lfts
endif
ifeq ($(BR2_PACKAGE_PYTHON3),y)
-LIBSELINUX_DEPENDENCIES += python3 host-swig
+LIBSELINUX_DEPENDENCIES += \
+ python3 \
+ python-setuptools \
+ host-python-pip \
+ host-swig
LIBSELINUX_MAKE_OPTS += \
$(PKG_PYTHON_DISTUTILS_ENV) \
@@ -77,7 +81,13 @@ define LIBSELINUX_INSTALL_TARGET_CMDS
endef
HOST_LIBSELINUX_DEPENDENCIES = \
- host-pkgconf host-libsepol host-pcre2 host-swig host-python3
+ host-pkgconf \
+ host-libsepol \
+ host-pcre2 \
+ host-swig \
+ host-python3 \
+ host-python-pip \
+ host-python-setuptools
HOST_LIBSELINUX_MAKE_OPTS = \
$(HOST_CONFIGURE_OPTS) \
--
2.40.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [Buildroot] [PATCH v2 06/13] package/policycoreutils: bump to version 3.5
2023-04-25 17:14 [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Adam Duskett
` (4 preceding siblings ...)
2023-04-25 17:14 ` [Buildroot] [PATCH v2 05/13] package/libselinux: " Adam Duskett
@ 2023-04-25 17:14 ` Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 07/13] package/checkpolicy: " Adam Duskett
` (7 subsequent siblings)
13 siblings, 0 replies; 25+ messages in thread
From: Adam Duskett @ 2023-04-25 17:14 UTC (permalink / raw)
To: buildroot
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
Fabrice Fontaine, Adam Duskett
Change the license file to LICENSE. The hash remains the same.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
...1-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch | 2 +-
package/policycoreutils/policycoreutils.hash | 4 ++--
package/policycoreutils/policycoreutils.mk | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch b/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch
index aa75ca63c0..18f0001aef 100644
--- a/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch
+++ b/package/policycoreutils/0001-Add-DESTDIR-to-all-paths-that-use-an-absolute-path.patch
@@ -32,7 +32,7 @@ index a3bbbe1..df675cf 100644
+AUDITH ?= $(shell test -f $(DESTDIR)$(PREFIX)/include/libaudit.h && echo y)
CFLAGS ?= -g -Werror -Wall -W
- override LDLIBS += -lselinux -lsepol
+ override LDLIBS += -lselinux -lsepol -lpthread
--
2.13.6
diff --git a/package/policycoreutils/policycoreutils.hash b/package/policycoreutils/policycoreutils.hash
index e7f006b023..e29d192b13 100644
--- a/package/policycoreutils/policycoreutils.hash
+++ b/package/policycoreutils/policycoreutils.hash
@@ -1,3 +1,3 @@
# https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 d1331c6fa766c547b071c491de90b9f343c8dbffdb119be8a5a7e491199b93a9 policycoreutils-3.2.tar.gz
-sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
+sha256 78453e1529fbbf800e88860094d555e781ce1fba11a7ef77b5aabb43e1173276 policycoreutils-3.5.tar.gz
+sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 LICENSE
diff --git a/package/policycoreutils/policycoreutils.mk b/package/policycoreutils/policycoreutils.mk
index 8505dbca3f..61d91066d4 100644
--- a/package/policycoreutils/policycoreutils.mk
+++ b/package/policycoreutils/policycoreutils.mk
@@ -4,10 +4,10 @@
#
################################################################################
-POLICYCOREUTILS_VERSION = 3.2
+POLICYCOREUTILS_VERSION = 3.5
POLICYCOREUTILS_SITE = https://github.com/SELinuxProject/selinux/releases/download/$(POLICYCOREUTILS_VERSION)
POLICYCOREUTILS_LICENSE = GPL-2.0
-POLICYCOREUTILS_LICENSE_FILES = COPYING
+POLICYCOREUTILS_LICENSE_FILES = LICENSE
POLICYCOREUTILS_CPE_ID_VENDOR = selinuxproject
POLICYCOREUTILS_DEPENDENCIES = libsemanage libcap-ng $(TARGET_NLS_DEPENDENCIES)
--
2.40.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [Buildroot] [PATCH v2 07/13] package/checkpolicy: bump to version 3.5
2023-04-25 17:14 [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Adam Duskett
` (5 preceding siblings ...)
2023-04-25 17:14 ` [Buildroot] [PATCH v2 06/13] package/policycoreutils: " Adam Duskett
@ 2023-04-25 17:14 ` Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 08/13] package/restorecond: " Adam Duskett
` (6 subsequent siblings)
13 siblings, 0 replies; 25+ messages in thread
From: Adam Duskett @ 2023-04-25 17:14 UTC (permalink / raw)
To: buildroot
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
Fabrice Fontaine, Adam Duskett
Change the license file to LICENSE. The hash remains the same.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
package/checkpolicy/checkpolicy.hash | 4 ++--
package/checkpolicy/checkpolicy.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/checkpolicy/checkpolicy.hash b/package/checkpolicy/checkpolicy.hash
index 3586389047..fcfd81c554 100644
--- a/package/checkpolicy/checkpolicy.hash
+++ b/package/checkpolicy/checkpolicy.hash
@@ -1,5 +1,5 @@
# https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 25c84edfa3a10ab8cb073b97bc55cb66377532d54a2723da9accdabd05431485 checkpolicy-3.3.tar.gz
+sha256 7aa48ab2222a0b9881111d6d7f70c3014d3d9338827d9e02df105a68c0df5dbc checkpolicy-3.5.tar.gz
# Hash for license file
-sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
+sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 LICENSE
diff --git a/package/checkpolicy/checkpolicy.mk b/package/checkpolicy/checkpolicy.mk
index baf16fb802..024d306233 100644
--- a/package/checkpolicy/checkpolicy.mk
+++ b/package/checkpolicy/checkpolicy.mk
@@ -4,10 +4,10 @@
#
################################################################################
-CHECKPOLICY_VERSION = 3.3
+CHECKPOLICY_VERSION = 3.5
CHECKPOLICY_SITE = https://github.com/SELinuxProject/selinux/releases/download/$(CHECKPOLICY_VERSION)
CHECKPOLICY_LICENSE = GPL-2.0
-CHECKPOLICY_LICENSE_FILES = COPYING
+CHECKPOLICY_LICENSE_FILES = LICENSE
CHECKPOLICY_DEPENDENCIES = libselinux flex host-flex host-bison
--
2.40.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [Buildroot] [PATCH v2 08/13] package/restorecond: bump to version 3.5
2023-04-25 17:14 [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Adam Duskett
` (6 preceding siblings ...)
2023-04-25 17:14 ` [Buildroot] [PATCH v2 07/13] package/checkpolicy: " Adam Duskett
@ 2023-04-25 17:14 ` Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 09/13] package/semodule-utils: " Adam Duskett
` (5 subsequent siblings)
13 siblings, 0 replies; 25+ messages in thread
From: Adam Duskett @ 2023-04-25 17:14 UTC (permalink / raw)
To: buildroot
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
Fabrice Fontaine, Adam Duskett
Change the license file to LICENSE. The hash remains the same.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
package/restorecond/restorecond.hash | 4 ++--
package/restorecond/restorecond.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/restorecond/restorecond.hash b/package/restorecond/restorecond.hash
index b38c6dcf14..215c9192f4 100644
--- a/package/restorecond/restorecond.hash
+++ b/package/restorecond/restorecond.hash
@@ -1,5 +1,5 @@
# https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 218c3d8873f31764e3c82d53ac713c0c9faaa07caf42ed7184e93ca2b27d8f27 restorecond-3.3.tar.gz
+sha256 f00d8caddb6aba2793c65e69154d04671b52f3d37e081b0e96c1b443fe23c2fe restorecond-3.5.tar.gz
# Hash for license file
-sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
+sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 LICENSE
diff --git a/package/restorecond/restorecond.mk b/package/restorecond/restorecond.mk
index 7d6ed86f08..cd40905230 100644
--- a/package/restorecond/restorecond.mk
+++ b/package/restorecond/restorecond.mk
@@ -4,10 +4,10 @@
#
################################################################################
-RESTORECOND_VERSION = 3.3
+RESTORECOND_VERSION = 3.5
RESTORECOND_SITE = https://github.com/SELinuxProject/selinux/releases/download/$(RESTORECOND_VERSION)
RESTORECOND_LICENSE = GPL-2.0
-RESTORECOND_LICENSE_FILES = COPYING
+RESTORECOND_LICENSE_FILES = LICENSE
RESTORECOND_DEPENDENCIES = libglib2 libsepol libselinux dbus-glib
--
2.40.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [Buildroot] [PATCH v2 09/13] package/semodule-utils: bump to version 3.5
2023-04-25 17:14 [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Adam Duskett
` (7 preceding siblings ...)
2023-04-25 17:14 ` [Buildroot] [PATCH v2 08/13] package/restorecond: " Adam Duskett
@ 2023-04-25 17:14 ` Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 10/13] package/audit: bump to version 3.1 Adam Duskett
` (4 subsequent siblings)
13 siblings, 0 replies; 25+ messages in thread
From: Adam Duskett @ 2023-04-25 17:14 UTC (permalink / raw)
To: buildroot
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
Fabrice Fontaine, Adam Duskett
Change the license file to LICENSE. The hash remains the same.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
package/semodule-utils/semodule-utils.hash | 4 ++--
package/semodule-utils/semodule-utils.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/semodule-utils/semodule-utils.hash b/package/semodule-utils/semodule-utils.hash
index c252506df5..ac3357d3fa 100644
--- a/package/semodule-utils/semodule-utils.hash
+++ b/package/semodule-utils/semodule-utils.hash
@@ -1,5 +1,5 @@
# https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 3098ec5e5f04a1dbbf4aa569b63a4570750a9fe0d4da14ce45954aa300a17063 semodule-utils-3.3.tar.gz
+sha256 c9a550a737051ebaf2c102f665c7ec2f85e7232870980aa0067998459b414283 semodule-utils-3.5.tar.gz
# Hash for license file
-sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
+sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 LICENSE
diff --git a/package/semodule-utils/semodule-utils.mk b/package/semodule-utils/semodule-utils.mk
index a9388f7ee8..9a0f084128 100644
--- a/package/semodule-utils/semodule-utils.mk
+++ b/package/semodule-utils/semodule-utils.mk
@@ -4,10 +4,10 @@
#
################################################################################
-SEMODULE_UTILS_VERSION = 3.3
+SEMODULE_UTILS_VERSION = 3.5
SEMODULE_UTILS_SITE = https://github.com/SELinuxProject/selinux/releases/download/$(SEMODULE_UTILS_VERSION)
SEMODULE_UTILS_LICENSE = GPL-2.0
-SEMODULE_UTILS_LICENSE_FILES = COPYING
+SEMODULE_UTILS_LICENSE_FILES = LICENSE
SEMODULE_UTILS_DEPENDENCIES = libsepol
SEMODULE_UTILS_MAKE_OPTS += \
--
2.40.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [Buildroot] [PATCH v2 10/13] package/audit: bump to version 3.1
2023-04-25 17:14 [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Adam Duskett
` (8 preceding siblings ...)
2023-04-25 17:14 ` [Buildroot] [PATCH v2 09/13] package/semodule-utils: " Adam Duskett
@ 2023-04-25 17:14 ` Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 11/13] package/selinux-python: bump to version 3.5 Adam Duskett
` (3 subsequent siblings)
13 siblings, 0 replies; 25+ messages in thread
From: Adam Duskett @ 2023-04-25 17:14 UTC (permalink / raw)
To: buildroot
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
Fabrice Fontaine, Adam Duskett
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
package/audit/audit.hash | 2 +-
package/audit/audit.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/audit/audit.hash b/package/audit/audit.hash
index 6260f158d8..87c00ec241 100644
--- a/package/audit/audit.hash
+++ b/package/audit/audit.hash
@@ -1,4 +1,4 @@
#Locally computed
-sha256 8b4c78632a9301a1c7f859b0e38fc0b9c260b8214d6b7c771bf28b3d73a62597 audit-3.0.7.tar.gz
+sha256 b5cf3cdabb2786c08b1de3599a3b1a547e55f7a9f9c1eb2078f5b44cf44e8378 audit-3.1.tar.gz
sha256 32b1062f7da84967e7019d01ab805935caa7ab7321a7ced0e30ebe75e5df1670 COPYING
sha256 f18a0811fa0e220ccbc42f661545e77f0388631e209585ed582a1c693029c6aa COPYING.LIB
diff --git a/package/audit/audit.mk b/package/audit/audit.mk
index 77e7c24000..252f5865b5 100644
--- a/package/audit/audit.mk
+++ b/package/audit/audit.mk
@@ -4,7 +4,7 @@
#
################################################################################
-AUDIT_VERSION = 3.0.7
+AUDIT_VERSION = 3.1
AUDIT_SITE = http://people.redhat.com/sgrubb/audit
AUDIT_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (libraries)
AUDIT_LICENSE_FILES = COPYING COPYING.LIB
--
2.40.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [Buildroot] [PATCH v2 11/13] package/selinux-python: bump to version 3.5
2023-04-25 17:14 [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Adam Duskett
` (9 preceding siblings ...)
2023-04-25 17:14 ` [Buildroot] [PATCH v2 10/13] package/audit: bump to version 3.1 Adam Duskett
@ 2023-04-25 17:14 ` Adam Duskett
2023-05-09 21:05 ` Yann E. MORIN
2023-04-25 17:14 ` [Buildroot] [PATCH v2 12/13] package/setools: bump to version 4.4.2 Adam Duskett
` (2 subsequent siblings)
13 siblings, 1 reply; 25+ messages in thread
From: Adam Duskett @ 2023-04-25 17:14 UTC (permalink / raw)
To: buildroot
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
Fabrice Fontaine, Adam Duskett
Also:
- Change the license file to LICENSE. The hash remains the same.
- Add 0001-fix-ausearch-path.patch as audit 3.1 installs ausearch to
/usr/sbin not /sbin
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
.../0001-fix-ausearch-path.patch | 37 +++++++++++++++++++
package/selinux-python/selinux-python.hash | 4 +-
package/selinux-python/selinux-python.mk | 4 +-
3 files changed, 41 insertions(+), 4 deletions(-)
create mode 100644 package/selinux-python/0001-fix-ausearch-path.patch
diff --git a/package/selinux-python/0001-fix-ausearch-path.patch b/package/selinux-python/0001-fix-ausearch-path.patch
new file mode 100644
index 0000000000..c5f0a990ed
--- /dev/null
+++ b/package/selinux-python/0001-fix-ausearch-path.patch
@@ -0,0 +1,37 @@
+From 7a2456f18a49fa70de1f9ace12512bb00437b6ba Mon Sep 17 00:00:00 2001
+From: Adam Duskett <aduskett@gmail.com>
+Date: Mon, 24 Apr 2023 12:25:19 -0700
+Subject: [PATCH 1/1] fix ausearch path
+
+ausearch is installed in /usr/sbin not /sbin
+
+Signed-off-by: Adam Duskett <aduskett@gmail.com>
+---
+ sepolgen/src/sepolgen/audit.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
+index 4adb851..5afe85d 100644
+--- a/sepolgen/src/sepolgen/audit.py
++++ b/sepolgen/src/sepolgen/audit.py
+@@ -41,7 +41,7 @@ def get_audit_boot_msgs():
+ s = time.localtime(time.time() - off)
+ bootdate = time.strftime("%x", s)
+ boottime = time.strftime("%X", s)
+- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
++ output = subprocess.Popen(["/usr/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
+ stdout=subprocess.PIPE).communicate()[0]
+ if util.PY3:
+ output = util.decode_input(output)
+@@ -56,7 +56,7 @@ def get_audit_msgs():
+ string contain all of the audit messages returned by ausearch.
+ """
+ import subprocess
+- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
++ output = subprocess.Popen(["/usr/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
+ stdout=subprocess.PIPE).communicate()[0]
+ if util.PY3:
+ output = util.decode_input(output)
+--
+2.40.0
+
diff --git a/package/selinux-python/selinux-python.hash b/package/selinux-python/selinux-python.hash
index 6ada3fee36..3592540703 100644
--- a/package/selinux-python/selinux-python.hash
+++ b/package/selinux-python/selinux-python.hash
@@ -1,5 +1,5 @@
# https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 8ad91061300387996ccb474962fb93dde263d924aa8f740618be16b22e2444ec selinux-python-3.3.tar.gz
+sha256 8245bb4dae59333461f19ca0c79a829081f07972fa5e3ad4c2b2b917dd71d96b selinux-python-3.5.tar.gz
# Hash for license file
-sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
+sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 LICENSE
diff --git a/package/selinux-python/selinux-python.mk b/package/selinux-python/selinux-python.mk
index 0cec602f3d..7505474aa4 100644
--- a/package/selinux-python/selinux-python.mk
+++ b/package/selinux-python/selinux-python.mk
@@ -4,10 +4,10 @@
#
################################################################################
-SELINUX_PYTHON_VERSION = 3.3
+SELINUX_PYTHON_VERSION = 3.5
SELINUX_PYTHON_SITE = https://github.com/SELinuxProject/selinux/releases/download/$(SELINUX_PYTHON_VERSION)
SELINUX_PYTHON_LICENSE = GPL-2.0
-SELINUX_PYTHON_LICENSE_FILES = COPYING
+SELINUX_PYTHON_LICENSE_FILES = LICENSE
SELINUX_PYTHON_DEPENDENCIES = python3
SELINUX_PYTHON_MAKE_OPTS += \
--
2.40.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [Buildroot] [PATCH v2 12/13] package/setools: bump to version 4.4.2
2023-04-25 17:14 [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Adam Duskett
` (10 preceding siblings ...)
2023-04-25 17:14 ` [Buildroot] [PATCH v2 11/13] package/selinux-python: bump to version 3.5 Adam Duskett
@ 2023-04-25 17:14 ` Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 13/13] package/refpolicy: bump to version 2.20221101 Adam Duskett
2023-05-09 21:00 ` [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Yann E. MORIN
13 siblings, 0 replies; 25+ messages in thread
From: Adam Duskett @ 2023-04-25 17:14 UTC (permalink / raw)
To: buildroot
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
Fabrice Fontaine, Adam Duskett
In addition:
- Refresh 0001-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
- Update COPYING hash as the license file has been rewritten for clarity.
However, the licenses have not been changed.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
...e-setools.InfoFlowAnalysis-and-setoo.patch | 50 +++++++++----------
package/setools/setools.hash | 4 +-
package/setools/setools.mk | 2 +-
3 files changed, 28 insertions(+), 28 deletions(-)
diff --git a/package/setools/0001-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/package/setools/0001-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
index 3c3ae97dff..36063a4e13 100644
--- a/package/setools/0001-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
+++ b/package/setools/0001-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
@@ -15,22 +15,22 @@ sedta and seinfoflow to require python3-networkx
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
[Refreshed for 4.3.0]
Signed-off-by: Adam Duskett <aduskett@gmail.com>
-[Refreshed for 4.4.0]
+[Refreshed for 4.4.2]
---
sedta | 3 ++-
seinfoflow | 5 +++--
setools/__init__.py | 4 ++--
setoolsgui/apol/dta.py | 2 +-
setoolsgui/apol/infoflow.py | 2 +-
- tests/dta.py | 2 +-
- tests/infoflow.py | 2 +-
+ tests/test_dta.py | 2 +-
+ tests/test_infoflow.py | 2 +-
7 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/sedta b/sedta
-index 60861ca630a5..0056172a55e5 100755
+index ffd9ede..4c53825 100755
--- a/sedta
+++ b/sedta
-@@ -23,6 +23,7 @@ import logging
+@@ -10,6 +10,7 @@ import logging
import signal
import setools
@@ -38,7 +38,7 @@ index 60861ca630a5..0056172a55e5 100755
def print_transition(trans: setools.DomainTransition) -> None:
-@@ -114,7 +115,7 @@ else:
+@@ -104,7 +105,7 @@ else:
try:
p = setools.SELinuxPolicy(args.policy)
@@ -48,10 +48,10 @@ index 60861ca630a5..0056172a55e5 100755
if args.shortest_path or args.all_paths:
if args.shortest_path:
diff --git a/seinfoflow b/seinfoflow
-index f10c39de4d8e..fe733bbd0787 100755
+index 5f4e764..a27b781 100755
--- a/seinfoflow
+++ b/seinfoflow
-@@ -18,6 +18,7 @@
+@@ -5,6 +5,7 @@
#
import setools
@@ -59,7 +59,7 @@ index f10c39de4d8e..fe733bbd0787 100755
import argparse
import sys
import logging
-@@ -102,8 +103,8 @@ elif args.booleans is not None:
+@@ -91,8 +92,8 @@ elif args.booleans is not None:
try:
p = setools.SELinuxPolicy(args.policy)
m = setools.PermissionMap(args.map)
@@ -71,10 +71,10 @@ index f10c39de4d8e..fe733bbd0787 100755
if args.shortest_path or args.all_paths:
if args.shortest_path:
diff --git a/setools/__init__.py b/setools/__init__.py
-index d72d343..4d5aaaa 100644
+index ad9b36a..2bde01b 100644
--- a/setools/__init__.py
+++ b/setools/__init__.py
-@@ -91,11 +91,11 @@ from .pcideviceconquery import PcideviceconQuery
+@@ -77,11 +77,11 @@ from .pcideviceconquery import PcideviceconQuery
from .devicetreeconquery import DevicetreeconQuery
# Information Flow Analysis
@@ -89,10 +89,10 @@ index d72d343..4d5aaaa 100644
# Policy difference
from .diff import PolicyDifference
diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
-index 4608b9dbf34e..2cde44c142e9 100644
+index a78d960..e71c70a 100644
--- a/setoolsgui/apol/dta.py
+++ b/setoolsgui/apol/dta.py
-@@ -24,7 +24,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
+@@ -11,7 +11,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
from PyQt5.QtGui import QPalette, QTextCursor
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
QTreeWidgetItem
@@ -102,10 +102,10 @@ index 4608b9dbf34e..2cde44c142e9 100644
from ..logtosignal import LogHandlerToSignal
from .analysistab import AnalysisSection, AnalysisTab
diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
-index 7bca299d23fc..7fee2778f35f 100644
+index fb9b409..738f1b8 100644
--- a/setoolsgui/apol/infoflow.py
+++ b/setoolsgui/apol/infoflow.py
-@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
+@@ -13,7 +13,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
from PyQt5.QtGui import QPalette, QTextCursor
from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
QTreeWidgetItem
@@ -114,11 +114,11 @@ index 7bca299d23fc..7fee2778f35f 100644
from setools.exception import UnmappedClass, UnmappedPermission
from ..logtosignal import LogHandlerToSignal
-diff --git a/tests/dta.py b/tests/dta.py
-index a0cc9381469c..177e6fb0b961 100644
---- a/tests/dta.py
-+++ b/tests/dta.py
-@@ -18,7 +18,7 @@
+diff --git a/tests/test_dta.py b/tests/test_dta.py
+index 7f9bbc9..48338c5 100644
+--- a/tests/test_dta.py
++++ b/tests/test_dta.py
+@@ -5,7 +5,7 @@
import os
import unittest
@@ -127,11 +127,11 @@ index a0cc9381469c..177e6fb0b961 100644
from setools import TERuletype as TERT
from setools.exception import InvalidType
from setools.policyrep import Type
-diff --git a/tests/infoflow.py b/tests/infoflow.py
-index aa0e44a7e4f8..fca2848aeca5 100644
---- a/tests/infoflow.py
-+++ b/tests/infoflow.py
-@@ -18,7 +18,7 @@
+diff --git a/tests/test_infoflow.py b/tests/test_infoflow.py
+index 5a8f745..e25993b 100644
+--- a/tests/test_infoflow.py
++++ b/tests/test_infoflow.py
+@@ -5,7 +5,7 @@
import os
import unittest
diff --git a/package/setools/setools.hash b/package/setools/setools.hash
index fdb0919f11..c353e1f609 100644
--- a/package/setools/setools.hash
+++ b/package/setools/setools.hash
@@ -1,5 +1,5 @@
# Locally computed
-sha256 202eac5f857475937bee8136cff278aa2b4a4b94a0dec63fbbbe18c9eb644a4e setools-4.4.0.tar.gz
-sha256 2f7547e10f76a382c24c053595f38a5cc6dda9347f508f254ca490e0046a9624 COPYING
+sha256 998d12d01852feed1889110a4ca81090a47a2d9b47368e4dfe2b94d68696c813 setools-4.4.2.tar.gz
+sha256 0e58d74751e394f39748c7b7b4039d6a883b5def9711160668ba962b52e69e01 COPYING
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING.GPL
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
diff --git a/package/setools/setools.mk b/package/setools/setools.mk
index ea355f10c8..b80d25a6b9 100644
--- a/package/setools/setools.mk
+++ b/package/setools/setools.mk
@@ -4,7 +4,7 @@
#
################################################################################
-SETOOLS_VERSION = 4.4.0
+SETOOLS_VERSION = 4.4.2
SETOOLS_SITE = $(call github,SELinuxProject,setools,$(SETOOLS_VERSION))
SETOOLS_DEPENDENCIES = libselinux libsepol python-setuptools host-bison host-flex host-python-cython host-swig
SETOOLS_INSTALL_STAGING = YES
--
2.40.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [Buildroot] [PATCH v2 13/13] package/refpolicy: bump to version 2.20221101
2023-04-25 17:14 [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Adam Duskett
` (11 preceding siblings ...)
2023-04-25 17:14 ` [Buildroot] [PATCH v2 12/13] package/setools: bump to version 4.4.2 Adam Duskett
@ 2023-04-25 17:14 ` Adam Duskett
2023-05-09 21:06 ` Yann E. MORIN
2023-05-09 21:00 ` [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Yann E. MORIN
13 siblings, 1 reply; 25+ messages in thread
From: Adam Duskett @ 2023-04-25 17:14 UTC (permalink / raw)
To: buildroot
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
Fabrice Fontaine, Adam Duskett
Add an upstream patch in package/refpolicy/2.20221101 that makes dbus optional
for the mount interface. The patch must go in the 2.20221101 directory or else
the build system will automatically attempt to apply the patch to a custom git
version of refpolicy if chosen.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
---
Changes v1 -> v2:
- Added 2.20221101/0001-mount-dbus-interface-must-be-optional.patch
...ount-dbus-interface-must-be-optional.patch | 33 +++++++++++++++++++
package/refpolicy/refpolicy.hash | 2 +-
package/refpolicy/refpolicy.mk | 2 +-
3 files changed, 35 insertions(+), 2 deletions(-)
create mode 100644 package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch
diff --git a/package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch b/package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch
new file mode 100644
index 0000000000..dec0af828f
--- /dev/null
+++ b/package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch
@@ -0,0 +1,33 @@
+From 6c6be65ccf0891391681d4662cc11f508c0f4aeb Mon Sep 17 00:00:00 2001
+From: Adam Duskett <aduskett@gmail.com>
+Date: Mon, 24 Apr 2023 14:24:49 -0700
+Subject: [PATCH] mount: dbus interface must be optional
+
+If DBus isn't built, the build process fails due to mount.te always using a
+dbus interface even if the dbus module. Fix this by setting the dbus interface
+as optional.
+
+Signed-off-by: Adam Duskett <aduskett@gmail.com>
+Upstream-status: accepted. 207b09a656c2c3ac5c286d3f7eef085325e35408
+---
+ policy/modules/system/mount.te | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
+index d028723..af84af0 100644
+--- a/policy/modules/system/mount.te
++++ b/policy/modules/system/mount.te
+@@ -145,7 +145,9 @@ selinux_getattr_fs(mount_t)
+
+ userdom_use_all_users_fds(mount_t)
+
+-dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t)
++optional_policy(`
++ dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t)
++')
+
+ ifdef(`distro_redhat',`
+ optional_policy(`
+--
+2.40.0
+
diff --git a/package/refpolicy/refpolicy.hash b/package/refpolicy/refpolicy.hash
index b08c22ed4e..a09e59c270 100644
--- a/package/refpolicy/refpolicy.hash
+++ b/package/refpolicy/refpolicy.hash
@@ -1,5 +1,5 @@
# From https://github.com/SELinuxProject/refpolicy/releases
-sha256 965f98f0b68a24fd0b8e8d973d319332aea88973e1d6c455ef9c2a31aefaeaa6 refpolicy-2.20220106.tar.bz2
+sha256 44f88e62c8efcef54d019b9ca077520d5993de580926bd7575788cfa78515396 refpolicy-2.20221101.tar.bz2
# Locally computed
sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index f11b72755a..8fea7cc254 100644
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -23,7 +23,7 @@ REFPOLICY_SITE = $(call qstrip,$(BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_URL))
REFPOLICY_SITE_METHOD = git
BR_NO_CHECK_HASH_FOR += $(REFPOLICY_SOURCE)
else
-REFPOLICY_VERSION = 2.20220106
+REFPOLICY_VERSION = 2.20221101
REFPOLICY_SOURCE = refpolicy-$(REFPOLICY_VERSION).tar.bz2
REFPOLICY_SITE = https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_$(subst .,_,$(REFPOLICY_VERSION))
endif
--
2.40.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 25+ messages in thread
* Re: [Buildroot] [PATCH v2 01/13] package/libglib2/0003-disable-building-docs.patch: new patch
2023-04-25 17:14 ` [Buildroot] [PATCH v2 01/13] package/libglib2/0003-disable-building-docs.patch: new patch Adam Duskett
@ 2023-04-25 21:03 ` Peter Seiderer
2023-04-28 1:44 ` James Knight
2023-05-09 19:43 ` Yann E. MORIN
1 sibling, 1 reply; 25+ messages in thread
From: Peter Seiderer @ 2023-04-25 21:03 UTC (permalink / raw)
To: Adam Duskett
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
buildroot, Fabrice Fontaine
Hello Adam,
On Tue, 25 Apr 2023 10:14:42 -0700, Adam Duskett <aduskett@gmail.com> wrote:
> If rst2html5 is installed on a host system, meson will attempt to build
> html5 documentation from the docs directory, resulting in the following
> error:
>
> /usr/local/bin/rst2html5.py
> Traceback (most recent call last):
> File "/usr/local/bin/rst2html5.py", line 27, in <module>
> from docutils.core import publish_cmdline, default_description
> ModuleNotFoundError: No module named 'docutils'
>
> Since we don't need, nor want to build the documentation, remove the docs
> subdirectory from being built entirely.
>
> Signed-off-by: Adam Duskett <aduskett@gmail.com>
> ---
> .../libglib2/0003-disable-building-docs.patch | 38 +++++++++++++++++++
> 1 file changed, 38 insertions(+)
> create mode 100644 package/libglib2/0003-disable-building-docs.patch
>
> diff --git a/package/libglib2/0003-disable-building-docs.patch b/package/libglib2/0003-disable-building-docs.patch
> new file mode 100644
> index 0000000000..27a540bf61
> --- /dev/null
> +++ b/package/libglib2/0003-disable-building-docs.patch
> @@ -0,0 +1,38 @@
> +From f3b8515471aaa452f06d84da68372fcead8637d2 Mon Sep 17 00:00:00 2001
> +From: Adam Duskett <aduskett@gmail.com>
> +Date: Mon, 24 Apr 2023 11:52:24 -0700
> +Subject: [PATCH 1/1] disable building docs
> +
> +If rst2html5 is installed on a host system, meson will attempt to build
> +html5 documentation from the docs directory, resulting in the following
> +error:
> +
> +/usr/local/bin/rst2html5.py
> +Traceback (most recent call last):
> + File "/usr/local/bin/rst2html5.py", line 27, in <module>
> + from docutils.core import publish_cmdline, default_description
> +ModuleNotFoundError: No module named 'docutils'
> +
> +Since we don't need, nor want to build the documentation, remove the docs
> +subdirectory from being built entirely.
> +
> +Signed-off-by: Adam Duskett <aduskett@gmail.com>
> +---
> + meson.build | 1 -
> + 1 file changed, 1 deletion(-)
> +
> +diff --git a/meson.build b/meson.build
> +index 0cbc968..28e1147 100644
> +--- a/meson.build
> ++++ b/meson.build
> +@@ -2442,7 +2442,6 @@ if get_option('man')
> + endif
> +
> + gnome = import('gnome')
> +-subdir('docs/reference')
As far as I read the meson.build files all actions in docs/reference
are protected by the options 'gtk_doc' or 'man', is disabling this
ones not enough?
Regards,
Peter
> +
> + summary({
> + 'host cpu' : host_machine.cpu_family(),
> +--
> +2.40.0
> +
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [Buildroot] [PATCH v2 01/13] package/libglib2/0003-disable-building-docs.patch: new patch
2023-04-25 21:03 ` Peter Seiderer
@ 2023-04-28 1:44 ` James Knight
0 siblings, 0 replies; 25+ messages in thread
From: James Knight @ 2023-04-28 1:44 UTC (permalink / raw)
To: Peter Seiderer
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
buildroot, Fabrice Fontaine, Adam Duskett
Peter, Adam;
On Tue, Apr 25, 2023 at 5:03 PM Peter Seiderer <ps.report@gmx.net> wrote:
> As far as I read the meson.build files all actions in docs/reference
> are protected by the options 'gtk_doc' or 'man', is disabling this
> ones not enough?
GLIB's HTML (gvariant) documentation was not bound to the `gtk_doc` or
`man` options. This has now been addressed upstream [1]. Using the
existing patch or replacing it with the upstream patch will
functionally achieve the same results.
[1]: https://gitlab.gnome.org/GNOME/glib/-/commit/0fa17ec3c7152cf0e1cbf965acf1426ac203bb1d
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [Buildroot] [PATCH v2 01/13] package/libglib2/0003-disable-building-docs.patch: new patch
2023-04-25 17:14 ` [Buildroot] [PATCH v2 01/13] package/libglib2/0003-disable-building-docs.patch: new patch Adam Duskett
2023-04-25 21:03 ` Peter Seiderer
@ 2023-05-09 19:43 ` Yann E. MORIN
1 sibling, 0 replies; 25+ messages in thread
From: Yann E. MORIN @ 2023-05-09 19:43 UTC (permalink / raw)
To: Adam Duskett
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
buildroot, Fabrice Fontaine
Adam, All,
On 2023-04-25 10:14 -0700, Adam Duskett spake thusly:
> If rst2html5 is installed on a host system, meson will attempt to build
> html5 documentation from the docs directory, resulting in the following
> error:
>
> /usr/local/bin/rst2html5.py
> Traceback (most recent call last):
> File "/usr/local/bin/rst2html5.py", line 27, in <module>
> from docutils.core import publish_cmdline, default_description
> ModuleNotFoundError: No module named 'docutils'
>
> Since we don't need, nor want to build the documentation, remove the docs
> subdirectory from being built entirely.
>
> Signed-off-by: Adam Duskett <aduskett@gmail.com>
As noticed by James, there is an upstream patch that fixes the issue, so
I've instead backported that.
Also, see below...
> ---
> .../libglib2/0003-disable-building-docs.patch | 38 +++++++++++++++++++
> 1 file changed, 38 insertions(+)
> create mode 100644 package/libglib2/0003-disable-building-docs.patch
>
> diff --git a/package/libglib2/0003-disable-building-docs.patch b/package/libglib2/0003-disable-building-docs.patch
> new file mode 100644
> index 0000000000..27a540bf61
> --- /dev/null
> +++ b/package/libglib2/0003-disable-building-docs.patch
> @@ -0,0 +1,38 @@
> +From f3b8515471aaa452f06d84da68372fcead8637d2 Mon Sep 17 00:00:00 2001
> +From: Adam Duskett <aduskett@gmail.com>
> +Date: Mon, 24 Apr 2023 11:52:24 -0700
> +Subject: [PATCH 1/1] disable building docs
> +
> +If rst2html5 is installed on a host system, meson will attempt to build
> +html5 documentation from the docs directory, resulting in the following
> +error:
> +
> +/usr/local/bin/rst2html5.py
> +Traceback (most recent call last):
> + File "/usr/local/bin/rst2html5.py", line 27, in <module>
> + from docutils.core import publish_cmdline, default_description
> +ModuleNotFoundError: No module named 'docutils'
> +
> +Since we don't need, nor want to build the documentation, remove the docs
> +subdirectory from being built entirely.
> +
> +Signed-off-by: Adam Duskett <aduskett@gmail.com>
$ ./utils/docker-run make check-package
package/libglib2/0003-disable-building-docs.patch:4: generate your patches with 'git format-patch -N'
package/libglib2/0003-disable-building-docs.patch:0: missing Upstream in the header (http://nightly.buildroot.org/#_additional_patch_documentation)
Since I've replaced your path with a backport, that fixed those
warnings. ;-)
Regards,
Yann E. MORIN.
> +---
> + meson.build | 1 -
> + 1 file changed, 1 deletion(-)
> +
> +diff --git a/meson.build b/meson.build
> +index 0cbc968..28e1147 100644
> +--- a/meson.build
> ++++ b/meson.build
> +@@ -2442,7 +2442,6 @@ if get_option('man')
> + endif
> +
> + gnome = import('gnome')
> +-subdir('docs/reference')
> +
> + summary({
> + 'host cpu' : host_machine.cpu_family(),
> +--
> +2.40.0
> +
> --
> 2.40.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5
2023-04-25 17:14 [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Adam Duskett
` (12 preceding siblings ...)
2023-04-25 17:14 ` [Buildroot] [PATCH v2 13/13] package/refpolicy: bump to version 2.20221101 Adam Duskett
@ 2023-05-09 21:00 ` Yann E. MORIN
13 siblings, 0 replies; 25+ messages in thread
From: Yann E. MORIN @ 2023-05-09 21:00 UTC (permalink / raw)
To: Adam Duskett
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
buildroot, Fabrice Fontaine
Adam, All,
On 2023-04-25 10:14 -0700, Adam Duskett spake thusly:
> It's been quite some time since anyone updated the SELinux packages (mainly me!)
[--SNIP--]
> Adam Duskett (13):
> package/libglib2/0003-disable-building-docs.patch: new patch
> package/python-pip: add host variant
> package/libsepol: bump to version 3.5
> package/libsemanage: bump to version 3.5
> package/libselinux: bump to version 3.5
> package/policycoreutils: bump to version 3.5
> package/checkpolicy: bump to version 3.5
> package/restorecond: bump to version 3.5
> package/semodule-utils: bump to version 3.5
> package/audit: bump to version 3.1
> package/selinux-python: bump to version 3.5
> package/setools: bump to version 4.4.2
> package/refpolicy: bump to version 2.20221101
Entire series applied to master, thanls!
I had to do some fixups on some patches, I'll reply to them individually.
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [Buildroot] [PATCH v2 02/13] package/python-pip: add host variant
2023-04-25 17:14 ` [Buildroot] [PATCH v2 02/13] package/python-pip: add host variant Adam Duskett
@ 2023-05-09 21:00 ` Yann E. MORIN
2023-06-12 15:52 ` Peter Korsgaard
1 sibling, 0 replies; 25+ messages in thread
From: Yann E. MORIN @ 2023-05-09 21:00 UTC (permalink / raw)
To: Adam Duskett
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
buildroot, Fabrice Fontaine
Adam, All,
On 2023-04-25 10:14 -0700, Adam Duskett spake thusly:
> In the following patch that updates libselinux, the libselinux python tools now
> require pip to install.
This was a bit terse an explanation, so I extended it a bit.
Applied to master, thanks.
Regards,
Yann E. MORIN.
> Signed-off-by: Adam Duskett <aduskett@gmail.com>
> ---
> package/python-pip/python-pip.mk | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/package/python-pip/python-pip.mk b/package/python-pip/python-pip.mk
> index 8cf3aaa3ec..35ad7bede2 100644
> --- a/package/python-pip/python-pip.mk
> +++ b/package/python-pip/python-pip.mk
> @@ -14,3 +14,4 @@ PYTHON_PIP_CPE_ID_VENDOR = pypa
> PYTHON_PIP_CPE_ID_PRODUCT = pip
>
> $(eval $(python-package))
> +$(eval $(host-python-package))
> --
> 2.40.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [Buildroot] [PATCH v2 05/13] package/libselinux: bump to version 3.5
2023-04-25 17:14 ` [Buildroot] [PATCH v2 05/13] package/libselinux: " Adam Duskett
@ 2023-05-09 21:02 ` Yann E. MORIN
0 siblings, 0 replies; 25+ messages in thread
From: Yann E. MORIN @ 2023-05-09 21:02 UTC (permalink / raw)
To: Adam Duskett
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
buildroot, Fabrice Fontaine
Adam, All,
On 2023-04-25 10:14 -0700, Adam Duskett spake thusly:
> - libselinux now requires pip to install the python tools.
I extended that to explain that is really is just about the
installation, while the build is still performed with setuptools.
Also, that python bindings, not python tools; python tools have their
own dedicated pachage.selinux-python (which you update in a follow-up
patch).
> - Rebase patches for version 3.5
I also backported an upstream patch to fix intsallation of the python
bindings.
Applied to master, thanks.
Regards,
Yann E. MORIN.
> Signed-off-by: Adam Duskett <aduskett@gmail.com>
> ---
> package/libselinux/0001-fix-musl-build.patch | 4 ++--
> ...CEXT-and-rely-on-the-installed-file-nam.patch | 8 ++++----
> package/libselinux/Config.in | 1 +
> package/libselinux/libselinux.hash | 2 +-
> package/libselinux/libselinux.mk | 16 +++++++++++++---
> 5 files changed, 21 insertions(+), 10 deletions(-)
>
> diff --git a/package/libselinux/0001-fix-musl-build.patch b/package/libselinux/0001-fix-musl-build.patch
> index 44189e6400..b8b16be26f 100644
> --- a/package/libselinux/0001-fix-musl-build.patch
> +++ b/package/libselinux/0001-fix-musl-build.patch
> @@ -12,13 +12,13 @@ Domain, and we want to avoid license propagation, so this macro is
> completely written from scratch, and non-optimal.
>
> Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
> -[Updated for 3.0]
> +[Updated for 3.5]
> Signed-off-by: Adam Duskett <Aduskett@gmail.com>
> diff --git a/src/booleans.c b/src/booleans.c
> index ffa8d26..8569002 100644
> --- a/src/booleans.c
> +++ b/src/booleans.c
> -@@ -65,6 +65,14 @@ int security_get_boolean_names(char ***names, int *len)
> +@@ -64,6 +64,14 @@ int security_get_boolean_names(char ***names, int *len)
> goto bad;
> }
>
> diff --git a/package/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch b/package/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
> index 18c79b3b4d..c744ca4069 100644
> --- a/package/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
> +++ b/package/libselinux/0002-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
> @@ -18,7 +18,7 @@ was installed.
> Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
> [Refreshed for 3.1]
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> -[Refreshed for 3.0]
> +[Refreshed for 3.5]
> Signed-off-by: Adam Duskett <Aduskett@gmail.com>
> ---
> src/Makefile | 3 +--
> @@ -31,14 +31,14 @@ index 190016e2af34..7ee22fd35da3 100644
> @@ -15,7 +15,6 @@ INCLUDEDIR ?= $(PREFIX)/include
> PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
> PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
> - PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))")
> + PYTHONLIBDIR ?= $(shell $(PYTHON) -c "import sysconfig; print(sysconfig.get_path('platlib', vars={'platbase': '$(PREFIX)', 'base': '$(PREFIX)'}))")
> -PYCEXT ?= $(shell $(PYTHON) -c 'import importlib.machinery;print(importlib.machinery.EXTENSION_SUFFIXES[0])')
> RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
> RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]')
> RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
> -@@ -184,7 +183,7 @@ install: all
> +@@ -189,7 +188,7 @@ install: all
> install-pywrap: pywrap
> - $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS)
> + $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --ignore-installed --no-deps` $(PYTHON_SETUP_ARGS) .
> install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
> - ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
> + ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux*.so $(DESTDIR)$(PYTHONLIBDIR)/
> diff --git a/package/libselinux/Config.in b/package/libselinux/Config.in
> index 3098fe3ea4..bc40e32a46 100644
> --- a/package/libselinux/Config.in
> +++ b/package/libselinux/Config.in
> @@ -6,6 +6,7 @@ config BR2_PACKAGE_LIBSELINUX
> select BR2_PACKAGE_LIBSEPOL
> select BR2_PACKAGE_PCRE2
> select BR2_PACKAGE_MUSL_FTS if !BR2_TOOLCHAIN_USES_GLIBC
> + select BR2_PACKAGE_PYTHON_SETUPTOOLS if BR2_PACKAGE_PYTHON3
> help
> libselinux is the runtime SELinux library that provides
> interfaces (e.g. library functions for the SELinux kernel
> diff --git a/package/libselinux/libselinux.hash b/package/libselinux/libselinux.hash
> index a2e0083f7b..14bc627a80 100644
> --- a/package/libselinux/libselinux.hash
> +++ b/package/libselinux/libselinux.hash
> @@ -1,5 +1,5 @@
> # From: https://github.com/SELinuxProject/selinux/wiki/Releases
> -sha256 acfdee27633d2496508c28727c3d41d3748076f66d42fccde2e6b9f3463a7057 libselinux-3.3.tar.gz
> +sha256 9a3a3705ac13a2ccca2de6d652b6356fead10f36fb33115c185c5ccdf29eec19 libselinux-3.5.tar.gz
>
> # Hash for license file
> sha256 86657b4c0fe868d7cbd977cb04c63b6c667e08fa51595a7bc846ad4bed8fc364 LICENSE
> diff --git a/package/libselinux/libselinux.mk b/package/libselinux/libselinux.mk
> index db35da130f..b8de21edaa 100644
> --- a/package/libselinux/libselinux.mk
> +++ b/package/libselinux/libselinux.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -LIBSELINUX_VERSION = 3.3
> +LIBSELINUX_VERSION = 3.5
> LIBSELINUX_SITE = https://github.com/SELinuxProject/selinux/releases/download/$(LIBSELINUX_VERSION)
> LIBSELINUX_LICENSE = Public Domain
> LIBSELINUX_LICENSE_FILES = LICENSE
> @@ -31,7 +31,11 @@ LIBSELINUX_MAKE_OPTS += FTS_LDLIBS=-lfts
> endif
>
> ifeq ($(BR2_PACKAGE_PYTHON3),y)
> -LIBSELINUX_DEPENDENCIES += python3 host-swig
> +LIBSELINUX_DEPENDENCIES += \
> + python3 \
> + python-setuptools \
> + host-python-pip \
> + host-swig
>
> LIBSELINUX_MAKE_OPTS += \
> $(PKG_PYTHON_DISTUTILS_ENV) \
> @@ -77,7 +81,13 @@ define LIBSELINUX_INSTALL_TARGET_CMDS
> endef
>
> HOST_LIBSELINUX_DEPENDENCIES = \
> - host-pkgconf host-libsepol host-pcre2 host-swig host-python3
> + host-pkgconf \
> + host-libsepol \
> + host-pcre2 \
> + host-swig \
> + host-python3 \
> + host-python-pip \
> + host-python-setuptools
>
> HOST_LIBSELINUX_MAKE_OPTS = \
> $(HOST_CONFIGURE_OPTS) \
> --
> 2.40.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [Buildroot] [PATCH v2 11/13] package/selinux-python: bump to version 3.5
2023-04-25 17:14 ` [Buildroot] [PATCH v2 11/13] package/selinux-python: bump to version 3.5 Adam Duskett
@ 2023-05-09 21:05 ` Yann E. MORIN
0 siblings, 0 replies; 25+ messages in thread
From: Yann E. MORIN @ 2023-05-09 21:05 UTC (permalink / raw)
To: Adam Duskett
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
buildroot, Fabrice Fontaine
Adam, All,
On 2023-04-25 10:14 -0700, Adam Duskett spake thusly:
> Also:
> - Change the license file to LICENSE. The hash remains the same.
>
> - Add 0001-fix-ausearch-path.patch as audit 3.1 installs ausearch to
> /usr/sbin not /sbin
>
> Signed-off-by: Adam Duskett <aduskett@gmail.com>
> ---
> .../0001-fix-ausearch-path.patch | 37 +++++++++++++++++++
> package/selinux-python/selinux-python.hash | 4 +-
> package/selinux-python/selinux-python.mk | 4 +-
> 3 files changed, 41 insertions(+), 4 deletions(-)
> create mode 100644 package/selinux-python/0001-fix-ausearch-path.patch
>
> diff --git a/package/selinux-python/0001-fix-ausearch-path.patch b/package/selinux-python/0001-fix-ausearch-path.patch
> new file mode 100644
> index 0000000000..c5f0a990ed
> --- /dev/null
> +++ b/package/selinux-python/0001-fix-ausearch-path.patch
> @@ -0,0 +1,37 @@
> +From 7a2456f18a49fa70de1f9ace12512bb00437b6ba Mon Sep 17 00:00:00 2001
> +From: Adam Duskett <aduskett@gmail.com>
> +Date: Mon, 24 Apr 2023 12:25:19 -0700
> +Subject: [PATCH 1/1] fix ausearch path
> +
> +ausearch is installed in /usr/sbin not /sbin
> +
> +Signed-off-by: Adam Duskett <aduskett@gmail.com>
$ ./utils/docker-run make check-package
package/selinux-python/0001-fix-ausearch-path.patch:4: generate your patches with 'git format-patch -N'
package/selinux-python/0001-fix-ausearch-path.patch:0: missing Upstream in the header (http://nightly.buildroot.org/#_additional_patch_documentation)
I changed the commit to an upstreamable one, and rewrote the commit log
with more in-depth explanations, so that fixed those two warnings.
Can you see into pushing that patch upstream, please?
Applied to master, thanks.
Regards,
Yann E. MORIN.
> +---
> + sepolgen/src/sepolgen/audit.py | 4 ++--
> + 1 file changed, 2 insertions(+), 2 deletions(-)
> +
> +diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
> +index 4adb851..5afe85d 100644
> +--- a/sepolgen/src/sepolgen/audit.py
> ++++ b/sepolgen/src/sepolgen/audit.py
> +@@ -41,7 +41,7 @@ def get_audit_boot_msgs():
> + s = time.localtime(time.time() - off)
> + bootdate = time.strftime("%x", s)
> + boottime = time.strftime("%X", s)
> +- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
> ++ output = subprocess.Popen(["/usr/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
> + stdout=subprocess.PIPE).communicate()[0]
> + if util.PY3:
> + output = util.decode_input(output)
> +@@ -56,7 +56,7 @@ def get_audit_msgs():
> + string contain all of the audit messages returned by ausearch.
> + """
> + import subprocess
> +- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
> ++ output = subprocess.Popen(["/usr/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
> + stdout=subprocess.PIPE).communicate()[0]
> + if util.PY3:
> + output = util.decode_input(output)
> +--
> +2.40.0
> +
> diff --git a/package/selinux-python/selinux-python.hash b/package/selinux-python/selinux-python.hash
> index 6ada3fee36..3592540703 100644
> --- a/package/selinux-python/selinux-python.hash
> +++ b/package/selinux-python/selinux-python.hash
> @@ -1,5 +1,5 @@
> # https://github.com/SELinuxProject/selinux/wiki/Releases
> -sha256 8ad91061300387996ccb474962fb93dde263d924aa8f740618be16b22e2444ec selinux-python-3.3.tar.gz
> +sha256 8245bb4dae59333461f19ca0c79a829081f07972fa5e3ad4c2b2b917dd71d96b selinux-python-3.5.tar.gz
>
> # Hash for license file
> -sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
> +sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 LICENSE
> diff --git a/package/selinux-python/selinux-python.mk b/package/selinux-python/selinux-python.mk
> index 0cec602f3d..7505474aa4 100644
> --- a/package/selinux-python/selinux-python.mk
> +++ b/package/selinux-python/selinux-python.mk
> @@ -4,10 +4,10 @@
> #
> ################################################################################
>
> -SELINUX_PYTHON_VERSION = 3.3
> +SELINUX_PYTHON_VERSION = 3.5
> SELINUX_PYTHON_SITE = https://github.com/SELinuxProject/selinux/releases/download/$(SELINUX_PYTHON_VERSION)
> SELINUX_PYTHON_LICENSE = GPL-2.0
> -SELINUX_PYTHON_LICENSE_FILES = COPYING
> +SELINUX_PYTHON_LICENSE_FILES = LICENSE
> SELINUX_PYTHON_DEPENDENCIES = python3
>
> SELINUX_PYTHON_MAKE_OPTS += \
> --
> 2.40.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [Buildroot] [PATCH v2 13/13] package/refpolicy: bump to version 2.20221101
2023-04-25 17:14 ` [Buildroot] [PATCH v2 13/13] package/refpolicy: bump to version 2.20221101 Adam Duskett
@ 2023-05-09 21:06 ` Yann E. MORIN
0 siblings, 0 replies; 25+ messages in thread
From: Yann E. MORIN @ 2023-05-09 21:06 UTC (permalink / raw)
To: Adam Duskett
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
buildroot, Fabrice Fontaine
Adam, All,
On 2023-04-25 10:14 -0700, Adam Duskett spake thusly:
> Add an upstream patch in package/refpolicy/2.20221101 that makes dbus optional
> for the mount interface. The patch must go in the 2.20221101 directory or else
> the build system will automatically attempt to apply the patch to a custom git
> version of refpolicy if chosen.
>
> Signed-off-by: Adam Duskett <aduskett@gmail.com>
> ---
> Changes v1 -> v2:
> - Added 2.20221101/0001-mount-dbus-interface-must-be-optional.patch
>
> ...ount-dbus-interface-must-be-optional.patch | 33 +++++++++++++++++++
> package/refpolicy/refpolicy.hash | 2 +-
> package/refpolicy/refpolicy.mk | 2 +-
> 3 files changed, 35 insertions(+), 2 deletions(-)
> create mode 100644 package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch
>
> diff --git a/package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch b/package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch
> new file mode 100644
> index 0000000000..dec0af828f
> --- /dev/null
> +++ b/package/refpolicy/2.20221101/0001-mount-dbus-interface-must-be-optional.patch
> @@ -0,0 +1,33 @@
> +From 6c6be65ccf0891391681d4662cc11f508c0f4aeb Mon Sep 17 00:00:00 2001
> +From: Adam Duskett <aduskett@gmail.com>
> +Date: Mon, 24 Apr 2023 14:24:49 -0700
> +Subject: [PATCH] mount: dbus interface must be optional
> +
> +If DBus isn't built, the build process fails due to mount.te always using a
> +dbus interface even if the dbus module. Fix this by setting the dbus interface
> +as optional.
> +
> +Signed-off-by: Adam Duskett <aduskett@gmail.com>
> +Upstream-status: accepted. 207b09a656c2c3ac5c286d3f7eef085325e35408
The proper format for an Upstream: tag is just "Upstream:" (but that is
a very recent change. so I just fixed it). We also prefer to have an URL
to the upstream commit, so I changed that too.
Applied to master, thanks.
Regards,
Yann E. MORIN.
> +---
> + policy/modules/system/mount.te | 4 +++-
> + 1 file changed, 3 insertions(+), 1 deletion(-)
> +
> +diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
> +index d028723..af84af0 100644
> +--- a/policy/modules/system/mount.te
> ++++ b/policy/modules/system/mount.te
> +@@ -145,7 +145,9 @@ selinux_getattr_fs(mount_t)
> +
> + userdom_use_all_users_fds(mount_t)
> +
> +-dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t)
> ++optional_policy(`
> ++ dbus_dontaudit_write_system_bus_runtime_named_sockets(mount_t)
> ++')
> +
> + ifdef(`distro_redhat',`
> + optional_policy(`
> +--
> +2.40.0
> +
> diff --git a/package/refpolicy/refpolicy.hash b/package/refpolicy/refpolicy.hash
> index b08c22ed4e..a09e59c270 100644
> --- a/package/refpolicy/refpolicy.hash
> +++ b/package/refpolicy/refpolicy.hash
> @@ -1,5 +1,5 @@
> # From https://github.com/SELinuxProject/refpolicy/releases
> -sha256 965f98f0b68a24fd0b8e8d973d319332aea88973e1d6c455ef9c2a31aefaeaa6 refpolicy-2.20220106.tar.bz2
> +sha256 44f88e62c8efcef54d019b9ca077520d5993de580926bd7575788cfa78515396 refpolicy-2.20221101.tar.bz2
>
> # Locally computed
> sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 COPYING
> diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
> index f11b72755a..8fea7cc254 100644
> --- a/package/refpolicy/refpolicy.mk
> +++ b/package/refpolicy/refpolicy.mk
> @@ -23,7 +23,7 @@ REFPOLICY_SITE = $(call qstrip,$(BR2_PACKAGE_REFPOLICY_CUSTOM_REPO_URL))
> REFPOLICY_SITE_METHOD = git
> BR_NO_CHECK_HASH_FOR += $(REFPOLICY_SOURCE)
> else
> -REFPOLICY_VERSION = 2.20220106
> +REFPOLICY_VERSION = 2.20221101
> REFPOLICY_SOURCE = refpolicy-$(REFPOLICY_VERSION).tar.bz2
> REFPOLICY_SITE = https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_$(subst .,_,$(REFPOLICY_VERSION))
> endif
> --
> 2.40.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [Buildroot] [PATCH v2 02/13] package/python-pip: add host variant
2023-04-25 17:14 ` [Buildroot] [PATCH v2 02/13] package/python-pip: add host variant Adam Duskett
2023-05-09 21:00 ` Yann E. MORIN
@ 2023-06-12 15:52 ` Peter Korsgaard
2023-06-12 17:54 ` Yann E. MORIN
1 sibling, 1 reply; 25+ messages in thread
From: Peter Korsgaard @ 2023-06-12 15:52 UTC (permalink / raw)
To: Adam Duskett, yann.morin.1998
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
buildroot, Fabrice Fontaine
>>>>> "Adam" == Adam Duskett <aduskett@gmail.com> writes:
> In the following patch that updates libselinux, the libselinux python tools now
> require pip to install.
> Signed-off-by: Adam Duskett <aduskett@gmail.com>
Somewhat related, is there any way we can ensure that this pip is only
used for the installation logic (which is fine if a bit odd) and NOT to pull in extra python
dependencies (which is naturally NOT OK)?
> ---
> package/python-pip/python-pip.mk | 1 +
> 1 file changed, 1 insertion(+)
> diff --git a/package/python-pip/python-pip.mk b/package/python-pip/python-pip.mk
> index 8cf3aaa3ec..35ad7bede2 100644
> --- a/package/python-pip/python-pip.mk
> +++ b/package/python-pip/python-pip.mk
> @@ -14,3 +14,4 @@ PYTHON_PIP_CPE_ID_VENDOR = pypa
> PYTHON_PIP_CPE_ID_PRODUCT = pip
> $(eval $(python-package))
> +$(eval $(host-python-package))
> --
> 2.40.0
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [Buildroot] [PATCH v2 02/13] package/python-pip: add host variant
2023-06-12 15:52 ` Peter Korsgaard
@ 2023-06-12 17:54 ` Yann E. MORIN
2023-06-12 19:28 ` Peter Korsgaard
0 siblings, 1 reply; 25+ messages in thread
From: Yann E. MORIN @ 2023-06-12 17:54 UTC (permalink / raw)
To: Peter Korsgaard
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
buildroot, Fabrice Fontaine, Adam Duskett
Peter, All,
On 2023-06-12 17:52 +0200, Peter Korsgaard spake thusly:
> >>>>> "Adam" == Adam Duskett <aduskett@gmail.com> writes:
> > In the following patch that updates libselinux, the libselinux python tools now
> > require pip to install.
> > Signed-off-by: Adam Duskett <aduskett@gmail.com>
> Somewhat related, is there any way we can ensure that this pip is only
> used for the installation logic (which is fine if a bit odd)
Yes, I too found it odd. I don't recall the details, though, but indeed,
we do need pip to perform the install step, while the build step is
still performed with setuptools.
> and NOT to pull in extra python
> dependencies (which is naturally NOT OK)?
That was a concern of mine when I applied the patch, too, but I did not
have a good idea to prevent that.
But since then, I've learnt about --no-index, and if that is not enough,
we can redirect to a fake index with -i and --extra-index-url. Could
using --no-deps also be useful?
So we could maybe provide our wrapper around pip3, that uses a combo of
those options, to prevent installing anything but a local file.
That would not work for packages that use a python script to import pip
and directly call it, though; is that even possible (I'd guess so, and
probably something, somewhere is (ab)using that).
Alternatively, the wrapper could also export http_proxy and https_proxy
to something that does not exist, and that would cause the download to
fail.
Regards,
Yann E. MORIN.
> > ---
> > package/python-pip/python-pip.mk | 1 +
> > 1 file changed, 1 insertion(+)
>
> > diff --git a/package/python-pip/python-pip.mk b/package/python-pip/python-pip.mk
> > index 8cf3aaa3ec..35ad7bede2 100644
> > --- a/package/python-pip/python-pip.mk
> > +++ b/package/python-pip/python-pip.mk
> > @@ -14,3 +14,4 @@ PYTHON_PIP_CPE_ID_VENDOR = pypa
> > PYTHON_PIP_CPE_ID_PRODUCT = pip
>
> > $(eval $(python-package))
> > +$(eval $(host-python-package))
> > --
>
> > 2.40.0
>
> > _______________________________________________
> > buildroot mailing list
> > buildroot@buildroot.org
> > https://lists.buildroot.org/mailman/listinfo/buildroot
>
>
> --
> Bye, Peter Korsgaard
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [Buildroot] [PATCH v2 02/13] package/python-pip: add host variant
2023-06-12 17:54 ` Yann E. MORIN
@ 2023-06-12 19:28 ` Peter Korsgaard
0 siblings, 0 replies; 25+ messages in thread
From: Peter Korsgaard @ 2023-06-12 19:28 UTC (permalink / raw)
To: Yann E. MORIN
Cc: Marcus Folkesson, Antoine Tenart, Asaf Kahlon, Thomas Petazzoni,
buildroot, Fabrice Fontaine, Adam Duskett
>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes:
> Peter, All,
> On 2023-06-12 17:52 +0200, Peter Korsgaard spake thusly:
>> >>>>> "Adam" == Adam Duskett <aduskett@gmail.com> writes:
>> > In the following patch that updates libselinux, the libselinux python tools now
>> > require pip to install.
>> > Signed-off-by: Adam Duskett <aduskett@gmail.com>
>> Somewhat related, is there any way we can ensure that this pip is only
>> used for the installation logic (which is fine if a bit odd)
> Yes, I too found it odd. I don't recall the details, though, but indeed,
> we do need pip to perform the install step, while the build step is
> still performed with setuptools.
>> and NOT to pull in extra python
>> dependencies (which is naturally NOT OK)?
> That was a concern of mine when I applied the patch, too, but I did not
> have a good idea to prevent that.
> But since then, I've learnt about --no-index, and if that is not enough,
> we can redirect to a fake index with -i and --extra-index-url. Could
> using --no-deps also be useful?
> So we could maybe provide our wrapper around pip3, that uses a combo of
> those options, to prevent installing anything but a local file.
Ahh, yes - That could be a nice improvement!
> That would not work for packages that use a python script to import pip
> and directly call it, though; is that even possible (I'd guess so, and
> probably something, somewhere is (ab)using that).
Hmm, I guess someone is creative enough for that ;)
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 25+ messages in thread
end of thread, other threads:[~2023-06-12 19:28 UTC | newest]
Thread overview: 25+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-25 17:14 [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 01/13] package/libglib2/0003-disable-building-docs.patch: new patch Adam Duskett
2023-04-25 21:03 ` Peter Seiderer
2023-04-28 1:44 ` James Knight
2023-05-09 19:43 ` Yann E. MORIN
2023-04-25 17:14 ` [Buildroot] [PATCH v2 02/13] package/python-pip: add host variant Adam Duskett
2023-05-09 21:00 ` Yann E. MORIN
2023-06-12 15:52 ` Peter Korsgaard
2023-06-12 17:54 ` Yann E. MORIN
2023-06-12 19:28 ` Peter Korsgaard
2023-04-25 17:14 ` [Buildroot] [PATCH v2 03/13] package/libsepol: bump to version 3.5 Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 04/13] package/libsemanage: " Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 05/13] package/libselinux: " Adam Duskett
2023-05-09 21:02 ` Yann E. MORIN
2023-04-25 17:14 ` [Buildroot] [PATCH v2 06/13] package/policycoreutils: " Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 07/13] package/checkpolicy: " Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 08/13] package/restorecond: " Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 09/13] package/semodule-utils: " Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 10/13] package/audit: bump to version 3.1 Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 11/13] package/selinux-python: bump to version 3.5 Adam Duskett
2023-05-09 21:05 ` Yann E. MORIN
2023-04-25 17:14 ` [Buildroot] [PATCH v2 12/13] package/setools: bump to version 4.4.2 Adam Duskett
2023-04-25 17:14 ` [Buildroot] [PATCH v2 13/13] package/refpolicy: bump to version 2.20221101 Adam Duskett
2023-05-09 21:06 ` Yann E. MORIN
2023-05-09 21:00 ` [Buildroot] [PATCH v2 00/13] Selinux: bump to 3.5 Yann E. MORIN
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.