date:20191230

Re: [yocto] [meta-selinux][PATCH] audit: fix host contamination for swig

2019-12-30 Thread Yi Zhao



On 12/31/19 12:24 PM, Joe MacDonald wrote:

Hi Yi,

So, just to confirm, this is needed in your experience (I don't have any
builders that are that old, so I haven't verified).  I just ask because
we only just dropped this patch to begin with:

commit 6edbe15c3dba7da0cffc1c11099867553e9d5570
Author: Yi Zhao 
Date:   Thu Nov 14 09:49:01 2019 +0800

 audit: switch to python3
 
 * Switch to python3
 
 * Drop patches:

   audit-python-configure.patch
   audit-python.patch
   fix-swig-host-contamination.patch
 
 Signed-off-by: Yi Zhao 

 Signed-off-by: Joe MacDonald 

If we need to bring it back, though, obviously no concerns about it since the
last time I did and update I carried it along.  :-)



When I dropped it in my previous patch I just tested it on some modern 
Linux distributions (e.g. Ubuntu 16.04/18.04 Fedora 31). There is no 
such error because the audit.h on the host is matched to our audit 
recipe. Then we found the build failure on some old distros (e.g. CentOS 
7) because of the old version autdit.h on host. The CentOS7 is still on 
Yocto support distros list. See: meta-poky/conf/distro/poky.conf. I'm 
afraid we should bring it back.



Thanks,

Yi




-J.

[[meta-selinux][PATCH] audit: fix host contamination for swig] On 19.12.27 (Fri 
10:43) Yi Zhao wrote:


The audit build uses swig to generate a python wrapper. But there is a
hardcoded include directory in auditswig.i, which causes header files on
the host to be used when building. This will cause build error on some
old systems. e.g. on CentOS7 with buildtools:
   audit_wrap.c: In function '_wrap_audit_rule_flags_set':
   audit_wrap.c:5018:19: error: dereferencing pointer to incomplete type 
'struct audit_rule'
   5018  if (arg1) (arg1)->flags = arg2;
 ^~

Signed-off-by: Yi Zhao 
---
  .../Fixed-swig-host-contamination-issue.patch | 57 +++
  recipes-security/audit/audit_2.8.5.bb |  1 +
  2 files changed, 58 insertions(+)
  create mode 100644 
recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch

diff --git 
a/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch 
b/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
new file mode 100644
index 000..7c26995
--- /dev/null
+++ b/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
@@ -0,0 +1,57 @@
+From a07271f1cce82122610b622bcea4a8a37528f321 Mon Sep 17 00:00:00 2001
+From: Li xin 
+Date: Sun, 19 Jul 2015 02:42:58 +0900
+Subject: [PATCH] audit: Fixed swig host contamination issue
+
+The audit build uses swig to generate a python wrapper.
+Unfortunately, the swig info file references host include
+directories.  Some of these were previously noticed and
+eliminated, but the one fixed here was not.
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Anders Hedlund 
+Signed-off-by: Joe Slater 
+Signed-off-by: Yi Zhao 
+---
+ bindings/swig/python3/Makefile.am | 3 ++-
+ bindings/swig/src/auditswig.i | 2 +-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/bindings/swig/python3/Makefile.am 
b/bindings/swig/python3/Makefile.am
+index 9938418..fa46aac 100644
+--- a/bindings/swig/python3/Makefile.am
 b/bindings/swig/python3/Makefile.am
+@@ -22,6 +22,7 @@
+ CONFIG_CLEAN_FILES = *.loT *.rej *.orig
+ AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing $(PYTHON3_CFLAGS)
+ AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES)
++STDINC ?= /usr/include
+ LIBS = $(top_builddir)/lib/libaudit.la
+ SWIG_FLAGS = -python -py3 -modern
+ SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES)
+@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h 
${top_builddir}/lib/libaudi
+ _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la
+ nodist__audit_la_SOURCES  = audit_wrap.c
+ audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i
+-  swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} 
${srcdir}/../src/auditswig.i
++  swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} -I$(STDINC) 
${srcdir}/../src/auditswig.i
+
+ CLEANFILES = audit.py* audit_wrap.c *~
+
+diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
+index 7ebb373..424fb68 100644
+--- a/bindings/swig/src/auditswig.i
 b/bindings/swig/src/auditswig.i
+@@ -39,7 +39,7 @@ signed
+ #define __attribute(X) /*nothing*/
+ typedef unsigned __u32;
+ typedef unsigned uid_t;
+-%include "/usr/include/linux/audit.h"
++%include "linux/audit.h"
+ #define __extension__ /*nothing*/
+ #include 
+ %include "../lib/libaudit.h"
+--
+2.7.4
+
diff --git a/recipes-security/audit/audit_2.8.5.bb 
b/recipes-security/audit/audit_2.8.5.bb
index 1e76d5f..ee3b3b5 100644
--- a/recipes-security/audit/audit_2.8.5.bb
+++ b/recipes-security/audit/audit_2.8.5.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
  
  SRC_URI = "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8

Re: [yocto] [meta-selinux][PATCH] audit: fix host contamination for swig

2019-12-30 Thread Joe MacDonald

Hi Yi,

So, just to confirm, this is needed in your experience (I don't have any
builders that are that old, so I haven't verified).  I just ask because
we only just dropped this patch to begin with:

commit 6edbe15c3dba7da0cffc1c11099867553e9d5570
Author: Yi Zhao 
Date:   Thu Nov 14 09:49:01 2019 +0800

audit: switch to python3

* Switch to python3

* Drop patches:
  audit-python-configure.patch
  audit-python.patch
  fix-swig-host-contamination.patch

Signed-off-by: Yi Zhao 
Signed-off-by: Joe MacDonald 

If we need to bring it back, though, obviously no concerns about it since the
last time I did and update I carried it along.  :-)

-J.

[[meta-selinux][PATCH] audit: fix host contamination for swig] On 19.12.27 (Fri 
10:43) Yi Zhao wrote:

> The audit build uses swig to generate a python wrapper. But there is a
> hardcoded include directory in auditswig.i, which causes header files on
> the host to be used when building. This will cause build error on some
> old systems. e.g. on CentOS7 with buildtools:
>   audit_wrap.c: In function '_wrap_audit_rule_flags_set':
>   audit_wrap.c:5018:19: error: dereferencing pointer to incomplete type 
> 'struct audit_rule'
>   5018  if (arg1) (arg1)->flags = arg2;
> ^~
> 
> Signed-off-by: Yi Zhao 
> ---
>  .../Fixed-swig-host-contamination-issue.patch | 57 +++
>  recipes-security/audit/audit_2.8.5.bb |  1 +
>  2 files changed, 58 insertions(+)
>  create mode 100644 
> recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
> 
> diff --git 
> a/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch 
> b/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
> new file mode 100644
> index 000..7c26995
> --- /dev/null
> +++ b/recipes-security/audit/audit/Fixed-swig-host-contamination-issue.patch
> @@ -0,0 +1,57 @@
> +From a07271f1cce82122610b622bcea4a8a37528f321 Mon Sep 17 00:00:00 2001
> +From: Li xin 
> +Date: Sun, 19 Jul 2015 02:42:58 +0900
> +Subject: [PATCH] audit: Fixed swig host contamination issue
> +
> +The audit build uses swig to generate a python wrapper.
> +Unfortunately, the swig info file references host include
> +directories.  Some of these were previously noticed and
> +eliminated, but the one fixed here was not.
> +
> +Upstream-Status: Inappropriate [embedded specific]
> +
> +Signed-off-by: Anders Hedlund 
> +Signed-off-by: Joe Slater 
> +Signed-off-by: Yi Zhao 
> +---
> + bindings/swig/python3/Makefile.am | 3 ++-
> + bindings/swig/src/auditswig.i | 2 +-
> + 2 files changed, 3 insertions(+), 2 deletions(-)
> +
> +diff --git a/bindings/swig/python3/Makefile.am 
> b/bindings/swig/python3/Makefile.am
> +index 9938418..fa46aac 100644
> +--- a/bindings/swig/python3/Makefile.am
>  b/bindings/swig/python3/Makefile.am
> +@@ -22,6 +22,7 @@
> + CONFIG_CLEAN_FILES = *.loT *.rej *.orig
> + AM_CFLAGS = -fPIC -DPIC -fno-strict-aliasing $(PYTHON3_CFLAGS)
> + AM_CPPFLAGS = -I. -I$(top_builddir) -I${top_srcdir}/lib $(PYTHON3_INCLUDES)
> ++STDINC ?= /usr/include
> + LIBS = $(top_builddir)/lib/libaudit.la
> + SWIG_FLAGS = -python -py3 -modern
> + SWIG_INCLUDES = -I. -I$(top_builddir) -I${top_srcdir}/lib 
> $(PYTHON3_INCLUDES)
> +@@ -37,7 +38,7 @@ _audit_la_DEPENDENCIES =${top_srcdir}/lib/libaudit.h 
> ${top_builddir}/lib/libaudi
> + _audit_la_LIBADD = ${top_builddir}/lib/libaudit.la
> + nodist__audit_la_SOURCES  = audit_wrap.c
> + audit.py audit_wrap.c: ${srcdir}/../src/auditswig.i 
> +-swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} 
> ${srcdir}/../src/auditswig.i 
> ++swig -o audit_wrap.c ${SWIG_FLAGS} ${SWIG_INCLUDES} -I$(STDINC) 
> ${srcdir}/../src/auditswig.i
> + 
> + CLEANFILES = audit.py* audit_wrap.c *~
> + 
> +diff --git a/bindings/swig/src/auditswig.i b/bindings/swig/src/auditswig.i
> +index 7ebb373..424fb68 100644
> +--- a/bindings/swig/src/auditswig.i
>  b/bindings/swig/src/auditswig.i
> +@@ -39,7 +39,7 @@ signed
> + #define __attribute(X) /*nothing*/
> + typedef unsigned __u32;
> + typedef unsigned uid_t;
> +-%include "/usr/include/linux/audit.h"
> ++%include "linux/audit.h"
> + #define __extension__ /*nothing*/
> + #include 
> + %include "../lib/libaudit.h"
> +-- 
> +2.7.4
> +
> diff --git a/recipes-security/audit/audit_2.8.5.bb 
> b/recipes-security/audit/audit_2.8.5.bb
> index 1e76d5f..ee3b3b5 100644
> --- a/recipes-security/audit/audit_2.8.5.bb
> +++ b/recipes-security/audit/audit_2.8.5.bb
> @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = 
> "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
>  
>  SRC_URI = 
> "git://github.com/linux-audit/${BPN}-userspace.git;branch=2.8_maintenance \
> file://Add-substitue-functions-for-strndupa-rawmemchr.patch \
> +   file://Fixed-swig-host-contamination-issue.patch \
> file://auditd \
> file://auditd.service \
> file://audit-volatile.conf \
> -- 
> 2.17.1
> 

-- 
-Joe MacDonald.
:wq


signature.asc
Description: PGP signature

[yocto] Yocto Project Newcomer & Unassigned Bugs - Help Needed

2019-12-30 Thread Stephen Jolley

All,

 

The triage team is starting to try and collect up and classify bugs which a
newcomer to the project would be able to work on in a way which means people
can find them. They're being listed on the triage page under the appropriate
heading:

 

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs

 

The idea is these bugs should be straight forward for a person to help work
on who doesn't have deep experience with the project.  If anyone can help,
please take ownership of the bug and send patches!  If anyone needs
help/advice there are people on irc who can likely do so, or some of the
more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs
reported into the Bugzilla. The number of people attending that meeting has
fallen, as have the number of people available to help fix bugs. One of the
things we hear users report is they don't know how to help. We (the triage
team) are therefore going to start reporting out the currently 301
unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out
with these.  Bugs are split into two types, "true bugs" where things don't
work as they should and "enhancements" which are features we'd want to add
to the system.  There are also roughly four different "priority" classes
right now, "3.1", "3.2, "3.99" and "Future", the more pressing/urgent issues
being in "3.1" and then "3.2".

 

Please review this link and if a bug is something you would be able to help
with either take ownership of the bug, or send me (sjolley.yp...@gmail.com
 ) an e-mail with the bug number you would
like and I will assign it to you (please make sure you have a Bugzilla
account).  The list is at:
https://wiki.yoctoproject.org/wiki/Bug_Triage#Unassigned_or_Newcomer_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Project Manager

*Cell:(208) 244-4460

* Email:  sjolley.yp...@gmail.com
 

 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#47838): https://lists.yoctoproject.org/g/yocto/message/47838
Mute This Topic: https://lists.yoctoproject.org/mt/69337875/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [yocto] #yocto devtool option -S seems broken

2019-12-30 Thread Thilo Graf

> 
> Can you verify Master please.

Ok, I just tested with master ff0db7b88ec5026f75a86f6fd8562c35b95b1017 and it 
works fine.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#47837): https://lists.yoctoproject.org/g/yocto/message/47837
Mute This Topic: https://lists.yoctoproject.org/mt/69321704/21656
Mute #yocto: https://lists.yoctoproject.org/mk?hashtag=yocto&subid=6691583
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [yocto] [meta-selinux][PATCH] audit: fix host contamination for swig

Re: [yocto] [meta-selinux][PATCH] audit: fix host contamination for swig

[yocto] Yocto Project Newcomer & Unassigned Bugs - Help Needed

Re: [yocto] #yocto devtool option -S seems broken

4 matches

Site Navigation

Mail list logo

Footer information