[yocto] [RFC PATCH 1/6] config.json: add a systemd no-x11 build
Particularly the weston image has now regressed twice under systemd,
so I think there should be a quality gate for it.
Signed-off-by: Alexander Kanavin
---
config.json | 15 +--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/config.json b/config.json
index 8025166..d6e7df8 100644
--- a/config.json
+++ b/config.json
@@ -715,8 +715,19 @@
"SANITYTARGETS" : "core-image-full-cmdline:do_testimage
core-image-weston:do_testimage",
"extravars" : [
"DISTRO_FEATURES_remove = 'x11'"
-]
-
+],
+"step1" : {
+"shortname" : "Sysvinit weston"
+},
+"step2" : {
+"shortname" : "Systemd weston",
+"extravars" : [
+ "TEST_SUITES_append = ' systemd'",
+ "DISTRO_FEATURES_append = ' pam systemd'",
+ "VIRTUAL-RUNTIME_init_manager = 'systemd'",
+ "DISTRO_FEATURES_BACKFILL_CONSIDERED = 'sysvinit'"
+]
+}
},
"musl-qemux86" : {
"MACHINE" : "qemux86",
--
2.29.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52675): https://lists.yoctoproject.org/g/yocto/message/52675
Mute This Topic: https://lists.yoctoproject.org/mt/81275470/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[yocto] [RFC PATCH 3/6] config.json: transition ptests to weston-based images
Signed-off-by: Alexander Kanavin
---
config.json | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/config.json b/config.json
index 66b76ed..b0fc363 100644
--- a/config.json
+++ b/config.json
@@ -88,16 +88,16 @@
},
"ptest-qemu" : {
"BUILDINFO" : true,
-"BBTARGETS" : "core-image-sato-ptest",
-"SANITYTARGETS" : "core-image-sato-ptest:do_testimage",
+"BBTARGETS" : "core-image-weston-ptest-all",
+"SANITYTARGETS" : "core-image-weston-ptest-all:do_testimage",
"extravars" : [
"TEST_SUITES = 'ping ssh ptest'"
]
},
"ptest-qemu-fast" : {
"BUILDINFO" : true,
-"BBTARGETS" : "core-image-sato-ptest-fast",
-"SANITYTARGETS" : "core-image-sato-ptest-fast:do_testimage",
+"BBTARGETS" : "core-image-weston-ptest-fast",
+"SANITYTARGETS" : "core-image-weston-ptest-fast:do_testimage",
"extravars" : [
"TEST_SUITES = 'ping ssh ptest'"
]
@@ -117,7 +117,7 @@
"arch-hw" : {
"BUILDINFO" : true,
"step1" : {
-"BBTARGETS" : "core-image-sato core-image-sato-sdk
core-image-minimal core-image-minimal-dev core-image-sato-ptest
core-image-sato:do_populate_sdk",
+"BBTARGETS" : "core-image-sato core-image-sato-sdk
core-image-minimal core-image-minimal-dev core-image-weston-ptest-all
core-image-sato:do_populate_sdk",
"SANITYTARGETS" : "core-image-sato:do_testsdk"
}
},
@@ -319,7 +319,7 @@
},
"step2" : {
"MACHINE" : "qemux86-64",
-"BBTARGETS" : "core-image-sato core-image-sato-sdk
core-image-minimal core-image-minimal-dev core-image-sato-sdk-ptest
core-image-sato:do_populate_sdk",
+"BBTARGETS" : "core-image-sato core-image-sato-sdk
core-image-minimal core-image-minimal-dev core-image-weston-ptest-all
core-image-sato:do_populate_sdk",
"SANITYTARGETS" : "core-image-sato:do_testsdk"
},
--
2.29.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52677): https://lists.yoctoproject.org/g/yocto/message/52677
Mute This Topic: https://lists.yoctoproject.org/mt/81275473/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[yocto] [RFC PATCH 4/6] config.json: replace core-image-sato with core-image-weston
I believe the time has come for YP to be defaulting to Wayland
and not X11.
X11 is effectively deprecated technology at this point with
only minimal maintenance; standalone X server will not be
developed any further, and all attention currently is towards
making X apps work well under Wayland.
Weston is built with x11 support enabled via xwayland, so
x11 bits continue do be built and exercised in tests and SDKs;
for testing core-image-sato as a whole a separate target will
be added next.
Signed-off-by: Alexander Kanavin
---
config.json | 176 ++--
1 file changed, 88 insertions(+), 88 deletions(-)
diff --git a/config.json b/config.json
index b0fc363..cf6165a 100644
--- a/config.json
+++ b/config.json
@@ -62,13 +62,13 @@
"BUILDINFO" : true,
"BUILDHISTORY" : true,
"step1" : {
-"BBTARGETS" : "core-image-sato core-image-sato-sdk
core-image-minimal core-image-minimal-dev core-image-sato:do_populate_sdk",
-"SANITYTARGETS" : "core-image-minimal:do_testimage
core-image-sato:do_testimage core-image-sato-sdk:do_testimage
core-image-sato:do_testsdk"
+"BBTARGETS" : "core-image-weston core-image-weston-sdk
core-image-minimal core-image-minimal-dev core-image-weston:do_populate_sdk",
+"SANITYTARGETS" : "core-image-minimal:do_testimage
core-image-weston:do_testimage core-image-weston-sdk:do_testimage
core-image-weston:do_testsdk"
},
"step2" : {
"SDKMACHINE" : "x86_64",
-"BBTARGETS" : "core-image-sato:do_populate_sdk
core-image-minimal:do_populate_sdk_ext core-image-sato:do_populate_sdk_ext",
-"SANITYTARGETS" : "core-image-sato:do_testsdk
core-image-minimal:do_testsdkext core-image-sato:do_testsdkext"
+"BBTARGETS" : "core-image-weston:do_populate_sdk
core-image-minimal:do_populate_sdk_ext core-image-weston:do_populate_sdk_ext",
+"SANITYTARGETS" : "core-image-weston:do_testsdk
core-image-minimal:do_testsdkext core-image-weston:do_testsdkext"
},
"step3" : {
"shortname" : "Machine oe-selftest",
@@ -82,8 +82,8 @@
"BUILDINFO" : true,
"BUILDHISTORY" : true,
"step1" : {
-"BBTARGETS" : "core-image-full-cmdline core-image-sato
core-image-sato-sdk",
-"SANITYTARGETS" : "core-image-full-cmdline:do_testimage
core-image-sato:do_testimage core-image-sato-sdk:do_testimage"
+"BBTARGETS" : "core-image-full-cmdline core-image-weston
core-image-weston-sdk",
+"SANITYTARGETS" : "core-image-full-cmdline:do_testimage
core-image-weston:do_testimage core-image-weston-sdk:do_testimage"
}
},
"ptest-qemu" : {
@@ -104,8 +104,8 @@
},
"ltp-qemu" : {
"BUILDINFO" : true,
-"BBTARGETS" : "core-image-sato",
-"SANITYTARGETS" : "core-image-sato:do_testimage",
+"BBTARGETS" : "core-image-weston",
+"SANITYTARGETS" : "core-image-weston:do_testimage",
"extravars" : [
"IMAGE_INSTALL_append = ' ltp'",
"TEST_SUITES = 'ping ssh ltp ltp_compliance'",
@@ -117,16 +117,16 @@
"arch-hw" : {
"BUILDINFO" : true,
"step1" : {
-"BBTARGETS" : "core-image-sato core-image-sato-sdk
core-image-minimal core-image-minimal-dev core-image-weston-ptest-all
core-image-sato:do_populate_sdk",
-"SANITYTARGETS" : "core-image-sato:do_testsdk"
+"BBTARGETS" : "core-image-weston core-image-weston-sdk
core-image-minimal core-image-minimal-dev core-image-weston-ptest-all
core-image-weston:do_populate_sdk",
+"SANITYTARGETS" : "core-image-weston:do_testsdk"
}
},
"arch-hw-qemu" : {
"BUILDINFO" : true,
"step1" : {
"SDKMACHINE" : "x86_64",
-"BBTARGETS" : "core-image-minimal core-image-sato
core-image-sato-sdk core-image-sato:do_populate_sdk
core-image-sato:do_populate_sdk_ext",
-"SANITYTARGETS" : "core-image-minimal:do_testimage
core-image-sato:do_testimage core-image-sato-sdk:do_testimage
core-image-sato:do_testsdk core-image-sato:do_testsdkext"
+"BBTARGETS" : "core-image-minimal core-image-weston
core-image-weston-sdk core-image-weston:do_populate_sdk
core-image-weston:do_populate_sdk_ext",
+"SANITYTARGETS" : "core-image-minimal:do_testimage
core-image-weston:do_testimage core-image-weston-sdk:do_testimage
core-image-weston:do_testsdk core-image-weston:do_testsdkext"
},
"step2" : {
"shortname" : "Machine oe-selftest",
@@ -138,7 +138,7 @@
"DISTRO" : "poky-altcfg",
"BUILDINFO" : true,
"step1" : {
-
[yocto] [RFC PATCH 2/6] config.json: drop core-image-sato-dev from builds
core-image-sato-sdk is a superset, and a much more useful one.
Signed-off-by: Alexander Kanavin
---
config.json | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/config.json b/config.json
index d6e7df8..66b76ed 100644
--- a/config.json
+++ b/config.json
@@ -62,7 +62,7 @@
"BUILDINFO" : true,
"BUILDHISTORY" : true,
"step1" : {
-"BBTARGETS" : "core-image-sato core-image-sato-dev
core-image-sato-sdk core-image-minimal core-image-minimal-dev
core-image-sato:do_populate_sdk",
+"BBTARGETS" : "core-image-sato core-image-sato-sdk
core-image-minimal core-image-minimal-dev core-image-sato:do_populate_sdk",
"SANITYTARGETS" : "core-image-minimal:do_testimage
core-image-sato:do_testimage core-image-sato-sdk:do_testimage
core-image-sato:do_testsdk"
},
"step2" : {
@@ -117,7 +117,7 @@
"arch-hw" : {
"BUILDINFO" : true,
"step1" : {
-"BBTARGETS" : "core-image-sato core-image-sato-dev
core-image-sato-sdk core-image-minimal core-image-minimal-dev
core-image-sato-ptest core-image-sato:do_populate_sdk",
+"BBTARGETS" : "core-image-sato core-image-sato-sdk
core-image-minimal core-image-minimal-dev core-image-sato-ptest
core-image-sato:do_populate_sdk",
"SANITYTARGETS" : "core-image-sato:do_testsdk"
}
},
@@ -246,7 +246,7 @@
"BUILDINFO" : true,
"step1" : {
"SDKMACHINE" : "aarch64",
-"BBTARGETS" : "core-image-sato core-image-sato-dev
core-image-sato-sdk core-image-minimal core-image-minimal-dev
core-image-sato:do_populate_sdk core-image-minimal:do_populate_sdk_ext
core-image-sato:do_populate_sdk_ext",
+"BBTARGETS" : "core-image-sato core-image-sato-sdk
core-image-minimal core-image-minimal-dev core-image-sato:do_populate_sdk
core-image-minimal:do_populate_sdk_ext core-image-sato:do_populate_sdk_ext",
"SANITYTARGETS" : "core-image-minimal:do_testimage
core-image-sato:do_testimage core-image-sato-sdk:do_testimage
core-image-sato:do_testsdk core-image-minimal:do_testsdkext
core-image-sato:do_testsdkext"
}
},
@@ -275,7 +275,7 @@
"BUILDINFO" : true,
"step1" : {
"SDKMACHINE" : "aarch64",
-"BBTARGETS" : "core-image-sato core-image-sato-dev
core-image-sato-sdk core-image-minimal core-image-minimal-dev
core-image-sato:do_populate_sdk core-image-minimal:do_populate_sdk_ext
core-image-sato:do_populate_sdk_ext",
+"BBTARGETS" : "core-image-sato core-image-sato-sdk
core-image-minimal core-image-minimal-dev core-image-sato:do_populate_sdk
core-image-minimal:do_populate_sdk_ext core-image-sato:do_populate_sdk_ext",
"SANITYTARGETS" : "core-image-minimal:do_testimage
core-image-sato:do_testimage core-image-sato-sdk:do_testimage
core-image-sato:do_testsdk core-image-minimal:do_testsdkext
core-image-sato:do_testsdkext"
}
},
@@ -314,12 +314,12 @@
"SSTATEDIR" : ["SSTATE_DIR ?= '${HELPERBUILDDIR}/sstate'"],
"MACHINE" : "qemuarm64",
"step1" : {
- "BBTARGETS" : "core-image-sato core-image-sato-dev
core-image-sato-sdk core-image-minimal core-image-minimal-dev
core-image-sato:do_populate_sdk",
+ "BBTARGETS" : "core-image-sato core-image-sato-sdk
core-image-minimal core-image-minimal-dev core-image-sato:do_populate_sdk",
"SANITYTARGETS" : "core-image-minimal:do_testimage
core-image-sato:do_testimage core-image-sato-sdk:do_testimage
core-image-sato:do_testsdk"
},
"step2" : {
"MACHINE" : "qemux86-64",
-"BBTARGETS" : "core-image-sato core-image-sato-dev
core-image-sato-sdk core-image-minimal core-image-minimal-dev
core-image-sato-sdk-ptest core-image-sato:do_populate_sdk",
+"BBTARGETS" : "core-image-sato core-image-sato-sdk
core-image-minimal core-image-minimal-dev core-image-sato-sdk-ptest
core-image-sato:do_populate_sdk",
"SANITYTARGETS" : "core-image-sato:do_testsdk"
},
@@ -584,25 +584,25 @@
"pkgman-rpm-non-rpm" : {
"MACHINE" : "qemux86",
"PACKAGE_CLASSES" : "package_rpm",
-"BBTARGETS" : "core-image-sato core-image-sato-dev
core-image-sato-sdk core-image-minimal core-image-minimal-dev",
+"BBTARGETS" : "core-image-sato core-image-sato-sdk
core-image-minimal core-image-minimal-dev",
"SANITYTARGETS" : "core-image-minimal:do_testimage
core-image-sato:do_testimage core-image-sato-sdk:do_testimage"
},
"pkgman-deb-non-deb" : {
"MACHINE" : "qemux86",
"PACKAGE_CLASSES" : "package_deb",
-"BBTARGETS" : "core-image-sato core-image-sa
[yocto] [RFC PATCH 6/6] config.json: add a target to test standalone X11 image
Signed-off-by: Alexander Kanavin
---
config.json | 5 +
1 file changed, 5 insertions(+)
diff --git a/config.json b/config.json
index 75bf4e2..b9c493a 100644
--- a/config.json
+++ b/config.json
@@ -729,6 +729,11 @@
]
}
},
+"only-x11" : {
+"MACHINE" : "qemux86-64",
+"BBTARGETS" : "core-image-sato core-image-sato:do_populate_sdk
core-image-sato:do_populate_sdk_ext core-image-sato-sdk",
+"SANITYTARGETS" : "core-image-sato:do_testimage
core-image-sato:do_testsdk core-image-sato:do_testsdkext
core-image-sato-sdk:do_testimage"
+},
"musl-qemux86" : {
"MACHINE" : "qemux86",
"SDKMACHINE" : "x86_64",
--
2.29.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52680): https://lists.yoctoproject.org/g/yocto/message/52680
Mute This Topic: https://lists.yoctoproject.org/mt/81275477/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[yocto] [RFC PATCH 5/6] config.json: pam is required when weston starts under systemd
Signed-off-by: Alexander Kanavin --- config.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config.json b/config.json index cf6165a..75bf4e2 100644 --- a/config.json +++ b/config.json @@ -937,7 +937,7 @@ "BBTARGETS" : "core-image-weston", "SANITYTARGETS" : "core-image-weston:do_testimage", "extravars" : [ -"DISTRO_FEATURES_append = ' systemd'", +"DISTRO_FEATURES_append = ' pam systemd'", "VIRTUAL-RUNTIME_init_manager = 'systemd'", "TEST_SUITES_append = ' systemd'" ] @@ -957,7 +957,7 @@ "SANITYTARGETS" : "core-image-weston:do_testimage", "extravars" : [ "TEST_SUITES_append = ' systemd'", -"DISTRO_FEATURES_append = ' systemd'", +"DISTRO_FEATURES_append = ' pam systemd'", "VIRTUAL-RUNTIME_init_manager = 'systemd'", "DISTRO_FEATURES_BACKFILL_CONSIDERED = 'sysvinit'" ] -- 2.29.2 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52679): https://lists.yoctoproject.org/g/yocto/message/52679 Mute This Topic: https://lists.yoctoproject.org/mt/81275475/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-security][PATCH] ima-evm-keys: add file-checksums to IMA_EVM_X509
From: Ming Liu
This ensures when a end user change the IMA_EVM_X509 key file,
ima-evm-keys recipe will be rebuilt.
Signed-off-by: Ming Liu
---
meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
b/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
index 62685bb..7708aef 100644
--- a/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
+++ b/meta-integrity/recipes-security/ima-evm-keys/ima-evm-keys_1.0.bb
@@ -14,3 +14,4 @@ do_install () {
lnr ${D}${sysconfdir}/keys/x509_evm.der
${D}${sysconfdir}/keys/x509_ima.der
fi
}
+do_install[file-checksums] += "${@'${IMA_EVM_X509}:%s' %
os.path.exists('${IMA_EVM_X509}')}"
--
2.29.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52681): https://lists.yoctoproject.org/g/yocto/message/52681
Mute This Topic: https://lists.yoctoproject.org/mt/81275663/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[yocto] avahi_0.8 issue with latest version
Hi Guys, I have installed avahi_0.8 version using gatesgreath version. its compiled successfully .but i am facing issue with pid is remove automatically when i restart my service. avahi configuration : hostname,domain name, allow ipv4, allow eth0,reflector =yes i did all this avahi-daemon.conf dependencies: gtk+3,gtk,dbus,avahi-daemon,avahi-utils ,libnss-mdns. is i miss any configuration or any patchwork work for this packages please update me i will modify it. ( avahi-daemon[625]: Process 592 died: No such process; trying to remove PID file. (/run/avahi-daemon//pid)) 0;1;32m*[[0m avahi-daemon.service - Avahi mDNS/DNS-SD Stack Loaded: loaded (/lib/systemd/system/avahi-daemon.service; enabled; vendor preset: enabled) Active: [[0;1;32mactive (running)[[0m since Fri 2021-03-05 13:12:17 UTC; 7min ago TriggeredBy: [[0;1;32m*[[0m avahi-daemon.socket Main PID: 625 (avahi-daemon) Status: "avahi-daemon 0.8 starting up." Tasks: 2 (limit: 9561) Memory: 620.0K CGroup: /system.slice/avahi-daemon.service |-625 avahi-daemon: running [foo.local] `-626 avahi-daemon: chroot helper Mar 05 13:12:17 mysystem systemd[1]: Starting Avahi mDNS/DNS-SD Stack... Mar 05 13:12:17 mysystem avahi-daemon[625]: Process 592 died: No such process; trying to remove PID file. (/run/avahi-daemon//pid) Mar 05 13:12:17 my system systemd[1]: Started Avahi mDNS/DNS-SD Stack. root@mysystem:~# pgrep -f -l avahi 192 systemctl 200 systemctl 210 systemctl 216 journalctl 503 systemctl 539 systemctl 547 systemctl 559 systemctl 575 systemctl 582 systemctl 594 systemctl 625 avahi-daemon: running [foo.local] 626 avahi-daemon: chroot helper Thanks & Regards, Sateesh -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52682): https://lists.yoctoproject.org/g/yocto/message/52682 Mute This Topic: https://lists.yoctoproject.org/mt/81276221/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[yocto] debug symbols and INHIBIT_PACKAGE_STRIP = "1"
Hi,
I'm using bitbake to build an application and I'd like to troubleshoot
some segfaults that are taking place. I've set up gdbserver on a virtual
machine running the application and can connect. My problem is that I
cannot seem to get the image to build my binaries without stripping the
symbol table.
Whenever I run:
|objdump -t _binary_|
it shows 'no symbols' under 'SYMBOL TABLE'.
So far I've added the following to build/conf/local.conf
|EXTRA_IMAGE_FEATURES = "debug-tweaks dbg-pkgs tools-sdk tools-debug "|
|INHIBIT_PACKAGE_STRIP = "1"|
|INHIBIT_PACKAGE_DEBUG_SPLIT= "1"|
I also tried adding the following to bitbake.conf:
|export CFLAGS = "${TARGET_CFLAGS} -g"|
|export LDFLAGS = "${TARGET_LDFLAGS} -g"|
Strangely, the size of the binary I'm looking at has increased. Since
making these changes and the new build took much longer to run.
Running |bitbake -e _recipe_ | shows the environment of my recipe and
reflects the changes made in local.conf.
Is there a way I can look at the exact gcc command that is being run to
make sure it's not still being stripped somewhere? I can't seem to see
it in the logs
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52683): https://lists.yoctoproject.org/g/yocto/message/52683
Mute This Topic: https://lists.yoctoproject.org/mt/81276552/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [yocto] [meta-selinux][PATCH] openssh: don't overwrite sshd_config unconditionally
Hi,
Please let me know if there any update on this change
& the tentative week when this change is going to merge in the code.
Thanks & Regards,
Purushottam
From: Purushottam Choudhary
Sent: Friday, February 26, 2021 2:29 PM
To: yocto@lists.yoctoproject.org
Cc: Nisha Parrakat
Subject: [meta-selinux][PATCH] openssh: don't overwrite sshd_config
unconditionally
The current implementation was overwriting the sshd_config and sshd
assuming PAM is needed by default.
openssh should use the default sshd_config packaged with the component
if no distro specific needs are present and not overwrite the full
sshd_config file.
1. If PAM is enabled as a distro then enable the UsePAM option in sshd_config.
2. Moved the file sshd to pam directory so that when pam is enabled,
then replace the default from poky by installing the same.
Signed-off-by: Purushottam Choudhary
---
recipes-connectivity/openssh/files/{ => pam}/sshd | 0
recipes-connectivity/openssh/files/sshd_config| 118 --
recipes-connectivity/openssh/openssh_%.bbappend | 14 +++
3 files changed, 14 insertions(+), 118 deletions(-)
rename recipes-connectivity/openssh/files/{ => pam}/sshd (100%)
delete mode 100644 recipes-connectivity/openssh/files/sshd_config
diff --git a/recipes-connectivity/openssh/files/sshd
b/recipes-connectivity/openssh/files/pam/sshd
similarity index 100%
rename from recipes-connectivity/openssh/files/sshd
rename to recipes-connectivity/openssh/files/pam/sshd
diff --git a/recipes-connectivity/openssh/files/sshd_config
b/recipes-connectivity/openssh/files/sshd_config
deleted file mode 100644
index 1c33ad0..000
--- a/recipes-connectivity/openssh/files/sshd_config
+++ /dev/null
@@ -1,118 +0,0 @@
-# $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $
-
-# This is the sshd server system-wide configuration file. See
-# sshd_config(5) for more information.
-
-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
-
-# The strategy used for options in the default sshd_config shipped with
-# OpenSSH is to specify options with their default value where
-# possible, but leave them commented. Uncommented options override the
-# default value.
-
-#Port 22
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
-#HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Ciphers and keying
-#RekeyLimit default none
-
-# Logging
-#SyslogFacility AUTH
-#LogLevel INFO
-
-# Authentication:
-
-#LoginGraceTime 2m
-#PermitRootLogin prohibit-password
-#StrictModes yes
-#MaxAuthTries 6
-#MaxSessions 10
-
-#PubkeyAuthentication yes
-
-# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
-# but this is overridden so installations will only check .ssh/authorized_keys
-#AuthorizedKeysFile.ssh/authorized_keys
-
-#AuthorizedPrincipalsFile none
-
-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
-
-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
-
-# To disable tunneled clear text passwords, change to no here!
-#PasswordAuthentication yes
-#PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication no
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication. Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM yes
-
-#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
-#X11Forwarding no
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PermitTTY yes
-#PrintMotd yes
-#PrintLastLog yes
-#TCPKeepAlive yes
-#UseLogin no
-#PermitUserEnvironment no
-Compression no
-ClientAliveInterval 15
-ClientAliveCountMax 4
-#UseDNS no
-#PidFile /var/run/sshd.pid
-#MaxStartups 10:30:100
-#PermitTunnel no
-#ChrootDirectory none
-#VersionAddendum none
-
-# no default banner path
-#Banner none
-
-# override default of no subsystems
-Subsystem sftp/usr/libexec/sftp-server
-
-# Example of overriding settings on a per-user basis
-#Match Us
Re: [yocto] [meta-selinux][PATCH] openssh: don't overwrite sshd_config unconditionally
Hi Purushottam,
[Re: [yocto] [meta-selinux][PATCH] openssh: don't overwrite sshd_config
unconditionally] On 21.03.12 (Fri 12:05) Purushottam choudhary wrote:
> Hi,
>
> Please let me know if there any update on this change
> & the tentative week when this change is going to merge in the code.
Sorry about that, I haven't merged it for a couple of reasons, but I
should have followed up before now on it. It doesn't appear to be against
the currnet head of tree, so I'd suggest a quick rebase on your part and
resend if you think it is still relevant.
At a more basic level, though, I don't know who or how many projects are
intending to use meta-selinux without PAM. The layer documentation does
make it clear we expect PAM to always be present:
45 1.2 - How does this layer do to enable SELinux features?
46
47 To enable SELinux features, this layers has done these works:
48
49* new DISTRO_FEATURES "selinux" defined
50* new DISTRO "poky-selinux" defined, with DISTRO_FEATURES += "pam
selinux"
51* config file for Linux kernel to enable SELinux
52* recipes for SELinux userland libraries and tools
53* package group (packagegroup-core-selinux) for SELinux userland packages
54* bbappends for SELinux related recipes to build with SELinux enabled
55* recipes for SELinux policy modified from refpolicy
The documentation is certainly in need of some updating, but I think the
majority of our users (if not all) are including PAM in their projects. I
would be interested to hear about your PAM-less meta-selinux project if
you can share some details.
It is certainly arguable whether the config file should be dumped in place
as it is being today, but I do think it's functioning as intended right
now. Shifting the PAM sshd configuration to a different directory is fine
with me, I don't have any particular love of everything in one files/
directory, but I also don't have any strong aversion to it until it
becomes an obvious problem (eg. two separate files that should have the
same name and different purposes, such as something to be installed in
/etc/defaults/ and /etc/X11/, maybe).
I hope that clears things up a bit. Thanks.
-Joe.
>
> Thanks & Regards,
> Purushottam
>
> ━━━
> From: Purushottam Choudhary
> Sent: Friday, February 26, 2021 2:29 PM
> To: yocto@lists.yoctoproject.org
> Cc: Nisha Parrakat
> Subject: [meta-selinux][PATCH] openssh: don't overwrite sshd_config
> unconditionally
>
> The current implementation was overwriting the sshd_config and sshd
> assuming PAM is needed by default.
>
> openssh should use the default sshd_config packaged with the component
> if no distro specific needs are present and not overwrite the full
> sshd_config file.
>
> 1. If PAM is enabled as a distro then enable the UsePAM option in sshd_config.
> 2. Moved the file sshd to pam directory so that when pam is enabled,
>then replace the default from poky by installing the same.
>
> Signed-off-by: Purushottam Choudhary
> ---
> recipes-connectivity/openssh/files/{ => pam}/sshd | 0
> recipes-connectivity/openssh/files/sshd_config| 118
> --
> recipes-connectivity/openssh/openssh_%.bbappend | 14 +++
> 3 files changed, 14 insertions(+), 118 deletions(-)
> rename recipes-connectivity/openssh/files/{ => pam}/sshd (100%)
> delete mode 100644 recipes-connectivity/openssh/files/sshd_config
>
> diff --git a/recipes-connectivity/openssh/files/sshd b/recipes-connectivity/
> openssh/files/pam/sshd
> similarity index 100%
> rename from recipes-connectivity/openssh/files/sshd
> rename to recipes-connectivity/openssh/files/pam/sshd
> diff --git a/recipes-connectivity/openssh/files/sshd_config b/
> recipes-connectivity/openssh/files/sshd_config
> deleted file mode 100644
> index 1c33ad0..000
> --- a/recipes-connectivity/openssh/files/sshd_config
> +++ /dev/null
> @@ -1,118 +0,0 @@
> -# $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $
> -
> -# This is the sshd server system-wide configuration file. See
> -# sshd_config(5) for more information.
> -
> -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
> -
> -# The strategy used for options in the default sshd_config shipped with
> -# OpenSSH is to specify options with their default value where
> -# possible, but leave them commented. Uncommented options override the
> -# default value.
> -
> -#Port 22
> -#AddressFamily any
> -#ListenAddress 0.0.0.0
> -#ListenAddress ::
> -
> -#HostKey /etc/ssh/ssh_host_rsa_key
> -#HostKey /etc/ssh/ssh_host_ecdsa_key
> -#HostKey /etc/ssh/ssh_host_ed25519_key
> -
> -# Ciphers and keying
> -#RekeyLimit default none
> -
> -# Logging
> -#SyslogFacility AUTH
> -#LogLevel INFO
> -
> -# Authentication:
> -
> -#LoginGraceTime 2m
> -#PermitRootLogin prohibit-password
> -#StrictModes yes
> -#MaxAuthTries 6
> -#MaxSessions 10
> -
> -#PubkeyAuthentication yes
> -
> -# The default is
Re: [yocto] debug symbols and INHIBIT_PACKAGE_STRIP = "1"
check the build logs for the binary, see if there is some sort of symbol
stripping happening. Perhaps its using install -s ?
On 3/12/21 3:17 AM, AFraser wrote:
Hi,
I'm using bitbake to build an application and I'd like to troubleshoot
some segfaults that are taking place. I've set up gdbserver on a virtual
machine running the application and can connect. My problem is that I
cannot seem to get the image to build my binaries without stripping the
symbol table.
Whenever I run:
|objdump -t _binary_|
it shows 'no symbols' under 'SYMBOL TABLE'.
So far I've added the following to build/conf/local.conf
|EXTRA_IMAGE_FEATURES = "debug-tweaks dbg-pkgs tools-sdk tools-debug "|
|INHIBIT_PACKAGE_STRIP = "1"|
|INHIBIT_PACKAGE_DEBUG_SPLIT= "1"|
I also tried adding the following to bitbake.conf:
|export CFLAGS = "${TARGET_CFLAGS} -g"|
|export LDFLAGS = "${TARGET_LDFLAGS} -g"|
Strangely, the size of the binary I'm looking at has increased. Since
making these changes and the new build took much longer to run.
Running |bitbake -e _recipe_ | shows the environment of my recipe and
reflects the changes made in local.conf.
Is there a way I can look at the exact gcc command that is being run to
make sure it's not still being stripped somewhere? I can't seem to see
it in the logs
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52686): https://lists.yoctoproject.org/g/yocto/message/52686
Mute This Topic: https://lists.yoctoproject.org/mt/81276552/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [yocto] How can I create a truly minimal distribution that runs entirely from RAM?
Thank you very much for your help on the second issue! I was unaware of the fact that another mkimage call is necessary. After taking a look at the the references you provided, I was able to boot the system from an initramfs. However, my current approach requires two manual steps after running Yocto: I need to call mkimage on the cpio.xz file and to extend/configure the U-Boot environment in the running system. Is there a way to automate this? More specifically, is it possible to... * have Yocto generate an initramfs.cpio.xz.uboot file instead of just an initramfs.cpio.xz file and to * modify the default environment that Yocto will compile into the U-Boot binary? -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52687): https://lists.yoctoproject.org/g/yocto/message/52687 Mute This Topic: https://lists.yoctoproject.org/mt/81241640/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [yocto] Failing to patch u-boot .dts
Finally understood how to do it properly, and hence explaining here for the
record.
In my machine configuration, I have this line (that I overlooked):
```
IMAGE_BOOT_FILES ?= "u-boot.${UBOOT_SUFFIX} MLO zImage
am335x-pocketbeagle.dtb"
```
Which says that it should use the `am335x-pocketbeagle` device tree. I
assume that it infers that it should compile `am335x-pocketbeagle.dts` into
`am335x-pocketbeagle.dtb`. Because `am335x-evm` is listed as the default in
the defconfig, I thought it was the one being used. But I was wrong.
I patched `am335x-pocketbeagle.dts` this time and it just worked.
On Thu, Mar 11, 2021 at 11:28 AM Jonas Vautherin
wrote:
> Hello!
>
> I am using u-boot on a pocketbeagle which, according to "Default Device
> Tree for DT control" in `bitbake -c menuconfig u-boot`, uses am335x-evm,
> which I understand is the file
> in
> ./build/tmp/work/pocketbeagle-poky-linux-gnueabi/u-boot/1_2020.07-r0/git/arch/arm/dts/am335x-evm.dts.
>
> My issue is that this file ends up setting usb1 as `dr_mode = "host"` and
> usb0 as `dr_mode = "otg"`. I would like to use fastboot on my pocketbeagle,
> and therefore set them to `dr_mode = "peripheral"`.
>
> In order to do that, I wrote a .bbappend that does the following:
>
> ```
> FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
>
> SRC_URI += "file://am335x-evm.dts.patch"
> SRC_URI += "file://logging.cfg"
> ```
>
> The patch sets both usb0 and usb1 to `dr_mode = "peripheral"`, while the
> cfg enables logging in u-boot. Because logging is effectively enabled, I
> get that my .bbappend is used. And I can confirm
> that
> ./build/tmp/work/pocketbeagle-poky-linux-gnueabi/u-boot/1_2020.07-r0/git/arch/arm/dts/am335x-evm.dts
> is patched indeed.
>
> However, whatever I do, I can't seem to get that modification in my u-boot
> device tree at runtime, as usb0 always ends up as "otg" and usb1 as "host".
> I have even tried a full clean build where I removed build/tmp and
> cache_sstate.
>
> I cannot really tell if my patched file is actually used or not. For
> instance, if I `bitbake -c cleansstate u-boot`, then `bitbake -c do_patch
> u-boot`, then `rm
> -rf
> ./build/tmp/work/pocketbeagle-poky-linux-gnueabi/u-boot/1_2020.07-r0/git/arch/arm/dts`
> and finally `bitbake u-boot`, it does not complain at all about a missing
> dts file.
>
> What am I missing, and how could I make sure that my patched
> am335x-evm.dts is the device tree being used by my u-boot install?
>
> Best Regards,
> Jonas
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52688): https://lists.yoctoproject.org/g/yocto/message/52688
Mute This Topic: https://lists.yoctoproject.org/mt/8125/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-selinux][PATCH 01/16] selinux: update inc file to 3.2
* Drop selinux_DATE.inc since upstream now uses X.Y version instead of
date for release tag[1]. Move its content to selinux_common.inc.
* Switch to git repo in SRC_URI, then all selinux recipes can use
unified source.
[1]
https://github.com/SELinuxProject/selinux/commit/f63ac245f7addf832e8cde3cc4f26607b738994d
Signed-off-by: Yi Zhao
---
recipes-security/selinux/selinux_20200710.inc | 8
recipes-security/selinux/selinux_common.inc | 15 ++-
2 files changed, 10 insertions(+), 13 deletions(-)
delete mode 100644 recipes-security/selinux/selinux_20200710.inc
diff --git a/recipes-security/selinux/selinux_20200710.inc
b/recipes-security/selinux/selinux_20200710.inc
deleted file mode 100644
index a8a76e9..000
--- a/recipes-security/selinux/selinux_20200710.inc
+++ /dev/null
@@ -1,8 +0,0 @@
-SELINUX_RELEASE = "20200710"
-
-SRC_URI =
"https://github.com/SELinuxProject/selinux/releases/download/${SELINUX_RELEASE}/${BPN}-${PV}.tar.gz";
-
-UPSTREAM_CHECK_URI = "https://github.com/SELinuxProject/selinux/releases";
-UPSTREAM_CHECK_REGEX = "libselinux-(?P.+)\.tar\.gz"
-
-require selinux_common.inc
diff --git a/recipes-security/selinux/selinux_common.inc
b/recipes-security/selinux/selinux_common.inc
index 09c0acc..f2e180f 100644
--- a/recipes-security/selinux/selinux_common.inc
+++ b/recipes-security/selinux/selinux_common.inc
@@ -1,14 +1,19 @@
HOMEPAGE = "https://github.com/SELinuxProject";
+SRC_URI = "git://github.com/SELinuxProject/selinux.git"
+SRCREV = "cf853c1a0c2328ad6c62fb2b2cc55d4926301d6b"
+
+UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)"
+
do_compile() {
oe_runmake all
}
do_install() {
oe_runmake install \
-DESTDIR="${D}" \
-PREFIX="${prefix}" \
-INCLUDEDIR="${includedir}" \
-LIBDIR="${libdir}" \
-SHLIBDIR="${base_libdir}"
+DESTDIR="${D}" \
+PREFIX="${prefix}" \
+INCLUDEDIR="${includedir}" \
+LIBDIR="${libdir}" \
+SHLIBDIR="${base_libdir}"
}
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52690): https://lists.yoctoproject.org/g/yocto/message/52690
Mute This Topic: https://lists.yoctoproject.org/mt/81298589/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-selinux][PATCH 02/16] libsepol: update to 3.2
Merge inc file into bb file.
Signed-off-by: Yi Zhao
---
recipes-security/selinux/libsepol_3.1.bb | 8
.../selinux/{libsepol.inc => libsepol_3.2.bb} | 5 +
2 files changed, 5 insertions(+), 8 deletions(-)
delete mode 100644 recipes-security/selinux/libsepol_3.1.bb
rename recipes-security/selinux/{libsepol.inc => libsepol_3.2.bb} (81%)
diff --git a/recipes-security/selinux/libsepol_3.1.bb
b/recipes-security/selinux/libsepol_3.1.bb
deleted file mode 100644
index 1568025..000
--- a/recipes-security/selinux/libsepol_3.1.bb
+++ /dev/null
@@ -1,8 +0,0 @@
-require selinux_20200710.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
-
-SRC_URI[md5sum] = "b56dc01b76b97dcb730ab4e2fd1c9dea"
-SRC_URI[sha256sum] =
"ae6778d01443fdd38cd30846494e19f4d407b09872580372f4aa4bf8a3cc"
-
diff --git a/recipes-security/selinux/libsepol.inc
b/recipes-security/selinux/libsepol_3.2.bb
similarity index 81%
rename from recipes-security/selinux/libsepol.inc
rename to recipes-security/selinux/libsepol_3.2.bb
index a8ee749..48d5f49 100644
--- a/recipes-security/selinux/libsepol.inc
+++ b/recipes-security/selinux/libsepol_3.2.bb
@@ -5,9 +5,14 @@ as by programs like load_policy that need to perform specific
transformations \
on binary policies such as customizing policy boolean settings."
SECTION = "base"
LICENSE = "LGPLv2+"
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
+
+require selinux_common.inc
inherit lib_package
+S = "${WORKDIR}/git/libsepol"
+
# Change RANLIB for cross compiling, use host-tools $(AR) rather than
# local ranlib.
EXTRA_OEMAKE += "RANLIB='$(AR) s'"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52691): https://lists.yoctoproject.org/g/yocto/message/52691
Mute This Topic: https://lists.yoctoproject.org/mt/81298590/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-selinux][PATCH 00/16] selinux: update 3.1 -> 3.2
Yi Zhao (16):
selinux: update inc file to 3.2
libsepol: update to 3.2
libselinux: update to 3.2
libselinux-python: update to 3.2
libsemanage: update to 3.2
checkpolicy: update to 3.2
secilc: update to 3.2
policycoreutils: update to 3.2
mcstrans: update to 3.2
restorecond: update to 3.2
selinux-python: update to 3.2
selinux-dbus: update to 3.2
selinux-gui: update to 3.2
selinux-sandbox: update to 3.2
semodule-utils: update to 3.2
setools: upgrade 4.3.0 -> 4.4.0
recipes-security/selinux/checkpolicy_3.1.bb | 7 -
.../{checkpolicy.inc => checkpolicy_3.2.bb} | 10 +-
.../selinux/libselinux-python_3.1.bb | 26
...ux-python.inc => libselinux-python_3.2.bb} | 25 ++-
...elinux-do-not-define-gettid-for-musl.patch | 47 --
...linux-define-FD_CLOEXEC-as-necessary.patch | 33
.../libselinux-make-O_CLOEXEC-optional.patch | 99
...ibselinux-make-SOCK_CLOEXEC-optional.patch | 38 -
recipes-security/selinux/libselinux_3.1.bb| 17 --
.../{libselinux.inc => libselinux_3.2.bb} | 7 +-
...anage-define-FD_CLOEXEC-as-necessary.patch | 35 -
recipes-security/selinux/libsemanage_3.1.bb | 14 --
.../{libsemanage.inc => libsemanage_3.2.bb} | 27 ++--
recipes-security/selinux/libsepol_3.1.bb | 8 -
.../selinux/{libsepol.inc => libsepol_3.2.bb} | 5 +
recipes-security/selinux/mcstrans_3.1.bb | 7 -
.../selinux/{mcstrans.inc => mcstrans_3.2.bb} | 13 +-
.../selinux/policycoreutils_3.1.bb| 7 -
...cycoreutils.inc => policycoreutils_3.2.bb} | 145 +-
...icycoreutils-make-O_CLOEXEC-optional.patch | 48 --
recipes-security/selinux/restorecond_3.1.bb | 7 -
.../{restorecond.inc => restorecond_3.2.bb} | 7 +-
recipes-security/selinux/secilc_3.1.bb| 7 -
.../selinux/{secilc.inc => secilc_3.2.bb} | 6 +-
recipes-security/selinux/selinux-dbus_3.1.bb | 7 -
.../{selinux-dbus.inc => selinux-dbus_3.2.bb} | 6 +-
recipes-security/selinux/selinux-gui_3.1.bb | 7 -
.../{selinux-gui.inc => selinux-gui_3.2.bb} | 6 +-
.../selinux/selinux-python_3.1.bb | 7 -
...linux-python.inc => selinux-python_3.2.bb} | 20 ++-
.../selinux/selinux-sandbox_3.1.bb| 7 -
...nux-sandbox.inc => selinux-sandbox_3.2.bb} | 9 +-
recipes-security/selinux/selinux_20200710.inc | 8 -
recipes-security/selinux/selinux_common.inc | 15 +-
.../selinux/semodule-utils_3.1.bb | 7 -
...module-utils.inc => semodule-utils_3.2.bb} | 7 +-
.../{setools_4.3.0.bb => setools_4.4.0.bb}| 6 +-
37 files changed, 192 insertions(+), 565 deletions(-)
delete mode 100644 recipes-security/selinux/checkpolicy_3.1.bb
rename recipes-security/selinux/{checkpolicy.inc => checkpolicy_3.2.bb} (71%)
delete mode 100644 recipes-security/selinux/libselinux-python_3.1.bb
rename recipes-security/selinux/{libselinux-python.inc =>
libselinux-python_3.2.bb} (61%)
delete mode 100644
recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
delete mode 100644
recipes-security/selinux/libselinux/libselinux-define-FD_CLOEXEC-as-necessary.patch
delete mode 100644
recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
delete mode 100644
recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch
delete mode 100644 recipes-security/selinux/libselinux_3.1.bb
rename recipes-security/selinux/{libselinux.inc => libselinux_3.2.bb} (84%)
delete mode 100644
recipes-security/selinux/libsemanage/libsemanage-define-FD_CLOEXEC-as-necessary.patch
delete mode 100644 recipes-security/selinux/libsemanage_3.1.bb
rename recipes-security/selinux/{libsemanage.inc => libsemanage_3.2.bb} (59%)
delete mode 100644 recipes-security/selinux/libsepol_3.1.bb
rename recipes-security/selinux/{libsepol.inc => libsepol_3.2.bb} (81%)
delete mode 100644 recipes-security/selinux/mcstrans_3.1.bb
rename recipes-security/selinux/{mcstrans.inc => mcstrans_3.2.bb} (92%)
delete mode 100644 recipes-security/selinux/policycoreutils_3.1.bb
rename recipes-security/selinux/{policycoreutils.inc =>
policycoreutils_3.2.bb} (52%)
delete mode 100644
recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch
delete mode 100644 recipes-security/selinux/restorecond_3.1.bb
rename recipes-security/selinux/{restorecond.inc => restorecond_3.2.bb} (88%)
delete mode 100644 recipes-security/selinux/secilc_3.1.bb
rename recipes-security/selinux/{secilc.inc => secilc_3.2.bb} (66%)
delete mode 100644 recipes-security/selinux/selinux-dbus_3.1.bb
rename recipes-security/selinux/{selinux-dbus.inc => selinux-dbus_3.2.bb} (75%)
delete mode 100644 recipes-security/selinux/selinux-gui_3.1.bb
rename recipes-security/selinux/{selinux-gui.inc => selinux-gui_3.2.bb} (75%)
delete mode 100644 recipes-security/selinux/selinux-python_3.1.bb
rename recipes-security/selinux/{selinux-python.inc => selinux-python_3.2
[yocto] [meta-selinux][PATCH 03/16] libselinux: update to 3.2
* Merge inc file into bb file.
* Drop obsolete patches:
0001-libselinux-do-not-define-gettid-for-musl.patch
libselinux-define-FD_CLOEXEC-as-necessary.patch
libselinux-make-O_CLOEXEC-optional.patch
libselinux-make-SOCK_CLOEXEC-optional.patch
Signed-off-by: Yi Zhao
---
...elinux-do-not-define-gettid-for-musl.patch | 47 -
...linux-define-FD_CLOEXEC-as-necessary.patch | 33 ---
.../libselinux-make-O_CLOEXEC-optional.patch | 99 ---
...ibselinux-make-SOCK_CLOEXEC-optional.patch | 38 ---
recipes-security/selinux/libselinux_3.1.bb| 17
.../{libselinux.inc => libselinux_3.2.bb} | 7 +-
6 files changed, 6 insertions(+), 235 deletions(-)
delete mode 100644
recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
delete mode 100644
recipes-security/selinux/libselinux/libselinux-define-FD_CLOEXEC-as-necessary.patch
delete mode 100644
recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
delete mode 100644
recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch
delete mode 100644 recipes-security/selinux/libselinux_3.1.bb
rename recipes-security/selinux/{libselinux.inc => libselinux_3.2.bb} (84%)
diff --git
a/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
b/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
deleted file mode 100644
index 5d6e409..000
---
a/recipes-security/selinux/libselinux/0001-libselinux-do-not-define-gettid-for-musl.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 5f6f4a095bc82b29c3871d4d8a15d9c16cef39ef Mon Sep 17 00:00:00 2001
-From: Yi Zhao
-Date: Wed, 6 Jan 2021 10:42:11 +0800
-Subject: [PATCH] libselinux: do not define gettid() for musl
-
-The musl has implemented gettid() function:
-http://git.musl-libc.org/cgit/musl/commit/?id=d49cf07541bb54a5ac7aec1feec8514db33db8ea
-
-Fixes:
-procattr.c:38:14: error: static declaration of 'gettid' follows non-static
declaration
- 38 | static pid_t gettid(void)
- | ^~
-In file included from procattr.c:2:
-/build/tmp/work/core2-32-poky-linux-musl/libselinux/3.1-r0/recipe-sysroot/usr/include/unistd.h:194:7:
-note: previous declaration of 'gettid' was here
- 194 | pid_t gettid(void);
- | ^~
-
-Upstream-Status: Pending
-
-Signed-off-by: Yi Zhao
- src/procattr.c | 8 +---
- 1 file changed, 1 insertion(+), 7 deletions(-)
-
-diff --git a/src/procattr.c b/src/procattr.c
-index 926ee54..519e515 100644
a/src/procattr.c
-+++ b/src/procattr.c
-@@ -24,13 +24,7 @@ static __thread char destructor_initialized;
-
- /* Bionic and glibc >= 2.30 declare gettid() system call wrapper in unistd.h
and
- * has a definition for it */
--#ifdef __BIONIC__
-- #define OVERRIDE_GETTID 0
--#elif !defined(__GLIBC_PREREQ)
-- #define OVERRIDE_GETTID 1
--#elif !__GLIBC_PREREQ(2,30)
-- #define OVERRIDE_GETTID 1
--#else
-+#if !defined(__GLIBC_)
- #define OVERRIDE_GETTID 0
- #endif
-
---
-2.17.1
-
diff --git
a/recipes-security/selinux/libselinux/libselinux-define-FD_CLOEXEC-as-necessary.patch
b/recipes-security/selinux/libselinux/libselinux-define-FD_CLOEXEC-as-necessary.patch
deleted file mode 100644
index 25d4b24..000
---
a/recipes-security/selinux/libselinux/libselinux-define-FD_CLOEXEC-as-necessary.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From d0aaf391ab30b253aa22ef6547a039bcac840fc6 Mon Sep 17 00:00:00 2001
-From: Joe MacDonald
-Date: Tue, 15 Oct 2013 10:14:41 -0400
-Subject: [PATCH] libselinux: define FD_CLOEXEC as necessary
-
-In truly old systems, even FD_CLOEXEC may not be defined. Produce a
-warning and duplicate the #define for FD_CLOEXEC found in
-asm-generic/fcntl.h on more modern platforms.
-
-Upstream-Status: Inappropriate
-
-Signed-off-by: Joe MacDonald
-
- src/setrans_client.c | 5 +
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/setrans_client.c b/src/setrans_client.c
-index fa188a8..a94f02c 100644
a/src/setrans_client.c
-+++ b/src/setrans_client.c
-@@ -39,6 +39,11 @@ static pthread_key_t destructor_key;
- static int destructor_key_initialized = 0;
- static __thread char destructor_initialized;
-
-+#ifndef FD_CLOEXEC
-+#warning FD_CLOEXEC undefined on this platform, this may leak file descriptors
-+#define FD_CLOEXEC 1
-+#endif
-+
- /*
- * setransd_open
- *
diff --git
a/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
b/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
deleted file mode 100644
index 1d6f3a7..000
---
a/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From 802d224953294463fa9bc793e46f664ecfea057a Mon Sep 17 00:00:00 2001
-From: Joe MacDonald
-Date: Fri, 11 Oct 2013 09:56:25 -0400
-Subject: [PATCH] libselinux: make O_CLOEXEC optional
-
-Various commits in the selinux tree in the current release added O_CLOEXEC
-to open()
[yocto] [meta-selinux][PATCH 05/16] libsemanage: update to 3.2
* Merge inc file into bb file.
* Drop obsolete patches:
libsemanage-define-FD_CLOEXEC-as-necessary.patch
Signed-off-by: Yi Zhao
---
...anage-define-FD_CLOEXEC-as-necessary.patch | 35 ---
recipes-security/selinux/libsemanage_3.1.bb | 14
.../{libsemanage.inc => libsemanage_3.2.bb} | 27 +-
3 files changed, 18 insertions(+), 58 deletions(-)
delete mode 100644
recipes-security/selinux/libsemanage/libsemanage-define-FD_CLOEXEC-as-necessary.patch
delete mode 100644 recipes-security/selinux/libsemanage_3.1.bb
rename recipes-security/selinux/{libsemanage.inc => libsemanage_3.2.bb} (59%)
diff --git
a/recipes-security/selinux/libsemanage/libsemanage-define-FD_CLOEXEC-as-necessary.patch
b/recipes-security/selinux/libsemanage/libsemanage-define-FD_CLOEXEC-as-necessary.patch
deleted file mode 100644
index 45bcbe6..000
---
a/recipes-security/selinux/libsemanage/libsemanage-define-FD_CLOEXEC-as-necessary.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 81f2e8b62ad2298a197c4b16e7182a133c1e116f Mon Sep 17 00:00:00 2001
-From: Joe MacDonald
-Date: Tue, 15 Oct 2013 10:17:38 -0400
-Subject: [PATCH] libsemanage: define FD_CLOEXEC as necessary
-
-In truly old systems, even FD_CLOEXEC may not be defined. Produce a
-warning and duplicate the #define for FD_CLOEXEC found in
-asm-generic/fcntl.h on more modern platforms.
-
-Upstream-Status: Inappropriate
-
-Signed-off-by: Joe MacDonald
- src/semanage_store.c | 5 +
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/semanage_store.c b/src/semanage_store.c
-index 1a94545..b586a8f 100644
a/src/semanage_store.c
-+++ b/src/semanage_store.c
-@@ -66,6 +66,11 @@ typedef struct dbase_policydb dbase_t;
-
- #define TRUE 1
-
-+#ifndef FD_CLOEXEC
-+#warning FD_CLOEXEC undefined on this platform, this may leak file descriptors
-+#define FD_CLOEXEC 1
-+#endif
-+
- enum semanage_file_defs {
- SEMANAGE_ROOT,
- SEMANAGE_TRANS_LOCK,
---
-2.7.4
-
diff --git a/recipes-security/selinux/libsemanage_3.1.bb
b/recipes-security/selinux/libsemanage_3.1.bb
deleted file mode 100644
index 8e6781f..000
--- a/recipes-security/selinux/libsemanage_3.1.bb
+++ /dev/null
@@ -1,14 +0,0 @@
-require selinux_20200710.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
-
-SRC_URI[md5sum] = "d16eee8c1dc8cf43f59957d575d6bd29"
-SRC_URI[sha256sum] =
"22d6c75526e40d1781c30bcf29abf97171bdfe6780923f11c8e1c76a75a21ff8"
-
-SRC_URI += "\
- file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
- file://libsemanage-define-FD_CLOEXEC-as-necessary.patch \
- file://libsemanage-allow-to-disable-audit-support.patch \
- file://libsemanage-disable-expand-check-on-policy-load.patch \
- "
diff --git a/recipes-security/selinux/libsemanage.inc
b/recipes-security/selinux/libsemanage_3.2.bb
similarity index 59%
rename from recipes-security/selinux/libsemanage.inc
rename to recipes-security/selinux/libsemanage_3.2.bb
index 0139511..58b6da4 100644
--- a/recipes-security/selinux/libsemanage.inc
+++ b/recipes-security/selinux/libsemanage_3.2.bb
@@ -5,12 +5,22 @@ as by programs like load_policy that need to perform specific
transformations \
on binary policies such as customizing policy boolean settings."
SECTION = "base"
LICENSE = "LGPLv2.1+"
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
+
+require selinux_common.inc
inherit lib_package python3native
+SRC_URI += "file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
+file://libsemanage-allow-to-disable-audit-support.patch \
+file://libsemanage-disable-expand-check-on-policy-load.patch \
+ "
+
DEPENDS += "libsepol libselinux bzip2 python3 bison-native flex-native
swig-native"
DEPENDS_append_class-target = " audit"
+S = "${WORKDIR}/git/libsemanage"
+
PACKAGES =+ "${PN}-python"
# For /usr/libexec/selinux/semanage_migrate_store
@@ -19,27 +29,26 @@ RDEPENDS_${PN}-python += "python3-core"
FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \
${libexecdir}/selinux/semanage_migrate_store"
FILES_${PN}-dbg +=
"${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug/*"
-
FILES_${PN} += "${libexecdir}"
EXTRA_OEMAKE_class-native += "DISABLE_AUDIT=y"
do_compile_append() {
oe_runmake pywrap \
-PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
-PYINC='-I${STAGING_INCDIR}/${PYLIBVER}' \
-PYLIBS='-L${STAGING_LIBDIR}/${PYLIBVER} -l${PYLIBVER}'
+PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
+PYINC='-I${STAGING_INCDIR}/${PYLIBVER}' \
+PYLIBS='-L${STAGING_LIBDIR}/${PYLIBVER} -l${PYLIBVER}'
}
do_install_append() {
oe_runmake install-pywrap \
-PYCEXT='.so' \
-PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
-
PYTHONLIBDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages'
+
[yocto] [meta-selinux][PATCH 04/16] libselinux-python: update to 3.2
Merge inc file into bb file.
Signed-off-by: Yi Zhao
---
.../selinux/libselinux-python_3.1.bb | 26 ---
...ux-python.inc => libselinux-python_3.2.bb} | 25 --
2 files changed, 17 insertions(+), 34 deletions(-)
delete mode 100644 recipes-security/selinux/libselinux-python_3.1.bb
rename recipes-security/selinux/{libselinux-python.inc =>
libselinux-python_3.2.bb} (61%)
diff --git a/recipes-security/selinux/libselinux-python_3.1.bb
b/recipes-security/selinux/libselinux-python_3.1.bb
deleted file mode 100644
index 854eca9..000
--- a/recipes-security/selinux/libselinux-python_3.1.bb
+++ /dev/null
@@ -1,26 +0,0 @@
-SELINUX_RELEASE = "20200710"
-
-SRC_URI =
"https://github.com/SELinuxProject/selinux/releases/download/${SELINUX_RELEASE}/libselinux-${PV}.tar.gz";
-
-require ${BPN}.inc
-
-inherit python3targetconfig
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
-
-SRC_URI[md5sum] = "693680c021feb69a4b258b0370021461"
-SRC_URI[sha256sum] =
"ea5dcbb4d859e3f999c26a13c630da2f16dff9462e3cc8cb7b458ac157d112e7"
-
-SRC_URI += "\
-file://libselinux-make-O_CLOEXEC-optional.patch \
-file://libselinux-make-SOCK_CLOEXEC-optional.patch \
-file://libselinux-define-FD_CLOEXEC-as-necessary.patch \
-file://0001-Makefile-fix-python-modules-install-path-for-multili.patch
\
-file://0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
\
-"
-
-SRC_URI_append_libc-musl = " \
-file://0001-libselinux-do-not-define-gettid-for-musl.patch \
-"
-
-S = "${WORKDIR}/libselinux-${PV}"
diff --git a/recipes-security/selinux/libselinux-python.inc
b/recipes-security/selinux/libselinux-python_3.2.bb
similarity index 61%
rename from recipes-security/selinux/libselinux-python.inc
rename to recipes-security/selinux/libselinux-python_3.2.bb
index 7149d94..b741449 100644
--- a/recipes-security/selinux/libselinux-python.inc
+++ b/recipes-security/selinux/libselinux-python_3.2.bb
@@ -4,11 +4,20 @@ process and file security contexts and to obtain security
policy \
decisions. Required for any applications that use the SELinux API."
SECTION = "base"
LICENSE = "PD"
+LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=84b4d2c6ef954a2d4081e775a270d0d0"
-FILESEXTRAPATHS_prepend := "${THISDIR}/libselinux:"
+require selinux_common.inc
inherit python3native python3targetconfig
+FILESEXTRAPATHS_prepend := "${THISDIR}/libselinux:"
+SRC_URI += "\
+file://0001-Makefile-fix-python-modules-install-path-for-multili.patch
\
+file://0001-Do-not-use-PYCEXT-and-rely-on-the-installed-file-nam.patch
\
+"
+
+S = "${WORKDIR}/git/libselinux"
+
DEPENDS += "python3 swig-native libpcre libsepol"
RDEPENDS_${PN} += "libselinux python3-core python3-shell"
@@ -18,8 +27,8 @@ def get_policyconfigarch(d):
p = re.compile('i.86')
target = p.sub('i386',target)
return "ARCH=%s" % (target)
-EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
+EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre'
LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'"
EXTRA_OEMAKE_append_libc-musl = " FTS_LDLIBS=-lfts"
@@ -28,14 +37,14 @@ INSANE_SKIP_${PN} = "dev-so"
do_compile() {
oe_runmake pywrap -j1 \
-PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
-PYINC='-I${STAGING_INCDIR}/${PYLIBVER}' \
-PYLIBS='-L${STAGING_LIBDIR}/${PYLIBVER} -l${PYLIBVER}'
+PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
+PYINC='-I${STAGING_INCDIR}/${PYLIBVER}' \
+PYLIBS='-L${STAGING_LIBDIR}/${PYLIBVER} -l${PYLIBVER}'
}
do_install() {
oe_runmake install-pywrap \
-DESTDIR=${D} \
-PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
-PYTHONLIBDIR='${libdir}/python${PYTHON_BASEVERSION}/site-packages'
+DESTDIR=${D} \
+PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
+PYTHONLIBDIR='${libdir}/python${PYTHON_BASEVERSION}/site-packages'
}
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52693): https://lists.yoctoproject.org/g/yocto/message/52693
Mute This Topic: https://lists.yoctoproject.org/mt/81298592/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-selinux][PATCH 06/16] checkpolicy: update to 3.2
Merge inc file into bb file.
Signed-off-by: Yi Zhao
---
recipes-security/selinux/checkpolicy_3.1.bb| 7 ---
.../selinux/{checkpolicy.inc => checkpolicy_3.2.bb}| 10 +++---
2 files changed, 7 insertions(+), 10 deletions(-)
delete mode 100644 recipes-security/selinux/checkpolicy_3.1.bb
rename recipes-security/selinux/{checkpolicy.inc => checkpolicy_3.2.bb} (71%)
diff --git a/recipes-security/selinux/checkpolicy_3.1.bb
b/recipes-security/selinux/checkpolicy_3.1.bb
deleted file mode 100644
index 71045b8..000
--- a/recipes-security/selinux/checkpolicy_3.1.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20200710.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "1302676cd8853f740a963fd6d5bb4172"
-SRC_URI[sha256sum] =
"dfc7707070520c93b14fbbdfdbe081364d806bf28e3e79e10318c2594c77bbb2"
diff --git a/recipes-security/selinux/checkpolicy.inc
b/recipes-security/selinux/checkpolicy_3.2.bb
similarity index 71%
rename from recipes-security/selinux/checkpolicy.inc
rename to recipes-security/selinux/checkpolicy_3.2.bb
index 1d84ebb..552dc26 100644
--- a/recipes-security/selinux/checkpolicy.inc
+++ b/recipes-security/selinux/checkpolicy_3.2.bb
@@ -5,18 +5,22 @@ required for building policies. It uses libsepol to generate
the \
binary policy. checkpolicy uses the static libsepol since it deals \
with low level details of the policy that have not been \
encapsulated/abstracted by a proper shared library interface."
-
SECTION = "base"
LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+require selinux_common.inc
DEPENDS += "libsepol bison-native flex-native"
EXTRA_OEMAKE += "LEX='flex'"
EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
+S = "${WORKDIR}/git/checkpolicy"
+
do_install_append() {
- install test/dismod ${D}/${bindir}/sedismod
- install test/dispol ${D}/${bindir}/sedispol
+install test/dismod ${D}/${bindir}/sedismod
+install test/dispol ${D}/${bindir}/sedispol
}
BBCLASSEXTEND = "native"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52695): https://lists.yoctoproject.org/g/yocto/message/52695
Mute This Topic: https://lists.yoctoproject.org/mt/81298595/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-selinux][PATCH 07/16] secilc: update to 3.2
Merge inc file into bb file.
Signed-off-by: Yi Zhao
---
recipes-security/selinux/secilc_3.1.bb | 7 ---
recipes-security/selinux/{secilc.inc => secilc_3.2.bb} | 6 +-
2 files changed, 5 insertions(+), 8 deletions(-)
delete mode 100644 recipes-security/selinux/secilc_3.1.bb
rename recipes-security/selinux/{secilc.inc => secilc_3.2.bb} (66%)
diff --git a/recipes-security/selinux/secilc_3.1.bb
b/recipes-security/selinux/secilc_3.1.bb
deleted file mode 100644
index c1fb36b..000
--- a/recipes-security/selinux/secilc_3.1.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20200710.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=c7e802b9a3b0c2c852669864c08b9138"
-
-SRC_URI[md5sum] = "f9743e405a8de331c249b723c09c6c3f"
-SRC_URI[sha256sum] =
"86117246fec3017af710a9ff7c1dae3ed1cd571e232a86cff3e2a3de2d6aa65c"
diff --git a/recipes-security/selinux/secilc.inc
b/recipes-security/selinux/secilc_3.2.bb
similarity index 66%
rename from recipes-security/selinux/secilc.inc
rename to recipes-security/selinux/secilc_3.2.bb
index e263f11..60ab2fe 100644
--- a/recipes-security/selinux/secilc.inc
+++ b/recipes-security/selinux/secilc_3.2.bb
@@ -2,10 +2,14 @@ SUMMARY = "SELinux Common Intermediate Language (CIL)
compiler"
DESCRIPTION = "\
This package contains secilc, the SELinux Common Intermediate \
Language (CIL) compiler."
-
SECTION = "base"
LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=c7e802b9a3b0c2c852669864c08b9138"
+
+require selinux_common.inc
DEPENDS += "libsepol xmlto-native"
+S = "${WORKDIR}/git/secilc"
+
BBCLASSEXTEND = "native"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52696): https://lists.yoctoproject.org/g/yocto/message/52696
Mute This Topic: https://lists.yoctoproject.org/mt/81298596/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-selinux][PATCH 08/16] policycoreutils: update to 3.2
Merge inc file into bb file.
Signed-off-by: Yi Zhao
---
.../selinux/policycoreutils_3.1.bb| 7 -
...cycoreutils.inc => policycoreutils_3.2.bb} | 145 +-
2 files changed, 75 insertions(+), 77 deletions(-)
delete mode 100644 recipes-security/selinux/policycoreutils_3.1.bb
rename recipes-security/selinux/{policycoreutils.inc =>
policycoreutils_3.2.bb} (52%)
diff --git a/recipes-security/selinux/policycoreutils_3.1.bb
b/recipes-security/selinux/policycoreutils_3.1.bb
deleted file mode 100644
index f56d1c3..000
--- a/recipes-security/selinux/policycoreutils_3.1.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20200710.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "3097ac2c83e47af130452f10399282cb"
-SRC_URI[sha256sum] =
"c889f62ee80f8b6a369469a9b8af51f5b797975aeaa291f5c5960cc12eed1934"
diff --git a/recipes-security/selinux/policycoreutils.inc
b/recipes-security/selinux/policycoreutils_3.2.bb
similarity index 52%
rename from recipes-security/selinux/policycoreutils.inc
rename to recipes-security/selinux/policycoreutils_3.2.bb
index 43a641d..9fc1691 100644
--- a/recipes-security/selinux/policycoreutils.inc
+++ b/recipes-security/selinux/policycoreutils_3.2.bb
@@ -6,6 +6,9 @@ to switch roles, and run_init to run /etc/init.d scripts in the
proper \
context."
SECTION = "base"
LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+require selinux_common.inc
SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}',
'', d)} \
file://policycoreutils-fixfiles-de-bashify.patch \
@@ -13,92 +16,94 @@ SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'pam',
'${PAM_SRC_URI}', '',
PAM_SRC_URI = "file://pam.d/newrole \
file://pam.d/run_init \
-"
+ "
DEPENDS += "libsepol libselinux libsemanage libcap gettext-native"
EXTRA_DEPENDS = "libcap-ng libcgroup"
DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"
+S = "${WORKDIR}/git/policycoreutils"
+
inherit selinux python3native
RDEPENDS_${BPN}-fixfiles += "\
- ${BPN}-setfiles \
- grep \
- findutils \
+${BPN}-setfiles \
+grep \
+findutils \
"
RDEPENDS_${BPN}-genhomedircon += "\
- ${BPN}-semodule \
+${BPN}-semodule \
"
RDEPENDS_${BPN}-loadpolicy += "\
- libselinux \
- libsepol \
+libselinux \
+libsepol \
"
RDEPENDS_${BPN}-newrole += "\
- libcap-ng \
- libselinux \
+libcap-ng \
+libselinux \
"
RDEPENDS_${BPN}-runinit += "libselinux"
RDEPENDS_${BPN}-secon += "libselinux"
RDEPENDS_${BPN}-semodule += "\
- libsepol \
- libselinux \
- libsemanage \
+libsepol \
+libselinux \
+libsemanage \
"
RDEPENDS_${BPN}-sestatus += "libselinux"
RDEPENDS_${BPN}-setfiles += "\
- libselinux \
- libsepol \
+libselinux \
+libsepol \
"
RDEPENDS_${BPN}-setsebool += "\
- libsepol \
- libselinux \
- libsemanage \
+libsepol \
+libselinux \
+libsemanage \
"
RDEPENDS_${BPN} += "selinux-python"
PACKAGES =+ "\
- ${PN}-fixfiles \
- ${PN}-genhomedircon \
- ${PN}-hll \
- ${PN}-loadpolicy \
- ${PN}-newrole \
- ${PN}-runinit \
- ${PN}-secon \
- ${PN}-semodule \
- ${PN}-sestatus \
- ${PN}-setfiles \
- ${PN}-setsebool \
+${PN}-fixfiles \
+${PN}-genhomedircon \
+${PN}-hll \
+${PN}-loadpolicy \
+${PN}-newrole \
+${PN}-runinit \
+${PN}-secon \
+${PN}-semodule \
+${PN}-sestatus \
+${PN}-setfiles \
+${PN}-setsebool \
"
FILES_${PN}-fixfiles += "${base_sbindir}/fixfiles"
FILES_${PN}-genhomedircon += "${base_sbindir}/genhomedircon"
FILES_${PN}-loadpolicy += "\
- ${base_sbindir}/load_policy \
+${base_sbindir}/load_policy \
"
FILES_${PN}-newrole += "\
- ${bindir}/newrole \
- ${@bb.utils.contains('DISTRO_FEATURES', 'pam',
'${sysconfdir}/pam.d/newrole', '', d)} \
+${bindir}/newrole \
+${@bb.utils.contains('DISTRO_FEATURES', 'pam',
'${sysconfdir}/pam.d/newrole', '', d)} \
"
FILES_${PN}-runinit += "\
- ${base_sbindir}/run_init \
- ${base_sbindir}/open_init_pty \
- ${@bb.utils.contains('DISTRO_FEATURES', 'pam',
'${sysconfdir}/pam.d/run_init', '', d)} \
+${base_sbindir}/run_init \
+${base_sbindir}/open_init_pty \
+${@bb.utils.contains('DISTRO_FEATURES', 'pam',
'${sysconfdir}/pam.d/run_init', '', d)} \
"
FILES_${PN}-dbg += "${prefix}/libexec/selinux/hll/.debug"
FILES_${PN}-secon += "${bindir}/secon"
FILES_${PN}-semodule += "${base_sbindir}/semodule"
FILES_${PN}-hll += "${prefix}/libexec/selinux/hll/*"
FILES_${PN}-sestatus += "\
- ${base_sbindir}/sestatus \
- ${sysconfdir}/sestatus.conf \
+${base_sbindir}/sestatus \
+${sysconfdir}/sestatus.conf \
"
FILES_${PN}-setfiles += "\
- ${base_sbindir
[yocto] [meta-selinux][PATCH 09/16] mcstrans: update to 3.2
Merge inc file into bb file.
Signed-off-by: Yi Zhao
---
recipes-security/selinux/mcstrans_3.1.bb| 7 ---
.../selinux/{mcstrans.inc => mcstrans_3.2.bb} | 13 +
2 files changed, 9 insertions(+), 11 deletions(-)
delete mode 100644 recipes-security/selinux/mcstrans_3.1.bb
rename recipes-security/selinux/{mcstrans.inc => mcstrans_3.2.bb} (92%)
diff --git a/recipes-security/selinux/mcstrans_3.1.bb
b/recipes-security/selinux/mcstrans_3.1.bb
deleted file mode 100644
index 26bb299..000
--- a/recipes-security/selinux/mcstrans_3.1.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20200710.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
-
-SRC_URI[md5sum] = "18b7bf8193dd2360bc60f0e2639009ab"
-SRC_URI[sha256sum] =
"cc918576c17340fc944849d785e2a7400b269ef079a36b871c140504164d6a45"
diff --git a/recipes-security/selinux/mcstrans.inc
b/recipes-security/selinux/mcstrans_3.2.bb
similarity index 92%
rename from recipes-security/selinux/mcstrans.inc
rename to recipes-security/selinux/mcstrans_3.2.bb
index 52b95c6..0cece17 100644
--- a/recipes-security/selinux/mcstrans.inc
+++ b/recipes-security/selinux/mcstrans_3.2.bb
@@ -1,17 +1,20 @@
+
SUMMARY = "Daemon to translate SELinux MCS/MLS sensitivity labels"
DESCRIPTION = "\
mcstrans provides an translation daemon to translate SELinux categories \
from internal representations to user defined representation."
-
SECTION = "base"
LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
-SRC_URI += "file://mcstrans-de-bashify.patch \
-file://mcstrans-fix-the-init-script.patch \
-"
+require selinux_common.inc
inherit systemd update-rc.d
+SRC_URI += "file://mcstrans-de-bashify.patch \
+file://mcstrans-fix-the-init-script.patch \
+ "
+
DEPENDS += "libsepol libselinux libcap"
EXTRA_OEMAKE += "SBINDIR=${base_sbindir} \
@@ -19,6 +22,8 @@ EXTRA_OEMAKE += "SBINDIR=${base_sbindir} \
SYSTEMDDIR=${systemd_unitdir} \
"
+S = "${WORKDIR}/git/mcstrans"
+
do_install_append() {
install -d ${D}${sbindir}
install -m 755 utils/untranscon ${D}${sbindir}/
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52698): https://lists.yoctoproject.org/g/yocto/message/52698
Mute This Topic: https://lists.yoctoproject.org/mt/81298598/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-selinux][PATCH 11/16] selinux-python: update to 3.2
Merge inc file into bb file.
Signed-off-by: Yi Zhao
---
.../selinux/selinux-python_3.1.bb | 7 ---
...linux-python.inc => selinux-python_3.2.bb} | 20 +++
2 files changed, 12 insertions(+), 15 deletions(-)
delete mode 100644 recipes-security/selinux/selinux-python_3.1.bb
rename recipes-security/selinux/{selinux-python.inc => selinux-python_3.2.bb}
(89%)
diff --git a/recipes-security/selinux/selinux-python_3.1.bb
b/recipes-security/selinux/selinux-python_3.1.bb
deleted file mode 100644
index a0555d2..000
--- a/recipes-security/selinux/selinux-python_3.1.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20200710.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "ec75687b680e0dd63e3ded05bd41cb5a"
-SRC_URI[sha256sum] =
"f4d0a1a030bc291a6af498b26e0676b745075dd289a8ba16cdec86c3ea8f2f02"
diff --git a/recipes-security/selinux/selinux-python.inc
b/recipes-security/selinux/selinux-python_3.2.bb
similarity index 89%
rename from recipes-security/selinux/selinux-python.inc
rename to recipes-security/selinux/selinux-python_3.2.bb
index 827fa8b..a827a90 100644
--- a/recipes-security/selinux/selinux-python.inc
+++ b/recipes-security/selinux/selinux-python_3.2.bb
@@ -2,14 +2,20 @@ SUMMARY = "Python modules and various SELinux utilities."
DESCRIPTION = "\
This package contains Python modules sepolgen, sepolicy; And the \
SELinux utilities audit2allow, chcat, semanage ..."
-
SECTION = "base"
LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
-SRC_URI += "file://fix-sepolicy-install-path.patch"
+require selinux_common.inc
inherit python3native
+SRC_URI += "file://fix-sepolicy-install-path.patch"
+
+S = "${WORKDIR}/git/python"
+
+EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
+
DEPENDS += "python3 libsepol libselinux"
RDEPENDS_${BPN}-audit2allow += "\
python3-core \
@@ -97,11 +103,9 @@ FILES_${PN} += "\
${libdir}/python${PYTHON_BASEVERSION}/site-packages/sepolicy/* \
"
-EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
-
do_install() {
-oe_runmake DESTDIR="${D}" \
-PYLIBVER='python${PYTHON_BASEVERSION}' \
-
PYTHONLIBDIR='${libdir}/python${PYTHON_BASEVERSION}/site-packages' \
-install
+oe_runmake DESTDIR="${D}" \
+PYLIBVER='python${PYTHON_BASEVERSION}' \
+PYTHONLIBDIR='${libdir}/python${PYTHON_BASEVERSION}/site-packages' \
+install
}
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52700): https://lists.yoctoproject.org/g/yocto/message/52700
Mute This Topic: https://lists.yoctoproject.org/mt/81298600/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-selinux][PATCH 12/16] selinux-dbus: update to 3.2
Merge inc file into bb file.
Signed-off-by: Yi Zhao
---
recipes-security/selinux/selinux-dbus_3.1.bb | 7 ---
.../selinux/{selinux-dbus.inc => selinux-dbus_3.2.bb} | 6 +-
2 files changed, 5 insertions(+), 8 deletions(-)
delete mode 100644 recipes-security/selinux/selinux-dbus_3.1.bb
rename recipes-security/selinux/{selinux-dbus.inc => selinux-dbus_3.2.bb} (75%)
diff --git a/recipes-security/selinux/selinux-dbus_3.1.bb
b/recipes-security/selinux/selinux-dbus_3.1.bb
deleted file mode 100644
index 04e7565..000
--- a/recipes-security/selinux/selinux-dbus_3.1.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20200710.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "b6ad8b3d8497782c6ed480514dfc8ee8"
-SRC_URI[sha256sum] =
"61f936d200ff8302c513883c67bb7c4c496513e78122954cbd33db62086a06f2"
diff --git a/recipes-security/selinux/selinux-dbus.inc
b/recipes-security/selinux/selinux-dbus_3.2.bb
similarity index 75%
rename from recipes-security/selinux/selinux-dbus.inc
rename to recipes-security/selinux/selinux-dbus_3.2.bb
index 62e45b7..bc34f89 100644
--- a/recipes-security/selinux/selinux-dbus.inc
+++ b/recipes-security/selinux/selinux-dbus_3.2.bb
@@ -1,9 +1,13 @@
SUMMARY = "SELinux dbus service files"
DESCRIPTION = "\
Provide SELinux dbus service files and scripts."
-
SECTION = "base"
LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+require selinux_common.inc
+
+S = "${WORKDIR}/git/dbus"
RDEPENDS_${PN} += "python3-core selinux-python-sepolicy"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52701): https://lists.yoctoproject.org/g/yocto/message/52701
Mute This Topic: https://lists.yoctoproject.org/mt/81298601/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-selinux][PATCH 10/16] restorecond: update to 3.2
* Merge inc file into bb file.
* Drop obsolete patches:
policycoreutils-make-O_CLOEXEC-optional.patch
Signed-off-by: Yi Zhao
---
...icycoreutils-make-O_CLOEXEC-optional.patch | 48 ---
recipes-security/selinux/restorecond_3.1.bb | 7 ---
.../{restorecond.inc => restorecond_3.2.bb} | 7 +--
3 files changed, 4 insertions(+), 58 deletions(-)
delete mode 100644
recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch
delete mode 100644 recipes-security/selinux/restorecond_3.1.bb
rename recipes-security/selinux/{restorecond.inc => restorecond_3.2.bb} (88%)
diff --git
a/recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch
b/recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch
deleted file mode 100644
index 83250eb..000
---
a/recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 4adc1c02e4da42f64249c05534875e732f043693 Mon Sep 17 00:00:00 2001
-From: Joe MacDonald
-Date: Wed, 6 Nov 2019 23:17:50 +0800
-Subject: [PATCH] policycoreutils: make O_CLOEXEC optional
-
-Various commits in the selinux tree in the current release added
-O_CLOEXEC to open() calls in an attempt to address file descriptor leaks
-as described:
-
- http://danwalsh.livejournal.com/53603.html
-
-However O_CLOEXEC isn't available on all platforms, so make it a
-compile-time option and generate a warning when it is not available.
-The actual impact of leaking these file descriptors is minimal, though
-it does produce curious AVC Denied messages.
-
-Upstream-Status: Inappropriate
-[O_CLOEXEC has been in Linux since 2007 and POSIX since 2008]
-
-Signed-off-by: Joe MacDonald
-Signed-off-by: Wenzong Fan
-Signed-off-by: Yi Zhao
- user.c | 8 +++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/user.c b/user.c
-index 714aae7..bbf018e 100644
a/user.c
-+++ b/user.c
-@@ -202,7 +202,13 @@ static int local_server(void) {
- perror("asprintf");
- return -1;
- }
-- local_lock_fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW | O_CLOEXEC,
S_IRUSR | S_IWUSR);
-+ local_lock_fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW
-+ #ifdef O_CLOEXEC
-+ | O_CLOEXEC
-+ #else
-+ #warning O_CLOEXEC undefined on this platform, this may leak
file descriptors
-+ #endif
-+ , S_IRUSR | S_IWUSR);
- if (debug_mode)
- g_warning ("Lock file: %s", ptr);
-
---
-2.7.4
-
diff --git a/recipes-security/selinux/restorecond_3.1.bb
b/recipes-security/selinux/restorecond_3.1.bb
deleted file mode 100644
index d4e0d06..000
--- a/recipes-security/selinux/restorecond_3.1.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20200710.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "8daf761739a150a7a29bb491726a6cd9"
-SRC_URI[sha256sum] =
"82ca45099685a45d718f11f8859963c1ba83d98e510312cbf0b7dc5664c60ad0"
diff --git a/recipes-security/selinux/restorecond.inc
b/recipes-security/selinux/restorecond_3.2.bb
similarity index 88%
rename from recipes-security/selinux/restorecond.inc
rename to recipes-security/selinux/restorecond_3.2.bb
index a5b1635..d9def9a 100644
--- a/recipes-security/selinux/restorecond.inc
+++ b/recipes-security/selinux/restorecond_3.2.bb
@@ -4,12 +4,11 @@ The restorecond daemon uses inotify to watch files listed in
the \
/etc/selinux/restorecond.conf, when they are created, this daemon \
will make sure they have the correct file context associated with \
the policy."
-
SECTION = "base"
LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
-SRC_URI += "file://policycoreutils-make-O_CLOEXEC-optional.patch \
-"
+require selinux_common.inc
inherit systemd update-rc.d
@@ -19,6 +18,8 @@ EXTRA_OEMAKE +=
"SYSTEMDSYSTEMUNITDIR=${systemd_system_unitdir} \
SYSTEMDUSERUNITDIR=${systemd_user_unitdir} \
"
+S = "${WORKDIR}/git/restorecond"
+
FILES_${PN} += "${datadir}/dbus-1/services/org.selinux.Restorecond.service \
${systemd_user_unitdir}/* \
"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52699): https://lists.yoctoproject.org/g/yocto/message/52699
Mute This Topic: https://lists.yoctoproject.org/mt/81298599/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-selinux][PATCH 14/16] selinux-sandbox: update to 3.2
Merge inc file into bb file.
Signed-off-by: Yi Zhao
---
recipes-security/selinux/selinux-sandbox_3.1.bb | 7 ---
.../{selinux-sandbox.inc => selinux-sandbox_3.2.bb} | 9 ++---
2 files changed, 6 insertions(+), 10 deletions(-)
delete mode 100644 recipes-security/selinux/selinux-sandbox_3.1.bb
rename recipes-security/selinux/{selinux-sandbox.inc =>
selinux-sandbox_3.2.bb} (77%)
diff --git a/recipes-security/selinux/selinux-sandbox_3.1.bb
b/recipes-security/selinux/selinux-sandbox_3.1.bb
deleted file mode 100644
index 8a95044..000
--- a/recipes-security/selinux/selinux-sandbox_3.1.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20200710.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "d38fda12b028c06f751be9c25e309c6b"
-SRC_URI[sha256sum] =
"c79b958e2f64570a59e60638fd13c15fd77c7c2bbac31c7ad4afb03718432b84"
diff --git a/recipes-security/selinux/selinux-sandbox.inc
b/recipes-security/selinux/selinux-sandbox_3.2.bb
similarity index 77%
rename from recipes-security/selinux/selinux-sandbox.inc
rename to recipes-security/selinux/selinux-sandbox_3.2.bb
index c8e335a..2c6a823 100644
--- a/recipes-security/selinux/selinux-sandbox.inc
+++ b/recipes-security/selinux/selinux-sandbox_3.2.bb
@@ -3,12 +3,15 @@ DESCRIPTION = "\
Run application within a tightly confined SELinux domain. The default \
sandbox domain only allows applications the ability to read and write \
stdin, stdout and any other file descriptors handed to it."
-
SECTION = "base"
LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
-SRC_URI += "file://sandbox-de-bashify.patch \
-"
+require selinux_common.inc
+
+SRC_URI += "file://sandbox-de-bashify.patch"
+
+S = "${WORKDIR}/git/sandbox"
DEPENDS += "libcap-ng libselinux"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52703): https://lists.yoctoproject.org/g/yocto/message/52703
Mute This Topic: https://lists.yoctoproject.org/mt/81298603/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-selinux][PATCH 15/16] semodule-utils: update to 3.2
Merge inc file into bb file.
Signed-off-by: Yi Zhao
---
recipes-security/selinux/semodule-utils_3.1.bb | 7 ---
.../selinux/{semodule-utils.inc => semodule-utils_3.2.bb} | 7 ++-
2 files changed, 6 insertions(+), 8 deletions(-)
delete mode 100644 recipes-security/selinux/semodule-utils_3.1.bb
rename recipes-security/selinux/{semodule-utils.inc => semodule-utils_3.2.bb}
(83%)
diff --git a/recipes-security/selinux/semodule-utils_3.1.bb
b/recipes-security/selinux/semodule-utils_3.1.bb
deleted file mode 100644
index 02a63f8..000
--- a/recipes-security/selinux/semodule-utils_3.1.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20200710.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "d9520d0cdef3d1be412155dc72ec2936"
-SRC_URI[sha256sum] =
"0cc37f9cec751d9c2abb5f2b228b060567e973cb47c19b53b8a4a7378baaa853"
diff --git a/recipes-security/selinux/semodule-utils.inc
b/recipes-security/selinux/semodule-utils_3.2.bb
similarity index 83%
rename from recipes-security/selinux/semodule-utils.inc
rename to recipes-security/selinux/semodule-utils_3.2.bb
index 23cbd14..7773d5b 100644
--- a/recipes-security/selinux/semodule-utils.inc
+++ b/recipes-security/selinux/semodule-utils_3.2.bb
@@ -2,20 +2,25 @@ SUMMARY = "Utilities to manipulate SELinux policy module
package"
DESCRIPTION = "\
The utilities to create, expand, link and show the dependencies between \
the SELinux policy module packages."
-
SECTION = "base"
LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+require selinux_common.inc
DEPENDS += "libsepol"
RDEPENDS_${PN}-dev = ""
EXTRA_OEMAKE += "LIBSEPOLA=${STAGING_LIBDIR}/libsepol.a"
+S = "${WORKDIR}/git/semodule-utils"
+
PACKAGES =+ "\
${PN}-semodule-expand \
${PN}-semodule-link \
${PN}-semodule-package \
"
+
FILES_${PN}-semodule-expand += "${bindir}/semodule_expand"
FILES_${PN}-semodule-link += "${bindir}/semodule_link"
FILES_${PN}-semodule-package += "\
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52704): https://lists.yoctoproject.org/g/yocto/message/52704
Mute This Topic: https://lists.yoctoproject.org/mt/81298605/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-selinux][PATCH 13/16] selinux-gui: update to 3.2
Merge inc file into bb file.
Signed-off-by: Yi Zhao
---
recipes-security/selinux/selinux-gui_3.1.bb| 7 ---
.../selinux/{selinux-gui.inc => selinux-gui_3.2.bb}| 6 +-
2 files changed, 5 insertions(+), 8 deletions(-)
delete mode 100644 recipes-security/selinux/selinux-gui_3.1.bb
rename recipes-security/selinux/{selinux-gui.inc => selinux-gui_3.2.bb} (75%)
diff --git a/recipes-security/selinux/selinux-gui_3.1.bb
b/recipes-security/selinux/selinux-gui_3.1.bb
deleted file mode 100644
index 3038ebc..000
--- a/recipes-security/selinux/selinux-gui_3.1.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require selinux_20200710.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "1e0ea65dfb2b5408969bbe55f6f9d04e"
-SRC_URI[sha256sum] =
"40775eaef965259ca2f8ad49c23b03ff2c8f70808a9e0587b1075970b2509c3d"
diff --git a/recipes-security/selinux/selinux-gui.inc
b/recipes-security/selinux/selinux-gui_3.2.bb
similarity index 75%
rename from recipes-security/selinux/selinux-gui.inc
rename to recipes-security/selinux/selinux-gui_3.2.bb
index 725eb23..5818e49 100644
--- a/recipes-security/selinux/selinux-gui.inc
+++ b/recipes-security/selinux/selinux-gui_3.2.bb
@@ -2,9 +2,13 @@ SUMMARY = "SELinux GUI tools"
DESCRIPTION = "\
Provide SELinux Management tool (system-config-selinux) and SELinux \
Policy Generation Tool (selinux-polgengui)"
-
SECTION = "base"
LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
+
+require selinux_common.inc
+
+S = "${WORKDIR}/git/gui"
RDEPENDS_${PN} += "python3-core"
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52702): https://lists.yoctoproject.org/g/yocto/message/52702
Mute This Topic: https://lists.yoctoproject.org/mt/81298602/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
[yocto] [meta-selinux][PATCH 16/16] setools: upgrade 4.3.0 -> 4.4.0
Signed-off-by: Yi Zhao
---
.../setools/{setools_4.3.0.bb => setools_4.4.0.bb} | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
rename recipes-security/setools/{setools_4.3.0.bb => setools_4.4.0.bb} (89%)
diff --git a/recipes-security/setools/setools_4.3.0.bb
b/recipes-security/setools/setools_4.4.0.bb
similarity index 89%
rename from recipes-security/setools/setools_4.3.0.bb
rename to recipes-security/setools/setools_4.4.0.bb
index 0f166c8..4dd094f 100644
--- a/recipes-security/setools/setools_4.3.0.bb
+++ b/recipes-security/setools/setools_4.4.0.bb
@@ -11,11 +11,11 @@ LICENSE = "GPLv2 & LGPLv2.1"
BBCLASSEXTEND = "native nativesdk "
S = "${WORKDIR}/git"
-SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.3 \
+SRC_URI = "git://github.com/SELinuxProject/${BPN}.git;branch=4.4 \
file://setools4-fixes-for-cross-compiling.patch \
"
-SRCREV = "a57ad3cdb669a39f785c4e85d63416a469c8d445"
+SRCREV = "4758cdf803d93274f49cb6445cb2bab527d6549f"
LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=83a5eb6974c11f30785e90d0eeccf40c \
file://${S}/COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
@@ -30,8 +30,6 @@ RDEPENDS_${PN} += "python3-networkx python3-decorator
python3-setuptools \
RDEPENDS_${PN}_class-native = ""
-CFLAGS_append = " -Wno-deprecated-declarations"
-
RPROVIDES_${PN} += "${PN}-console"
inherit setuptools3
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#52705): https://lists.yoctoproject.org/g/yocto/message/52705
Mute This Topic: https://lists.yoctoproject.org/mt/81298606/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [yocto] How can I create a truly minimal distribution that runs entirely from RAM?
> 1. have Yocto generate an initramfs.cpio.xz.uboot file > instead of just an initramfs.cpio.xz file and to I assume this is not too hard to achieve. Somewhere in some bitbake config file this should be added, but either me do not know that. So, we'll both wait for this info, maybe some new variable should be defined for such cases as initramfs, for YOCTO build system to generate. For example, adding INITRAMFS_CONF = "1" into local.conf (initially this variable should be set to INITRAMFS_CONF ??= "0") in some YOCTO defconfig file?! > 2. modify the default environment that Yocto will > compile into the U-Boot binary? This, I believe, is achievable by the following steps: 1. Taking/cloning last U-Boot from denx git; 2. Modifying the ./include/configs/ file, introducing the following: #ifdef CONFIG_SUPPORT_INITRAMFS_BOOT #define INITRAMFS_ENV \ #else #define INITRAMFS_ENV "" #endif 3. Compile U-boot, place it on SDcard and test, to see if you are able to make it work after rebooting the system; 4. tar again U-Boot source code with these changes, and upload it on your server; 5. Change the U-boot recipe to be downloaded from your server! Another approach I do not know (maybe YOCTO people do know a better approach from inside the YOCTO build system). Hope this helps. Zoran ___ On Fri, Mar 12, 2021 at 10:49 PM p32 via lists.yoctoproject.org wrote: > > Thank you very much for your help on the second issue! I was unaware of the > fact that another mkimage call is necessary. After taking a look at the the > references you provided, I was able to boot the system from an initramfs. > > However, my current approach requires two manual steps after running Yocto: I > need to call mkimage on the cpio.xz file and to extend/configure the U-Boot > environment in the running system. Is there a way to automate this? > > More specifically, is it possible to... > > have Yocto generate an initramfs.cpio.xz.uboot file instead of just an > initramfs.cpio.xz file and to > modify the default environment that Yocto will compile into the U-Boot binary? > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#52706): https://lists.yoctoproject.org/g/yocto/message/52706 Mute This Topic: https://lists.yoctoproject.org/mt/81241640/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
